hexupload.net/g86o0b5phgck
104.21.8.150301 Moved Permanently 0 B URL HTTP/1.1 hexupload.net/g86o0b5phgck
IP 104.21.8.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /g86o0b5phgck HTTP/1.1
Host: hexupload.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 26 Oct 2022 23:30:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 27 Oct 2022 00:30:43 GMT
Location: https://hexupload.net/g86o0b5phgck
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1YI7XQrbWv0EaS3Y6VHaBQilRnWM%2BHkaPivsKaMRdBQWvV3%2FcSLU%2Bd5ezWAV2RkZqtUPW%2FnQ%2B7flKxlkQtWbsEk2e3cr9ZRTNyuirRSVtdipCqDFZQ1iAtfexkqNknr3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7606fb3fba0e1c16-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e36c852b5e145f2f09fe73111fb162e1
e439c6a462f86a3003d6464a8b9999b1c4d1e210
52a721168d0c41cb0854ff8c730fce3b79db2e804b383238e95ff1401922bd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52A721168D0C41CB0854FF8C730FCE3B79DB2E804B383238E95FF1401922BD74"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4502
Expires: Thu, 27 Oct 2022 00:45:46 GMT
Date: Wed, 26 Oct 2022 23:30:44 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 45bfdf3b823cd24564c8ac296a8b5b19
b0c442eb4f87556b3beb18ca8039dd4399b73f16
32113c679dda1f710ba67e537fdd0d435ccc186a238e3b14e48deb7b0700c693
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5228
Cache-Control: max-age=127646
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:44 GMT
Etag: "6358fe56-1d7"
Expires: Fri, 28 Oct 2022 10:58:10 GMT
Last-Modified: Wed, 26 Oct 2022 09:31:02 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 45bfdf3b823cd24564c8ac296a8b5b19
b0c442eb4f87556b3beb18ca8039dd4399b73f16
32113c679dda1f710ba67e537fdd0d435ccc186a238e3b14e48deb7b0700c693
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5341
Cache-Control: max-age=127759
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:44 GMT
Etag: "6358fe56-1d7"
Expires: Fri, 28 Oct 2022 11:00:03 GMT
Last-Modified: Wed, 26 Oct 2022 09:31:02 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8db408c487f7d35bba323046736e8d3a
01b91e2dce7c6d3de9adfe6ff4d38f9b24ab7db0
9aeafc72c1a969243e1fc96f68ce18888034a749ee70582208bf814bd40b61a5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9AEAFC72C1A969243E1FC96F68CE18888034A749EE70582208BF814BD40B61A5"
Last-Modified: Tue, 25 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7364
Expires: Thu, 27 Oct 2022 01:33:28 GMT
Date: Wed, 26 Oct 2022 23:30:44 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: MNnre319+yNQ8hzVIrPwsdiZAPIhr1OmNR7X59F7zD8Yhip5UFVwVNNRyvf9PjOQciDK0nGkpJk=
x-amz-request-id: RJHJDFXGAZ4Y7R7W
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 26 Oct 2022 23:09:34 GMT
age: 1270
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d564b88deccf7688eff28941dfc9f9f2
16dfc45a8e7a435206bf2650e89973bf9dda9c6b
0f57a5adde0f9d291912c56e9b1e637d4f7840acb6f088dbf858819781e28d2c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 297
Cache-Control: max-age=143597
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:44 GMT
Etag: "63594fe8-117"
Expires: Fri, 28 Oct 2022 15:24:01 GMT
Last-Modified: Wed, 26 Oct 2022 15:19:04 GMT
Server: ECS (amb/6B8F)
X-Cache: HIT
Content-Length: 279
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 23:30:44 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d564b88deccf7688eff28941dfc9f9f2
16dfc45a8e7a435206bf2650e89973bf9dda9c6b
0f57a5adde0f9d291912c56e9b1e637d4f7840acb6f088dbf858819781e28d2c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 185
Cache-Control: max-age=143485
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:44 GMT
Etag: "63594fe8-117"
Expires: Fri, 28 Oct 2022 15:22:09 GMT
Last-Modified: Wed, 26 Oct 2022 15:19:04 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
cdn.adapex.io/hb/aaw.hpd.js
172.67.154.237200 OK 23 B URL HTTP/2 cdn.adapex.io/hb/aaw.hpd.js
IP 172.67.154.237:0
File type ASCII text, with no line terminators
Hash 686af08a8ef9b940f695daadb559200a
d6876bd10056b2934e735fcbe19210bfaf130442
6c0789a0e9f0d75f3adf16ef03baff78a15fe14c0b0d6967e043aa16c939024e
GET /hb/aaw.hpd.js HTTP/1.1
Host: cdn.adapex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:44 GMT
content-type: application/javascript
content-length: 23
last-modified: Mon, 23 May 2022 06:38:07 GMT
etag: "628b2bcf-17"
expires: Thu, 27 Oct 2022 09:21:35 GMT
cache-control: public, max-age=86400
access-control-allow-origin: *
cf-cache-status: HIT
age: 29243
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BqcKK5vTyDinsbcYVvKtYcI9A5x%2B7dxNj715ZTfAxSE4STuKgMY%2BssaUSRsJrOAY0cLy%2BACvI5MXpurnphU22DfW0%2BGWa4agtxOZYPI8%2FGlJ%2B6Ok8b2GAX4kxHqvxlx%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7606fb444e90b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 625ad6aa33dda47097bff081ac75bf05
5f5bc1b567c8322e09f8f4fac2a542d063f83421
d9f85e2da8a3f517763eada5449029a0285aea770bb16be15de5a70d154f9565
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6421
Cache-Control: max-age=164482
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:44 GMT
Etag: "63598991-117"
Expires: Fri, 28 Oct 2022 21:12:06 GMT
Last-Modified: Wed, 26 Oct 2022 19:25:05 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js
104.17.24.14200 OK 6.6 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (20831)
Hash 368c425fc94c424e1688caadefbed981
13d24c22c199ef6668d758434819f44307a65094
ed9c7a83e1c1300a93ecd08807a736ebe7b87ab8262a40bc7e3859d00a46a102
GET /ajax/libs/popper.js/1.14.7/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 6646
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-520c"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1825798
expires: Mon, 16 Oct 2023 23:30:44 GMT
accept-ranges: bytes
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7606fb4499c1fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 17c812154a5ffa1d74a1faad83a038c5
b175ff27085282f213bc9bbc36a832471b7d3b97
385cd14f548d65a70418db6cafc0653b681056f3414619db8e0451094582fa83
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "385CD14F548D65A70418DB6CAFC0653B681056F3414619DB8E0451094582FA83"
Last-Modified: Tue, 25 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16520
Expires: Thu, 27 Oct 2022 04:06:04 GMT
Date: Wed, 26 Oct 2022 23:30:44 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 625ad6aa33dda47097bff081ac75bf05
5f5bc1b567c8322e09f8f4fac2a542d063f83421
d9f85e2da8a3f517763eada5449029a0285aea770bb16be15de5a70d154f9565
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5200
Cache-Control: max-age=163261
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:44 GMT
Etag: "63598991-117"
Expires: Fri, 28 Oct 2022 20:51:45 GMT
Last-Modified: Wed, 26 Oct 2022 19:25:05 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e7f1de4025eee44eed5a0ada1e998d6c
fd8bfad40b964ffd3534ac3aff68aaf31d38ba37
fba4107e5627b68a00dc9c31a657be714c85dc7c648b8e8e1c7373cc305f8228
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
henoticpipi.com/gS6Tzmf1JeKCRad/54684
142.91.159.185200 OK 26 B URL HTTP/1.1 henoticpipi.com/gS6Tzmf1JeKCRad/54684
IP 142.91.159.185:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
Analyzer Verdict Alert fortinet Malware
GET /gS6Tzmf1JeKCRad/54684 HTTP/1.1
Host: henoticpipi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 23:30:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hexupload.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Thu, 27-Oct-2022 23:30:44 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Thu, 27-Oct-2022 23:30:44 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
www.googletagmanager.com/gtag/js?id=UA-120931509-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-120931509-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1588)
Hash b1aeac7d4a7bb2df2dc47a8502f22d4f
145688ea98f0d2f9963ca6d8229daf41e9e16f48
32594a6e8307f457b1bb2ecd4e75a2f32af8718cc076b8090a00354111dad037
GET /gtag/js?id=UA-120931509-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 26 Oct 2022 23:30:44 GMT
expires: Wed, 26 Oct 2022 23:30:44 GMT
cache-control: private, max-age=900
last-modified: Wed, 26 Oct 2022 22:46:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43634
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dd283dfc036535bdeb8a8be1310ef930
d3b1c300dd75d7af630e0f3112e49d7492d66c17
578f9256faa188facb3f2d68b02b0c7fb2e30e02e2e74234d015429563cba7aa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3461
Cache-Control: max-age=120824
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:44 GMT
Etag: "6358ea97-1d7"
Expires: Fri, 28 Oct 2022 09:04:28 GMT
Last-Modified: Wed, 26 Oct 2022 08:06:47 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d14190b7d44355f74384008fc2bc965b
8899240507992ceba98f567c079650149cc583a4
2db73ab3dfce1101ff8aaa09fe7227ad8017486b3ec3f536b7f8a1102ec0c267
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/firasans/v10/va9E4kDNxMZdWfMOD5Vvl4jO.ttf
216.58.207.195200 OK 27 kB URL HTTP/2 fonts.gstatic.com/s/firasans/v10/va9E4kDNxMZdWfMOD5Vvl4jO.ttf
IP 216.58.207.195:0
File type TrueType Font data, 17 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Digitized data copyright 2012-2016, The Mozilla Foundation and Telefonica S.A.Fira SansRegular4.\012- data
Hash fc93bd727d46cf6d89dcd152f979eb56
23d68715ec48a76c69036c10048c1f8d21ea1083
9e9fa491fe6946d4c66db22d5d4db9bdfc604612eafa59cd2d4b542aee44a748
GET /s/firasans/v10/va9E4kDNxMZdWfMOD5Vvl4jO.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hexupload.net
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26757
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Oct 2022 05:52:12 GMT
expires: Fri, 20 Oct 2023 05:52:12 GMT
cache-control: public, max-age=31536000
age: 581912
last-modified: Mon, 22 Jul 2019 19:21:28 GMT
content-type: font/ttf
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e7f1de4025eee44eed5a0ada1e998d6c
fd8bfad40b964ffd3534ac3aff68aaf31d38ba37
fba4107e5627b68a00dc9c31a657be714c85dc7c648b8e8e1c7373cc305f8228
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d14190b7d44355f74384008fc2bc965b
8899240507992ceba98f567c079650149cc583a4
2db73ab3dfce1101ff8aaa09fe7227ad8017486b3ec3f536b7f8a1102ec0c267
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b4ebafe20d2ff190c36bdbddcb8b2ba5
482b27e59ce9e4b159fd6d7a988ffcd2ee51fb97
a5172d9bbe68ff57dd7ec2d2063ef3f95fe9d7ad223ab43a6a401b2cfb4a800b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A5172D9BBE68FF57DD7EC2D2063EF3F95FE9D7AD223AB43A6A401B2CFB4A800B"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5049
Expires: Thu, 27 Oct 2022 00:54:53 GMT
Date: Wed, 26 Oct 2022 23:30:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b4ebafe20d2ff190c36bdbddcb8b2ba5
482b27e59ce9e4b159fd6d7a988ffcd2ee51fb97
a5172d9bbe68ff57dd7ec2d2063ef3f95fe9d7ad223ab43a6a401b2cfb4a800b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A5172D9BBE68FF57DD7EC2D2063EF3F95FE9D7AD223AB43A6A401B2CFB4A800B"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5049
Expires: Thu, 27 Oct 2022 00:54:53 GMT
Date: Wed, 26 Oct 2022 23:30:44 GMT
Connection: keep-alive
waisheph.com/tag.min.js
139.45.197.245200 OK 23 kB IP 139.45.197.245:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash f85337850f4b521e5855f8d82ed08284
c97e79b915aefbeff16a1642c97dfdfc8003fc95
97b299d777aa6e4e6a1e75f02a0bf5a3d8e2b2317f4bc1fbd02f194226c662b8
GET /tag.min.js HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 23:30:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 22985
content-encoding: br
x-trace-id: 192bcc09455f6fa025bd40e0ec0cebe1
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Wed, 26 Oct 2022 15:22:33 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.213.140.56101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.213.140.56:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DL3uI+LPDcPzwIEmfbo3Fw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 0uf/u3UCEQmRdzg1NWLH5isN4Ws=
waisheph.com/5/4785761/?oo=1&aab=1
139.45.197.245200 OK 1.8 kB URL HTTP/2 waisheph.com/5/4785761/?oo=1&aab=1
IP 139.45.197.245:0
Hash 45357c329798424d442427659d1cb3d4
51ac5497c15ead41b284f5d872818da5f3099f07
d931ae7eef8ff7ae105cff9316d147b6800245e0846f369975fc6430bd4d7e2d
GET /5/4785761/?oo=1&aab=1 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hexupload.net
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 23:30:44 GMT
content-type: application/json
x-trace-id: 8c3148a49b5aa8ebb2a64da9e034df34
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://hexupload.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=c1e1a071dcd3417890010f31587fefd4; expires=Thu, 26 Oct 2023 23:30:44 GMT; path=/; secure; SameSite=None
oaidts=1666827044; expires=Thu, 26 Oct 2023 23:30:44 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a4b3701122d28fe359976728d8af5ac2
29e0362f4f3779a37e7a2cd2b0a11ead2b273012
51deec505226df55e1695d9fd02b1e98b69ea15dc7d2681bc9071b12c3b92b2a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1313
Cache-Control: max-age=115802
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:45 GMT
Etag: "6358df5e-117"
Expires: Fri, 28 Oct 2022 07:40:47 GMT
Last-Modified: Wed, 26 Oct 2022 07:18:54 GMT
Server: ECS (amb/6B80)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4810832aa4d1d9b88cd299459f1f5c64
ae3cb7b4d26d079ce88b089d600dcc9f5248b499
620b7eeb079d95ed660d61ada0c038b3481bec94a9014738df7fc3b281a71503
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "620B7EEB079D95ED660D61ADA0C038B3481BEC94A9014738DF7FC3B281A71503"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3122
Expires: Thu, 27 Oct 2022 00:22:47 GMT
Date: Wed, 26 Oct 2022 23:30:45 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a4b3701122d28fe359976728d8af5ac2
29e0362f4f3779a37e7a2cd2b0a11ead2b273012
51deec505226df55e1695d9fd02b1e98b69ea15dc7d2681bc9071b12c3b92b2a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5326
Cache-Control: max-age=119815
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:45 GMT
Etag: "6358df5e-117"
Expires: Fri, 28 Oct 2022 08:47:40 GMT
Last-Modified: Wed, 26 Oct 2022 07:18:54 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash e4e9602f1062e692c3df5dc1eec489cb
ab47ab5548fed1ea1e145becb03a9885eacf7ddb
036e9d4e5c9e9bc75cbb78389fbcc4a5cdfa3463feddd5db8a11375b8c964af0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2022 23:30:45 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 24 Oct 2022 06:25:20 GMT
Expires: Mon, 31 Oct 2022 06:25:19 GMT
Etag: "ab47ab5548fed1ea1e145becb03a9885eacf7ddb"
Cache-Control: max-age=369873,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7606fb4898710b3d-OSL
my.rtmark.net/gid.js?userId=c1e1a071dcd3417890010f31587fefd4
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=c1e1a071dcd3417890010f31587fefd4
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash a2bc2c3cdc0a7331c5f6b36b10452773
2e41fc330992584d2b9b3638fdf4b0a620ba7012
b700fa36cb8e2053d6d6fdb581ecc4f656f78f28eafb41402867f7e814c40c94
GET /gid.js?userId=c1e1a071dcd3417890010f31587fefd4 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hexupload.net
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 23:30:45 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://hexupload.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c1e1a071dcd3417890010f31587fefd4; expires=Thu, 26 Oct 2023 23:30:45 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
brunchcreatesenses.com/a8/9e/e8/a89ee8499c5793406d08e633580e2da5.js
173.233.137.36200 OK 20 kB URL HTTP/1.1 brunchcreatesenses.com/a8/9e/e8/a89ee8499c5793406d08e633580e2da5.js
IP 173.233.137.36:0
File type ASCII text, with very long lines (59420), with no line terminators
Hash 4881386d64162c3b39d6fab9ace9beff
827c878ef2d6bd91b3741158a37caec9beb44140
4e073a7fc76044a9dfc416aaf5a4d76477029b161b1a32ebae0b3ac60da5db3d
Analyzer Verdict Alert quad9 Sinkholed
GET /a8/9e/e8/a89ee8499c5793406d08e633580e2da5.js HTTP/1.1
Host: brunchcreatesenses.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 26 Oct 2022 23:30:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 08412cf7ccda2b077a50cab4207dfeea
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b45df2b71db271ab41475a3723130e7a
d473a2a9cbd34b8a00be2e2c98e7dd16531fe2eb
ae1b045f8deb55d794f091279373ba1eebfcca5c6a3afb247cad20de0f8147b1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5343
Cache-Control: max-age=145388
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:45 GMT
Etag: "63594332-117"
Expires: Fri, 28 Oct 2022 15:53:53 GMT
Last-Modified: Wed, 26 Oct 2022 14:24:50 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
hexupload.net/g86o0b5phgck
104.21.8.150200 OK 96 kB URL HTTP/2 hexupload.net/g86o0b5phgck
IP 104.21.8.150:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (56437)
Hash 3f6d8b216f8175c3408bd2030e847f82
5ef44dbd532c519d531042501e1edccf8a7d1f19
dbae923b7a2404ac41c6386974e255949f804ff2bd6824b8e6eb9b14705dddc7
GET /g86o0b5phgck HTTP/1.1
Host: hexupload.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:44 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=0;includeSubDomains;
expires: Tue, 25 Oct 2022 23:30:44 GMT
set-cookie: lang=english; domain=.hexupload.net; path=/
aff=2691; domain=.hexupload.net; path=/; expires=Wed, 09-Nov-2022 23:30:44 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dvf99WzQ3AU64Y9Xcg7%2Fl6HrTI1EgbuCJDxKzEkgRU8g8wunOEn5H6vrKDRcwqT1pLSgqDvUKRKyfMGylGaGA%2FJJGVeaRRk8Q0fxIqaegbTiBaPDcfQarpL8kn1I%2FPda"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7606fb41ee4eb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash b9212a10874cee34abdf4c05fde55a9a
c244a7aafbd2c0e9bfd914d684519e98f46fb70d
d941020c3f383bf9813b0db2c858a22376a1bd192623ac4179bef4744b34fc26
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2876
Cache-Control: max-age=91063
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:45 GMT
Etag: "635878a1-116"
Expires: Fri, 28 Oct 2022 00:48:28 GMT
Last-Modified: Wed, 26 Oct 2022 00:00:33 GMT
Server: ECS (amb/6B8F)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 323b8ec60f926105568e84dfcc1796d5
078475a46fb880e10dc3127d412d0307ae1b3faf
a0e7883bd91a91f2bed6462845f9d67f479ac7762761261a2ca9b56118462458
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4110
Cache-Control: max-age=120375
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:45 GMT
Etag: "6358e64f-118"
Expires: Fri, 28 Oct 2022 08:57:00 GMT
Last-Modified: Wed, 26 Oct 2022 07:48:31 GMT
Server: ECS (amb/6B80)
X-Cache: HIT
Content-Length: 280
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 022ed0fc09a910c353853e48fcceb302
db9f4b8092c800497e142751ecc537c50285421a
f8b39bf071b5b5f51a0df8c3f227466496557c96647a3b5dcda402a99ee8dfb6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F8B39BF071B5B5F51A0DF8C3F227466496557C96647A3B5DCDA402A99EE8DFB6"
Last-Modified: Mon, 24 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16835
Expires: Thu, 27 Oct 2022 04:11:20 GMT
Date: Wed, 26 Oct 2022 23:30:45 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b45df2b71db271ab41475a3723130e7a
d473a2a9cbd34b8a00be2e2c98e7dd16531fe2eb
ae1b045f8deb55d794f091279373ba1eebfcca5c6a3afb247cad20de0f8147b1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4435
Cache-Control: max-age=144480
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:45 GMT
Etag: "63594332-117"
Expires: Fri, 28 Oct 2022 15:38:45 GMT
Last-Modified: Wed, 26 Oct 2022 14:24:50 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash c1b472c435c91c200437f23206c6692d
6e704d0163a248895ac70cec99bda13fcec81293
11ff47045a54eabc6aaf2c8f2a49adb2b37243bc2041c7beb191e277ff2665f0
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=137842
Date: Wed, 26 Oct 2022 23:30:45 GMT
Etag: "63592880-1d7"
Expires: Fri, 28 Oct 2022 13:48:07 GMT
Last-Modified: Wed, 26 Oct 2022 12:30:56 GMT
Server: ECS (nyb/1D08)
X-Cache: Miss from cloudfront
Via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: rOZc4cm26lkat3LGq6FlqyFMYzBk7UaMaHiJn0EqaKg-YT49nOVCgA==
Age: 4631
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash da275afef2c120cef63dae40154284da
569947d789ce819632a881cb49b16b79ef6353ec
d5efa3c3f1c8e805662f74e42a3fac2993f0c8dd03129f28a9e6930cd98e98e1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2022 23:30:45 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 25 Oct 2022 01:33:16 GMT
Expires: Tue, 01 Nov 2022 01:33:15 GMT
Etag: "569947d789ce819632a881cb49b16b79ef6353ec"
Cache-Control: max-age=438749,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7606fb4a09230b3d-OSL
simplewebanalysis.com/stats
18.193.142.27200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.193.142.27:0
File type ASCII text, with no line terminators
Hash 2ae89a458542e208b3572685ce482fd3
af323d72742282a0ccf0c50957b003344695a931
876b21fff6102189c03483e5a3c4dfb12db77f0d8a7a23172e4704b593874094
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hexupload.net
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:45 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://hexupload.net
access-control-allow-credentials: true
set-cookie: uid_id2=6c22e0f0-25ae-412f-bf99-6f0c22c75283:1:1; expires=Sat, 23 Oct 2032 23:30:45 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
nanouwho.com/9?z=4796097&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fhexupload.net%2Fg86o0b5phgck&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=c1e1a071dcd3417890010f31587fefd4
139.45.197.242204 No Content 0 B URL HTTP/2 nanouwho.com/9?z=4796097&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fhexupload.net%2Fg86o0b5phgck&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=c1e1a071dcd3417890010f31587fefd4
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=4796097&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fhexupload.net%2Fg86o0b5phgck&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=c1e1a071dcd3417890010f31587fefd4 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://hexupload.net/
Origin: https://hexupload.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 26 Oct 2022 23:30:45 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://hexupload.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.253200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.253:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 897
Origin: https://hexupload.net
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 26 Oct 2022 23:30:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://hexupload.net
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
nanouwho.com/9?z=4796097&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fhexupload.net%2Fg86o0b5phgck&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=c1e1a071dcd3417890010f31587fefd4
139.45.197.242200 OK 7 B URL HTTP/2 nanouwho.com/9?z=4796097&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fhexupload.net%2Fg86o0b5phgck&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=c1e1a071dcd3417890010f31587fefd4
IP 139.45.197.242:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=4796097&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fhexupload.net%2Fg86o0b5phgck&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=c1e1a071dcd3417890010f31587fefd4 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 220
Origin: https://hexupload.net
Connection: keep-alive
Referer: https://hexupload.net/
Cookie: scm=1; OAID=725a243477104538a399caae10bae560; oaidts=1666827045
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 23:30:45 GMT
content-type: application/javascript
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: https://hexupload.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: f6972bad683e722a2b72a1c28fb97c04
access-control-expose-headers: X-Sc
set-cookie: OAID=c1e1a071dcd3417890010f31587fefd4; expires=Thu, 26 Oct 2023 23:30:45 GMT; secure; SameSite=None
oaidts=1666827045; expires=Thu, 26 Oct 2023 23:30:45 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash b9212a10874cee34abdf4c05fde55a9a
c244a7aafbd2c0e9bfd914d684519e98f46fb70d
d941020c3f383bf9813b0db2c858a22376a1bd192623ac4179bef4744b34fc26
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 587
Cache-Control: max-age=88775
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:45 GMT
Etag: "635878a1-116"
Expires: Fri, 28 Oct 2022 00:10:20 GMT
Last-Modified: Wed, 26 Oct 2022 00:00:33 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 278
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 022ed0fc09a910c353853e48fcceb302
db9f4b8092c800497e142751ecc537c50285421a
f8b39bf071b5b5f51a0df8c3f227466496557c96647a3b5dcda402a99ee8dfb6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F8B39BF071B5B5F51A0DF8C3F227466496557C96647A3B5DCDA402A99EE8DFB6"
Last-Modified: Mon, 24 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16835
Expires: Thu, 27 Oct 2022 04:11:20 GMT
Date: Wed, 26 Oct 2022 23:30:45 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 7266041695d5217c5fb66e98f9fe4b4e
804cadbb78fffae2e8afe903a43534ac77c72841
eea99a27b755a1a8181bf4a6d1442ee24d036d5d947fcae1eb0abf27c79066ba
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2022 23:30:45 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 23 Oct 2022 12:04:30 GMT
Expires: Sun, 30 Oct 2022 12:04:29 GMT
Etag: "804cadbb78fffae2e8afe903a43534ac77c72841"
Cache-Control: max-age=303823,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7606fb4c2a210b3d-OSL
c.adsco.re/
104.17.166.186200 OK 24 kB IP 104.17.166.186:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (689)
Hash 536942e7aa089742c94bc8da99e85db9
d060715c66bd4b164da5872cfd1c486027edea66
882f686f5033f3bc205fcae7350054c9714ac3aa9f7ceb6f4610dafda8e0ec1e
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:45 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Sat, 26 Nov 2022 23:30:45 GMT
etag: W/"11BCsVfRLqCHC9ZZvH4GUw=="
cf-cache-status: HIT
age: 534141
vary: Accept-Encoding
server: cloudflare
cf-ray: 7606fb4c7e360b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f06e57bc18347222c052d69d94e48f7
ced7d4097f06c998557979608f9f8d9523f25aaa
1ad3933a1a018dfacf781ea8fc317f5dabcc4953649084a5d26471b83697647a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1AD3933A1A018DFACF781EA8FC317F5DABCC4953649084A5D26471B83697647A"
Last-Modified: Wed, 26 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3744
Expires: Thu, 27 Oct 2022 00:33:09 GMT
Date: Wed, 26 Oct 2022 23:30:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f06e57bc18347222c052d69d94e48f7
ced7d4097f06c998557979608f9f8d9523f25aaa
1ad3933a1a018dfacf781ea8fc317f5dabcc4953649084a5d26471b83697647a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1AD3933A1A018DFACF781EA8FC317F5DABCC4953649084A5D26471B83697647A"
Last-Modified: Wed, 26 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3744
Expires: Thu, 27 Oct 2022 00:33:09 GMT
Date: Wed, 26 Oct 2022 23:30:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43f3f45ad537a8e4232660706dccb284
c87f53ff8cde98d6cbcb1e18eb580391ad550054
257a7dff7ea8a1233ecd1a72f5c97bdd351175a50225707194b366dbaced8b66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "257A7DFF7EA8A1233ECD1A72F5C97BDD351175A50225707194B366DBACED8B66"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8494
Expires: Thu, 27 Oct 2022 01:52:19 GMT
Date: Wed, 26 Oct 2022 23:30:45 GMT
Connection: keep-alive
cdn.engine.spotscenered.info/Scripts/infinity.js.aspx?guid=6867439c-9bfe-4973-9dae-025ae3c9ffaa
104.18.97.60200 OK 46 kB URL HTTP/2 cdn.engine.spotscenered.info/Scripts/infinity.js.aspx?guid=6867439c-9bfe-4973-9dae-025ae3c9ffaa
IP 104.18.97.60:0
File type ASCII text, with very long lines (64095)
Hash 9a63603bade3244148c7fca754e9ef82
55f6b6221c88274bf588eed07eeafcc25e96d6e5
bbe86ff2c52a12863a5653134401d804bed03e08f813667a3b92d2b733989dae
GET /Scripts/infinity.js.aspx?guid=6867439c-9bfe-4973-9dae-025ae3c9ffaa HTTP/1.1
Host: cdn.engine.spotscenered.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:45 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
last-modified: Wed, 26 Oct 2022 23:23:07 GMT
cf-cache-status: HIT
expires: Wed, 26 Oct 2022 23:50:45 GMT
server: cloudflare
cf-ray: 7606fb4a7bf01c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
6.adsco.re/
104.17.167.186200 OK 0 B IP 104.17.167.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hexupload.net
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:46 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
access-control-allow-origin: https://hexupload.net
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7606fb4d7f2f0b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gjigle.com/visits-optins
15.188.162.86200 OK 76 B IP 15.188.162.86:0
Hash 062ca06ae528d9fa39f581beb504b314
8b8c8c27f8276c29ae83214fb7801bdb8eca1578
35ab6d93084d0573c12e78b65add893dd1f61d628b70f37749c2f9ffd10a7d97
OPTIONS /visits-optins HTTP/1.1
Host: gjigle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://hexupload.net/
Origin: https://hexupload.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:46 GMT
content-type: text/plain; charset=utf-8
content-length: 2
x-powered-by: Express
access-control-allow-origin: https://hexupload.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
gjigle.com/visits-optins
15.188.162.86204 No Content 0 B IP 15.188.162.86:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /visits-optins HTTP/1.1
Host: gjigle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hexupload.net/
Content-Type: application/json
Origin: https://hexupload.net
Content-Length: 136
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 26 Oct 2022 23:30:46 GMT
x-powered-by: Express
access-control-allow-origin: https://hexupload.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
4.adsco.re/
162.252.214.5200 OK 62 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash adde5febc7b5b6c2c759ec735cce83a0
77ec17be8a9970ff04663294d41c590d0d24fde4
ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hexupload.net
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2022 23:30:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://hexupload.net
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
literalcorpulent.com/pixel/purst?dl=0&th=0&sc=0&rs=1667&rd=1667&fd=872&bv=22.8.v.1&tmpl=70
192.243.59.12200 OK 0 B URL HTTP/1.1 literalcorpulent.com/pixel/purst?dl=0&th=0&sc=0&rs=1667&rd=1667&fd=872&bv=22.8.v.1&tmpl=70
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1667&rd=1667&fd=872&bv=22.8.v.1&tmpl=70 HTTP/1.1
Host: literalcorpulent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 26 Oct 2022 23:30:46 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 414291d4efb3e45cb5159c713c22bc8a
884275c8c6cbbb0fa2597db5afee071c074cddf4
8d079e8b76e04da709626a654ee9524e1de331120a781e80a6506e77c9968b00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8D079E8B76E04DA709626A654EE9524E1DE331120A781E80A6506E77C9968B00"
Last-Modified: Mon, 24 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7666
Expires: Thu, 27 Oct 2022 01:38:32 GMT
Date: Wed, 26 Oct 2022 23:30:46 GMT
Connection: keep-alive
literalcorpulent.com/17/e2/77/17e2773ee1dd5eb310c541adcc402c4c.js
192.243.59.12200 OK 13 kB URL HTTP/1.1 literalcorpulent.com/17/e2/77/17e2773ee1dd5eb310c541adcc402c4c.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37138), with no line terminators
Hash 5d84d6a2c3c9770a578d8362ecb8a4bb
f57e6478f001abb2a70bcacb3f55f0fb2e09d62d
b00f1c4afb0f98ff717dd4254053a6869dd671d9d43ab662bab637387b1fabc0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /17/e2/77/17e2773ee1dd5eb310c541adcc402c4c.js HTTP/1.1
Host: literalcorpulent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 26 Oct 2022 23:30:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d2a251473dcf8c02cc9a3d3bc0ad4e76
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 037d7450f356050d359670ee8bc1e404
ec65fb69d1dc39cdf7dc0749366bc9b46c73960f
ed85acca22f73cb6d41de78f9335987e88de1b786f6d639966456ffccdab0906
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ED85ACCA22F73CB6D41DE78F9335987E88DE1B786F6D639966456FFCCDAB0906"
Last-Modified: Mon, 24 Oct 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7314
Expires: Thu, 27 Oct 2022 01:32:40 GMT
Date: Wed, 26 Oct 2022 23:30:46 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9ae85aedb0a7779ff6b8099ad9d3167f
a4ad6ced78e454db03abe28bc6bc22327a769041
1773be48e8e71284680c31e53edc836a1b20dbebdb787bd6c99b6cdcdac35ad1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1773BE48E8E71284680C31E53EDC836A1B20DBEBDB787BD6C99B6CDCDAC35AD1"
Last-Modified: Wed, 26 Oct 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6226
Expires: Thu, 27 Oct 2022 01:14:32 GMT
Date: Wed, 26 Oct 2022 23:30:46 GMT
Connection: keep-alive
banquetunarmedgrater.com/advertisers.js
173.233.137.44200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 26 Oct 2022 23:30:46 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c4b6c3ff800b312965d1097659fcbb51
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2338
Expires: Thu, 27 Oct 2022 00:09:44 GMT
Date: Wed, 26 Oct 2022 23:30:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2338
Expires: Thu, 27 Oct 2022 00:09:44 GMT
Date: Wed, 26 Oct 2022 23:30:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2338
Expires: Thu, 27 Oct 2022 00:09:44 GMT
Date: Wed, 26 Oct 2022 23:30:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2338
Expires: Thu, 27 Oct 2022 00:09:44 GMT
Date: Wed, 26 Oct 2022 23:30:46 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe98a4c03-5fa3-4445-a037-d229b86c94a6.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe98a4c03-5fa3-4445-a037-d229b86c94a6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eb430e5efbc6c8c306fce87e26faf734
b05b7299a7e473e873510671a6abdd5227a53f46
c49d64e87ec8243a1ee7f214f21988b6f6a33ba93814ec31262d80e4a22b8504
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe98a4c03-5fa3-4445-a037-d229b86c94a6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8936
x-amzn-requestid: d0698fc0-e4c9-4633-9b64-df09be35b450
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aocuiGBlIAMF-LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359a7f6-7c78a1fc43552b934e6b8708;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 21:34:46 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: gus8UKo03dRkfqPRhxnW6zzqx7o-2tZbbv-DsBSW7UREHPOA1uqdUw==
via: 1.1 5abfab33f248090bb0f31ca137ce9464.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 21:50:53 GMT
age: 5993
etag: "b05b7299a7e473e873510671a6abdd5227a53f46"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24d0f74b-ba69-4b8a-bd11-56fb0231d2b7.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24d0f74b-ba69-4b8a-bd11-56fb0231d2b7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 76b8756bea7b9c29285f6b604ec13a8e
0ddd9f80782a4bda5643be710b498f0fdc2c50db
7068a15f10288c3de5fea422b360b8f20989ac33af4481fb8e5a0f125486b3fb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24d0f74b-ba69-4b8a-bd11-56fb0231d2b7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9914
x-amzn-requestid: 3d0fb9c3-d606-497e-b196-6ac5ec846814
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aZRwIE1IoAMFYCw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63539667-34f866976ebb7efd2c4e868d;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 07:06:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: g_gUPSn6HiFVh-FIsEFJ-Bz2T8xsbYlS26i7lFlgs8hHZbBTaKjdRw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 21:51:09 GMT
age: 5977
etag: "0ddd9f80782a4bda5643be710b498f0fdc2c50db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c55f86a-4d60-4a05-9aad-db2291ea7aa9.jpeg
34.120.237.76200 OK 3.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c55f86a-4d60-4a05-9aad-db2291ea7aa9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6c83fbfade063f679745970f0023084a
5ad6d8f3b09a2caa826e58de4ea3f958515a32c8
b4bf608f8b9f43c797da337c674371d1b7b8ae3b206f8fedf5666f79df69541c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c55f86a-4d60-4a05-9aad-db2291ea7aa9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3012
x-amzn-requestid: 7c09d99b-ec8e-4924-aa26-d89c0938d16c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aSsaUGhwoAMF7rA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6350f441-4e13a3e832f9d75b404e9a41;Sampled=0
x-amzn-remapped-date: Thu, 20 Oct 2022 07:09:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Bsv03Wz4zo7Qqnj4yoR6eZQ2rx4iNLuU6gjyfp2EYkdcTb3GJwE9IQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 19:25:53 GMT
age: 14693
etag: "5ad6d8f3b09a2caa826e58de4ea3f958515a32c8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb13a70d-b8c4-4350-b75f-4a792bbe0138.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb13a70d-b8c4-4350-b75f-4a792bbe0138.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8b3875b4f9986a58288fdb19744f275e
ee76902c43d2b348a194456e53978337cf5391a4
84e01baf1a4f51606a20f464990c1de066a10a0310abc3abffa5b143ad64c93f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb13a70d-b8c4-4350-b75f-4a792bbe0138.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5444
x-amzn-requestid: 538c78b8-7cfa-46e5-b79a-c617dbb2f8d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aCOTOEz4IAMFpew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634a5dae-734179a55fd47f26170ff480;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 07:13:50 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: EQgPBhH-LBmSdK2PL-80733mKIGVrPXKr0ghIZal4uWSE5-Zj48b8Q==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 21:51:32 GMT
age: 5954
etag: "ee76902c43d2b348a194456e53978337cf5391a4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9098f868-2119-42f3-92b9-615f0a2c32f6.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9098f868-2119-42f3-92b9-615f0a2c32f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 36dbf36c45aa3c5d6e10f8c4afd8bf34
bee7e540981a4ffb14728d2ac4a53ce28e299d0d
0dad70dc63e95aa8fd9befdb7dc4f971bad962e300f380dab2a04cc60138374d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9098f868-2119-42f3-92b9-615f0a2c32f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8760
x-amzn-requestid: 013df52a-1abe-4a1b-ac52-9a5ec5da55b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aocv2HRMoAMF5mA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359a7fe-70e98155664262621b8538b5;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 21:34:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 9uDSJn3yAYI7RNgIs96f2AT8nfTgd6YbFkMAc9aJAW4wTMiN_JqhEw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 21:55:31 GMT
etag: "bee7e540981a4ffb14728d2ac4a53ce28e299d0d"
content-type: image/jpeg
age: 5715
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F529195e0-f6ac-4fd1-b685-62456b469ad7.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F529195e0-f6ac-4fd1-b685-62456b469ad7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c92c49279a7704d715e50836676d1abb
3092b4dbd87f7e5a2eff65c463da9c5103ff748a
6941145d63e68abf0f20081517faa4082eed3c59f8b8a69066f70b29d90fd355
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F529195e0-f6ac-4fd1-b685-62456b469ad7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4709
x-amzn-requestid: c2923a57-57c4-4d62-83bc-e4c8b61aa2bd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aocuiGeeIAMF9Dg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359a7f6-7e47cfe804e333cc540f162a;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 21:34:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: M72Vjcyc06ihmWcqr2_Xrk8dGcC5pCoDidg5rhtRkVddavcUFE6G6w==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 21:50:52 GMT
age: 5994
etag: "3092b4dbd87f7e5a2eff65c463da9c5103ff748a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
notifpush.com/scripts/adsblocker.js
104.26.12.128200 OK 88 B URL HTTP/2 notifpush.com/scripts/adsblocker.js
IP 104.26.12.128:0
File type ASCII text, with no line terminators
Hash 3c352e250d4c3dbbf68350791166457e
ee13df7ea5490c179eb3f7222914549a1bd0b52d
91e7ec34968f62f7bb8c5fa351af7afbb4c41fd700aeb234c1edcac224208ae4
GET /scripts/adsblocker.js HTTP/1.1
Host: notifpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:45 GMT
content-type: application/javascript
x-amz-id-2: 4Oq1GkH20RXD6eJFLV2ROQCaYJ8PvKqP09liEHz55wAAOJdYpRQRJSCbBMTL5K4JwNhhfKXHh04=
x-amz-request-id: RY5XZSF8GWZZXATZ
last-modified: Wed, 29 Sep 2021 13:54:33 GMT
x-amz-version-id: iwCPZlDMAeFlDTwzEOmchCEjaS0BnIVY
etag: W/"08bac9233b636d30412aaa549ad8fe48"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4877
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IbVF1ITLjpHAaongf2FL4JCID%2BL2umsMK6%2BxBEXQSM1TKx9Q7EYQGd0dRBvsTiH7aJsZ%2BP56Y35vY3nPPxdDps%2Fk0DapO%2F15Q1K8NLviFK8RtTzVOQ4OP8zkYuyjOJg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7606fb4c6e2a0b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9ae85aedb0a7779ff6b8099ad9d3167f
a4ad6ced78e454db03abe28bc6bc22327a769041
1773be48e8e71284680c31e53edc836a1b20dbebdb787bd6c99b6cdcdac35ad1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1773BE48E8E71284680C31E53EDC836A1B20DBEBDB787BD6C99B6CDCDAC35AD1"
Last-Modified: Wed, 26 Oct 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6226
Expires: Thu, 27 Oct 2022 01:14:32 GMT
Date: Wed, 26 Oct 2022 23:30:46 GMT
Connection: keep-alive
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 26 Oct 2022 22:41:09 GMT
expires: Thu, 27 Oct 2022 00:41:09 GMT
cache-control: public, max-age=7200
age: 2977
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adsco.re/p
162.252.214.5200 OK 132 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash 5236042031be0f312acbd168cb59cabe
504dcc9f639f58e1922c6d298511f3c93d0bc396
c6d675e0b5dd61c7a5387a600d988ec5a562a73ab447cb31bd83f81bf8cf8f2c
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2116
Origin: https://hexupload.net
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2022 23:30:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK lon123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Access-Control-Allow-Origin: https://hexupload.net
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 1.0 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4203aeba2cf4bd8e0c1c6c93b55fc247
f62e6d3aafb6aaf15dd344923ca5f17c812c5f58
b3b84069611fa6d4be980805de38556d3a207c40675f68fe6589cfef3094b944
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2F578688CE5F446C84E71988B8FEA857CFE501FD819ABDA72C59AD6DC2B05088"
Last-Modified: Tue, 25 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7090
Expires: Thu, 27 Oct 2022 01:28:56 GMT
Date: Wed, 26 Oct 2022 23:30:46 GMT
Connection: keep-alive
s10.histats.com/js15_as.js
46.105.201.240200 OK 4.4 kB URL HTTP/2 s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:27:45 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 102140882
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0a35c5f87005d4ce588e12378274e630
a5b29b46c78f053f7a2715aac28ac65aff48de62
385e769e6155c2c51dac46f0bf4cf67396b294235c1712a63cf10e2cd29e6f7a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "385E769E6155C2C51DAC46F0BF4CF67396B294235C1712A63CF10E2CD29E6F7A"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17837
Expires: Thu, 27 Oct 2022 04:28:03 GMT
Date: Wed, 26 Oct 2022 23:30:46 GMT
Connection: keep-alive
s4.histats.com/stats/0.php?4167218&@f16&@g1&@h1&@i1&@j1666827046479&@k0&@l1&@mDownload%20Kirby%20and%20the%20Forgotten%20Land%20(NSP)(Base%20Game)%20rar&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:163223250&@b3:1666827046&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fhexupload.net%2Fg86o0b5phgck&@w
158.69.251.190200 OK 51 B URL HTTP/1.1 s4.histats.com/stats/0.php?4167218&@f16&@g1&@h1&@i1&@j1666827046479&@k0&@l1&@mDownload%20Kirby%20and%20the%20Forgotten%20Land%20(NSP)(Base%20Game)%20rar&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:163223250&@b3:1666827046&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fhexupload.net%2Fg86o0b5phgck&@w
IP 158.69.251.190:0
File type ASCII text, with no line terminators
Hash a88f47432187676b429a2498b308a5cb
72cabffe23900a0ac259e9fadf68a0b3b52ca2ed
4f5c13410606630a9015aa31aabd174deef3280b912d395ec8a67ab4fa93935a
GET /stats/0.php?4167218&@f16&@g1&@h1&@i1&@j1666827046479&@k0&@l1&@mDownload%20Kirby%20and%20the%20Forgotten%20Land%20(NSP)(Base%20Game)%20rar&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:163223250&@b3:1666827046&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fhexupload.net%2Fg86o0b5phgck&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2022 23:30:47 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 51
Connection: close
cneqb08mfb6i.s4.adsco.re/
185.200.116.90200 OK 0 B URL HTTP/1.1 cneqb08mfb6i.s4.adsco.re/
IP 185.200.116.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: cneqb08mfb6i.s4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://hexupload.net
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2022 23:30:47 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
Connection: close
ETag: "5b5f30d9-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 25b81533916effb6270d0ce3c8633dba
2cb1b18d9fea15854d8cf6d017fe28e79c7bc443
45d68bb4a6304ca626b1e1826bdd47ee5b387374ddb7daaf00ea2089ba01bf98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "45D68BB4A6304CA626B1E1826BDD47EE5B387374DDB7DAAF00EA2089BA01BF98"
Last-Modified: Mon, 24 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17503
Expires: Thu, 27 Oct 2022 04:22:30 GMT
Date: Wed, 26 Oct 2022 23:30:47 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=6c22e0f0-25ae-412f-bf99-6f0c22c75283&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a89ee8499c5793406d08e633580e2da5&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
192.243.59.12200 OK 1.2 kB URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=6c22e0f0-25ae-412f-bf99-6f0c22c75283&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a89ee8499c5793406d08e633580e2da5&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d080a32cc9786313fea4758683811042
c7979fa4767d4d35e1b874d85dbb7fe1082645a5
80120ba847ca17e7ae0160b9617c1a6ca0fc58e5c9c2536dca684141e9e7c016
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=6c22e0f0-25ae-412f-bf99-6f0c22c75283&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a89ee8499c5793406d08e633580e2da5&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 26 Oct 2022 23:30:47 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7d33baa80ac8505b743a657ec138bd5c
Strict-Transport-Security: max-age=0; includeSubdomains
friendshipmale.com/sfp.js
172.64.202.23200 OK 68 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.202.23:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 25444dada2839356e712b818f07386d6
a1cd7cd3ebaf426e3ec4b62793185323dd4cd6a1
bb0924875b8f6e0f05af40ce8482a51641edf6c4d984fa91ef64ea6d6c06ac77
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:46 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: ce65771bd052d8bb21d349b483fd6697
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 26 Oct 2022 23:30:46 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mE%2BlDQHsDJNHhEuOUzBO56lT1HVUZY1VEpLSYahLK2mdjGoTTQpTovew9AGRh%2BKpz6m7by1gR0O%2FcedHK2aruXZVn7LWM%2FTsQYWnldzLNmhw3ZAosGka1uCi09hHzCt0z3Gn9AA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7606fb4f9f30779d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 323b8ec60f926105568e84dfcc1796d5
078475a46fb880e10dc3127d412d0307ae1b3faf
a0e7883bd91a91f2bed6462845f9d67f479ac7762761261a2ca9b56118462458
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2031
Cache-Control: max-age=118294
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 23:30:48 GMT
Etag: "6358e64f-118"
Expires: Fri, 28 Oct 2022 08:22:22 GMT
Last-Modified: Wed, 26 Oct 2022 07:48:31 GMT
Server: ECS (amb/6B8F)
X-Cache: HIT
Content-Length: 280
cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js
151.101.85.229200 OK 54 kB URL HTTP/2 cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (32014)
Hash ea53ffc3c20542881a2735a62c0426d7
365e24ffd4a54e4c019a47c94204ad90a8538eb5
e4f801f6cd7462489966e441ff53795823a607656497f9d0ce8cbfc08f6c7448
GET /emojione/2.2.7/lib/js/emojione.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
etag: W/"49dda-cp9vjKV4fYl0Ow7X6yf9dkBr+YU"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 26 Oct 2022 23:30:48 GMT
age: 18973405
x-served-by: cache-fra19156-FRA, cache-bma1670-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 53889
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash 2fc2261fe2aca2250e4e2865ee61af96
56634158a66972eaf3ac0cdf47fecd391fa4330a
6973586cd00bdd0c2b0debfa19360129c46a2027a3d3a6515c9b94c91e583174
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2022 23:30:48 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "6D58D7377A6D10D07271EC50B447B75686AFA3C9"
Expires: Thu, 27 Oct 2022 10:00:00 GMT
Last-Modified: Wed, 26 Oct 2022 22:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 236
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7606fb5d3b12b512-OSL
vsa4.tawk.to/s/?k=6359c3280b1cb1cc3617d9aa&cver=0&pop=false&asver=4357&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1ZTdhNDYwZTY5ZTkzMjBjYWFiYzhhYzIiLCJ2aWQiOiI1ZTdhNDYwZTY5ZTkzMjBjYWFiYzhhYzItS1FHa3ltamk5aTBBZ2FzaGtOVm1DIiwic2lkIjoiNjM1OWMzMjgwYjFjYjFjYzM2MTdkOWFhIiwiaWF0IjoxNjY2ODI3MDQ4LCJleHAiOjE2NjY4Mjg4NDgsImp0aSI6Ii04UVNSb0U0eTF3N0VQMExwRGx0TSJ9.ToZlnO_wffQka2m1RYa1ZgcSRnmKZGPU6ypOfTwP_tW3q3yMlvTYWMaSpdwCMzw1G-FOvaldhNuPb9ZZtTiP1Q&EIO=3&transport=websocket&__t=OGMebJ0
104.22.24.131101 Switching Protocols 0 B URL HTTP/1.1 vsa4.tawk.to/s/?k=6359c3280b1cb1cc3617d9aa&cver=0&pop=false&asver=4357&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1ZTdhNDYwZTY5ZTkzMjBjYWFiYzhhYzIiLCJ2aWQiOiI1ZTdhNDYwZTY5ZTkzMjBjYWFiYzhhYzItS1FHa3ltamk5aTBBZ2FzaGtOVm1DIiwic2lkIjoiNjM1OWMzMjgwYjFjYjFjYzM2MTdkOWFhIiwiaWF0IjoxNjY2ODI3MDQ4LCJleHAiOjE2NjY4Mjg4NDgsImp0aSI6Ii04UVNSb0U0eTF3N0VQMExwRGx0TSJ9.ToZlnO_wffQka2m1RYa1ZgcSRnmKZGPU6ypOfTwP_tW3q3yMlvTYWMaSpdwCMzw1G-FOvaldhNuPb9ZZtTiP1Q&EIO=3&transport=websocket&__t=OGMebJ0
IP 104.22.24.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/?k=6359c3280b1cb1cc3617d9aa&cver=0&pop=false&asver=4357&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1ZTdhNDYwZTY5ZTkzMjBjYWFiYzhhYzIiLCJ2aWQiOiI1ZTdhNDYwZTY5ZTkzMjBjYWFiYzhhYzItS1FHa3ltamk5aTBBZ2FzaGtOVm1DIiwic2lkIjoiNjM1OWMzMjgwYjFjYjFjYzM2MTdkOWFhIiwiaWF0IjoxNjY2ODI3MDQ4LCJleHAiOjE2NjY4Mjg4NDgsImp0aSI6Ii04UVNSb0U0eTF3N0VQMExwRGx0TSJ9.ToZlnO_wffQka2m1RYa1ZgcSRnmKZGPU6ypOfTwP_tW3q3yMlvTYWMaSpdwCMzw1G-FOvaldhNuPb9ZZtTiP1Q&EIO=3&transport=websocket&__t=OGMebJ0 HTTP/1.1
Host: vsa4.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://hexupload.net
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: P6b6nd6FdSNdm34RTmd8RA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Wed, 26 Oct 2022 23:30:48 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: s9jfmJ51J96UKhch2sZ5ZYi7AWg=
sec-websocket-extensions: permessage-deflate
strict-transport-security: max-age=0; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 7606fb5c4df4fac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
notifpush.com/serviceworker.js
104.26.12.128304 Not Modified 0 B URL HTTP/2 notifpush.com/serviceworker.js
IP 104.26.12.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /serviceworker.js HTTP/1.1
Host: notifpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Thu, 31 Mar 2022 15:58:26 GMT
If-None-Match: W/"3743338cdd52952496d6d0824c6a993a"
Cache-Control: max-age=0
TE: trailers
HTTP/2 304 Not Modified
date: Wed, 26 Oct 2022 23:30:49 GMT
x-amz-id-2: l3iPtHZAOyh83v9mIF3z+3iiZsTydBeWQSA1Ay4MmrihMMpxUOdoGNSZ2jSTTegcP4JB5Z8GhqE=
x-amz-request-id: 4WWMHJR1JVA5HGFE
last-modified: Thu, 31 Mar 2022 15:58:26 GMT
x-amz-version-id: jj_OoBxjBxYNTH94tGqSrNOUKjh0ALe9
etag: "3743338cdd52952496d6d0824c6a993a"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2331
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rZCuPBg1m67B57Hlnz7gst7QFU3y6lrbQ77jLHruFBto%2BTgKSCRC2GJ3M5iuEhFJhw6w2bJ%2F9DI4Ugqtq6VRUVjZUtMA713zOfKZpDb9SSGNXWm1lClATJZF9M3mOVM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7606fb6249e8b521-OSL
X-Firefox-Spdy: h2
hexupload.net/ds2/js/jquery.paging.js
104.21.8.150200 OK 0 B URL HTTP/2 hexupload.net/ds2/js/jquery.paging.js
IP 104.21.8.150:0
GET /ds2/js/jquery.paging.js HTTP/1.1
Host: hexupload.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/g86o0b5phgck
Cookie: lang=english; aff=2691
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:44 GMT
content-type: application/javascript
last-modified: Mon, 04 Sep 2017 22:09:56 GMT
etag: W/"4ba5-558645eeb3500-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cache-control: max-age=28800
cf-cache-status: HIT
age: 5087
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pt7ZIswqae8Z2RAGykUMEBZ9IjqXT1uz%2FXx9jE6l05OSaKVxhtwUIEpmyRenhuA4cqj61RqICrD%2BTH7N5nn8Xu3FgnI6ViSKGQ%2F9F17jwiJMgNCSSOPzQqlAq0lzZW5X"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7606fb43ff6bb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
waisheph.com/?rb=5H-4isfsacPVeRBXdpuIZCf6oA3eOICIYHRgted7t36xsmbw-7Zk869iUnPysvyrD_a5FS6tFtPqyDVpaZTd1zgkd8ZJ76LudgdtKuVoTyLNZD308uD_Z7Fb0XkiNxm48jVokT73hoiL-aBHmuHTLuogSo6heNMaalSStVLXFzaOQJyfZc7tNULihL_gKDpC0C1ubCaYXuxe300c1Lc4fY0b_WXApw8D_pnyqB8kAMA%3D&request_ab2=0&zoneid=4785761&js_build=iclick-v1.439.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2Fhexupload.net%2Fg86o0b5phgck&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.439.0&bs=7eadffab-7078-422f-aaae-34e0425a1316&userId=c1e1a071dcd3417890010f31587fefd4&m=link
139.45.197.245200 OK 0 B URL HTTP/2 waisheph.com/?rb=5H-4isfsacPVeRBXdpuIZCf6oA3eOICIYHRgted7t36xsmbw-7Zk869iUnPysvyrD_a5FS6tFtPqyDVpaZTd1zgkd8ZJ76LudgdtKuVoTyLNZD308uD_Z7Fb0XkiNxm48jVokT73hoiL-aBHmuHTLuogSo6heNMaalSStVLXFzaOQJyfZc7tNULihL_gKDpC0C1ubCaYXuxe300c1Lc4fY0b_WXApw8D_pnyqB8kAMA%3D&request_ab2=0&zoneid=4785761&js_build=iclick-v1.439.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2Fhexupload.net%2Fg86o0b5phgck&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.439.0&bs=7eadffab-7078-422f-aaae-34e0425a1316&userId=c1e1a071dcd3417890010f31587fefd4&m=link
IP 139.45.197.245:0
GET /?rb=5H-4isfsacPVeRBXdpuIZCf6oA3eOICIYHRgted7t36xsmbw-7Zk869iUnPysvyrD_a5FS6tFtPqyDVpaZTd1zgkd8ZJ76LudgdtKuVoTyLNZD308uD_Z7Fb0XkiNxm48jVokT73hoiL-aBHmuHTLuogSo6heNMaalSStVLXFzaOQJyfZc7tNULihL_gKDpC0C1ubCaYXuxe300c1Lc4fY0b_WXApw8D_pnyqB8kAMA%3D&request_ab2=0&zoneid=4785761&js_build=iclick-v1.439.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2Fhexupload.net%2Fg86o0b5phgck&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.439.0&bs=7eadffab-7078-422f-aaae-34e0425a1316&userId=c1e1a071dcd3417890010f31587fefd4&m=link HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hexupload.net/
Origin: https://hexupload.net
Connection: keep-alive
Cookie: OAID=c1e1a071dcd3417890010f31587fefd4; oaidts=1666827044
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 23:30:45 GMT
content-type: application/json
x-trace-id: c8f4f1875e19d9e3ffbb5986d2a4af3c
access-control-allow-origin: https://hexupload.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=c1e1a071dcd3417890010f31587fefd4; expires=Thu, 26 Oct 2023 23:30:45 GMT; path=/; secure; SameSite=None
oaidts=1666827045; expires=Thu, 26 Oct 2023 23:30:45 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 02 Nov 2022 23:30:45 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63258f417d7/js/twk-vendor.js
104.22.25.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63258f417d7/js/twk-vendor.js
IP 104.22.25.131:0
GET /_s/v4/app/63258f417d7/js/twk-vendor.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hexupload.net
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:47 GMT
content-type: application/javascript
age: 2456869
last-modified: Sat, 17 Sep 2022 09:12:03 GMT
etag: W/"7dcb496e4882926f93f2e73fa87062c0"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7606fb549cb2b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
notifpush.com/scripts/nadz-sdk.js
104.26.12.128200 OK 0 B URL HTTP/2 notifpush.com/scripts/nadz-sdk.js
IP 104.26.12.128:0
GET /scripts/nadz-sdk.js HTTP/1.1
Host: notifpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:45 GMT
content-type: application/javascript
x-amz-id-2: G74+9EYPUJoElnhGtvR7lo2YGviGKqziupKnOxuSrwuzyPF4eMdTUrAVrdK3Kq4vPX0AFhZYR9Q=
x-amz-request-id: KZM2A0SJC4MGNMHN
last-modified: Wed, 26 Oct 2022 07:58:54 GMT
x-amz-version-id: p5BnOgLmmS4XMpgb_87w5hxjsUkqmj35
etag: W/"c4031700c7a472814138a964b75aedb4"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5256
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OfFtSjnpqMGA3rgVEmZMhXmKwqIiQOTW6KV7PVOxNpG%2F2NKnfvm20HJdg%2Bw3BfEfRTdR5ieqQjkNrRE%2FbXD1HBYulsWvJawaYLcE1w9qSF0z28SUOUJQK3ASDq4XtKI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7606fb4a8d6c0b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
hexupload.net/ds2/css/style.min.css?v=0.04
104.21.8.150200 OK 0 B URL HTTP/2 hexupload.net/ds2/css/style.min.css?v=0.04
IP 104.21.8.150:0
GET /ds2/css/style.min.css?v=0.04 HTTP/1.1
Host: hexupload.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/g86o0b5phgck
Cookie: lang=english; aff=2691
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:44 GMT
content-type: text/css
last-modified: Wed, 23 Dec 2020 02:02:16 GMT
etag: W/"2c9e3-5b71814959a00-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cache-control: max-age=28800
cf-cache-status: HIT
age: 5087
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YenboaAf58yo%2BYe6dYSqI9RPoVfmWGQkIR%2FpPbKl%2B725yfogWNoqueeP2m9vxVMeL0hBfHzuqVm7iLj28VBSAXLh8U3rnCtghX8w9YUSBr%2Fy5HLSseBPRgJmVHZCkRVO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7606fb440f71b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
nanouwho.com/27/b10314e887d309db18535b2593bd9514
139.45.197.242200 OK 0 B URL HTTP/2 nanouwho.com/27/b10314e887d309db18535b2593bd9514
IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
GET /27/b10314e887d309db18535b2593bd9514 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Cookie: scm=1; OAID=725a243477104538a399caae10bae560; oaidts=1666827045
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 23:30:45 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Thu, 20 Oct 2022 04:50:21 GMT
expires: Thu, 19 Nov 2082 04:50:21 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
notifpush.com/serviceworker.js
104.26.12.128200 OK 0 B URL HTTP/2 notifpush.com/serviceworker.js
IP 104.26.12.128:0
GET /serviceworker.js HTTP/1.1
Host: notifpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:46 GMT
content-type: application/javascript
x-amz-id-2: l3iPtHZAOyh83v9mIF3z+3iiZsTydBeWQSA1Ay4MmrihMMpxUOdoGNSZ2jSTTegcP4JB5Z8GhqE=
x-amz-request-id: 4WWMHJR1JVA5HGFE
last-modified: Thu, 31 Mar 2022 15:58:26 GMT
x-amz-version-id: jj_OoBxjBxYNTH94tGqSrNOUKjh0ALe9
etag: W/"3743338cdd52952496d6d0824c6a993a"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2328
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YFNqR44is0qJPUKskllWBw3htRCwVhB%2B3PX99tEIugX1Kb8J1Y339XOeFTXTYM7oF%2FEUPmtqe3vh6UPVPZ1zmUt5btkWemjViSqf323EaLDQrFx3faZ2xFW%2F56KkVHQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7606fb4e1ecc0b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
notifpush.com/script_parameters/p_9821b7c2e007d136.json
104.26.12.128200 OK 0 B URL HTTP/2 notifpush.com/script_parameters/p_9821b7c2e007d136.json
IP 104.26.12.128:0
GET /script_parameters/p_9821b7c2e007d136.json HTTP/1.1
Host: notifpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hexupload.net/
Origin: https://hexupload.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:45 GMT
content-type: application/json
x-amz-id-2: ypFs81rPqJiyHvIetTgEZLwKK2eQQ6kpi/six9kBkKwRYaz1JYlUPD6KHevUvashTQniG3iaTFg=
x-amz-request-id: GVQG10NYCH51K7E4
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
last-modified: Wed, 27 Apr 2022 12:11:54 GMT
x-amz-version-id: nMRmzEJJRDItxDiGpSKlGDZHkXv4BMSX
etag: W/"de3bb48fc1ce9bc8d108828b2751057f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tyDLo%2BCVOm90Sbex044iSiN1sDT8oCKlIDDcdo13xGQBaAOtqoallZq8UnaobnB0mp3SvZEa%2FTh3uXNMp3VdMH5bp2ophOZ4NRS91Lb191fHvGk9BBz%2BHvZP73WdmAU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7606fb4b6c89fab4-OSL
content-encoding: br
X-Firefox-Spdy: h2
notifpush.com/serviceworker.js
104.26.12.128200 OK 0 B URL HTTP/2 notifpush.com/serviceworker.js
IP 104.26.12.128:0
GET /serviceworker.js HTTP/1.1
Host: notifpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:48 GMT
content-type: application/javascript
x-amz-id-2: l3iPtHZAOyh83v9mIF3z+3iiZsTydBeWQSA1Ay4MmrihMMpxUOdoGNSZ2jSTTegcP4JB5Z8GhqE=
x-amz-request-id: 4WWMHJR1JVA5HGFE
last-modified: Thu, 31 Mar 2022 15:58:26 GMT
x-amz-version-id: jj_OoBxjBxYNTH94tGqSrNOUKjh0ALe9
etag: W/"3743338cdd52952496d6d0824c6a993a"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2330
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LinzqgdXbhElwTGGd8vx8cyM6kPYyrfyPxyL1ipkVc4CfjP63kPe5OYuYHbaKWkSwz61CQRhvyljPgxC7liFPgD6HTkw%2BlFHLLBZchrjS%2BeSGttM6y0XHrCwsjYsyX8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7606fb5c1dd4b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
hexupload.net/ds2/js/jquery-1.9.1.min.js
104.21.8.150200 OK 0 B URL HTTP/2 hexupload.net/ds2/js/jquery-1.9.1.min.js
IP 104.21.8.150:0
GET /ds2/js/jquery-1.9.1.min.js HTTP/1.1
Host: hexupload.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/g86o0b5phgck
Cookie: lang=english; aff=2691
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:44 GMT
content-type: application/javascript
last-modified: Mon, 04 Sep 2017 22:09:54 GMT
etag: W/"169d5-558645eccb080-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cache-control: max-age=28800
cf-cache-status: HIT
age: 5087
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BpI295vAjs1JEsK6vajj7KseeHBJFawlFbYXyOpgXKTXSgg%2BUn2i1CsIdBVpvZ96WnSlVBuHoDYUnz%2BCgLWuOMD3G%2BVZ%2FrKA0PkOMDXhSo2vpe6o%2FxihYee5cbjpYglt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7606fb43ff6ab51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hexupload.net/doup1/assets/styles/bootstrap.min.css
104.21.8.150200 OK 0 B URL HTTP/2 hexupload.net/doup1/assets/styles/bootstrap.min.css
IP 104.21.8.150:0
GET /doup1/assets/styles/bootstrap.min.css HTTP/1.1
Host: hexupload.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/g86o0b5phgck
Cookie: lang=english; aff=2691
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:44 GMT
content-type: text/css
last-modified: Fri, 25 Jun 2021 09:14:46 GMT
etag: W/"22688-5c59392202d80-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cache-control: max-age=28800
cf-cache-status: HIT
age: 5087
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yJDKHExfr0CIco3inpbL7Lb6X3TWT%2F2%2BLl3aJayEcxqpRLIHq2f9ISd6KjwzB%2F7UzyOjCMy2xrMa3idTPHPsJfKYH5MeEZ%2F8VIQXf75twbibJbzDAvJy5PXdsaZwb4N8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7606fb440f70b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hexupload.net/ds2/js/paging.js
104.21.8.150200 OK 0 B URL HTTP/2 hexupload.net/ds2/js/paging.js
IP 104.21.8.150:0
GET /ds2/js/paging.js HTTP/1.1
Host: hexupload.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/g86o0b5phgck
Cookie: lang=english; aff=2691
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:44 GMT
content-type: application/javascript
last-modified: Mon, 04 Sep 2017 22:09:57 GMT
etag: W/"739-558645efa7740-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cache-control: max-age=28800
cf-cache-status: HIT
age: 5087
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XFIdc04VNt1gudYp5ghcJH0tycsHBYykDFehbJS%2FPE9uxjczAnTqmYxBM1JmHqltaIAltdPzvj4FDH6UAOZK2f78q0hJgDuvlT7oxTQpLxO4wMLuwvstcXAxgrlV1Ovl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7606fb440f6fb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
172.67.194.45200 OK 0 B IP 172.67.194.45:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:45 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 14:05:58 GMT
etag: W/"634eb2c6-32d9"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 1081
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ud0ww9DL5HOO6%2Fv%2FMEIWgPzIUOvV7q5SEEG9iDwNhxD%2Fp%2BwzNfE8m180R%2BcPioSgmF4VEmQnCXNn2iVIKwdRtcCirc8ygE05QI%2FIYzDs8TtaC2f2TXRhfGL7scQUIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7606fb4859e60b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
nanouwho.com/1?z=4796097
139.45.197.242200 OK 0 B IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=4796097 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 23:30:45 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: dc12d5bc824906cd1aed80f7024679fb
access-control-expose-headers: X-Sc
x-sc: 924wKqLfT3hYsD6QPxMIM3lkYudxPZk4SsGdoJQVTCkZ9Rkmf4j5sRjjOtDA3hocdNO3tM-5-YT6ydruwDq00iZgK7Q=
set-cookie: scm=1; expires=Thu, 26 Oct 2023 23:30:45 GMT; secure; SameSite=None
OAID=725a243477104538a399caae10bae560; expires=Thu, 26 Oct 2023 23:30:45 GMT; secure; SameSite=None
oaidts=1666827045; expires=Thu, 26 Oct 2023 23:30:45 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
172.64.193.5200 OK 0 B URL HTTP/2 addresseepaper.com/sfp.js
IP 172.64.193.5:0
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:45 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 76504113d5a79290ce6a916c761fbf26
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 26 Oct 2022 23:30:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pd5Cl4FAzynkc8W3be1qY9Fpg917Sl%2BEcPIx9gJR4NNxZIExTOW0SzRzZSH0GzpLn1LXskeCBfM8u9oFa6bg8RIfs6SFh7V5bwXUQ5yj4nnJAKOEtx2oEVfkBc5oyYYIzu%2FuChk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7606fb4abac77525-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63258f417d7/js/twk-main.js
104.22.25.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63258f417d7/js/twk-main.js
IP 104.22.25.131:0
GET /_s/v4/app/63258f417d7/js/twk-main.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hexupload.net
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:47 GMT
content-type: application/javascript
age: 628209
last-modified: Sat, 17 Sep 2022 09:12:03 GMT
etag: W/"da5bb1dc647470204df0e49f5afac2de"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7606fb549cb1b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63258f417d7/js/twk-app.js
104.22.25.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63258f417d7/js/twk-app.js
IP 104.22.25.131:0
GET /_s/v4/app/63258f417d7/js/twk-app.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hexupload.net
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:47 GMT
content-type: application/javascript
age: 1255897
last-modified: Sat, 17 Sep 2022 09:12:03 GMT
etag: W/"e736e189edb5d0d9d5b8e7f23dd9114a"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7606fb54acb7b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63258f417d7/js/twk-runtime.js
104.22.25.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63258f417d7/js/twk-runtime.js
IP 104.22.25.131:0
GET /_s/v4/app/63258f417d7/js/twk-runtime.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hexupload.net
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:47 GMT
content-type: application/javascript
last-modified: Sat, 17 Sep 2022 09:12:03 GMT
etag: W/"31ca85b2b61bb42db4e40c2e9429f7dc"
age: 816496
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7606fb54acb6b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hexupload.net/ds2/js/jquery.cookie.js
104.21.8.150200 OK 0 B URL HTTP/2 hexupload.net/ds2/js/jquery.cookie.js
IP 104.21.8.150:0
GET /ds2/js/jquery.cookie.js HTTP/1.1
Host: hexupload.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hexupload.net/g86o0b5phgck
Cookie: lang=english; aff=2691
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:44 GMT
content-type: application/javascript
last-modified: Mon, 04 Sep 2017 22:09:56 GMT
etag: W/"c31-558645eeb3500-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
cache-control: max-age=28800
cf-cache-status: HIT
age: 5087
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GmY8zzcDkQeTpNqVQmeEezqyndj8JwkrX96qFl5a3pv3Db6dZtKnD4bNACg6Hwdks8Cgh6C6zKzJ1RswEzsUNNEVUYsQX4KkgVagDOl%2FyU2XLrU%2BTW5IaK61Y33cS7nU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7606fb440f6eb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63258f417d7/js/twk-chunk-vendors.js
104.22.25.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63258f417d7/js/twk-chunk-vendors.js
IP 104.22.25.131:0
GET /_s/v4/app/63258f417d7/js/twk-chunk-vendors.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hexupload.net
Connection: keep-alive
Referer: https://hexupload.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 23:30:47 GMT
content-type: application/javascript
age: 1255898
last-modified: Sat, 17 Sep 2022 09:12:03 GMT
etag: W/"81c2642aac0b88b6b237d279f5f8ce67"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7606fb549cb3b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2