www.file-upload.com/1kq2ksn6888e
172.67.146.80200 OK 5.6 kB URL HTTP/1.1 www.file-upload.com/1kq2ksn6888e
IP 172.67.146.80:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (842)
Hash 959764d1a25871cfc3b72f389c1ad3fc
06cfbc215536122edf0e1289d9f6069a8dfcd2f2
736fa4b72b669901838c0c6cff5d2a900232fc54c8f3f59aa357cf841e71325f
GET /1kq2ksn6888e HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 05:14:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=0;includeSubDomains;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Expires: Wed, 23 Nov 2022 05:14:11 GMT
Set-Cookie: lang=english; domain=.file-upload.com; path=/
aff=303101; domain=.file-upload.com; path=/; expires=Thu, 08-Dec-2022 05:14:11 GMT
X-Cache: HIT from Backend
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I7941kq%2BIy4thqDb4bIRp1WM3pJ4alAjL0%2BGZuiGmK%2FGNH18VS91EMGPX1oVeAWlVYf%2BYZxmYZSkmaj4Fqz7EEq5MH%2F%2BdhsJ4evr%2FZLIgC1uT46eVfZRejA5t8sq06%2BkTUQ5IX5p"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76efa8db09b50b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb72f04bd7a4410640c0543bb4bd402
7c63b7e220b337b6a4f39864e11d6aa9e26c38ac
b7f7a4d355ed3b847a5e28f16030d5cbc715d47326aea20f292cd76dcaf59794
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B7F7A4D355ED3B847A5E28F16030D5CBC715D47326AEA20F292CD76DCAF59794"
Last-Modified: Mon, 21 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6471
Expires: Thu, 24 Nov 2022 07:02:02 GMT
Date: Thu, 24 Nov 2022 05:14:11 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 770d09773b5f304acf141fd66a4862b4
5ddc46ab75de26c858a9a6f6d1beaaec9bb181f5
c7bcc6928fa1c0bb225ce8a2f6badd6cb1bd6ea002fb808ed34e8dafbd7b3b26
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4986
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:11 GMT
Last-Modified: Thu, 24 Nov 2022 03:51:05 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 24 Nov 2022 04:18:55 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3316
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 054ff0d1a0a43f7cb1d78dbd34e27f99
3caf54f3de1d6a8c6f6454083f8b8e7dec77db54
fcdcef8306ae31f20c366489e1f88aa40b08f154d25d45f4055c4f8cdef47634
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FCDCEF8306AE31F20C366489E1F88AA40B08F154D25D45F4055C4F8CDEF47634"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7228
Expires: Thu, 24 Nov 2022 07:14:39 GMT
Date: Thu, 24 Nov 2022 05:14:11 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: xEzyKi8iN64FE0a2XEt8iWMIxZVjkggmiyqMIl0zDBRMaZd96Qnzded/tLXtiaDAMyciC+h07d4=
x-amz-request-id: TR94W57KHNF6111M
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 24 Nov 2022 04:40:16 GMT
age: 2035
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 05:14:11 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.file-upload.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
172.67.146.80200 OK 3.9 kB URL HTTP/1.1 www.file-upload.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP 172.67.146.80:0
File type ASCII text, with very long lines (12331)
Hash 54c87b7a9007d256c837e382cab4170d
6c8f44204021f68596af9ae5a742c3ad1b76a6ec
3a09f98b09786cd8fbe71cc17d07660e767fc1c8d2ea467f912bc328766a54a1
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/1kq2ksn6888e
Cookie: lang=english; aff=303101
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 05:14:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 13:35:09 GMT
ETag: W/"637cd00d-302c"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UKKtKMULG%2B3PyvMmOcl3GmI5I9wvcH3fU2FAvzuaRhkaD8qAZJrH7%2B0x%2Fzy5309txX6%2F%2F0mb4dGuH7bxKC%2BcLfMO5bwpeJW8d0lJOSjSgUjooU8%2FRpJhPUYuxDcOi%2BwtjYFicSTt"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76efa8dddad50b65-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Expires: Sat, 26 Nov 2022 05:14:11 GMT
Cache-Control: max-age=172800, public
Content-Encoding: gzip
www.file-upload.com/mngez/images/anti2.png
172.67.146.80200 OK 641 B URL HTTP/2 www.file-upload.com/mngez/images/anti2.png
IP 172.67.146.80:0
File type PNG image data, 100 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash 722859ca75e68c14f4d803e76f846b92
0a00fa9439d602f40e3acd72dfb08b2f89c3fa2f
fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f
GET /mngez/images/anti2.png HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:11 GMT
content-type: image/png
content-length: 641
cache-control: max-age=315360000
cf-bgj: csam-hash
etag: "5c26aa0b-281"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 28 Dec 2018 22:56:11 GMT
cf-cache-status: HIT
age: 49019543
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UlQFB%2F9WqDnuG4PHIxgKqplj5BJ2GqbeYaeCEKG5A1kEGkt4rErEBuwH9Dex0P0BJ4%2BLmtWXMTVKQX0nPiit6aDAn8tlLWMjlbDYssi7LHlkq9UzWOo2bwoGlweqK29%2BPt51FQiD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76efa8de0ae60b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
151.139.128.10200 OK 4.5 kB URL HTTP/1.1 images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
IP 151.139.128.10:0
File type PNG image data, 135 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash b0e239fa4ddfbcdf08cbcb34a13b2a0f
957fdb58c09d85e41cc6a6ea134a9365adee4ec9
0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994
GET /Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766 HTTP/1.1
Host: images.dmca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 05:14:11 GMT
Content-Type: image/png
Last-Modified: Thu, 02 Jun 2011 03:26:26 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Cache-Control: public,max-age=31536000
ETag: "0abbdbd420cc1:0"
X-Powered-By: ASP.NET
X-HW: 1669266851.cds205.sk1.h2,1669266851.cds246.sk1.c
Link: <http://www.dmca.com/Badges/_dmca_premi_badge_4.png>; rel="canonical"
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 4535
www.file-upload.com/assets/images/logo_new.png
172.67.146.80200 OK 11 kB URL HTTP/2 www.file-upload.com/assets/images/logo_new.png
IP 172.67.146.80:0
File type PNG image data, 388 x 100, 8-bit colormap, non-interlaced\012- data
Hash 013809a14128b4e8ce78363114d5fd6d
433c94b7ec5df206f6564bddbfa5b2439ab94c3c
cdb644953802be61cd179e08c27b06275c4b141d374ba70213a4e09a6bcf0ad2
GET /assets/images/logo_new.png HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:11 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Fri, 09 Nov 2018 12:00:31 GMT
etag: W/"c8f-57a3a191435c0"
cache-control: public, max-age=31536000
expires: Mon, 13 Jun 2022 22:20:06 GMT
x-cache: HIT from Backend
cf-cache-status: HIT
age: 14712845
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q0o0pGfHus63zUcxvh8P9T1QpjpKQgxh%2FkeFc6jy2%2BEpA0xnK49ew32ZNMVBOCqqIlqmPbyP23GL3BOcsT1v72w6uRuHgeQjuPc%2FBsCpsQ2R%2F4zZOEBLGS2jPFoi33uHzA8oK4lS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76efa8de0ae90b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d26adrx9c3n0mq.cloudfront.net/?xrdad=888399
54.230.245.209200 OK 50 kB URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/?xrdad=888399
IP 54.230.245.209:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Hash e55794a02110b8108a467f6f3920134f
5b0e6deb28520e150ca891161d2216518a54bbdb
f38ec5fe9916366688e9493fe7be38ae9aec2828df4daef68dc9d14653483306
GET /?xrdad=888399 HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Content-Length: 49832
Connection: keep-alive
Date: Thu, 24 Nov 2022 05:14:11 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ko8Wbesz3_BHPmuD4yOWsvz7yWEpwvEc5N0pER2hgipPnkHAqDeOTQ==
d26adrx9c3n0mq.cloudfront.net/?xrdad=888398
54.230.245.209200 OK 163 kB URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/?xrdad=888398
IP 54.230.245.209:0
File type Unicode text, UTF-8 text, with very long lines (15945)
Size 163 kB (163058 bytes)
Hash dc5791cd7bf8c4ffc2dbc1ec2809d528
89855582c29e5490698d42480d3e22852baebba4
01eb6c29dea661a0939fbbb57e8b35ef679dba5b1af3d488be38da903364074e
GET /?xrdad=888398 HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Content-Length: 163058
Connection: keep-alive
Date: Thu, 24 Nov 2022 05:14:11 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: CPlCvh1G6uLke0KrBdeN2yankVN3zw5oanSNH1IcjzR-1QCpHMrsaQ==
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f86e152e080297ee8cba39a80a13e38
f916875bce604836a95a022234321e02b375bb67
0ad073449cdc28013c246ef309c9c3792f582172d4686af74f0b737cb68df6f1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0AD073449CDC28013C246EF309C9C3792F582172D4686AF74F0B737CB68DF6F1"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2300
Expires: Thu, 24 Nov 2022 05:52:31 GMT
Date: Thu, 24 Nov 2022 05:14:11 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f86e152e080297ee8cba39a80a13e38
f916875bce604836a95a022234321e02b375bb67
0ad073449cdc28013c246ef309c9c3792f582172d4686af74f0b737cb68df6f1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0AD073449CDC28013C246EF309C9C3792F582172D4686AF74F0B737CB68DF6F1"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2300
Expires: Thu, 24 Nov 2022 05:52:31 GMT
Date: Thu, 24 Nov 2022 05:14:11 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f86e152e080297ee8cba39a80a13e38
f916875bce604836a95a022234321e02b375bb67
0ad073449cdc28013c246ef309c9c3792f582172d4686af74f0b737cb68df6f1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0AD073449CDC28013C246EF309C9C3792F582172D4686AF74F0B737CB68DF6F1"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2300
Expires: Thu, 24 Nov 2022 05:52:31 GMT
Date: Thu, 24 Nov 2022 05:14:11 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 731083e973bec4fc2bde6d76cc03f098
0f7664811cb73375df44f6c65dd04b6b8dc5082e
8618ba421b9f395f34e64407114572f48a0843806942c8d2dc901345ec2af3ef
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 05:14:11 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 07:59:31 GMT
Expires: Tue, 29 Nov 2022 07:59:30 GMT
Etag: "0f7664811cb73375df44f6c65dd04b6b8dc5082e"
Cache-Control: max-age=441318,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76efa8e048f3b4f1-OSL
mantedtonisms.com/RFMwckIlMVMffSVuUlQ3Nj8NV3ACdgI0JnZlURYwPGpTQSx0PkFcISg8RRYkNjxeBmwqNkRXcAIcYiU2EAFnJy8GFwAYFS4WczxxLDdWJAwjNXZDKAUAcQMBPgVnOwAnKnUgKRMQXEIHDT56GAcQa2AQLBIXeyMtfRpcGigAOQAfFQwBfj8rARtVNHt1HmInMwUUBBwDEGt2Iis3AmAKD3EKSDMpEjkEAwo9JHgiOxYSVAtzKTIBJCUTBH4GBy0kdjw7KwB+GXcsN2EBOhA+dkMUDAV2K3AGBHJCdyw3YjsxBgRmChMMCkAWLCAFYCRzKgp2KwoQPh00cwIpfj0bBQFlFhRxalQnOiMEZz8rBRBpMxIDEWgzcyg5VDQUdQRdPHIVG1QQDBckaDsDdGtgJwB3H2c4cxEURBAmEBFpFgNiOUMdLDRuQyAVECF1PXoFGgE
54.230.111.116200 OK 1.2 kB URL HTTP/1.1 mantedtonisms.com/RFMwckIlMVMffSVuUlQ3Nj8NV3ACdgI0JnZlURYwPGpTQSx0PkFcISg8RRYkNjxeBmwqNkRXcAIcYiU2EAFnJy8GFwAYFS4WczxxLDdWJAwjNXZDKAUAcQMBPgVnOwAnKnUgKRMQXEIHDT56GAcQa2AQLBIXeyMtfRpcGigAOQAfFQwBfj8rARtVNHt1HmInMwUUBBwDEGt2Iis3AmAKD3EKSDMpEjkEAwo9JHgiOxYSVAtzKTIBJCUTBH4GBy0kdjw7KwB+GXcsN2EBOhA+dkMUDAV2K3AGBHJCdyw3YjsxBgRmChMMCkAWLCAFYCRzKgp2KwoQPh00cwIpfj0bBQFlFhRxalQnOiMEZz8rBRBpMxIDEWgzcyg5VDQUdQRdPHIVG1QQDBckaDsDdGtgJwB3H2c4cxEURBAmEBFpFgNiOUMdLDRuQyAVECF1PXoFGgE
IP 54.230.111.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3040), with no line terminators
Hash 5367737b715e02651d6c66cf21a2d431
8c9236210c60a91f847ff53f464e0d8e08464454
ebe960d86675390844131edbe320cb629ab52a1b83086edd918c0ae577e0882d
Analyzer Verdict Alert fortinet Phishing
GET /RFMwckIlMVMffSVuUlQ3Nj8NV3ACdgI0JnZlURYwPGpTQSx0PkFcISg8RRYkNjxeBmwqNkRXcAIcYiU2EAFnJy8GFwAYFS4WczxxLDdWJAwjNXZDKAUAcQMBPgVnOwAnKnUgKRMQXEIHDT56GAcQa2AQLBIXeyMtfRpcGigAOQAfFQwBfj8rARtVNHt1HmInMwUUBBwDEGt2Iis3AmAKD3EKSDMpEjkEAwo9JHgiOxYSVAtzKTIBJCUTBH4GBy0kdjw7KwB+GXcsN2EBOhA+dkMUDAV2K3AGBHJCdyw3YjsxBgRmChMMCkAWLCAFYCRzKgp2KwoQPh00cwIpfj0bBQFlFhRxalQnOiMEZz8rBRBpMxIDEWgzcyg5VDQUdQRdPHIVG1QQDBckaDsDdGtgJwB3H2c4cxEURBAmEBFpFgNiOUMdLDRuQyAVECF1PXoFGgE HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1191
Connection: keep-alive
Date: Thu, 24 Nov 2022 05:14:11 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: YlEWOymgfgDuY5TclExFtSB61R6GbRCeAR__wC7Up-lsjFgeyjzing==
mantedtonisms.com/NFBFbGdVMiYBWFVtJ0oSRjx4SVVydXcqAwZmJAgVTGkmXwkEPTRCBFg/MAgBRj8rGElaNTFJVXJhJgEDRgQoPTV3ERADMEMJCihUejMWAFJXNQMmMnACIgQkUxokIwBbAwQVX2cZFgdTdQV1Wi9cCiQ7VVMZABsMeTN1JT93AS0WMWIBAigeTAoXByJSACIfPWM3Lh0vXCcOLjNHNQYLVnofMjo3dzcUXCNmZAkvCkAHCyotcjYuKiZiYAhZI2YnAS4jXwgTXTFWGQcuP2IGMUlVcgYDFD9gPnUBMQUGJyM2BDMQOl5GBj8uJGMIcQ81ch4KCjRuCBM6SkdoAAADYRsrVTJmYCkOPQQWBDoQQyIHFAx9BCsbDmUWIQ0BWAIBOlZEIhMHLnYRLxslchEiOAYFCXU6C0BnFgctdhgrIjESOjYDCURtFCgRRRg8Ayp+Ng
54.230.111.116200 OK 1.2 kB URL HTTP/1.1 mantedtonisms.com/NFBFbGdVMiYBWFVtJ0oSRjx4SVVydXcqAwZmJAgVTGkmXwkEPTRCBFg/MAgBRj8rGElaNTFJVXJhJgEDRgQoPTV3ERADMEMJCihUejMWAFJXNQMmMnACIgQkUxokIwBbAwQVX2cZFgdTdQV1Wi9cCiQ7VVMZABsMeTN1JT93AS0WMWIBAigeTAoXByJSACIfPWM3Lh0vXCcOLjNHNQYLVnofMjo3dzcUXCNmZAkvCkAHCyotcjYuKiZiYAhZI2YnAS4jXwgTXTFWGQcuP2IGMUlVcgYDFD9gPnUBMQUGJyM2BDMQOl5GBj8uJGMIcQ81ch4KCjRuCBM6SkdoAAADYRsrVTJmYCkOPQQWBDoQQyIHFAx9BCsbDmUWIQ0BWAIBOlZEIhMHLnYRLxslchEiOAYFCXU6C0BnFgctdhgrIjESOjYDCURtFCgRRRg8Ayp+Ng
IP 54.230.111.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Hash 14ec107211bb6b22ca8d6d22b63fbe22
548f86113a0f8a1446d965b570a01e3e63febf6a
e37b7a8119996975e26cebd38bc04f908f882b4d0f05faf10191e074e4ca2e12
Analyzer Verdict Alert fortinet Phishing
GET /NFBFbGdVMiYBWFVtJ0oSRjx4SVVydXcqAwZmJAgVTGkmXwkEPTRCBFg/MAgBRj8rGElaNTFJVXJhJgEDRgQoPTV3ERADMEMJCihUejMWAFJXNQMmMnACIgQkUxokIwBbAwQVX2cZFgdTdQV1Wi9cCiQ7VVMZABsMeTN1JT93AS0WMWIBAigeTAoXByJSACIfPWM3Lh0vXCcOLjNHNQYLVnofMjo3dzcUXCNmZAkvCkAHCyotcjYuKiZiYAhZI2YnAS4jXwgTXTFWGQcuP2IGMUlVcgYDFD9gPnUBMQUGJyM2BDMQOl5GBj8uJGMIcQ81ch4KCjRuCBM6SkdoAAADYRsrVTJmYCkOPQQWBDoQQyIHFAx9BCsbDmUWIQ0BWAIBOlZEIhMHLnYRLxslchEiOAYFCXU6C0BnFgctdhgrIjESOjYDCURtFCgRRRg8Ayp+Ng HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1188
Connection: keep-alive
Date: Thu, 24 Nov 2022 05:14:11 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: vlSoMN6MRYGNV0esWVeP68BtOcQ7ej4bHtPMj214FULpOohfnR-tkA==
mantedtonisms.com/SWlaMlcoCzlfaChUOBQiOwVnF2UPTGh0M3tfO1YlMVA5ATl5BCscNCUGL1YxOwY0RnknDC4XZQ8uCF8nBycNQTsLOhRmAQ0gHnkGITo+dD9sWxxzESEOG3ZiKCsOaA8KLBt6GjEaD2YBOhoVai8lJg57Gwg7F1QHCFwtcAJ5GBlLGRo/N3MHAFgAZTN5HilnBiVeAl8jCy4jWRUqLzliBwg4PWUvfVEfWzQdITNWDwAvNWAbPjAyZBJ8WRZ6MCs+aHwOLztqURs+OCplPz5YDgFvDysOeAcvHgxTMyI7Y3cRLiwOAW8PIRkKEiweHH0zGgE1cGY6TGhwDwFEMWMACDsKVCAcMxd3bmxbGFYROVsCABoPODd8Di8/E30dGCwzdxEiKA16Zww+aWg1LzgIfTMPBihqFSIDHnEdBz00YyQvKAxXNg8ZKGMRE1p8WCQmByoPEjwFL0MOMVkwYWYZOy5TGw
54.230.111.116200 OK 1.2 kB URL HTTP/1.1 mantedtonisms.com/SWlaMlcoCzlfaChUOBQiOwVnF2UPTGh0M3tfO1YlMVA5ATl5BCscNCUGL1YxOwY0RnknDC4XZQ8uCF8nBycNQTsLOhRmAQ0gHnkGITo+dD9sWxxzESEOG3ZiKCsOaA8KLBt6GjEaD2YBOhoVai8lJg57Gwg7F1QHCFwtcAJ5GBlLGRo/N3MHAFgAZTN5HilnBiVeAl8jCy4jWRUqLzliBwg4PWUvfVEfWzQdITNWDwAvNWAbPjAyZBJ8WRZ6MCs+aHwOLztqURs+OCplPz5YDgFvDysOeAcvHgxTMyI7Y3cRLiwOAW8PIRkKEiweHH0zGgE1cGY6TGhwDwFEMWMACDsKVCAcMxd3bmxbGFYROVsCABoPODd8Di8/E30dGCwzdxEiKA16Zww+aWg1LzgIfTMPBihqFSIDHnEdBz00YyQvKAxXNg8ZKGMRE1p8WCQmByoPEjwFL0MOMVkwYWYZOy5TGw
IP 54.230.111.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3051), with no line terminators
Hash ec09799ab9130f7054e6106ed8bcc701
b93daef098f3615516fdf629ace1f3cd26ba9a8b
76b1c21f5aab1351fff2c69f2c749ad71c07ad551fa26ba640083327e6ce4fee
Analyzer Verdict Alert fortinet Phishing
GET /SWlaMlcoCzlfaChUOBQiOwVnF2UPTGh0M3tfO1YlMVA5ATl5BCscNCUGL1YxOwY0RnknDC4XZQ8uCF8nBycNQTsLOhRmAQ0gHnkGITo+dD9sWxxzESEOG3ZiKCsOaA8KLBt6GjEaD2YBOhoVai8lJg57Gwg7F1QHCFwtcAJ5GBlLGRo/N3MHAFgAZTN5HilnBiVeAl8jCy4jWRUqLzliBwg4PWUvfVEfWzQdITNWDwAvNWAbPjAyZBJ8WRZ6MCs+aHwOLztqURs+OCplPz5YDgFvDysOeAcvHgxTMyI7Y3cRLiwOAW8PIRkKEiweHH0zGgE1cGY6TGhwDwFEMWMACDsKVCAcMxd3bmxbGFYROVsCABoPODd8Di8/E30dGCwzdxEiKA16Zww+aWg1LzgIfTMPBihqFSIDHnEdBz00YyQvKAxXNg8ZKGMRE1p8WCQmByoPEjwFL0MOMVkwYWYZOy5TGw HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1202
Connection: keep-alive
Date: Thu, 24 Nov 2022 05:14:11 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PEIzIcTMkb56naSSRqO2gec1BFaZgllofo4J0l0ZiYrBuSJqkB6ANg==
mantedtonisms.com/MmJHR2xTACQqU1NfJWEZQA56Yl50R3UBCABUJiMeSlskdAICDzZpD14NMiMKQA0pM0JcBzNiXnQXE3YAWjEfKB98BX8xPmYRMAU0YCEjKlVjAQINHH8aDioqdlssChUGDQYqA3khLH8tfQogAT9fCTMAFQMqIXRUfCkFFgNoJyQ0KnEaLBIrCgAMPRhRBBEwWn0kMCwqZjcwAz9nACYqH1wEARVJACQhASIHNy0gG3YbdxEjcRICIlxdCgsSPgUxKXIcZlErIQpwFgIiXF1WCgZVF1ABEwFCEw51FHsEPgE0VDR+fysCMHAUBgIUFQ8DBQQqKzloUjcqCnRPCXIkYQ1xBAVoBCEVVWYHEjNJACQmES4HMXU3HmcxfxM8ZhUPDQt4EyY+CAYxKTdfZzV/Fw9fBWEtH10MN3o+VTAKdAdxVwgkFX5S
54.230.111.116200 OK 1.2 kB URL HTTP/1.1 mantedtonisms.com/MmJHR2xTACQqU1NfJWEZQA56Yl50R3UBCABUJiMeSlskdAICDzZpD14NMiMKQA0pM0JcBzNiXnQXE3YAWjEfKB98BX8xPmYRMAU0YCEjKlVjAQINHH8aDioqdlssChUGDQYqA3khLH8tfQogAT9fCTMAFQMqIXRUfCkFFgNoJyQ0KnEaLBIrCgAMPRhRBBEwWn0kMCwqZjcwAz9nACYqH1wEARVJACQhASIHNy0gG3YbdxEjcRICIlxdCgsSPgUxKXIcZlErIQpwFgIiXF1WCgZVF1ABEwFCEw51FHsEPgE0VDR+fysCMHAUBgIUFQ8DBQQqKzloUjcqCnRPCXIkYQ1xBAVoBCEVVWYHEjNJACQmES4HMXU3HmcxfxM8ZhUPDQt4EyY+CAYxKTdfZzV/Fw9fBWEtH10MN3o+VTAKdAdxVwgkFX5S
IP 54.230.111.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3023), with no line terminators
Hash 7ef1cdd9fa3b33284d52abd66eff9a1c
04149cb22d4f44f11fd88c3ec06e7d409472abde
18eafc77e2e6b170a5435bd6cc9dff2e595db7b9a6aa08529eab1a6d362d7e33
Analyzer Verdict Alert fortinet Phishing
GET /MmJHR2xTACQqU1NfJWEZQA56Yl50R3UBCABUJiMeSlskdAICDzZpD14NMiMKQA0pM0JcBzNiXnQXE3YAWjEfKB98BX8xPmYRMAU0YCEjKlVjAQINHH8aDioqdlssChUGDQYqA3khLH8tfQogAT9fCTMAFQMqIXRUfCkFFgNoJyQ0KnEaLBIrCgAMPRhRBBEwWn0kMCwqZjcwAz9nACYqH1wEARVJACQhASIHNy0gG3YbdxEjcRICIlxdCgsSPgUxKXIcZlErIQpwFgIiXF1WCgZVF1ABEwFCEw51FHsEPgE0VDR+fysCMHAUBgIUFQ8DBQQqKzloUjcqCnRPCXIkYQ1xBAVoBCEVVWYHEjNJACQmES4HMXU3HmcxfxM8ZhUPDQt4EyY+CAYxKTdfZzV/Fw9fBWEtH10MN3o+VTAKdAdxVwgkFX5S HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1178
Connection: keep-alive
Date: Thu, 24 Nov 2022 05:14:11 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Gp_lqEv-4rNtyrwnu5tqQMEvT8-U9ZdKDOfVrw9xf-F2UAw3y0fpxQ==
mantedtonisms.com/dmthMnQXCQJfSxdWAxQBBAdcF0YwTlN0EERdAFYGDlICARpGBhAcFxoEFFYSBAQPRloYDhUXRjA4A0gmDDEpdzkhE1FxIB4fBXRFGiE3RQw3MzRaPi4MIH48DlMrfxgnKicALRIiMHtHEykkfjo0CDJwDEI9NFUmICgjczYjW1RxMjctOWYYIDMlXjUkPDRkPicqLH4zGiEjeiU3PiJkRBIqM2Q+JzkraDw3KS51ExEPJVoyNCIKYDY0LTtlJSMPJXUTGT0gdzk3OjR8EiEMBXAlR1MnY0QGKTJVFw46NHwSJxMOeSZHGDNjNyw+OWMlOj4KZD80EUx0NidaWHU2Iy0ifhMgLzRkTRAjN2gjJzoJYDE3UwRhEy9aN1kyEykkfCInPVVgJSA6OXAfLzwgWkAuLjR3HSctWXAsIDk5dRMaKEdYBxkFEQ81RhoZYBozGDl+FhkuGQ
54.230.111.116200 OK 1.2 kB URL HTTP/1.1 mantedtonisms.com/dmthMnQXCQJfSxdWAxQBBAdcF0YwTlN0EERdAFYGDlICARpGBhAcFxoEFFYSBAQPRloYDhUXRjA4A0gmDDEpdzkhE1FxIB4fBXRFGiE3RQw3MzRaPi4MIH48DlMrfxgnKicALRIiMHtHEykkfjo0CDJwDEI9NFUmICgjczYjW1RxMjctOWYYIDMlXjUkPDRkPicqLH4zGiEjeiU3PiJkRBIqM2Q+JzkraDw3KS51ExEPJVoyNCIKYDY0LTtlJSMPJXUTGT0gdzk3OjR8EiEMBXAlR1MnY0QGKTJVFw46NHwSJxMOeSZHGDNjNyw+OWMlOj4KZD80EUx0NidaWHU2Iy0ifhMgLzRkTRAjN2gjJzoJYDE3UwRhEy9aN1kyEykkfCInPVVgJSA6OXAfLzwgWkAuLjR3HSctWXAsIDk5dRMaKEdYBxkFEQ81RhoZYBozGDl+FhkuGQ
IP 54.230.111.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3045), with no line terminators
Hash dc36e973510f3ec8515d8c08455869b1
e7145ebf7b612025918cd92bcd41cd75934fb5dd
ec5b7d1245ec718a2f64abd9a2e0100285f3c0bccfb73cc46b4e15b6105199db
Analyzer Verdict Alert fortinet Phishing
GET /dmthMnQXCQJfSxdWAxQBBAdcF0YwTlN0EERdAFYGDlICARpGBhAcFxoEFFYSBAQPRloYDhUXRjA4A0gmDDEpdzkhE1FxIB4fBXRFGiE3RQw3MzRaPi4MIH48DlMrfxgnKicALRIiMHtHEykkfjo0CDJwDEI9NFUmICgjczYjW1RxMjctOWYYIDMlXjUkPDRkPicqLH4zGiEjeiU3PiJkRBIqM2Q+JzkraDw3KS51ExEPJVoyNCIKYDY0LTtlJSMPJXUTGT0gdzk3OjR8EiEMBXAlR1MnY0QGKTJVFw46NHwSJxMOeSZHGDNjNyw+OWMlOj4KZD80EUx0NidaWHU2Iy0ifhMgLzRkTRAjN2gjJzoJYDE3UwRhEy9aN1kyEykkfCInPVVgJSA6OXAfLzwgWkAuLjR3HSctWXAsIDk5dRMaKEdYBxkFEQ81RhoZYBozGDl+FhkuGQ HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1191
Connection: keep-alive
Date: Thu, 24 Nov 2022 05:14:11 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 4drWyAqJs_jBGvOJuuDZMvJA_v9t3c678bTGB-TdAjMWwI58Lei0mA==
engingsecondu.com/aVNrUmFGbAghXD8VGyUAPREACwo7Aik/KxgBWhMmMxQhFDYOGk0mCA1uU2pZWmpTdBEAN1ZjRxonCiYUGm5adAgHNQRvRx9uWnxSXX1YYk9fdR5vUE8nGzMGVGJNIhUdP1ZjV19qWWRXUWZaZFBa
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/aVNrUmFGbAghXD8VGyUAPREACwo7Aik/KxgBWhMmMxQhFDYOGk0mCA1uU2pZWmpTdBEAN1ZjRxonCiYUGm5adAgHNQRvRx9uWnxSXX1YYk9fdR5vUE8nGzMGVGJNIhUdP1ZjV19qWWRXUWZaZFBa
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aVNrUmFGbAghXD8VGyUAPREACwo7Aik/KxgBWhMmMxQhFDYOGk0mCA1uU2pZWmpTdBEAN1ZjRxonCiYUGm5adAgHNQRvRx9uWnxSXX1YYk9fdR5vUE8nGzMGVGJNIhUdP1ZjV19qWWRXUWZaZFBa HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 05:14:11 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7%2FcWg4iqD2ZuC0Dwoytmnm7ZGvmBGnstJZ8eHElsU3kpjEVOUb2U3QOh6BkypW4B8xhj3URByDVYNK0p90wjt1%2B9rto2C5BtXJHyJV%2FHWI0ok5%2BIf3fLL2niEvzsw0fUBysVtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76efa8e03a900b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
engingsecondu.com/bm1nTkZBUgQ9eyBcPnoTOSg3LDEsATEPCBguMAwQLDoEBRwoJEE6LwpQX3dwX1RfaDYHCVp/fkgeEy8yGx5af2AHAwEhe0gbWn9oXkNVYHRIGFp/YBodBil7X0sXOjICUFZ4cFdfUXh+W1xRenI
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/bm1nTkZBUgQ9eyBcPnoTOSg3LDEsATEPCBguMAwQLDoEBRwoJEE6LwpQX3dwX1RfaDYHCVp/fkgeEy8yGx5af2AHAwEhe0gbWn9oXkNVYHRIGFp/YBodBil7X0sXOjICUFZ4cFdfUXh+W1xRenI
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bm1nTkZBUgQ9eyBcPnoTOSg3LDEsATEPCBguMAwQLDoEBRwoJEE6LwpQX3dwX1RfaDYHCVp/fkgeEy8yGx5af2AHAwEhe0gbWn9oXkNVYHRIGFp/YBodBil7X0sXOjICUFZ4cFdfUXh+W1xRenI HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 05:14:12 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IYuFFGebSanZOF92M7lEeDiE%2BPHIGHwxGh4Ok7LxVS6jh8GMJOvwGKzwYfQY23vgF3zweHkws6%2FfUFtoIq6PP3sTQxZK37SyRnrWE9zonFar%2Fa3BrCe5jm%2Ba4jFxJ5uNxvChdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76efa8e04a920b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 24 Nov 2022 05:08:53 GMT
cache-control: public,max-age=3600
age: 319
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
engingsecondu.com/ZEpIM21LdStAUD4hBnYPChwZVwMuEBoCK1IpHkssMSQOAToxA25HBAB3cAtUU3x+FR0NLnUCSxc+KUcYF3d5FQQKLCcOSxJ3eR1eUGR7A0NSbD0OXEI+OFIKWXtuQxkQJnUCW1JzegVbXH95BV9c
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/ZEpIM21LdStAUD4hBnYPChwZVwMuEBoCK1IpHkssMSQOAToxA25HBAB3cAtUU3x+FR0NLnUCSxc+KUcYF3d5FQQKLCcOSxJ3eR1eUGR7A0NSbD0OXEI+OFIKWXtuQxkQJnUCW1JzegVbXH95BV9c
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZEpIM21LdStAUD4hBnYPChwZVwMuEBoCK1IpHkssMSQOAToxA25HBAB3cAtUU3x+FR0NLnUCSxc+KUcYF3d5FQQKLCcOSxJ3eR1eUGR7A0NSbD0OXEI+OFIKWXtuQxkQJnUCW1JzegVbXH95BV9c HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 05:14:12 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Mq5bEhIU3mA%2BaLgpnM9n0Y7DWQVxkFGQUKORACUnODDHiFr%2BBCxJL31xVaS6%2BXeY52qRVPAWHZ4rhtTlJB7b7uRkH9IQPDQ7OIauBsIdYcLJ3Vdjxmqmyvte0Dp%2FLnR2PgKlg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76efa8e04a950b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
engingsecondu.com/YWttMHdOVA5DSjQGHVw5DTkAZUYoKjddBzU9CnYdOz0BYTY2KktEHgVWVQhPUlJUFgcID1ADRUcYGVEDFBhQAkdRXEtZGQcEUAJRF1ZdHk9PWlweR0ceUAFRFRsMV0pQTR1EAw1WXAZBWFlbBk9UWlsFQg
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/YWttMHdOVA5DSjQGHVw5DTkAZUYoKjddBzU9CnYdOz0BYTY2KktEHgVWVQhPUlJUFgcID1ADRUcYGVEDFBhQAkdRXEtZGQcEUAJRF1ZdHk9PWlweR0ceUAFRFRsMV0pQTR1EAw1WXAZBWFlbBk9UWlsFQg
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /YWttMHdOVA5DSjQGHVw5DTkAZUYoKjddBzU9CnYdOz0BYTY2KktEHgVWVQhPUlJUFgcID1ADRUcYGVEDFBhQAkdRXEtZGQcEUAJRF1ZdHk9PWlweR0ceUAFRFRsMV0pQTR1EAw1WXAZBWFlbBk9UWlsFQg HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 05:14:12 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oq9rFzsuK17lfZ6jMLl6bhYHUXJ30m8xSiCMFdVkq7eAPvkFcACC5oAbvYgO%2BkcOZvDewwaNiWevjUXfqYGQ5lOhLGMeUTuTA57BXBJvTgJ7MBAFtUEs9UXJhtJl%2F5K6lb8Z5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76efa8e05a9e0b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
engingsecondu.com/ZTJ6am9KDRkZUgRkND0hMAMeCwIgdhxbKRRoKyBZPV84AC4LWVweBgEPQlJXVgtDTB8MVkdZXUNBDgsbEEFHW0kMXBwFUkNER1pBXRxLW0FVFA9XXkNGCgsIWANcGhsRXkdbWVMLSFxZXQdLXFpR
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/ZTJ6am9KDRkZUgRkND0hMAMeCwIgdhxbKRRoKyBZPV84AC4LWVweBgEPQlJXVgtDTB8MVkdZXUNBDgsbEEFHW0kMXBwFUkNER1pBXRxLW0FVFA9XXkNGCgsIWANcGhsRXkdbWVMLSFxZXQdLXFpR
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZTJ6am9KDRkZUgRkND0hMAMeCwIgdhxbKRRoKyBZPV84AC4LWVweBgEPQlJXVgtDTB8MVkdZXUNBDgsbEEFHW0kMXBwFUkNER1pBXRxLW0FVFA9XXkNGCgsIWANcGhsRXkdbWVMLSFxZXQdLXFpR HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 05:14:12 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1XC%2FVZHTC2wrUFRuJhcJ2Dkqd57bBAOCvLwc2paBhmTKVHSSwPXQUvs2i5dIATlMh3mwdUS5uYDxW0nxq1DnYtyDVxwEp%2FULa0PHu5a%2BWLOnf3hejhzyrc2p3QjzWxQppgQSTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76efa8e05a9d0b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
engingsecondu.com/NnFmUkIZTgUhf28kDgQbBAEyNHBgKTE+AAIrIBgRYykgJhUHOEAmK1JMX2BwBERVdDJfFVtjZEUFByY3RUxXdCtYFwlvZEBMV3xxAl9VYmwAVxNvcxAFFjMlC0BAIjZCHVtjdABIVGR0DkRXZHEA
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/NnFmUkIZTgUhf28kDgQbBAEyNHBgKTE+AAIrIBgRYykgJhUHOEAmK1JMX2BwBERVdDJfFVtjZEUFByY3RUxXdCtYFwlvZEBMV3xxAl9VYmwAVxNvcxAFFjMlC0BAIjZCHVtjdABIVGR0DkRXZHEA
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /NnFmUkIZTgUhf28kDgQbBAEyNHBgKTE+AAIrIBgRYykgJhUHOEAmK1JMX2BwBERVdDJfFVtjZEUFByY3RUxXdCtYFwlvZEBMV3xxAl9VYmwAVxNvcxAFFjMlC0BAIjZCHVtjdABIVGR0DkRXZHEA HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 05:14:12 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z%2FnbRobiYlRyy8WUSjXL%2BMG229eUMHtn9jbO3hgkm6WhhkonFXSzzgBdguQn%2FI4of5KHcXHrJqNSuti5IJ0lSaMfHEVp3pTZe3m5%2F25HHknM0fErzzz4imPC23jFHyFL7%2FhgkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76efa8e06aa10b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f86e152e080297ee8cba39a80a13e38
f916875bce604836a95a022234321e02b375bb67
0ad073449cdc28013c246ef309c9c3792f582172d4686af74f0b737cb68df6f1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0AD073449CDC28013C246EF309C9C3792F582172D4686AF74F0B737CB68DF6F1"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2299
Expires: Thu, 24 Nov 2022 05:52:31 GMT
Date: Thu, 24 Nov 2022 05:14:12 GMT
Connection: keep-alive
file-upload.site/page.js
66.29.132.14200 OK 193 B IP 66.29.132.14:0
File type ASCII text, with no line terminators
Hash 391f261aab9787c46e979046b0e25a65
3f2eec09b02e10bff81bf689d9a380b137f87244
bf2dbac3a4aab3d31cc8e6b3e84a14203add0d903a5611f10025d7cfe158801a
GET /page.js HTTP/1.1
Host: file-upload.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 05:14:12 GMT
content-type: application/javascript
last-modified: Mon, 21 Nov 2022 21:53:53 GMT
accept-ranges: bytes
content-length: 193
date: Thu, 24 Nov 2022 05:14:12 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
d26adrx9c3n0mq.cloudfront.net/1cmdrTmQRCAUoWwYOD3NcSl5ceFJUDRghCgJaOgoSAy8SISk4AU06HhZaW2gIEwkMc0IXCQhzVVQGDyxZRkEfPgsZWgkqHhwKBTseCg1NOwVPCgQ0DR4LCmtWNFJFfkFAV0M5DRwDBDkXV1VbIBBXVVt/VFxXTn0mV1VbOQ0cUV9rVzBCWX4cRFNOfSZXVV-s8EldUKn9UR0lbZ0FAVwwrBxkITnwiQFdaflRDV1prVkIBAjwBFAgTa1Y0Vlt7SkJBHnNV
54.230.245.209200 OK 616 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/1cmdrTmQRCAUoWwYOD3NcSl5ceFJUDRghCgJaOgoSAy8SISk4AU06HhZaW2gIEwkMc0IXCQhzVVQGDyxZRkEfPgsZWgkqHhwKBTseCg1NOwVPCgQ0DR4LCmtWNFJFfkFAV0M5DRwDBDkXV1VbIBBXVVt/VFxXTn0mV1VbOQ0cUV9rVzBCWX4cRFNOfSZXVV-s8EldUKn9UR0lbZ0FAVwwrBxkITnwiQFdaflRDV1prVkIBAjwBFAgTa1Y0Vlt7SkJBHnNV
IP 54.230.245.209:0
File type ASCII text, with very long lines (866), with no line terminators
Hash 6f194dfe70a1167fe9e206448642292b
efa84093c6699fdb89c1f78608fb6fd0b1cd04d9
b82d56c41549fd852a8c527165f19c980fa9a9e8e6120482e447a6cfc3284a20
GET /1cmdrTmQRCAUoWwYOD3NcSl5ceFJUDRghCgJaOgoSAy8SISk4AU06HhZaW2gIEwkMc0IXCQhzVVQGDyxZRkEfPgsZWgkqHhwKBTseCg1NOwVPCgQ0DR4LCmtWNFJFfkFAV0M5DRwDBDkXV1VbIBBXVVt/VFxXTn0mV1VbOQ0cUV9rVzBCWX4cRFNOfSZXVV-s8EldUKn9UR0lbZ0FAVwwrBxkITnwiQFdaflRDV1prVkIBAjwBFAgTa1Y0Vlt7SkJBHnNV HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mantedtonisms.com/
HTTP/1.1 200 OK
Content-Length: 616
Connection: keep-alive
Date: Thu, 24 Nov 2022 05:14:12 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: nZ1oY1ZSbgXSDQZIN-ruGGipg8e3S4JZmRBAElMyJR8NU3lrInV3lw==
d26adrx9c3n0mq.cloudfront.net/ORWtTRWUmBD0jWjECN3hdfVNgfF1jASAqCzVWIBcyERkWCl0EImJjET8PbnVDKQo9IlhjDj0mWHRNMiEHeF91MRUqAG4nAT8FPisQPxM5YxAkVj4qHywHPyRAdy1ma1VgWWNtEiwFNyoSNk5hdQsxTmF1VHVFY2BWB05hdRIsBWVxQHYpdndVPV1nYFYHTm-F1FzNOYARUdV59dUxgWWMiACYAPGBXA1ljdFV1WmN0QHdbNSwXIA08PUB3LWJ1UGtbdTBYdA
54.230.245.209200 OK 629 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/ORWtTRWUmBD0jWjECN3hdfVNgfF1jASAqCzVWIBcyERkWCl0EImJjET8PbnVDKQo9IlhjDj0mWHRNMiEHeF91MRUqAG4nAT8FPisQPxM5YxAkVj4qHywHPyRAdy1ma1VgWWNtEiwFNyoSNk5hdQsxTmF1VHVFY2BWB05hdRIsBWVxQHYpdndVPV1nYFYHTm-F1FzNOYARUdV59dUxgWWMiACYAPGBXA1ljdFV1WmN0QHdbNSwXIA08PUB3LWJ1UGtbdTBYdA
IP 54.230.245.209:0
File type ASCII text, with very long lines (863), with no line terminators
Hash 61e302e78d55ac24de97d3f197c677ad
1693733781101394cdd440c2ffbca3832f7e329b
c2b7061dfe40e61fd1e902872c5f3819d51d250868d03e91c4bef1b6b3e89cc5
GET /ORWtTRWUmBD0jWjECN3hdfVNgfF1jASAqCzVWIBcyERkWCl0EImJjET8PbnVDKQo9IlhjDj0mWHRNMiEHeF91MRUqAG4nAT8FPisQPxM5YxAkVj4qHywHPyRAdy1ma1VgWWNtEiwFNyoSNk5hdQsxTmF1VHVFY2BWB05hdRIsBWVxQHYpdndVPV1nYFYHTm-F1FzNOYARUdV59dUxgWWMiACYAPGBXA1ljdFV1WmN0QHdbNSwXIA08PUB3LWJ1UGtbdTBYdA HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mantedtonisms.com/
HTTP/1.1 200 OK
Content-Length: 629
Connection: keep-alive
Date: Thu, 24 Nov 2022 05:14:12 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: sa277cxyeFUvdE_bZ__y7AdzDJFhftEEOmw_GIbVoLkc13R_EcpCHQ==
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash eb52164d651f5f45416e873aec29eb04
405b29bb7e7cd4367cf82988f8603e53db65f139
ed885e05db822ff30fe951e10b6d4f21e574d053939afca792992a1549a15301
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2376
Cache-Control: max-age=102737
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:12 GMT
Etag: "637de2ad-1d7"
Expires: Fri, 25 Nov 2022 09:46:29 GMT
Last-Modified: Wed, 23 Nov 2022 09:06:53 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 7f275f98cd7252b2fa5456d8a4492cbc
266df5f1a8adfd667d952736f4c04786d46613bf
5b11baf2f4c980c7762a4a7c656a69c60f3b2cfa7674cb298928d28953845c00
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2707
Cache-Control: max-age=135116
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:12 GMT
Etag: "637e5fdd-116"
Expires: Fri, 25 Nov 2022 18:46:08 GMT
Last-Modified: Wed, 23 Nov 2022 18:01:01 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 278
d26adrx9c3n0mq.cloudfront.net/uT1lhSXosNg8vRTswBXRCdm9QcEJpMxImFD9kMy4oAmoKCk8AOhgFSmktGy1Hf38NKBQoZEcsFCxkUG8bKztcfVw6OFwkFTUwDSUbamsnfFR/fFN5UjgwDy0VOCpEe0ohLUR7Sn5pT3lffBtEe0o4MA9/TmpqI2xIfyFXfV98G0R7Sj0vRHo7fmlUZ0pmfF-N5HSo6CiZffR9TeUt/aVB5S2prUS8TPTwHJgJqayd4Snp3UW8Pcmg
54.230.245.209200 OK 190 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/uT1lhSXosNg8vRTswBXRCdm9QcEJpMxImFD9kMy4oAmoKCk8AOhgFSmktGy1Hf38NKBQoZEcsFCxkUG8bKztcfVw6OFwkFTUwDSUbamsnfFR/fFN5UjgwDy0VOCpEe0ohLUR7Sn5pT3lffBtEe0o4MA9/TmpqI2xIfyFXfV98G0R7Sj0vRHo7fmlUZ0pmfF-N5HSo6CiZffR9TeUt/aVB5S2prUS8TPTwHJgJqayd4Snp3UW8Pcmg
IP 54.230.245.209:0
File type ASCII text, with no line terminators
Hash d644d16e28490520dd9f61099e04dd7b
dca921c47c8f939da879538111cf70295b171d9b
15784ac8859677a10e9f6af5fa1388a5a73101d9d4d255c65d68afd04fa2f483
GET /uT1lhSXosNg8vRTswBXRCdm9QcEJpMxImFD9kMy4oAmoKCk8AOhgFSmktGy1Hf38NKBQoZEcsFCxkUG8bKztcfVw6OFwkFTUwDSUbamsnfFR/fFN5UjgwDy0VOCpEe0ohLUR7Sn5pT3lffBtEe0o4MA9/TmpqI2xIfyFXfV98G0R7Sj0vRHo7fmlUZ0pmfF-N5HSo6CiZffR9TeUt/aVB5S2prUS8TPTwHJgJqayd4Snp3UW8Pcmg HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mantedtonisms.com/
HTTP/1.1 200 OK
Content-Length: 190
Connection: keep-alive
Date: Thu, 24 Nov 2022 05:14:12 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: cwPDd7YInaob4kYro9sXOQlYLoLojUrimLs07SrVJdJJbWK3M-W6ig==
d26adrx9c3n0mq.cloudfront.net/GRmpNNWslBSNTVDIDKQhSdFh/AFhgAD5aBTZXCEAHMxsUTVssOXxlOTILARMfPA5wBU0qCyNSVmAPI1ZWd0wsUQl7XmtBGykBcFcPPAQgWx48EicTHidXIFoRLwYhVE50LHgbW2NYfR0cLwQpWhw1T38FBTJPfwVadkR9EFgET38FHC8EewFOdShoB1s+XH-kQWARPfwUZME9+dFp2X2MFQmNYfVIOJQEiEFkAWH0EW3ZbfQROdForXBkjDCJNTnQsfAVeaFprQFZ3
54.230.245.209200 OK 499 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/GRmpNNWslBSNTVDIDKQhSdFh/AFhgAD5aBTZXCEAHMxsUTVssOXxlOTILARMfPA5wBU0qCyNSVmAPI1ZWd0wsUQl7XmtBGykBcFcPPAQgWx48EicTHidXIFoRLwYhVE50LHgbW2NYfR0cLwQpWhw1T38FBTJPfwVadkR9EFgET38FHC8EewFOdShoB1s+XH-kQWARPfwUZME9+dFp2X2MFQmNYfVIOJQEiEFkAWH0EW3ZbfQROdForXBkjDCJNTnQsfAVeaFprQFZ3
IP 54.230.245.209:0
File type ASCII text, with very long lines (668), with no line terminators
Hash 8581c5e800ab23da2c7faf6a35ef4ab7
26a0b06f9adf47617e3f4f9562e5eae10b451533
4ad9f8a8aa8dae80b6eab791bad59659010008242b0966912020324ecd52cdc4
GET /GRmpNNWslBSNTVDIDKQhSdFh/AFhgAD5aBTZXCEAHMxsUTVssOXxlOTILARMfPA5wBU0qCyNSVmAPI1ZWd0wsUQl7XmtBGykBcFcPPAQgWx48EicTHidXIFoRLwYhVE50LHgbW2NYfR0cLwQpWhw1T38FBTJPfwVadkR9EFgET38FHC8EewFOdShoB1s+XH-kQWARPfwUZME9+dFp2X2MFQmNYfVIOJQEiEFkAWH0EW3ZbfQROdForXBkjDCJNTnQsfAVeaFprQFZ3 HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mantedtonisms.com/
HTTP/1.1 200 OK
Content-Length: 499
Connection: keep-alive
Date: Thu, 24 Nov 2022 05:14:12 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -worDdNOBl4AjMjsP0AL4nFK77cC1Ohtjw-2CLobXP1Gr9Z2sCvytQ==
d26adrx9c3n0mq.cloudfront.net/SbzRzZHEMWx0CThtdF1lJVwxAXUhJXgALHx8JMlQAF2YdIQI3eBELNBcSBx4VUgRVCBABU05CFAFXTlVXDlARWUVJQAMLGlJBHQAUCV0dARVJQRJZHABOGggdDhFBIkRBBFZWQUdDGgoVAEMAQUNfWgdBQ18FQ0pBSgcxQUNfQxoKR1sRQCZUXQQLUkVKBz-FBQ19GBUFCLgVDUV9fHVZWQQhREA8eSgY1VkFeBENVQV4RQVQXBkYWAh4XEUEiQF8BXVRXGglC
54.230.245.209200 OK 362 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/SbzRzZHEMWx0CThtdF1lJVwxAXUhJXgALHx8JMlQAF2YdIQI3eBELNBcSBx4VUgRVCBABU05CFAFXTlVXDlARWUVJQAMLGlJBHQAUCV0dARVJQRJZHABOGggdDhFBIkRBBFZWQUdDGgoVAEMAQUNfWgdBQ18FQ0pBSgcxQUNfQxoKR1sRQCZUXQQLUkVKBz-FBQ19GBUFCLgVDUV9fHVZWQQhREA8eSgY1VkFeBENVQV4RQVQXBkYWAh4XEUEiQF8BXVRXGglC
IP 54.230.245.209:0
File type ASCII text, with very long lines (462), with no line terminators
Hash 0dd0da2026afd023088ca22fceed4372
e42e6eb3d1c912d83300be81a01a33f3747ea2a8
f58627110c61ddfebaa4c9ad2c93c7905dea5751ff4e8d5b5e69638af81df918
GET /SbzRzZHEMWx0CThtdF1lJVwxAXUhJXgALHx8JMlQAF2YdIQI3eBELNBcSBx4VUgRVCBABU05CFAFXTlVXDlARWUVJQAMLGlJBHQAUCV0dARVJQRJZHABOGggdDhFBIkRBBFZWQUdDGgoVAEMAQUNfWgdBQ18FQ0pBSgcxQUNfQxoKR1sRQCZUXQQLUkVKBz-FBQ19GBUFCLgVDUV9fHVZWQQhREA8eSgY1VkFeBENVQV4RQVQXBkYWAh4XEUEiQF8BXVRXGglC HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mantedtonisms.com/
HTTP/1.1 200 OK
Content-Length: 362
Connection: keep-alive
Date: Thu, 24 Nov 2022 05:14:12 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PRsjndRT-rAVmpfbKsHbcUCdq32njBu_3keC_F36B9_SEKxEqAqb7A==
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 7f275f98cd7252b2fa5456d8a4492cbc
266df5f1a8adfd667d952736f4c04786d46613bf
5b11baf2f4c980c7762a4a7c656a69c60f3b2cfa7674cb298928d28953845c00
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2707
Cache-Control: max-age=135116
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:12 GMT
Etag: "637e5fdd-116"
Expires: Fri, 25 Nov 2022 18:46:08 GMT
Last-Modified: Wed, 23 Nov 2022 18:01:01 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 278
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fbcbd9767a6198c1ffe42d908ea44d75
0bb57a9c7b7991d995b75b0d8db87d5194bf7723
cf2579674b419201023c1d70e7c0d5d317f30a937aaf9feaeaba0b9d0c51d293
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CF2579674B419201023C1D70E7C0D5D317F30A937AAF9FEAEABA0B9D0C51D293"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3371
Expires: Thu, 24 Nov 2022 06:10:23 GMT
Date: Thu, 24 Nov 2022 05:14:12 GMT
Connection: keep-alive
outbursttones.com/01/10/5f/01105f188a1c32226733edcb09dd3870.js
173.233.137.36200 OK 21 kB URL HTTP/1.1 outbursttones.com/01/10/5f/01105f188a1c32226733edcb09dd3870.js
IP 173.233.137.36:0
File type HTML document, ASCII text, with very long lines (60180), with no line terminators
Hash f4d0528937260c945bf76ad0a4f9bac1
eb08c5a5893a9c09d08f9b2067e2f8e30eaadffc
1a34fa01c6b152acac8cdd554761a1853c019ebce92c74da6079392b44edf1c2
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /01/10/5f/01105f188a1c32226733edcb09dd3870.js HTTP/1.1
Host: outbursttones.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 24 Nov 2022 05:14:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 41686e9920457623ed344dd1d6d69101
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
push.services.mozilla.com/
34.223.160.237101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.223.160.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 15v0IJiQh6aW0LHZ4Xg7ng==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bTIb5IMqpd42ekaiRPiLvWf8GPE=
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b6e7c5faf2d24e0d958ab10ee95f6791
16b68ad4b4a2776571697dff8edc9369a3c5c451
1431771f6fd4ad8c028d53a7489acc16b829e32e01d92df5e8c923723024b75a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2943
Cache-Control: max-age=122363
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:12 GMT
Etag: "637e2d20-1d7"
Expires: Fri, 25 Nov 2022 15:13:35 GMT
Last-Modified: Wed, 23 Nov 2022 14:24:32 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43590d3cdc6d87840c90fdfc4320028d
40d15b8a046a321b9edaf9665cc6edbf7e9ae719
b4a9dd9a946e3a00d3f960f24e359f6f112e85f01da9d930f95a29c743ce82e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1db5a3722f73dd82c0084cfbe2e89f96
5f74860c9abaf4bcc570abc895b37cea7ceafdf7
ab88dd13690a6943086cb8425e8db1461ecf29c827633cda4cab5a7e6011eab7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AB88DD13690A6943086CB8425E8DB1461ECF29C827633CDA4CAB5A7E6011EAB7"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6436
Expires: Thu, 24 Nov 2022 07:01:28 GMT
Date: Thu, 24 Nov 2022 05:14:12 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43590d3cdc6d87840c90fdfc4320028d
40d15b8a046a321b9edaf9665cc6edbf7e9ae719
b4a9dd9a946e3a00d3f960f24e359f6f112e85f01da9d930f95a29c743ce82e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1db5a3722f73dd82c0084cfbe2e89f96
5f74860c9abaf4bcc570abc895b37cea7ceafdf7
ab88dd13690a6943086cb8425e8db1461ecf29c827633cda4cab5a7e6011eab7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AB88DD13690A6943086CB8425E8DB1461ECF29C827633CDA4CAB5A7E6011EAB7"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6436
Expires: Thu, 24 Nov 2022 07:01:28 GMT
Date: Thu, 24 Nov 2022 05:14:12 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 47042f851082f9d36d5ccab604c5f14e
fe8100b57d75eefb49d7b2a7c9fb108d8ca111df
b5c61da899dcb3b680922d8f4611956646deaf3cbd7c727b093a7764016805fc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6408
Cache-Control: max-age=103903
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:12 GMT
Etag: "637dd77b-117"
Expires: Fri, 25 Nov 2022 10:05:55 GMT
Last-Modified: Wed, 23 Nov 2022 08:19:07 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 279
mantedtonisms.com/utx?cb=69JyBqo2f9uv&top=www.file-upload.com&tid=888398
54.230.111.116204 No Content 0 B URL HTTP/2 mantedtonisms.com/utx?cb=69JyBqo2f9uv&top=www.file-upload.com&tid=888398
IP 54.230.111.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=69JyBqo2f9uv&top=www.file-upload.com&tid=888398 HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 05:14:12 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 24 Nov 2022 05:15:12 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 90ib0Rinz0rkc3yCNjOU1oOMQWHj7QbduR8Uu67kmAwXQcn4YHu5rg==
X-Firefox-Spdy: h2
engingsecondu.com/popunder.gif
104.21.55.224200 OK 58 B URL HTTP/1.1 engingsecondu.com/popunder.gif
IP 104.21.55.224:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 79c15b369d32d2f0f17c116f541b6df3
3039289d4d1f5bc7385a81621deb2614423b769b
e3a3c6b90f511e80a77636fdd4c6047336d4ed5b2c86adf74318a08142649e08
GET /popunder.gif HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 05:14:12 GMT
Content-Type: image/gif
Content-Length: 58
Connection: keep-alive
access-control-allow-origin: *
Pragma: public
cache-control: public, max-age=604800, immutable
content-encoding: gzip
CF-Cache-Status: HIT
Age: 39551
Last-Modified: Wed, 23 Nov 2022 18:15:01 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PxspzEF2%2FqTB0iBiCuE5Q3qCFqsn%2FmzvxJsh9mj9B%2FTCnNHjTFjqNgW278ltVG2%2FaKU%2FNeSudj%2BW1RKwOmDxSOUFwL3ZZePId5pPqeq0pfnol6Vu6kM6stpWz4FUbVQ6yiRIAw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76efa8e4bef90b3d-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 317cb4b699bb86c3398428b9156e2aaf
dadc129956ceb9285e2aa1977fc4c7b287f2e2f0
d6fd5484ff2634cbf388d9f0d4634943a28e7557a25a2d9739f53ce5223764d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D6FD5484FF2634CBF388D9F0D4634943A28E7557A25A2D9739F53CE5223764D5"
Last-Modified: Mon, 21 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5973
Expires: Thu, 24 Nov 2022 06:53:45 GMT
Date: Thu, 24 Nov 2022 05:14:12 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 392 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash b690fc34ea9c3994c98a148bb8f21b39
1d6f4cc4c11f9a3d69adaf7741a68fa376100e9e
da052afb3649c8a5979d7e74904d4d3d57e120d30115d84c9cdc2eaf7b19f4b1
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 24 Nov 2022 05:14:12 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S688868822%3A1669266852611261&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvwd5TKYHUyXXfBw60jCrDE_G5V4wRhqF0xI8v7i5OAnX2JYAwDnF-hwVMNCpD7tfBAh6EMxw
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-JZ4_kCHKYQaluk_N68pcMg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 392
server: GSE
set-cookie: __Host-GAPS=1:tP12eEocSOyj6S_KyTgA8L0L1OI0yw:hJIg7fux0iArV6as;Path=/;Expires=Sat, 23-Nov-2024 05:14:12 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mantedtonisms.com/utx?cb=PPBW2kfSTyxs&top=www.file-upload.com&tid=889766
54.230.111.116204 No Content 0 B URL HTTP/2 mantedtonisms.com/utx?cb=PPBW2kfSTyxs&top=www.file-upload.com&tid=889766
IP 54.230.111.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=PPBW2kfSTyxs&top=www.file-upload.com&tid=889766 HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 05:14:12 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 24 Nov 2022 05:15:12 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3n36YHwkZ6SVompa8S8vt3RbczmswWFp-KouEbaDb7zH9dBQqAEDig==
X-Firefox-Spdy: h2
mantedtonisms.com/utx?cb=la0vx8jvBSg8&top=www.file-upload.com&tid=922253
54.230.111.116204 No Content 0 B URL HTTP/2 mantedtonisms.com/utx?cb=la0vx8jvBSg8&top=www.file-upload.com&tid=922253
IP 54.230.111.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=la0vx8jvBSg8&top=www.file-upload.com&tid=922253 HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 05:14:12 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 24 Nov 2022 05:15:12 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PKa6SQjEoPXxbSe6gJMch-ty9T-s79EAmBQIN-7LToSP5gWfUtLYsw==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 47042f851082f9d36d5ccab604c5f14e
fe8100b57d75eefb49d7b2a7c9fb108d8ca111df
b5c61da899dcb3b680922d8f4611956646deaf3cbd7c727b093a7764016805fc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6408
Cache-Control: max-age=103903
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:12 GMT
Etag: "637dd77b-117"
Expires: Fri, 25 Nov 2022 10:05:55 GMT
Last-Modified: Wed, 23 Nov 2022 08:19:07 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 279
mantedtonisms.com/utx?cb=h295FqzieTD9&top=www.file-upload.com&tid=888399
54.230.111.116204 No Content 0 B URL HTTP/2 mantedtonisms.com/utx?cb=h295FqzieTD9&top=www.file-upload.com&tid=888399
IP 54.230.111.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=h295FqzieTD9&top=www.file-upload.com&tid=888399 HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 05:14:12 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 24 Nov 2022 05:15:12 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2nqIMsx0aw2a3-g3QY-QvOmXxDmgrMzF1GCS-_rIcmshlXiFBfn25A==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash 568f4dc2d07f78e66bd00c03ea0f38fc
8dcafc0e51873b106a0711719af752f7c470b633
989fa17b1fc8d0481bf42b0664b54c864009d92b993a5c357f1fd4d03deb3612
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 24 Nov 2022 05:14:12 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-2147465323%3A1669266852652363&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAtZzvZRK0RZqb6IY6_oeNXMRSm9LpBZ-j22hYGY7B1LRPpUI23X7AGx1FNhyKKkuCAM0K96Yw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-7NJk0CD63gfEaSq7ARbUUQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:Qbg9ziSuffMgNiSQpwybCDvCAW6Tow:8mB7JONGte47QAqT;Path=/;Expires=Sat, 23-Nov-2024 05:14:12 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6fe23ae41ec0cbb3d702b1c64028cd13
e0e4d852454a5eae80a797aaa6f0991834dcc19a
47a12f27ec1ec271d17295d822c69d1b49c6a24107f3f7ce06a320688fae7f3c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b6e7c5faf2d24e0d958ab10ee95f6791
16b68ad4b4a2776571697dff8edc9369a3c5c451
1431771f6fd4ad8c028d53a7489acc16b829e32e01d92df5e8c923723024b75a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2943
Cache-Control: max-age=122363
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:12 GMT
Etag: "637e2d20-1d7"
Expires: Fri, 25 Nov 2022 15:13:35 GMT
Last-Modified: Wed, 23 Nov 2022 14:24:32 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1db5a3722f73dd82c0084cfbe2e89f96
5f74860c9abaf4bcc570abc895b37cea7ceafdf7
ab88dd13690a6943086cb8425e8db1461ecf29c827633cda4cab5a7e6011eab7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AB88DD13690A6943086CB8425E8DB1461ECF29C827633CDA4CAB5A7E6011EAB7"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6436
Expires: Thu, 24 Nov 2022 07:01:28 GMT
Date: Thu, 24 Nov 2022 05:14:12 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash ba98650cceb17a47ac0f34de3c3c2574
78e21c7a408c8ef34065defa22dbcb926f562d9b
8a311b1ba0b977b6b27fd02043471f29e6608bbe3c2cabe904b09f5f04510d98
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 05:14:12 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 01:33:16 GMT
Expires: Tue, 29 Nov 2022 01:33:15 GMT
Etag: "78e21c7a408c8ef34065defa22dbcb926f562d9b"
Cache-Control: max-age=418142,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76efa8e59ce8b4f1-OSL
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
37.48.68.71200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 902
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 24 Nov 2022 05:14:12 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: http://www.file-upload.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
pogothere.xyz/
172.64.172.27200 OK 382 B IP 172.64.172.27:0
File type ASCII text, with no line terminators
Hash 69366973d350e40b00f7115b12ea955c
967fd556eb37927709335fd1cc30ed1d91b45d4d
5301b466cc30213154fedeac857ecdca4ab5ed7ef27152f01d41e99ef8d99ac8
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:12 GMT
content-type: text/plain
set-cookie: csu=1107802885627698@1@1669266852; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NH8KJfTMOxnMBCacAbrGsCDtJHAWofsoJ6eR%2Bsew7zxKEmRG0CT8POn6KpmTip4dyBHvxiv750hsAqNNa916E%2FpaIPIzIfkXn29QJ375DjM%2B2SYYt8gZwwvLpNb%2F9Gv0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76efa8e588f88868-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 103 kB IP 172.64.172.27:0
Size 103 kB (102871 bytes)
Hash 30de7cbc608ee9f97da58dc1112cd054
4ff9ea2366de302c87de87c2f7ef1fd9ac558b34
85ed6368142d7f5ce2e16ceab55c3830190070d34b0195471530b185bc19637d
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:12 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Wed, 23 Nov 2022 16:38:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9YEJ5DC4PIwZovgBMSZJHiQmmJxVLx7q%2F5rHlNyoDp8MwFMsIiCjEGo09ZtzDiwJyL7tQUjYjmQX4qxnHZhLmckgQe8lLr6zp8F05KTVF6TN6%2BtuWfFV9Cpb7KmKCme2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76efa8e4c85f8868-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 102 kB IP 172.64.172.27:0
Size 102 kB (102440 bytes)
Hash 5da059b8aac8fa3e7cf0ec11cf50caee
0dc061787bb328edf8c032723b5f2ba1bb448c40
a492f36afe8d70a218ed19f4312d971b40a204a8cf17c607f37fc43405a0a474
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:12 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Wed, 23 Nov 2022 16:38:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V1OodYtV2ERD%2Bbf2ex%2F29ZT2DSSI29%2Bp4NyqgkxTLRq4dQdbQhgfKYvKKy4Ub0LqcuX2ibEiynYMWYjH8TXe%2Fg5U0RD4Jfrd72QLJ0Y41MqIs3JMZwAG5bD2EM6b7w8T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76efa8e4d86e8868-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mantedtonisms.com/floater?cs=a29CclRfVnVEZlNWcUVjXFx3RWA&abt=0&red=1&sm=83&k=download%20eeeeeeeeeu4%20torrent&v=0.8.11.0&sts=0&prn=0&emb=0&tid=888399&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww.file-upload.com%2F1kq2ksn6888e&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_EZz3=1669266852414&crc=1
54.230.111.116200 OK 1.3 kB URL HTTP/2 mantedtonisms.com/floater?cs=a29CclRfVnVEZlNWcUVjXFx3RWA&abt=0&red=1&sm=83&k=download%20eeeeeeeeeu4%20torrent&v=0.8.11.0&sts=0&prn=0&emb=0&tid=888399&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww.file-upload.com%2F1kq2ksn6888e&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_EZz3=1669266852414&crc=1
IP 54.230.111.116:0
File type ASCII text, with very long lines (2014), with no line terminators
Hash 548ea2af741239cc1b1e68a02a10d77b
c47872d6f8987f919c15e4243f3f10214396c2fc
00c4f3f2d7091ab5538d714bae830a5226d4d0e0c31e3941e1f45c2abb428ef1
GET /floater?cs=a29CclRfVnVEZlNWcUVjXFx3RWA&abt=0&red=1&sm=83&k=download%20eeeeeeeeeu4%20torrent&v=0.8.11.0&sts=0&prn=0&emb=0&tid=888399&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww.file-upload.com%2F1kq2ksn6888e&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_EZz3=1669266852414&crc=1 HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1277
date: Thu, 24 Nov 2022 05:14:13 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=e39e3f33-19de-46bb-84e4-59bc3cd32c63
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: a7fOWLyIGpHaGHR4cwbCpkNS9HdgkA9nR0iG15dnBqjwxOohMWS6QQ==
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 116 kB IP 172.64.172.27:0
Size 116 kB (115807 bytes)
Hash cb144fa3bfc84415a536eeb4c9e3742b
8e9ada2c58b1f4a72435dea02745778330f40157
1c84aaa44a71e1de2d108e53fc27ca35a34a1d957be0f3b1d9cf27586937816b
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:12 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Wed, 23 Nov 2022 16:38:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A3oW%2FLBBu4xXYmZ9EOxenWv5Dak9xIq3q%2BQJNt2lajXhq7TgzzmQlgJf704iShXTcrD72SPT2fUOQcj%2Fgn1hookT8M2QAdJ73r4TFFBDR9cKohZb5y2RJtIsEDfcR%2F5s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76efa8e4c8648868-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
oaphoace.net/401/5419445?oo=1&oaid=m6xt537246lq451101162y3a6sxxt762
139.45.197.239200 OK 28 kB URL HTTP/2 oaphoace.net/401/5419445?oo=1&oaid=m6xt537246lq451101162y3a6sxxt762
IP 139.45.197.239:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 044a5f942ddc5c7ccc27652ed575f16d
5f2e4faf85a848a3bc3f44184c8f9d83af40a7d0
12e23c2180eaffe5e526a7ee2766199b9f89796605bc2ce3b895a43627d8931a
Analyzer Verdict Alert quad9 Sinkholed
GET /401/5419445?oo=1&oaid=m6xt537246lq451101162y3a6sxxt762 HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: OAID=9924ae406762465a9d97d60ff6850bad
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 05:14:13 GMT
content-type: application/json
x-trace-id: bc94dd0e95a8acd8794db7afc4ecad9b
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: http://www.file-upload.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=m6xt537246lq451101162y3a6sxxt762; expires=Fri, 24 Nov 2023 05:14:13 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4439
Expires: Thu, 24 Nov 2022 06:28:12 GMT
Date: Thu, 24 Nov 2022 05:14:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4439
Expires: Thu, 24 Nov 2022 06:28:12 GMT
Date: Thu, 24 Nov 2022 05:14:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4439
Expires: Thu, 24 Nov 2022 06:28:12 GMT
Date: Thu, 24 Nov 2022 05:14:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4439
Expires: Thu, 24 Nov 2022 06:28:12 GMT
Date: Thu, 24 Nov 2022 05:14:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4439
Expires: Thu, 24 Nov 2022 06:28:12 GMT
Date: Thu, 24 Nov 2022 05:14:13 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8f6118fc03f31862ff68fef8a2b9a7f
318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73
cdd4d44f05cc524d7f2b1d6d792ecd8a9a933e52ecb7685a7d7ea786a510ef39
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8089
x-amzn-requestid: f3c55266-9b03-4b7f-b076-fdf56704318e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QQyECioAMFzdQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa6b-3e10cef6117a10a4115cfce7;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:35 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ngJvyUydpRDSiYy9kfeh8JmydmR_K8mjfZtGLgT0qeE2JaABbDMSaQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 22:06:51 GMT
age: 25642
etag: "318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4157f2c5c3c77ce699324ecb08f47c7
a7d9135f9d01ba13c3cdaf8b038c70212f159297
2305f7afee95bb34d9e8dbff571c6b146ba7b694be96e9e925c32d1f41785916
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7462
x-amzn-requestid: 1f6fb14d-83e0-43d3-9dab-5bc83af1a7c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwV3HV9oAMFs9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9425-634d43db6308e0be596aa5a0;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GW5UTfY7-TwPWTno9z1e21a2cA9fmU7GfHFYWdL-zQvMLxeq-S9Trg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 22:08:16 GMT
age: 25557
etag: "a7d9135f9d01ba13c3cdaf8b038c70212f159297"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9d93b2a6875d446c3467eb49767eef5
303c571b13b05fcf27ee1159d8fdf6369aaef0a2
2a2345a925e0187979930a7f2de8548957ad9f2baae77364dcb157286e2b3fcf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: 4d94ce1b-d18f-43b8-bb4d-e7093f9bea42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvd2G9UIAMFrEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5f2-64a570135be59b83031811da;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:04:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JygkDI7XSvlgurUTot874ZAXlOIqnv4cntMQ55IvHVqw93JBcksZjQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 07:22:09 GMT
age: 78724
etag: "303c571b13b05fcf27ee1159d8fdf6369aaef0a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16a0ed43-823b-41a5-9073-733ac15040d1.png
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16a0ed43-823b-41a5-9073-733ac15040d1.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f0dfc05d73111c498bb0e844105a02f6
10a988580bb7a1be72be5dd50d2aef9789f36b62
3852f331fe12a0a8e6007409f043da6aabadbb8f2883e87ae72ca8d70d31727f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16a0ed43-823b-41a5-9073-733ac15040d1.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10667
x-amzn-requestid: 985ed1c6-49ed-4851-8a79-f700bbe027c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsGkSIAMFvDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-260dc99256e117e85643b441;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _fs5EfJzWkPQB-Ur7_YVmCHySMj_WXiHUCK8w2nWYvrJSkDaquq37g==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:50:57 GMT
etag: "10a988580bb7a1be72be5dd50d2aef9789f36b62"
content-type: image/jpeg
age: 26596
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
oaphoace.net/401/5419445
139.45.197.239200 OK 45 kB IP 139.45.197.239:0
Hash 20d21a71a22ce4590d96c1914d998375
1c2d4844bde928802435774f161d35c635d66393
74904545ffaa04a5e1a9e4099cc2c32de9a2e1cee4bde6130f9a31189992f8b5
Analyzer Verdict Alert quad9 Sinkholed
GET /401/5419445 HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 05:14:12 GMT
content-type: application/javascript
x-trace-id: 94fc7d6309d0f10f11d60fd8ac84e36d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=9924ae406762465a9d97d60ff6850bad; expires=Fri, 24 Nov 2023 05:14:12 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe021fc4e-f76c-4fe9-9470-b59452c93459.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe021fc4e-f76c-4fe9-9470-b59452c93459.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eb94ecb5881a7e49d964e4287d11e7a4
4b131a189db1b615e2519a28cad83d78297ab67f
f3693e29eb7b72361093434142e3f18969c1a0b02350fab430fa29c7c127bd1a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe021fc4e-f76c-4fe9-9470-b59452c93459.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11401
x-amzn-requestid: 3bc374eb-7d70-4b95-94a7-2ad06cae4726
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCtHcmoAMFxgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-333793987245ff9e741b9aed;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: K4A6bdVv0gauO3YWTEPWMS6fhuB9CZ6o5dUL-O6G5-NzqOGQRzQLUw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:49:04 GMT
age: 26709
etag: "4b131a189db1b615e2519a28cad83d78297ab67f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash d9fc305a152b948877a19e64f07e9904
0a6f467107ca0284e5d9c7a89e2431b3709b41ae
b0ffff086e960ab6a18ec015d70ccb6d1259aee22ceadda17ad465e1253756aa
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 05:14:13 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 21 Nov 2022 06:25:22 GMT
Expires: Mon, 28 Nov 2022 06:25:21 GMT
Etag: "0a6f467107ca0284e5d9c7a89e2431b3709b41ae"
Cache-Control: max-age=349267,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76efa8ecd93ab4f1-OSL
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 07a8df6a206fce1fb047df6bae24f050
c9d3972c60523f3dc226a7c8a664320ac54c6eef
ffbe488b001cc46036d3e3b2231d7268d1c7eb2b6a3c9ff12f485defce1efa06
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 05:14:13 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://www.file-upload.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=4697d1ab62e24b658588cd39d8b7e922; expires=Fri, 24 Nov 2023 05:14:13 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
oaphoace.net/500/5419445?excludes=&oaid=4697d1ab62e24b658588cd39d8b7e922&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2F1kq2ksn6888e&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 0 B URL HTTP/2 oaphoace.net/500/5419445?excludes=&oaid=4697d1ab62e24b658588cd39d8b7e922&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2F1kq2ksn6888e&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5419445?excludes=&oaid=4697d1ab62e24b658588cd39d8b7e922&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2F1kq2ksn6888e&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 05:14:14 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: http://www.file-upload.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f1f65a115e5fe6146505214eb96659bb
392a69690b07bec2f4d7811f32da1d4afef80d90
52c24df5cdb0278517dea596948487b8134372ef5fa0bad97d7b56883070fc56
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2250
Cache-Control: max-age=160211
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:14 GMT
Etag: "637ec3af-117"
Expires: Sat, 26 Nov 2022 01:44:25 GMT
Last-Modified: Thu, 24 Nov 2022 01:06:55 GMT
Server: ECS (amb/6B74)
X-Cache: HIT
Content-Length: 279
oaphoace.net/500/5419445?excludes=&oaid=4697d1ab62e24b658588cd39d8b7e922&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2F1kq2ksn6888e&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 15 kB URL HTTP/2 oaphoace.net/500/5419445?excludes=&oaid=4697d1ab62e24b658588cd39d8b7e922&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2F1kq2ksn6888e&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash 402a26ed947b7f2f1b2775d6c5e426c3
a27c22a0d3b0c1b1ba1448070eb29ebabedcebb8
22e35d32cc79f36f0667a07ab7fb2b49cbe7c2d0e100e81dc57e4e583a6193e7
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5419445?excludes=&oaid=4697d1ab62e24b658588cd39d8b7e922&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2F1kq2ksn6888e&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: OAID=m6xt537246lq451101162y3a6sxxt762
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 05:14:14 GMT
content-type: application/javascript
x-trace-id: ca638e3314e1247f524f7baac9acf2ef
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: http://www.file-upload.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=4697d1ab62e24b658588cd39d8b7e922; expires=Fri, 24 Nov 2023 05:14:14 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
www.google-analytics.com/ga.js
142.250.74.174200 OK 17 kB URL HTTP/1.1 www.google-analytics.com/ga.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1305)
Hash 01d5892e6e243b52998310c2925b9f3a
58180151b6a6ee4af73583a214b68efb9e8844d4
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
GET /ga.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Thu, 24 Nov 2022 05:05:57 GMT
Expires: Thu, 24 Nov 2022 07:05:57 GMT
Cache-Control: public, max-age=7200
Age: 497
Last-Modified: Tue, 27 Sep 2022 22:01:05 GMT
Content-Type: text/javascript
connect.facebook.net/en_US/sdk.js
157.240.200.14200 OK 1.7 kB URL HTTP/1.1 connect.facebook.net/en_US/sdk.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (1957)
Hash eef659a9e028e88f3198bc4c3143a019
467b40acb05b26bddfb56f22324cc1f4dea81e1e
dcf6d205503e90e4fd37acadf337001b493e064ede065a48725066e81ba8fb65
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: 8b09bef51c0cfa15bee99b5ee0f9bfa7
ETag: "bd0196942ebbfa89950a22e30ca78527"
Content-Type: application/x-javascript; charset=utf-8
timing-allow-origin: *
Access-Control-Allow-Origin: *
cross-origin-resource-policy: cross-origin
Expires: Thu, 24 Nov 2022 05:18:39 GMT
Cache-Control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
X-Content-Type-Options: nosniff
x-fb-rlafr: 0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
Content-MD5: 7vZZqeAo6I8xmLxMMUOgGQ==
X-FB-Debug: /wu4X+xDNZw/z2r7Ju9NiklV7Yh3n4p8DPSEQjt8VqNdReeIjofCmHNDZiSvjKcLmRUpMUsV4tz+58cASUb87w==
X-FB-TRIP-ID: 1679558926
Date: Thu, 24 Nov 2022 05:14:14 GMT
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 1687
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 66a337cb4b0b1ba44f832419ff1f3f32
3aaecb69b499cb7a8d9fa25096606f5758d30b3f
43b528a9e00806e92df83bca2af02288453837cf056a41efa646ae26f5881af7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "43B528A9E00806E92DF83BCA2AF02288453837CF056A41EFA646AE26F5881AF7"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2684
Expires: Thu, 24 Nov 2022 05:58:58 GMT
Date: Thu, 24 Nov 2022 05:14:14 GMT
Connection: keep-alive
www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=646593031&utmhn=www.file-upload.com&utmcs=UTF-8&utmsr=1280x1024&utmvp=1268x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20EEEEEEEEEu4%20torrent&utmhid=224174867&utmr=-&utmp=%2F1kq2ksn6888e&utmht=1669266854102&utmac=UA-42931250-7&utmcc=__utma%3D184767038.137823207.1669266854.1669266854.1669266854.1%3B%2B__utmz%3D184767038.1669266854.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1043772074&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
142.250.74.174302 Found 369 B URL HTTP/1.1 www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=646593031&utmhn=www.file-upload.com&utmcs=UTF-8&utmsr=1280x1024&utmvp=1268x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20EEEEEEEEEu4%20torrent&utmhid=224174867&utmr=-&utmp=%2F1kq2ksn6888e&utmht=1669266854102&utmac=UA-42931250-7&utmcc=__utma%3D184767038.137823207.1669266854.1669266854.1669266854.1%3B%2B__utmz%3D184767038.1669266854.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1043772074&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
IP 142.250.74.174:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 53736062f531dca0349d3ec64adaa8bd
54d06bb449fb844dcaef86b08f20051478c2c406
e187294d2846a353861dae2cfb2366c500ffdf4b0b064868e30a145b824b4d30
GET /r/__utm.gif?utmwv=5.7.2&utms=1&utmn=646593031&utmhn=www.file-upload.com&utmcs=UTF-8&utmsr=1280x1024&utmvp=1268x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20EEEEEEEEEu4%20torrent&utmhid=224174867&utmr=-&utmp=%2F1kq2ksn6888e&utmht=1669266854102&utmac=UA-42931250-7&utmcc=__utma%3D184767038.137823207.1669266854.1669266854.1669266854.1%3B%2B__utmz%3D184767038.1669266854.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1043772074&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 302 Found
Location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-42931250-7&cid=137823207.1669266854&jid=1043772074&_v=5.7.2&z=646593031
Access-Control-Allow-Origin: *
Date: Thu, 24 Nov 2022 05:14:14 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
Server: Golfe2
Content-Length: 369
xml.serve-servee.com/thumbnail?i=iVo-361ESm0_1&imgt=icon
172.64.110.7302 Found 0 B URL HTTP/2 xml.serve-servee.com/thumbnail?i=iVo-361ESm0_1&imgt=icon
IP 172.64.110.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=iVo-361ESm0_1&imgt=icon HTTP/1.1
Host: xml.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Thu, 24 Nov 2022 05:14:14 GMT
content-length: 0
location: https://static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pSBWpCeFBuQrF3WgU%2FzGd2SA2LumUqPs%2Fna1kcyK4TEMalTcyhq0p2XpiS0hZVCVw7%2FtjWqLKLcZMPQ3ivDGwH1HqL3XQUFfwIrUZF8OvwAkmNFq1g6EMf%2BZqGP2Wxu8zzNnCvqA8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76efa8f069d07723-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f86429279e19a89ba7fae87ba2406b4e
abfa5369a7feb4dfebf13f5eb902c3e860976238
76d03c181e150e7e3a61bfa8489231999fb562f6cb0b382c456b9a37da1106a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/sdk.js?hash=788fe172b7ab44e8742278a1b73a330e
157.240.200.14200 OK 88 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=788fe172b7ab44e8742278a1b73a330e
IP 157.240.200.14:0
File type ASCII text, with very long lines (18530)
Hash 75563ea53813fd94697fc2b287caa791
244dcd9b86c76546ef65f702ca256b13e5bc17e0
3793e950ea9617e13f7779c42a8062663dfa5655fc4c92e05879521de9a69493
GET /en_US/sdk.js?hash=788fe172b7ab44e8742278a1b73a330e HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 03d74fe9d1c562081e2fce56addd9d6f
etag: "e5a4beb519c70c734109e7b0c2d5c9e5"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 24 Nov 2023 03:12:57 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: dVY+pTgT/ZRpf8Kyh8qnkQ==
x-fb-debug: BuLtCs24aO1z5lWe+S5lVBx+ML4sXQmNBwWHnkkteDyjb1PQ3E87ki+jDQJspYMp7Q0U4noDnIUsGPT5KUeC1g==
priority: u=3,i
content-length: 88360
x-fb-trip-id: 1679558926
date: Thu, 24 Nov 2022 05:14:14 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
172.64.110.7200 OK 1.1 kB URL HTTP/2 static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
IP 172.64.110.7:0
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash 4fa2beaeca8f598401f3ec6300cb860b
45634806ea1fa936c0e600b8b22f835600529b36
ef897a0bab353d84bf69ae3570347dea36236575a7b1bbd5992b8f256f856577
GET /n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png HTTP/1.1
Host: static.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:14 GMT
content-type: image/png
content-length: 1112
last-modified: Fri, 24 Apr 2020 13:59:43 GMT
accept-ranges: bytes
etag: "5ea2f0cf-458"
cache-control: max-age=86400
x-hw: 1669266854.cds045.lo4.h2,1669266854.cds216.lo4.c
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=udj7J9uLA1r24rfiCaVTSm%2FU3a1W0RTToyKadXuiSf%2Boj1kQaT1gfvzjCvYYxe5rxf9FvmENuasOa4QLWSKOxXIWqQoFcq8lhgfn84tfrqnF3rb0xonXZXMFYwPBzApwBtxK7jOl2cjWWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76efa8f15a907723-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-42931250-7&cid=137823207.1669266854&jid=1043772074&_v=5.7.2&z=646593031
142.251.1.155302 Found 367 B URL HTTP/2 stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-42931250-7&cid=137823207.1669266854&jid=1043772074&_v=5.7.2&z=646593031
IP 142.251.1.155:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash b20d59cee463a95195c8cc8e08c30575
ead8b7577db2b5c8dfd9f5817975d52399093390
2feb00cb7f298118227eb81797fcb222c84a7136ead3433881132616976e6887
GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-42931250-7&cid=137823207.1669266854&jid=1043772074&_v=5.7.2&z=646593031 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=137823207.1669266854&jid=1043772074&_v=5.7.2&z=646593031
access-control-allow-origin: *
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 24 Nov 2022 05:14:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: Golfe2
content-length: 367
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 66a337cb4b0b1ba44f832419ff1f3f32
3aaecb69b499cb7a8d9fa25096606f5758d30b3f
43b528a9e00806e92df83bca2af02288453837cf056a41efa646ae26f5881af7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "43B528A9E00806E92DF83BCA2AF02288453837CF056A41EFA646AE26F5881AF7"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2684
Expires: Thu, 24 Nov 2022 05:58:58 GMT
Date: Thu, 24 Nov 2022 05:14:14 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f86429279e19a89ba7fae87ba2406b4e
abfa5369a7feb4dfebf13f5eb902c3e860976238
76d03c181e150e7e3a61bfa8489231999fb562f6cb0b382c456b9a37da1106a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f7801fe8b983652ae788bc952856c2ed
f3898da21792b146a9f856e87ed3520d76277fb8
faa1bc8a9887e2dc694ff645546ea16cb96ac4bd1b0c460aef95f2cced100d6b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=137823207.1669266854&jid=1043772074&_v=5.7.2&z=646593031
142.250.74.164302 Found 0 B URL HTTP/2 www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=137823207.1669266854&jid=1043772074&_v=5.7.2&z=646593031
IP 142.250.74.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=137823207.1669266854&jid=1043772074&_v=5.7.2&z=646593031 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 24 Nov 2022 05:14:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=137823207.1669266854&jid=1043772074&_v=5.7.2&z=646593031&slf_rd=1&random=2050868105
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b6a795cdfedb5c954b3000dbb2dc7f90
b17bb97d224d89bc8227cddf5a8386e100751cda
78c411d16c1be2d8da51fc409cb45ec2aca8d32b77ab4d1a1a1fe5d1a33552e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=137823207.1669266854&jid=1043772074&_v=5.7.2&z=646593031&slf_rd=1&random=2050868105
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=137823207.1669266854&jid=1043772074&_v=5.7.2&z=646593031&slf_rd=1&random=2050868105
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=137823207.1669266854&jid=1043772074&_v=5.7.2&z=646593031&slf_rd=1&random=2050868105 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 24 Nov 2022 05:14:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b6a795cdfedb5c954b3000dbb2dc7f90
b17bb97d224d89bc8227cddf5a8386e100751cda
78c411d16c1be2d8da51fc409cb45ec2aca8d32b77ab4d1a1a1fe5d1a33552e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
my.rtmark.net/gid.js?userId=m6xt537246lq451101162y3a6sxxt762
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=m6xt537246lq451101162y3a6sxxt762
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 07a8df6a206fce1fb047df6bae24f050
c9d3972c60523f3dc226a7c8a664320ac54c6eef
ffbe488b001cc46036d3e3b2231d7268d1c7eb2b6a3c9ff12f485defce1efa06
GET /gid.js?userId=m6xt537246lq451101162y3a6sxxt762 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: ID=4697d1ab62e24b658588cd39d8b7e922
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 05:14:15 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://www.file-upload.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=4697d1ab62e24b658588cd39d8b7e922; expires=Fri, 24 Nov 2023 05:14:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
oaphoace.net/impression/pDsQmHANQq4IR8hyQFOysuVUZI4o2GbxgUnJbMfIJA1jOzuPhHfFd1aAmQWz8gOzWq4KLSWU6i-oqKfk7nAGmLU6x4ksbDiiiIQXpHHuiugTTh3-xglHtUloBwDgQ9SANuGjm_FcyTSu27CyY7sTlI2o6kYaC7QvmijIDbOpZhVSRFexjknIeZzizSNkj2bKKZZj-80B88VAd39Ev5iVMMOl2MX2lOt22oG92t6m9h8K2-WqkeviwXpS98KC5mQKxwml7bsdAjuZMWsTBx9W0Iy_yYWbfggNxijO4PrbOMSBlS3qVzzpEyeY-YS32Kau0qAJNPJgcFtYDGOxDhGdNVK8zfnKgSFQQe9cB1a2dCS_zuaufWa58w0BgBJO7ljnOH9D5aiG9vt9nkD20zBJtsgAe7DUisACqGgOPvlZHeSFzAjjQz_agAKezv0NlNo51hhCvsolCWb7QLDQbswmC4x6BIAhDl_30_gF7TftLGChcRSA6dIKMiEUj8wn7gYEJz-3hf98aygL0mKbLrZDZCaJl95ScThfSrQiK5-e6EyvMtOBiOsteStsIZd1cRl9IWGKiPgyEk_kExQLGYGkBmSg8KtHeT2oCeyF5g==?_z=5419445&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fwww.file-upload.com%2F1kq2ksn6888e&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 43 B URL HTTP/2 oaphoace.net/impression/pDsQmHANQq4IR8hyQFOysuVUZI4o2GbxgUnJbMfIJA1jOzuPhHfFd1aAmQWz8gOzWq4KLSWU6i-oqKfk7nAGmLU6x4ksbDiiiIQXpHHuiugTTh3-xglHtUloBwDgQ9SANuGjm_FcyTSu27CyY7sTlI2o6kYaC7QvmijIDbOpZhVSRFexjknIeZzizSNkj2bKKZZj-80B88VAd39Ev5iVMMOl2MX2lOt22oG92t6m9h8K2-WqkeviwXpS98KC5mQKxwml7bsdAjuZMWsTBx9W0Iy_yYWbfggNxijO4PrbOMSBlS3qVzzpEyeY-YS32Kau0qAJNPJgcFtYDGOxDhGdNVK8zfnKgSFQQe9cB1a2dCS_zuaufWa58w0BgBJO7ljnOH9D5aiG9vt9nkD20zBJtsgAe7DUisACqGgOPvlZHeSFzAjjQz_agAKezv0NlNo51hhCvsolCWb7QLDQbswmC4x6BIAhDl_30_gF7TftLGChcRSA6dIKMiEUj8wn7gYEJz-3hf98aygL0mKbLrZDZCaJl95ScThfSrQiK5-e6EyvMtOBiOsteStsIZd1cRl9IWGKiPgyEk_kExQLGYGkBmSg8KtHeT2oCeyF5g==?_z=5419445&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fwww.file-upload.com%2F1kq2ksn6888e&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/pDsQmHANQq4IR8hyQFOysuVUZI4o2GbxgUnJbMfIJA1jOzuPhHfFd1aAmQWz8gOzWq4KLSWU6i-oqKfk7nAGmLU6x4ksbDiiiIQXpHHuiugTTh3-xglHtUloBwDgQ9SANuGjm_FcyTSu27CyY7sTlI2o6kYaC7QvmijIDbOpZhVSRFexjknIeZzizSNkj2bKKZZj-80B88VAd39Ev5iVMMOl2MX2lOt22oG92t6m9h8K2-WqkeviwXpS98KC5mQKxwml7bsdAjuZMWsTBx9W0Iy_yYWbfggNxijO4PrbOMSBlS3qVzzpEyeY-YS32Kau0qAJNPJgcFtYDGOxDhGdNVK8zfnKgSFQQe9cB1a2dCS_zuaufWa58w0BgBJO7ljnOH9D5aiG9vt9nkD20zBJtsgAe7DUisACqGgOPvlZHeSFzAjjQz_agAKezv0NlNo51hhCvsolCWb7QLDQbswmC4x6BIAhDl_30_gF7TftLGChcRSA6dIKMiEUj8wn7gYEJz-3hf98aygL0mKbLrZDZCaJl95ScThfSrQiK5-e6EyvMtOBiOsteStsIZd1cRl9IWGKiPgyEk_kExQLGYGkBmSg8KtHeT2oCeyF5g==?_z=5419445&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fwww.file-upload.com%2F1kq2ksn6888e&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: OAID=4697d1ab62e24b658588cd39d8b7e922
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 05:14:15 GMT
content-type: image/gif
content-length: 43
x-trace-id: c97a8ad757651427a09eb47f94fc2899
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
142.250.74.10200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP 142.250.74.10:0
Hash 0caa52e73da518b2e87831da7f923a53
d555f259336f6783376e8de30c1dba4db0399e1b
48e3f08c0bdc25e5807851fcae8a21403d5ef844b05512dd30fe6c644656ca96
GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 24 Nov 2022 05:14:16 GMT
date: Thu, 24 Nov 2022 05:14:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:53:49 GMT
expires: Thu, 23 Nov 2023 18:53:49 GMT
cache-control: public, max-age=31536000
age: 37227
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:08 GMT
expires: Thu, 23 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 34808
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 05:14:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3dc1cfee826399a4a3842803e5f17055
c227398e206b222d2aba5a2eb13a2aba78562139
224f55aab5c18620bd50a6a2fd0b996a29cae883dd75cb1c5bd480d10510212f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "224F55AAB5C18620BD50A6A2FD0B996A29CAE883DD75CB1C5BD480D10510212F"
Last-Modified: Tue, 22 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10176
Expires: Thu, 24 Nov 2022 08:03:53 GMT
Date: Thu, 24 Nov 2022 05:14:17 GMT
Connection: keep-alive
lightssyrupdecree.com/sbar.json?key=38f00a36b3d7705a00e14d2d7baaa601&uuid=6e433456-d823-4949-b391-1e09a277a402%3A2%3A1
173.233.139.164200 OK 3.6 kB URL HTTP/1.1 lightssyrupdecree.com/sbar.json?key=38f00a36b3d7705a00e14d2d7baaa601&uuid=6e433456-d823-4949-b391-1e09a277a402%3A2%3A1
IP 173.233.139.164:0
File type JSON data\012- , ASCII text, with very long lines (6222), with no line terminators
Hash 947492c3579be83610f22be1fc8f96e5
d92933b66e59403d25901bf498608aa40fab139d
61c2abc6aa62d900025ddfec233c4971e11e0be28513b52ea99b1046c3531944
GET /sbar.json?key=38f00a36b3d7705a00e14d2d7baaa601&uuid=6e433456-d823-4949-b391-1e09a277a402%3A2%3A1 HTTP/1.1
Host: lightssyrupdecree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 24 Nov 2022 05:14:18 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://www.file-upload.com
Access-Control-Allow-Origin: http://www.file-upload.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16537667; expires=Fri, 25 Nov 2022 05:14:18 GMT; secure; SameSite=None
uid_id2=6e433456-d823-4949-b391-1e09a277a402:2:1; expires=Thu, 01 Dec 2022 05:14:18 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 25 Nov 2022 05:14:18 GMT; secure; SameSite=None
uncs=1; expires=Fri, 25 Nov 2022 05:14:18 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 25 Nov 2022 05:14:18 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 25 Nov 2022 05:14:18 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0fbf5d5f05476c17dd836b4366ea9f01
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ee351efa307041ba0081a0dcb5c04b60
ce855fa3b56ee6b55438cbe3bd44f52753dc90f2
1e909796a7ff60ebf333f3c36e7e80a09cbcc88292b397754484a0af3676651a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1E909796A7FF60EBF333F3C36E7E80A09CBCC88292B397754484A0AF3676651A"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7236
Expires: Thu, 24 Nov 2022 07:14:54 GMT
Date: Thu, 24 Nov 2022 05:14:18 GMT
Connection: keep-alive
lightssyrupdecree.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3h8XPbl48aAM4kHBTKqne360e1jcX7K4JmF3NeLJ6q7qSTnVXU1V9%2FQkiAQXZC%2FC7EmPnTfJBtdF3T9AkIkXCQgZQcnBiBfxLuxJQWYyMPod%2Bvtev%2B%2Fw3vvqk53ihFAU7HjtLb0llWLLzTqtvbwuU65LW1u5U3NpnV6srcu05V%2BsDaYf03%2FNpc06faX2hoh6erlBXUpd6tauSyNiPViesZDZo8CtB7TuN%2Bpu08fA%2FB%2FbwoFlDnj%2FhFyA5JPzGz88hozGSJNvrgrby3X26rWkUCzXBn2%2B%2F3baS3WZIlmMsXEQp%2FvzbWg7IeTzM9Dp%2FtwBdH936gChnBDnFxdhuj%2BXibC%2Fd6o0VBApQv40yv4YQo0h2RiRvgvJjwgQcaysIk0erGhTss1Tlk3ZCTn35C%2FIckLO%2Ffos0uSry0oOare1KnKpU4tBXEEOxpDdMbLiAPmWA1keIMo%2FhuQ%2FkuUnN5Emu6tWaUh%2B%2FFJL%2BJ7nN1tLvNPwlvzAD5ZCL3CXXEED1mi3mU8bs4ikHEPGYygxBLNnUFgHhXRQxA6KzEHCj2usGcSUtuMw9ryOH0WR50VRs9PiTe75nZiiiKYehsizISI1RGS2kZlt9OT9o%2BYFmOI72I0KljuwOUGfVygFQWkJSkZQSoIyJyj71R5XtmGrB1zZInTnvTHvXjXSeXeH7em8K1Kyk52QZ2bZ%2Ff3uFfTEcc3rxJQyrxV6vN2mTUapcH3e4O2QMdaiLqysIO0ZMOtga3rIn99HNu3XfkfIDmDVASL5IljxPFg5ajco2MbI71BspV%2FHUomlIlOa8XqkE3BdIcvPId90dtQJeW4mJfjjPER0eOmzT1d%2Fu8jfQ2QqZKbCB%2FJ7gq66N7qlS7J7S5eWPF7NcpnILTY98e2c5eLswzfFZqkNv3HVDr94PZoS0%2FHRHWHzmyzlMu1a8uVlybkw17WJBPn2hl0X4VphNy4XJi2ym2tXrt9IMiOslTodg8mjdz5EJCfkKdObPd4X%2FrwGacYwRYWkOCTzgtRjRNk2bLZQbzWBUYudMHNQFtXINMLFTyUJlFhgFlaw%2F8HhYt6x99A1Dlh%2BF2lSoW8q9FUFpoawxdlRnpnDSz95s0KonFGojLMbKqPun0Zr5XFNNGMaC9oQYRyEcZtRHsR%2BELLAFe2wyVzkdhJ99M%2FDfwEAAP%2F%2FAQAA%2F%2F%2B77Fj7lAQAAA%3D%3D
173.233.139.164200 OK 7 B URL HTTP/1.1 lightssyrupdecree.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3h8XPbl48aAM4kHBTKqne360e1jcX7K4JmF3NeLJ6q7qSTnVXU1V9%2FQkiAQXZC%2FC7EmPnTfJBtdF3T9AkIkXCQgZQcnBiBfxLuxJQWYyMPod%2Bvtev%2B%2Fw3vvqk53ihFAU7HjtLb0llWLLzTqtvbwuU65LW1u5U3NpnV6srcu05V%2BsDaYf03%2FNpc06faX2hoh6erlBXUpd6tauSyNiPViesZDZo8CtB7TuN%2Bpu08fA%2FB%2FbwoFlDnj%2FhFyA5JPzGz88hozGSJNvrgrby3X26rWkUCzXBn2%2B%2F3baS3WZIlmMsXEQp%2FvzbWg7IeTzM9Dp%2FtwBdH936gChnBDnFxdhuj%2BXibC%2Fd6o0VBApQv40yv4YQo0h2RiRvgvJjwgQcaysIk0erGhTss1Tlk3ZCTn35C%2FIckLO%2Ffos0uSry0oOare1KnKpU4tBXEEOxpDdMbLiAPmWA1keIMo%2FhuQ%2FkuUnN5Emu6tWaUh%2B%2FFJL%2BJ7nN1tLvNPwlvzAD5ZCL3CXXEED1mi3mU8bs4ikHEPGYygxBLNnUFgHhXRQxA6KzEHCj2usGcSUtuMw9ryOH0WR50VRs9PiTe75nZiiiKYehsizISI1RGS2kZlt9OT9o%2BYFmOI72I0KljuwOUGfVygFQWkJSkZQSoIyJyj71R5XtmGrB1zZInTnvTHvXjXSeXeH7em8K1Kyk52QZ2bZ%2Ff3uFfTEcc3rxJQyrxV6vN2mTUapcH3e4O2QMdaiLqysIO0ZMOtga3rIn99HNu3XfkfIDmDVASL5IljxPFg5ajco2MbI71BspV%2FHUomlIlOa8XqkE3BdIcvPId90dtQJeW4mJfjjPER0eOmzT1d%2Fu8jfQ2QqZKbCB%2FJ7gq66N7qlS7J7S5eWPF7NcpnILTY98e2c5eLswzfFZqkNv3HVDr94PZoS0%2FHRHWHzmyzlMu1a8uVlybkw17WJBPn2hl0X4VphNy4XJi2ym2tXrt9IMiOslTodg8mjdz5EJCfkKdObPd4X%2FrwGacYwRYWkOCTzgtRjRNk2bLZQbzWBUYudMHNQFtXINMLFTyUJlFhgFlaw%2F8HhYt6x99A1Dlh%2BF2lSoW8q9FUFpoawxdlRnpnDSz95s0KonFGojLMbKqPun0Zr5XFNNGMaC9oQYRyEcZtRHsR%2BELLAFe2wyVzkdhJ99M%2FDfwEAAP%2F%2FAQAA%2F%2F%2B77Fj7lAQAAA%3D%3D
IP 173.233.139.164:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3h8XPbl48aAM4kHBTKqne360e1jcX7K4JmF3NeLJ6q7qSTnVXU1V9%2FQkiAQXZC%2FC7EmPnTfJBtdF3T9AkIkXCQgZQcnBiBfxLuxJQWYyMPod%2Bvtev%2B%2Fw3vvqk53ihFAU7HjtLb0llWLLzTqtvbwuU65LW1u5U3NpnV6srcu05V%2BsDaYf03%2FNpc06faX2hoh6erlBXUpd6tauSyNiPViesZDZo8CtB7TuN%2Bpu08fA%2FB%2FbwoFlDnj%2FhFyA5JPzGz88hozGSJNvrgrby3X26rWkUCzXBn2%2B%2F3baS3WZIlmMsXEQp%2FvzbWg7IeTzM9Dp%2FtwBdH936gChnBDnFxdhuj%2BXibC%2Fd6o0VBApQv40yv4YQo0h2RiRvgvJjwgQcaysIk0erGhTss1Tlk3ZCTn35C%2FIckLO%2Ffos0uSry0oOare1KnKpU4tBXEEOxpDdMbLiAPmWA1keIMo%2FhuQ%2FkuUnN5Emu6tWaUh%2B%2FFJL%2BJ7nN1tLvNPwlvzAD5ZCL3CXXEED1mi3mU8bs4ikHEPGYygxBLNnUFgHhXRQxA6KzEHCj2usGcSUtuMw9ryOH0WR50VRs9PiTe75nZiiiKYehsizISI1RGS2kZlt9OT9o%2BYFmOI72I0KljuwOUGfVygFQWkJSkZQSoIyJyj71R5XtmGrB1zZInTnvTHvXjXSeXeH7em8K1Kyk52QZ2bZ%2Ff3uFfTEcc3rxJQyrxV6vN2mTUapcH3e4O2QMdaiLqysIO0ZMOtga3rIn99HNu3XfkfIDmDVASL5IljxPFg5ajco2MbI71BspV%2FHUomlIlOa8XqkE3BdIcvPId90dtQJeW4mJfjjPER0eOmzT1d%2Fu8jfQ2QqZKbCB%2FJ7gq66N7qlS7J7S5eWPF7NcpnILTY98e2c5eLswzfFZqkNv3HVDr94PZoS0%2FHRHWHzmyzlMu1a8uVlybkw17WJBPn2hl0X4VphNy4XJi2ym2tXrt9IMiOslTodg8mjdz5EJCfkKdObPd4X%2FrwGacYwRYWkOCTzgtRjRNk2bLZQbzWBUYudMHNQFtXINMLFTyUJlFhgFlaw%2F8HhYt6x99A1Dlh%2BF2lSoW8q9FUFpoawxdlRnpnDSz95s0KonFGojLMbKqPun0Zr5XFNNGMaC9oQYRyEcZtRHsR%2BELLAFe2wyVzkdhJ99M%2FDfwEAAP%2F%2FAQAA%2F%2F%2B77Fj7lAQAAA%3D%3D HTTP/1.1
Host: lightssyrupdecree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: u_pl=16537667; uid_id2=6e433456-d823-4949-b391-1e09a277a402:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 24 Nov 2022 05:14:18 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 878fc67c04ddf3adcd333444af877d67
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 69036b01998fdb61310f2a30f4dfd2c3
af2ad3a4adc09b6f39e50337ec056bad1bc5d420
8d5426591968503b695aba5b1505000b83b96a12e781dc6bb445b240e9b51f5b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8D5426591968503B695ABA5B1505000B83B96A12E781DC6BB445B240E9B51F5B"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6984
Expires: Thu, 24 Nov 2022 07:10:42 GMT
Date: Thu, 24 Nov 2022 05:14:18 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 69036b01998fdb61310f2a30f4dfd2c3
af2ad3a4adc09b6f39e50337ec056bad1bc5d420
8d5426591968503b695aba5b1505000b83b96a12e781dc6bb445b240e9b51f5b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8D5426591968503B695ABA5B1505000B83B96A12E781DC6BB445B240E9B51F5B"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6984
Expires: Thu, 24 Nov 2022 07:10:42 GMT
Date: Thu, 24 Nov 2022 05:14:18 GMT
Connection: keep-alive
lightssyrupdecree.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2F79%2Fb6%2F2979b6cd81afad6251e222515b2d8311%2F1663145782.html&l=1775&fd=93
173.233.139.164200 OK 0 B URL HTTP/1.1 lightssyrupdecree.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2F79%2Fb6%2F2979b6cd81afad6251e222515b2d8311%2F1663145782.html&l=1775&fd=93
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2F79%2Fb6%2F2979b6cd81afad6251e222515b2d8311%2F1663145782.html&l=1775&fd=93 HTTP/1.1
Host: lightssyrupdecree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 24 Nov 2022 05:14:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/close.png
172.64.109.13200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/close.png
IP 172.64.109.13:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/ssp/notifications/text_bubble/2/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:18 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 12 Jul 2022 10:56:24 GMT
etag: "62cd5358-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 746546
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cnfFgTiga28GZTtWmA1mI13Jxvw0JaCIayu16NDbbVbfeU%2FmNBzsKWp5o3t5WmwTdQKCSvE1%2BA9YJkhMi6HD6WznRzlz%2FoWR6FgKaSW1194gRVbb6GuFQ1g3gpywTtl49ATiC%2FxW135Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76efa909ad267300-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/arrow.png
172.64.109.13200 OK 2.3 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/arrow.png
IP 172.64.109.13:0
File type PNG image data, 52 x 81, 8-bit/color RGBA, non-interlaced\012- data
Hash 41109abf05740798aa2e66a3e938c8de
706e93332bf4819e9f4059765340cf97981bd1fe
2fbf669490df5b04badb9886ca664dbd9a0d66e0ecdc951b822feb6089fac0ea
GET /sb/ssp/notifications/text_bubble/2/img/arrow.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:18 GMT
content-type: image/png
content-length: 2332
last-modified: Tue, 12 Jul 2022 10:56:23 GMT
etag: "62cd5357-91c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 746546
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oFFle3YOuQC1wYQIvIpgs1jwoXYYv9cWOD2W0mG7JoawIxgBPWXHN0LBrK60HAP4uUzODTPCIbwtVPVW6vBoLdLErrstSMV%2BiqUqk6%2B3RBnhWC6%2BGDUthYwYQr%2BlFAcNBWc7%2FxQlzq2R"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76efa909ad297300-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/number.png
172.64.109.13200 OK 1.1 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/number.png
IP 172.64.109.13:0
File type PNG image data, 43 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e4414e85c588bf7db195e49c02ab2bb
09254e79b255f1b2dfe45adbbe44583a4b433782
0b977ec6e7cf5d35df03cd3a8041f5f523f5d4059ac67c152c0a7b613e20b762
GET /sb/ssp/notifications/text_bubble/2/img/number.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:18 GMT
content-type: image/png
content-length: 1138
last-modified: Tue, 12 Jul 2022 10:56:23 GMT
etag: "62cd5357-472"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 746546
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hDMYw6USh6buOpMywrZV9BEebW3hlpAJ1tQQS7iMDpstihsss3NcNCIBJFUCYkc19MbmUXM7Hgok4dUVxaoRYTU8RR8mUdCD9Y1ro0P9RuBO2Kl4dhX9QKh04uwsq9jNo8oHhtSP5VgM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76efa909ad2a7300-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.10200 OK 660 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.10:0
Hash 55130bf120bd75a4bba7d678be617cdf
77b172c0cc1d15e60ab95edccf3ac1e640d16812
262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Thu, 24 Nov 2022 05:14:18 GMT
Date: Thu, 24 Nov 2022 05:14:18 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 69036b01998fdb61310f2a30f4dfd2c3
af2ad3a4adc09b6f39e50337ec056bad1bc5d420
8d5426591968503b695aba5b1505000b83b96a12e781dc6bb445b240e9b51f5b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8D5426591968503B695ABA5B1505000B83B96A12E781DC6BB445B240E9B51F5B"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6984
Expires: Thu, 24 Nov 2022 07:10:42 GMT
Date: Thu, 24 Nov 2022 05:14:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4f6c1497d491ebdec0b24caf356dad1f
6efe847d68565760b80862295cb809e7efee7de8
5a7ebb4a3bfc1046cd3c07cef6bd550f3452c3cf4d48d48e6428473f2de44c51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5A7EBB4A3BFC1046CD3C07CEF6BD550F3452C3CF4D48D48E6428473F2DE44C51"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12465
Expires: Thu, 24 Nov 2022 08:42:03 GMT
Date: Thu, 24 Nov 2022 05:14:18 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/89/63/84/896384ba5abede05393b62d0ee8ad306/1667590599.png
45.133.44.9200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/si/89/63/84/896384ba5abede05393b62d0ee8ad306/1667590599.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 2cb2500acb00f247ef19403c3a0f89e1
7c57e8b84b2bb0003810ffae7a14e24869155464
7efcd5082673b787603d2a0b8d768fb26807cf2ab79771a69886a916d0cda3ce
GET /si/89/63/84/896384ba5abede05393b62d0ee8ad306/1667590599.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:18 GMT
content-type: image/png
content-length: 32763
server: nginx/1.17.6
last-modified: Fri, 04 Nov 2022 19:36:48 GMT
etag: "636569d0-7ffb"
expires: Sat, 26 Nov 2022 05:14:18 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
lightssyrupdecree.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fanimate.css&l=79249&fd=336
173.233.139.164200 OK 0 B URL HTTP/1.1 lightssyrupdecree.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fanimate.css&l=79249&fd=336
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fanimate.css&l=79249&fd=336 HTTP/1.1
Host: lightssyrupdecree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 24 Nov 2022 05:14:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 23 Nov 2022 20:16:50 GMT
Expires: Thu, 23 Nov 2023 20:16:50 GMT
Cache-Control: public, max-age=31536000
Age: 32248
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2
lightssyrupdecree.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fstyle.css&l=9193&fd=341
173.233.139.164200 OK 0 B URL HTTP/1.1 lightssyrupdecree.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fstyle.css&l=9193&fd=341
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fstyle.css&l=9193&fd=341 HTTP/1.1
Host: lightssyrupdecree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 24 Nov 2022 05:14:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
lightssyrupdecree.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fjs%2Fscript.js&l=892&fd=301
173.233.139.164200 OK 0 B URL HTTP/1.1 lightssyrupdecree.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fjs%2Fscript.js&l=892&fd=301
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fjs%2Fscript.js&l=892&fd=301 HTTP/1.1
Host: lightssyrupdecree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 24 Nov 2022 05:14:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
lightssyrupdecree.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitzo%2BLngxePCiDeFBwZ6t%2FzC9zCOaXBGM2JNGIJ6urqmfLqe5qqrqnJ4tIMCC5CJOTHnvfbLIYg5o%2FQJBZLxIQMoKyB1e8iHchJwWZ2YHR79Df9%2Fp9h%2FfeV59slweEomT7l98yW0prtt5q0sbL11UmTOUal641fNqkJxvXVdaOTjZG848dvubTVpO%2B0nhD8oFZD6hPqU%2F9xnllZWJG6wsWKn%2FQ85s92oyCpt%2BKMLL%2Fx6704JgHMTwgJ6DE7PjmDw%2Bh%2BBRZ%2Bs1Z6QaFyV89l5aaFcZiKHbfzgaZqTKkqzGxHpJsd7kN42aEfH4EJttdOoAZ7swdIFYz4v3iI852lzIRD%2B8eKo01ZIZYPI1qOIXUUyg2BTe3oMRjAnCBSxvI0nuXjK3YjUOWzdkZOfbkL6hqRo79%2Biyy9KvTWo0aV40uC2Uyh1FSQ42mUP0p8nIPxZYHVe2BFx9DiR%2FJ%2BpOLyNKdDacNlNh%2FqS2jMIxa7TXRDcK1qBf11uKw56%2F5kvZY0OmwiAaLiJSaQiVTaDkGc0dQOg%2Bl8lAmHsrcQyr2G6zVSyjtJHESht2Icx6GnLe6bdESYdRNKEo%2B9zBGkY%2FB9Rjc3kRub2Kg7jxunYAtv4PbrOGEB1cQDEWNShJUjqBiBJUiqAqCaljfFdoFrr4ntCtjf9mDZQ%2FriSn62%2ByuKfoyI9v5AXlmkd3f757BQO43wm5CKQvbcSg6HdpilEo%2FEoHoxIyxNvXhVA3ljoA5D1vzQ%2F78PvJ5P%2Fc7YrYHp%2FfA1Ytg5fNg1aQTULDNSdSl2Mq%2BTpSWa2WuDRNNblIIUyMvjqG44W3rA%2FLcQkrvj%2BOQ%2FNGpzz7d%2BO2keA%2Fc1shtjQ%2FU9wR9fXtyxVRk54qpHHm4kRcqVVtsfuKrBSvk0ftvyhuVseLCWTf%2B4nU%2BJ%2Bbjg2vSFRdZJlTWd%2BTL00oIac8byyX59oK7LuPLpds8XdqszC9ePnP%2BQppb6Zwy2RRMPX7nQ3A1I0%2FZweLxvvDnOSg7hS1rpOUjsiwoMwXPb8LlK%2FXOEFi92olzD1VZT2wQr35qRaDlCrO4hvsPjlfztruNvvXAilvI0hpDW2OoazA9hiuPTorcPjr1U7goxNqbxNp6O7G2%2Bs5htE7tN1p%2BJLtxt8OFiCUXficIuyGlgRBRpyf9Hgo34x%2F9c%2F9fAAAA%2F%2F8BAAD%2F%2F6%2Fk1h2UBAAA
173.233.139.164200 OK 7 B URL HTTP/1.1 lightssyrupdecree.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitzo%2BLngxePCiDeFBwZ6t%2FzC9zCOaXBGM2JNGIJ6urqmfLqe5qqrqnJ4tIMCC5CJOTHnvfbLIYg5o%2FQJBZLxIQMoKyB1e8iHchJwWZ2YHR79Df9%2Fp9h%2FfeV59slweEomT7l98yW0prtt5q0sbL11UmTOUal641fNqkJxvXVdaOTjZG848dvubTVpO%2B0nhD8oFZD6hPqU%2F9xnllZWJG6wsWKn%2FQ85s92oyCpt%2BKMLL%2Fx6704JgHMTwgJ6DE7PjmDw%2Bh%2BBRZ%2Bs1Z6QaFyV89l5aaFcZiKHbfzgaZqTKkqzGxHpJsd7kN42aEfH4EJttdOoAZ7swdIFYz4v3iI852lzIRD%2B8eKo01ZIZYPI1qOIXUUyg2BTe3oMRjAnCBSxvI0nuXjK3YjUOWzdkZOfbkL6hqRo79%2Biyy9KvTWo0aV40uC2Uyh1FSQ42mUP0p8nIPxZYHVe2BFx9DiR%2FJ%2BpOLyNKdDacNlNh%2FqS2jMIxa7TXRDcK1qBf11uKw56%2F5kvZY0OmwiAaLiJSaQiVTaDkGc0dQOg%2Bl8lAmHsrcQyr2G6zVSyjtJHESht2Icx6GnLe6bdESYdRNKEo%2B9zBGkY%2FB9Rjc3kRub2Kg7jxunYAtv4PbrOGEB1cQDEWNShJUjqBiBJUiqAqCaljfFdoFrr4ntCtjf9mDZQ%2FriSn62%2ByuKfoyI9v5AXlmkd3f757BQO43wm5CKQvbcSg6HdpilEo%2FEoHoxIyxNvXhVA3ljoA5D1vzQ%2F78PvJ5P%2Fc7YrYHp%2FfA1Ytg5fNg1aQTULDNSdSl2Mq%2BTpSWa2WuDRNNblIIUyMvjqG44W3rA%2FLcQkrvj%2BOQ%2FNGpzz7d%2BO2keA%2Fc1shtjQ%2FU9wR9fXtyxVRk54qpHHm4kRcqVVtsfuKrBSvk0ftvyhuVseLCWTf%2B4nU%2BJ%2Bbjg2vSFRdZJlTWd%2BTL00oIac8byyX59oK7LuPLpds8XdqszC9ePnP%2BQppb6Zwy2RRMPX7nQ3A1I0%2FZweLxvvDnOSg7hS1rpOUjsiwoMwXPb8LlK%2FXOEFi92olzD1VZT2wQr35qRaDlCrO4hvsPjlfztruNvvXAilvI0hpDW2OoazA9hiuPTorcPjr1U7goxNqbxNp6O7G2%2Bs5htE7tN1p%2BJLtxt8OFiCUXficIuyGlgRBRpyf9Hgo34x%2F9c%2F9fAAAA%2F%2F8BAAD%2F%2F6%2Fk1h2UBAAA
IP 173.233.139.164:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitzo%2BLngxePCiDeFBwZ6t%2FzC9zCOaXBGM2JNGIJ6urqmfLqe5qqrqnJ4tIMCC5CJOTHnvfbLIYg5o%2FQJBZLxIQMoKyB1e8iHchJwWZ2YHR79Df9%2Fp9h%2FfeV59slweEomT7l98yW0prtt5q0sbL11UmTOUal641fNqkJxvXVdaOTjZG848dvubTVpO%2B0nhD8oFZD6hPqU%2F9xnllZWJG6wsWKn%2FQ85s92oyCpt%2BKMLL%2Fx6704JgHMTwgJ6DE7PjmDw%2Bh%2BBRZ%2Bs1Z6QaFyV89l5aaFcZiKHbfzgaZqTKkqzGxHpJsd7kN42aEfH4EJttdOoAZ7swdIFYz4v3iI852lzIRD%2B8eKo01ZIZYPI1qOIXUUyg2BTe3oMRjAnCBSxvI0nuXjK3YjUOWzdkZOfbkL6hqRo79%2Biyy9KvTWo0aV40uC2Uyh1FSQ42mUP0p8nIPxZYHVe2BFx9DiR%2FJ%2BpOLyNKdDacNlNh%2FqS2jMIxa7TXRDcK1qBf11uKw56%2F5kvZY0OmwiAaLiJSaQiVTaDkGc0dQOg%2Bl8lAmHsrcQyr2G6zVSyjtJHESht2Icx6GnLe6bdESYdRNKEo%2B9zBGkY%2FB9Rjc3kRub2Kg7jxunYAtv4PbrOGEB1cQDEWNShJUjqBiBJUiqAqCaljfFdoFrr4ntCtjf9mDZQ%2FriSn62%2ByuKfoyI9v5AXlmkd3f757BQO43wm5CKQvbcSg6HdpilEo%2FEoHoxIyxNvXhVA3ljoA5D1vzQ%2F78PvJ5P%2Fc7YrYHp%2FfA1Ytg5fNg1aQTULDNSdSl2Mq%2BTpSWa2WuDRNNblIIUyMvjqG44W3rA%2FLcQkrvj%2BOQ%2FNGpzz7d%2BO2keA%2Fc1shtjQ%2FU9wR9fXtyxVRk54qpHHm4kRcqVVtsfuKrBSvk0ftvyhuVseLCWTf%2B4nU%2BJ%2Bbjg2vSFRdZJlTWd%2BTL00oIac8byyX59oK7LuPLpds8XdqszC9ePnP%2BQppb6Zwy2RRMPX7nQ3A1I0%2FZweLxvvDnOSg7hS1rpOUjsiwoMwXPb8LlK%2FXOEFi92olzD1VZT2wQr35qRaDlCrO4hvsPjlfztruNvvXAilvI0hpDW2OoazA9hiuPTorcPjr1U7goxNqbxNp6O7G2%2Bs5htE7tN1p%2BJLtxt8OFiCUXficIuyGlgRBRpyf9Hgo34x%2F9c%2F9fAAAA%2F%2F8BAAD%2F%2F6%2Fk1h2UBAAA HTTP/1.1
Host: lightssyrupdecree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: u_pl=16537667; uid_id2=6e433456-d823-4949-b391-1e09a277a402:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 24 Nov 2022 05:14:18 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7e1d9521a49f216c5849ce9498a91c53
Strict-Transport-Security: max-age=0; includeSubdomains
lightssyrupdecree.com/pixel/sbs?c=1
173.233.139.164200 OK 0 B URL HTTP/1.1 lightssyrupdecree.com/pixel/sbs?c=1
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbs?c=1 HTTP/1.1
Host: lightssyrupdecree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: u_pl=16537667; uid_id2=6e433456-d823-4949-b391-1e09a277a402:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 24 Nov 2022 05:14:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
www.file-upload.com/mngez/css/app.css?v=1
172.67.146.80200 OK 0 B URL HTTP/2 www.file-upload.com/mngez/css/app.css?v=1
IP 172.67.146.80:0
GET /mngez/css/app.css?v=1 HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:11 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=253169
etag: W/"5cd288a6-3dcf1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 08 May 2019 07:43:34 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 49019902
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=16wklp33Rjtzr318PMFws9F9%2Bc0VBAFetyIGJkAJVYvyH469PVweXkQ9dyQHdSubuqr3oWq9fm4S9fqVvp85x78GC%2FW4SU%2Fo8vxBnzHe5oXigOSt1ayNqLEzARMqGkZNni2DiI7V"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76efa8de0ae50b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bedrapiona.com/5/5003260/?oo=1&js_build=iclick-v1.454.0
139.45.197.234200 OK 0 B URL HTTP/2 bedrapiona.com/5/5003260/?oo=1&js_build=iclick-v1.454.0
IP 139.45.197.234:0
GET /5/5003260/?oo=1&js_build=iclick-v1.454.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 05:14:12 GMT
content-type: application/json
x-trace-id: 7fa85acc4e1623e8bc631cd0ef638b82
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=ce4732370ca748d7be873a6286f0ea23; expires=Fri, 24 Nov 2023 05:14:12 GMT; path=/; secure; SameSite=None
oaidts=1669266852; expires=Fri, 24 Nov 2023 05:14:12 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
www.file-upload.com/assets/images/norton.png
172.67.146.80200 OK 0 B URL HTTP/2 www.file-upload.com/assets/images/norton.png
IP 172.67.146.80:0
GET /assets/images/norton.png HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:11 GMT
content-type: image/png
cache-control: max-age=315360000
cf-bgj: csam-hash
etag: W/"5be576df-1363"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 09 Nov 2018 12:00:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 48907433
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fN4DsCZPA0mZUrXSnyD9I9uscCqQiiTV9NEIs1Y2IGWJ4SCGMDVdk9%2FO2fopYZ4NmQZFLu9k4SxW2ebfw%2B4XrOPXyPeGpBNZ68nmjsjvIUywSqMMvjhDxkIa%2F%2B6qshJylGabFXX4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76efa8de0ae70b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:12 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Wed, 23 Nov 2022 16:38:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BBUUykpJVCo7Ze2HrmbTDc13UUHZCWWOTU%2FEsifRgeY86JbV0340Sk0nu2VsK4yvy3paQ2%2B%2Be9XeBr2laZo358%2F2SD4pLeJ0hvTP4g1SvFnd52zod%2FGOf4CjbWAErHUF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76efa8e4c8578868-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html
45.133.44.4200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:18 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 14 Sep 2022 08:56:26 GMT
etag: W/"6321973a-6ef"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 24 Nov 2022 06:14:18 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/jquery.min.js
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/jquery.min.js
IP 172.64.109.13:0
GET /sb/ssp/notifications/text_bubble/2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:18 GMT
content-type: application/javascript
last-modified: Tue, 12 Jul 2022 10:56:19 GMT
etag: W/"62cd5353-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 746576
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yq61P2mlm5ACwlwyYXyUPx5wiTJhQoOcXYLunYS%2FCA9kSSnfqZRFEECmsW2Q5L%2B8QCTfh0TYoNhCftIQY6IvbCjG2DQI5yNOJca33vqUe1mu359yCT5J0HYu88YBMeaASOnPLbFnyQnw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76efa909bd2d7300-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/css/animate.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/css/animate.css
IP 172.64.109.13:0
GET /sb/ssp/notifications/text_bubble/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:18 GMT
content-type: text/css
last-modified: Tue, 12 Jul 2022 10:56:21 GMT
etag: W/"62cd5355-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TJQxzHHhYWezQrLcAk8L%2FpzvIGg1VJK3TQsGGFTGpyAnuGJw2eGU3dbQVwo9LacgpQtUvAuWf2c4uSIQxL3Je99RSA0ERzbxpA0t06oLj87T%2Ffx79iEDKNiBIeuK1laBNPkb%2BKhYDln4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76efa9096d0f7300-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/script.js
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/script.js
IP 172.64.109.13:0
GET /sb/ssp/notifications/text_bubble/2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:18 GMT
content-type: application/javascript
last-modified: Tue, 12 Jul 2022 10:56:18 GMT
etag: W/"62cd5352-37c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y5%2Ftf8niL18J8R3Y7derHNdsX6xPMtDnYzRTBsQT9w5C2qhsjgxfNvUk0ZUdUdEhxUYIdaAwznDV35Wfr4lUhAp6kIgriKGk8APmKdiexRGn7k2O9Y%2BT6P%2FLBm1NDhuytZZUUp12s5F9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76efa90a8d7d7300-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
inklinkor.com/tag.min.js
172.67.211.29200 OK 0 B IP 172.67.211.29:0
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:12 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: b0c6e984961b6798afe8d04a666a9de6
cache-control: max-age=86400
last-modified: Wed, 23 Nov 2022 10:05:31 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Fri, 25 Nov 2022 03:36:45 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 5847
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0DvYVZW2%2BMhVWmddJprOn4HnnORxEmyi5k2e0ZvAa%2FSwJPaqIXlpwB6NSt5cbOzCvHmd34x%2BSum5iKWWTX0Ccz%2BnwlX8q2OZ775fgMNqjKSPUohI%2Bp%2FZQMTBM5tCGTA9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76efa8e229861bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.file-upload.com/mngez/images/anti1.png
172.67.146.80200 OK 0 B URL HTTP/2 www.file-upload.com/mngez/images/anti1.png
IP 172.67.146.80:0
GET /mngez/images/anti1.png HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:11 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Fri, 28 Dec 2018 22:57:30 GMT
etag: W/"4aae-57e1cfcdbca80"
cache-control: public, max-age=31536000
expires: Mon, 13 Jun 2022 22:59:53 GMT
x-cache: HIT from Backend
cf-cache-status: HIT
age: 14710458
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1UZbiRupAS5F0MefjwxHwUJgafOJJpvRI75St4NG7l5H91RHBTDi9tVHkeQ5JCFgacsmNmtVCktOczP1QCwfsbf%2Bx5ljfd2AaNHlz%2FQZoUUjmUvp411F%2Be%2Bdtg7ul%2BO9hIb2hUgi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76efa8de1af30b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:12 GMT
content-type: text/plain
set-cookie: csu=872096589242367@1@1669266852; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wv%2Bsa9suWDFP3jqzSdfTd3wngCkYZto0jKE2FY7Pa%2BRpn4NtVYL5TcNVBRf%2B%2FE62wsPYN2cWHH4C1UGRmQUN6Y%2BogzZ6UtLNYjX1qp%2FehOSTTtRFAnAXzNc5wGDfrgFv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76efa8e4c8588868-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/css/style.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/css/style.css
IP 172.64.109.13:0
GET /sb/ssp/notifications/text_bubble/2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:18 GMT
content-type: text/css
last-modified: Tue, 12 Jul 2022 11:09:04 GMT
etag: W/"62cd5650-23e9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kgIaVmlXJ%2Fi02Ok48ZYSgCGijpAr30qPvclPSNcMN8Ae%2FVtT%2BEkLOH5iz13nfcoXcXWAom6OTLzaHSQYhlDeVS4nUI89r7vVcgSBBw3Y3V7FLpFVE18%2B6cwJvDOBjYG%2FSfsZQGmZEHRX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76efa9097d137300-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
172.67.194.45200 OK 0 B IP 172.67.194.45:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 05:14:12 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 14:05:58 GMT
etag: W/"634eb2c6-32d9"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4470
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hb6WaAj0ddB3c6JVQgL0BE7bidoOF%2FC6z2JkRnbBFSCSOhONCZReUeTW4wShqzpxy%2F1%2FJf%2FeBlToapBqJZYJ%2BXCh7wMn8DAs9cRgZ2ammNaAczqX1YjRMWz%2BEd5i5A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76efa8e4cf3b0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.200.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: BEXE4A7ZBwoOPUAwKkKba3mgtrN5tmKfgNW/Zvh/2Mc8JqeMu14EfSOdTn9F8etniKUgcszGqivO9cw/0+aOFA==
date: Thu, 24 Nov 2022 05:14:12 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2