s7.converto.io/en52/download-redirect/?id=5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo
5.61.51.21200 OK 1.8 kB URL HTTP/1.1 s7.converto.io/en52/download-redirect/?id=5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo
IP 5.61.51.21:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 0adaff150280c50fc682bd508c36a3af
b1fdb78bbc2e34ca1bcb67af1f55e6ed5c51dff5
371a974806619b124068a6c2e8dfe7e01695c9096e28ea7b2f1ff1b8347ab344
GET /en52/download-redirect/?id=5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo HTTP/1.1
Host: s7.converto.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 07 Oct 2022 00:51:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: lang=en; expires=Sun, 06-Nov-2022 00:51:21 GMT; Max-Age=2592000; path=/; domain=.converto.io
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/
54.230.111.118200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.118:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: XcGgFbz9Nh2Hm7KFa3k7sUQWdIJ9LB87LcyIrfiwYfa911aDq_9YPw==
Age: 119044
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 282f6e1328452c1cb41f6a6272fff757
20b9ff1b5f4f81b645769bd4b4cf7bf7dfc16262
6a8070ebe51259cb11db68cca2c81f3c7408fad481d8c14cc1c38912442c63f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A8070EBE51259CB11DB68CCA2C81F3C7408FAD481D8C14CC1C38912442C63F4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2875
Expires: Fri, 07 Oct 2022 01:39:17 GMT
Date: Fri, 07 Oct 2022 00:51:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 94a09d62ab3057cda67a091c8d7478f5
b1c9d223a951d0bc9f17c9f3b84501266a552b58
582364f9f6014520c269f1f794e7c34027bd2697b53e5d02fad43e74a735e471
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "582364F9F6014520C269F1F794E7C34027BD2697B53E5D02FAD43E74A735E471"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2723
Expires: Fri, 07 Oct 2022 01:36:45 GMT
Date: Fri, 07 Oct 2022 00:51:22 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 7xjX+5C5VGCwjNcUg+yFxnet9RVYQYvPrbP1roBh1j1q97Lzp9LGmt13E6y7HPyZZ5lNCHemyLA=
x-amz-request-id: 185PDJTHCDGA6886
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 06 Oct 2022 23:58:57 GMT
age: 3145
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:22 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
s7.converto.io/js/api.1.3.0.js
5.61.51.21200 OK 2.3 kB URL HTTP/1.1 s7.converto.io/js/api.1.3.0.js
IP 5.61.51.21:0
Hash 0eedf14e35f6d4c21c6af1ace5ddf914
5043d529d680f9f569da8606f4c842b6cec3c29e
a882ff23745dc9316326a6d3bf2d76c3d634f350b5893477a34e2b75ae392c9e
GET /js/api.1.3.0.js HTTP/1.1
Host: s7.converto.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s7.converto.io/en52/download-redirect/?id=5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo
Cookie: lang=en
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 07 Oct 2022 00:51:22 GMT
Content-Type: application/javascript
Content-Length: 2339
Last-Modified: Thu, 12 Sep 2019 11:06:12 GMT
Connection: keep-alive
ETag: "5d7a26a4-923"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 18e0e019cd697bb16806d8f00408a319
60ceb13c31595e6cf9bb6800657e4593a1fbd670
7cb0778c80be637b67a5d198ca180a76bbfa4c32e502a0fa472a4c6946ffb56e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 00:51:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5eee2baed68ec922370bd283860860fd
7d1e7dfdb9577dcd11587bb162e17c56eaf8e4c4
7931afabb9286276c385564aa73ed67927d31e12ab35eb92da84048a7896f27d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 00:51:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 18e0e019cd697bb16806d8f00408a319
60ceb13c31595e6cf9bb6800657e4593a1fbd670
7cb0778c80be637b67a5d198ca180a76bbfa4c32e502a0fa472a4c6946ffb56e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 00:51:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 18e0e019cd697bb16806d8f00408a319
60ceb13c31595e6cf9bb6800657e4593a1fbd670
7cb0778c80be637b67a5d198ca180a76bbfa4c32e502a0fa472a4c6946ffb56e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 00:51:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s7.converto.io/css/loaders.min.css
5.61.51.21200 OK 41 kB URL HTTP/1.1 s7.converto.io/css/loaders.min.css
IP 5.61.51.21:0
File type ASCII text, with very long lines (41375), with no line terminators
Hash e006df9f756ff5bc3b5073f482828d92
42c36448c01ea5c3ca4a9bab83fd748eb6c45f66
09730beca346fae79427127843da1646cc660eb5020de96dee173dbeb7724f07
GET /css/loaders.min.css HTTP/1.1
Host: s7.converto.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s7.converto.io/en52/download-redirect/?id=5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo
Cookie: lang=en
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 07 Oct 2022 00:51:22 GMT
Content-Type: text/css
Content-Length: 41375
Last-Modified: Thu, 12 Sep 2019 11:06:12 GMT
Connection: keep-alive
ETag: "5d7a26a4-a19f"
Accept-Ranges: bytes
s7.converto.io/css/bootstrap.min.css
5.61.51.21200 OK 121 kB URL HTTP/1.1 s7.converto.io/css/bootstrap.min.css
IP 5.61.51.21:0
File type ASCII text, with very long lines (65371)
Size 121 kB (121260 bytes)
Hash 2f624089c65f12185e79925bc5a7fc42
8eb176c70b9cfa6871b76d6dc98fb526e7e9b3de
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
GET /css/bootstrap.min.css HTTP/1.1
Host: s7.converto.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s7.converto.io/en52/download-redirect/?id=5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo
Cookie: lang=en
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 07 Oct 2022 00:51:22 GMT
Content-Type: text/css
Content-Length: 121260
Last-Modified: Thu, 12 Sep 2019 11:06:12 GMT
Connection: keep-alive
ETag: "5d7a26a4-1d9ac"
Accept-Ranges: bytes
ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
142.250.74.10200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
IP 142.250.74.10:0
File type ASCII text, with very long lines (32038)
Hash 103708790db3586027df27ded660f8ef
d3f58fbe6e02cb4b8b34c6fd510e011cb325bc70
fdba876856bb6c2783df94cacb0f17b53fe33f1907135539272c0127b4270ffe
GET /ajax/libs/jquery/1.11.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s7.converto.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33507
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 18:13:32 GMT
expires: Thu, 05 Oct 2023 18:13:32 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 110270
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s7.converto.io/css/style.1.5.8.css
5.61.51.21200 OK 47 kB URL HTTP/1.1 s7.converto.io/css/style.1.5.8.css
IP 5.61.51.21:0
Hash 350e12eabb3362c5195f6e1ae4a2c145
81be680f93b6a4407fbcf041a2d5a15000549a41
6efb3fff115c8b5d6986c727b28e7f6752bb223acfdaca7d43488712a718495f
GET /css/style.1.5.8.css HTTP/1.1
Host: s7.converto.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s7.converto.io/en52/download-redirect/?id=5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo
Cookie: lang=en
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 07 Oct 2022 00:51:22 GMT
Content-Type: text/css
Content-Length: 47287
Last-Modified: Sun, 08 May 2022 04:04:16 GMT
Connection: keep-alive
ETag: "62774140-b8b7"
Accept-Ranges: bytes
www.googletagmanager.com/gtag/js?id=G-Q3LW902KMS
142.250.74.168200 OK 75 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-Q3LW902KMS
IP 142.250.74.168:0
File type ASCII text, with very long lines (18991)
Hash a27fd96361f0cc3f58697250230928e4
6a7acf02c715ed2a895c17ddc8fa36dc5d07d952
d8ab1e0442bcabbcd6dd41880e865602d324fbfa35b35e797bff546231117bb0
GET /gtag/js?id=G-Q3LW902KMS HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s7.converto.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 07 Oct 2022 00:51:22 GMT
expires: Fri, 07 Oct 2022 00:51:22 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74848
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lalezar
142.250.74.10200 OK 910 B URL HTTP/2 fonts.googleapis.com/css?family=Lalezar
IP 142.250.74.10:0
Hash f6b56b9113580c73f48438c03e9d637a
89438eb2d9ceb5cac3655ca5f70256583684ea68
8885f1247c4439ef54c772b5a7d3a5c69244f5776036816ed2626bbb0ecf567d
GET /css?family=Lalezar HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s7.converto.io/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 07 Oct 2022 00:51:22 GMT
date: Fri, 07 Oct 2022 00:51:22 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 18e0e019cd697bb16806d8f00408a319
60ceb13c31595e6cf9bb6800657e4593a1fbd670
7cb0778c80be637b67a5d198ca180a76bbfa4c32e502a0fa472a4c6946ffb56e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 00:51:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5eee2baed68ec922370bd283860860fd
7d1e7dfdb9577dcd11587bb162e17c56eaf8e4c4
7931afabb9286276c385564aa73ed67927d31e12ab35eb92da84048a7896f27d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 00:51:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s7.converto.io/img/logo.png
5.61.51.21200 OK 2.6 kB URL HTTP/1.1 s7.converto.io/img/logo.png
IP 5.61.51.21:0
File type PNG image data, 435 x 93, 8-bit colormap, non-interlaced\012- data
Hash 0a8f7c1a7af67b64432d1ac4dfe18ede
0cd3c602747dd5463867913339fcb6c49c738d26
5d7eda54af400aefe59351349227d4f26c631057cad1bbf73068327e6f1528b4
GET /img/logo.png HTTP/1.1
Host: s7.converto.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s7.converto.io/css/style.1.5.8.css
Cookie: lang=en
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 07 Oct 2022 00:51:22 GMT
Content-Type: image/png
Content-Length: 2583
Last-Modified: Thu, 12 Sep 2019 11:06:13 GMT
Connection: keep-alive
ETag: "5d7a26a5-a17"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aea480478c3be7392d09e8a92826542f
b660fb42c8122efb07b3d1de1a8907ad1f6e1a60
ee691969e4d61ba3145fe90b28c5051367c223f31c0e0ee001d8481035090760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 00:51:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aea480478c3be7392d09e8a92826542f
b660fb42c8122efb07b3d1de1a8907ad1f6e1a60
ee691969e4d61ba3145fe90b28c5051367c223f31c0e0ee001d8481035090760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 00:51:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://s7.converto.io
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:34:08 GMT
expires: Thu, 05 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 105434
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lalezar/v14/zrfl0HLVx-HwTP82Yaf4Iw.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/lalezar/v14/zrfl0HLVx-HwTP82Yaf4Iw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15424, version 1.0\012- data
Hash 76abdc601dbe84a574db38d77a1728f6
01055fe50df7ab4a21b50fd0adae3e6ffed24ede
a67dd4f99cfe24f05ef19c19950fc448c79653f22aa79ff95c2ab779ed9a6a61
GET /s/lalezar/v14/zrfl0HLVx-HwTP82Yaf4Iw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://s7.converto.io
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15424
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Oct 2022 23:13:15 GMT
expires: Wed, 04 Oct 2023 23:13:15 GMT
cache-control: public, max-age=31536000
age: 178687
last-modified: Tue, 26 Apr 2022 15:45:21 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
besmeargleor.com/400/4873879
139.45.197.236200 OK 31 kB URL HTTP/1.1 besmeargleor.com/400/4873879
IP 139.45.197.236:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 0fede19094fa66b34388f85abec8848c
68a165ab85c88f8455fb404139c978db3f041c50
95f0e405bb1174eecf1b2cac7e8a1d1882f395b268f1192e388e64a9bf420290
Analyzer Verdict Alert quad9 Sinkholed
GET /400/4873879 HTTP/1.1
Host: besmeargleor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s7.converto.io/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 07 Oct 2022 00:51:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 811d1b332dd61f965a6f0a1cb7f6ebd2
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=52494c64cbe540fbaa5e8501ec5a4199; expires=Sat, 07 Oct 2023 00:51:22 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aea480478c3be7392d09e8a92826542f
b660fb42c8122efb07b3d1de1a8907ad1f6e1a60
ee691969e4d61ba3145fe90b28c5051367c223f31c0e0ee001d8481035090760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 00:51:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a9ab062b715ddac45bef491600c90a99
73a952596f3e051c78ab61be77160f5ca9e06161
58cf31cb4c369ac6785c74e79615ab7f5a67eaa6adf518303953f394c212087f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58CF31CB4C369AC6785C74E79615AB7F5A67EAA6ADF518303953F394C212087F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4386
Expires: Fri, 07 Oct 2022 02:04:28 GMT
Date: Fri, 07 Oct 2022 00:51:22 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.118200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.118:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Fri, 07 Oct 2022 00:29:41 GMT
Expires: Fri, 07 Oct 2022 01:08:45 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 6-TwJjfLkSY0-GSoBkb5q0zEmQfW11EynGO8WanlgWGdRDuq2H9oTw==
Age: 1301
s7.converto.io/img/favicons/apple-touch-icon.png
5.61.51.21200 OK 2.6 kB URL HTTP/1.1 s7.converto.io/img/favicons/apple-touch-icon.png
IP 5.61.51.21:0
File type PNG image data, 180 x 180, 8-bit colormap, non-interlaced\012- data
Hash 1cfa7b30cf99b7e4d14a74aad37995dc
4459d06b3ad78cb8a134ed404b29096c258faf88
49f6f0de78ad737e8742e802f22b20ae04c92e5605a74a55ae0cf675dcc30084
GET /img/favicons/apple-touch-icon.png HTTP/1.1
Host: s7.converto.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s7.converto.io/en52/download-redirect/?id=5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo
Cookie: lang=en; _ga_Q3LW902KMS=GS1.1.1665103882.1.0.1665103882.0.0.0; _ga=GA1.1.1699471850.1665103883
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 07 Oct 2022 00:51:22 GMT
Content-Type: image/png
Content-Length: 2579
Last-Modified: Thu, 12 Sep 2019 11:06:13 GMT
Connection: keep-alive
ETag: "5d7a26a5-a13"
Accept-Ranges: bytes
s7.converto.io/img/favicons/favicon-16x16.png
5.61.51.21200 OK 863 B URL HTTP/1.1 s7.converto.io/img/favicons/favicon-16x16.png
IP 5.61.51.21:0
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash 42cb10c98510db95a738c7cc5543edcf
29c4edbe44efe49afb4d7d5bcdf4b6ea58611a39
0ceae2cccff672b00dd8eabd470e6cde5220ab8cb1346154e112c80d7c0604ea
GET /img/favicons/favicon-16x16.png HTTP/1.1
Host: s7.converto.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s7.converto.io/en52/download-redirect/?id=5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo
Cookie: lang=en; _ga_Q3LW902KMS=GS1.1.1665103882.1.0.1665103882.0.0.0; _ga=GA1.1.1699471850.1665103883
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 07 Oct 2022 00:51:22 GMT
Content-Type: image/png
Content-Length: 863
Last-Modified: Thu, 12 Sep 2019 11:06:13 GMT
Connection: keep-alive
ETag: "5d7a26a5-35f"
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5ac31442f61c6fbba0479b5aa7ded58f
63c42442bf9676036255328da9ec1612b20c5355
9ee6b943b43e9cfde84ab4685940f38980448220fad6c43248ce31d961a89169
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9EE6B943B43E9CFDE84AB4685940F38980448220FAD6C43248CE31D961A89169"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4391
Expires: Fri, 07 Oct 2022 02:04:33 GMT
Date: Fri, 07 Oct 2022 00:51:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7fec4ca2d12f880f43c26286774b53a2
229dfff518f6d5c21d5357c86acdfc243477bd3f
d2c1462ff26dd4842f8a795da1c1b5812f230f7fb0ef39055ccc38add3a87a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2C1462FF26DD4842F8A795DA1C1B5812F230F7FB0EF39055CCC38ADD3A87A69"
Last-Modified: Wed, 05 Oct 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11354
Expires: Fri, 07 Oct 2022 04:00:36 GMT
Date: Fri, 07 Oct 2022 00:51:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3ba4559bf5aeec3e613adc2f515238b5
dbe370e4722496695582835cc417d3cde20bcc72
056f5709d2b63ae99de4997e1d53d8b7754f22227b8813e229271e13f3f7466f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "056F5709D2B63AE99DE4997E1D53D8B7754F22227B8813E229271E13F3F7466F"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5217
Expires: Fri, 07 Oct 2022 02:18:19 GMT
Date: Fri, 07 Oct 2022 00:51:22 GMT
Connection: keep-alive
tzegilo.com/stattag.js
104.21.84.149200 OK 12 kB IP 104.21.84.149:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (32771), with no line terminators
Hash c211059c15f906321285cda5e32a95e4
027dd68570d37496a2c45432b266c773ccf4d344
c28e0b23817616fcecf87c38bc4ad7f138d89024846d2f53456900a8090ab626
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s7.converto.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 00:51:22 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 3100
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hqAoisqhnIW81Czl4EBJuTNTtlJjGLoBZ9Vm9bVUcaotecxA0YpffQ6ofzhS678yh6vtlaWswIv5pTOELmTCPydg144VKs588uXLUWqA7Fj4%2FHxuLMdntGwiiUykQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7562a5e2cecfb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5690c00c386c753af6de22646db06434
aa5b0574bf8aa58bc5608d593e7dcba23100b454
741af8ab8cb30aac3a08fe0ae823577cb602c717416f9bcd52cef5b830b5fb0e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 00:51:22 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 18:25:20 GMT
Expires: Thu, 13 Oct 2022 18:25:19 GMT
Etag: "aa5b0574bf8aa58bc5608d593e7dcba23100b454"
Cache-Control: max-age=581036,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7562a5e43d411c02-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8be5570b9a5ca76c580da007a824b029
38840f2ac6476bdd5608121c5653e338c7ad9715
0b94e05080ef85432b1815eb3c6c7594c9613cfde1b51eeabee46d0d9fde64b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4309
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 00:51:22 GMT
Last-Modified: Thu, 06 Oct 2022 23:39:33 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
my.rtmark.net/gid.js?userId=454760241d944e18b5afb68f7dc7fe5d
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=454760241d944e18b5afb68f7dc7fe5d
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 59b4a1023b5a052f3025a34b467d8fa7
f8e6e328df572a1c0f801cd1378d6ed4ec7479a3
3fe21f8497491b4bdd8384445206eac57abf253bf2e51f348e7eddacb81479cf
GET /gid.js?userId=454760241d944e18b5afb68f7dc7fe5d HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://s7.converto.io
Connection: keep-alive
Referer: http://s7.converto.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:22 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://s7.converto.io
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=454760241d944e18b5afb68f7dc7fe5d; expires=Sat, 07 Oct 2023 00:51:22 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
pseepsie.com/zone?pub=0&zone_id=4524294&is_mobile=false&domain=s7.converto.io&var=&ymid=&var_3=
139.45.197.250200 OK 702 B URL HTTP/2 pseepsie.com/zone?pub=0&zone_id=4524294&is_mobile=false&domain=s7.converto.io&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (701)
Hash c2c045be9321d6b09b9806d8af3f9ac7
68170bd060305c5c488b9b3cd9fe947f69633976
a2ce564f07f4e0c2473b36c4b59c21517b6ce3213c68132ff476a9f1911411a1
GET /zone?pub=0&zone_id=4524294&is_mobile=false&domain=s7.converto.io&var=&ymid=&var_3= HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://s7.converto.io/
Origin: http://s7.converto.io
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
content-type: application/json; charset=utf-8
content-length: 702
x-trace-id: fcd8aa133982dcb88a72fa29d007e2dc
access-control-allow-origin: http://s7.converto.io
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
besmeargleor.com/500/4873879?excludes=&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.236200 OK 0 B URL HTTP/1.1 besmeargleor.com/500/4873879?excludes=&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/4873879?excludes=&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: besmeargleor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://s7.converto.io/
Origin: http://s7.converto.io
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 07 Oct 2022 00:51:23 GMT
Content-Length: 0
Connection: keep-alive
Allow: GET, OPTIONS
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://s7.converto.io
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 600
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
onmarshtompor.com/?rb=XaUsIl0QwMB7DZpTACVy6H2WaCmKOnDuUTsHLre99fvpTzWraJ9seLW0R9ZGqZLHN9bh7uMaqS4jJtcAIePcVp3xODY2b_sIp6ac8TQqrCMyWIiaRhgljvMPXGfZSshMifQcviR8N9-oiokKRWF3CQZk2u0v5YERvVbyCDApzKTbMCOA3jhSimIjpsB42SrnqBArBtypmiTiM2EkWokR_fuQSr0%3D&request_ab2=0&zoneid=4524295&js_build=iclick-v1.433.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.433.0&bs=deee2c79-6cb1-48e7-8cbd-29b9691903ed&userId=454760241d944e18b5afb68f7dc7fe5d&m=link
139.45.197.243200 OK 1.8 kB URL HTTP/1.1 onmarshtompor.com/?rb=XaUsIl0QwMB7DZpTACVy6H2WaCmKOnDuUTsHLre99fvpTzWraJ9seLW0R9ZGqZLHN9bh7uMaqS4jJtcAIePcVp3xODY2b_sIp6ac8TQqrCMyWIiaRhgljvMPXGfZSshMifQcviR8N9-oiokKRWF3CQZk2u0v5YERvVbyCDApzKTbMCOA3jhSimIjpsB42SrnqBArBtypmiTiM2EkWokR_fuQSr0%3D&request_ab2=0&zoneid=4524295&js_build=iclick-v1.433.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.433.0&bs=deee2c79-6cb1-48e7-8cbd-29b9691903ed&userId=454760241d944e18b5afb68f7dc7fe5d&m=link
IP 139.45.197.243:0
File type JSON data\012- , ASCII text, with very long lines (2324), with no line terminators
Hash 97a555c4a1aa54c6e0566b552e3f8ae7
4f8b385e4ab98230d16c36f4fa1658f328f59dba
812b1bd18d656360869b9619581afbae2ff0a26c1a5a50cc4ba3b8a4e0f60a58
GET /?rb=XaUsIl0QwMB7DZpTACVy6H2WaCmKOnDuUTsHLre99fvpTzWraJ9seLW0R9ZGqZLHN9bh7uMaqS4jJtcAIePcVp3xODY2b_sIp6ac8TQqrCMyWIiaRhgljvMPXGfZSshMifQcviR8N9-oiokKRWF3CQZk2u0v5YERvVbyCDApzKTbMCOA3jhSimIjpsB42SrnqBArBtypmiTiM2EkWokR_fuQSr0%3D&request_ab2=0&zoneid=4524295&js_build=iclick-v1.433.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.433.0&bs=deee2c79-6cb1-48e7-8cbd-29b9691903ed&userId=454760241d944e18b5afb68f7dc7fe5d&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://s7.converto.io/
Origin: http://s7.converto.io
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 07 Oct 2022 00:51:23 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: e4ce35f49a94de768f248eca7cfccae9
Access-Control-Allow-Origin: http://s7.converto.io
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=454760241d944e18b5afb68f7dc7fe5d; expires=Sat, 07 Oct 2023 00:51:23 GMT; path=/
oaidts=1665103883; expires=Sat, 07 Oct 2023 00:51:23 GMT; path=/
syncedCookie=true; expires=Fri, 14 Oct 2022 00:51:23 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
besmeargleor.com/500/4873879?excludes=&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.236200 OK 1.0 kB URL HTTP/1.1 besmeargleor.com/500/4873879?excludes=&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.236:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1264), with no line terminators
Hash 6b2654b55e2adb654359a3848cd849ad
e9afbcc0fb48bcae4caf33c64acbd01e676142fc
053f0de6e39d61ccb64897f973c0aa8fffe477f5d29decb8dd006c3e76af5447
Analyzer Verdict Alert quad9 Sinkholed
GET /500/4873879?excludes=&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: besmeargleor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Origin: http://s7.converto.io
Connection: keep-alive
Referer: http://s7.converto.io/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 07 Oct 2022 00:51:23 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 1f390dc39e5a7e0cd622e520d9d64552
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: http://s7.converto.io
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=454760241d944e18b5afb68f7dc7fe5d; expires=Sat, 07 Oct 2023 00:51:23 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
tovanillitechan.com/42/38?z=4524293
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/42/38?z=4524293
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /42/38?z=4524293 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s7.converto.io/
Cookie: scm=1; OAID=a9e2fc0da1034c0fa37c69c99b6d5cf8; oaidts=1665103882
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 2e993b9577c4dd939a89ffb315a36398
access-control-expose-headers: X-Sc
set-cookie: OAID=a9e2fc0da1034c0fa37c69c99b6d5cf8; expires=Sat, 07 Oct 2023 00:51:23 GMT; secure; SameSite=None
oaidts=1665103882; expires=Sat, 07 Oct 2023 00:51:23 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
offerimage.com/www/images/96d73cf80f752e9319997c6e575c3b82.jpeg
172.67.22.216200 OK 11 kB URL HTTP/2 offerimage.com/www/images/96d73cf80f752e9319997c6e575c3b82.jpeg
IP 172.67.22.216:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 96d73cf80f752e9319997c6e575c3b82
3dcf9d3b3e94698a842b1a98de17a02a8c3b4457
44dc0e0d92f12e669842f12722ca1a1848fb4be50deabd86c7d9deb64946db86
GET /www/images/96d73cf80f752e9319997c6e575c3b82.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s7.converto.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 00:51:23 GMT
content-type: image/jpeg
content-length: 11449
cache-control: max-age=86400
cf-bgj: h2pri
etag: "627e5574-2cb9"
expires: Fri, 07 Oct 2022 11:39:29 GMT
last-modified: Fri, 13 May 2022 12:56:20 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 47514
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7562a5e59852b529-OSL
X-Firefox-Spdy: h2
tovanillitechan.com/27/8895279539f8e7258627d3f113c8e00a
139.45.197.239200 OK 123 kB URL HTTP/2 tovanillitechan.com/27/8895279539f8e7258627d3f113c8e00a
IP 139.45.197.239:0
File type ASCII text, with very long lines (65523)
Size 123 kB (122895 bytes)
Hash 87e275736739124ce1eef1172401f50a
04b6932f17c64e36ff473b0ab97196c744b8d9e8
1699738a51dac06aa69498bbad76f3c4ed3ffc38d9404b5192587fe02db538c2
Analyzer Verdict Alert quad9 Sinkholed
GET /27/8895279539f8e7258627d3f113c8e00a HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s7.converto.io/
Cookie: scm=1; OAID=a9e2fc0da1034c0fa37c69c99b6d5cf8; oaidts=1665103882
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Thu, 06 Oct 2022 06:46:02 GMT
expires: Thu, 05 Nov 2082 06:46:02 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
OPTIONS /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://s7.converto.io/
Origin: http://s7.converto.io
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://s7.converto.io
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=dae461f9e4a6441bb30a50cbbfe25110&zoneId=4524294&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=dae461f9e4a6441bb30a50cbbfe25110&zoneId=4524294&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 59b4a1023b5a052f3025a34b467d8fa7
f8e6e328df572a1c0f801cd1378d6ed4ec7479a3
3fe21f8497491b4bdd8384445206eac57abf253bf2e51f348e7eddacb81479cf
GET /gid.js?pub=0&userId=dae461f9e4a6441bb30a50cbbfe25110&zoneId=4524294&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://s7.converto.io/
Origin: http://s7.converto.io
Connection: keep-alive
Cookie: ID=454760241d944e18b5afb68f7dc7fe5d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://s7.converto.io
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=454760241d944e18b5afb68f7dc7fe5d; expires=Sat, 07 Oct 2023 00:51:23 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-Q3LW902KMS>m=2oea50&_p=252150689&cid=1699471850.1665103883&ul=en-us&sr=1280x1024&_s=1&sid=1665103882&sct=1&seg=0&dl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&dt=Download&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-Q3LW902KMS>m=2oea50&_p=252150689&cid=1699471850.1665103883&ul=en-us&sr=1280x1024&_s=1&sid=1665103882&sct=1&seg=0&dl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&dt=Download&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-Q3LW902KMS>m=2oea50&_p=252150689&cid=1699471850.1665103883&ul=en-us&sr=1280x1024&_s=1&sid=1665103882&sct=1&seg=0&dl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&dt=Download&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://s7.converto.io
Connection: keep-alive
Referer: http://s7.converto.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://s7.converto.io
date: Fri, 07 Oct 2022 00:51:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://s7.converto.io/
Content-Type: application/json
Origin: http://s7.converto.io
Content-Length: 423
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: a04fc9b8b2d9c8c5a047293b709a26e1
access-control-allow-origin: http://s7.converto.io
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://s7.converto.io/
Content-Type: application/json
Origin: http://s7.converto.io
Content-Length: 689
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 81df1488fc84af233d0bd5949675272e
access-control-allow-origin: http://s7.converto.io
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
tovanillitechan.com/9?z=4524293&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=454760241d944e18b5afb68f7dc7fe5d
139.45.197.239204 No Content 0 B URL HTTP/2 tovanillitechan.com/9?z=4524293&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=454760241d944e18b5afb68f7dc7fe5d
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=4524293&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=454760241d944e18b5afb68f7dc7fe5d HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://s7.converto.io/
Origin: http://s7.converto.io
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://s7.converto.io
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.200.107.47101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.200.107.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: TMoCLaDyIh9srMD0epswTQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: evWh4Y7ghQlTN0u6qe43nHfJlUs=
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://s7.converto.io/
Content-Type: application/json
Origin: http://s7.converto.io
Content-Length: 420
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 2dfd42a79f0e90cfbb80be95b53c6d86
access-control-allow-origin: http://s7.converto.io
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
dozubatan.com/500/4524292?excludes=&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4524292?excludes=&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/4524292?excludes=&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://s7.converto.io/
Origin: http://s7.converto.io
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: http://s7.converto.io
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
tovanillitechan.com/11?rnd=3492996772&z=4524293&b=14505326&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=ma2ZwOS9f5Rp1Pih5LYmYB9fmNq7nOq97YILtk9W-C1t16oPBbZrfUd7yuzSQL_hX5iYD_HMQBjRnAiKnenekW15mOwJueTfUctHcxn3MvggVaLtlUOelGrRS2Uv35A0_sybdjYqhwX00Ik_pD34kDJtcFY1-MquLRiFyVXqgxw_EgGhCDl35JKgifRam-nWA4SXCD3SBYY1Eq53ESrujRpCU3NH4yf1zNqWaMlHPa5xTEjMgpqdLQ9zoqaKSDAj-CKqIsZFljt9UQYiNrIDatfd3uB3EzYfJJNuMmVLZHCqw7oDSwL2QvWjUFf71m5QCOTrN_fGZAAl50Pq4rBZhFYTYNheF_D0Au2QDv9EA8sy699QFTkBcqswbxKvacNw03-jN_V6Sdc282yiFCY-JIv8A4GQsTLsztprgIJ5X5T_wKIUGPl4M6TojTvHvCSElXOiGkcJrIKq1jkW3QigRNWpvD7VRQ3OVmmCBLa-STdFxej42gS49CxT4bwwRI0FqsAfhM9wZtpTtjbYFgI-dhYoRNAZA7XclmBeSsX-RzIMwZzBqw8eVliL8WxndRY7BTI-c6UT5YrSxL5o_98V6bBJ7Au0U5EElpiarGVmZbGEK3ZKwxVG0lsDwKLBCC54J-YsWi8SWLxbm1RjITXOooFh94yhgpNZyguCt8GRDGJ4lKLmzVoRxw==&ruid=92172824-3210-48ba-b517-8a332a6d072b&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=125
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/11?rnd=3492996772&z=4524293&b=14505326&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=ma2ZwOS9f5Rp1Pih5LYmYB9fmNq7nOq97YILtk9W-C1t16oPBbZrfUd7yuzSQL_hX5iYD_HMQBjRnAiKnenekW15mOwJueTfUctHcxn3MvggVaLtlUOelGrRS2Uv35A0_sybdjYqhwX00Ik_pD34kDJtcFY1-MquLRiFyVXqgxw_EgGhCDl35JKgifRam-nWA4SXCD3SBYY1Eq53ESrujRpCU3NH4yf1zNqWaMlHPa5xTEjMgpqdLQ9zoqaKSDAj-CKqIsZFljt9UQYiNrIDatfd3uB3EzYfJJNuMmVLZHCqw7oDSwL2QvWjUFf71m5QCOTrN_fGZAAl50Pq4rBZhFYTYNheF_D0Au2QDv9EA8sy699QFTkBcqswbxKvacNw03-jN_V6Sdc282yiFCY-JIv8A4GQsTLsztprgIJ5X5T_wKIUGPl4M6TojTvHvCSElXOiGkcJrIKq1jkW3QigRNWpvD7VRQ3OVmmCBLa-STdFxej42gS49CxT4bwwRI0FqsAfhM9wZtpTtjbYFgI-dhYoRNAZA7XclmBeSsX-RzIMwZzBqw8eVliL8WxndRY7BTI-c6UT5YrSxL5o_98V6bBJ7Au0U5EElpiarGVmZbGEK3ZKwxVG0lsDwKLBCC54J-YsWi8SWLxbm1RjITXOooFh94yhgpNZyguCt8GRDGJ4lKLmzVoRxw==&ruid=92172824-3210-48ba-b517-8a332a6d072b&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=125
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=3492996772&z=4524293&b=14505326&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=ma2ZwOS9f5Rp1Pih5LYmYB9fmNq7nOq97YILtk9W-C1t16oPBbZrfUd7yuzSQL_hX5iYD_HMQBjRnAiKnenekW15mOwJueTfUctHcxn3MvggVaLtlUOelGrRS2Uv35A0_sybdjYqhwX00Ik_pD34kDJtcFY1-MquLRiFyVXqgxw_EgGhCDl35JKgifRam-nWA4SXCD3SBYY1Eq53ESrujRpCU3NH4yf1zNqWaMlHPa5xTEjMgpqdLQ9zoqaKSDAj-CKqIsZFljt9UQYiNrIDatfd3uB3EzYfJJNuMmVLZHCqw7oDSwL2QvWjUFf71m5QCOTrN_fGZAAl50Pq4rBZhFYTYNheF_D0Au2QDv9EA8sy699QFTkBcqswbxKvacNw03-jN_V6Sdc282yiFCY-JIv8A4GQsTLsztprgIJ5X5T_wKIUGPl4M6TojTvHvCSElXOiGkcJrIKq1jkW3QigRNWpvD7VRQ3OVmmCBLa-STdFxej42gS49CxT4bwwRI0FqsAfhM9wZtpTtjbYFgI-dhYoRNAZA7XclmBeSsX-RzIMwZzBqw8eVliL8WxndRY7BTI-c6UT5YrSxL5o_98V6bBJ7Au0U5EElpiarGVmZbGEK3ZKwxVG0lsDwKLBCC54J-YsWi8SWLxbm1RjITXOooFh94yhgpNZyguCt8GRDGJ4lKLmzVoRxw==&ruid=92172824-3210-48ba-b517-8a332a6d072b&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=125 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://s7.converto.io
Connection: keep-alive
Referer: http://s7.converto.io/
Cookie: scm=1; OAID=454760241d944e18b5afb68f7dc7fe5d; oaidts=1665103882
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: http://s7.converto.io
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 65cae85141d6bf0df3d54538c5e5dd23
access-control-expose-headers: X-Sc
set-cookie: OAID=454760241d944e18b5afb68f7dc7fe5d; expires=Sat, 07 Oct 2023 00:51:23 GMT; secure; SameSite=None
oaidts=1665103882; expires=Sat, 07 Oct 2023 00:51:23 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4f02499111f3797c5a096e9f9a23f37c
19daaa3d50e5acd25ec41242b0bedf54a9dd5a37
8158e4bd8ad6b27907098b5e0e958152f08f95ec1f99d3f31f3d5f49038e865e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8158E4BD8AD6B27907098B5E0E958152F08F95EC1F99D3F31F3D5F49038E865E"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4701
Expires: Fri, 07 Oct 2022 02:09:44 GMT
Date: Fri, 07 Oct 2022 00:51:23 GMT
Connection: keep-alive
dozubatan.com/500/4524292?excludes=&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 21 kB URL HTTP/2 dozubatan.com/500/4524292?excludes=&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash e5751eb74443120cf27eba6af344f123
8e6a31d6fd6fa1659e7192abb8d243bf1bc00251
f6b952b8b7450f52afe9004f531d2b24e4a3ce0e0da69818753b935e85f9349c
GET /500/4524292?excludes=&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://s7.converto.io
Connection: keep-alive
Referer: http://s7.converto.io/
Cookie: OAID=ab25798f93024fc18010c6562e578dcb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
content-type: application/javascript
x-trace-id: d4fedc07005a3e7dce4dde1de2d01b30
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: http://s7.converto.io
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=454760241d944e18b5afb68f7dc7fe5d; expires=Sat, 07 Oct 2023 00:51:23 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/1?z=4524293
139.45.197.239200 OK 55 kB URL HTTP/2 tovanillitechan.com/1?z=4524293
IP 139.45.197.239:0
Hash cae3cb873b28c142d22d41ac88bb4976
6d8d72c27db40837ff03c96c3cd7bdd0eadf1827
42f369f386f4676472f0bba0d1d2e490be9ce909f4b5f3b1501c4dc3acac38ec
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=4524293 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s7.converto.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:22 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 99c549d7b380e025b4074e56f76aa341
access-control-expose-headers: X-Sc
x-sc: xtdaC_wQDSBMQwREPdAHjfZ8ETix1LROl0Cz6pbkW4QESBbICIwcPecMRjaEtYB4phx974pPvn9E5CH3zlspT4i8Ed8=
set-cookie: scm=1; expires=Sat, 07 Oct 2023 00:51:22 GMT; secure; SameSite=None
OAID=a9e2fc0da1034c0fa37c69c99b6d5cf8; expires=Sat, 07 Oct 2023 00:51:22 GMT; secure; SameSite=None
oaidts=1665103882; expires=Sat, 07 Oct 2023 00:51:22 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 671e371ca656241a058e39f941f52b91
e2f8c597830dbf6798c6e67563b25f8f2c5b9761
c8cf9147235e2f68fb2a2aa6aaab3d8934bb8e1a2a19e94e8c9ef6310ffdf88a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8CF9147235E2F68FB2A2AA6AAAB3D8934BB8E1A2A19E94E8C9EF6310FFDF88A"
Last-Modified: Wed, 05 Oct 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19664
Expires: Fri, 07 Oct 2022 06:19:07 GMT
Date: Fri, 07 Oct 2022 00:51:23 GMT
Connection: keep-alive
unphionetor.com/fv.js?t=72747&cb=1784443524
139.45.197.236200 OK 2.2 kB URL HTTP/2 unphionetor.com/fv.js?t=72747&cb=1784443524
IP 139.45.197.236:0
File type ASCII text, with very long lines (5213), with no line terminators
Hash 0254fb1dad74628b7ad0f97d304fac92
35f7af13a08eb87023ec7df4d3c35c21b2cde79d
47fb6ce428ca80ea69b772e4f66e4e5c622a4005db601746033d04511bd27536
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=72747&cb=1784443524 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 1e4e91e2e350e0898165ce542a9eef69
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 1ef9df8f6b08fe282a7cc59c9f7b4416
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2874
Expires: Fri, 07 Oct 2022 01:39:18 GMT
Date: Fri, 07 Oct 2022 00:51:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2874
Expires: Fri, 07 Oct 2022 01:39:18 GMT
Date: Fri, 07 Oct 2022 00:51:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2874
Expires: Fri, 07 Oct 2022 01:39:18 GMT
Date: Fri, 07 Oct 2022 00:51:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2874
Expires: Fri, 07 Oct 2022 01:39:18 GMT
Date: Fri, 07 Oct 2022 00:51:24 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff362ea4b-2913-4401-9322-7a70f223e2a9.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff362ea4b-2913-4401-9322-7a70f223e2a9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5cf80f9e9e5aabf650c561b5939acf1c
6a66ddb2c8c77cbd27101b8705a34492aa998b98
9aff5e0564805bbf83edb94b2d0462f76e09b5b67a39f3ab65aee66a24a192da
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff362ea4b-2913-4401-9322-7a70f223e2a9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9160
x-amzn-requestid: 3064ca86-5e0e-4bff-ad0c-6dcce9fa1404
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmhkaGIGoAMFZzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f494f-06a55ad9421678605d12a4a6;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:59 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: 1uTAUuD8oF_Y8yRT9Fh30YuIJMN-iKXQiXwDfq7NgCnPeyM5pV9BKQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 27fe6f224e0cfa3f3a446471ee256e56.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:01:45 GMT
age: 10179
etag: "6a66ddb2c8c77cbd27101b8705a34492aa998b98"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccc2005-2e35-42eb-8f79-f2155e9eb404.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccc2005-2e35-42eb-8f79-f2155e9eb404.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0611d96a8a76ee2b104a70372860f979
579dea2edcf3f3fa3e18530d1f254132589a2f6b
70996e9eb0aac2a5befff12fd63c57c5120f59e061af60b60c975694307a6be3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccc2005-2e35-42eb-8f79-f2155e9eb404.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8050
x-amzn-requestid: 7332406c-4a06-4c0d-a4c3-d59e089b511d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZJw3jHaooAMF6bQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333c830-4513d4852dc064a812c23cea;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 04:06:08 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ytF_TxhiRg0wYUJod7-t0FEv_p7EkIXJNe2rygTGxW6TnebbTy8DCw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:08:02 GMT
age: 9802
etag: "579dea2edcf3f3fa3e18530d1f254132589a2f6b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 53b7ffdc3799e0ac7a225145242579ef
c47f0525fe5354ee13fe63c0ec31f0f826a58005
4bb518afc9b3e7bfb976d343e46b306155834adbe71fa35b0d6f509959f78aca
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10987
x-amzn-requestid: c2ab1012-1afd-4d74-8114-97977b43da24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZgCHwGdGoAMFvyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633cb097-3237927a0c1e081d22c902f7;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 22:15:51 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: iClOZEPMiFmpeprT8McJ2HI0dCmyxkhEdfYr0qP0YK3U_Pcd9N0Fhg==
via: 1.1 3dde68f1f52282c9e1ee336d97233b0a.cloudfront.net (CloudFront), 1.1 b47618c03bd47cf085f27b1e215f76cc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 11:10:12 GMT
age: 49272
etag: "c47f0525fe5354ee13fe63c0ec31f0f826a58005"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36097bf9-dd7a-4dde-af42-0e23e000e84a.jpeg
34.120.237.76200 OK 2.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36097bf9-dd7a-4dde-af42-0e23e000e84a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e9646987c0395eec23e32dc00954d386
5545b691aeefcd31bbc6b6cad6726234773e9d74
900a2bfbe3984db79056d38764b1986399d827a7f54d1c54d4fd3b06c7981385
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36097bf9-dd7a-4dde-af42-0e23e000e84a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2732
x-amzn-requestid: 004a85ab-b33b-4b7f-86f2-9762e6cd2f0b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmhkQGWgoAMF7mw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f494e-473458094dc2ded55a681505;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:58 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: eJltrBVIRbJ-_OUHZjw8mtfK6Ivb9C51B6lC1C11eaq_O4Psd7evRg==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 ca66331b52971370c4e54619e8a952cc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:46:38 GMT
age: 11086
etag: "5545b691aeefcd31bbc6b6cad6726234773e9d74"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F837dece8-fc6a-4543-a1b5-e8504c153d81.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F837dece8-fc6a-4543-a1b5-e8504c153d81.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a4d23ef36836d4691f44e51885513cc3
10fc52375fd8946bfd468eb96e4aaf592c239663
fb3d2d52e1dbbe4225c3df920b36eeb73dc52a1010db52018bc1eb5c5bfbd028
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F837dece8-fc6a-4543-a1b5-e8504c153d81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6063
x-amzn-requestid: e4067d2e-5fe8-4c80-ab2c-15e98605d458
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZQw32GbTIAMFx0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633694fe-5d650b9433007db41ea51a35;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 07:04:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: a8Wrtvoc1hKrYtCETPZXyOZJbdNZxPq71SJ6fy1iLDyRPqXGALgyzA==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 23:09:03 GMT
age: 6141
etag: "10fc52375fd8946bfd468eb96e4aaf592c239663"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd58f1191-b279-4341-98b0-b5853ac04100.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd58f1191-b279-4341-98b0-b5853ac04100.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 90f323a3b73cab85abdce9b6631e8d93
36e42d12a193c90fbc03a7d13a1711f24bf6f2a2
259aecd4212d5c91c4eeb930d99e28ce420af50d987e93d99974f6db1127ff28
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd58f1191-b279-4341-98b0-b5853ac04100.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8351
x-amzn-requestid: 8e8e58e6-a6d5-41ef-8246-bb276b882852
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmihYGo2oAMFXYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4ad5-06b81112046a7b2b3b898a3d;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:38:29 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: ij3kvy3mw4m1fxe_qzZi8-zbw8raIqJB21wPBd6rqmmFLDWar9C3KQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:06:09 GMT
age: 9915
etag: "36e42d12a193c90fbc03a7d13a1711f24bf6f2a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
dozubatan.com/impression/xXfnZUIUyXeNefqEmrJsHfkhBH2zP9MmcXwyVnta4UCZQnkv7gIdxNNvFdVFvKQFbA9ylP8uA_OQ9S05dWANBx4zO3_WF26njpXI_NS9ee6AxzG_x__LZrOGItCNTLowQNTlArkHTHyd4waJfPIrYPnr72K9Dahh_mMM5cd3sxD8j6jYvc34zBFXTX4rWDLPnp29Y_7k7J_r1vwf1VkDwtJCDx0htl0WPTGWyQp-H_g4g7R8HZxJhhNf-DFZ2FsnF-q90Xy7zV5fNO3NuvG4VOMYlKjsrhZ8NTxzbc7HNUU5fYt1pu8vsZvseEiBW_EgjqjoKRWL5WFB6-W2fqJFTZmyoLTkX1OTAO1N817KQSU_KWKPc7AjP4AWXRaq7GdMKGwavwoBCHmZRDopeaHaAN9mcLSrrQIUYwPbex0Xk1teXPrEnpllko7FFonUwywD_hNL2JJ4pZfM7sShw0BQT4D3fzez9qtCX9ZTAQQTaoYLGIdXiHo9cBHtu9KfS8mSssIBbhjvfDqYArDiFEH-RDfIPaikyFqei51t8xKn4en5rJeFVe5sVCS1F5gEzldyWWs9ZKdVtf42wvGd0fq9piDWyAG_3paE?_z=4524292&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 dozubatan.com/impression/xXfnZUIUyXeNefqEmrJsHfkhBH2zP9MmcXwyVnta4UCZQnkv7gIdxNNvFdVFvKQFbA9ylP8uA_OQ9S05dWANBx4zO3_WF26njpXI_NS9ee6AxzG_x__LZrOGItCNTLowQNTlArkHTHyd4waJfPIrYPnr72K9Dahh_mMM5cd3sxD8j6jYvc34zBFXTX4rWDLPnp29Y_7k7J_r1vwf1VkDwtJCDx0htl0WPTGWyQp-H_g4g7R8HZxJhhNf-DFZ2FsnF-q90Xy7zV5fNO3NuvG4VOMYlKjsrhZ8NTxzbc7HNUU5fYt1pu8vsZvseEiBW_EgjqjoKRWL5WFB6-W2fqJFTZmyoLTkX1OTAO1N817KQSU_KWKPc7AjP4AWXRaq7GdMKGwavwoBCHmZRDopeaHaAN9mcLSrrQIUYwPbex0Xk1teXPrEnpllko7FFonUwywD_hNL2JJ4pZfM7sShw0BQT4D3fzez9qtCX9ZTAQQTaoYLGIdXiHo9cBHtu9KfS8mSssIBbhjvfDqYArDiFEH-RDfIPaikyFqei51t8xKn4en5rJeFVe5sVCS1F5gEzldyWWs9ZKdVtf42wvGd0fq9piDWyAG_3paE?_z=4524292&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /impression/xXfnZUIUyXeNefqEmrJsHfkhBH2zP9MmcXwyVnta4UCZQnkv7gIdxNNvFdVFvKQFbA9ylP8uA_OQ9S05dWANBx4zO3_WF26njpXI_NS9ee6AxzG_x__LZrOGItCNTLowQNTlArkHTHyd4waJfPIrYPnr72K9Dahh_mMM5cd3sxD8j6jYvc34zBFXTX4rWDLPnp29Y_7k7J_r1vwf1VkDwtJCDx0htl0WPTGWyQp-H_g4g7R8HZxJhhNf-DFZ2FsnF-q90Xy7zV5fNO3NuvG4VOMYlKjsrhZ8NTxzbc7HNUU5fYt1pu8vsZvseEiBW_EgjqjoKRWL5WFB6-W2fqJFTZmyoLTkX1OTAO1N817KQSU_KWKPc7AjP4AWXRaq7GdMKGwavwoBCHmZRDopeaHaAN9mcLSrrQIUYwPbex0Xk1teXPrEnpllko7FFonUwywD_hNL2JJ4pZfM7sShw0BQT4D3fzez9qtCX9ZTAQQTaoYLGIdXiHo9cBHtu9KfS8mSssIBbhjvfDqYArDiFEH-RDfIPaikyFqei51t8xKn4en5rJeFVe5sVCS1F5gEzldyWWs9ZKdVtf42wvGd0fq9piDWyAG_3paE?_z=4524292&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s7.converto.io/
Cookie: OAID=454760241d944e18b5afb68f7dc7fe5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:27 GMT
content-type: image/gif
content-length: 43
x-trace-id: 195b62c2a090da125fe538a1d332c37d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
dozubatan.com/500/4524292?excludes=15111844&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4524292?excludes=15111844&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/4524292?excludes=15111844&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://s7.converto.io/
Origin: http://s7.converto.io
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:27 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: http://s7.converto.io
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
offerimage.com/www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg
172.67.22.216200 OK 13 kB URL HTTP/2 offerimage.com/www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg
IP 172.67.22.216:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 375d4eace3e9692bfe2fc21648f4c59a
57ef9b8278b63d567eab92b8607b68cee29071b8
46005b3961515220591e6df79d2713774deb57a082dda8162c3d182bcad3aa1b
GET /www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s7.converto.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 00:51:28 GMT
content-type: image/jpeg
content-length: 13449
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6231b193-3489"
expires: Fri, 07 Oct 2022 13:39:50 GMT
last-modified: Wed, 16 Mar 2022 09:44:51 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 40298
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7562a604aefeb529-OSL
X-Firefox-Spdy: h2
dozubatan.com/impression/4m1KevhIn0SmL0mrja8Kb65SfKvJPNQlkG7O0JtXmufijAwSAnFt588T3kedRsAYTkEPAxboztERmnOQGaJGyRZWKs-_6etfjEDNApjrFtGTtnQoI_IBH9RHP0Z4c6c1o7lTveqAPRvdEJwChBAgULNXnijYlhbMQyt_99G8TvVfAb3LbtemGIsgKiGlqC89o4S3XtS3k5g7Xx4p1ocC5mOfMivGN-7betQUNIST69kS862q23iOG4fYLEwl3lDG8EAhV8xjmSrL_mJvOvtZdwud8iaQuNS8F-BnYsvN-yma5hefcWGQL7ksbOG2bJJgULCUOarU9yHt74SBn0FwKr2f4iG_8D4TcpZEDMUByuDAVB24kmg9cwEHP1RKVKqCZvNrzfyGRdaPJ3pJVjRwDZAfd89FpTXEQSClg5wJhhvvWQwVg_Jj3BhOSDxG5s15cPzFdTEPGjN1negGLvk4Aq2Gjeb_f_h1y1To46JwxsvdQhWQz0mOuOrsUTiskLkL6D9_CTb9vutxezTD-KzkN1aq3hKEL5ZUNhI_zFUUUjUfL5JPPA9PzBXMN4y7LlxOFnBj8f_8ChAJzyzxiDiNWDhVtViT50k0?_z=4524292&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 dozubatan.com/impression/4m1KevhIn0SmL0mrja8Kb65SfKvJPNQlkG7O0JtXmufijAwSAnFt588T3kedRsAYTkEPAxboztERmnOQGaJGyRZWKs-_6etfjEDNApjrFtGTtnQoI_IBH9RHP0Z4c6c1o7lTveqAPRvdEJwChBAgULNXnijYlhbMQyt_99G8TvVfAb3LbtemGIsgKiGlqC89o4S3XtS3k5g7Xx4p1ocC5mOfMivGN-7betQUNIST69kS862q23iOG4fYLEwl3lDG8EAhV8xjmSrL_mJvOvtZdwud8iaQuNS8F-BnYsvN-yma5hefcWGQL7ksbOG2bJJgULCUOarU9yHt74SBn0FwKr2f4iG_8D4TcpZEDMUByuDAVB24kmg9cwEHP1RKVKqCZvNrzfyGRdaPJ3pJVjRwDZAfd89FpTXEQSClg5wJhhvvWQwVg_Jj3BhOSDxG5s15cPzFdTEPGjN1negGLvk4Aq2Gjeb_f_h1y1To46JwxsvdQhWQz0mOuOrsUTiskLkL6D9_CTb9vutxezTD-KzkN1aq3hKEL5ZUNhI_zFUUUjUfL5JPPA9PzBXMN4y7LlxOFnBj8f_8ChAJzyzxiDiNWDhVtViT50k0?_z=4524292&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /impression/4m1KevhIn0SmL0mrja8Kb65SfKvJPNQlkG7O0JtXmufijAwSAnFt588T3kedRsAYTkEPAxboztERmnOQGaJGyRZWKs-_6etfjEDNApjrFtGTtnQoI_IBH9RHP0Z4c6c1o7lTveqAPRvdEJwChBAgULNXnijYlhbMQyt_99G8TvVfAb3LbtemGIsgKiGlqC89o4S3XtS3k5g7Xx4p1ocC5mOfMivGN-7betQUNIST69kS862q23iOG4fYLEwl3lDG8EAhV8xjmSrL_mJvOvtZdwud8iaQuNS8F-BnYsvN-yma5hefcWGQL7ksbOG2bJJgULCUOarU9yHt74SBn0FwKr2f4iG_8D4TcpZEDMUByuDAVB24kmg9cwEHP1RKVKqCZvNrzfyGRdaPJ3pJVjRwDZAfd89FpTXEQSClg5wJhhvvWQwVg_Jj3BhOSDxG5s15cPzFdTEPGjN1negGLvk4Aq2Gjeb_f_h1y1To46JwxsvdQhWQz0mOuOrsUTiskLkL6D9_CTb9vutxezTD-KzkN1aq3hKEL5ZUNhI_zFUUUjUfL5JPPA9PzBXMN4y7LlxOFnBj8f_8ChAJzyzxiDiNWDhVtViT50k0?_z=4524292&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s7.converto.io/
Cookie: OAID=454760241d944e18b5afb68f7dc7fe5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:30 GMT
content-type: image/gif
content-length: 43
x-trace-id: 9e39792456fa1361b045e00e934aff81
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F41249b23-0479-4820-9c68-da428c1d2faa.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F41249b23-0479-4820-9c68-da428c1d2faa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash caf0e5e75898e70a4f2caa2a707c7af9
25a573f90d12a42a6e63c65485be5fc325b0bfde
cec7ab3a7f6e02b57ee72ca7eee70c16b9026679aa7cd6c0739669731ccc94d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F41249b23-0479-4820-9c68-da428c1d2faa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8090
x-amzn-requestid: 7aeb8664-0241-40e1-ac8d-aef56b2a1847
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmirBHS9IAMFYKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4b13-19caf51e2f8b7df363293db3;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:39:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: -Y3Utot6t5i9ws9JDG4eGGQYEzrN5d48KD9rZ0p1mscrMzOXBTsp1Q==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7f06047c304d80ea094816a27c933914.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:44:25 GMT
etag: "25a573f90d12a42a6e63c65485be5fc325b0bfde"
content-type: image/jpeg
age: 11226
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
interstitial-07.com/?l=5KiJw7BDBzgssAn&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D579910638%26z%3D4524293%26b%3D14505326%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Dma2ZwOS9f5Rp1Pih5LYmYB9fmNq7nOq97YILtk9W-C1t16oPBbZrfUd7yuzSQL_hX5iYD_HMQBjRnAiKnenekW15mOwJueTfUctHcxn3MvggVaLtlUOelGrRS2Uv35A0_sybdjYqhwX00Ik_pD34kDJtcFY1-MquLRiFyVXqgxw_EgGhCDl35JKgifRam-nWA4SXCD3SBYY1Eq53ESrujRpCU3NH4yf1zNqWaMlHPa5xTEjMgpqdLQ9zoqaKSDAj-CKqIsZFljt9UQYiNrIDatfd3uB3EzYfJJNuMmVLZHCqw7oDSwL2QvWjUFf71m5QCOTrN_fGZAAl50Pq4rBZhFYTYNheF_D0Au2QDv9EA8sy699QFTkBcqswbxKvacNw03-jN_V6Sdc282yiFCY-JIv8A4GQsTLsztprgIJ5X5T_wKIUGPl4M6TojTvHvCSElXOiGkcJrIKq1jkW3QigRNWpvD7VRQ3OVmmCBLa-STdFxej42gS49CxT4bwwRI0FqsAfhM9wZtpTtjbYFgI-dhYoRNAZA7XclmBeSsX-RzIMwZzBqw8eVliL8WxndRY7BTI-c6UT5YrSxL5o_98V6bBJ7Au0U5EElpiarGVmZbGEK3ZKwxVG0lsDwKLBCC54J-YsWi8SWLxbm1RjITXOooFh94yhgpNZyguCt8GRDGJ4lKLmzVoRxw%3D%3D%26bag%3DK9GC8xFjczykNNyRrWsoXw%3D%3D%26ruid%3D92172824-3210-48ba-b517-8a332a6d072b%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fs7.converto.io%252Fen52%252Fdownload-redirect%252F%253Fid%253D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
139.45.197.154200 OK 0 B URL HTTP/2 interstitial-07.com/?l=5KiJw7BDBzgssAn&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D579910638%26z%3D4524293%26b%3D14505326%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Dma2ZwOS9f5Rp1Pih5LYmYB9fmNq7nOq97YILtk9W-C1t16oPBbZrfUd7yuzSQL_hX5iYD_HMQBjRnAiKnenekW15mOwJueTfUctHcxn3MvggVaLtlUOelGrRS2Uv35A0_sybdjYqhwX00Ik_pD34kDJtcFY1-MquLRiFyVXqgxw_EgGhCDl35JKgifRam-nWA4SXCD3SBYY1Eq53ESrujRpCU3NH4yf1zNqWaMlHPa5xTEjMgpqdLQ9zoqaKSDAj-CKqIsZFljt9UQYiNrIDatfd3uB3EzYfJJNuMmVLZHCqw7oDSwL2QvWjUFf71m5QCOTrN_fGZAAl50Pq4rBZhFYTYNheF_D0Au2QDv9EA8sy699QFTkBcqswbxKvacNw03-jN_V6Sdc282yiFCY-JIv8A4GQsTLsztprgIJ5X5T_wKIUGPl4M6TojTvHvCSElXOiGkcJrIKq1jkW3QigRNWpvD7VRQ3OVmmCBLa-STdFxej42gS49CxT4bwwRI0FqsAfhM9wZtpTtjbYFgI-dhYoRNAZA7XclmBeSsX-RzIMwZzBqw8eVliL8WxndRY7BTI-c6UT5YrSxL5o_98V6bBJ7Au0U5EElpiarGVmZbGEK3ZKwxVG0lsDwKLBCC54J-YsWi8SWLxbm1RjITXOooFh94yhgpNZyguCt8GRDGJ4lKLmzVoRxw%3D%3D%26bag%3DK9GC8xFjczykNNyRrWsoXw%3D%3D%26ruid%3D92172824-3210-48ba-b517-8a332a6d072b%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fs7.converto.io%252Fen52%252Fdownload-redirect%252F%253Fid%253D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
IP 139.45.197.154:0
GET /?l=5KiJw7BDBzgssAn&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D579910638%26z%3D4524293%26b%3D14505326%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Dma2ZwOS9f5Rp1Pih5LYmYB9fmNq7nOq97YILtk9W-C1t16oPBbZrfUd7yuzSQL_hX5iYD_HMQBjRnAiKnenekW15mOwJueTfUctHcxn3MvggVaLtlUOelGrRS2Uv35A0_sybdjYqhwX00Ik_pD34kDJtcFY1-MquLRiFyVXqgxw_EgGhCDl35JKgifRam-nWA4SXCD3SBYY1Eq53ESrujRpCU3NH4yf1zNqWaMlHPa5xTEjMgpqdLQ9zoqaKSDAj-CKqIsZFljt9UQYiNrIDatfd3uB3EzYfJJNuMmVLZHCqw7oDSwL2QvWjUFf71m5QCOTrN_fGZAAl50Pq4rBZhFYTYNheF_D0Au2QDv9EA8sy699QFTkBcqswbxKvacNw03-jN_V6Sdc282yiFCY-JIv8A4GQsTLsztprgIJ5X5T_wKIUGPl4M6TojTvHvCSElXOiGkcJrIKq1jkW3QigRNWpvD7VRQ3OVmmCBLa-STdFxej42gS49CxT4bwwRI0FqsAfhM9wZtpTtjbYFgI-dhYoRNAZA7XclmBeSsX-RzIMwZzBqw8eVliL8WxndRY7BTI-c6UT5YrSxL5o_98V6bBJ7Au0U5EElpiarGVmZbGEK3ZKwxVG0lsDwKLBCC54J-YsWi8SWLxbm1RjITXOooFh94yhgpNZyguCt8GRDGJ4lKLmzVoRxw%3D%3D%26bag%3DK9GC8xFjczykNNyRrWsoXw%3D%3D%26ruid%3D92172824-3210-48ba-b517-8a332a6d072b%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fs7.converto.io%252Fen52%252Fdownload-redirect%252F%253Fid%253D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s7.converto.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
set-cookie: reverse=43vFGZ8QVVlIWvBOx0xiQnqLrQs9dwIgomEoYYDCnbs; expires=Fri, 07-Oct-2022 01:51:23 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2
bedrapiona.com/5/4524295/?oo=1&js_build=iclick-v1.433.0
139.45.197.234200 OK 0 B URL HTTP/2 bedrapiona.com/5/4524295/?oo=1&js_build=iclick-v1.433.0
IP 139.45.197.234:0
GET /5/4524295/?oo=1&js_build=iclick-v1.433.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://s7.converto.io
Connection: keep-alive
Referer: http://s7.converto.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:22 GMT
content-type: application/json
x-trace-id: 638f368a686e0976229826f2fef0d523
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: http://s7.converto.io
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=454760241d944e18b5afb68f7dc7fe5d; expires=Sat, 07 Oct 2023 00:51:22 GMT; path=/; secure; SameSite=None
oaidts=1665103882; expires=Sat, 07 Oct 2023 00:51:22 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:400,700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:400,700
IP 142.250.74.10:0
GET /css?family=Roboto:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s7.converto.io/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 07 Oct 2022 00:51:22 GMT
date: Fri, 07 Oct 2022 00:51:22 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dozubatan.com/400/4524292
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/400/4524292
IP 139.45.197.237:0
GET /400/4524292 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s7.converto.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:22 GMT
content-type: application/javascript
x-trace-id: dda047baeb002265c9c7c3eaf128ce37
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=ab25798f93024fc18010c6562e578dcb; expires=Sat, 07 Oct 2023 00:51:22 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
pseepsie.com/pfe/current/universal.min.js?v=3.1.396
139.45.197.250200 OK 0 B URL HTTP/2 pseepsie.com/pfe/current/universal.min.js?v=3.1.396
IP 139.45.197.250:0
GET /pfe/current/universal.min.js?v=3.1.396 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://s7.converto.io/
Origin: http://s7.converto.io
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-1fafa"
access-control-allow-origin: http://s7.converto.io
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
pseepsie.com/pfe/current/defaultSkin.min.js
139.45.197.250200 OK 0 B URL HTTP/2 pseepsie.com/pfe/current/defaultSkin.min.js
IP 139.45.197.250:0
Analyzer Verdict Alert fortinet Malware
GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://s7.converto.io/
Origin: http://s7.converto.io
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-df63"
access-control-allow-origin: http://s7.converto.io
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/9?z=4524293&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=454760241d944e18b5afb68f7dc7fe5d
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/9?z=4524293&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=454760241d944e18b5afb68f7dc7fe5d
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=4524293&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=454760241d944e18b5afb68f7dc7fe5d HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 94
Origin: http://s7.converto.io
Connection: keep-alive
Referer: http://s7.converto.io/
Cookie: scm=1; OAID=a9e2fc0da1034c0fa37c69c99b6d5cf8; oaidts=1665103882
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:23 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: http://s7.converto.io
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: e7647fbf2123c45e592c92333c1b2b40
access-control-expose-headers: X-Sc
set-cookie: OAID=454760241d944e18b5afb68f7dc7fe5d; expires=Sat, 07 Oct 2023 00:51:23 GMT; secure; SameSite=None
oaidts=1665103882; expires=Sat, 07 Oct 2023 00:51:23 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
s7.converto.io/download-file/5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo/file.mp4
5.61.51.21200 OK 0 B URL HTTP/1.1 s7.converto.io/download-file/5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo/file.mp4
IP 5.61.51.21:0
GET /download-file/5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo/file.mp4 HTTP/1.1
Host: s7.converto.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s7.converto.io/en52/download-redirect/?id=5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo
Cookie: lang=en; _ga_Q3LW902KMS=GS1.1.1665103882.1.0.1665103882.0.0.0; _ga=GA1.1.1699471850.1665103883; prefetchAd_4524295=true
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 07 Oct 2022 00:51:28 GMT
Content-Type: application/force-download
Content-Length: 332669867
Connection: keep-alive
Etag: 5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo
Content-Disposition: attachment; filename=СМОТРЕТЬ_ВСЕМ!_Как_написать_курсовую_за_20_мин_с_нуля_и_уникальностью_80%_Показываем_в_режиме_онлайн.mp4
Cache-Control: max-age=2592000, public
Expires: Sun, 06 Nov 2022 00:51:28 GMT
Last-Modified: Fri, 07 Oct 2022 00:50:51 GMT
iclickcdn.com/tag.min.js
104.26.13.118200 OK 0 B IP 104.26.13.118:0
GET /tag.min.js HTTP/1.1
Host: iclickcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s7.converto.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 00:51:22 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: cc2a5dc9851aaef3f9b895fe9eea75b5
cache-control: max-age=86400
last-modified: Wed, 05 Oct 2022 15:41:16 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Fri, 07 Oct 2022 01:17:25 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 84836
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mm6%2BM9%2BTxB7DJy86gqu2Ckj5%2FTcPSBrZK6HiVHRRrXhYRz2MMkqapeEGvryQlKDNTVVH%2BQct8tO6il6lRzOgE6mnqJNkwd2GMEHXs%2FQnugNleLjQ5XPfYbGTGAp9o4k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7562a5e188c3b527-OSL
content-encoding: br
X-Firefox-Spdy: h2
pseepsie.com/pfe/current/tag.min.js?z=4524294
139.45.197.250200 OK 0 B URL HTTP/2 pseepsie.com/pfe/current/tag.min.js?z=4524294
IP 139.45.197.250:0
GET /pfe/current/tag.min.js?z=4524294 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s7.converto.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:22 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-39be"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/500/4524292?excludes=15111844&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4524292?excludes=15111844&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
GET /500/4524292?excludes=15111844&oaid=454760241d944e18b5afb68f7dc7fe5d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fs7.converto.io%2Fen52%2Fdownload-redirect%2F%3Fid%3D5pDODjs8iIbCEU9gYLL3D6EtRfkPgNqo&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://s7.converto.io
Connection: keep-alive
Referer: http://s7.converto.io/
Cookie: OAID=454760241d944e18b5afb68f7dc7fe5d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 00:51:28 GMT
content-type: application/javascript
x-trace-id: a8136187bcf6528454dd6c15be3986ea
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: http://s7.converto.io
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=454760241d944e18b5afb68f7dc7fe5d; expires=Sat, 07 Oct 2023 00:51:27 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2