| userload.co/f/6ffe0b17dfb0/ |  172.67.139.216 | 301 Moved Permanently | 178 B |
URL HTTP/1.1userload.co/f/6ffe0b17dfb0/ IP172.67.139.216:0
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hashbd2695f4b079c71dbddde3436286fb9c 733c05da132193d6cf1d8e242d12e2525c03bab4 2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b
GET /f/6ffe0b17dfb0/ HTTP/1.1
Host: userload.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 25 Oct 2022 22:50:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://userload.co/f/6ffe0b17dfb0/
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u6gGW8UYcVvksrBZVxCd6WwUeNj%2F0LAGg0sBWtDHo0t3JpQuCUc98oX3g0c%2BMORSv8AZL6DTSGwNgjCaaQg36dQjDJKKW8y%2FtgayZBA1tPZYjwPBU6H1SL1vM8NMWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75fe830d4db40b55-OSL
alt-svc: h2=":443"; ma=60
|
|
| r3.o.lencr.org/ |  23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashe36c852b5e145f2f09fe73111fb162e1 e439c6a462f86a3003d6464a8b9999b1c4d1e210 52a721168d0c41cb0854ff8c730fce3b79db2e804b383238e95ff1401922bd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52A721168D0C41CB0854FF8C730FCE3B79DB2E804B383238E95FF1401922BD74"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5928
Expires: Wed, 26 Oct 2022 00:29:22 GMT
Date: Tue, 25 Oct 2022 22:50:34 GMT
Connection: keep-alive
|
|
| ocsp.digicert.com/ |  93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hashc2bba4cad162918b17858b60e909e4d9 d9a1d4f7fb7635ab233ebbf776e6de1a2857032b 3a1d27ec3d034d6326b32f6054b6be46079a86a33e75d5a2a3796a0c4c5eadab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6373
Cache-Control: max-age=131210
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 22:50:34 GMT
Etag: "6357acdf-1d7"
Expires: Thu, 27 Oct 2022 11:17:24 GMT
Last-Modified: Tue, 25 Oct 2022 09:31:11 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hashc2bba4cad162918b17858b60e909e4d9 d9a1d4f7fb7635ab233ebbf776e6de1a2857032b 3a1d27ec3d034d6326b32f6054b6be46079a86a33e75d5a2a3796a0c4c5eadab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3635
Cache-Control: max-age=128472
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 22:50:34 GMT
Etag: "6357acdf-1d7"
Expires: Thu, 27 Oct 2022 10:31:46 GMT
Last-Modified: Tue, 25 Oct 2022 09:31:11 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash8db408c487f7d35bba323046736e8d3a 01b91e2dce7c6d3de9adfe6ff4d38f9b24ab7db0 9aeafc72c1a969243e1fc96f68ce18888034a749ee70582208bf814bd40b61a5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9AEAFC72C1A969243E1FC96F68CE18888034A749EE70582208BF814BD40B61A5"
Last-Modified: Tue, 25 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6981
Expires: Wed, 26 Oct 2022 00:46:55 GMT
Date: Tue, 25 Oct 2022 22:50:34 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash67d5a988edcda47bc3b3b3f65d32b4b6 d4f0e0da8b3690cc7da925026d3414b68c7d954f 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: pxWar2bY3Zuoy0fLHT+iJc/vHOSi4nprDMeP3fJI0py2MgGNrCl3a+eGWldCsVNKm4FxtZ0PIPo=
x-amz-request-id: AR82VBJEPRYBQZQR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 25 Oct 2022 22:09:06 GMT
age: 2488
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 278 B |
IP93.184.220.29:0
Hashea168f792e46cad89ce2a1ea75aee62f fb8a81170ee2a23ec61a69a3c4841737eb8fbdce 6a245c399c8e762416a6f91b8d92b34bc3d4312fe607d5182eb06cd66c7b6ac6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1688
Cache-Control: max-age=152809
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 22:50:34 GMT
Etag: "6358138b-116"
Expires: Thu, 27 Oct 2022 17:17:23 GMT
Last-Modified: Tue, 25 Oct 2022 16:49:15 GMT
Server: ECS (amb/6B8F)
X-Cache: HIT
Content-Length: 278
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 22:50:34 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hash518ff04fd536958e285cf07aaf4a2786 fa5dad2391c2a9957340bd629f0462db4f412a5c 608c78964412d5dc7025e9cbfaef345d448a29eae0f11257c49a41f274917b9a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 969
Cache-Control: max-age=120742
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 22:50:35 GMT
Etag: "63579918-1d7"
Expires: Thu, 27 Oct 2022 08:22:57 GMT
Last-Modified: Tue, 25 Oct 2022 08:06:48 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
|
|
| push.services.mozilla.com/ | 52.27.12.161 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP52.27.12.161:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ucWfGDY//TUaXbrfaa19DA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 44jrAptVfEY/9NDtRdH4mn1CwT0=
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 278 B |
IP93.184.220.29:0
Hashea168f792e46cad89ce2a1ea75aee62f fb8a81170ee2a23ec61a69a3c4841737eb8fbdce 6a245c399c8e762416a6f91b8d92b34bc3d4312fe607d5182eb06cd66c7b6ac6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1690
Cache-Control: max-age=152809
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 22:50:36 GMT
Etag: "6358138b-116"
Expires: Thu, 27 Oct 2022 17:17:25 GMT
Last-Modified: Tue, 25 Oct 2022 16:49:15 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 278
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 278 B |
IP93.184.220.29:0
Hash65510aedd1a67f63a74f0de49818efd4 565e20c6757bfedfb32091dad5842a26e1de3d71 db85f5a4a38880cf98a0bdae8b7ed47840716a63a2e10397191a10463b6d93be
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2697
Cache-Control: max-age=163161
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 22:50:36 GMT
Etag: "6358380c-116"
Expires: Thu, 27 Oct 2022 20:09:57 GMT
Last-Modified: Tue, 25 Oct 2022 19:25:00 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 278
|
|
| cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css |  104.17.25.14 | 200 OK | 5.6 kB |
URL HTTP/2cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css IP104.17.25.14:0
File typeASCII text, with very long lines (30837) Hash109d1ed85cd01f9cdab73a4cac5bf80d d6c6498ad46de2d8e2008a8ff68e364ae7f16b32 8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc
GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 25 Oct 2022 22:50:36 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 542678
expires: Sun, 15 Oct 2023 22:50:36 GMT
accept-ranges: bytes
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 75fe8318ec7bb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 278 B |
IP93.184.220.29:0
Hash65510aedd1a67f63a74f0de49818efd4 565e20c6757bfedfb32091dad5842a26e1de3d71 db85f5a4a38880cf98a0bdae8b7ed47840716a63a2e10397191a10463b6d93be
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2697
Cache-Control: max-age=163161
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 22:50:36 GMT
Etag: "6358380c-116"
Expires: Thu, 27 Oct 2022 20:09:57 GMT
Last-Modified: Tue, 25 Oct 2022 19:25:00 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 278
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hashf1ae675435a8f16bc0b04ec012c41979 182f87a81464c80b0b25fb524c59592cd40b0ef4 9191ced121d8740b4ed3af75db3033e72c0c44c0b45004abd714583deaa749a4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 22:50:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.googletagmanager.com/gtag/js?id=G-4Y92J21ZFR | 142.250.74.168 | 200 OK | 76 kB |
URL HTTP/2www.googletagmanager.com/gtag/js?id=G-4Y92J21ZFR IP142.250.74.168:0
File typeASCII text, with very long lines (18991) Hashaab034abed40018181e1ce26f4a2ae09 82c7bd650250d5526a342e1eb380c8cc24aa59c7 b7fcd42422eb9e6046579d96cd3259c0657337c304d04a4aaba976d01c39e763
GET /gtag/js?id=G-4Y92J21ZFR HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 25 Oct 2022 22:50:36 GMT
expires: Tue, 25 Oct 2022 22:50:36 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76058
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| cardiwersg.com/lv/esnk/1831828/code.js |  62.122.171.6 | 200 OK | 48 kB |
URL HTTP/2cardiwersg.com/lv/esnk/1831828/code.js IP62.122.171.6:0
Hashdf83c0ef3ddb0b6dc009ed41b1882336 d2f33d97978ce9840fa1f223a42719a2484f2130 298ece9eb99012d0f84ea5fc833a09e3ba5d975d345a925716fa08c4b1a073a9
GET /lv/esnk/1831828/code.js HTTP/1.1
Host: cardiwersg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 22:50:36 GMT
content-type: application/javascript
last-modified: Mon, 10 Oct 2022 09:37:02 GMT
vary: Accept-Encoding
etag: W/"6343e7be-1e77a"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash67374417e58b4ffe5ab7b146d80c75cc 3cf770779e2bd318c2e1e05002310242737f28f9 5f451b4bb89b2073573bc4cacbcb84f7c85477131a2df97f86231fc060134a27
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F451B4BB89B2073573BC4CACBCB84F7C85477131A2DF97F86231FC060134A27"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7247
Expires: Wed, 26 Oct 2022 00:51:23 GMT
Date: Tue, 25 Oct 2022 22:50:36 GMT
Connection: keep-alive
|
|
| samplerpouch.com/rEWqSwxak2vMbL4/36429 | 142.91.159.114 | 200 OK | 25 B |
URL HTTP/1.1samplerpouch.com/rEWqSwxak2vMbL4/36429 IP142.91.159.114:0
File typeASCII text, with no line terminators Hashd488addc5df5fc9b9ff4135bb4e3a823 6ce56f48e851df4d562b43d3bc1269a504ae83fc d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /rEWqSwxak2vMbL4/36429 HTTP/1.1
Host: samplerpouch.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 25 Oct 2022 22:50:36 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://userload.co
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Wed, 26-Oct-2022 22:50:36 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Wed, 26-Oct-2022 22:50:36 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash95a6ee1f14deb60334d6ff704f5378ac 54e5ddda262a1bc6633903a3a948260e022d802b da34de3194399ab84a5d1c2821b63d569af97f438bc8f6e01273a769b10a70aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA34DE3194399AB84A5D1C2821B63D569AF97F438BC8F6E01273A769B10A70AA"
Last-Modified: Sun, 23 Oct 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11776
Expires: Wed, 26 Oct 2022 02:06:52 GMT
Date: Tue, 25 Oct 2022 22:50:36 GMT
Connection: keep-alive
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 4.2 kB |
IP142.250.74.3:0
Hashf3ecc0881232a9425f117a0931ae3432 2c7c0d895048ecfc20537e9682cc809e9159d8e3 683217a0fd20dad14a50fb5f5bad5e93a6200f78a1d5459230267bcd7266796f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 22:50:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 1.3 kB |
IP142.250.74.3:0
Hashb24d8687e3b6e06b154bff697d5f7613 b2074bf2c2c920fea75b271265e49cb10508ee47 b5fbdfe38c16e3420a4c60595604ab1f0b75c8dd720baf258a2378e6b54bb63f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 22:50:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.googleapis.com/css?family=Open+Sans:400,300,600,700,800 | 142.250.74.10 | 200 OK | 1.3 kB |
URL HTTP/2fonts.googleapis.com/css?family=Open+Sans:400,300,600,700,800 IP142.250.74.10:0
Hashf55c0765d4aa1fd460ee85b34dbaf3b7 69ca82a76a078915c64531938a7a1bb38e5cd9a5 895344acf393a0512fc89d592604d8a79e4bb094e48986473c4a360c427b1d94
GET /css?family=Open+Sans:400,300,600,700,800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 25 Oct 2022 22:50:37 GMT
date: Tue, 25 Oct 2022 22:50:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| 0x01n2ptpuz3.com/dd/ef/31/ddef310ce197f5b89cab6eb34903ef02.js | 192.243.61.225 | 200 OK | 20 kB |
URL HTTP/1.10x01n2ptpuz3.com/dd/ef/31/ddef310ce197f5b89cab6eb34903ef02.js IP192.243.61.225:0 ASN#39572 DataWeb Global Group B.V.
File typeASCII text, with very long lines (59425), with no line terminators Hash8db4b69a412c4208d57e23be81291f46 3e14a1f6cacfcf58b1c4f1d15e05bfd50131cfca 75fed2ed978323f548049214329fc0b0adcee755968069645ba882c17fd1161d
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /dd/ef/31/ddef310ce197f5b89cab6eb34903ef02.js HTTP/1.1
Host: 0x01n2ptpuz3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 25 Oct 2022 22:50:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ad1218b9e9d951307de901202ea65f84
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| fonts.googleapis.com/css?family=Raleway:100,200,300,400,500,600,700,800 | 142.250.74.10 | 200 OK | 1.2 kB |
URL HTTP/2fonts.googleapis.com/css?family=Raleway:100,200,300,400,500,600,700,800 IP142.250.74.10:0
Hash4fd14d1ede393a5d2391b14c7e985489 fda8b42aaa1e3fd22c5c0f36c9410721d22dcd5a 82faa6bd981b3ac1c0a813727c9e2e01b309e88f8b9253547ca374d39a95980c
GET /css?family=Raleway:100,200,300,400,500,600,700,800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 25 Oct 2022 22:50:37 GMT
date: Tue, 25 Oct 2022 22:50:37 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash358ecd0ec047d700042e2a62f9847199 7bf4c552f47536fe451dc6ccfb0930c592084ef9 e14317aace5d64e9901867578379dd4dd4252b059070d37722f82ebb2e649d27
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E14317AACE5D64E9901867578379DD4DD4252B059070D37722F82EBB2E649D27"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7480
Expires: Wed, 26 Oct 2022 00:55:17 GMT
Date: Tue, 25 Oct 2022 22:50:37 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4eccb336-aab3-4c45-986e-3d5c068fa95f.jpeg | 34.120.237.76 | 200 OK | 4.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4eccb336-aab3-4c45-986e-3d5c068fa95f.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash77f26048280036eede4e216d7ac2ed6f 619dff28900195c0d76692c6695c610c57fde4f2 d17b83d8de3794b198bd371579ca3447639f53121eb463b6eb0a766fe7f0103c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4eccb336-aab3-4c45-986e-3d5c068fa95f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4545
x-amzn-requestid: 79cb9387-d637-49b8-9a2d-6d372c793b79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ2hFLUoAMFZpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358568f-4b5bd9d432820d313641ce7c;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: AZtv67bO63atc0XPPRa8j0DVq8srEip-Ucqx5OE2RdEcNrZuJOeOBw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 22:05:36 GMT
age: 2701
etag: "619dff28900195c0d76692c6695c610c57fde4f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48cd6d0a-5e38-4eda-b349-0efb558678c9.jpeg | 34.120.237.76 | 200 OK | 7.1 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48cd6d0a-5e38-4eda-b349-0efb558678c9.jpeg IP34.120.237.76:0
Hashb02c17346a00807d1768f1fdebed8380 ea48679350b886336f5ddd5de7afaf7f54100a80 2a80a3c85e36b7df6f2f28daeb952fa1af38081a49a48fe4a08dff965bce5460
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48cd6d0a-5e38-4eda-b349-0efb558678c9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7042
x-amzn-requestid: dc5f1520-35a5-4432-acc8-9361f504d857
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alLEXH1RIAMFkIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63585882-5f381fca2cf0db212fedb38a;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:43:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: fMWT07LAcOSq_VD9gNZ41MIj1p9PQVO6iwkAaLQAl2jzHKqxuuqp4g==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:50:23 GMT
age: 3614
etag: "a19ff057587a29f7193f4b2c9755a4f216cc6c59"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| cardiwersg.com/lv/esnk/1831814/code.js | 62.122.171.6 | 200 OK | 60 kB |
URL HTTP/2cardiwersg.com/lv/esnk/1831814/code.js IP62.122.171.6:0
Hash79f01c444dda8adc7ce8a9d2927332c1 a0f450646e4d843cce3577026b3ab813b9905387 536fd16c3b5853003b5459c5347d456c4bd29c48c2b75cba756a065daf09585a
GET /lv/esnk/1831814/code.js HTTP/1.1
Host: cardiwersg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 22:50:36 GMT
content-type: application/javascript
last-modified: Mon, 10 Oct 2022 09:37:02 GMT
vary: Accept-Encoding
etag: W/"6343e7be-1e77a"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9e9e44c-367f-4419-9232-a61ac0ceba8e.jpeg | 34.120.237.76 | 200 OK | 13 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9e9e44c-367f-4419-9232-a61ac0ceba8e.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash088f0f2074f83c6265c531c1aa94110b 3934a64203860925a6e7ddd5c9ec1e23d6a4fb62 ad6a0705eed632a908e735a806657221852533eda9ae9978d8f1aeb4ad2ebb38
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9e9e44c-367f-4419-9232-a61ac0ceba8e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12703
x-amzn-requestid: 80a35fb9-0cfb-4fe9-9c04-bf8ba82f3d32
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ2hEhuoAMF_xw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358568f-3a4bd0df07d1e3cb7d66614c;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:11 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: f86i0X9YJLer7qbPKoKQOx1H0VH34-89WY64hH5bpRhbwAsPj1b76w==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:49:00 GMT
age: 3697
etag: "3934a64203860925a6e7ddd5c9ec1e23d6a4fb62"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc635673e-499c-4d9c-8bc5-a713fb19e221.jpeg | 34.120.237.76 | 200 OK | 16 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc635673e-499c-4d9c-8bc5-a713fb19e221.jpeg IP34.120.237.76:0
Hashb27d1cef1d2d174a9bce3b78c448d890 c56c953b3b1d290fb3e06de2daf71720ce7b4557 a9e763172ecac5e11f9e37dfb8ff38bd5e5d5d86cfe321f5ae008c208406bc54
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc635673e-499c-4d9c-8bc5-a713fb19e221.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13796
x-amzn-requestid: 90b1e032-78c6-499d-b564-f25c15e20304
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ2OG0SoAMFx-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358568e-599d0f526fc6a01f77b67dcf;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qxBQMJAnYNJVLBf5LSOTC7v3hPl9sh-G-OIqrK7d5KpdVITaQCcGMA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:47:18 GMT
age: 3799
etag: "c3856686b98e1883133aa1824c496d34512769a0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46a778e-e75b-47e4-aeb6-86c999571ae0.jpeg | 34.120.237.76 | 200 OK | 7.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46a778e-e75b-47e4-aeb6-86c999571ae0.jpeg IP34.120.237.76:0
Hash325b1f883dad41d67ac9ce7a3b4506a1 d4c0451d85d448d70e9b7e749580cb6cc053730d e27bbb4c8bc7a2fe201f604b9c94cf7ef9d71237656e8800caa866160496deae
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46a778e-e75b-47e4-aeb6-86c999571ae0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6090
x-amzn-requestid: ab19f9fb-ebca-468d-9fb4-b70b4812a5b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alKjiEiNoAMFQ8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635857b0-63fc3f874e6015777194599c;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:40:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: XP-AENoYybJ1Cfq20JeJepvlYgTQJB0uQ2CjLGZqwTQTcQvbscEL4w==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:49:23 GMT
etag: "e4d440e51b826e2cd69a00f4abf195971b2843df"
content-type: image/jpeg
age: 3674
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hash19132f29a8811a10f90eca2d81e5deb8 3b9e0bbf9f40f46b57dad5567b008e58b5770565 708aeab241760b108d60c1462b1979e59cf473242222e9270705ba70642b04f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 22:50:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| e1.o.lencr.org/ | 23.36.76.226 | 200 OK | 10 kB |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash12ea45c485f0b2c21d16f7fa0f545720 ba280f47e606ff1d664f163da8e25dc502f1cca3 ee2c308f4d7adad019ef8b33f1e1784a31628e6b82293de3c956de9f4682d89c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A0B6128D03DF09119F28EA616E0442D008B708922C173FDFC4824F86C11A8296"
Last-Modified: Mon, 24 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8494
Expires: Wed, 26 Oct 2022 01:12:12 GMT
Date: Tue, 25 Oct 2022 22:50:38 GMT
Connection: keep-alive
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hashe4f7139b125683bac76c2b5638a1a643 2f84ea7104d659754e5962f88f504a7189f6f914 c9c550489201a92e8bbe162bca49d4aa6b21fa22b254a6a29502186423b3b579
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 22:50:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hashe4f7139b125683bac76c2b5638a1a643 2f84ea7104d659754e5962f88f504a7189f6f914 c9c550489201a92e8bbe162bca49d4aa6b21fa22b254a6a29502186423b3b579
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 22:50:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hashe4f7139b125683bac76c2b5638a1a643 2f84ea7104d659754e5962f88f504a7189f6f914 c9c550489201a92e8bbe162bca49d4aa6b21fa22b254a6a29502186423b3b579
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 22:50:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 | 216.58.207.195 | 200 OK | 45 kB |
URL HTTP/2fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 IP216.58.207.195:0
File typeWeb Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data Hash565ce506190ad3af920b40baf1794cec ad3cba5d06100e09449a864d3b5e58403b478b3d 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://userload.co
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Oct 2022 05:42:51 GMT
expires: Fri, 20 Oct 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 493667
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 | 216.58.207.195 | 200 OK | 69 kB |
URL HTTP/2fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 IP216.58.207.195:0
Hash924971ec61babd8a977b327c33dcf7df b547441a806670335f5d14324890b69f706277c4 f277b8b744857c7d7edcc7eeca82f6231ba0ab62019a124a77cc4f5109acd865
GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://userload.co
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 24 Oct 2022 21:13:13 GMT
expires: Tue, 24 Oct 2023 21:13:13 GMT
cache-control: public, max-age=31536000
age: 92245
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hashe4f7139b125683bac76c2b5638a1a643 2f84ea7104d659754e5962f88f504a7189f6f914 c9c550489201a92e8bbe162bca49d4aa6b21fa22b254a6a29502186423b3b579
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 22:50:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.sca1b.amazontrust.com/ | 143.204.42.165 | 200 OK | 1.8 kB |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP143.204.42.165:0
Hashee385d83adb327e01f6d9d51a90a6bdc 10b35527285884307a810c76fc207d6651110398 dfda6ec44ce5dfeb6319c558fe0ecd49333e8bb2d0fd736b111f79c9de68d576
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=136898
Date: Tue, 25 Oct 2022 22:50:38 GMT
Etag: "6357d705-1d7"
Expires: Thu, 27 Oct 2022 12:52:16 GMT
Last-Modified: Tue, 25 Oct 2022 12:31:01 GMT
Server: ECS (bsa/EB16)
X-Cache: Miss from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: rtN5TDp2YD03XgrEKUI1zY8XNRyiSgxuVac5Eqz-6kQxMfdNT1tjFw==
Age: 1275
|
|
| simplewebanalysis.com/stats |  18.193.142.27 | 200 OK | 40 B |
URL HTTP/2simplewebanalysis.com/stats IP18.193.142.27:0
File typeASCII text, with no line terminators Hash7954ce2fb1aa3664b2e5bf9d8bb0d14c 739cda5775d1bafaf3a10d5728459ecdf6404e75 3f09d2fbd4627b484a25e311554cb6c53e78900f8473e157801d3ecdfdf352ba
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userload.co
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 25 Oct 2022 22:50:38 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://userload.co
access-control-allow-credentials: true
set-cookie: uid_id2=ec30ea28-0d2d-4c16-973e-8458f1f6e181:3:1; expires=Fri, 22 Oct 2032 22:50:38 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| cardiwersg.com/get/1831828?zoneid=1831828&jp=_clqvukvtywyb745ozmwsq3&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=1798081217279512 | 62.122.171.6 | 200 OK | 1.4 kB |
URL HTTP/2cardiwersg.com/get/1831828?zoneid=1831828&jp=_clqvukvtywyb745ozmwsq3&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=1798081217279512 IP62.122.171.6:0
Hash4d399394948368b57c51effcfd4842e5 6c2d8840b93d878d473d027337dc6fd61667bca7 de5a5ae656d2cb8efb988d4fdc46d801024319d31eab0b1334a50242871b49f0
GET /get/1831828?zoneid=1831828&jp=_clqvukvtywyb745ozmwsq3&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=1798081217279512 HTTP/1.1
Host: cardiwersg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 22:50:38 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=22102517509268904f45ab4fc2af591af08c; Path=/; Expires=Wed, 25 Oct 2023 22:50:38 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 280 B |
IP93.184.220.29:0
Hash9809d6fb9a61cb3d05910894b54bdc87 c429655e9a38661e60cf95883b03718222ae6481 476ca5653d9ecb7828594ce8b1282a502b08c6dad2371eb38badf8c300f3d80b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6354
Cache-Control: max-age=89382
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 22:50:38 GMT
Etag: "63570992-118"
Expires: Wed, 26 Oct 2022 23:40:20 GMT
Last-Modified: Mon, 24 Oct 2022 21:54:26 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 280
|
|
| cdn.pncloudfl.com/pn/c05/c68/c51/c05c68c51ebc23dde12a35127ecb8c73d326606e.png | 104.22.59.221 | 200 OK | 7.3 kB |
URL HTTP/2cdn.pncloudfl.com/pn/c05/c68/c51/c05c68c51ebc23dde12a35127ecb8c73d326606e.png IP104.22.59.221:0
File typeRIFF (little-endian) data, Web/P image\012- data Hash8efc04b411c2faa65cdfb960021cb172 0f2ed0f731a57c7597d626b75eac7cdc9ad759d5 e5fb3f545ac32df5ecc6032e7f4916ee3cd054b4b04bc6a3eeb1cafc4466e06a
GET /pn/c05/c68/c51/c05c68c51ebc23dde12a35127ecb8c73d326606e.png HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 25 Oct 2022 22:50:38 GMT
content-type: image/webp
content-length: 7316
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=11847
content-disposition: inline; filename="c05c68c51ebc23dde12a35127ecb8c73d326606e.webp"
etag: 4437b4fc63304022bffebf6860abdd41
expires: Thu, 27 Oct 2022 17:06:08 GMT
last-modified: Wed, 08 Apr 2020 13:54:04 GMT
vary: Accept
x-openstack-request-id: tx8629a474314b4bff995b7-0061b0bba7
x-proxy-cache: HIT
x-timestamp: 1586354043.15786
x-trans-id: tx8629a474314b4bff995b7-0061b0bba7
cf-cache-status: HIT
age: 20670
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 75fe83264eafb4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cardiwersg.com/get/1831814?zoneid=1831814&jp=_clpwzbzfttsothkmcbahha&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=1235131263828994 | 62.122.171.6 | 200 OK | 1.1 kB |
URL HTTP/2cardiwersg.com/get/1831814?zoneid=1831814&jp=_clpwzbzfttsothkmcbahha&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=1235131263828994 IP62.122.171.6:0
Hashb29d30c4fcc8bfb81191dc3b138732dc 4af2b6ba069a85f81bce7b782e9181052abfa984 1d1c1edd4e7ae4d4b50a659984427ada6d900e7d90412633a6d79ab12f6a4c41
GET /get/1831814?zoneid=1831814&jp=_clpwzbzfttsothkmcbahha&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=1235131263828994 HTTP/1.1
Host: cardiwersg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 22:50:38 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=221025175019d0a0067f664b5a8a25dd7171; Path=/; Expires=Wed, 25 Oct 2023 22:50:38 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
|
|
| cardiwersg.com/chicken.gif?z=1831829&pb=efd6db1d3aa75e6a3c983f1c101941f81666745438&psp=hZ2Lc8bW8IfBhIMagcD_vxhpSuzlgbWPfPy_Zc_bCJk2UH2gkdq07sXHqlf0PWufVrS0xhIESzMdk0Bsiwzsmn89PUjQPiEYmlTsTUFn5ElesJYgxad8QjlivvOmnhl5SA14jSqhnaiPqG1Upx371tEjgW41fQ-UVI2agjP8Ku3V3c2Dh9IvnSWGdYDPzO7ISyz9tTog7ofU6em4coHKitrQX6l1NT-oMz3zqfbzTCF5l4Ln9BCu9eoKl20heIu1zaMq-496GYYUr__2fmt0rZs6XhXiBA7DrcvHBiTNZOMXjw8eD7wFWyKo2PZLR-iLyNQ20P9-AVusSvg-mV9K1AeWs9tKlBMVkhOlZ-icbFLg-Wi7fNexPcXarmWuKP9N8Zh4MYx1_OzpTao9u4TQu72Qp6xazU9tH5G7cQWZFQieO6Ue0yo4Uj49EadPsfo0c8oRW7RvRiRATUJdLnvgvafwPxOZJV1vreKHK3kDVEP33CgIJO4ytCNITbhQSz4u99M2bJE37vkiym7KlgTe9fVmLKYkrncD0lslu2ie4CiQGgij5jdjYQGBF_JU4Y3PLWHBBhBvUdWCeGaEK4FhIxtQJTl9nYCAmN0BqE2dHpVxkrOpiGGR6lpjPvkgUPsc0xfxVMaw7o1XOQKz0v6wUUsiMPY=&abvar=0&os=0 | 62.122.171.6 | 200 OK | 43 B |
URL HTTP/2cardiwersg.com/chicken.gif?z=1831829&pb=efd6db1d3aa75e6a3c983f1c101941f81666745438&psp=hZ2Lc8bW8IfBhIMagcD_vxhpSuzlgbWPfPy_Zc_bCJk2UH2gkdq07sXHqlf0PWufVrS0xhIESzMdk0Bsiwzsmn89PUjQPiEYmlTsTUFn5ElesJYgxad8QjlivvOmnhl5SA14jSqhnaiPqG1Upx371tEjgW41fQ-UVI2agjP8Ku3V3c2Dh9IvnSWGdYDPzO7ISyz9tTog7ofU6em4coHKitrQX6l1NT-oMz3zqfbzTCF5l4Ln9BCu9eoKl20heIu1zaMq-496GYYUr__2fmt0rZs6XhXiBA7DrcvHBiTNZOMXjw8eD7wFWyKo2PZLR-iLyNQ20P9-AVusSvg-mV9K1AeWs9tKlBMVkhOlZ-icbFLg-Wi7fNexPcXarmWuKP9N8Zh4MYx1_OzpTao9u4TQu72Qp6xazU9tH5G7cQWZFQieO6Ue0yo4Uj49EadPsfo0c8oRW7RvRiRATUJdLnvgvafwPxOZJV1vreKHK3kDVEP33CgIJO4ytCNITbhQSz4u99M2bJE37vkiym7KlgTe9fVmLKYkrncD0lslu2ie4CiQGgij5jdjYQGBF_JU4Y3PLWHBBhBvUdWCeGaEK4FhIxtQJTl9nYCAmN0BqE2dHpVxkrOpiGGR6lpjPvkgUPsc0xfxVMaw7o1XOQKz0v6wUUsiMPY=&abvar=0&os=0 IP62.122.171.6:0
File typeGIF image data, version 89a, 1 x 1\012- data Hash28e463819a210071de3b45ebe7633613 6dccd571828ec0912629119cf7eabfea9f33ddbc 44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=1831829&pb=efd6db1d3aa75e6a3c983f1c101941f81666745438&psp=hZ2Lc8bW8IfBhIMagcD_vxhpSuzlgbWPfPy_Zc_bCJk2UH2gkdq07sXHqlf0PWufVrS0xhIESzMdk0Bsiwzsmn89PUjQPiEYmlTsTUFn5ElesJYgxad8QjlivvOmnhl5SA14jSqhnaiPqG1Upx371tEjgW41fQ-UVI2agjP8Ku3V3c2Dh9IvnSWGdYDPzO7ISyz9tTog7ofU6em4coHKitrQX6l1NT-oMz3zqfbzTCF5l4Ln9BCu9eoKl20heIu1zaMq-496GYYUr__2fmt0rZs6XhXiBA7DrcvHBiTNZOMXjw8eD7wFWyKo2PZLR-iLyNQ20P9-AVusSvg-mV9K1AeWs9tKlBMVkhOlZ-icbFLg-Wi7fNexPcXarmWuKP9N8Zh4MYx1_OzpTao9u4TQu72Qp6xazU9tH5G7cQWZFQieO6Ue0yo4Uj49EadPsfo0c8oRW7RvRiRATUJdLnvgvafwPxOZJV1vreKHK3kDVEP33CgIJO4ytCNITbhQSz4u99M2bJE37vkiym7KlgTe9fVmLKYkrncD0lslu2ie4CiQGgij5jdjYQGBF_JU4Y3PLWHBBhBvUdWCeGaEK4FhIxtQJTl9nYCAmN0BqE2dHpVxkrOpiGGR6lpjPvkgUPsc0xfxVMaw7o1XOQKz0v6wUUsiMPY=&abvar=0&os=0 HTTP/1.1
Host: cardiwersg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=221025175019d0a0067f664b5a8a25dd7171
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 22:50:38 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ABWVjAAAAAAAAAAB; Path=/; Expires=Thu, 24 Nov 2022 22:50:38 GMT; Secure; SameSite=None
OACIBLOCK=ABWVjAAAAABjV21Q; Path=/; Expires=Thu, 24 Nov 2022 22:50:38 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Wed, 26 Oct 2022 22:50:38 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
|
|
| cardiwersg.com/chicken.gif?z=1831814&pb=efd6db1d3aa75e6a3c983f1c101941f81666745438&psp=682fDpm2uaX3Gw_ywhoxs84T0DMKf_Bb8W8o3dc5hHGOKcxQPKPd5qKMNgRYj3Iehig7g0AbROhDi_fvutYzLaODj_At_FOJ2LxRNSLdBJDO-iHQOvhzETL-A_Pa8VPgy6yl8I7AerJoqAAKgtncJI9ryNcGjRIaph3e2nfw9oDfUJpT0FupgfH8bvbZ-m4DumSjWuNReYqkq8djkkcdteW-s0Eja4c-QapL0et8duE66G4Ph98suF4M3TeUExGewF6kYWvoY59wV67raaAGNq-MhgRpcdi9Js925CvlKVM2DSC-nVMvR1Dfm5Xwba73ZshK2QKvCkE292BoyMkp-QUOjiu7PKkknEw_agX4fH4Onj5kk3SROMlhlhetmHkm6cQRjFTEJ-97voVpmpgEOGgNfLYZ821nhWYssgQ7vBA9Bkv-A5hKYI2CcJwTfZr-u4xxbst9_RHuUMYQhVzhIRY3tiQ84E4lROvZeZBzBEkaHGAVRNMsc2pLbwjqcQpaF51rfU4fhlTHl3CfKD20qaXyb7Xi7th0KkwTcki2HCdSYtTLanRdfZFvroIjgqe39FGeuyQxDXg9CEsVAsBHMclw4J94GKFaWIamCk0Tzo8g0jOad0mmrBXVZaCyncvWQjmE_3nWdYaRyQPdXKyiPPNVHAc=&abvar=0&os=0 | 62.122.171.6 | 200 OK | 43 B |
URL HTTP/2cardiwersg.com/chicken.gif?z=1831814&pb=efd6db1d3aa75e6a3c983f1c101941f81666745438&psp=682fDpm2uaX3Gw_ywhoxs84T0DMKf_Bb8W8o3dc5hHGOKcxQPKPd5qKMNgRYj3Iehig7g0AbROhDi_fvutYzLaODj_At_FOJ2LxRNSLdBJDO-iHQOvhzETL-A_Pa8VPgy6yl8I7AerJoqAAKgtncJI9ryNcGjRIaph3e2nfw9oDfUJpT0FupgfH8bvbZ-m4DumSjWuNReYqkq8djkkcdteW-s0Eja4c-QapL0et8duE66G4Ph98suF4M3TeUExGewF6kYWvoY59wV67raaAGNq-MhgRpcdi9Js925CvlKVM2DSC-nVMvR1Dfm5Xwba73ZshK2QKvCkE292BoyMkp-QUOjiu7PKkknEw_agX4fH4Onj5kk3SROMlhlhetmHkm6cQRjFTEJ-97voVpmpgEOGgNfLYZ821nhWYssgQ7vBA9Bkv-A5hKYI2CcJwTfZr-u4xxbst9_RHuUMYQhVzhIRY3tiQ84E4lROvZeZBzBEkaHGAVRNMsc2pLbwjqcQpaF51rfU4fhlTHl3CfKD20qaXyb7Xi7th0KkwTcki2HCdSYtTLanRdfZFvroIjgqe39FGeuyQxDXg9CEsVAsBHMclw4J94GKFaWIamCk0Tzo8g0jOad0mmrBXVZaCyncvWQjmE_3nWdYaRyQPdXKyiPPNVHAc=&abvar=0&os=0 IP62.122.171.6:0
File typeGIF image data, version 89a, 1 x 1\012- data Hash28e463819a210071de3b45ebe7633613 6dccd571828ec0912629119cf7eabfea9f33ddbc 44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=1831814&pb=efd6db1d3aa75e6a3c983f1c101941f81666745438&psp=682fDpm2uaX3Gw_ywhoxs84T0DMKf_Bb8W8o3dc5hHGOKcxQPKPd5qKMNgRYj3Iehig7g0AbROhDi_fvutYzLaODj_At_FOJ2LxRNSLdBJDO-iHQOvhzETL-A_Pa8VPgy6yl8I7AerJoqAAKgtncJI9ryNcGjRIaph3e2nfw9oDfUJpT0FupgfH8bvbZ-m4DumSjWuNReYqkq8djkkcdteW-s0Eja4c-QapL0et8duE66G4Ph98suF4M3TeUExGewF6kYWvoY59wV67raaAGNq-MhgRpcdi9Js925CvlKVM2DSC-nVMvR1Dfm5Xwba73ZshK2QKvCkE292BoyMkp-QUOjiu7PKkknEw_agX4fH4Onj5kk3SROMlhlhetmHkm6cQRjFTEJ-97voVpmpgEOGgNfLYZ821nhWYssgQ7vBA9Bkv-A5hKYI2CcJwTfZr-u4xxbst9_RHuUMYQhVzhIRY3tiQ84E4lROvZeZBzBEkaHGAVRNMsc2pLbwjqcQpaF51rfU4fhlTHl3CfKD20qaXyb7Xi7th0KkwTcki2HCdSYtTLanRdfZFvroIjgqe39FGeuyQxDXg9CEsVAsBHMclw4J94GKFaWIamCk0Tzo8g0jOad0mmrBXVZaCyncvWQjmE_3nWdYaRyQPdXKyiPPNVHAc=&abvar=0&os=0 HTTP/1.1
Host: cardiwersg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=221025175019d0a0067f664b5a8a25dd7171
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 22:50:38 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ABWVjAAAAAAAAAAB; Path=/; Expires=Thu, 24 Nov 2022 22:50:38 GMT; Secure; SameSite=None
OACIBLOCK=ABWVjAAAAABjV21Q; Path=/; Expires=Thu, 24 Nov 2022 22:50:38 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Wed, 26 Oct 2022 22:50:38 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 280 B |
IP93.184.220.29:0
Hash9809d6fb9a61cb3d05910894b54bdc87 c429655e9a38661e60cf95883b03718222ae6481 476ca5653d9ecb7828594ce8b1282a502b08c6dad2371eb38badf8c300f3d80b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3080
Cache-Control: max-age=86108
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 22:50:38 GMT
Etag: "63570992-118"
Expires: Wed, 26 Oct 2022 22:45:46 GMT
Last-Modified: Mon, 24 Oct 2022 21:54:26 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 280
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hasha1cae818057c096fe98e917c42c0c851 7aa6c046d3fe498bb5b51b5972269c37f6147865 2a209dcb45e6ab2b6eb49fb34ee64960a3b48b1268f865033440d60e033c7d1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A209DCB45E6AB2B6EB49FB34EE64960A3B48B1268F865033440D60E033C7D1F"
Last-Modified: Mon, 24 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7348
Expires: Wed, 26 Oct 2022 00:53:06 GMT
Date: Tue, 25 Oct 2022 22:50:38 GMT
Connection: keep-alive
|
|
| sicknessfestivity.com/pixel/purst?dl=0&th=0&sc=0&rs=2822&rd=2822&fd=914&bv=22.8.v.1&tmpl=70 | 192.243.61.225 | 200 OK | 36 kB |
URL HTTP/1.1sicknessfestivity.com/pixel/purst?dl=0&th=0&sc=0&rs=2822&rd=2822&fd=914&bv=22.8.v.1&tmpl=70 IP192.243.61.225:0 ASN#39572 DataWeb Global Group B.V.
Hash5defb9fadb87d8b0accc8cc3145da80f 7258abf8c6a7125b8bf46c7a7ef9d040c578da0f 37bca198b9cd4d992e83f5bdcbded3e7860a0b7b5fdef48facbea792cea030ac
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pixel/purst?dl=0&th=0&sc=0&rs=2822&rd=2822&fd=914&bv=22.8.v.1&tmpl=70 HTTP/1.1
Host: sicknessfestivity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 25 Oct 2022 22:50:38 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| sicknessfestivity.com/pixel/puclc?tmpl=70&bv=22.8.v.1&plk=ddef310ce197f5b89cab6eb34903ef02 | 192.243.61.225 | 200 OK | 0 B |
URL HTTP/1.1sicknessfestivity.com/pixel/puclc?tmpl=70&bv=22.8.v.1&plk=ddef310ce197f5b89cab6eb34903ef02 IP192.243.61.225:0 ASN#39572 DataWeb Global Group B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pixel/puclc?tmpl=70&bv=22.8.v.1&plk=ddef310ce197f5b89cab6eb34903ef02 HTTP/1.1
Host: sicknessfestivity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 25 Oct 2022 22:50:39 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash8be515a2d1564ead9b9597536e9dfae3 f6a9ab395e4375ccf952856bef3f7d85bbce181f e5a0e8d1a735526e6d9e393f0091537a6c12040392a00c7a22f4d37610701b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E5A0E8D1A735526E6D9E393F0091537A6C12040392A00C7A22F4D37610701B0D"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8473
Expires: Wed, 26 Oct 2022 01:11:52 GMT
Date: Tue, 25 Oct 2022 22:50:39 GMT
Connection: keep-alive
|
|
| region1.google-analytics.com/g/collect?v=2&tid=G-4Y92J21ZFR>m=2oeaj0&_p=832660966&cid=619181652.1666738236&ul=en-us&sr=1280x1024&_s=1&sid=1666738236&sct=1&seg=0&dl=https%3A%2F%2Fuserload.co%2Ff%2F6ffe0b17dfb0%2F&dt=majka%20sex%20with%20friend%20home%20groupshow%20grupowa.mp4%20%7C%20userload&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 | 216.239.34.36 | 204 No Content | 0 B |
URL HTTP/2region1.google-analytics.com/g/collect?v=2&tid=G-4Y92J21ZFR>m=2oeaj0&_p=832660966&cid=619181652.1666738236&ul=en-us&sr=1280x1024&_s=1&sid=1666738236&sct=1&seg=0&dl=https%3A%2F%2Fuserload.co%2Ff%2F6ffe0b17dfb0%2F&dt=majka%20sex%20with%20friend%20home%20groupshow%20grupowa.mp4%20%7C%20userload&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 IP216.239.34.36:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-4Y92J21ZFR>m=2oeaj0&_p=832660966&cid=619181652.1666738236&ul=en-us&sr=1280x1024&_s=1&sid=1666738236&sct=1&seg=0&dl=https%3A%2F%2Fuserload.co%2Ff%2F6ffe0b17dfb0%2F&dt=majka%20sex%20with%20friend%20home%20groupshow%20grupowa.mp4%20%7C%20userload&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://userload.co
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://userload.co
date: Tue, 25 Oct 2022 22:50:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash46aa43b9899b994f8415b685c0b7b670 a6393407d13c56881fa2bcc9838cf96ca7b734f6 5c5680eaeb44172df0c2f19906052f4732aa56304149db7be325c1cb28e21687
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C5680EAEB44172DF0C2F19906052F4732AA56304149DB7BE325C1CB28E21687"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15047
Expires: Wed, 26 Oct 2022 03:01:26 GMT
Date: Tue, 25 Oct 2022 22:50:39 GMT
Connection: keep-alive
|
|
| banquetunarmedgrater.com/advertisers.js | 173.233.139.164 | 200 OK | 0 B |
URL HTTP/1.1banquetunarmedgrater.com/advertisers.js IP173.233.139.164:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 25 Oct 2022 22:50:39 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b09f1aa5a437c6068ede35bbff13ca60
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| unseenreport.com/pxf.gif?uuid=ec30ea28-0d2d-4c16-973e-8458f1f6e181&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=ddef310ce197f5b89cab6eb34903ef02&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 | 192.243.59.20 | 200 OK | 1 B |
URL HTTP/1.1unseenreport.com/pxf.gif?uuid=ec30ea28-0d2d-4c16-973e-8458f1f6e181&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=ddef310ce197f5b89cab6eb34903ef02&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 IP192.243.59.20:0 ASN#39572 DataWeb Global Group B.V.
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pxf.gif?uuid=ec30ea28-0d2d-4c16-973e-8458f1f6e181&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=ddef310ce197f5b89cab6eb34903ef02&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 25 Oct 2022 22:50:39 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b358800d119ff44fb6dfcb577a5f8136
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| userload.co/f/6ffe0b17dfb0/ | 172.67.139.216 | 200 OK | 0 B |
URL HTTP/2userload.co/f/6ffe0b17dfb0/ IP172.67.139.216:0
GET /f/6ffe0b17dfb0/ HTTP/1.1
Host: userload.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 25 Oct 2022 22:50:36 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *, *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ucRu%2BGYYb%2Fv3dl%2BzVqyAoyCkbtB9DYXI0P4hw707HWUVLvxETyzVytxDBd95kq16u9WEO%2FWGmLY4KVayeexbfpUFzxRswt8bXzpBnJlzRfXB1hncWdAYr6K5sOEqpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75fe830fdaf9b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| addresseepaper.com/sfp.js | 172.64.193.5 | 200 OK | 0 B |
URL HTTP/2addresseepaper.com/sfp.js IP172.64.193.5:0
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 25 Oct 2022 22:50:38 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 37a1dd4ea418bccadc714b140659bdc7
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 25 Oct 2022 22:50:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mHJY0MYmol%2BBz5CHH7t3i42tuvmHmtv6rcZRaY%2B%2FlXxbmx7hitnKiLczXL%2F2%2BTt112yVI%2BdGcw24qYTjdNxv9qdMTKh38ykiJW4edavIW9wz2gKQb%2BODR1mOYiJ5E18j7aoDEEk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75fe8324bcae7768-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cardiwersg.com/lv/esnk/1831829/code.js | 62.122.171.6 | 200 OK | 0 B |
URL HTTP/2cardiwersg.com/lv/esnk/1831829/code.js IP62.122.171.6:0
GET /lv/esnk/1831829/code.js HTTP/1.1
Host: cardiwersg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://userload.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 22:50:36 GMT
content-type: application/javascript
last-modified: Mon, 10 Oct 2022 09:37:02 GMT
vary: Accept-Encoding
etag: W/"6343e7be-1e77a"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
104.21.70.213