r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e051e6e01b12b9ad6e0014603f93431a
ada9efe77054d8593f2687fb3a7eada8908ef7e8
c41be8ffe176ca674efb0588164fdfd237754c6b5b461f8f46387b96ae7d6090
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41BE8FFE176CA674EFB0588164FDFD237754C6B5B461F8F46387B96AE7D6090"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2245
Expires: Sat, 04 Feb 2023 11:36:03 GMT
Date: Sat, 04 Feb 2023 10:58:38 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19910
Expires: Sat, 04 Feb 2023 16:30:28 GMT
Date: Sat, 04 Feb 2023 10:58:38 GMT
Connection: keep-alive
1675506627742.umfinancing.com/9hqikep3qi
104.21.42.72200 OK 14 kB URL HTTP/1.1 1675506627742.umfinancing.com/9hqikep3qi
IP 104.21.42.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (10860), with CRLF line terminators
Hash 941ff095816afa7c2f8bed5baeca1753
d0eb4b8aadc1661c02045b4be3c1ee5d19a61fd0
e5f05e20b7cf95f01f8bd31593e6cc4380a453165802be26188c12a6d4e954dd
Analyzer Verdict Alert quad9 Sinkholed
GET /9hqikep3qi HTTP/1.1
Host: 1675506627742.umfinancing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 10:58:38 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZMQ3s%2BiIeK4tH8C6wNKyQqOV6296xIN2y0xYVW4O1EkRF3jmB8IzqJnrcMKCaCQsCNXpkNaLFZfDmfum8Jksn2KrJOgnp%2B%2FmYdtpSYsGa8%2BXLSxy%2F2e1FzDW9fiRIAkipQ13dR0N14SUnbGlcovYqA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7942e46f1e8fb4f1-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11337
Expires: Sat, 04 Feb 2023 14:07:35 GMT
Date: Sat, 04 Feb 2023 10:58:38 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 10:43:37 GMT
content-type: application/json
age: 901
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: yFWEAdp2p/UgOTm/Ai8UIeXiYnYu8wfiWG6qizzfEANMb70zqvIfJzZiOMOpEYRHUW7pxRjM4jg=
x-amz-request-id: VBKN8FB3FV8VDHV0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 10:23:57 GMT
age: 2081
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 10:58:38 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
i.imgur.com/FTLIZSb.png
151.101.84.193200 OK 3.0 kB IP 151.101.84.193:0
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 50ec7ba809f96b42088aafd817893572
679ccfc84395a996520795ef1bd3273c08622c02
588b1c4bfd72f0ddf016007c9ab23246844a93fb0fa4d4c20757d89b01ddfa5e
GET /FTLIZSb.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 18 Sep 2022 19:28:37 GMT
etag: "50ec7ba809f96b42088aafd817893572"
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 04 Feb 2023 10:58:39 GMT
age: 3085194
x-served-by: cache-iad-kcgs7200028-IAD, cache-bma1662-BMA
x-cache: HIT, HIT
x-cache-hits: 3240, 410
x-timer: S1675508319.051031,VS0,VE0
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 3046
X-Firefox-Spdy: h2
i.imgur.com/H5EPED1.png
151.101.84.193200 OK 3.4 kB IP 151.101.84.193:0
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 312fa6a734f96422993aa751ceaf6f9d
bcee3278773af24da138799f0eb661c14d618442
9733742a746615e344dfa5178eadf0b4b24669db49b2bd5f85a70c613402b8e9
GET /H5EPED1.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 18 Sep 2022 18:03:43 GMT
etag: "312fa6a734f96422993aa751ceaf6f9d"
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 04 Feb 2023 10:58:39 GMT
age: 3167037
x-served-by: cache-iad-kcgs7200024-IAD, cache-bma1662-BMA
x-cache: HIT, HIT
x-cache-hits: 10721, 1
x-timer: S1675508319.050672,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 3417
X-Firefox-Spdy: h2
i.imgur.com/P8Gsm1l.png
151.101.84.193200 OK 6.6 kB IP 151.101.84.193:0
File type PNG image data, 156 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash f44ece975fd6bf92ea1f67a874f96da0
0346ef51f91e8730931122c33cc7e52e8858d0bb
7c0bb696c24a2e58f0f4eaec69da283c1e2dd77a711a8f34efaa1fe5a712f4c8
GET /P8Gsm1l.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 15:38:30 GMT
etag: "f44ece975fd6bf92ea1f67a874f96da0"
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 04 Feb 2023 10:58:39 GMT
age: 3069939
x-served-by: cache-iad-kiad7000170-IAD, cache-bma1662-BMA
x-cache: HIT, HIT
x-cache-hits: 9818, 1
x-timer: S1675508319.050910,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 6597
X-Firefox-Spdy: h2
i.imgur.com/7sZUmPO.png
151.101.84.193200 OK 3.1 kB IP 151.101.84.193:0
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash aa3d36b94ed8a6e27feff28d4dafe329
521490db1e4581dd4eeee8acc5492735e78e019e
55dccfa672fbbe5931b1e4df91468a8775226d4e4314d9ff3dcbec55f52f5ad7
GET /7sZUmPO.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 18 Sep 2022 18:10:11 GMT
etag: "aa3d36b94ed8a6e27feff28d4dafe329"
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 04 Feb 2023 10:58:39 GMT
age: 2861525
x-served-by: cache-iad-kiad7000020-IAD, cache-bma1662-BMA
x-cache: HIT, HIT
x-cache-hits: 8138, 1
x-timer: S1675508319.050420,VS0,VE2
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 3147
X-Firefox-Spdy: h2
i.imgur.com/qTPLmV5.png
151.101.84.193200 OK 5.4 kB IP 151.101.84.193:0
File type PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash c764eaeba9a588179c0d28bc81aeaaf6
332b57601a59345b1a938ada18a219a07e993dd0
00928199444dbc014572ac0fffe7fbf934c4d65f7920e24669042af6d808f7d5
GET /qTPLmV5.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 18 Sep 2022 17:03:35 GMT
etag: "c764eaeba9a588179c0d28bc81aeaaf6"
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 04 Feb 2023 10:58:39 GMT
age: 2592308
x-served-by: cache-iad-kcgs7200129-IAD, cache-bma1662-BMA
x-cache: HIT, HIT
x-cache-hits: 6324, 1
x-timer: S1675508319.050718,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 5397
X-Firefox-Spdy: h2
i.imgur.com/L4a683e.png
151.101.84.193200 OK 4.0 kB IP 151.101.84.193:0
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash a835a4ee4b2610361ce1e346d0fc0470
8f11d1812bb4c7181b4ee0a22db0f5952ca6dac6
6d5c4c17f641c4cbddb97269aa5cee5d8a9813e3cd764c9bbc65ea994a7e89aa
GET /L4a683e.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 18 Sep 2022 19:28:38 GMT
etag: "a835a4ee4b2610361ce1e346d0fc0470"
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 04 Feb 2023 10:58:39 GMT
age: 3163098
x-served-by: cache-iad-kjyo7100036-IAD, cache-bma1662-BMA
x-cache: HIT, HIT
x-cache-hits: 12843, 1
x-timer: S1675508319.051243,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 4038
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7d482750bf7fdfcaa38c0efd583ef4dc
a4f68a124e4be130bc838e70f23fd4c6d2f4ef2d
5e6f1cadf4bc425664bb26fa2b384cf13900461b689c77d0916b1d2edd41337c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 10:58:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7d482750bf7fdfcaa38c0efd583ef4dc
a4f68a124e4be130bc838e70f23fd4c6d2f4ef2d
5e6f1cadf4bc425664bb26fa2b384cf13900461b689c77d0916b1d2edd41337c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 10:58:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.imgur.com/6HIOsYS.png
151.101.84.193200 OK 62 kB IP 151.101.84.193:0
File type PNG image data, 450 x 463, 8-bit/color RGB, non-interlaced\012- data
Hash 872386d4da2147eee5c2b6a655fefbbe
816a426fcfae9b781df4b83c63a582995c6cc8f6
3d3564f525c3118d755bf94b6e41e9c15163c0804ae1eab34315ef6a9da7aef2
GET /6HIOsYS.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 20:43:48 GMT
etag: "872386d4da2147eee5c2b6a655fefbbe"
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 04 Feb 2023 10:58:39 GMT
age: 2701194
x-served-by: cache-iad-kcgs7200141-IAD, cache-bma1662-BMA
x-cache: HIT, HIT
x-cache-hits: 6833, 1
x-timer: S1675508319.052370,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 62490
X-Firefox-Spdy: h2
i.imgur.com/EOhpZgM.png
151.101.84.193200 OK 7.7 kB IP 151.101.84.193:0
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 1ecef1c67ef18b69abf244f698ca79fc
3a9b116de20400a2d49396f7200b5fb2d1bb0a08
0cd75e03b8fd96f44a698ef72b4d20663442159e2377ce79ca5f01e23ccb9351
GET /EOhpZgM.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 18 Sep 2022 18:27:34 GMT
etag: "1ecef1c67ef18b69abf244f698ca79fc"
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 04 Feb 2023 10:58:39 GMT
age: 2690562
x-served-by: cache-iad-kiad7000041-IAD, cache-bma1662-BMA
x-cache: HIT, HIT
x-cache-hits: 3288, 1
x-timer: S1675508319.052597,VS0,VE2
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 7726
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-88149946-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-88149946-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash fcb269c046513fa288e75601799cf23a
5cedfa27b7b5d7b9c29d6e2557e976c6a5150306
454dbf3082b576c6ebd7a76841b155c9acc5aad8b7db004eece02400300b3d54
GET /gtag/js?id=UA-88149946-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 Feb 2023 10:58:39 GMT
expires: Sat, 04 Feb 2023 10:58:39 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 Feb 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43861
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-J4FFZPJQCN
142.250.74.168200 OK 78 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-J4FFZPJQCN
IP 142.250.74.168:0
File type ASCII text, with very long lines (21849)
Hash 65d8f7a9aa3979dc5b25fdad39bb7a1f
c51a4de4571cccc912e64464b3d94d7c4ee2c10a
6b73a18e58d3fa0d882f7b210a8ccc2d80c0d9c36d112ad23a385bd9cb9330dc
GET /gtag/js?id=G-J4FFZPJQCN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 Feb 2023 10:58:39 GMT
expires: Sat, 04 Feb 2023 10:58:39 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77613
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-7WY85MQKRQ
142.250.74.168200 OK 77 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-7WY85MQKRQ
IP 142.250.74.168:0
File type ASCII text, with very long lines (19467)
Hash ce1c030211ee93b2a9b9ceda820f5e82
acde684a60220b1f770ed06607c4a25913b14ee8
6b7974d2c962361fc5e275e4e3fb04b5ce86894c33655d74360d62864061c91d
GET /gtag/js?id=G-7WY85MQKRQ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 Feb 2023 10:58:39 GMT
expires: Sat, 04 Feb 2023 10:58:39 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76975
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7d482750bf7fdfcaa38c0efd583ef4dc
a4f68a124e4be130bc838e70f23fd4c6d2f4ef2d
5e6f1cadf4bc425664bb26fa2b384cf13900461b689c77d0916b1d2edd41337c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 10:58:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1675506627742.umfinancing.com/style2.css
104.21.42.72200 OK 3.2 kB URL HTTP/1.1 1675506627742.umfinancing.com/style2.css
IP 104.21.42.72:0
File type ASCII text, with CRLF line terminators
Hash 90e41c59be053847d47281bbe8c6a764
f3e35520accd9b6ecb6a18b43812f1a7befa1c89
fa8e15214ddf9255c232252cdd47d5af37fbe40e1371f6034ecfc263a4bf27b8
Analyzer Verdict Alert quad9 Sinkholed
GET /style2.css HTTP/1.1
Host: 1675506627742.umfinancing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/9hqikep3qi
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 10:58:39 GMT
Content-Type: text/css; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Last-Modified: Wed, 21 Sep 2022 18:16:38 GMT
ETag: W/"34fc-18361441f70"
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LH5%2F6dJjPqHNNbduu4zmt%2FUuRAO0olFW51Oe589XckgPy5eRyOdlNfJ9i9L8JtombUvxAcgB322%2B8iq%2B5Z5%2BpSRHtTIDV8kKeV5%2BLKjNovGTMfl4iUOogE2UwU%2FLkEGaiQZ%2FvjLGfQXMSVaS5%2FSKrg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7942e4719952b4f1-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
1675506627742.umfinancing.com/emoji.scss
104.21.42.72200 OK 9.2 kB URL HTTP/1.1 1675506627742.umfinancing.com/emoji.scss
IP 104.21.42.72:0
File type ASCII text, with CRLF line terminators
Hash 299b07271f624506044579d15b9c2516
9677e86d78ad3a9108c5d8c4df3aa901d3e2357f
e632d7b10ecb1297ee3c2b2066032e74234ace02d3a8b1f6304fc11fe3e5bdbc
Analyzer Verdict Alert quad9 Sinkholed
GET /emoji.scss HTTP/1.1
Host: 1675506627742.umfinancing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/9hqikep3qi
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 10:58:39 GMT
Content-Type: text/x-scss; charset=UTF-8
Content-Length: 9217
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 21 Sep 2022 18:50:51 GMT
ETag: W/"2401-183616372f8"
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yw2c7x%2FkJW9BPIuV7qzwyrxbxW04JC%2FGBwL%2FPw3mXC5O0%2BglLrzV7TEUvXwRhh3zphCyXb0L0XsaUvRCOsrhV7rDKNKrwqeAs5h0%2BURxTDFVvIfcaRJO%2FziEkreUZZ9AfmAzvUyHMJLWnhnWDEIRmg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7942e4719981fab8-OSL
alt-svc: h2=":443"; ma=60
i.imgur.com/oFxODaf.png
151.101.84.193200 OK 17 kB IP 151.101.84.193:0
File type PNG image data, 189 x 194, 8-bit/color RGBA, non-interlaced\012- data
Hash 12b7587d2f95a56946a8a0ad440c32eb
bf9e56f7ea21ce17902f1b15d4e239820edbd1a0
fd35f38ddc48d6ad7dd3c58f0377f62c37ccea5e53856bc4631c4f0674bc3e30
GET /oFxODaf.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 18 Sep 2022 16:07:03 GMT
etag: "12b7587d2f95a56946a8a0ad440c32eb"
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 04 Feb 2023 10:58:39 GMT
age: 3097710
x-served-by: cache-iad-kcgs7200120-IAD, cache-bma1662-BMA
x-cache: HIT, HIT
x-cache-hits: 5934, 1
x-timer: S1675508319.274677,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 17235
X-Firefox-Spdy: h2
i.imgur.com/1YO6IMV.png
151.101.84.193200 OK 10 kB IP 151.101.84.193:0
File type PNG image data, 73 x 350, 8-bit/color RGBA, non-interlaced\012- data
Hash e5741507a80039438a76d06fa60cfec4
83ca84657bdcf74883842359e7fcc090bdac90ae
c86a65763732717adc57923900d18932ae57d8600b3f90443259f6a44b3a1d54
GET /1YO6IMV.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 20:22:29 GMT
etag: "e5741507a80039438a76d06fa60cfec4"
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 04 Feb 2023 10:58:39 GMT
age: 3066667
x-served-by: cache-iad-kcgs7200168-IAD, cache-bma1662-BMA
x-cache: HIT, HIT
x-cache-hits: 5654, 1
x-timer: S1675508319.274361,VS0,VE5
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 9984
X-Firefox-Spdy: h2
1.bp.blogspot.com/-zrHXcoP_nIc/YkIurudu_hI/AAAAAAAAAXo/WejZQOU1b4c4hZ0WXDUNj_puYUg1mGb6gCK4BGAYYCw/s220/4.jpg
142.250.74.161200 OK 2.3 kB URL HTTP/1.1 1.bp.blogspot.com/-zrHXcoP_nIc/YkIurudu_hI/AAAAAAAAAXo/WejZQOU1b4c4hZ0WXDUNj_puYUg1mGb6gCK4BGAYYCw/s220/4.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 80x80, components 3\012- data
Hash 94fb8d6f13358192bfb090839362f5ad
00e20ee1556013f8af5dbb13028078081740c778
743999a1dadf6b177b4455653f033e873812d00cb88b960a646328fa914b24d1
GET /-zrHXcoP_nIc/YkIurudu_hI/AAAAAAAAAXo/WejZQOU1b4c4hZ0WXDUNj_puYUg1mGb6gCK4BGAYYCw/s220/4.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="4.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 2330
X-XSS-Protection: 0
Date: Sat, 04 Feb 2023 10:58:39 GMT
Expires: Fri, 03 Feb 2023 09:28:38 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1a1"
Content-Type: image/jpeg
Age: 0
1675506627742.umfinancing.com/socket.io/?EIO=4&transport=polling&t=OOS58tI
104.21.42.72200 OK 119 B URL HTTP/1.1 1675506627742.umfinancing.com/socket.io/?EIO=4&transport=polling&t=OOS58tI
IP 104.21.42.72:0
File type ASCII text, with no line terminators
Hash 7c1925f30bb56e193b367496b21bf152
17c3194a6ffbffa9a58021d9df6bc85cd9410db9
bf7306683a7107d2ff38d838dced7916e7d1201fa5774f467bdc56ad150197b9
Analyzer Verdict Alert quad9 Sinkholed
GET /socket.io/?EIO=4&transport=polling&t=OOS58tI HTTP/1.1
Host: 1675506627742.umfinancing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/9hqikep3qi
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 10:58:39 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ejL8Q%2BfLEWrSmbndhU0tHsg%2FVFVXk5uWFhupvNjybpxw47mEw6KqXDK6Kw8NeDNplIMu9xxOE8qKZu3amXuQ3pvzoe0568a6F2iDZPOwbXQ9zPhCtdOur5Mb4ior%2BFHuMrRyOpH%2F%2FUrCeNk8c7UScw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7942e4739b05fab8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 10:49:07 GMT
age: 572
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
3.bp.blogspot.com/-Dclk1qqUXf0/YkIu-mKgiGI/AAAAAAAAAZU/GPsROpPzfgcKCE97WqEzYaePj77rnvQWgCK4BGAYYCw/s220/15.jpg
142.250.74.161200 OK 3.1 kB URL HTTP/1.1 3.bp.blogspot.com/-Dclk1qqUXf0/YkIu-mKgiGI/AAAAAAAAAZU/GPsROpPzfgcKCE97WqEzYaePj77rnvQWgCK4BGAYYCw/s220/15.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 80x80, components 3\012- data
Hash 8b0cd08f841abf7c91a78953c58bbd0c
887aa04c669f3a3746669b3938d15ca4eeea0b72
81fa4cf437a6e554f8f6166ee69cd4f6cdb360c94153365e83c10500d10fdaed
GET /-Dclk1qqUXf0/YkIu-mKgiGI/AAAAAAAAAZU/GPsROpPzfgcKCE97WqEzYaePj77rnvQWgCK4BGAYYCw/s220/15.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="15.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3106
X-XSS-Protection: 0
Date: Sat, 04 Feb 2023 10:58:39 GMT
Expires: Fri, 03 Feb 2023 09:28:34 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1a2"
Content-Type: image/jpeg
Age: 0
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13573
Expires: Sat, 04 Feb 2023 14:44:52 GMT
Date: Sat, 04 Feb 2023 10:58:39 GMT
Connection: keep-alive
3.bp.blogspot.com/-9kDtplNg9hI/YkIupYQd8QI/AAAAAAAAAXg/N6hFReFgkLAfgQ_pvFRfZO0HkGTjpYZpgCK4BGAYYCw/s220/2.jpg
142.250.74.161200 OK 2.3 kB URL HTTP/1.1 3.bp.blogspot.com/-9kDtplNg9hI/YkIupYQd8QI/AAAAAAAAAXg/N6hFReFgkLAfgQ_pvFRfZO0HkGTjpYZpgCK4BGAYYCw/s220/2.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 80x80, components 3\012- data
Hash 19f6f78518f15b3f8fc3bda09f0e8320
1c2956879996a488659b82e03a7c3965b7609f5f
8e654fc015118cf086ebd3336a735ce9033e3f8798ffa9c90b431f5f53dca757
GET /-9kDtplNg9hI/YkIupYQd8QI/AAAAAAAAAXg/N6hFReFgkLAfgQ_pvFRfZO0HkGTjpYZpgCK4BGAYYCw/s220/2.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="2.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 2285
X-XSS-Protection: 0
Date: Sat, 04 Feb 2023 10:58:39 GMT
Expires: Sat, 04 Feb 2023 02:43:23 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v18d"
Content-Type: image/jpeg
Age: 0
2.bp.blogspot.com/-lQLI-7_syT8/YkIu2GjVh9I/AAAAAAAAAYo/uaY8Ji9rq4cvR_4VzEqIWii-XFc4V0EQgCK4BGAYYCw/s220/11.jpg
142.250.74.161200 OK 2.7 kB URL HTTP/1.1 2.bp.blogspot.com/-lQLI-7_syT8/YkIu2GjVh9I/AAAAAAAAAYo/uaY8Ji9rq4cvR_4VzEqIWii-XFc4V0EQgCK4BGAYYCw/s220/11.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 80x80, components 3\012- data
Hash ed77b6f29c55e5534a6bb4688d8f3346
0e17c801339eae44cc5e1642d5551c6825777748
7568db807db7aa71a56160e275850d0e813a78d1d4f107a369a418f3d060d644
GET /-lQLI-7_syT8/YkIu2GjVh9I/AAAAAAAAAYo/uaY8Ji9rq4cvR_4VzEqIWii-XFc4V0EQgCK4BGAYYCw/s220/11.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="11.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 2732
X-XSS-Protection: 0
Date: Sat, 04 Feb 2023 10:58:39 GMT
Expires: Fri, 03 Feb 2023 09:28:34 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1a4"
Content-Type: image/jpeg
Age: 0
4.bp.blogspot.com/-Wf6WoIrDgqc/YkIunoFhkNI/AAAAAAAAAXY/Ibnul4HbKxUR6gCmEBdV86tEm2Av7wDdwCK4BGAYYCw/s220/1.jpg
142.250.74.161200 OK 3.0 kB URL HTTP/1.1 4.bp.blogspot.com/-Wf6WoIrDgqc/YkIunoFhkNI/AAAAAAAAAXY/Ibnul4HbKxUR6gCmEBdV86tEm2Av7wDdwCK4BGAYYCw/s220/1.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 80x80, components 3\012- data
Hash 20342cd7dbcf52189f2ff97a8c23dee1
fe6da42ac1c18f50171d303606af1d78fee02d97
61d9d86258e489c7f516f60af065a3a71a973a4bf9195782d086176cfc0df10f
GET /-Wf6WoIrDgqc/YkIunoFhkNI/AAAAAAAAAXY/Ibnul4HbKxUR6gCmEBdV86tEm2Av7wDdwCK4BGAYYCw/s220/1.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="1.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3031
X-XSS-Protection: 0
Date: Sat, 04 Feb 2023 10:58:39 GMT
Expires: Fri, 03 Feb 2023 09:28:34 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v18d"
Content-Type: image/jpeg
Age: 0
ocsp.pki.goog/s/gts1p5/kjNaNllcCsY
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/kjNaNllcCsY
IP 142.250.74.131:0
Hash c854a6918f4a949204cdd0abe999a20b
8e6d3371e8686dcbd9c045ba908f2141438ec6fb
4ab6300a5562094366f1cff3e558114b30099631262d2dffd14571628d62a153
POST /s/gts1p5/kjNaNllcCsY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 10:58:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/kjNaNllcCsY
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/kjNaNllcCsY
IP 142.250.74.131:0
Hash c854a6918f4a949204cdd0abe999a20b
8e6d3371e8686dcbd9c045ba908f2141438ec6fb
4ab6300a5562094366f1cff3e558114b30099631262d2dffd14571628d62a153
POST /s/gts1p5/kjNaNllcCsY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 10:58:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1675506627742.umfinancing.com/socket.io/?EIO=4&transport=polling&t=OOS58yq&sid=5PtvMStCC58YI0SkBK19
104.21.42.72200 OK 28 B URL HTTP/1.1 1675506627742.umfinancing.com/socket.io/?EIO=4&transport=polling&t=OOS58yq&sid=5PtvMStCC58YI0SkBK19
IP 104.21.42.72:0
File type ASCII text, with no line terminators
Hash 86de097d54457ad4fbf85150ea2dc2fb
194863f4b15ecf7eb4f38bf7ed46b688289be8a4
6301b31e8f84ba8a7465199ebf1c2341253198f21763ad7e7cf6fdebe3d832ec
Analyzer Verdict Alert quad9 Sinkholed
POST /socket.io/?EIO=4&transport=polling&t=OOS58yq&sid=5PtvMStCC58YI0SkBK19 HTTP/1.1
Host: 1675506627742.umfinancing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: text/plain;charset=UTF-8
Content-Length: 2
Origin: http://1675506627742.umfinancing.com
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/9hqikep3qi
Cookie: _ga_7WY85MQKRQ=GS1.1.1675508354.1.0.1675508354.0.0.0; _ga=GA1.1.818303803.1675508355; _ga_J4FFZPJQCN=GS1.1.1675508354.1.0.1675508354.0.0.0
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 10:58:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i3pirf1AW7vPuDYgByAcIDOoQwjXD3ibpO2kjfGloFpbX6bpcWytph5DssWhQWMExUnE%2F2%2B4elBVz5d05LmIEUC4J6iKdy%2BBsxthGsOjq%2Fp9wFAzSxj23lwuOMlp%2FrWeXEDlJpuzbviCCcLXyULjUw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7942e475dcb8fab8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
1675506627742.umfinancing.com/socket.io/?EIO=4&transport=websocket&sid=5PtvMStCC58YI0SkBK19
104.21.42.72101 Switching Protocols 0 B URL HTTP/1.1 1675506627742.umfinancing.com/socket.io/?EIO=4&transport=websocket&sid=5PtvMStCC58YI0SkBK19
IP 104.21.42.72:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /socket.io/?EIO=4&transport=websocket&sid=5PtvMStCC58YI0SkBK19 HTTP/1.1
Host: 1675506627742.umfinancing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Sec-WebSocket-Version: 13
Origin: http://1675506627742.umfinancing.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: mOzuEsWv51vvIhBJM6hDdw==
Connection: keep-alive, Upgrade
Cookie: _ga_7WY85MQKRQ=GS1.1.1675508354.1.0.1675508354.0.0.0; _ga=GA1.1.818303803.1675508355; _ga_J4FFZPJQCN=GS1.1.1675508354.1.0.1675508354.0.0.0
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sat, 04 Feb 2023 10:58:39 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: q0QhJB+w08z2Jus8cYbZYSUeE34=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BXD9dpwIEr0TzYvq2N4JX3qxiXFZpFNclPtpVcYTddh23pofKhEPUGVp4VmT5jJ9ZEM%2F06S3zY8lj1k7hIerKrxrPDDeZvysnMbAktwR9UdSz7FzG95RQh7ZWUNsjZdEIDVvutIbu1s%2F5mXPNLuASQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7942e475efd0b515-OSL
alt-svc: h2=":443"; ma=60
1675506627742.umfinancing.com/socket.io/?EIO=4&transport=polling&t=OOS58ys&sid=5PtvMStCC58YI0SkBK19
104.21.42.72200 OK 32 B URL HTTP/1.1 1675506627742.umfinancing.com/socket.io/?EIO=4&transport=polling&t=OOS58ys&sid=5PtvMStCC58YI0SkBK19
IP 104.21.42.72:0
File type ASCII text, with no line terminators
Hash 67fa93497a217160e1275d642517dc8d
9ef2f049e333e43655519cc616320db186b357e0
639ccdc2142e599cc82d0101f9878b3bb8b23b32ae51fb041a61dc95d28f7fac
Analyzer Verdict Alert quad9 Sinkholed
GET /socket.io/?EIO=4&transport=polling&t=OOS58ys&sid=5PtvMStCC58YI0SkBK19 HTTP/1.1
Host: 1675506627742.umfinancing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/9hqikep3qi
Cookie: _ga_7WY85MQKRQ=GS1.1.1675508354.1.0.1675508354.0.0.0; _ga=GA1.1.818303803.1675508355; _ga_J4FFZPJQCN=GS1.1.1675508354.1.0.1675508354.0.0.0
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 10:58:39 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 32
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lUYrQNo2rmemQl6UqumUBVH2RrPT5WriI7p8UYr3%2FIeZDbRv8zQCTNQTlU4cSiuMbY0dz%2FTX9JzlP%2Bv5UECaNsjbee35c0i6%2BWOF5Eh2re%2BtP150Pc0Ipi8ASrP2IQ0ADcJYB0QKgZvaTDKQ6fb7nQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7942e475de24b4f1-OSL
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
54.186.4.248101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.4.248:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vnnoxEIxPxDLvWjBRq5jww==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Ityy7NoMRZvjLctd5dMCYIQoTr0=
1.bp.blogspot.com/-pPQuvI2YrW4/YkIu0kvOFvI/AAAAAAAAAYg/gh27SiFb834neeQu9Ls_Zqgo0sww0QsYQCK4BGAYYCw/s220/10.jpg
142.250.74.161200 OK 2.7 kB URL HTTP/1.1 1.bp.blogspot.com/-pPQuvI2YrW4/YkIu0kvOFvI/AAAAAAAAAYg/gh27SiFb834neeQu9Ls_Zqgo0sww0QsYQCK4BGAYYCw/s220/10.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 80x80, components 3\012- data
Hash 469f0352ca90219699b972375c3eea25
10b2a522f48f7bb948a9bc798a3866a88dcb9b17
4917740d27e4c5d8115dba528dd0c2bd81c2581f251ae730ae76f515c091d3b6
GET /-pPQuvI2YrW4/YkIu0kvOFvI/AAAAAAAAAYg/gh27SiFb834neeQu9Ls_Zqgo0sww0QsYQCK4BGAYYCw/s220/10.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="10.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 2698
X-XSS-Protection: 0
Date: Sat, 04 Feb 2023 10:58:39 GMT
Expires: Fri, 03 Feb 2023 09:28:40 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1a5"
Content-Type: image/jpeg
Age: 0
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 244ab3fb47f6a03fd70efb8e249fc799
624fcee03dd119242c1edd121985dada6b3bca1a
ab0fa93d5342a50ef1f69aadf2eccc4154c2ac5c4bea98dce08ed6451560acb6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=122534
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 10:58:40 GMT
Etag: "63dd7606-2d7"
Expires: Sun, 05 Feb 2023 21:00:54 GMT
Last-Modified: Fri, 03 Feb 2023 21:00:54 GMT
Server: nginx
Content-Length: 727
region1.google-analytics.com/g/collect?v=2&tid=G-7WY85MQKRQ>m=45je3210&_p=1784427735&cid=818303803.1675508355&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675508354&sct=1&seg=0&dl=http%3A%2F%2F1675506627742.umfinancing.com%2F9hqikep3qi&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-7WY85MQKRQ>m=45je3210&_p=1784427735&cid=818303803.1675508355&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675508354&sct=1&seg=0&dl=http%3A%2F%2F1675506627742.umfinancing.com%2F9hqikep3qi&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-7WY85MQKRQ>m=45je3210&_p=1784427735&cid=818303803.1675508355&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675508354&sct=1&seg=0&dl=http%3A%2F%2F1675506627742.umfinancing.com%2F9hqikep3qi&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1675506627742.umfinancing.com
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://1675506627742.umfinancing.com
date: Sat, 04 Feb 2023 10:58:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-J4FFZPJQCN>m=45je3210&_p=1784427735&cid=818303803.1675508355&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675508354&sct=1&seg=0&dl=http%3A%2F%2F1675506627742.umfinancing.com%2F9hqikep3qi&dt=&en=page_view&_fv=1&_ss=1&_ee=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-J4FFZPJQCN>m=45je3210&_p=1784427735&cid=818303803.1675508355&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675508354&sct=1&seg=0&dl=http%3A%2F%2F1675506627742.umfinancing.com%2F9hqikep3qi&dt=&en=page_view&_fv=1&_ss=1&_ee=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-J4FFZPJQCN>m=45je3210&_p=1784427735&cid=818303803.1675508355&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675508354&sct=1&seg=0&dl=http%3A%2F%2F1675506627742.umfinancing.com%2F9hqikep3qi&dt=&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1675506627742.umfinancing.com
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://1675506627742.umfinancing.com
date: Sat, 04 Feb 2023 10:58:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
vvcomphelpvv.com/leech/new/13.mp4
188.114.96.1206 Partial Content 109 kB URL HTTP/2 vvcomphelpvv.com/leech/new/13.mp4
IP 188.114.96.1:0
File type ISO Media, MP4 v2 [ISO 14496-14]\012- data
Size 109 kB (109197 bytes)
Hash dcfc9406564e901316c3afdfad5ef106
1e7b3090953c7645b2990a62d8fe34487f6dcc5e
51dde349e11fa9554c16d402cdc76bac3054a31237ffd3cc9c311aa29afce5cf
GET /leech/new/13.mp4 HTTP/1.1
Host: vvcomphelpvv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Sat, 04 Feb 2023 10:58:39 GMT
content-type: video/mp4
content-length: 9978723
last-modified: Fri, 16 Sep 2022 09:59:42 GMT
etag: "6324490e-984363"
expires: Sat, 27 Jan 2024 09:22:04 GMT
cache-control: max-age=31536000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
cf-cache-status: HIT
age: 234782
content-range: bytes 0-9978722/9978723
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qHWV9Iw2kAuJT37Uoy72J65bg8Wc1Pt2QAVHjdl75RypwJOvqy1dfadjR6Jyv04NIGCSMzWDHlmBph1T7OIVseCj%2Fy8ENyf6wEGOJBfzUUlBJzPaZAOToniIoT7n6L16%2Fqge"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7942e4766d2f0b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j99&a=1784427735&t=pageview&_s=1&dl=http%3A%2F%2F1675506627742.umfinancing.com%2F9hqikep3qi&ul=en-us&de=UTF-8&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YADAAUABAAAAACAAI~&jid=1331854679&gjid=366350922&cid=818303803.1675508355&tid=UA-88149946-1&_gid=1066311285.1675508355&_r=1&_slc=1>m=457e3210&z=1371649222
142.250.74.110200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=1784427735&t=pageview&_s=1&dl=http%3A%2F%2F1675506627742.umfinancing.com%2F9hqikep3qi&ul=en-us&de=UTF-8&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YADAAUABAAAAACAAI~&jid=1331854679&gjid=366350922&cid=818303803.1675508355&tid=UA-88149946-1&_gid=1066311285.1675508355&_r=1&_slc=1>m=457e3210&z=1371649222
IP 142.250.74.110:0
File type ASCII text, with no line terminators
Hash 38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
POST /j/collect?v=1&_v=j99&a=1784427735&t=pageview&_s=1&dl=http%3A%2F%2F1675506627742.umfinancing.com%2F9hqikep3qi&ul=en-us&de=UTF-8&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YADAAUABAAAAACAAI~&jid=1331854679&gjid=366350922&cid=818303803.1675508355&tid=UA-88149946-1&_gid=1066311285.1675508355&_r=1&_slc=1>m=457e3210&z=1371649222 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://1675506627742.umfinancing.com
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: http://1675506627742.umfinancing.com
date: Sat, 04 Feb 2023 10:58:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1675506627742.umfinancing.com/socket.io/?EIO=4&transport=polling&t=OOS591s&sid=5PtvMStCC58YI0SkBK19
104.21.42.72200 OK 1 B URL HTTP/1.1 1675506627742.umfinancing.com/socket.io/?EIO=4&transport=polling&t=OOS591s&sid=5PtvMStCC58YI0SkBK19
IP 104.21.42.72:0
File type very short file (no magic)
Hash 1679091c5a880faf6fb5e6087eb1b2dc
c1dfd96eea8cc2b62785275bca38ac261256e278
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683
Analyzer Verdict Alert quad9 Sinkholed
GET /socket.io/?EIO=4&transport=polling&t=OOS591s&sid=5PtvMStCC58YI0SkBK19 HTTP/1.1
Host: 1675506627742.umfinancing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/9hqikep3qi
Cookie: _ga_7WY85MQKRQ=GS1.1.1675508354.1.0.1675508354.0.0.0; _ga=GA1.1.818303803.1675508355; _ga_J4FFZPJQCN=GS1.1.1675508354.1.0.1675508354.0.0.0
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 10:58:40 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 1
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ao3M8qZRJulCWUbW3RLZ0QfzCdcQrzTAKwkZ051esWQmvFpZ2GKohy9IO1DXA6ANsXnkkl6fzA1q81xN4QZo8sGqLDpZwRg86C02kGKKSgsk4ya4ZfVkDIrR8kUJtUVVvzcBPl2eMuSfRcr8Gwsdug%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7942e477cdecfab8-OSL
alt-svc: h2=":443"; ma=60
1675506627742.umfinancing.com/favicon.ico
104.21.42.72404 Not Found 237 B URL HTTP/1.1 1675506627742.umfinancing.com/favicon.ico
IP 104.21.42.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 8ad75668cf2f76167ef472da09f335e4
69b56273016edb8c6fa70e5603086a327c7110f7
f9a6fa8e4c6a823eb09771064433ca39f34e23c2767df258903ed9364d6e449b
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 1675506627742.umfinancing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/9hqikep3qi
Cookie: _ga_7WY85MQKRQ=GS1.1.1675508354.1.0.1675508354.0.0.0; _ga=GA1.1.818303803.1675508355; _ga_J4FFZPJQCN=GS1.1.1675508354.1.0.1675508354.0.0.0
HTTP/1.1 404 Not Found
Date: Sat, 04 Feb 2023 10:58:40 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Mp8Q02bseklzx0%2FkjFgtdon7QpWERg6CM2jqHpphoEqQhDPr6%2B0hf%2BqfEXDCjbJiG3y3hSs%2BKuokCj0DaLpZ2gNqSzvq8hxCqRxlDosw7ULqzFsJyN%2B7vaiUBLQIfqEo6Tqc%2FpUneM2DLUV1xlh7w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7942e479299ab4f1-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
3.bp.blogspot.com/-J-mTDwND9oI/YkIvAM4efaI/AAAAAAAAAZc/yEyM73rEroI39ihjtGRa1QwcnPir8jzVACK4BGAYYCw/s220/16.jpg
142.250.74.161200 OK 2.3 kB URL HTTP/1.1 3.bp.blogspot.com/-J-mTDwND9oI/YkIvAM4efaI/AAAAAAAAAZc/yEyM73rEroI39ihjtGRa1QwcnPir8jzVACK4BGAYYCw/s220/16.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 80x80, components 3\012- data
Hash 26d7306a7ac3cd88fc18d52ffce7635a
868ba1d3638668bf4862f77906b033a9b0bb023e
57ae4c529801bcfc7227d27cba0a4b1775099682c37a617a1d9d610296750f53
GET /-J-mTDwND9oI/YkIvAM4efaI/AAAAAAAAAZc/yEyM73rEroI39ihjtGRa1QwcnPir8jzVACK4BGAYYCw/s220/16.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="16.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 2306
X-XSS-Protection: 0
Date: Sat, 04 Feb 2023 10:58:41 GMT
Expires: Sat, 04 Feb 2023 09:30:58 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1a4"
Content-Type: image/jpeg
Age: 0
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14364
Expires: Sat, 04 Feb 2023 14:58:05 GMT
Date: Sat, 04 Feb 2023 10:58:41 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14364
Expires: Sat, 04 Feb 2023 14:58:05 GMT
Date: Sat, 04 Feb 2023 10:58:41 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14364
Expires: Sat, 04 Feb 2023 14:58:05 GMT
Date: Sat, 04 Feb 2023 10:58:41 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14364
Expires: Sat, 04 Feb 2023 14:58:05 GMT
Date: Sat, 04 Feb 2023 10:58:41 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14364
Expires: Sat, 04 Feb 2023 14:58:05 GMT
Date: Sat, 04 Feb 2023 10:58:41 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:48:04 GMT
age: 47437
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca17cfb9-5ad6-429a-9791-23b12f01c467.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca17cfb9-5ad6-429a-9791-23b12f01c467.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8bee4ee9542d0c7a9cc8402d60e7cca2
95b8debca975255d2a0a60c5c6dde74040bd2f88
a6c63af682c3d4b11e5af0aa6b72921b8acf72626fb765a60e96d491d2a04c70
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca17cfb9-5ad6-429a-9791-23b12f01c467.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8148
x-amzn-requestid: a4cf6e4a-df1f-48c3-ae73-009f5becf3ad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEtHTroAMFwGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8084-3ae929a84d43c3ea0336fcd8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: adu72wkRyshUviu2Qpk8rLCyN1kh46LIVQw7K4atunuEHQuFf62VXw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:12:49 GMT
age: 45952
etag: "95b8debca975255d2a0a60c5c6dde74040bd2f88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7afd5ce8fb9ec7b62e528bf97705e49
afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3
b2d93ba6c0ed2c858d91afba1c81251afbffa41c779be2e9203994dcfb7bbc9d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7249
x-amzn-requestid: 007ce521-ed5c-4074-a314-684ad0df2e22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9GH5goAMF_ag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8053-7060f02b767c90371991a190;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5fTV_e56nzjiXo4Guu67WXDDvp3nrjB0Yfyy6ByjcDSx23J-8r0fmQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 46100
etag: "afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 392b61306c346508d3ac4a2f28218f9c
d2de32b52e0d3f4fc6acaf687b3521294b01dc03
018712a4d6734b84ac1777124f97dae4d93b1e5b297a5dcfe0955b52710b8a35
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10253
x-amzn-requestid: a90cb6b3-8a72-4b4b-b4f5-6dafc8c6752a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7GGv5IAMFu8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-3ca59e7c52800a4e44bda8fd;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G8F3Fflod6HB4QFtjpD09xzi-2LKPw_DBJT0PKYKU3bs3pvOwO_LRw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:32 GMT
age: 46089
etag: "d2de32b52e0d3f4fc6acaf687b3521294b01dc03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 46088
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7101f6e43855cb76ce48271a847ffbd
8e674830a97d8ce3818132fda197db4f0289d316
e78a83a4024e238bcdec3b9c4d5c12a99f49aabd57e34952f6a4cc8ed4422f55
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9141
x-amzn-requestid: ed7db574-6bca-4f3e-8879-c3e836549339
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD8zE5lIAMF1HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8051-4480112f11d4ced0037d1ad8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6kDIOqhM4aVL80sF02uFu2TuGbiBE7_L_S2W7x-P46hO5YZFmuL9nQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:13:30 GMT
age: 45911
etag: "8e674830a97d8ce3818132fda197db4f0289d316"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
photo-cms-kienthuc.epicdn.me/zoom/800/uploaded/ctvkhoahoc/2020_05_29/hotgirl-cuu-kiem-3d-sexy-cu-livestream-la-anh-em-game-thu-mat-mau.jpg
103.39.92.17200 OK 123 kB URL HTTP/2 photo-cms-kienthuc.epicdn.me/zoom/800/uploaded/ctvkhoahoc/2020_05_29/hotgirl-cuu-kiem-3d-sexy-cu-livestream-la-anh-em-game-thu-mat-mau.jpg
IP 103.39.92.17:0
ASN #18403 FPT Telecom Company
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x800, components 3\012- data
Size 123 kB (122979 bytes)
Hash b7408acf55cb40e9d7a733a3e137b4ca
d77e6aa7eee33a67bf4de46b80ecb03b1c2ca098
0905df78fe846ca59792b659dad5f2bf4fc2e991f509e522f5f4ecb1021886e0
GET /zoom/800/uploaded/ctvkhoahoc/2020_05_29/hotgirl-cuu-kiem-3d-sexy-cu-livestream-la-anh-em-game-thu-mat-mau.jpg HTTP/1.1
Host: photo-cms-kienthuc.epicdn.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
server: Universe
cache-control: max-age=7776000,no-transform
expires: Fri, 05 May 2023 10:58:40 GMT
date: Sat, 04 Feb 2023 10:58:40 GMT
last-modified: Sat, 04 Feb 2023 10:58:40 GMT
content-length: 122979
content-type: image/jpeg
X-Firefox-Spdy: h2
4.bp.blogspot.com/-VLYS02i4nK0/YkIvDJrzTkI/AAAAAAAAAZw/SsbYuQ1-bAgbU6bf0KRRd2EpYNVlER6twCK4BGAYYCw/s220/18.jpg
142.250.74.161200 OK 3.4 kB URL HTTP/1.1 4.bp.blogspot.com/-VLYS02i4nK0/YkIvDJrzTkI/AAAAAAAAAZw/SsbYuQ1-bAgbU6bf0KRRd2EpYNVlER6twCK4BGAYYCw/s220/18.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 80x80, components 3\012- data
Hash cd5f841fdfb676135d77d8e9dadfb974
4326a729866d4f04f937d1f924b9561eb51ff626
63657f6832207ea02607fb7f48d2a6e305a7b49ac35219f8e38393b741cdb3e1
GET /-VLYS02i4nK0/YkIvDJrzTkI/AAAAAAAAAZw/SsbYuQ1-bAgbU6bf0KRRd2EpYNVlER6twCK4BGAYYCw/s220/18.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="18.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3439
X-XSS-Protection: 0
Date: Sat, 04 Feb 2023 10:58:42 GMT
Expires: Fri, 03 Feb 2023 10:28:43 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1a3"
Content-Type: image/jpeg
Age: 0
1.bp.blogspot.com/-gEvumIns2Ng/YkIvEUGDB3I/AAAAAAAAAZ4/NEDrkoO8JycWmQe3wwchiJ-MKaVj0UqtwCK4BGAYYCw/s220/19.jpg
142.250.74.161200 OK 3.9 kB URL HTTP/1.1 1.bp.blogspot.com/-gEvumIns2Ng/YkIvEUGDB3I/AAAAAAAAAZ4/NEDrkoO8JycWmQe3wwchiJ-MKaVj0UqtwCK4BGAYYCw/s220/19.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 80x80, components 3\012- data
Hash 0a9efadda7057e56787893d0043dae6e
d7a8582d9fd2562e2b249e7ca2e686adc8b4db18
595f5b042b32dac6474f82fa5073f9e91162ee47358b42f509504911fa38ef94
GET /-gEvumIns2Ng/YkIvEUGDB3I/AAAAAAAAAZ4/NEDrkoO8JycWmQe3wwchiJ-MKaVj0UqtwCK4BGAYYCw/s220/19.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="19.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3911
X-XSS-Protection: 0
Date: Sat, 04 Feb 2023 10:58:44 GMT
Expires: Fri, 03 Feb 2023 09:28:35 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1a4"
Content-Type: image/jpeg
Age: 0
cdn.socket.io/3.0.0/socket.io.min.js
143.204.55.70200 OK 0 B URL HTTP/2 cdn.socket.io/3.0.0/socket.io.min.js
IP 143.204.55.70:0
GET /3.0.0/socket.io.min.js HTTP/1.1
Host: cdn.socket.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1675506627742.umfinancing.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
content-disposition: inline; filename="socket.io.min.js"
content-encoding: gzip
date: Sat, 05 Nov 2022 22:34:53 GMT
etag: W/"508a736853f79cae3e5c99042616b6f5"
server: Vercel
strict-transport-security: max-age=63072000
x-vercel-cache: HIT
x-vercel-id: arn1:arn1::67cpx-1667687693316-d8c7618aca4a
x-cache: Hit from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: MH2vaecWXQAZ-3PfmZ_ThjG0JqOi-yg9PNiJ65xGOl7rG8fWbIwAbg==
age: 7820626
X-Firefox-Spdy: h2