goldlash.cn/assai-qf/tb.php?pp=wg1669901874107
200 OK 595 B URL HTTP/1.1 goldlash.cn/assai-qf/tb.php?pp=wg1669901874107
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (479), with CRLF line terminators
Hash 0c8ec2b76eb3d28e17f640a9fbcb55c2
e87d38af5ea0b7e622a63be7633af034302b1447
6376ed810227165df1faf97c80336d784d1751edb633e575300f636cc67018fd
Analyzer Verdict Alert fortinet Phishing
GET /assai-qf/tb.php?pp=wg1669901874107 HTTP/1.1
Host: goldlash.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 20:21:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eOnILVvPFlzGyAv1%2B%2FOmENT3qhRWtCPXc%2FWku929CVObCmYC9QYSXVvx81xoh9FFO3H2DHvZlcRibwvAm3bgpCjN0b9Hzly4neVa4AmhYPnVP26QVtFxPtHqG9l1ag%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 772e87dce96b0b45-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4641
Expires: Thu, 01 Dec 2022 21:39:03 GMT
Date: Thu, 01 Dec 2022 20:21:42 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5387
Cache-Control: max-age=142757
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 20:21:42 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 12:00:59 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 20:19:49 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 113
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11270
Expires: Thu, 01 Dec 2022 23:29:32 GMT
Date: Thu, 01 Dec 2022 20:21:42 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: z9bNKaEZdnO962G3YWBmepAB3j3ICAU++xzpDyLTyUkC37L9K3XzoAi/jbx+D5gUOp2NKCEICyE=
x-amz-request-id: 9N8VZ5FA585D45KP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 19:46:25 GMT
age: 2117
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 20:21:42 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
goldlash.cn/favicon.ico
200 OK 455 B IP
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 3c5d244b8b6b192c76a2c4331450c235
7e53f5ad871fcd67705eaf77f1ca9ff247143e1e
e0f26b6349453a86cd1f0f87cfd80559ef7edb6d88ff0af9ced7d7e413c548e3
GET /favicon.ico HTTP/1.1
Host: goldlash.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://goldlash.cn/assai-qf/tb.php?pp=wg1669901874107
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 20:21:42 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 27 Dec 2016 03:54:11 GMT
ETag: W/"5861e5e3-1b0"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ftolv3rgHuNoGkkdg7blVBsecCQfz0CrBWv5%2BeLMZtQE9J%2FP%2BxSpQRxYwtKUW7VkXXw1dLPRvNXP8Jt15ajMtd0vJx7FBd%2FM3wYMvBM%2FgahcmllEXAACR4aQcG3vA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 772e87df1be60b45-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
goldlash.cn/j/og2.js?_t=1669926101383
200 OK 942 B URL HTTP/1.1 goldlash.cn/j/og2.js?_t=1669926101383
IP
File type ASCII text, with CRLF line terminators
Hash bad1af26351d2e87c035596233940ab0
9ac0e34dcbfd29ca3070c506c200777a8016b161
bc734ed6fc97cbcbaa0ed5236ce8aa46754596a9a79eef96684242d231d0644e
GET /j/og2.js?_t=1669926101383 HTTP/1.1
Host: goldlash.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://goldlash.cn/assai-qf/tb.php?pp=wg1669901874107
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 20:21:42 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 16:09:56 GMT
Vary: Accept-Encoding
ETag: W/"635172d4-850"
Expires: Fri, 02 Dec 2022 08:21:42 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zg4V%2FFbXW35UxprbxBidfuxkJD%2F03wIsp6qHmspfm06Tan0YCHR5BJrdlbmYtbLuVTRJtk0Bfp%2BWF0EyNI7RSOm9khM7zERxL%2Fl3ANgOlwHtqi26ojkCFIfhzbZTpg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 772e87df6cbd0b45-OSL
alt-svc: h2=":443"; ma=60
goldlash.cn/j/og2.php?_t=1669926101451
200 OK 100 B URL HTTP/1.1 goldlash.cn/j/og2.php?_t=1669926101451
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 3dff561ef1ac33e5c822a3944a8402e6
584037bc5400021ce7e273257cb10f8e43719ecb
06e3c2b1e743b39307e6696f7c42d9a92afe39045eeef31d626c0d36972ea2d2
Analyzer Verdict Alert fortinet Phishing
POST /j/og2.php?_t=1669926101451 HTTP/1.1
Host: goldlash.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 47
Origin: http://goldlash.cn
Connection: keep-alive
Referer: http://goldlash.cn/assai-qf/tb.php?pp=wg1669901874107
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 20:21:43 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ovx75jDgErltSNqH6c15HspxbWzlqmlmAIXnEIH8YL15y0Y1SnDNLKnRuMqYXeq5DWRfcFN5m2BfYGpa5Iy0XnLAFnkv74lzbmO9YV%2FPe%2BDKyvEzcKnWwyMCGv3tfw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 772e87dfcd130b45-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 16bf212f733c5b163785edad6803e4d2
b1bbc9db24db8bd79b11f6eebf5182352a100486
4f7a13e4cbf34f223624a6d33aca3835f625e51e633841fb05e9715955f3f302
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4F7A13E4CBF34F223624A6D33ACA3835F625E51E633841FB05E9715955F3F302"
Last-Modified: Tue, 29 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6219
Expires: Thu, 01 Dec 2022 22:05:22 GMT
Date: Thu, 01 Dec 2022 20:21:43 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 16bf212f733c5b163785edad6803e4d2
b1bbc9db24db8bd79b11f6eebf5182352a100486
4f7a13e4cbf34f223624a6d33aca3835f625e51e633841fb05e9715955f3f302
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4F7A13E4CBF34F223624A6D33ACA3835F625E51E633841FB05E9715955F3F302"
Last-Modified: Tue, 29 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6219
Expires: Thu, 01 Dec 2022 22:05:22 GMT
Date: Thu, 01 Dec 2022 20:21:43 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 280 B IP
Hash ea2fc44bed758d2ec6c08e38212322ff
8bb9b1346e750bb3acfe998140b7fdd753a6623a
bd65b627bdece53af78c91753a2fbda2f96f058c7f763746a3d36eee63fb3259
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3381
Cache-Control: max-age=164525
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 20:21:43 GMT
Etag: "6388df4f-118"
Expires: Sat, 03 Dec 2022 18:03:48 GMT
Last-Modified: Thu, 01 Dec 2022 17:07:27 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
200 OK 935 B IP
File type gzip compressed data, from Unix\012- data
Hash 084287f68e042624f06c2e987a5b1700
e6861d25c221e55ab4cb26bd5baa82e4e8ef099f
35c4bfe3da0ffeed53539e5a8afe715e8898749488d81c390b8e4a382579e8ff
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3381
Cache-Control: max-age=164525
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 20:21:43 GMT
Etag: "6388df4f-118"
Expires: Sat, 03 Dec 2022 18:03:48 GMT
Last-Modified: Thu, 01 Dec 2022 17:07:27 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
200 OK 280 B IP
Hash ea2fc44bed758d2ec6c08e38212322ff
8bb9b1346e750bb3acfe998140b7fdd753a6623a
bd65b627bdece53af78c91753a2fbda2f96f058c7f763746a3d36eee63fb3259
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3381
Cache-Control: max-age=164525
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 20:21:43 GMT
Etag: "6388df4f-118"
Expires: Sat, 03 Dec 2022 18:03:48 GMT
Last-Modified: Thu, 01 Dec 2022 17:07:27 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
200 OK 280 B IP
Hash ea2fc44bed758d2ec6c08e38212322ff
8bb9b1346e750bb3acfe998140b7fdd753a6623a
bd65b627bdece53af78c91753a2fbda2f96f058c7f763746a3d36eee63fb3259
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3381
Cache-Control: max-age=164525
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 20:21:43 GMT
Etag: "6388df4f-118"
Expires: Sat, 03 Dec 2022 18:03:48 GMT
Last-Modified: Thu, 01 Dec 2022 17:07:27 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 20:21:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 20:21:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 20:11:15 GMT
cache-control: public,max-age=3600
age: 628
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4be40ea74d6577e970d6c4467cf8a2bc
3de953ba7a8c82aa49152ab92ff0dbb5710f5237
57ad9edc4d5eb1f0d6b58d25b50e54fed16b8e6d656b212006f3e0ecae73072e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "57AD9EDC4D5EB1F0D6B58D25B50E54FED16B8E6D656B212006F3E0ECAE73072E"
Last-Modified: Tue, 29 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6254
Expires: Thu, 01 Dec 2022 22:05:57 GMT
Date: Thu, 01 Dec 2022 20:21:43 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 20:21:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 192308a99b557bed384aecc29e85f66b
0943c11e5b7fca30176cdde5e1fc19553b0ab3e8
b59fee4ddee8362fc93d3d3b159a3bc0d541099db4deb6837ed4baa587ff73ff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B59FEE4DDEE8362FC93D3D3B159A3BC0D541099DB4DEB6837ED4BAA587FF73FF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6444
Expires: Thu, 01 Dec 2022 22:09:07 GMT
Date: Thu, 01 Dec 2022 20:21:43 GMT
Connection: keep-alive
www.googletagmanager.com/gtag/js?id=G-0C230YDF7G
200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-0C230YDF7G
IP
File type ASCII text, with very long lines (20080)
Hash 58e56692099c5705dd9aa8b70dd3b803
7a7565863b4cbdabea0b350841c69966a96fb71d
1b8ba91ce6a5d7c02bc837bdff59f01f6d591609b44a1784c2c7b687fc588474
GET /gtag/js?id=G-0C230YDF7G HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Dec 2022 20:21:43 GMT
expires: Thu, 01 Dec 2022 20:21:43 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76262
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-LW7434MYMN
200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-LW7434MYMN
IP
File type ASCII text, with very long lines (20080)
Hash 9d67cd69d29ed6dabbb6c6019ed01b70
1098a037530c573fb00a85c184ec0bd9304c0c13
1ba97226ae0a4ec736c7e2503879e29a670e400801e20c4065baa7ced98d2952
GET /gtag/js?id=G-LW7434MYMN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Dec 2022 20:21:43 GMT
expires: Thu, 01 Dec 2022 20:21:43 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76262
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-RPLJF0GXVQ
200 OK 77 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-RPLJF0GXVQ
IP
File type ASCII text, with very long lines (22462)
Hash f56cb3057523c5836c3350aba0f9b611
d9fb0862d665f4f93c273f7d260214251f6e503f
d3e6cda57d90976668c503b468eadf3e315913b6955be883dee244a3fb1af77f
GET /gtag/js?id=G-RPLJF0GXVQ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Dec 2022 20:21:43 GMT
expires: Thu, 01 Dec 2022 20:21:43 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76865
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5385
Cache-Control: max-age=137691
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 20:21:43 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 10:36:34 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
bonepa.com/js/responsive.js
200 OK 1.5 kB URL HTTP/2 bonepa.com/js/responsive.js
IP
ASN #201702 skHosting.eu s.r.o.
Hash 465defd3602400e90d98417b7e0a44d0
b29f00caca838b64476b85f055e3972fbd14fac9
7128a1c8a12c2517eb917b17706e8ab52c17ec2f6ab8f43abd3449352fa13c27
Analyzer Verdict Alert fortinet Phishing
GET /js/responsive.js HTTP/1.1
Host: bonepa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 13:52:39 GMT
etag: W/"63627627-e32"
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash f1a1d1c61902f782da72ad648ef0822e
a9f41722a3e5180ec4019998b5f0fdb464f2aafb
f75b6732b286ec9b4694cd53c6a33f64732412c336425c1091cd5316380e26d1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 20:21:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 20:21:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash e68ba8d70e4d126e4cb1d9ca9f9a9ea8
e9668628f5d3ca65b3639ef9a96728744a4a0b88
0d6783a242414471c8015fab158a5bead0dd30e2190e371f3d3f24d6f4d9efe6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "0D6783A242414471C8015FAB158A5BEAD0DD30E2190E371F3D3F24D6F4D9EFE6"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2922
Expires: Thu, 01 Dec 2022 21:10:25 GMT
Date: Thu, 01 Dec 2022 20:21:43 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash e68ba8d70e4d126e4cb1d9ca9f9a9ea8
e9668628f5d3ca65b3639ef9a96728744a4a0b88
0d6783a242414471c8015fab158a5bead0dd30e2190e371f3d3f24d6f4d9efe6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "0D6783A242414471C8015FAB158A5BEAD0DD30E2190E371F3D3F24D6F4D9EFE6"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2922
Expires: Thu, 01 Dec 2022 21:10:25 GMT
Date: Thu, 01 Dec 2022 20:21:43 GMT
Connection: keep-alive
cdnbun.com/upload/assai-box3.png
200 OK 14 kB URL HTTP/2 cdnbun.com/upload/assai-box3.png
IP
File type PNG image data, 300 x 216, 8-bit/color RGBA, non-interlaced\012- data
Hash fd3c950a0109290862d3663b22f47fad
f5ac98aa18c1fc0f0dd8fcb6c58bd8be539631d0
1a5839bcc08b5d7a8e35727f80268f757dea88c99ca6e58144f1f031f65f09fe
GET /upload/assai-box3.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: image/png
content-length: 13638
x-guploader-uploadid: ADPycdse-PXZdh0CIdtLJHQNA9Z0CmClBvLcz_aKShSDkPC3z4tOA3JBI10rsUdykNQ3iOOmFyeN_G_tIDofawDp9RnYypM3SKSj
expires: Thu, 01 Dec 2022 21:16:31 GMT
cache-control: public, max-age=14400
last-modified: Mon, 10 Oct 2022 12:07:54 GMT
etag: "fd3c950a0109290862d3663b22f47fad"
x-goog-generation: 1665403674637831
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 13638
x-goog-hash: crc32c=LJ5fbg==, md5=/TyVCgEJKQhi02Y7IvR/rQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 13
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2GxVNdqoiW4ohzbEMbF3%2BsGYFaaSWq%2B8qR%2BoOfF%2Bn8lc%2Bu7EyHNVYk%2FfClVt%2FqaUTZPbyzKXBlfzNC%2FBNEAG2yLC95%2FaiKMzRsIymU%2FNh3FeCSNrOH0dUaiRNcTO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e3adc5e62c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
1.bp.blogspot.com/-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png
200 OK 14 kB URL HTTP/2 1.bp.blogspot.com/-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png
IP
File type PNG image data, 350 x 251, 8-bit colormap, non-interlaced\012- data
Hash ff055162c5d233506eece3fb69a47e74
49812e303ae6674819b6a7a6e0721d555ef64df4
7e46c8bcf219a0d6f0f3d5c5b027ed613678a0c54d637172d6495f428ff80150
GET /-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Norway_inbox.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 13695
x-xss-protection: 0
date: Thu, 01 Dec 2022 18:38:22 GMT
expires: Sun, 06 Nov 2022 03:07:19 GMT
cache-control: public, max-age=86400, no-transform
age: 6201
etag: "v630"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdnbun.com/upload/assai-left.png
200 OK 1.1 kB URL HTTP/2 cdnbun.com/upload/assai-left.png
IP
File type PNG image data, 36 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash b498b4af5564b81bf734f6973b509d81
fcc49037f535df7da08bcb369cd6e6ceb37e5b96
68cab45cc052cf4fe747879fe24ac4546a1d3814de3282779d5b8f8b84a93932
GET /upload/assai-left.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: image/png
content-length: 1054
x-guploader-uploadid: ADPycdtSp-KkWL9XyNhteP55wxt9wwJ9AZvKoYI9UoG8O8fA7BpKMSlMzJBr-VjDXuzYrNidboBp7dff-wKSw-6bsEFZlgvuc-Ck
expires: Thu, 01 Dec 2022 20:11:40 GMT
cache-control: public, max-age=14400
last-modified: Mon, 10 Oct 2022 12:07:55 GMT
etag: "b498b4af5564b81bf734f6973b509d81"
x-goog-generation: 1665403675835762
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1054
x-goog-hash: crc32c=SdyiOQ==, md5=tJi0r1VkuBv3NPaXO1CdgQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 2977
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=baITUloglsWbLu44JEPquWDO4Buaw0WIRxfy8q0ztOVEISnLYLFhZEcO2fnov2BjeTkzC4Wr8WrSwXOh8Ko9KRyzE8ZDiM3ZmUdUmeilBqH63B9fggpUp5BoqmnV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e3adc2e62c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash dd23da2808ae8aa86b91400946d25876
42f33a327a1e47ca49dddff6997c5ef782ec82ae
041096a10c64c40fd34d9e37fbd2e1ac629de0580e4977c28729bc8809636a22
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "041096A10C64C40FD34D9E37FBD2E1AC629DE0580E4977C28729BC8809636A22"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19782
Expires: Fri, 02 Dec 2022 01:51:25 GMT
Date: Thu, 01 Dec 2022 20:21:43 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash dd23da2808ae8aa86b91400946d25876
42f33a327a1e47ca49dddff6997c5ef782ec82ae
041096a10c64c40fd34d9e37fbd2e1ac629de0580e4977c28729bc8809636a22
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "041096A10C64C40FD34D9E37FBD2E1AC629DE0580E4977C28729BC8809636A22"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19782
Expires: Fri, 02 Dec 2022 01:51:25 GMT
Date: Thu, 01 Dec 2022 20:21:43 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash dd23da2808ae8aa86b91400946d25876
42f33a327a1e47ca49dddff6997c5ef782ec82ae
041096a10c64c40fd34d9e37fbd2e1ac629de0580e4977c28729bc8809636a22
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "041096A10C64C40FD34D9E37FBD2E1AC629DE0580E4977C28729BC8809636A22"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19782
Expires: Fri, 02 Dec 2022 01:51:25 GMT
Date: Thu, 01 Dec 2022 20:21:43 GMT
Connection: keep-alive
voicelevel.top/QqoO3WkX/assai-qf/?_t=1669926101506
200 OK 68 kB URL HTTP/2 voicelevel.top/QqoO3WkX/assai-qf/?_t=1669926101506
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (953), with CRLF, LF line terminators
Hash 8ea984b26a599514c86443825fd5be1a
78edc7598c1420476287dbe3f8ec789b11688360
83bc8b1cb939b7a2497b6b09f4a9d2fe91a09a244eebe656ce2afc5b7f1a5307
Analyzer Verdict Alert fortinet Malware
GET /QqoO3WkX/assai-qf/?_t=1669926101506 HTTP/1.1
Host: voicelevel.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://goldlash.cn/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: assai-qf-tthh1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.voicelevel.top
assai-qf-tthh2=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.voicelevel.top
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w4zUJiymSZmt55AZJkGX7zsImtfjcGAcAK4XVGIVpwluRPdKpzHKFxoH7BPdONwOq3YPJyMbzki%2B6%2Fi5MNpGcU01G2ti5MVPeQ6xb8vwdyieMVeG7JS2YONS4Gmlcj0FfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772e87e07f1cb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Roshel%20Fernando.jpg
200 OK 18 kB URL HTTP/2 263cdn.com/upload/Roshel%20Fernando.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 3ff8d45b140648ef6216fb98734ca01e
f820b296a83a6b7e8082ad641a45c1eee714dd2a
bc9fa09ef1bf78ee5ce7fdd994af392359f4a4ca0248574398d926a1b4f1228a
GET /upload/Roshel%20Fernando.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: image/jpeg
content-length: 18516
x-guploader-uploadid: ADPycdt6C7XsSpI21jKX3-gqXBz7dXEO0D4HPtpIpaJoQOTGMWVsI-w4jTAspE5W-ApsnC9ZpgnFhhkmdp2hcoCNP-41
expires: Thu, 01 Dec 2022 20:02:49 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:47:26 GMT
etag: "3ff8d45b140648ef6216fb98734ca01e"
x-goog-generation: 1655329646675391
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 18516
x-goog-hash: crc32c=7o2efQ==, md5=P/jUWxQGSO9iFvuYc0ygHg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 2092
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FQdQTXFigI4HLNUdWIqyr7HSTLXoeUb%2BEHxOHVtIEmh%2FaD5L7uA3cGhuQBtnW8v2KtUBh1jQ7YEokNU0ZxfbhoQD%2Fg%2BZ92HWM0Q3T6XKMc1YY3Vbn2QjmHClmejH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e409188926-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnbun.com/upload/assai-right.png
200 OK 1.1 kB URL HTTP/2 cdnbun.com/upload/assai-right.png
IP
File type PNG image data, 36 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash ca18fee8888535c88df77fbd70227f56
80de8a8bc5a48f877af5117fb534a62c89617b95
2442571890795d67ca0356ce166d662d8e22bbbd8c2219867fa371289f47b928
GET /upload/assai-right.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: image/png
content-length: 1054
x-guploader-uploadid: ADPycdvq5gklzbU1fy3HiJxkL2TqwV3WExMBE0YM7-ngxFhsMPf3x6E-AAmHftQlyY6GZur7-0oiB2f2b-N7H8w5KgkL74lAyFsT
expires: Thu, 01 Dec 2022 20:37:57 GMT
cache-control: public, max-age=14400
last-modified: Mon, 10 Oct 2022 12:07:57 GMT
etag: "ca18fee8888535c88df77fbd70227f56"
x-goog-generation: 1665403677240674
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1054
x-goog-hash: crc32c=H91Taw==, md5=yhj+6IiFNciN93+9cCJ/Vg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 13
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2UrnlTMfRK2bchfwP3FAw%2FIpvMBdlbaf%2FWqM2cXuBpABsLYp91dO3FnOjra%2Bu2gzYWcwoUiw9sWmkNz3Xj5MOLqkQZu7NN5jgg6CiGsR46PtjlppCTT%2BP6lco8Rl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e3ee2ae62c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Keshan%20Sadaru.jpg
200 OK 17 kB URL HTTP/2 263cdn.com/upload/Keshan%20Sadaru.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 198x200, components 3\012- data
Hash fe342f0ffe63a8d20a98aff08febd94f
3b9b63c41d09dd6455ae87ad4f6b6453f552ec18
56d42765898dea5160ce65414486a729d3fc4b7665f1fd6d43742ab061db4e50
GET /upload/Keshan%20Sadaru.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: image/jpeg
content-length: 17330
x-guploader-uploadid: ADPycdvpRL2ugk0bG0K_JTLp_VgBu75cgqj6mxEFBKaljyWruQR7iXI80qy5YyBl01bGQXwCxuljElMIiX9vp9G84O0l-TDZ3pq4
expires: Thu, 01 Dec 2022 21:02:25 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:46:42 GMT
etag: "fe342f0ffe63a8d20a98aff08febd94f"
x-goog-generation: 1655329602763398
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 17330
x-goog-hash: crc32c=q6DV6A==, md5=/jQvD/5jqNIKmK/wj+vZTw==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 786
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t4VuZDAgvWepSQ3Oftf5Zg6il4BYjkR9XdGkPGvKllj82fW8uONhC2bQ%2FcUtmAmdWAAKygRAr4lysHDZQGo7V%2BQGljfBt3A0ec6F5pfYymVnL8O%2BXdfsjO5EDuwx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e409218926-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnbun.com/upload/assai-m.jpg
200 OK 13 kB URL HTTP/2 cdnbun.com/upload/assai-m.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 118x80, components 3\012- data
Hash ab567eb3ad80fcc4b50a897977f04e5b
a884b6163282fa283c9c3601faba71c2bb7bea93
be79ee1655fc0455c26628698f0c5a99905f48ea677de8dc7a7a962102c24c84
GET /upload/assai-m.jpg HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: image/jpeg
content-length: 12733
x-guploader-uploadid: ADPycduVQpDvhwCHL2j6cMrdf4MpgR7trE-Dk97jO2cnhBf6EM5zg-Fl4o6gPST6FZvvDw-iaMIevMXle41KdDK_H3vl2g
expires: Thu, 01 Dec 2022 20:26:54 GMT
cache-control: public, max-age=14400
last-modified: Mon, 10 Oct 2022 12:07:56 GMT
etag: "ab567eb3ad80fcc4b50a897977f04e5b"
x-goog-generation: 1665403675978985
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 12733
x-goog-hash: crc32c=xrfDug==, md5=q1Z+s62A/MS1Col5d/BOWw==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 13
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tKuEIoN9QlagMt6rk0gRm4vVzGBjtFQZhMe1VXVJoPyZx8VtIOKrqefuK8TJoJ%2Bx36maJ18T4tw4MCtRwEdHXMzrrlfNaJUxbOb5BSit3CjqFt4KDdu7NZluO0S0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e3fe39e62c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnbun.com/upload/assai-box1.png
200 OK 25 kB URL HTTP/2 cdnbun.com/upload/assai-box1.png
IP
File type PNG image data, 280 x 201, 8-bit/color RGBA, non-interlaced\012- data
Hash 3fcb8926fc68cff25ad558e2cacacc5c
3e010a622a49b9b80bc5c0bb2b82ef062fcd5014
9f63bb9721d7a4217a65f6a29a3a92c21da47d8704e0650a3410298dad68983a
GET /upload/assai-box1.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: image/png
content-length: 25063
x-guploader-uploadid: ADPycdvwkpIDCHjI1gQeUAniEq5GRJKXMYeGo6MweYYRGR9aO7sVh1PCaTzxnNRV0JdZVLe8RZSAj5fjwn9BlWE2jrmncQ
expires: Thu, 01 Dec 2022 20:38:54 GMT
cache-control: public, max-age=14400
last-modified: Mon, 10 Oct 2022 12:07:54 GMT
etag: "3fcb8926fc68cff25ad558e2cacacc5c"
x-goog-generation: 1665403674468860
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 25063
x-goog-hash: crc32c=iaL6TQ==, md5=P8uJJvxoz/Ja1VjiysrMXA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 2219
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p7srivu3OZQQgRO9AM%2Fg%2BBRIoTEmmld%2B6NwjLvkg3THiwkDLuH6I45PJxoYthDIdqGV0TA%2B5pRaGnTNDXf2h8V6QlyLcKbDtf6mTGz6BwQWGUZqjfngpEzClIjwb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e3ee2de62c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnbun.com/upload/assai-box2.png
200 OK 7.7 kB URL HTTP/2 cdnbun.com/upload/assai-box2.png
IP
File type PNG image data, 280 x 201, 8-bit/color RGBA, non-interlaced\012- data
Hash 60e7f7911353f2d8fbefa254abb7a057
9cdc4413e84f2792ba9a6345efe49aa5cd4cd545
5ad90598f263482d7c99abf1a48b6f2c2bc0dd8d490cd454af516e7870adc9f6
GET /upload/assai-box2.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: image/png
content-length: 7696
x-guploader-uploadid: ADPycdvtmiDBPu3Qvnt4RStjq0TTkmGyRgp5RQFM5ok8-dYtpV1EATqyfren1qin13uBmbpNT9YkybkSq6RWbPmtRbkTorNojhKc
expires: Thu, 01 Dec 2022 20:07:08 GMT
cache-control: public, max-age=14400
last-modified: Mon, 10 Oct 2022 12:07:54 GMT
etag: "60e7f7911353f2d8fbefa254abb7a057"
x-goog-generation: 1665403674578044
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7696
x-goog-hash: crc32c=mck7OQ==, md5=YOf3kRNT8tj776JUq7egVw==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 2977
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NA3dSBjWgTBmBP4dTlo%2ByVmEq9LR6L9mzlM7dHyGBXrZb7qW9BV5y6oG0QPZywWT4UK5KWk7G4KSvDCmeOeZAcao1vwgYutG2fyL6MaNnWxMOyWCwr7rU7AI%2Bh1m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e3add9e62c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash dd23da2808ae8aa86b91400946d25876
42f33a327a1e47ca49dddff6997c5ef782ec82ae
041096a10c64c40fd34d9e37fbd2e1ac629de0580e4977c28729bc8809636a22
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "041096A10C64C40FD34D9E37FBD2E1AC629DE0580E4977C28729BC8809636A22"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19782
Expires: Fri, 02 Dec 2022 01:51:25 GMT
Date: Thu, 01 Dec 2022 20:21:43 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 280 B IP
Hash ea2fc44bed758d2ec6c08e38212322ff
8bb9b1346e750bb3acfe998140b7fdd753a6623a
bd65b627bdece53af78c91753a2fbda2f96f058c7f763746a3d36eee63fb3259
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=161144
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 20:21:43 GMT
Etag: "6388df4f-118"
Expires: Sat, 03 Dec 2022 17:07:27 GMT
Last-Modified: Thu, 01 Dec 2022 17:07:27 GMT
Server: nginx
Content-Length: 280
263cdn.com/upload/Jessica%20Cediel.jpg
200 OK 11 kB URL HTTP/2 263cdn.com/upload/Jessica%20Cediel.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 200x199, components 3\012- data
Hash 6ba530c5fd8a3c8b2f1e8b229abf9342
c1fc0e26ccb7902fa39c66fe99270cd80b69125c
1f5095f8810ab9621801237fb254fffb03d70d869d0e6a6141499c86c18f3462
GET /upload/Jessica%20Cediel.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: image/jpeg
content-length: 11084
x-guploader-uploadid: ADPycdviUMX-TXjogd3qDDLi1quYcbOx88XpZV6Z0PsO5nLbSYSU5J2uCrQ5JkrqxkVWyejZ9IFz0UaE7axXMwjtJonHHfzLhxS3
expires: Thu, 01 Dec 2022 20:02:55 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:46:36 GMT
etag: "6ba530c5fd8a3c8b2f1e8b229abf9342"
x-goog-generation: 1655329596649677
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 11084
x-goog-hash: crc32c=cxk7cQ==, md5=a6Uwxf2KPIsvHosimr+TQg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3585
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n3s8CbSKuoPn3CNgEcC6Rwue7mqAVYOSTbZRRw4aJD2IQ%2F0T9rNJaoCV%2FCs9ksuskftiL0WNIZJ6UtgqxXPZeBVw5GfA1q3zBEpCkDqkrAxocQtUrDjJ8tGZ3fO4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e4091e8926-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash f1a1d1c61902f782da72ad648ef0822e
a9f41722a3e5180ec4019998b5f0fdb464f2aafb
f75b6732b286ec9b4694cd53c6a33f64732412c336425c1091cd5316380e26d1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 20:21:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
263cdn.com/upload/Ishika%20Sharma.jpg
200 OK 6.3 kB URL HTTP/2 263cdn.com/upload/Ishika%20Sharma.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash 7da7bc3260bbe1cee90ab50478bca71f
ec3a08f36fccc26c5e039d10c64b3aec92edf7a4
3bdc8f4d4640414042a55306215d01516dd6bbea1b2d2beccba37c0fe3c807fe
GET /upload/Ishika%20Sharma.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: image/jpeg
content-length: 6307
x-guploader-uploadid: ADPycdvr8pgqVRtnuJri4pG1xucrLyVzIyRFEQBOLsME3T6c8Ks0VCBYCUfEzYbcTJP8IFGz_TAOeLIT6_VtoYc1rJn_qx4CkK81
expires: Thu, 01 Dec 2022 20:02:55 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:46:35 GMT
etag: "7da7bc3260bbe1cee90ab50478bca71f"
x-goog-generation: 1655329595729519
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 6307
x-goog-hash: crc32c=8FNbZA==, md5=fae8MmC74c7pCrUEeLynHw==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1906
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gYW1DlUOU2%2F7k13mlcKlv4jtgyCQfAFNDAkxxmGmjz9wF4khNJv6jUWdr5LwwQ3QDcb%2F0nSDlP99r0ciYVwWBn6kVzlOMW4xLn%2B26wQZ5xeqF15PlrgnyuPWdKtB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e409258926-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Lakshman%20Delpechitra.jpg
200 OK 18 kB URL HTTP/2 263cdn.com/upload/Lakshman%20Delpechitra.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 82675adbd17ad5f9bdcf0495a92aeb62
85dc4e8c56bc6da1218af543e1bb155abb917781
731f10138f2853bd4210707c74f1013d292b973087ef57fed513600e01915626
GET /upload/Lakshman%20Delpechitra.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: image/jpeg
content-length: 17694
x-guploader-uploadid: ADPycdvLSCzxNRh-3yh3zmEdMNjO-R5clMkXY4jRxSPESSS0xL3Q9gT_CIXPORqpsSlaKZ6wo5T3fffAYuJwNHkCSgugKu-b1nFU
expires: Thu, 01 Dec 2022 19:58:40 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:46:48 GMT
etag: "82675adbd17ad5f9bdcf0495a92aeb62"
x-goog-generation: 1655329607991364
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 17694
x-goog-hash: crc32c=J4Wr8w==, md5=gmda29F61fm9zwSVqSrrYg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1906
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FVh7jCuiMwgslm1nARIxwxNUEJRyz3dLu4Np11Q5mBI9gecjFMZ9ZIT1Eh5dq1MGuJ04l7TJLD1F4VX0owGJHqTZSJgs2HNKrXJlmYqJS%2BDiDnopETh6sjjjAoHm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e409288926-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Nirmal%20N.%20K.jpg
200 OK 7.9 kB URL HTTP/2 263cdn.com/upload/Nirmal%20N.%20K.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash 04c48f5eab9f24d0ce5706ed21dbbc04
32b6411ac6a93b67822422ad7526cba37c7abf05
f38b01e0efd279e87ac41b08860ee0a644437cfc47818843b41e39ef55b36565
GET /upload/Nirmal%20N.%20K.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: image/jpeg
content-length: 7913
x-guploader-uploadid: ADPycdvDRAj3QMlm8PcDq332LB60j7I5mykcwANqAdW7QrMfknSYiHJw7I7Tsp1TAr8IHo9UR6uI7FF7t4BeEP_ETFLfweAvSKZm
expires: Thu, 01 Dec 2022 20:02:55 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:47:05 GMT
etag: "04c48f5eab9f24d0ce5706ed21dbbc04"
x-goog-generation: 1655329625102087
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7913
x-goog-hash: crc32c=hIv6mw==, md5=BMSPXqufJNDOVwbtIdu8BA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1906
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Od%2Be8G9OTYQQt9D4MP%2BexYZd7N3LvTZRlm9mck%2Fw0JUgPl8QhBL7fvZxlN7G09uGLJYq0tR51FDQpEl%2FTR7Lfpc4OMStmaljNCDWP4kMYaHJiR%2FjeKG3a%2Fh2nbmt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e459cc8926-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Sandra%20Becerra%20Gonzalez.jpg
200 OK 15 kB URL HTTP/2 263cdn.com/upload/Sandra%20Becerra%20Gonzalez.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 8f181f5f7a9e7ad30df02ecdc97c5380
f607456a86d2705893e91ef577818344e02ea53c
80c9d8b86613f109fc438d137af52f56d1ecd60282631fbf1baa791933cd9879
GET /upload/Sandra%20Becerra%20Gonzalez.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: image/jpeg
content-length: 14577
x-guploader-uploadid: ADPycdtKmV0QYJzc9O3pXkrdZvh-ZiTYKlxMwzZH49G9g0yQ7ceerEoZa_RTLvcwerVoDyYvcydcxTiYIFlxS0HBPIHQ
expires: Thu, 01 Dec 2022 20:02:55 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:47:33 GMT
etag: "8f181f5f7a9e7ad30df02ecdc97c5380"
x-goog-generation: 1655329653007008
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 14577
x-goog-hash: crc32c=jTnv7Q==, md5=jxgfX3qeetMN8C7NyXxTgA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1906
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2EAK5%2BrL9nyYQugvCOEyszGM98W9Z08CtXSppX77kaEA2XBv0SUIXPVmov8aYOKCfkfOiFGkrRe0ULlddNcH9xdM7Cz3HSTYOHatOPitf6AUEv8CjuHn%2BhNNGm4T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e459df8926-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Nethmi%20Bagya.jpg
200 OK 18 kB URL HTTP/2 263cdn.com/upload/Nethmi%20Bagya.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 5069d4643386097f12663e4030588ca9
f420b5fca4c2d9b0d9322823aa68b47031c29269
1132b432519ffcbeee529075d13225fa5800bfbc78fa8121f3b2f0d7f93b771f
GET /upload/Nethmi%20Bagya.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: image/jpeg
content-length: 17580
x-guploader-uploadid: ADPycdvoYZpNoobfhQAgRDKN5KDqMaMJGTreLHZI8YLHyWPYghCnFUwuC7i_RPDk6_pH6ewH3zTR8caIEvIm3JpZZ28-ld9brJjM
expires: Thu, 01 Dec 2022 20:02:55 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:47:04 GMT
etag: "5069d4643386097f12663e4030588ca9"
x-goog-generation: 1655329624398100
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 17580
x-goog-hash: crc32c=txNVsQ==, md5=UGnUZDOGCX8SZj5AMFiMqQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 2524
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rbh5dc3J5NX%2FQuqATHr%2BIBZ51xn6iVqP6dkhgyV55La7T9C8%2BeCavf5xhuJxm2Gj6Hc60gd0KBVGclYSRGro2OEargaIutfMYQLIsg56yMjUlLUHVrvVhxCaacmf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e459e48926-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Augusto%20Cano%20Rios.jpg
200 OK 18 kB URL HTTP/2 263cdn.com/upload/Augusto%20Cano%20Rios.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 200x199, components 3\012- data
Hash 71d4f6e9330f075780b4f85b52174f3c
0551b08448b4b009611e75899e5223b51e51ac90
224965aa08705fbd324d308d6cdcffa21a4d3be4b1bf18ce65d9bae07ab6df6a
GET /upload/Augusto%20Cano%20Rios.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: image/jpeg
content-length: 18487
x-guploader-uploadid: ADPycdsTqyitlv6KY-_puXwUm-H_wGYtUhQxnJCKK4nBcZua_5v_bPIzEh27vIopkgyN8gkuTVmu8Q_zDGeMLiBSTak_8Q
expires: Thu, 01 Dec 2022 20:03:01 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:45:36 GMT
etag: "71d4f6e9330f075780b4f85b52174f3c"
x-goog-generation: 1655329536330744
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 18487
x-goog-hash: crc32c=rAMxbA==, md5=cdT26TMPB1eAtPhbUhdPPA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1906
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d4%2F72r7GFosf6qfZlDAHmEj7zrLZjG8bt3W736%2FDyNQKSC5FyeWnXwiCAj8S6RgqjVfLsUyhL5ARSbXGSEB1%2FIo7gsADXOq8OKswEm4whcn%2Fz%2BHdSHrJg4A7zfZ%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e47a128926-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash e68ba8d70e4d126e4cb1d9ca9f9a9ea8
e9668628f5d3ca65b3639ef9a96728744a4a0b88
0d6783a242414471c8015fab158a5bead0dd30e2190e371f3d3f24d6f4d9efe6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "0D6783A242414471C8015FAB158A5BEAD0DD30E2190E371F3D3F24D6F4D9EFE6"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2922
Expires: Thu, 01 Dec 2022 21:10:25 GMT
Date: Thu, 01 Dec 2022 20:21:43 GMT
Connection: keep-alive
263cdn.com/upload/Crystal%20Chu.jpg
200 OK 43 kB URL HTTP/2 263cdn.com/upload/Crystal%20Chu.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash 21cde227b776e55442b2a560934c9b0d
df0e96f5d66f78e5bf2f7c24a209ad34411bfdac
799d00b2c7b9a4bf8691fe8a53d5916f5022458cb0c128f1433bbc434ffda1ea
GET /upload/Crystal%20Chu.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: image/jpeg
content-length: 42695
x-guploader-uploadid: ADPycdvkJFMPS_Cf1cqJi9LDdHcTsYPed-G7CC44UCLk6wit3G0Qf8fwBWskJwQoRLJVEPrC-jCd9WVY7wkv9GhDg9LVI88iUTzr
x-goog-generation: 1655329564575992
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 42695
x-goog-hash: crc32c=fc8jLQ==, md5=Ic3iJ7d25VRCsqVgk0ybDQ==
x-goog-storage-class: STANDARD
expires: Thu, 01 Dec 2022 20:02:55 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:46:04 GMT
etag: "21cde227b776e55442b2a560934c9b0d"
cf-cache-status: HIT
age: 1906
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LJSzTBZvxPKL2QIb%2BpmvWAb3jY7qg3PnvJD71dvNMTvADiQh1Etk4dJHV8SFsz4bOPLfHz2%2F3koQujjawlh1gKTpfTZ1EZH81nHax%2BMzOYkG1QSFaXGpbC8DuWdd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e459e18926-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash dd23da2808ae8aa86b91400946d25876
42f33a327a1e47ca49dddff6997c5ef782ec82ae
041096a10c64c40fd34d9e37fbd2e1ac629de0580e4977c28729bc8809636a22
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "041096A10C64C40FD34D9E37FBD2E1AC629DE0580E4977C28729BC8809636A22"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19782
Expires: Fri, 02 Dec 2022 01:51:25 GMT
Date: Thu, 01 Dec 2022 20:21:43 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uriz5Z/IF+8FmBA3k8TF4g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8BwvIabCqNULe38RfD7xcTjKRyk=
ocsp.globalsign.com/gsrsaovsslca2018
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP
Hash 61aaa9c113389727a15c3d4b9832c993
b8327e4bfdf09cd0679599af397c6f6ddd24b3cd
c485c7350b2ac4544c1c6f5497c5d49acd43b987c1475f370ad5a8f4e2b2e530
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 20:21:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Mon, 05 Dec 2022 18:48:02 GMT
ETag: "b8327e4bfdf09cd0679599af397c6f6ddd24b3cd"
Last-Modified: Thu, 01 Dec 2022 18:48:03 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1027
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 772e87e73851b521-OSL
ocsp.globalsign.com/gsrsaovsslca2018
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP
Hash 61aaa9c113389727a15c3d4b9832c993
b8327e4bfdf09cd0679599af397c6f6ddd24b3cd
c485c7350b2ac4544c1c6f5497c5d49acd43b987c1475f370ad5a8f4e2b2e530
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 20:21:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Mon, 05 Dec 2022 18:48:02 GMT
ETag: "b8327e4bfdf09cd0679599af397c6f6ddd24b3cd"
Last-Modified: Thu, 01 Dec 2022 18:48:03 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1027
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 772e87e73a98b503-OSL
region1.google-analytics.com/g/collect?v=2&tid=G-RPLJF0GXVQ>m=2oebu0&_p=56389015&cid=248479911.1669926102&ul=en-us&sr=1280x1024&_s=1&sid=1669926102&sct=1&seg=0&dl=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506&dr=http%3A%2F%2Fgoldlash.cn%2F&dt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-RPLJF0GXVQ>m=2oebu0&_p=56389015&cid=248479911.1669926102&ul=en-us&sr=1280x1024&_s=1&sid=1669926102&sct=1&seg=0&dl=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506&dr=http%3A%2F%2Fgoldlash.cn%2F&dt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-RPLJF0GXVQ>m=2oebu0&_p=56389015&cid=248479911.1669926102&ul=en-us&sr=1280x1024&_s=1&sid=1669926102&sct=1&seg=0&dl=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506&dr=http%3A%2F%2Fgoldlash.cn%2F&dt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://voicelevel.top
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://voicelevel.top
date: Thu, 01 Dec 2022 20:21:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-LW7434MYMN>m=2oebu0&_p=56389015&cid=248479911.1669926102&ul=en-us&sr=1280x1024&_s=1&sid=1669926102&sct=1&seg=0&dl=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506&dr=http%3A%2F%2Fgoldlash.cn%2F&dt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A&en=page_view&_fv=1&_ss=1&_ee=1
204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-LW7434MYMN>m=2oebu0&_p=56389015&cid=248479911.1669926102&ul=en-us&sr=1280x1024&_s=1&sid=1669926102&sct=1&seg=0&dl=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506&dr=http%3A%2F%2Fgoldlash.cn%2F&dt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A&en=page_view&_fv=1&_ss=1&_ee=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-LW7434MYMN>m=2oebu0&_p=56389015&cid=248479911.1669926102&ul=en-us&sr=1280x1024&_s=1&sid=1669926102&sct=1&seg=0&dl=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506&dr=http%3A%2F%2Fgoldlash.cn%2F&dt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://voicelevel.top
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: https://voicelevel.top
date: Thu, 01 Dec 2022 20:21:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-0C230YDF7G>m=2oebu0&_p=56389015&cid=248479911.1669926102&ul=en-us&sr=1280x1024&_s=1&sid=1669926102&sct=1&seg=0&dl=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506&dr=http%3A%2F%2Fgoldlash.cn%2F&dt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A&en=page_view&_fv=1&_ss=1&_ee=1
204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-0C230YDF7G>m=2oebu0&_p=56389015&cid=248479911.1669926102&ul=en-us&sr=1280x1024&_s=1&sid=1669926102&sct=1&seg=0&dl=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506&dr=http%3A%2F%2Fgoldlash.cn%2F&dt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A&en=page_view&_fv=1&_ss=1&_ee=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-0C230YDF7G>m=2oebu0&_p=56389015&cid=248479911.1669926102&ul=en-us&sr=1280x1024&_s=1&sid=1669926102&sct=1&seg=0&dl=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506&dr=http%3A%2F%2Fgoldlash.cn%2F&dt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://voicelevel.top
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: https://voicelevel.top
date: Thu, 01 Dec 2022 20:21:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18884
Expires: Fri, 02 Dec 2022 01:36:29 GMT
Date: Thu, 01 Dec 2022 20:21:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18884
Expires: Fri, 02 Dec 2022 01:36:29 GMT
Date: Thu, 01 Dec 2022 20:21:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18884
Expires: Fri, 02 Dec 2022 01:36:29 GMT
Date: Thu, 01 Dec 2022 20:21:45 GMT
Connection: keep-alive
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
200 OK 25 kB URL HTTP/2 cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
IP
File type ASCII text, with very long lines (63188), with CRLF line terminators
Hash ba202b111b36573a4b9398f8fdff23cb
72330586f9dc022edd0abc9cdd4dfebe9a696bfc
e50d9d8dbfdfce995f946d2603610e2f7641dc2a6add2b9068a283058227ab20
GET /npm/bootstrap@4.6.0/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdtaXO8Pt4mYxS4tkg36SiMjVR6jjL7hB9EkK5aPNXJ0rrhhBXOw5gRmhJXZ1IYlvDk2NYpvsCE76nxT_QCLJq2KEg
x-goog-generation: 1647502614200576
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 63473
x-goog-hash: crc32c=x2l+AA==, md5=yZIw0ldTgNf5X/YmYG0kJg==
x-goog-storage-class: STANDARD
expires: Thu, 01 Dec 2022 21:06:26 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:36:54 GMT
etag: W/"c99230d2575380d7f95ff626606d2426"
cf-cache-status: HIT
age: 446
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5d1%2By1gqxKjP6uLxDgUWWi29DO%2FkD3m57k1AIQ2dckCTfVgGLwH5nXMIImuE%2BYy9XSPCUAm%2FkXS%2FOFcDFCtLs87HGZ%2FMLsPRQuXc%2F9n0wpO2XmQoETS426p0q%2BjKAdIFL1A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e23b23d178-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 820cf89fcab8380adff42982c9fb11ed
84241ddddbbfd7de30118307fb1a62800d0a4cb3
0d051495f06ac84de934283b40cbfee7a042d32153a73486dd7c017430e882d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12898
x-amzn-requestid: 9b594c3c-6b8c-4589-8fcb-b3d7518b46f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cQZBNFxToAMF_9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63833ba1-767f510d72eef86d0cc892df;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 10:27:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gsn5uUFEzDZDOMPTvW9UQxtccvRfJKUM4eJ8U99jvUGzNIKkF9SzeA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:49:20 GMT
age: 81145
etag: "84241ddddbbfd7de30118307fb1a62800d0a4cb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
200 OK 30 kB URL HTTP/2 cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
IP
File type ASCII text, with very long lines (65321), with CRLF line terminators
Hash fe5d02fef1827588b02919f2de307adb
21ef1143897d40ef909d2e6040d64cc436c261f6
4e46e25fc253b62169adf35868bf3b8cc1fe6ec8371bc63cf4d786ac8ccd36f1
GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: text/css
x-guploader-uploadid: ADPycdv7kv7cza5rB6NKcfu3OF6h0QG0KUb6y2IsWxw9rQV3Hfk7c1SOZ9hygJnwpBpuObJusH4eBfPNsQKZEO4luud5Ew
x-goog-generation: 1647502692716912
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 161415
x-goog-hash: crc32c=Sb/HMQ==, md5=/roNB2Bge54hOTFWlJr82Q==
x-goog-storage-class: STANDARD
expires: Thu, 01 Dec 2022 20:42:40 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:38:12 GMT
etag: W/"feba0d0760607b9e21393156949afcd9"
age: 434
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ODRBZihji%2F41l8ZuhOFlYPAq%2BVMXg1cnaCPlOM5%2BMXjQ1g0Zn12NsQ9VEkNKuXFFKs48Pkt%2BUUs6ocdhGzwIvmZIQrNN9VmkTONiT%2FsxodSiK7uvI0E87vAX0H9HJ%2BqtQMg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e23b30d178-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: 4823cf63-98eb-40d3-bb8b-e09cd2262f36
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7SqHjYIAMF8xw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c10-316b213c33ce9bc2355c0900;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tK4wl-g5kcUhVFE3iZGILhZhZSsaMzQD9JTBHj1JXV95yXs_e3gMGw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 12:31:43 GMT
age: 28202
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 328ce221bcf3442f88d09373193ff594
63bfa2ea925aa2c188c664a7bf7af7b0e5417e60
21d5b5ec267430dba91b17f89a557aca5cd2a21535da18eb02ec69ed0e1b7371
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13411
x-amzn-requestid: 17fcc4e1-76c1-4eca-9235-c1a513bca24a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz80FCQoAMFs1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-26da4f265d74215f31425eb9;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MttRByNp1C1ZeFFicFVa0w3XRyXJnUycPy2Izk8hzGEgXGdDqD3L3A==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:48:17 GMT
age: 81208
etag: "63bfa2ea925aa2c188c664a7bf7af7b0e5417e60"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 9d34c42b-ba0c-498f-8f99-d4ab527ffa89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbzMdHXNIAMFgaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cbe9-376846f31dc9b995797cbd18;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:32:25 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DngCuOTO9fQAwWe_ip6EtBcgruigZN6Bl1_v5BHM2dsWlhqCXCL3gg==
via: 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:45:33 GMT
age: 81372
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?8b68846a3ac1709b0ec7199084ee5ea8
200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?8b68846a3ac1709b0ec7199084ee5ea8
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (620)
Hash 486ea0dd8b3a5ecf576a5b49b1ebab3c
86027c22d21ea83af3e92ff8c097fbe99621b18a
4a31017bb05750be8051c5b13e60ff693d67b2a7b4602e6ef0d5b389e2becad3
GET /hm.js?8b68846a3ac1709b0ec7199084ee5ea8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Thu, 01 Dec 2022 20:21:44 GMT
Etag: f8bc7d4e3cc3d3880607b6673f3e003a
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=744E9FF8444728CB; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?9e84975b629767c58a8becc81600bb23
200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?9e84975b629767c58a8becc81600bb23
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (669)
Hash 886caa2ca803be897ea04047abde0253
c9bab9cea80ef5d8fbd69e7134850d48abde033f
9bc61ed8af59a0883f78144026ebc708e160ddf5cb93caa51c6978722a9803ab
GET /hm.js?9e84975b629767c58a8becc81600bb23 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11307
Content-Type: application/javascript
Date: Thu, 01 Dec 2022 20:21:44 GMT
Etag: 95a7f6cb5b418dec35322db3b8c2f0ae
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=EE5A9B3B38AAD142; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?ba99808308e7272d58c43367a11d1204
200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?ba99808308e7272d58c43367a11d1204
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (629)
Hash 030bd5c45e1d2514d87f13b92a2825b3
93cb3f6ab27ca49e60814ee65fbdcfcaff1e3c24
947d8ad69a769503211034cffdbd44beb553a757de64074d04c82d81cb239387
GET /hm.js?ba99808308e7272d58c43367a11d1204 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11267
Content-Type: application/javascript
Date: Thu, 01 Dec 2022 20:21:44 GMT
Etag: 941642a080a1c3026e0053d0c4a65fd3
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=03FABE8A936879FD; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?096ce7f9ec232d262a08abcc22581c99
200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?096ce7f9ec232d262a08abcc22581c99
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (663)
Hash 6a6a0dd866c97c9cce3d70768d2deb33
33c10a97c34ce60c233bf8fd253e43e14bf9a962
e5cb5fd12de08e51ee6d12d817ccb8ed6c3e6ff0611d9ef396fef2c7c91cb5ff
GET /hm.js?096ce7f9ec232d262a08abcc22581c99 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11301
Content-Type: application/javascript
Date: Thu, 01 Dec 2022 20:21:44 GMT
Etag: df78617c65567829672339da74165144
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=D1F14BE53530974A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=413358742&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Fgoldlash.cn%2F&v=1.3.0&lv=1&sn=28769&r=0&ww=1152&u=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506%231669926102559&tt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A
200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=413358742&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Fgoldlash.cn%2F&v=1.3.0&lv=1&sn=28769&r=0&ww=1152&u=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506%231669926102559&tt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=413358742&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Fgoldlash.cn%2F&v=1.3.0&lv=1&sn=28769&r=0&ww=1152&u=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506%231669926102559&tt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 01 Dec 2022 20:21:45 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=A32BF026E0F6DD8B; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=85790600&si=9e84975b629767c58a8becc81600bb23&su=http%3A%2F%2Fgoldlash.cn%2F&v=1.3.0&lv=1&sn=28769&r=0&ww=1152&u=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506%231669926102559&tt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A
200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=85790600&si=9e84975b629767c58a8becc81600bb23&su=http%3A%2F%2Fgoldlash.cn%2F&v=1.3.0&lv=1&sn=28769&r=0&ww=1152&u=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506%231669926102559&tt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=85790600&si=9e84975b629767c58a8becc81600bb23&su=http%3A%2F%2Fgoldlash.cn%2F&v=1.3.0&lv=1&sn=28769&r=0&ww=1152&u=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506%231669926102559&tt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 01 Dec 2022 20:21:45 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=ED4FE0DFA98B413E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=1008751540&si=096ce7f9ec232d262a08abcc22581c99&su=http%3A%2F%2Fgoldlash.cn%2F&v=1.3.0&lv=1&sn=28769&r=0&ww=1152&u=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506%231669926102559&tt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A
200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=1008751540&si=096ce7f9ec232d262a08abcc22581c99&su=http%3A%2F%2Fgoldlash.cn%2F&v=1.3.0&lv=1&sn=28769&r=0&ww=1152&u=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506%231669926102559&tt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=1008751540&si=096ce7f9ec232d262a08abcc22581c99&su=http%3A%2F%2Fgoldlash.cn%2F&v=1.3.0&lv=1&sn=28769&r=0&ww=1152&u=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506%231669926102559&tt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 01 Dec 2022 20:21:45 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=F31A6E0F6D2A5DCE; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=961221245&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Fgoldlash.cn%2F&v=1.3.0&lv=1&sn=28769&r=0&ww=1152&u=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506%231669926102559&tt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A
200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=961221245&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Fgoldlash.cn%2F&v=1.3.0&lv=1&sn=28769&r=0&ww=1152&u=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506%231669926102559&tt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=961221245&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Fgoldlash.cn%2F&v=1.3.0&lv=1&sn=28769&r=0&ww=1152&u=https%3A%2F%2Fvoicelevel.top%2FQqoO3WkX%2Fassai-qf%2F%3F_t%3D1669926101506%231669926102559&tt=%F0%9F%8E%89%F0%9F%9B%92%EF%B8%8FAssa%C3%AD%20Atacadista%2048th%20Anniversary%20Shopping%20Allowance!%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 01 Dec 2022 20:21:45 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=4587AC31ECCB1710; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=166992610370935&xtt=8738007
200 OK 0 B URL HTTP/2 uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=166992610370935&xtt=8738007
IP
ASN #201702 skHosting.eu s.r.o.
GET /bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=166992610370935&xtt=8738007 HTTP/1.1
Host: uprimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 01 Dec 2022 20:21:43 GMT
last-modified: Thu, 01 Dec 2022 20:21:43 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2
bonepa.com/4fe48aebd6/4f59451604/?placementName=Banner&is_first=true&randomA=0_6578&maxw=0
200 OK 0 B URL HTTP/2 bonepa.com/4fe48aebd6/4f59451604/?placementName=Banner&is_first=true&randomA=0_6578&maxw=0
IP
ASN #201702 skHosting.eu s.r.o.
GET /4fe48aebd6/4f59451604/?placementName=Banner&is_first=true&randomA=0_6578&maxw=0 HTTP/1.1
Host: bonepa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 20:21:45 GMT
content-type: text/html; charset=UTF-8
set-cookie: shown1=0; expires=Fri, 02-Dec-2022 20:21:45 GMT; Max-Age=86400; secure; SameSite=None
used_ad2633398=1; expires=Fri, 02-Dec-2022 04:59:59 GMT; Max-Age=31094; path=/; secure; SameSite=None
total_impressions=1; expires=Fri, 02-Dec-2022 04:59:59 GMT; Max-Age=31094; secure; SameSite=None
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex,nofollow
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
IP
GET /npm/jquery@3.6.0/dist/jquery.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdvCxHltiuPjHL-zbbsBVwle0-vgYS2_pOmv1wzzQZrGSBqUE4vr5WQ_17FuwcGb_O0Ved79CT2MXZTd7QgSd4c
expires: Thu, 01 Dec 2022 20:48:14 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:30:17 GMT
etag: W/"3e4bb227fb55271bfe9c9d4a09147bd8"
x-goog-generation: 1647502217775195
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 89501
x-goog-hash: crc32c=JnXAUA==, md5=PkuyJ/tVJxv+nJ1KCRR72A==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 387
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2t%2BEPJZmrUxBAMayLFr3LApdZX57K%2BdjbIhFDcdNukCV26xIIYChQlXRZ6gNWZoW9qsGghsS1n6cFoVZDrtA%2FZOcpalDDlv6GhLFxPErmb9MDpDhTZbgAY%2BiBXfzYNJgTb0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e21acad178-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
1.bp.blogspot.com/-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png
200 OK 0 B URL HTTP/2 1.bp.blogspot.com/-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png
IP
GET /-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Norway_outbox.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 180954
x-xss-protection: 0
date: Thu, 01 Dec 2022 18:38:22 GMT
expires: Sun, 06 Nov 2022 03:07:16 GMT
cache-control: public, max-age=86400, no-transform
age: 6201
etag: "v632"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js
200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js
IP
GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycds3YdIz1R1UN767siseN3QRg96xNyUpzXvJk9EJOVC4B_FNuk3QzAPM9M4PK3JBDjbzDnKqTH3BKTa3eeZtxS7M9edjuqUj
x-goog-generation: 1647503084523089
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 21236
x-goog-hash: crc32c=7cW0Gg==, md5=MciYxtLqE8MEQWV/8ZANgQ==
x-goog-storage-class: STANDARD
expires: Thu, 01 Dec 2022 20:31:08 GMT
cache-control: public, max-age=3600
age: 2962
last-modified: Thu, 17 Mar 2022 07:44:44 GMT
etag: W/"31c898c6d2ea13c30441657ff1900d81"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zVTSwQwNGbKRXqvx7VJJGKKaw55UHfgc4Bpj7kvHYQcoWHA5q24ufCLJ7pfGGNjQdQpj%2BusiHRMXPdYglvmttxPFvvMrJpvUCAZuPd%2FtMfy5ysBhAA2RtzfGo%2FOVLUDjYH0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e26b8cd178-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js
200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js
IP
GET /npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdveolyrLmPsOpTOe4R8xrc9XLzOm4WE6kDIQQ-Bffr1CkxSQNEa8J0yEWTsx8MoMM6ntSWdKYv4h0j_eGf8uii0qkm1aglD
x-goog-generation: 1647502839791727
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 72765
x-goog-hash: crc32c=8ZRUYw==, md5=gJJLYuWzrHOqSEl3a0OXcA==
x-goog-storage-class: STANDARD
expires: Thu, 01 Dec 2022 21:08:53 GMT
cache-control: public, max-age=3600
age: 711
last-modified: Thu, 17 Mar 2022 07:40:39 GMT
etag: W/"80924b62e5b3ac73aa4849776b439770"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uzSKMZ3ek%2F38H48TKucTXfMnJXF8AglAoh2TxcIhq8ApxNjjzpPqwT%2FmnhvabS%2BsoT4yGDijQ5RxxoU1KMOA%2FEjZMJoFWWorm2wRSeJSFWqAYyu%2Fvi%2BltpO6tNoIsSVmYwE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e26b97d178-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/sr.css
200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/sr.css
IP
GET /npm/bootstrap@4.6.0/dist/css/sr.css HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: text/css
x-guploader-uploadid: ADPycds8u10LlUCJlXt-7Gws2fOPL6s9U0PlfArGImy9sRxFBvIseU1vgER1qhk_eq8PLoDo1itXXU4WoxF4lIRSkfEHcg
expires: Thu, 01 Dec 2022 20:26:31 GMT
cache-control: public, max-age=3600
last-modified: Fri, 22 Apr 2022 09:51:08 GMT
etag: W/"75710b7c7ae0013c5cda99a0053ec3d9"
x-goog-generation: 1650621068399108
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 20647
x-goog-hash: crc32c=3qMyMQ==, md5=dXELfHrgATxc2pmgBT7D2Q==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3022
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ul3pYP2wcV0ZsAh68hOGI9LD%2Ben7Xc%2FFZHISavs2UCun%2BGf9Kj64KN7T9daHYOUBfRhVR5EvNhmzV%2FqJYV5WCGm7P32HI4ToWJGImX9QAeruXG1C4PPcAbj5yoMoz1U8Axg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e21ad0d178-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
200 OK 0 B URL HTTP/2 uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
IP
ASN #201702 skHosting.eu s.r.o.
GET /bnr.php?section=General&pub=593174&format=300x50&ga=g HTTP/1.1
Host: uprimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: application/javascript
expires: Thu, 01 Dec 2022 20:21:43 GMT
last-modified: Thu, 01 Dec 2022 20:21:43 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/lazyload.min.js
200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/lazyload.min.js
IP
GET /npm/lazyload@2.0.0-rc.2/lazyload.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 20:21:43 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycduIPxBxn9HV1RvlxQW5n8gWMNt2gH6LJACR5zSppFALBLzrzJxa_8ctHWVRnxFIChP9qRRTmrjDnfJ9VGLfuaiuefHrtsZR
x-goog-generation: 1647502963816044
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 4798
x-goog-hash: crc32c=lted8w==, md5=3G3pgTxxS6mXM8pPtdOh+g==
x-goog-storage-class: STANDARD
expires: Thu, 01 Dec 2022 20:49:05 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:42:43 GMT
etag: W/"dc6de9813c714ba99733ca4fb5d3a1fa"
age: 1322
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wH%2Bvlukv3Xmyqa7q5mi3WXFm9V9ngl%2FnqCxquTDOP%2FcesXtaJVenF9hE5yqtueuD8YNnzKcbZYEnB9LtI5fdm3tS%2Ftq%2Fg8ZyrwKuuJAqjup0xgYlvT1EbxipfWeQoue0PWU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772e87e24b4fd178-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
172.67.158.76
185.66.201.42
23.36.76.226
93.184.220.29
104.18.21.226
103.235.46.191