usaupload.com/5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8
65.109.18.14301 Moved Permanently 162 B URL HTTP/1.1 usaupload.com/5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert quad9 Sinkholed
GET /5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8 HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 15 Dec 2022 19:05:54 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://usaupload.com/5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 96367f956a4177aec7e7e80221539d58
8dcad10fde96c139d1ef212388cb6755fe3fe077
f4f9bdb5180359dfd734cef1e6f1b54bc9d8f72cae557366eb74f22100b94dc4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F4F9BDB5180359DFD734CEF1E6F1B54BC9D8F72CAE557366EB74F22100B94DC4"
Last-Modified: Thu, 15 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8600
Expires: Thu, 15 Dec 2022 21:29:14 GMT
Date: Thu, 15 Dec 2022 19:05:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4a5e9bc8b7891ac5f4552c29bcbaedb0
39735081eeb64eae477c61c1147daeb68fb37b22
c465efaf205ff2992af02c16187ca14a658cd5335b892903374f3adab32a8cd9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C465EFAF205FF2992AF02C16187CA14A658CD5335B892903374F3ADAB32A8CD9"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8459
Expires: Thu, 15 Dec 2022 21:26:53 GMT
Date: Thu, 15 Dec 2022 19:05:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 51bd0cc75ed746fd33c950eb12936b7e
4a1007ea6c6e4f5e8b4a7d1f85f7a3e329dc8f50
188d4a0d544f40048dc7476cb4f5e478f1eb49a8ef1d51699fb155d2ae258655
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "188D4A0D544F40048DC7476CB4F5E478F1EB49A8EF1D51699FB155D2AE258655"
Last-Modified: Tue, 13 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6147
Expires: Thu, 15 Dec 2022 20:48:21 GMT
Date: Thu, 15 Dec 2022 19:05:54 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 15 Dec 2022 18:33:55 GMT
content-type: application/json
age: 1919
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Lkj93tmTxHix6SaeMw5rq8G4eCRfIipW3CpsMkgikGFSfvQYkT7WzsOfKciRcvnN8L77ekpWTzc=
x-amz-request-id: WZ903A691J6144SZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 15 Dec 2022 18:51:01 GMT
age: 893
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/bootstrap.min.css
65.109.18.14200 OK 77 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/bootstrap.min.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (65324)
Hash bc48830f50049b0cbbe3dd417755a347
e5cdb6545f9b4bce4eeda78f64a714e2de4d0e09
7d56baeec9679114562cdc56d3f28cb9a43263cada11b1f64809851e7a8b1419
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/bootstrap.min.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: text/css
content-length: 76917
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-12c75"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/stack-interface.css
65.109.18.14200 OK 3.1 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/stack-interface.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash 6406d626f8bfc1e6815698bfecf9a2f8
a918901be3ab1b9bb4ce9980db521eb4731bb82b
f620d1bf10d3f45a7b19edd4f863090c5dd5031411918508493634c4018e81b7
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/stack-interface.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: text/css
content-length: 3082
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-c0a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/socicon.css
65.109.18.14200 OK 9.3 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/socicon.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash b23fff7d228bbe8796ad8b3d280e3401
1a9861031bda4d3c1cb58564107d8b777982750b
17beb90ae4f385180d6b7d184dcb640ccd2a360e4ee03af0254c83b00ef87202
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/socicon.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: text/css
content-length: 9283
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-2443"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/lightbox.min.css
65.109.18.14200 OK 3.7 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/lightbox.min.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash 40cab6b747df96a8a66f5c0ac4e034dd
85dd24bc614fb1ecaeb873f4e686213aa53927c3
798da60d899fcd9aa5074834d88b63c398dd72af5711ed48d7f68dde8dc8db5e
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/lightbox.min.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: text/css
content-length: 3668
last-modified: Mon, 28 Sep 2020 14:26:46 GMT
etag: "5f71f2a6-e54"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/flickity.css
65.109.18.14200 OK 2.4 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/flickity.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash 5439695b076327f53edcda86d192856b
d938327051f0bf044bc65b68721ad3193bd2ef12
1709404c1e9beb94953cc95fcc3477e7cb4213e03bfe9bbe0f8a37877c1c6e42
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/flickity.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: text/css
content-length: 2392
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-958"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/jquery.steps.css
65.109.18.14200 OK 5.6 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/jquery.steps.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash a0ed38e9ba9498867df1f62407377def
6d2278f924b80328695e8fe5213b252ae499fc77
70110803124af60b1e1dc1ea3c0408353947b4a0d7000f47873c85287de875d5
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/jquery.steps.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: text/css
content-length: 5638
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-1606"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/cookiealert.css
65.109.18.14200 OK 12 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/cookiealert.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (11486), with CRLF line terminators
Hash 3d2946aeae3cc8f43e2acf82ea029bd4
c25a0bd445ff9e6034d34e8f388f5565515a2783
705d9fc8952ac3bf3d9300e3d9ea6753284cdd920c34be0213ec8bc862df7a28
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/cookiealert.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: text/css
content-length: 12369
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-3051"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/font-awesome.min.css
65.109.18.14200 OK 59 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/font-awesome.min.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (58929)
Hash 66e407beb68fdbb8bacd87d91ddf7829
5ed55601e30871fb757dc4b78a40a432f9a3600b
eb98a660b34391ce502005c6b8553af83defcf0832489134efb499498051d1d9
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/font-awesome.min.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: text/css
content-length: 59115
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-e6eb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/custom.css
65.109.18.14200 OK 8.9 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/custom.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type assembler source, ASCII text, with CRLF line terminators
Hash 65417cde74809cb9b9e66d0ab4adc448
9729ccac013729aed790fdc25d71d858f50a137b
c8dee41785c1f45859a70f3bb9a65b3cba83d866dd46ca0096d07067fec9d280
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/custom.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: text/css
content-length: 8936
last-modified: Thu, 04 Feb 2021 16:28:50 GMT
etag: "601c20c2-22e8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/iconsmind.css
65.109.18.14200 OK 96 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/iconsmind.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash 39aa385af1cfd640bac73a09de3ac9fe
6d17dff21d04138cd8ab3ef9dfe1eae79994834c
0909de268b3276cb7464acb2f86701f62974a893dd374312908a3f8efc363438
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/iconsmind.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: text/css
content-length: 96447
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-178bf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/flickity.min.js
65.109.18.14200 OK 54 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/flickity.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (32032)
Hash 81a84001ccd9bdd589d1b4f187311b15
5cdf8cb0d97b5b16a5f812e1541ad387a7cb8af5
5a28889b1faf91d12eeb5b5d173c50135eefd7fdc29a951b365340cf473bd9b2
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/flickity.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 53861
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-d265"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/typed.min.js
65.109.18.14200 OK 3.9 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/typed.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (3949), with no line terminators
Hash 2f6185a8a32a50b2b3e04849f44359d4
0e5501588c5c0d1c9462f34b0d56c21abff5bfef
914df93a9770d8a0e132b6ce3e8f1cfba0e0fae8f3b9002a3f0eb47c3d0cc97b
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/typed.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 3949
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-f6d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/datepicker.js
65.109.18.14200 OK 21 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/datepicker.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (12692), with CRLF line terminators
Hash 8cfe207a6a21c7495cfb751c761217a6
35d686a6c4ecc9946c35444ce93e110cb0e1611c
804e3c2608de23694fa71684178e2f9815115d56ee022ec770e1fcb208847acc
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/datepicker.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 20975
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-51ef"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/granim.min.js
65.109.18.14200 OK 11 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/granim.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (10573)
Hash 2c16a9a724563fc0c306abb5bdeb03fe
90c2032537714e66059a3eaa150b93f3c9c80163
997a15cf01d5118cb0106587f441c32de2074c8dc12d85cf7c7dc430e2ee342e
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/granim.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 10634
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-298a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/jquery.steps.min.js
65.109.18.14200 OK 14 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/jquery.steps.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (13686)
Hash 4c5e9f4e84d32b7df69af7420b355e03
14e1e287ec98e8cc0a992ee996783b0c42f9ec0f
c9459a9e11e4c63fb7a30d2a644e80b733fc9599302ef3da8142cbe8f9d9333d
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/jquery.steps.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 13857
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-3621"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/countdown.min.js
65.109.18.14200 OK 5.3 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/countdown.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (4136)
Hash 5d3ff3c3fbaa67cc639501f44eeb07be
bd66e4cd58de09c198e7abc77fa4c883955d189e
2249399b2268c260d0698542503d16afebc80e437c846239f12196744ebbd40f
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/countdown.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 5339
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-14db"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js
65.109.18.14200 OK 6.0 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (4887)
Hash b67e171349c4716dd7bb15c018a2c8c1
60b204148c0eed83b06043897d1cbd54709eab66
8daef829c397c41e42a1f9faffc25aa4834334e5305805419933a1b44b6c1e30
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/smooth-scroll.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 6006
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-1776"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js
65.109.18.14200 OK 87 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (32030)
Hash e071abda8fe61194711cfc2ab99fe104
f647a6d37dc4ca055ced3cf64bbc1f490070acba
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/jquery-3.1.1.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 86709
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-152b5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js
65.109.18.14200 OK 70 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (768)
Hash 737f853e9fd6a31d62f5028e88663c9f
cf144f2ab49f53a69fbfe10d3588fc23437d2736
6c3ca64b7acfdd29b3ca6f1b9b46696369abd462d4546182085c347f72211841
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/jquery.dataTables.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 69604
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-10fe4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/cookiealert.js
65.109.18.14200 OK 1.8 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/cookiealert.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 81279e22c8ece9e1d0536a402484daa3
911797507fb12d4f451d5900e32db96ad697c401
5c6237178e88ab7f1c6e26c9e99547e58782450b8f2a182129448ff4d99e89ab
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/cookiealert.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 1836
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-72c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/cache/themes/spirit/logo_inverse.png
65.109.18.14200 OK 47 kB URL HTTP/2 usaupload.com/cache/themes/spirit/logo_inverse.png
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 2395 x 523, 8-bit/color RGBA, non-interlaced\012- data
Hash 4a27d711f28aba5323cc3ec041fa5b02
d9085bc35de1f67fcc747a4e65326211da1a325b
2d8eee896b0e8b89f72080dc107998f372efb2e311ab8110e589b2e12ab3e357
Analyzer Verdict Alert quad9 Sinkholed
GET /cache/themes/spirit/logo_inverse.png HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: image/png
content-length: 46999
last-modified: Thu, 07 Apr 2022 17:42:41 GMT
etag: "624f2291-b797"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/cache/themes/spirit/logo.png
65.109.18.14200 OK 45 kB URL HTTP/2 usaupload.com/cache/themes/spirit/logo.png
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 2395 x 523, 8-bit/color RGBA, non-interlaced\012- data
Hash e772ff8c144c6dab2b01cc460c09ed46
cc3d762f0be3af03b5d47e559cf1a941273126c3
8fd6aa3f0b8b3d4211fff4f800eeed179c4edd178a90c55848d9d063c76d39c4
Analyzer Verdict Alert quad9 Sinkholed
GET /cache/themes/spirit/logo.png HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: image/png
content-length: 44604
last-modified: Thu, 07 Apr 2022 17:58:15 GMT
etag: "624f2637-ae3c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/images/flags/us.png
65.109.18.14200 OK 609 B URL HTTP/2 usaupload.com/themes/spirit/assets/images/flags/us.png
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced\012- data
Hash 968591e0050981be9fa94bd2597afb48
dd9e149e2b5ad59dd8b4b262f5fdeb5cc10ecf43
36cce5cae3d2e0045b2b2b6cbffdad7a0aba3e99919cc219bbf0578efdc45585
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/images/flags/us.png HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: image/png
content-length: 609
last-modified: Mon, 28 Sep 2020 14:27:40 GMT
etag: "5f71f2dc-261"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/scripts.js
65.109.18.14200 OK 112 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/scripts.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (914)
Size 112 kB (111905 bytes)
Hash ccd6c308b2b8e36ae154d7bacea4240d
f7d2f7195150771246dd599dbb4ff3bc2f0f2179
fc2a8bf60f1e7577697c0b457c01aeeecfd2b18ea68c93e2d374bf6d95fbe7a0
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/scripts.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 111905
last-modified: Wed, 14 Oct 2020 16:17:02 GMT
etag: "5f87247e-1b521"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7554f75e4959d216038e95962579e741
10f237248a234544391eb351e97515d385a372b3
cb2bc78887ed330dee49076c04ba87723fdc2a869a124dba2a475cac174480da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d8ee7b5ed9f1ce2717492af01f420e1f
1e1cfe7134e0d88f1398c5e8b54c2632a7d3459b
1b0f0eff510a5eee48139d1f2a02a4f98109541998da638034bc04b05ef72d32
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7554f75e4959d216038e95962579e741
10f237248a234544391eb351e97515d385a372b3
cb2bc78887ed330dee49076c04ba87723fdc2a869a124dba2a475cac174480da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-163791795-1
172.217.21.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-163791795-1
IP 172.217.21.168:0
File type ASCII text, with very long lines (1921)
Hash 09041853faddc6da62524c453c3d24b8
733fea543c3c3b13a98f9db8a2e24eba54850be6
35830d4b1eecdaa017dd19c9b495bb9b27b269f234e5bb4a1f8636ffc3b22900
GET /gtag/js?id=UA-163791795-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 15 Dec 2022 19:05:54 GMT
expires: Thu, 15 Dec 2022 19:05:54 GMT
cache-control: private, max-age=900
last-modified: Thu, 15 Dec 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43580
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/icon?family=Material+Icons
142.250.74.106200 OK 813 B URL HTTP/2 fonts.googleapis.com/icon?family=Material+Icons
IP 142.250.74.106:0
Hash fa0b9601af9a0e00ed824c25a0f48ffd
4df1bf27e146db490628d3ed23aac8571e0e5ca2
d6c56499724853c9c8ea47972d6ac2719a5b2f21b54eaf04a51b718cb5f87b2a
GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 15 Dec 2022 19:05:54 GMT
date: Thu, 15 Dec 2022 19:05:54 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 0fbe3d80eaa6623da753aece08c3a818
d3c6fe97e3154f00f681647a3c74800008ac2d2f
cab890482eacc4298414a2aa0e41ea5bce399eccd4d5e50c9cdc55c735c83b1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
usaupload.com/themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631
65.109.18.14200 OK 4.3 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type Web Open Font Format (Version 2), TrueType, length 4292, version 1.0\012- data
Hash ae072782b361d2afdbf43db08d3cfb73
f3db2e65b53d97491672f8631e21d6d05905cc88
31205df908aed9881f6d2d3ae7d38975252bf99e38268978b4236dc3c314754b
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631 HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://usaupload.com/themes/spirit/assets/frontend/css/stack-interface.css
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:55 GMT
content-type: font/woff2
content-length: 4292
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-10c4"
accept-ranges: bytes
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 15 Dec 2022 18:33:21 GMT
age: 1954
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2e709a04ea80113c435ca4f9d37e93e7
053f34d74eded192d698bb20956897ec3e3ad23b
2535554bd9d9004c7888cde496278d847002218fb1d35a3d4bacdd98c8a92ff9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2e709a04ea80113c435ca4f9d37e93e7
053f34d74eded192d698bb20956897ec3e3ad23b
2535554bd9d9004c7888cde496278d847002218fb1d35a3d4bacdd98c8a92ff9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2e709a04ea80113c435ca4f9d37e93e7
053f34d74eded192d698bb20956897ec3e3ad23b
2535554bd9d9004c7888cde496278d847002218fb1d35a3d4bacdd98c8a92ff9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2e709a04ea80113c435ca4f9d37e93e7
053f34d74eded192d698bb20956897ec3e3ad23b
2535554bd9d9004c7888cde496278d847002218fb1d35a3d4bacdd98c8a92ff9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
142.250.74.35200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://usaupload.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 12 Dec 2022 18:56:07 GMT
expires: Tue, 12 Dec 2023 18:56:07 GMT
cache-control: public, max-age=31536000
age: 259788
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://usaupload.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 12 Dec 2022 18:52:41 GMT
expires: Tue, 12 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 259994
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png
65.109.18.14200 OK 5.0 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash a9a8c24cea41bed7ef78ed1d12d48291
cd86d71e15b97ab602e0e39bb6e9bbaf6779f4d7
3b379c83d1c0b117cec88debed9390723daffc2fb99cf51cc2175c47169d190e
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:55 GMT
content-type: image/png
content-length: 5016
last-modified: Mon, 28 Sep 2020 14:26:42 GMT
etag: "5f71f2a2-1398"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2e709a04ea80113c435ca4f9d37e93e7
053f34d74eded192d698bb20956897ec3e3ad23b
2535554bd9d9004c7888cde496278d847002218fb1d35a3d4bacdd98c8a92ff9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
usaupload.com/themes/spirit/assets/frontend/img/favicon/favicon-16x16.png
65.109.18.14200 OK 447 B URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/img/favicon/favicon-16x16.png
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash f3d5da06fe8d5a2425d5d229285e5eea
01032b864f3c74bbf44771e2ba41eeb2251fad90
d11d596429d3543bfb07191a87a67a8c22e198113c6f3a109158a5a85bf82f26
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/img/favicon/favicon-16x16.png HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:55 GMT
content-type: image/png
content-length: 447
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-1bf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9df5a2d7dc4f2ded8585dd6bf607f855
e567f1911212b5fc1fd6feb7cead9445995f3c0c
896bdd2e8d74af6dcb32b8fbb28a1b068dcd97ae9c2fec590c692f24317eb58e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b9f0adeb27a19629aeff6f34de67f3ad
3876d1b871d7da6d18de23c2edb301eb30728066
c5744a90c8f66629aa2331465a32afe0d430b36d16fd98bc821e370f1b24463c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2597
Cache-Control: max-age=139462
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Etag: "639ae3b4-1d7"
Expires: Sat, 17 Dec 2022 09:50:17 GMT
Last-Modified: Thu, 15 Dec 2022 09:07:00 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
usaupload.com/5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8
65.109.18.14302 Found 70 kB URL HTTP/2 usaupload.com/5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash c6487bfefb4a63c929128ad929d209d6
b442465dd98dd89ee0573a21e7ab4d498da0670a
80dc193586ca01f547827baffd47b84a0c2dc0768465bf8816a6fe531cb4b99f
Analyzer Verdict Alert quad9 Sinkholed
GET /5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8 HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
content-type: text/html; charset=UTF-8
location: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
set-cookie: filehosting=oj8u1t27mm138938i3g81dfn8p; expires=Fri, 16-Dec-2022 19:05:54 GMT; Max-Age=86400; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, no-cache
date: Thu, 15 Dec 2022 19:05:54 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9df5a2d7dc4f2ded8585dd6bf607f855
e567f1911212b5fc1fd6feb7cead9445995f3c0c
896bdd2e8d74af6dcb32b8fbb28a1b068dcd97ae9c2fec590c692f24317eb58e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e30904bd9b57028f7ba1cc8e04ff08fd
9acb88374abef6387243ce8c5cf1149d73879ac1
be1ece2af7858ffc84e916d4554a805760c13a2eab346ac5a09a232b79116225
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 15 Dec 2022 17:34:02 GMT
expires: Thu, 15 Dec 2022 19:34:02 GMT
cache-control: public, max-age=7200
age: 5513
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e30904bd9b57028f7ba1cc8e04ff08fd
9acb88374abef6387243ce8c5cf1149d73879ac1
be1ece2af7858ffc84e916d4554a805760c13a2eab346ac5a09a232b79116225
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j98&a=1567613133&t=pageview&_s=1&dl=https%3A%2F%2Fusaupload.com%2Ferror%3Fe%3DFile%2Bcan%2Bnot%2Bbe%2Blocated%252C%2Bplease%2Btry%2Bagain%2Blater.&ul=en-us&de=UTF-8&dt=Error%20-%20USAupload%20%7C%20Upload%20Files%20for%20free&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1688580410&gjid=1654329534&cid=585656217.1671131153&tid=UA-163791795-1&_gid=1906615904.1671131153&_r=1>m=2oubu0&z=2486420
142.250.74.46200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=1567613133&t=pageview&_s=1&dl=https%3A%2F%2Fusaupload.com%2Ferror%3Fe%3DFile%2Bcan%2Bnot%2Bbe%2Blocated%252C%2Bplease%2Btry%2Bagain%2Blater.&ul=en-us&de=UTF-8&dt=Error%20-%20USAupload%20%7C%20Upload%20Files%20for%20free&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1688580410&gjid=1654329534&cid=585656217.1671131153&tid=UA-163791795-1&_gid=1906615904.1671131153&_r=1>m=2oubu0&z=2486420
IP 142.250.74.46:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j98&a=1567613133&t=pageview&_s=1&dl=https%3A%2F%2Fusaupload.com%2Ferror%3Fe%3DFile%2Bcan%2Bnot%2Bbe%2Blocated%252C%2Bplease%2Btry%2Bagain%2Blater.&ul=en-us&de=UTF-8&dt=Error%20-%20USAupload%20%7C%20Upload%20Files%20for%20free&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1688580410&gjid=1654329534&cid=585656217.1671131153&tid=UA-163791795-1&_gid=1906615904.1671131153&_r=1>m=2oubu0&z=2486420 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://usaupload.com
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://usaupload.com
date: Thu, 15 Dec 2022 19:05:55 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 59d4744b8c38f1a993c7948e83df2f66
973cb780e4496e843d53ef60afc79043e6eb568c
58929f8c9b924e272d783ac3c7b09217a4f764b210076efef1559e62f2f49efc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/html/r20221207/r20190131/zrt_lookup.html
142.250.74.130200 OK 4.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20221207/r20190131/zrt_lookup.html
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2579)
Hash 2fb3574102373e2e076cfa2ff90cdf25
d06c985183def975546d6e47ab6369c11dcf7195
e61cbc207f7fc2f429deceff11e7a339a3d9a9574da6d035054eba02ee381345
GET /pagead/html/r20221207/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4242
x-xss-protection: 0
date: Thu, 15 Dec 2022 02:43:58 GMT
expires: Thu, 29 Dec 2022 02:43:58 GMT
cache-control: public, max-age=1209600
age: 58917
etag: 10353107486223812946
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 59d4744b8c38f1a993c7948e83df2f66
973cb780e4496e843d53ef60afc79043e6eb568c
58929f8c9b924e272d783ac3c7b09217a4f764b210076efef1559e62f2f49efc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.38.139.17101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.139.17:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ceiU8p6DgENeeEhmju5QWw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: H+6l+MSLAD5rZwJNG0GExv00uCY=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5244d7b230a136029157ae81adce342b
93cc1a94d64cc204eb249b92f1038bcba71a6a4b
6b11d268df2e001d95a8c48d64342a79753e8c7d20d1a5d692da3ce2ef258592
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 500d7838b7582b456b8025ffe03ac9a8
ba64ec0d9ae36361848bc1be73a99e7c38575271
0da1844c4988d6497821f944b47dd19158be73f10deac19945ebdd9c18927485
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5244d7b230a136029157ae81adce342b
93cc1a94d64cc204eb249b92f1038bcba71a6a4b
6b11d268df2e001d95a8c48d64342a79753e8c7d20d1a5d692da3ce2ef258592
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9ec381d07d75f411d93d31b527e071bd
ef490b856d13950f9f6b7a0d3415f102a35835ec
ba0d985e47388f66167391436cd452ae5149448301a42d5a6a1a2f90ed8914a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/adsid/integrator.js?domain=usaupload.com
142.250.74.130200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=usaupload.com
IP 142.250.74.130:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=usaupload.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 15 Dec 2022 19:05:55 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=usaupload.com
142.250.74.98200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=usaupload.com
IP 142.250.74.98:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=usaupload.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 15 Dec 2022 19:05:55 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 500d7838b7582b456b8025ffe03ac9a8
ba64ec0d9ae36361848bc1be73a99e7c38575271
0da1844c4988d6497821f944b47dd19158be73f10deac19945ebdd9c18927485
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 06612a702dd3686207e6a4031f79d34e
3a1be9901f9c9271b91a2b00ee7e6abc49086ba5
154da1479719d54b088120f2435ab08c2a44743abe2c2e67ae78db9537ecef40
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221207&st=env
142.250.74.34200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221207&st=env
IP 142.250.74.34:0
File type JSON data\012- , ASCII text, with very long lines (14721), with no line terminators
Hash b00b693ebc13c7b63c4e8dc1e30cf4aa
795513ca744b83eea945a42a69354a9fc5a28eab
a7ff78b887b38347b88c37de516cecc6d7e0d8718866e044d5faa3ee95462621
GET /getconfig/sodar?sv=200&tid=gda&tv=r20221207&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://usaupload.com
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Thu, 15 Dec 2022 19:05:56 GMT
server: cafe
content-length: 11108
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6806c550ece2aced10ed285921cb645b
12421f8bfc1eb257a871a65bde5ffa7065774388
7341159875d11d2c39acbb472309d0dd3276353e08816a15a0c618d34617e279
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=usaupload.com
142.250.74.98200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=usaupload.com
IP 142.250.74.98:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=usaupload.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 15 Dec 2022 19:05:56 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2.js
172.217.21.161200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 172.217.21.161:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Thu, 15 Dec 2022 19:05:56 GMT
expires: Thu, 15 Dec 2022 19:05:56 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d8728b37979eb7ff6c3ad5a96091d4ce
988859950d480caa2fe23e14d5f29df17827dc6d
a33db1e064a2e10cb01ecc3184b4f65f134f93a10647c67602bfcea6d0c56740
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
142.250.74.164200 OK 512 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 98b3316fb6a8d297763fa882df74a9f4
c6b5649983120b152ae5d1f3cef6634ace352e74
47e38b0ee53b15c0d45e9a31e7fa879a8f57021e47777acc5eb5c0d95dbd1158
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 15 Dec 2022 19:05:56 GMT
date: Thu, 15 Dec 2022 19:05:56 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-1EXdS8-WLUdYFDPn8dhwIw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 11cfeda2802547afadbbd10fd45ea039
d7118ea09cce13c5ae5192d24e0b71d380153db0
e9db2ce30643914af2d2572e96bae9c74a4824f4bd0c5ff22086465f2b77cef7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 088037aa3cd3f678776d4443ee3feec3
4e8c2c84585e93acaeaba3c4a5704a98a315b33d
5f6edbe6d09f7efebc225ecb6d07c98f1ec12fa127febec52a4194130affdc88
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
142.250.74.3200 OK 604 B URL HTTP/2 www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
IP 142.250.74.3:0
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 7bd42e5a35b5fb3ff852d6ea9191ca83
8a141eb392a05a2dea3dcd83b97940ef70a81ebc
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
GET /images/icons/material/system/2x/settings_grey600_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Dec 2022 21:10:11 GMT
expires: Thu, 14 Dec 2023 21:10:11 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: image/png
age: 78945
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
142.250.74.3200 OK 205 B URL HTTP/2 www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
IP 142.250.74.3:0
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 4087858e2c9db9aa8f6a840aedcfb533
d1ffe861da6bd0e95fd1a365b0c3d3ceb6cd58a3
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
GET /images/icons/material/system/2x/feedback_grey600_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 205
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Dec 2022 17:55:02 GMT
expires: Fri, 15 Dec 2023 17:55:02 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: image/png
age: 4254
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 088037aa3cd3f678776d4443ee3feec3
4e8c2c84585e93acaeaba3c4a5704a98a315b33d
5f6edbe6d09f7efebc225ecb6d07c98f1ec12fa127febec52a4194130affdc88
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 19:05:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/mysidia/5abbe811e7745ada511aeaa994a13f9f.js?tag=mysidia_one_click_handler_one_afma_2019
142.250.74.3200 OK 14 kB URL HTTP/2 www.gstatic.com/mysidia/5abbe811e7745ada511aeaa994a13f9f.js?tag=mysidia_one_click_handler_one_afma_2019
IP 142.250.74.3:0
File type C++ source, ASCII text, with very long lines (1833)
Hash d423039334318b32567d199ce1d9238e
e9ecb9be252647406e9ac7d57645beb00f22a8f1
4ea40f24181f3b9df05fd0b365a5a679de8ab34489f81127420075a618b297e1
GET /mysidia/5abbe811e7745ada511aeaa994a13f9f.js?tag=mysidia_one_click_handler_one_afma_2019 HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="mysidia"
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-length: 14213
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 12 Dec 2022 21:28:39 GMT
expires: Sun, 12 Mar 2023 21:28:39 GMT
cache-control: public, max-age=7776000
last-modified: Thu, 08 Dec 2022 23:34:55 GMT
content-type: text/javascript
age: 250637
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14610
Expires: Thu, 15 Dec 2022 23:09:26 GMT
Date: Thu, 15 Dec 2022 19:05:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 46399a614a313b60cfdfbce62c7a59ae
6530f8bc1cf029d639e844e4e4036b0850e8d840
ea52ad1ed9a6dcd11811a180ec07809b453e0923c4da30e213ab495c85973974
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EA52AD1ED9A6DCD11811A180EC07809B453E0923C4DA30E213AB495C85973974"
Last-Modified: Thu, 15 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8203
Expires: Thu, 15 Dec 2022 21:22:39 GMT
Date: Thu, 15 Dec 2022 19:05:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14610
Expires: Thu, 15 Dec 2022 23:09:26 GMT
Date: Thu, 15 Dec 2022 19:05:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4368d88-830e-4776-bbdb-c2457233983a.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4368d88-830e-4776-bbdb-c2457233983a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8b031e56b256ee8ed21093f8c5398815
ef4ac091b1804b68c1d8e073d73f7a57e08739a6
f332c68ba6b31d67c02d16412c85e760cbc2e7a67073876c8799365e80b6dbab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4368d88-830e-4776-bbdb-c2457233983a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9851
x-amzn-requestid: 38f12682-d3c4-4e4f-9b24-afe81ca85dde
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c-FX9FsVoAMF5AQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63958299-3d25cec26bcb2ccf73e3526f;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 07:11:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AhjBxWNu8LWdEfZRVxXxNXnqG9nfSGiPECfO1_pg9FxR5mxPw9k0Iw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 02:23:31 GMT
etag: "ef4ac091b1804b68c1d8e073d73f7a57e08739a6"
content-type: image/jpeg
age: 60145
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F874ce85e-7786-4e92-aea7-1c22181143e6.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F874ce85e-7786-4e92-aea7-1c22181143e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 389fe7dd5f3f80351a97fe4106be49b5
a91f474e6d320797c2ea32ecaf7a341f5f77fe82
11957edbfb3dc06abbe8ee6aa9dac0a25f84ba909a6404030c9f081343384513
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F874ce85e-7786-4e92-aea7-1c22181143e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9108
x-amzn-requestid: 2134a88c-a745-4061-ac63-16989306d7da
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dH_FlF6MoAMFQsg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63997889-18ba85822302c07e672f17e3;Sampled=0
x-amzn-remapped-date: Wed, 14 Dec 2022 07:17:29 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: cqlGj6xu4etxgHqsCba0T3DmafdJe71e4CRzfte5w2HSr-CQqweufQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 07:55:29 GMT
age: 40227
etag: "a91f474e6d320797c2ea32ecaf7a341f5f77fe82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56f56798-4039-4a1a-9490-f61d1b1e77da.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56f56798-4039-4a1a-9490-f61d1b1e77da.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 672ae812012d060ba75fbb8cb9d6038c
2ab1016451432b6cd1d6b9756c6cc6a926ffa7ce
cd9c002af775a6ba6ff8902a67e19c2ed2663d23bf8a1c3fe763598a60ba8d69
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56f56798-4039-4a1a-9490-f61d1b1e77da.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5259
x-amzn-requestid: 21c0e355-e696-4785-a162-5f96e02836f0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c3fV1HHKIAMFsjw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6392df58-608335604793d9f46939a81a;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 07:10:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YF20vWN7faRilx8H98vMPeAimGKAPA-32GulYRed4h-vQAzwkYNgbA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Dec 2022 22:14:27 GMT
age: 75089
etag: "2ab1016451432b6cd1d6b9756c6cc6a926ffa7ce"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/theme.css
65.109.18.14200 OK 5.2 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/theme.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 860298771622d100fe1feafb0a1aac50
e5d9b7454c471d5e5dea8b4352ba7595a8a04ce3
93ea9f1b9a0276075ff9752dc31a5a19e4378ca481895a3cd22f461a8ca6040a
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/theme.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=oj8u1t27mm138938i3g81dfn8p
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: text/css
content-length: 197080
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-301d8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed92d0a5-f6ed-4382-aa56-39c7021a6b76.png
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed92d0a5-f6ed-4382-aa56-39c7021a6b76.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1e1fb0ddf6ac86d38423a55841c78c6c
d31310f2441c9f7584f3c1605dd3fb38d5af41a6
8e91e724a42f8b0cf953570937c33465903c979297e439438d86c45b3d242d4a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed92d0a5-f6ed-4382-aa56-39c7021a6b76.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7163
x-amzn-requestid: f3472b61-a3e4-4af9-bb1f-eecd4c7315e6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dFxs3GuWIAMFSWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63989652-2892086d207c30e3583847ae;Sampled=0
x-amzn-remapped-date: Tue, 13 Dec 2022 15:12:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w_9xOQmBEPWm8hje_FeJWC-nFCvbNOuLGR13GiPcZrjbK9Gl8dYiNA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Dec 2022 21:42:32 GMT
age: 77004
etag: "d31310f2441c9f7584f3c1605dd3fb38d5af41a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F886cc6e3-a038-4e4d-8da0-caf399786ff4.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F886cc6e3-a038-4e4d-8da0-caf399786ff4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b76e8c43482cb1f6e9d3f5dd55185382
364236e338c799f7d7a604882451428d12cdc7c7
375600e8bedfec8fa85da9298fc3322b91e97261dee7fd94b1dad8e6f4faed67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F886cc6e3-a038-4e4d-8da0-caf399786ff4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4523
x-amzn-requestid: 5404595d-f42f-49a0-9438-093b2fb1b852
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dBXWTGEcIAMFdnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6396d28e-17f927945ee836a91a3148e0;Sampled=0
x-amzn-remapped-date: Mon, 12 Dec 2022 07:04:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JBIoHXeeJIsyl_wj57ZEP_f1mg3eq0WJjgKveuc_DslNZzSiVf62Og==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 07:14:54 GMT
age: 42662
etag: "364236e338c799f7d7a604882451428d12cdc7c7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hal9000.redintelligence.net/zone/7lb6qbnvrhza?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCM00EE3CbY7v4JM6wYMfYvrgBybminGm8tM3O1Q_wLhABIIr_pXxgw4SAgJgYyAEJqQKrhGdef_SxPqgDAaoE_gFP0E9UpiEf4PgiaRbrIvevXhie_w3I4KXaKKDLv2rK17iu8k9AbotNDQf3cayKw1VesX-OFey8TZVWBSpCvT9vVhuH6v8SWMCVmHnZEfV2h02kgoSUOkbZPKlqCz67UTnhOQFfFk3t3vlmM-Z3dIkUFGNqbCGTRTgtSMKlRsXlmfPmQ2i3u50HHIEVnA8GuPfbeVyO7ehgYInneGFtFxFbwJbBiEj_11ksqe8S3RWBhGQqi4_cJRhxl18T_yWnQWD-E5wxhs5eVgMlsQbYsMHREgaKPw6_9Mv_CY7Xr5hYjlEfbP3MGYdaEiTu9ofZJ0uZNOq9EYJ_EOg76id778AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBIIiOGAEBABGB8yA6qCAToCgECACgGYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSPwDq26N97YVWhjf8GIKWHqLEPQJ0IH3CeSCn1Kiiu2HCoZOd0SJBWuc9tcDkPDEeA7Qi4r91mZ0r9hLQp0WWQRgBIBM%26sig%3DAOD64_1L2eFXE3wQtI9puQZur5qvzV3Agg%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-DbV65Uippg4Xuq7JvWRjATQtTBMXxMm9bkrkSBby4R-GkF94xl-b6hFMqdGjW3WkKa_pbMNykJ5Rd_1DvJmwU_zypHalks09DbY6F6wZhRSsBZtumJM8spr4kciuodWkSDdlz1WO3Tvh-OCokhRvNP3EsZKOng0IbMRHGP5mrZSpHXeIM%26cry%3D1%26dbm_d%3DAKAmf-B2Qe5RADPQGuJvONre1SVu6i0OeqOO448MnSqKKSiV3e98bjXcCdl1BA2swIYbJLzQpwYGZZtsDWmskppc1ePg__9mpoFnVSVouOq4Jfw4a3We51UFuaT5B_8cQ8NnMr9sQR2NfIVzaEIJAQdr6oXnbtdc9LwzLEdEYPFBmlgoHq6MCvW21zlE5otQsfzw99CBbKMXKK4MLnbwTq-TvgRglMHd3Tm_a7yNpcvVoJh74oTU9fSFc3GbMHHxAb3yCdtQnZvx_ErSEYtX9K0ugP_58uvnuGv5xVibYqn-9g5kL6Sj7xl828aACFuW4zEPBXUSOF_pY1SdA6LPfvlEyjkslBJXF64JHBMq2FzEncTe6FfBqwselIS6xiFumj1HHVTsQuxetS8XcyxFpiQPObHyTYrhqMuvpnu74v_GGJlz-JfkpvIKf2FhaNm4Cs-ekb0S_WDDKZ--p74je9kIwqZvvFiUSJS8fLMZOHVT-J0fba_SC6kHgBs3aLP0xDKy2sGNbnpE_oJdbGqKcvYrKHZ-r4RfI26-OUkW_uwAJBSQPVtdMWzn_dxqCfiHdDyVJweAXQAe_CnHvtnZaktsI2zQuK2LCnEMCQoerGjfRsRRzK9NDhk%26adurl%3D
78.46.23.46200 OK 4.2 kB URL HTTP/1.1 hal9000.redintelligence.net/zone/7lb6qbnvrhza?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCM00EE3CbY7v4JM6wYMfYvrgBybminGm8tM3O1Q_wLhABIIr_pXxgw4SAgJgYyAEJqQKrhGdef_SxPqgDAaoE_gFP0E9UpiEf4PgiaRbrIvevXhie_w3I4KXaKKDLv2rK17iu8k9AbotNDQf3cayKw1VesX-OFey8TZVWBSpCvT9vVhuH6v8SWMCVmHnZEfV2h02kgoSUOkbZPKlqCz67UTnhOQFfFk3t3vlmM-Z3dIkUFGNqbCGTRTgtSMKlRsXlmfPmQ2i3u50HHIEVnA8GuPfbeVyO7ehgYInneGFtFxFbwJbBiEj_11ksqe8S3RWBhGQqi4_cJRhxl18T_yWnQWD-E5wxhs5eVgMlsQbYsMHREgaKPw6_9Mv_CY7Xr5hYjlEfbP3MGYdaEiTu9ofZJ0uZNOq9EYJ_EOg76id778AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBIIiOGAEBABGB8yA6qCAToCgECACgGYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSPwDq26N97YVWhjf8GIKWHqLEPQJ0IH3CeSCn1Kiiu2HCoZOd0SJBWuc9tcDkPDEeA7Qi4r91mZ0r9hLQp0WWQRgBIBM%26sig%3DAOD64_1L2eFXE3wQtI9puQZur5qvzV3Agg%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-DbV65Uippg4Xuq7JvWRjATQtTBMXxMm9bkrkSBby4R-GkF94xl-b6hFMqdGjW3WkKa_pbMNykJ5Rd_1DvJmwU_zypHalks09DbY6F6wZhRSsBZtumJM8spr4kciuodWkSDdlz1WO3Tvh-OCokhRvNP3EsZKOng0IbMRHGP5mrZSpHXeIM%26cry%3D1%26dbm_d%3DAKAmf-B2Qe5RADPQGuJvONre1SVu6i0OeqOO448MnSqKKSiV3e98bjXcCdl1BA2swIYbJLzQpwYGZZtsDWmskppc1ePg__9mpoFnVSVouOq4Jfw4a3We51UFuaT5B_8cQ8NnMr9sQR2NfIVzaEIJAQdr6oXnbtdc9LwzLEdEYPFBmlgoHq6MCvW21zlE5otQsfzw99CBbKMXKK4MLnbwTq-TvgRglMHd3Tm_a7yNpcvVoJh74oTU9fSFc3GbMHHxAb3yCdtQnZvx_ErSEYtX9K0ugP_58uvnuGv5xVibYqn-9g5kL6Sj7xl828aACFuW4zEPBXUSOF_pY1SdA6LPfvlEyjkslBJXF64JHBMq2FzEncTe6FfBqwselIS6xiFumj1HHVTsQuxetS8XcyxFpiQPObHyTYrhqMuvpnu74v_GGJlz-JfkpvIKf2FhaNm4Cs-ekb0S_WDDKZ--p74je9kIwqZvvFiUSJS8fLMZOHVT-J0fba_SC6kHgBs3aLP0xDKy2sGNbnpE_oJdbGqKcvYrKHZ-r4RfI26-OUkW_uwAJBSQPVtdMWzn_dxqCfiHdDyVJweAXQAe_CnHvtnZaktsI2zQuK2LCnEMCQoerGjfRsRRzK9NDhk%26adurl%3D
IP 78.46.23.46:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1742), with CRLF line terminators
Hash 9791a261aa500e3d1be9feddb03a402d
1d8dc5324048b0771c657acc9a8d22c7067e528f
a1c38b4a473ee141bb5e6d5471300e16688bfb7807e3ea4a6355c113cf5e3a34
GET /zone/7lb6qbnvrhza?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCM00EE3CbY7v4JM6wYMfYvrgBybminGm8tM3O1Q_wLhABIIr_pXxgw4SAgJgYyAEJqQKrhGdef_SxPqgDAaoE_gFP0E9UpiEf4PgiaRbrIvevXhie_w3I4KXaKKDLv2rK17iu8k9AbotNDQf3cayKw1VesX-OFey8TZVWBSpCvT9vVhuH6v8SWMCVmHnZEfV2h02kgoSUOkbZPKlqCz67UTnhOQFfFk3t3vlmM-Z3dIkUFGNqbCGTRTgtSMKlRsXlmfPmQ2i3u50HHIEVnA8GuPfbeVyO7ehgYInneGFtFxFbwJbBiEj_11ksqe8S3RWBhGQqi4_cJRhxl18T_yWnQWD-E5wxhs5eVgMlsQbYsMHREgaKPw6_9Mv_CY7Xr5hYjlEfbP3MGYdaEiTu9ofZJ0uZNOq9EYJ_EOg76id778AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBIIiOGAEBABGB8yA6qCAToCgECACgGYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSPwDq26N97YVWhjf8GIKWHqLEPQJ0IH3CeSCn1Kiiu2HCoZOd0SJBWuc9tcDkPDEeA7Qi4r91mZ0r9hLQp0WWQRgBIBM%26sig%3DAOD64_1L2eFXE3wQtI9puQZur5qvzV3Agg%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-DbV65Uippg4Xuq7JvWRjATQtTBMXxMm9bkrkSBby4R-GkF94xl-b6hFMqdGjW3WkKa_pbMNykJ5Rd_1DvJmwU_zypHalks09DbY6F6wZhRSsBZtumJM8spr4kciuodWkSDdlz1WO3Tvh-OCokhRvNP3EsZKOng0IbMRHGP5mrZSpHXeIM%26cry%3D1%26dbm_d%3DAKAmf-B2Qe5RADPQGuJvONre1SVu6i0OeqOO448MnSqKKSiV3e98bjXcCdl1BA2swIYbJLzQpwYGZZtsDWmskppc1ePg__9mpoFnVSVouOq4Jfw4a3We51UFuaT5B_8cQ8NnMr9sQR2NfIVzaEIJAQdr6oXnbtdc9LwzLEdEYPFBmlgoHq6MCvW21zlE5otQsfzw99CBbKMXKK4MLnbwTq-TvgRglMHd3Tm_a7yNpcvVoJh74oTU9fSFc3GbMHHxAb3yCdtQnZvx_ErSEYtX9K0ugP_58uvnuGv5xVibYqn-9g5kL6Sj7xl828aACFuW4zEPBXUSOF_pY1SdA6LPfvlEyjkslBJXF64JHBMq2FzEncTe6FfBqwselIS6xiFumj1HHVTsQuxetS8XcyxFpiQPObHyTYrhqMuvpnu74v_GGJlz-JfkpvIKf2FhaNm4Cs-ekb0S_WDDKZ--p74je9kIwqZvvFiUSJS8fLMZOHVT-J0fba_SC6kHgBs3aLP0xDKy2sGNbnpE_oJdbGqKcvYrKHZ-r4RfI26-OUkW_uwAJBSQPVtdMWzn_dxqCfiHdDyVJweAXQAe_CnHvtnZaktsI2zQuK2LCnEMCQoerGjfRsRRzK9NDhk%26adurl%3D HTTP/1.1
Host: hal9000.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 15 Dec 2022 19:05:56 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4150
Connection: close
Content-Type: text/html; charset=UTF-8
hal900020.redintelligence.net/request.php?zone=7lb6qbnvrhza&nw=20&renderingType=javascript&namespace=fcc64ab327&subid=&uid=e6784ed8f6818cdd&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCM00EE3CbY7v4JM6wYMfYvrgBybminGm8tM3O1Q_wLhABIIr_pXxgw4SAgJgYyAEJqQKrhGdef_SxPqgDAaoE_gFP0E9UpiEf4PgiaRbrIvevXhie_w3I4KXaKKDLv2rK17iu8k9AbotNDQf3cayKw1VesX-OFey8TZVWBSpCvT9vVhuH6v8SWMCVmHnZEfV2h02kgoSUOkbZPKlqCz67UTnhOQFfFk3t3vlmM-Z3dIkUFGNqbCGTRTgtSMKlRsXlmfPmQ2i3u50HHIEVnA8GuPfbeVyO7ehgYInneGFtFxFbwJbBiEj_11ksqe8S3RWBhGQqi4_cJRhxl18T_yWnQWD-E5wxhs5eVgMlsQbYsMHREgaKPw6_9Mv_CY7Xr5hYjlEfbP3MGYdaEiTu9ofZJ0uZNOq9EYJ_EOg76id778AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBIIiOGAEBABGB8yA6qCAToCgECACgGYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSPwDq26N97YVWhjf8GIKWHqLEPQJ0IH3CeSCn1Kiiu2HCoZOd0SJBWuc9tcDkPDEeA7Qi4r91mZ0r9hLQp0WWQRgBIBM%26sig%3DAOD64_1L2eFXE3wQtI9puQZur5qvzV3Agg%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-DbV65Uippg4Xuq7JvWRjATQtTBMXxMm9bkrkSBby4R-GkF94xl-b6hFMqdGjW3WkKa_pbMNykJ5Rd_1DvJmwU_zypHalks09DbY6F6wZhRSsBZtumJM8spr4kciuodWkSDdlz1WO3Tvh-OCokhRvNP3EsZKOng0IbMRHGP5mrZSpHXeIM%26cry%3D1%26dbm_d%3DAKAmf-B2Qe5RADPQGuJvONre1SVu6i0OeqOO448MnSqKKSiV3e98bjXcCdl1BA2swIYbJLzQpwYGZZtsDWmskppc1ePg__9mpoFnVSVouOq4Jfw4a3We51UFuaT5B_8cQ8NnMr9sQR2NfIVzaEIJAQdr6oXnbtdc9LwzLEdEYPFBmlgoHq6MCvW21zlE5otQsfzw99CBbKMXKK4MLnbwTq-TvgRglMHd3Tm_a7yNpcvVoJh74oTU9fSFc3GbMHHxAb3yCdtQnZvx_ErSEYtX9K0ugP_58uvnuGv5xVibYqn-9g5kL6Sj7xl828aACFuW4zEPBXUSOF_pY1SdA6LPfvlEyjkslBJXF64JHBMq2FzEncTe6FfBqwselIS6xiFumj1HHVTsQuxetS8XcyxFpiQPObHyTYrhqMuvpnu74v_GGJlz-JfkpvIKf2FhaNm4Cs-ekb0S_WDDKZ--p74je9kIwqZvvFiUSJS8fLMZOHVT-J0fba_SC6kHgBs3aLP0xDKy2sGNbnpE_oJdbGqKcvYrKHZ-r4RfI26-OUkW_uwAJBSQPVtdMWzn_dxqCfiHdDyVJweAXQAe_CnHvtnZaktsI2zQuK2LCnEMCQoerGjfRsRRzK9NDhk%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20221207%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&ancestorOrigins=null&random=9341595400464&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
178.63.52.121302 Found 0 B URL HTTP/1.1 hal900020.redintelligence.net/request.php?zone=7lb6qbnvrhza&nw=20&renderingType=javascript&namespace=fcc64ab327&subid=&uid=e6784ed8f6818cdd&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCM00EE3CbY7v4JM6wYMfYvrgBybminGm8tM3O1Q_wLhABIIr_pXxgw4SAgJgYyAEJqQKrhGdef_SxPqgDAaoE_gFP0E9UpiEf4PgiaRbrIvevXhie_w3I4KXaKKDLv2rK17iu8k9AbotNDQf3cayKw1VesX-OFey8TZVWBSpCvT9vVhuH6v8SWMCVmHnZEfV2h02kgoSUOkbZPKlqCz67UTnhOQFfFk3t3vlmM-Z3dIkUFGNqbCGTRTgtSMKlRsXlmfPmQ2i3u50HHIEVnA8GuPfbeVyO7ehgYInneGFtFxFbwJbBiEj_11ksqe8S3RWBhGQqi4_cJRhxl18T_yWnQWD-E5wxhs5eVgMlsQbYsMHREgaKPw6_9Mv_CY7Xr5hYjlEfbP3MGYdaEiTu9ofZJ0uZNOq9EYJ_EOg76id778AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBIIiOGAEBABGB8yA6qCAToCgECACgGYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSPwDq26N97YVWhjf8GIKWHqLEPQJ0IH3CeSCn1Kiiu2HCoZOd0SJBWuc9tcDkPDEeA7Qi4r91mZ0r9hLQp0WWQRgBIBM%26sig%3DAOD64_1L2eFXE3wQtI9puQZur5qvzV3Agg%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-DbV65Uippg4Xuq7JvWRjATQtTBMXxMm9bkrkSBby4R-GkF94xl-b6hFMqdGjW3WkKa_pbMNykJ5Rd_1DvJmwU_zypHalks09DbY6F6wZhRSsBZtumJM8spr4kciuodWkSDdlz1WO3Tvh-OCokhRvNP3EsZKOng0IbMRHGP5mrZSpHXeIM%26cry%3D1%26dbm_d%3DAKAmf-B2Qe5RADPQGuJvONre1SVu6i0OeqOO448MnSqKKSiV3e98bjXcCdl1BA2swIYbJLzQpwYGZZtsDWmskppc1ePg__9mpoFnVSVouOq4Jfw4a3We51UFuaT5B_8cQ8NnMr9sQR2NfIVzaEIJAQdr6oXnbtdc9LwzLEdEYPFBmlgoHq6MCvW21zlE5otQsfzw99CBbKMXKK4MLnbwTq-TvgRglMHd3Tm_a7yNpcvVoJh74oTU9fSFc3GbMHHxAb3yCdtQnZvx_ErSEYtX9K0ugP_58uvnuGv5xVibYqn-9g5kL6Sj7xl828aACFuW4zEPBXUSOF_pY1SdA6LPfvlEyjkslBJXF64JHBMq2FzEncTe6FfBqwselIS6xiFumj1HHVTsQuxetS8XcyxFpiQPObHyTYrhqMuvpnu74v_GGJlz-JfkpvIKf2FhaNm4Cs-ekb0S_WDDKZ--p74je9kIwqZvvFiUSJS8fLMZOHVT-J0fba_SC6kHgBs3aLP0xDKy2sGNbnpE_oJdbGqKcvYrKHZ-r4RfI26-OUkW_uwAJBSQPVtdMWzn_dxqCfiHdDyVJweAXQAe_CnHvtnZaktsI2zQuK2LCnEMCQoerGjfRsRRzK9NDhk%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20221207%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&ancestorOrigins=null&random=9341595400464&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
IP 178.63.52.121:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /request.php?zone=7lb6qbnvrhza&nw=20&renderingType=javascript&namespace=fcc64ab327&subid=&uid=e6784ed8f6818cdd&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCM00EE3CbY7v4JM6wYMfYvrgBybminGm8tM3O1Q_wLhABIIr_pXxgw4SAgJgYyAEJqQKrhGdef_SxPqgDAaoE_gFP0E9UpiEf4PgiaRbrIvevXhie_w3I4KXaKKDLv2rK17iu8k9AbotNDQf3cayKw1VesX-OFey8TZVWBSpCvT9vVhuH6v8SWMCVmHnZEfV2h02kgoSUOkbZPKlqCz67UTnhOQFfFk3t3vlmM-Z3dIkUFGNqbCGTRTgtSMKlRsXlmfPmQ2i3u50HHIEVnA8GuPfbeVyO7ehgYInneGFtFxFbwJbBiEj_11ksqe8S3RWBhGQqi4_cJRhxl18T_yWnQWD-E5wxhs5eVgMlsQbYsMHREgaKPw6_9Mv_CY7Xr5hYjlEfbP3MGYdaEiTu9ofZJ0uZNOq9EYJ_EOg76id778AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBIIiOGAEBABGB8yA6qCAToCgECACgGYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSPwDq26N97YVWhjf8GIKWHqLEPQJ0IH3CeSCn1Kiiu2HCoZOd0SJBWuc9tcDkPDEeA7Qi4r91mZ0r9hLQp0WWQRgBIBM%26sig%3DAOD64_1L2eFXE3wQtI9puQZur5qvzV3Agg%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-DbV65Uippg4Xuq7JvWRjATQtTBMXxMm9bkrkSBby4R-GkF94xl-b6hFMqdGjW3WkKa_pbMNykJ5Rd_1DvJmwU_zypHalks09DbY6F6wZhRSsBZtumJM8spr4kciuodWkSDdlz1WO3Tvh-OCokhRvNP3EsZKOng0IbMRHGP5mrZSpHXeIM%26cry%3D1%26dbm_d%3DAKAmf-B2Qe5RADPQGuJvONre1SVu6i0OeqOO448MnSqKKSiV3e98bjXcCdl1BA2swIYbJLzQpwYGZZtsDWmskppc1ePg__9mpoFnVSVouOq4Jfw4a3We51UFuaT5B_8cQ8NnMr9sQR2NfIVzaEIJAQdr6oXnbtdc9LwzLEdEYPFBmlgoHq6MCvW21zlE5otQsfzw99CBbKMXKK4MLnbwTq-TvgRglMHd3Tm_a7yNpcvVoJh74oTU9fSFc3GbMHHxAb3yCdtQnZvx_ErSEYtX9K0ugP_58uvnuGv5xVibYqn-9g5kL6Sj7xl828aACFuW4zEPBXUSOF_pY1SdA6LPfvlEyjkslBJXF64JHBMq2FzEncTe6FfBqwselIS6xiFumj1HHVTsQuxetS8XcyxFpiQPObHyTYrhqMuvpnu74v_GGJlz-JfkpvIKf2FhaNm4Cs-ekb0S_WDDKZ--p74je9kIwqZvvFiUSJS8fLMZOHVT-J0fba_SC6kHgBs3aLP0xDKy2sGNbnpE_oJdbGqKcvYrKHZ-r4RfI26-OUkW_uwAJBSQPVtdMWzn_dxqCfiHdDyVJweAXQAe_CnHvtnZaktsI2zQuK2LCnEMCQoerGjfRsRRzK9NDhk%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20221207%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&ancestorOrigins=null&random=9341595400464&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 HTTP/1.1
Host: hal900020.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Thu, 15 Dec 2022 19:05:56 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Thu, 15 Dec 2022 19:05:56 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 8lcfmzhxc8d6_uid=e727a5583e648636; expires=Wed, 15-Mar-2023 19:05:56 GMT; Max-Age=7776000; path=/; domain=.redintelligence.net; secure; SameSite=None
Location: request.php?zone=7lb6qbnvrhza&nw=20&renderingType=javascript&namespace=fcc64ab327&subid=&uid=e6784ed8f6818cdd&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCM00EE3CbY7v4JM6wYMfYvrgBybminGm8tM3O1Q_wLhABIIr_pXxgw4SAgJgYyAEJqQKrhGdef_SxPqgDAaoE_gFP0E9UpiEf4PgiaRbrIvevXhie_w3I4KXaKKDLv2rK17iu8k9AbotNDQf3cayKw1VesX-OFey8TZVWBSpCvT9vVhuH6v8SWMCVmHnZEfV2h02kgoSUOkbZPKlqCz67UTnhOQFfFk3t3vlmM-Z3dIkUFGNqbCGTRTgtSMKlRsXlmfPmQ2i3u50HHIEVnA8GuPfbeVyO7ehgYInneGFtFxFbwJbBiEj_11ksqe8S3RWBhGQqi4_cJRhxl18T_yWnQWD-E5wxhs5eVgMlsQbYsMHREgaKPw6_9Mv_CY7Xr5hYjlEfbP3MGYdaEiTu9ofZJ0uZNOq9EYJ_EOg76id778AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBIIiOGAEBABGB8yA6qCAToCgECACgGYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSPwDq26N97YVWhjf8GIKWHqLEPQJ0IH3CeSCn1Kiiu2HCoZOd0SJBWuc9tcDkPDEeA7Qi4r91mZ0r9hLQp0WWQRgBIBM%26sig%3DAOD64_1L2eFXE3wQtI9puQZur5qvzV3Agg%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-DbV65Uippg4Xuq7JvWRjATQtTBMXxMm9bkrkSBby4R-GkF94xl-b6hFMqdGjW3WkKa_pbMNykJ5Rd_1DvJmwU_zypHalks09DbY6F6wZhRSsBZtumJM8spr4kciuodWkSDdlz1WO3Tvh-OCokhRvNP3EsZKOng0IbMRHGP5mrZSpHXeIM%26cry%3D1%26dbm_d%3DAKAmf-B2Qe5RADPQGuJvONre1SVu6i0OeqOO448MnSqKKSiV3e98bjXcCdl1BA2swIYbJLzQpwYGZZtsDWmskppc1ePg__9mpoFnVSVouOq4Jfw4a3We51UFuaT5B_8cQ8NnMr9sQR2NfIVzaEIJAQdr6oXnbtdc9LwzLEdEYPFBmlgoHq6MCvW21zlE5otQsfzw99CBbKMXKK4MLnbwTq-TvgRglMHd3Tm_a7yNpcvVoJh74oTU9fSFc3GbMHHxAb3yCdtQnZvx_ErSEYtX9K0ugP_58uvnuGv5xVibYqn-9g5kL6Sj7xl828aACFuW4zEPBXUSOF_pY1SdA6LPfvlEyjkslBJXF64JHBMq2FzEncTe6FfBqwselIS6xiFumj1HHVTsQuxetS8XcyxFpiQPObHyTYrhqMuvpnu74v_GGJlz-JfkpvIKf2FhaNm4Cs-ekb0S_WDDKZ--p74je9kIwqZvvFiUSJS8fLMZOHVT-J0fba_SC6kHgBs3aLP0xDKy2sGNbnpE_oJdbGqKcvYrKHZ-r4RfI26-OUkW_uwAJBSQPVtdMWzn_dxqCfiHdDyVJweAXQAe_CnHvtnZaktsI2zQuK2LCnEMCQoerGjfRsRRzK9NDhk%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20221207%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&ancestorOrigins=null&random=9341595400464&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
hal900020.redintelligence.net/request.php?zone=7lb6qbnvrhza&nw=20&renderingType=javascript&namespace=fcc64ab327&subid=&uid=e6784ed8f6818cdd&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCM00EE3CbY7v4JM6wYMfYvrgBybminGm8tM3O1Q_wLhABIIr_pXxgw4SAgJgYyAEJqQKrhGdef_SxPqgDAaoE_gFP0E9UpiEf4PgiaRbrIvevXhie_w3I4KXaKKDLv2rK17iu8k9AbotNDQf3cayKw1VesX-OFey8TZVWBSpCvT9vVhuH6v8SWMCVmHnZEfV2h02kgoSUOkbZPKlqCz67UTnhOQFfFk3t3vlmM-Z3dIkUFGNqbCGTRTgtSMKlRsXlmfPmQ2i3u50HHIEVnA8GuPfbeVyO7ehgYInneGFtFxFbwJbBiEj_11ksqe8S3RWBhGQqi4_cJRhxl18T_yWnQWD-E5wxhs5eVgMlsQbYsMHREgaKPw6_9Mv_CY7Xr5hYjlEfbP3MGYdaEiTu9ofZJ0uZNOq9EYJ_EOg76id778AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBIIiOGAEBABGB8yA6qCAToCgECACgGYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSPwDq26N97YVWhjf8GIKWHqLEPQJ0IH3CeSCn1Kiiu2HCoZOd0SJBWuc9tcDkPDEeA7Qi4r91mZ0r9hLQp0WWQRgBIBM%26sig%3DAOD64_1L2eFXE3wQtI9puQZur5qvzV3Agg%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-DbV65Uippg4Xuq7JvWRjATQtTBMXxMm9bkrkSBby4R-GkF94xl-b6hFMqdGjW3WkKa_pbMNykJ5Rd_1DvJmwU_zypHalks09DbY6F6wZhRSsBZtumJM8spr4kciuodWkSDdlz1WO3Tvh-OCokhRvNP3EsZKOng0IbMRHGP5mrZSpHXeIM%26cry%3D1%26dbm_d%3DAKAmf-B2Qe5RADPQGuJvONre1SVu6i0OeqOO448MnSqKKSiV3e98bjXcCdl1BA2swIYbJLzQpwYGZZtsDWmskppc1ePg__9mpoFnVSVouOq4Jfw4a3We51UFuaT5B_8cQ8NnMr9sQR2NfIVzaEIJAQdr6oXnbtdc9LwzLEdEYPFBmlgoHq6MCvW21zlE5otQsfzw99CBbKMXKK4MLnbwTq-TvgRglMHd3Tm_a7yNpcvVoJh74oTU9fSFc3GbMHHxAb3yCdtQnZvx_ErSEYtX9K0ugP_58uvnuGv5xVibYqn-9g5kL6Sj7xl828aACFuW4zEPBXUSOF_pY1SdA6LPfvlEyjkslBJXF64JHBMq2FzEncTe6FfBqwselIS6xiFumj1HHVTsQuxetS8XcyxFpiQPObHyTYrhqMuvpnu74v_GGJlz-JfkpvIKf2FhaNm4Cs-ekb0S_WDDKZ--p74je9kIwqZvvFiUSJS8fLMZOHVT-J0fba_SC6kHgBs3aLP0xDKy2sGNbnpE_oJdbGqKcvYrKHZ-r4RfI26-OUkW_uwAJBSQPVtdMWzn_dxqCfiHdDyVJweAXQAe_CnHvtnZaktsI2zQuK2LCnEMCQoerGjfRsRRzK9NDhk%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20221207%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&ancestorOrigins=null&random=9341595400464&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
178.63.52.121200 OK 513 B URL HTTP/1.1 hal900020.redintelligence.net/request.php?zone=7lb6qbnvrhza&nw=20&renderingType=javascript&namespace=fcc64ab327&subid=&uid=e6784ed8f6818cdd&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCM00EE3CbY7v4JM6wYMfYvrgBybminGm8tM3O1Q_wLhABIIr_pXxgw4SAgJgYyAEJqQKrhGdef_SxPqgDAaoE_gFP0E9UpiEf4PgiaRbrIvevXhie_w3I4KXaKKDLv2rK17iu8k9AbotNDQf3cayKw1VesX-OFey8TZVWBSpCvT9vVhuH6v8SWMCVmHnZEfV2h02kgoSUOkbZPKlqCz67UTnhOQFfFk3t3vlmM-Z3dIkUFGNqbCGTRTgtSMKlRsXlmfPmQ2i3u50HHIEVnA8GuPfbeVyO7ehgYInneGFtFxFbwJbBiEj_11ksqe8S3RWBhGQqi4_cJRhxl18T_yWnQWD-E5wxhs5eVgMlsQbYsMHREgaKPw6_9Mv_CY7Xr5hYjlEfbP3MGYdaEiTu9ofZJ0uZNOq9EYJ_EOg76id778AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBIIiOGAEBABGB8yA6qCAToCgECACgGYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSPwDq26N97YVWhjf8GIKWHqLEPQJ0IH3CeSCn1Kiiu2HCoZOd0SJBWuc9tcDkPDEeA7Qi4r91mZ0r9hLQp0WWQRgBIBM%26sig%3DAOD64_1L2eFXE3wQtI9puQZur5qvzV3Agg%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-DbV65Uippg4Xuq7JvWRjATQtTBMXxMm9bkrkSBby4R-GkF94xl-b6hFMqdGjW3WkKa_pbMNykJ5Rd_1DvJmwU_zypHalks09DbY6F6wZhRSsBZtumJM8spr4kciuodWkSDdlz1WO3Tvh-OCokhRvNP3EsZKOng0IbMRHGP5mrZSpHXeIM%26cry%3D1%26dbm_d%3DAKAmf-B2Qe5RADPQGuJvONre1SVu6i0OeqOO448MnSqKKSiV3e98bjXcCdl1BA2swIYbJLzQpwYGZZtsDWmskppc1ePg__9mpoFnVSVouOq4Jfw4a3We51UFuaT5B_8cQ8NnMr9sQR2NfIVzaEIJAQdr6oXnbtdc9LwzLEdEYPFBmlgoHq6MCvW21zlE5otQsfzw99CBbKMXKK4MLnbwTq-TvgRglMHd3Tm_a7yNpcvVoJh74oTU9fSFc3GbMHHxAb3yCdtQnZvx_ErSEYtX9K0ugP_58uvnuGv5xVibYqn-9g5kL6Sj7xl828aACFuW4zEPBXUSOF_pY1SdA6LPfvlEyjkslBJXF64JHBMq2FzEncTe6FfBqwselIS6xiFumj1HHVTsQuxetS8XcyxFpiQPObHyTYrhqMuvpnu74v_GGJlz-JfkpvIKf2FhaNm4Cs-ekb0S_WDDKZ--p74je9kIwqZvvFiUSJS8fLMZOHVT-J0fba_SC6kHgBs3aLP0xDKy2sGNbnpE_oJdbGqKcvYrKHZ-r4RfI26-OUkW_uwAJBSQPVtdMWzn_dxqCfiHdDyVJweAXQAe_CnHvtnZaktsI2zQuK2LCnEMCQoerGjfRsRRzK9NDhk%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20221207%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&ancestorOrigins=null&random=9341595400464&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
IP 178.63.52.121:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash dab81da6649c5668b8c50cbf3474b6a0
460467eaa3fde204ae101e0caaaa3c5d11406729
7e9499f3968963f954596781aab67cbbb1b3de4d25ffc1f78eb4e6c21de96aa9
GET /request.php?zone=7lb6qbnvrhza&nw=20&renderingType=javascript&namespace=fcc64ab327&subid=&uid=e6784ed8f6818cdd&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCM00EE3CbY7v4JM6wYMfYvrgBybminGm8tM3O1Q_wLhABIIr_pXxgw4SAgJgYyAEJqQKrhGdef_SxPqgDAaoE_gFP0E9UpiEf4PgiaRbrIvevXhie_w3I4KXaKKDLv2rK17iu8k9AbotNDQf3cayKw1VesX-OFey8TZVWBSpCvT9vVhuH6v8SWMCVmHnZEfV2h02kgoSUOkbZPKlqCz67UTnhOQFfFk3t3vlmM-Z3dIkUFGNqbCGTRTgtSMKlRsXlmfPmQ2i3u50HHIEVnA8GuPfbeVyO7ehgYInneGFtFxFbwJbBiEj_11ksqe8S3RWBhGQqi4_cJRhxl18T_yWnQWD-E5wxhs5eVgMlsQbYsMHREgaKPw6_9Mv_CY7Xr5hYjlEfbP3MGYdaEiTu9ofZJ0uZNOq9EYJ_EOg76id778AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBIIiOGAEBABGB8yA6qCAToCgECACgGYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSPwDq26N97YVWhjf8GIKWHqLEPQJ0IH3CeSCn1Kiiu2HCoZOd0SJBWuc9tcDkPDEeA7Qi4r91mZ0r9hLQp0WWQRgBIBM%26sig%3DAOD64_1L2eFXE3wQtI9puQZur5qvzV3Agg%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-DbV65Uippg4Xuq7JvWRjATQtTBMXxMm9bkrkSBby4R-GkF94xl-b6hFMqdGjW3WkKa_pbMNykJ5Rd_1DvJmwU_zypHalks09DbY6F6wZhRSsBZtumJM8spr4kciuodWkSDdlz1WO3Tvh-OCokhRvNP3EsZKOng0IbMRHGP5mrZSpHXeIM%26cry%3D1%26dbm_d%3DAKAmf-B2Qe5RADPQGuJvONre1SVu6i0OeqOO448MnSqKKSiV3e98bjXcCdl1BA2swIYbJLzQpwYGZZtsDWmskppc1ePg__9mpoFnVSVouOq4Jfw4a3We51UFuaT5B_8cQ8NnMr9sQR2NfIVzaEIJAQdr6oXnbtdc9LwzLEdEYPFBmlgoHq6MCvW21zlE5otQsfzw99CBbKMXKK4MLnbwTq-TvgRglMHd3Tm_a7yNpcvVoJh74oTU9fSFc3GbMHHxAb3yCdtQnZvx_ErSEYtX9K0ugP_58uvnuGv5xVibYqn-9g5kL6Sj7xl828aACFuW4zEPBXUSOF_pY1SdA6LPfvlEyjkslBJXF64JHBMq2FzEncTe6FfBqwselIS6xiFumj1HHVTsQuxetS8XcyxFpiQPObHyTYrhqMuvpnu74v_GGJlz-JfkpvIKf2FhaNm4Cs-ekb0S_WDDKZ--p74je9kIwqZvvFiUSJS8fLMZOHVT-J0fba_SC6kHgBs3aLP0xDKy2sGNbnpE_oJdbGqKcvYrKHZ-r4RfI26-OUkW_uwAJBSQPVtdMWzn_dxqCfiHdDyVJweAXQAe_CnHvtnZaktsI2zQuK2LCnEMCQoerGjfRsRRzK9NDhk%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20221207%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&ancestorOrigins=null&random=9341595400464&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1 HTTP/1.1
Host: hal900020.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://googleads.g.doubleclick.net/
Connection: keep-alive
Cookie: 8lcfmzhxc8d6_uid=e727a5583e648636
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 15 Dec 2022 19:05:57 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Thu, 15 Dec 2022 19:05:57 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 8lcfmzhxc8d6_uid=e727a5583e648636; expires=Wed, 15-Mar-2023 19:05:57 GMT; Max-Age=7776000; path=/; domain=.redintelligence.net; secure; SameSite=None
X-NEORY-SubId: 91182200116639204438316012174020
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 513
Connection: close
Content-Type: application/x-javascript; charset=utf-8
hal900020.redintelligence.net/request_content.php?s=91182200116639204438316012174020&a=4501c80a
178.63.52.121200 OK 2.3 kB URL HTTP/1.1 hal900020.redintelligence.net/request_content.php?s=91182200116639204438316012174020&a=4501c80a
IP 178.63.52.121:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 7f5d85d0810bc65126b0356605ddf8f3
9119c5018415057ab6b2d88c8ddd16fbf8df1b62
0452d22bbe7dfc8d857498919bfced409ef09056ecb0bd40de52ac4701a00d7e
GET /request_content.php?s=91182200116639204438316012174020&a=4501c80a HTTP/1.1
Host: hal900020.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Cookie: 8lcfmzhxc8d6_uid=e727a5583e648636
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 15 Dec 2022 19:05:57 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Thu, 15 Dec 2022 19:05:57 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2289
Connection: close
Content-Type: text/html; charset=utf-8
ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js
216.58.211.10200 OK 32 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js
IP 216.58.211.10:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32764)
Hash 548260b20981c0be2d9dcf8d01c08c24
84230120f8f1bd559eca3fb2fec6acf6cffbf4e7
2f8a612a714e5c928525fdb193f8ec12f7965a6c0d63dd8e58ccae239358c8bb
GET /ajax/libs/jquery/1.6.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal900020.redintelligence.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 32245
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 11 Dec 2022 10:57:34 GMT
expires: Mon, 11 Dec 2023 10:57:34 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 374903
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
hal900020.redintelligence.net/viewability?s=91182200116639204438316012174020&a=713b010a&vb=m
178.63.52.121200 OK 0 B URL HTTP/1.1 hal900020.redintelligence.net/viewability?s=91182200116639204438316012174020&a=713b010a&vb=m
IP 178.63.52.121:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /viewability?s=91182200116639204438316012174020&a=713b010a&vb=m HTTP/1.1
Host: hal900020.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal900020.redintelligence.net/request_content.php?s=91182200116639204438316012174020&a=4501c80a
Cookie: 8lcfmzhxc8d6_uid=e727a5583e648636
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 15 Dec 2022 19:05:57 GMT
Server: Apache
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
cdn.contentspread.net/24i/content/soberfb/EN/S-728x90.gif
88.99.69.161200 OK 24 kB URL HTTP/1.1 cdn.contentspread.net/24i/content/soberfb/EN/S-728x90.gif
IP 88.99.69.161:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 728 x 90\012- data
Hash 16d604b22cf44e876b2c8f5a80b9fe18
42bc165a33da7671c208a66a0e9f3635cfe0d0bc
bb7af425c43258678e12b76bf22f6eaab51fd7dfd6e285131a86a3002d547ee9
GET /24i/content/soberfb/EN/S-728x90.gif HTTP/1.1
Host: cdn.contentspread.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal900020.redintelligence.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Dec 2022 19:05:57 GMT
Content-Type: image/gif
Content-Length: 24505
Last-Modified: Mon, 23 Jul 2018 15:19:29 GMT
Connection: close
ETag: "5b55f201-5fb9"
Accept-Ranges: bytes
fonts.googleapis.com/css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i
IP 142.250.74.106:0
GET /css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 15 Dec 2022 19:05:54 GMT
date: Thu, 15 Dec 2022 19:05:54 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2