upgradepro.net/ms/gangbang/football-team-gangbang.php
188.114.96.1301 Moved Permanently 0 B URL HTTP/1.1 upgradepro.net/ms/gangbang/football-team-gangbang.php
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /ms/gangbang/football-team-gangbang.php HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 09 Feb 2023 00:40:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: /
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k4Kcz7AEe031rGb1WF3xGB6Lzef%2BZP5r7%2FqffTLXI4tS%2BiFI5YEdIbD8YghdjxvMTg0hxDIiy%2BHyxuh7M5CACBXxitVkUzYqw2kgmkDBlK7dU%2BW6Fec80UjrhQ5Qt%2FEnFA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79688d950bb30b55-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dca68db7aea32f6683ce8d542c078f04
19c495238df74fca680e21f18627ff94de5dd2e5
35cab3987fc0e4a41b305cb208c1e33fa38ce8bdfd9f386c3dc0411dd4d5ac61
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CAB3987FC0E4A41B305CB208C1E33FA38CE8BDFD9F386C3DC0411DD4D5AC61"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6379
Expires: Thu, 09 Feb 2023 02:26:39 GMT
Date: Thu, 09 Feb 2023 00:40:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2598
Expires: Thu, 09 Feb 2023 01:23:38 GMT
Date: Thu, 09 Feb 2023 00:40:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4548
Expires: Thu, 09 Feb 2023 01:56:08 GMT
Date: Thu, 09 Feb 2023 00:40:20 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Feb 2023 00:36:45 GMT
content-type: application/json
age: 215
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: nEOBV688HThyV0qB6j+xZaKiy0O4CJrKBvKEPKWgbl556LNPyidt2zCYODexAymmCfCPiheipkI=
x-amz-request-id: FC7YHGDAZ54YZSAR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 23:46:09 GMT
age: 3251
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 00:40:20 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 00:14:52 GMT
age: 1528
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 248ce16379b12f11927ecc3142aec450
fa5b189f2d9182479170cb61cc1723571e437bd2
a8d259b331bdefb00625b9bf057d44d0b3290fda0734c57eda187b04e23d59d4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8D259B331BDEFB00625B9BF057D44D0B3290FDA0734C57EDA187B04E23D59D4"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7823
Expires: Thu, 09 Feb 2023 02:50:43 GMT
Date: Thu, 09 Feb 2023 00:40:20 GMT
Connection: keep-alive
upgradepro.net/
188.114.96.1200 OK 16 kB IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (9381), with CRLF, LF line terminators
Hash 39e5d4df1d3bc6a7ef2b5ca26a6a8125
4d30db9611a39d881bbd1354698173dd2f8e7769
8c7b3352ba6b014489d6540fb955ccf5308dbf1f75a4b8f8097bb63d17f389be
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nX%2B48ceEyDMkWtM8lGpXNuWxwU2VVyXHoV8ETwsRHpPdYjWJ37e9ChStpFjtoAZzsJ74n1lc9uIfdRhJ%2BK%2FDI61QMb%2F9xs9jMEsKmBSI8k7H4T0NnKXJsH27VqFVIwnl%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79688d969c960b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
52.42.148.177101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.42.148.177:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UaaLhky2JaQFViiCAbe3sA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ppJGDFRM8WfW/Bzt6Mfy1LMA2jc=
nude1.com/?dm=fda710d872f41c4e9e622661faf0f1f2&action=load&blogid=11&siteid=1&t=1372931191&back=https%3A%2F%2Fupgradepro.net%2F
104.21.14.168301 Moved Permanently 0 B URL HTTP/1.1 nude1.com/?dm=fda710d872f41c4e9e622661faf0f1f2&action=load&blogid=11&siteid=1&t=1372931191&back=https%3A%2F%2Fupgradepro.net%2F
IP 104.21.14.168:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?dm=fda710d872f41c4e9e622661faf0f1f2&action=load&blogid=11&siteid=1&t=1372931191&back=https%3A%2F%2Fupgradepro.net%2F HTTP/1.1
Host: nude1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 301 Moved Permanently
Date: Thu, 09 Feb 2023 00:40:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 09 Feb 2023 01:40:21 GMT
Location: https://nude1.com/?dm=fda710d872f41c4e9e622661faf0f1f2&action=load&blogid=11&siteid=1&t=1372931191&back=https%3A%2F%2Fupgradepro.net%2F
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YuLN9iDT%2FmJFdOvSz7FqyiBtCz4bEAhVhGAlMkSlKPAGeAW%2B3CtwnaEE5HMXfCx%2Bc9yGTGJGS3onCMrbURl%2BvKX%2FWDRQAPM5mwXKx3f6XRsms0I7aScocFV2cAU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9d19e4b4f3-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
188.114.96.1200 OK 12 kB URL HTTP/1.1 upgradepro.net/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 188.114.96.1:0
File type ASCII text, with very long lines (47826)
Hash d8b601deca05d97cd180d31bce0e7495
c08565a628f6d233ea704b9231ab01cc00242391
680449829b27c72ee32c93eeebb94783dbfd2b467d617e62a9b243e86da40891
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 22 Dec 2022 07:44:08 GMT
cache-control: max-age=14400
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rQR04PPjudMK6gj73%2FGBGBMXRiCOGAazMD5ff1pQQNw3Y3zxWJ5gkSGwIZvmyNJImEQuZOKhLYEnQAJuCqio7B03jahaxopaUAgxy522KWQptX1t73ooBGfJGUFEdMgSQw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9cce18b51e-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-includes/css/classic-themes.min.css?ver=1
188.114.96.1200 OK 189 B URL HTTP/1.1 upgradepro.net/wp-includes/css/classic-themes.min.css?ver=1
IP 188.114.96.1:0
Hash 5a18e16eb01cbaa862eb32e6b77bedb2
3abf9b913cc9f558f02cba7c9b822f8d1812cb96
d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 22 Dec 2022 07:44:08 GMT
cache-control: max-age=14400
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BoHfaGqlbph%2F%2F7zyXscnfusxLrwxDAYBQ36PsJA1IO0avXEojBYTn6zl%2FDaCHXcr6uYwss5H%2FboBQ9C2iHKlJ%2B6kveWdCrKDUAJydfNdCqxB2mr4osy4GBaiipf5xPJxMA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9ccb081c0e-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/plugins/menu-icons/css/extra.min.css?ver=0.13.2
188.114.96.1200 OK 350 B URL HTTP/1.1 upgradepro.net/wp-content/plugins/menu-icons/css/extra.min.css?ver=0.13.2
IP 188.114.96.1:0
File type ASCII text, with very long lines (815), with no line terminators
Hash 961a86e522d07c658b07ec647b02578a
8838b9fd762fb93c967005d3bfb85d2e16d2f0c6
796c3108d6b89c19ecdea752446320061cec087a97aa9c0cd7b9f557c1ec3f54
GET /wp-content/plugins/menu-icons/css/extra.min.css?ver=0.13.2 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 22 Dec 2022 07:47:56 GMT
cache-control: max-age=14400
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vBbeWLxTjwpp0zcsyX5TYFhqQrGHk%2Fn2Z77lQ0jvmFPE%2BbEJskAfqZNTRZZ2SObpqvG%2BQIoGXHviEJFqNtCUvzHLIobVJM5NmSqKMJOH84HcrOecJ01%2BxZ9o7m7z2KZi2w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9ccdc7b4e8-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/plugins/contextual-related-posts/css/rounded-thumbs.min.css?ver=3.3.1
188.114.96.1200 OK 464 B URL HTTP/1.1 upgradepro.net/wp-content/plugins/contextual-related-posts/css/rounded-thumbs.min.css?ver=3.3.1
IP 188.114.96.1:0
File type ASCII text, with very long lines (1451), with no line terminators
Hash 1994c36a19eb24334529bee93d84dc47
5190b432854043b91e8025b9f7a38946c080eb43
e2a435877c16e20b1667cf309cd715a52d4bd16ea23b993b7e4997f7d6ce7119
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contextual-related-posts/css/rounded-thumbs.min.css?ver=3.3.1 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Wed, 11 Jan 2023 15:20:01 GMT
cache-control: max-age=14400
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6uLaksYcsRV3w6wAht0%2F4CAovXV9%2FgiB%2FqGCHu7CHsOYXExxo5IjMZfwXDLgIYj%2F1TI6AvUS7AFAyh3B5Da5wKggnRkD%2B7uokBU7%2ByretvuXSVMcx%2BXFLqhyrUKpBDC1SQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9ccea30b4d-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/plugins/nimble-builder/assets/front/css/sek-base-light.min.css?ver=3.3.2
188.114.96.1200 OK 4.6 kB URL HTTP/1.1 upgradepro.net/wp-content/plugins/nimble-builder/assets/front/css/sek-base-light.min.css?ver=3.3.2
IP 188.114.96.1:0
File type ASCII text, with very long lines (20883), with no line terminators
Hash 6040f5b46c0fee900f1d784dc41abf4e
1476bf8bed5c2684c68ae61c138dc29f3a724671
17595f1d01cc1b5e02d7e47f6ce9f432114ac327fe5b50f983d3d748e540cb0b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/nimble-builder/assets/front/css/sek-base-light.min.css?ver=3.3.2 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Fri, 30 Sep 2022 13:45:31 GMT
cache-control: max-age=14400
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yCNrzt8TIj5pqpx3tpaxfCgrXMJV4N9RcuFU5XaP2gNdcfnaSHN1uhfK%2F%2FllbdvAvSSGNMrXDUYuS1P16OB3wkKQw8Y2o%2FpM4eBL7Gx85H7F5VVGI7z4D0ATwJsYUoJ4hg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9cdddab4eb-OSL
alt-svc: h2=":443"; ma=60
tracot.com/v3/a/pop/js/204032
88.208.59.102200 OK 6.0 kB URL HTTP/1.1 tracot.com/v3/a/pop/js/204032
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (15741), with no line terminators
Hash 388ff9de9626217aa266529a875ac4f2
489c5792d5a24e22c287b20e10ee148fb14d8a4a
28e9bca07472275a721dd0a9e2e48c34feb823b2575d79b41fca81117ee8f540
GET /v3/a/pop/js/204032 HTTP/1.1
Host: tracot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 6049
Connection: keep-alive
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Referrer-Policy: unsafe-url
Accept-Ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
Accept-Ch-Lifetime: 31536000
upgradepro.net/wp-includes/css/dashicons.min.css?ver=6.1.1
188.114.96.1200 OK 36 kB URL HTTP/1.1 upgradepro.net/wp-includes/css/dashicons.min.css?ver=6.1.1
IP 188.114.96.1:0
File type ASCII text, with very long lines (58981)
Hash 0b8739a9f1e0e5f8104efc546b4dd78f
6454997be3bdfdbfd23855e68e6ad3e00af7419a
b6bd8bf4946d181b6972cbc8ba6bb8f29b4e4b967990a29c38bfd0108ed8af3b
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dashicons.min.css?ver=6.1.1 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Wed, 03 Mar 2021 21:16:22 GMT
cache-control: max-age=14400
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6d6wu8R2hQt9Q07QByr1MaIhJyg%2FYcLRSCe5pFTvZ0zEeUVA8EfcTQG53SQ9xa1nj%2BU%2BJbUf%2FKKWSzz38uF8z9lCb%2B2uxyWmrGFKVu5anAX5J7wZh%2B0olRRKy0ssK5v7Hg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9ccf920b55-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 49b3eced32046d5a91dcec3431495fba
fcd9da6eb92d5b8e2925cc398608a175ecaac39c
dec3464fe99c362ec6ed443634c2d5c198922c37bed92380d566bb51d61c2ea9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DEC3464FE99C362EC6ED443634C2D5C198922C37BED92380D566BB51D61C2EA9"
Last-Modified: Tue, 07 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3878
Expires: Thu, 09 Feb 2023 01:44:59 GMT
Date: Thu, 09 Feb 2023 00:40:21 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cca618c098b85a282f19dcbb79bbf9ec
fd26514a12282dcf99f18432d4f6ab05451bd32f
555ba6d2267d7746908c812daf12acb317b0aa304fdab35305d26c5ad0878cea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "555BA6D2267D7746908C812DAF12ACB317B0AA304FDAB35305D26C5AD0878CEA"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9118
Expires: Thu, 09 Feb 2023 03:12:19 GMT
Date: Thu, 09 Feb 2023 00:40:21 GMT
Connection: keep-alive
upgradepro.net/wp-content/themes/hueman/assets/front/webfonts/fa-regular-400.woff2?v=5.15.2
188.114.96.1200 OK 14 kB URL HTTP/1.1 upgradepro.net/wp-content/themes/hueman/assets/front/webfonts/fa-regular-400.woff2?v=5.15.2
IP 188.114.96.1:0
File type Web Open Font Format (Version 2), TrueType, length 13588, version 331.-31327\012- data
Hash 847712aaabbeba674afdda86d31cab17
c07631a91ee71c0a1a84a3151db42b1f2d9a9692
b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/hueman/assets/front/webfonts/fa-regular-400.woff2?v=5.15.2 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: font/woff2
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Sat, 03 Sep 2022 11:22:49 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uASc23Uone2QSTt%2Bgmh%2FCQ9N8kPpRUsJMp2bzSxDjqGUOJXr3JIRebNTm%2FaC50MosMPRaeYNQxVE0dz0RlpUKxg%2BTophMu%2BdQdUO%2FQisuRLKlepR7%2FTAN9icxsvTFQCqlg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9d8b671c0e-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/themes/hueman/assets/front/fonts/titillium-light-webfont.woff
188.114.96.1200 OK 25 kB URL HTTP/1.1 upgradepro.net/wp-content/themes/hueman/assets/front/fonts/titillium-light-webfont.woff
IP 188.114.96.1:0
File type Web Open Font Format, TrueType, length 24712, version 1.0\012- data
Hash f89aa1864b134381217bbaf4f5b3619f
251ba9422637198bea8c0899f67ef300a9f3624a
5758d1ad3c6f35962da2c4d2e162cf59ef64dc0954c54171eaa73babbb2af9e2
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/hueman/assets/front/fonts/titillium-light-webfont.woff HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: font/woff
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Sat, 03 Sep 2022 11:22:49 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P8VFinL88y4vsjvsnVoDPntyGOCybTlW0SZ4Fn7u7kw%2FWq3532OaadunXXCtzgA4iQYwwFAx0csfC%2BbVR0EnCsPpDqlDfBQ8HlYOF%2BnhEWSs2%2FqV4o8MX1Ru4cWfY%2FV4ag%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9d9ede0b4d-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/themes/hueman/assets/front/fonts/titillium-lightitalic-webfont.woff
188.114.96.1200 OK 27 kB URL HTTP/1.1 upgradepro.net/wp-content/themes/hueman/assets/front/fonts/titillium-lightitalic-webfont.woff
IP 188.114.96.1:0
File type Web Open Font Format, TrueType, length 26760, version 1.0\012- data
Hash c244466ebc006e6175a9b35057ce9a81
e199a274636da0d1b4c879d994de84b0440ea828
97363b6ced0c1ca6d76ebcc6782512959cc8c5d6c8f40cb4976b4179bb685e53
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/hueman/assets/front/fonts/titillium-lightitalic-webfont.woff HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: font/woff
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Sat, 03 Sep 2022 11:22:49 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G4UU9dH%2BN%2Fr7VKjgrfBZv%2F1wFzUsb69mYfWeMeC77qeqNwBOvRkF%2BzN1xezDaDA4dJ9OQe5LmvlqopjlpEtImct8vWTslagX%2FqMzviZslk39QhYpKLuVleSmmoubyPJqGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9d9e45b4eb-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/themes/hueman/assets/front/webfonts/fa-solid-900.woff2?v=5.15.2
188.114.96.1200 OK 80 kB URL HTTP/1.1 upgradepro.net/wp-content/themes/hueman/assets/front/webfonts/fa-solid-900.woff2?v=5.15.2
IP 188.114.96.1:0
File type Web Open Font Format (Version 2), TrueType, length 80252, version 331.-31327\012- data
Hash 9ae050d1876ac1763eb6afe4264e6d5a
72344eab2e7431eec313caa21f266cbfda7caf60
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
GET /wp-content/themes/hueman/assets/front/webfonts/fa-solid-900.woff2?v=5.15.2 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: font/woff2
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Sat, 03 Sep 2022 11:22:49 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZI%2B%2FWg4Lw4sLtpkrgkN7AoLGSZWqV0%2FKyBimU2lmBFjRn3pZOtV6ANZzcAXgLPaMhXWnK4q1iuPeukTCu9FjG9XbES%2Brrz85CrQzF2XaLY9N3d5g00Q6chuixs%2BrK6P4gw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9d8e23b4e8-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/themes/hueman/assets/front/fonts/titillium-regular-webfont.woff
188.114.96.1200 OK 25 kB URL HTTP/1.1 upgradepro.net/wp-content/themes/hueman/assets/front/fonts/titillium-regular-webfont.woff
IP 188.114.96.1:0
File type Web Open Font Format, TrueType, length 24696, version 1.0\012- data
Hash 7e6b7ae325a8d232917ae617d7a2fd70
3ce4b566fadab31917199adbb379c80a5df2414f
8daaa4ed16297478af007774febefe6ca3674fda47ed73e913b1b583d34883fb
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/hueman/assets/front/fonts/titillium-regular-webfont.woff HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: font/woff
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Sat, 03 Sep 2022 11:22:49 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uDoCE2lNY7Zf66yIxNPGwjKlshbr6IfrOT2eMvLr%2Bcr1P%2FPsRUN%2Fqs%2BarsE8wjIioE0gEU6qCsWBarTFH3hWNYct0%2BnUyWsS%2FcGBprjWKqGotdGW1c%2Bb%2FNlHbCEdRHf8SA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9dcfe80b55-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/themes/hueman/assets/front/webfonts/fa-brands-400.woff2?v=5.15.2
188.114.96.1200 OK 78 kB URL HTTP/1.1 upgradepro.net/wp-content/themes/hueman/assets/front/webfonts/fa-brands-400.woff2?v=5.15.2
IP 188.114.96.1:0
File type Web Open Font Format (Version 2), TrueType, length 78472, version 331.-31327\012- data
Hash 4a6ccf38990b86d73a7f2e51f811ded8
7e1db9252f3b0fdbb1ad1c73fdf82abd0a23a79e
66f0474349590fd2d7a03a056ec3f8f9daceb667e8498ac73248eae656c49d38
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/hueman/assets/front/webfonts/fa-brands-400.woff2?v=5.15.2 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: text/plain;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Sat, 03 Sep 2022 11:22:49 GMT
cache-control: max-age=14400
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0fxLupHoe1oPO1dxZcpFjLcq5yexOjb1uC5tHG4jMXWLyYNXl%2Fx7iSNNBP75RGY48A%2F0fl3FtZsmf26OWa8p3%2Fa8%2Fzle6PeVBDuzWjwRZlBX%2BMq4QmRlCSjmTOUUxslJ4w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9d6e52b51e-OSL
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cca618c098b85a282f19dcbb79bbf9ec
fd26514a12282dcf99f18432d4f6ab05451bd32f
555ba6d2267d7746908c812daf12acb317b0aa304fdab35305d26c5ad0878cea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "555BA6D2267D7746908C812DAF12ACB317B0AA304FDAB35305D26C5AD0878CEA"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9118
Expires: Thu, 09 Feb 2023 03:12:19 GMT
Date: Thu, 09 Feb 2023 00:40:21 GMT
Connection: keep-alive
upgradepro.net/wp-content/plugins/repl/style.css?ver=6.1.1
188.114.96.1200 OK 2.1 kB URL HTTP/1.1 upgradepro.net/wp-content/plugins/repl/style.css?ver=6.1.1
IP 188.114.96.1:0
File type Unicode text, UTF-8 text, with very long lines (6368)
Hash 1c513978ead6f8ebcc2f2de96248df4e
b53fc2520c39daa8437c535144449e366fbe50ae
bad2e7f12149485d290dc7ba8bd6825d858b638d4a014302b6ce2cbcdd369c91
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/repl/style.css?ver=6.1.1 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Mon, 28 Nov 2022 20:21:35 GMT
cache-control: max-age=14400
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uS%2BG%2FjoT3LstRr4JCXOdRlxDQbrEdhZD%2FDeN0O6Izna6yExepbMUlBw5jvMTDSBv0f4VRO3JLY9XF8AgkYjwdeXnGdQjNMle1yEfokL7OUwYEfmWM7xI2C6JyGPxaWL%2Bkg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9eaee8b4eb-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/themes/hueman/assets/front/fonts/titillium-regularitalic-webfont.woff
188.114.96.1200 OK 27 kB URL HTTP/1.1 upgradepro.net/wp-content/themes/hueman/assets/front/fonts/titillium-regularitalic-webfont.woff
IP 188.114.96.1:0
File type Web Open Font Format, TrueType, length 26588, version 1.0\012- data
Hash 40e70084282fc3b2aaff5d2b4d487cde
6d6ca06b8f6b8d0d290a73ab34b4a1c0f6455102
8dbe8457cc41e254cb7fcd4dfa77c52c16413c18f35a370b77c5f07b4895562a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/hueman/assets/front/fonts/titillium-regularitalic-webfont.woff HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: font/woff
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Sat, 03 Sep 2022 11:22:49 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zOOWKETQ7VPG%2BwlCr4dsCcyKGWh%2Fc8D7Nq8PeHRLUG0g7E%2B5003D89E6QwwxcZ4gM2EVQNV20fTe7c78%2BN1uYczsCzxwM%2FoOf4oT5JYZ9Uyr2pUcsLYGpsuRo%2B9cSC0pnw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9e4bab1c0e-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/plugins/wordpress-popular-posts/assets/css/wpp.css?ver=6.1.1
188.114.96.1200 OK 246 B URL HTTP/1.1 upgradepro.net/wp-content/plugins/wordpress-popular-posts/assets/css/wpp.css?ver=6.1.1
IP 188.114.96.1:0
File type ASCII text, with very long lines (438), with no line terminators
Hash bbc528c095c69039dce91e7cb153e13d
73af749b72fac69cdbc2c1f23701f89ccd4f74c6
09bc928f2a8102aa213094eb1ed1be5537ebc66098f1d80e05aaa44be07e4464
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/wordpress-popular-posts/assets/css/wpp.css?ver=6.1.1 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 22 Dec 2022 07:47:53 GMT
cache-control: max-age=14400
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FDmdZ3TTnmZtM8MsYBhbZs9jlg6q4wasmFSoLHlxCwh%2BzdwWQ6WRmKp3TuUNB8GBem%2BUWfd46pNW4n5dD9xnlV%2Bb3NwVoZu1coQI85dlKYaWH9y2tO0OK5I6%2BZQxI3IJwA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9eceddb4e8-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/themes/hueman/assets/front/fonts/titillium-semibold-webfont.woff
188.114.96.1200 OK 25 kB URL HTTP/1.1 upgradepro.net/wp-content/themes/hueman/assets/front/fonts/titillium-semibold-webfont.woff
IP 188.114.96.1:0
File type Web Open Font Format, TrueType, length 24732, version 1.0\012- data
Hash e3f6344401af39dbdf843e8864589553
03662277cbf67b4e70c4377c18e6271e53ebc979
62ff09a8013f9dfc0f7cbefc6feb180c258818e151aff470902f29ef44342f0d
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/hueman/assets/front/fonts/titillium-semibold-webfont.woff HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: font/woff
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Sat, 03 Sep 2022 11:22:49 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oc43I0Qh%2FlE0lOjgqa31efJrZ1nRJltbh9j7FheYzdCOOaMMHV5iztqomGrcgwy%2BiouvwY%2Fv0iFVrWyxdISYWJSJDzTCogj5y9oPu1GYcz%2F1%2FegfO6J8ULtxUgEgpPoQoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9e9f3b0b4d-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/themes/hueman/assets/front/css/font-awesome.min.css?ver=3.7.23
188.114.96.1200 OK 13 kB URL HTTP/1.1 upgradepro.net/wp-content/themes/hueman/assets/front/css/font-awesome.min.css?ver=3.7.23
IP 188.114.96.1:0
File type ASCII text, with very long lines (59326), with CRLF line terminators
Hash 59b1b8ea31b3d152c890fd3e264058f8
6043702f45d7eb44a3ea665c0006eb3dc8c7da66
4d3c0f1c62c59b7529fc2f3533ddcbb0f6d079c99dcfe2a34bbdbb683968ff3e
GET /wp-content/themes/hueman/assets/front/css/font-awesome.min.css?ver=3.7.23 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Sat, 03 Sep 2022 11:22:49 GMT
cache-control: max-age=14400
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lb7iCL59T7eyGXOsVabG%2FEpCq%2FkUDJWnIY7gR4ehYYc03D7JbB9NiKfsex8t2B7QWDbMeJHAQIzQApNFrmPKdbiocF0EnzK9wIKtcfhemV539nacWrNmVgj52h8HPpiHFg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9edf11b51e-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/plugins/recent-posts-widget-with-thumbnails/public.css?ver=7.1.1
188.114.96.1200 OK 457 B URL HTTP/1.1 upgradepro.net/wp-content/plugins/recent-posts-widget-with-thumbnails/public.css?ver=7.1.1
IP 188.114.96.1:0
File type ASCII text, with very long lines (934), with no line terminators
Hash ffec8d52f7337f9c057103a60e90713e
3c9d0e98c29c0206ced41bfe3c620b70ee5992ed
f8f177c3731252a5ef9137089dd5d3464ae5a9e326677694f0c457cfae9ee9a0
GET /wp-content/plugins/recent-posts-widget-with-thumbnails/public.css?ver=7.1.1 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Sat, 08 Oct 2022 17:36:20 GMT
cache-control: max-age=14400
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6u9KLNQsQUojLtTqAsDB6zzjhAdpbZK4IASgPlcgjHIenZTNK1ZYKhE1Xm4KJIxRzKMRexlmuPNBC%2Fbtm4te0Zbq9FszN%2FAobcc3eKTH8QusbH4AsKMgT2YnCEeTZguoMg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9f1f37b4eb-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/uploads/sites/11/nimble_css/skp__post_page_8.css?ver=1659375060
188.114.96.1200 OK 1.7 kB URL HTTP/1.1 upgradepro.net/wp-content/uploads/sites/11/nimble_css/skp__post_page_8.css?ver=1659375060
IP 188.114.96.1:0
File type ASCII text, with very long lines (8995), with no line terminators
Hash 5783858aabe822f2c596d21b62250770
a5fdbad01ed9b38ff005b5e3bec6b6d760ffc5bc
544236764c9af1b169c5d9312eb0cb0c45d63c7f55717b4e94c5ee016eb11bb9
GET /wp-content/uploads/sites/11/nimble_css/skp__post_page_8.css?ver=1659375060 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Mon, 01 Aug 2022 17:31:00 GMT
cache-control: max-age=14400
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X8Xcvv9O4RcsIBx%2Bg%2BEVgCHrdQv3MtIEd5XVB5LYzdUnFnLmAzXtR9OA1r5r9BdK9D3gCsrs5gBAbjGh2azQPxc9dPhW1Q1HMCDVmjBq3bQSp2t8zaRRfldwaYnQ9EBk0A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9f2bec1c0e-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/themes/hueman/assets/front/css/main.min.css?ver=3.7.23
188.114.96.1200 OK 18 kB URL HTTP/1.1 upgradepro.net/wp-content/themes/hueman/assets/front/css/main.min.css?ver=3.7.23
IP 188.114.96.1:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 74a86b28d7aafac3a185dee55f509af4
d2bc56d6f2db7e1b02318d1c58beee9ee90099f7
bbfaf5443061c3c0f83d260cc7428d677da054fa6c1bef54493a94339eddab6e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/hueman/assets/front/css/main.min.css?ver=3.7.23 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 26 Jan 2023 13:58:52 GMT
cache-control: max-age=14400
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=22RO1OiCZDkg24LnuSmUmRAZ%2B0dLg8a7dVfD5wSNxaWihxbVoM%2FCROpMSBzi%2Bd9oWIpJOnEEyfzl4qNPzJJC%2FRbEwiR96gIUUlMg7pvQ5CdzOVreg4vSGwhoQIykQ53jfw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9ed8870b55-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
188.114.96.1200 OK 4.2 kB URL HTTP/1.1 upgradepro.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 188.114.96.1:0
File type ASCII text, with very long lines (11126)
Hash 0d5bb2a36d1fc2e095235bc201eb5579
98f0154e2ed5322a9f65077f954868d6c800b337
fe6382620c35c12aa4f3f96fe395e5813defe330c1d95fd3de1e94f8f5d1f0a5
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r3D1MKpWTCaR8aAKAg4Z%2FYlDE%2BMGVJvbI1Gy54omQDb%2BevRLskGjID9s1IWHDgKY2qE%2Fk0DAU%2BHcdAjzw9s1T14hkU6Lfe7U8j7YkYWCNjaiPmOIlfPgNUQiktcTnclBGg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9f9f6e0b4d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=6.1.1
188.114.96.1200 OK 1.4 kB URL HTTP/1.1 upgradepro.net/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=6.1.1
IP 188.114.96.1:0
File type HTML document, ASCII text, with very long lines (570), with CRLF line terminators
Hash 2e95fdf3988127bc7ae0a50cd2913a2b
4619cf421d070a4da22d8c06299413c7baaf2f69
fec7469ca7af284928ce52ce021faa4e93b7bebb6f1419386e2d8dd10aa1a0e8
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=6.1.1 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 22 Dec 2022 07:47:53 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iISyqhJdOXmnmV4nSho7K%2B83Fp01RO7nwEF47BPayBUJRpw%2Ftqux8qlgrCCbw97Vy9%2BiMWx%2F9AC8RBsAqhwyTMbxi7L9%2F%2B9yj45sAHisJdYnbkzc%2B1Vdk%2Brw3s4I1HTmRg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9fbf91b51e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
188.114.96.1200 OK 31 kB URL HTTP/1.1 upgradepro.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 188.114.96.1:0
File type ASCII text, with very long lines (65447)
Hash 25a014e67e9b2eafb7ecc86f1e30d77d
f4227f827cba0c787a4e08ccc6427d27c95873e2
63a06e24fbd59edc5ca7cff61c8cbb3f67c2a684c2a407ba891af34f737f15b9
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 22 Dec 2022 07:44:09 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N88ETWzgNgwpVFbbA9Ntg6M8BBQGqA%2BXz1P5lS%2FDvA1MCTshrVgD%2FgNd3qjupEYA0jt5szEwPtOc8GFKlcByLX8IgblmLQ%2Fz%2BHpzk6KJwQT5kevTW0tS%2Fk%2FvHqB0yQgZxg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9f8f3fb4e8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
188.114.96.1200 OK 5.0 kB URL HTTP/1.1 upgradepro.net/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 188.114.96.1:0
File type ASCII text, with very long lines (15660)
Hash bbb097231c0fb01c0d2f6b36ed6671f8
c816b9446535131259db1107069b5096354f993b
aca781b166c02a50a9de1f82c51f0ebbd808b59e58e6dfe5f29ae84c881926c5
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Tue, 12 Apr 2022 05:56:23 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iu9qVdSky0cZIxYq5h%2F6V9f1R53%2BSkzzPLLsbFM%2BT7Ao9FBq6B5TCNJTb%2FKA60GrJUhm85RU%2FG3otG2MZsacgQH9osH1v%2BjZUA34myda%2BbB9VoWIC5wHfjRrbNPrwNcbQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9fcf98b4eb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-includes/js/underscore.min.js?ver=1.13.4
188.114.96.1200 OK 7.3 kB URL HTTP/1.1 upgradepro.net/wp-includes/js/underscore.min.js?ver=1.13.4
IP 188.114.96.1:0
File type ASCII text, with very long lines (18798)
Hash 0658e520a9bf0d7e9ba6f65a0c679ef7
fdf45aaebd16bf3f62eef511d1de09c21739fc6b
debe4963a5cf0eab6f3139163de333d05d147a805053c2df4e1d49f4e9387179
GET /wp-includes/js/underscore.min.js?ver=1.13.4 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 22 Dec 2022 07:44:09 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KVfEOp2Z3G%2Bgig0Qws7df6hDhRt0ZDO2gfzfEluon2qfgUyPrK5CKM2XUS7AgckVpyxYHzt8WeL%2FnwQalRM7fc3%2Fk%2Fd0NWz4RXSey4RuIBLnNcEKKwCI2tT674Dsy9LnSg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9fdc371c0e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/themes/hueman/assets/front/js/scripts.min.js?ver=3.7.23
188.114.96.1200 OK 21 kB URL HTTP/1.1 upgradepro.net/wp-content/themes/hueman/assets/front/js/scripts.min.js?ver=3.7.23
IP 188.114.96.1:0
File type Unicode text, UTF-8 text, with very long lines (39708), with CRLF line terminators
Hash 22e08dae851a2419fdf877f23cdebf48
8213c880f536e98ae94a49b7de9aff7eace0d40d
6c64b321675cbf6d0fed4f9202e98bb129578938d3c1a9b532c270130a8deca7
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/hueman/assets/front/js/scripts.min.js?ver=3.7.23 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Sat, 03 Sep 2022 11:22:49 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0fBJPjvH0%2FAwjh9ymG8%2BLl0fFdQdeKtx3ngN4JwYqJ74AtZPKTRYZyV7uSvPSspBu5FGNahUw%2BtOn2YokndmzBFi%2BOHz%2BnDBrUUaBAS6vMAzAK6OOjSisreGSR6EK6aTuA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688d9ff90f0b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
js.wpadmngr.com/npc/sdk/wp-banners.js
45.133.44.25200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 00:40:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Thu, 09 Feb 2023 00:45:22 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e2687c97217e30a005fa949149a892cc
6d922f8468e292f4febe118367e2eca48072b9a8
3bd59f24619871a284835b674b3e9e30cf0f15a2c48ad7eeb199f181cf9a9b4c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3BD59F24619871A284835B674B3E9E30CF0F15A2C48AD7EEB199F181CF9A9B4C"
Last-Modified: Tue, 07 Feb 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6996
Expires: Thu, 09 Feb 2023 02:36:58 GMT
Date: Thu, 09 Feb 2023 00:40:22 GMT
Connection: keep-alive
upgradepro.net/wp-json/wordpress-popular-posts/v1/popular-posts/widget/2?is_single=0
188.114.96.1200 OK 789 B URL HTTP/1.1 upgradepro.net/wp-json/wordpress-popular-posts/v1/popular-posts/widget/2?is_single=0
IP 188.114.96.1:0
File type JSON data\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6284), with no line terminators
Hash df95f11da4c068f9af0c65ec9f022903
19cef161e0d8e6fd3b4da0a9b6202e3fff0f8aa0
c1852666b337d6c8d0dd89a70c1a0bc9076979c9faf1405bc44a003f663219e1
Analyzer Verdict Alert fortinet Phishing
GET /wp-json/wordpress-popular-posts/v1/popular-posts/widget/2?is_single=0 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:22 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-content-type-options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SFLWqb2LaTgiq3dBoo0jZvsrWQWjukpaxSWIv078mtF8TRfE6251ifB8m%2F5GJj%2F1%2BHUFCN4MeaDla7zvHCDHFYJzsLwWGn031VCssZDYf244gFAuXSg%2FxLzPgL8Uz%2FexGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79688da208b7b51e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
na.nawpush.com/tags/34449?version_name=d
45.133.44.24200 OK 1.0 kB URL HTTP/2 na.nawpush.com/tags/34449?version_name=d
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (1002), with no line terminators
Hash 1f381396df8dfb58d4f2defd32905c9a
807b31a55793dbaf677287bfafa3fddfe24e3512
136e52bd415c2d042503d0c22a875acfb3fe9436c125143c311205c93ae754f8
GET /tags/34449?version_name=d HTTP/1.1
Host: na.nawpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://upgradepro.net
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 00:40:22 GMT
content-type: application/json
content-length: 1002
server: nginx/1.18.0
cache-control: max-age=300, public
x-proxy-cache: EXPIRED
access-control-allow-origin: *
X-Firefox-Spdy: h2
upgradepro.net/wp-content/plugins/nimble-builder/assets/front/js/ccat-nimble-front.min.js?v=3.3.2
188.114.96.1200 OK 4.8 kB URL HTTP/1.1 upgradepro.net/wp-content/plugins/nimble-builder/assets/front/js/ccat-nimble-front.min.js?v=3.3.2
IP 188.114.96.1:0
File type ASCII text, with very long lines (15797), with no line terminators
Hash f33fc4ae6b7c1e512e4e7d59dfc51e0d
6f54e8aeaba5190e6d2dd94f191bc36262d117cc
2f1095708729b310e1f80df0ef0676ac1376efe52b60fc52c962928dce75423c
GET /wp-content/plugins/nimble-builder/assets/front/js/ccat-nimble-front.min.js?v=3.3.2 HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Fri, 30 Sep 2022 13:45:31 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tGvLMYXa2gPLNdZIB5%2FwxZ2jpkhG094vAZtqaq%2FsIwnvaQQdYjBpkywr0R0z6Ee8iqkkY04vDYU9waW6Tzc7SHsraD25XxCMA%2BpL47%2BkNatkbmg5Qu99PtWTDjrA5l%2FFAA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688da208dcb4e8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
counter.yadro.ru/hit?t50.6;r;s1280*1024*24;uhttp%3A//upgradepro.net/;hSex%20Photos%20%26%20OnlyFans%20Leaks%20-%20Enjoy%20Leaked%20Nude%20Photos%20of%20Models%2C%20Patreon%2C%20OnlyFans%2C%20YouTube%2C%20Twitch%2C%20Snapchat%2C%20Instagram;0.4145304126763645
88.212.202.52302 Moved Temporarily 32 B URL HTTP/1.1 counter.yadro.ru/hit?t50.6;r;s1280*1024*24;uhttp%3A//upgradepro.net/;hSex%20Photos%20%26%20OnlyFans%20Leaks%20-%20Enjoy%20Leaked%20Nude%20Photos%20of%20Models%2C%20Patreon%2C%20OnlyFans%2C%20YouTube%2C%20Twitch%2C%20Snapchat%2C%20Instagram;0.4145304126763645
IP 88.212.202.52:0
ASN #39134 United Network LLC
File type HTML document, ASCII text
Hash 3e9c09a8c5a87f266e047a596f48578c
07d7b1940b7e3f9a3db43197458f9b8ef18a6bce
57fad7ae62012ff4a38ecb6045ac6e8e3a070a33bbd033b21ab6cad3566d9254
GET /hit?t50.6;r;s1280*1024*24;uhttp%3A//upgradepro.net/;hSex%20Photos%20%26%20OnlyFans%20Leaks%20-%20Enjoy%20Leaked%20Nude%20Photos%20of%20Models%2C%20Patreon%2C%20OnlyFans%2C%20YouTube%2C%20Twitch%2C%20Snapchat%2C%20Instagram;0.4145304126763645 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 302 Moved Temporarily
Date: Thu, 09 Feb 2023 00:40:22 GMT
Server: 0W/0.8c
Content-Type: text/html
Location: https://counter.yadro.ru/hit?t50.6;r;s1280*1024*24;uhttp%3A//upgradepro.net/;hSex%20Photos%20%26%20OnlyFans%20Leaks%20-%20Enjoy%20Leaked%20Nude%20Photos%20of%20Models%2C%20Patreon%2C%20OnlyFans%2C%20YouTube%2C%20Twitch%2C%20Snapchat%2C%20Instagram;0.4145304126763645
Content-Length: 32
Expires: Tue, 08 Feb 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 39f72ee961e1afed82fed52212ec6b65
557eae661c60433cfbbe14dbca5df31259e0c59b
b527888545839ca25e30f2fe8d409f3de6ab08d98a974dd14626b728e5ead13c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2977
Cache-Control: max-age=120480
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 00:40:22 GMT
Etag: "63e368f5-1d7"
Expires: Fri, 10 Feb 2023 10:08:22 GMT
Last-Modified: Wed, 08 Feb 2023 09:18:45 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 9b729d50739d6d735064cdd7339cfe5e
7132087203fd25ba3a1dbb50a906f8856012ee1d
ed1a985cbb37b7d3eed9a0d888de1a5a0734aa1eb296593bdf2bb4efdbadd386
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:22 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sun, 12 Feb 2023 20:36:38 GMT
ETag: "7132087203fd25ba3a1dbb50a906f8856012ee1d"
Last-Modified: Wed, 08 Feb 2023 20:36:39 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1070
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688da35966b51e-OSL
upgradepro.net/wp-content/uploads/sites/11/2022/07/34.png
188.114.96.1200 OK 2.2 kB URL HTTP/1.1 upgradepro.net/wp-content/uploads/sites/11/2022/07/34.png
IP 188.114.96.1:0
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash f3ea188c261176e9434bcb620c5106f1
efbe69c53e10b798f034b591ed67906ff14a04bb
76c866e6445930c6e22b24c1fe670ee3b9293b6fcd02bb4a334702dff5560c09
GET /wp-content/uploads/sites/11/2022/07/34.png HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:22 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Sat, 30 Jul 2022 18:39:43 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FJDfDooOy87XAcARetPRiblwiue14MsJyn4ZDAhUyGhNVJrLto0DZrpsA39X6fsXJoBmMcrUoDelihAsLZhNuPycJJAgw9Ph%2F9PYuS5V7UfmiA0sNGQe55emi9qbG3sAwg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688da2f981b4e8-OSL
alt-svc: h2=":443"; ma=60
counter.yadro.ru/hit?t43.6;r;s1280*1024*24;uhttp%3A//upgradepro.net/;hSex%20Photos%20%26%20OnlyFans%20Leaks%20-%20Enjoy%20Leaked%20Nude%20Photos%20of%20Models%2C%20Patreon%2C%20OnlyFans%2C%20YouTube%2C%20Twitch%2C%20Snapchat%2C%20Instagram;0.06472381957570872
88.212.202.52200 OK 148 B URL HTTP/1.1 counter.yadro.ru/hit?t43.6;r;s1280*1024*24;uhttp%3A//upgradepro.net/;hSex%20Photos%20%26%20OnlyFans%20Leaks%20-%20Enjoy%20Leaked%20Nude%20Photos%20of%20Models%2C%20Patreon%2C%20OnlyFans%2C%20YouTube%2C%20Twitch%2C%20Snapchat%2C%20Instagram;0.06472381957570872
IP 88.212.202.52:0
ASN #39134 United Network LLC
File type GIF image data, version 87a, 31 x 31\012- data
Hash c4b8d7d55cc20a5b52c3660fbd8871fa
f31d164f2ac369a35a41a8e5ad8aa2cdd63e62c2
931383ad7739ca39f3a67277ee1b475d8567181feb6ef127c421238d1172fff2
GET /hit?t43.6;r;s1280*1024*24;uhttp%3A//upgradepro.net/;hSex%20Photos%20%26%20OnlyFans%20Leaks%20-%20Enjoy%20Leaked%20Nude%20Photos%20of%20Models%2C%20Patreon%2C%20OnlyFans%2C%20YouTube%2C%20Twitch%2C%20Snapchat%2C%20Instagram;0.06472381957570872 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 09 Feb 2023 00:40:22 GMT
Content-Type: image/gif
Content-Length: 148
Connection: keep-alive
Expires: Tue, 08 Feb 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
counter.yadro.ru/hit?t50.6;r;s1280*1024*24;uhttp%3A//upgradepro.net/;hSex%20Photos%20%26%20OnlyFans%20Leaks%20-%20Enjoy%20Leaked%20Nude%20Photos%20of%20Models%2C%20Patreon%2C%20OnlyFans%2C%20YouTube%2C%20Twitch%2C%20Snapchat%2C%20Instagram;0.4145304126763645
88.212.202.52200 OK 132 B URL HTTP/1.1 counter.yadro.ru/hit?t50.6;r;s1280*1024*24;uhttp%3A//upgradepro.net/;hSex%20Photos%20%26%20OnlyFans%20Leaks%20-%20Enjoy%20Leaked%20Nude%20Photos%20of%20Models%2C%20Patreon%2C%20OnlyFans%2C%20YouTube%2C%20Twitch%2C%20Snapchat%2C%20Instagram;0.4145304126763645
IP 88.212.202.52:0
ASN #39134 United Network LLC
File type GIF image data, version 87a, 31 x 31\012- data
Hash c13b0ec205fabd070b69a7df6971641b
d03360d12bf1f034e65c1cb299743eff3a226f3f
eb03d5c88046cd6bf4bf958b581f783cc1f6b1f21f91af45c3e0ce5cf137bd0c
GET /hit?t50.6;r;s1280*1024*24;uhttp%3A//upgradepro.net/;hSex%20Photos%20%26%20OnlyFans%20Leaks%20-%20Enjoy%20Leaked%20Nude%20Photos%20of%20Models%2C%20Patreon%2C%20OnlyFans%2C%20YouTube%2C%20Twitch%2C%20Snapchat%2C%20Instagram;0.4145304126763645 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://upgradepro.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 09 Feb 2023 00:40:22 GMT
Content-Type: image/gif
Content-Length: 132
Connection: keep-alive
Expires: Tue, 08 Feb 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.205.35200 OK 2.3 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.205.35:0
Hash 5e18c79baf6e66cfe7afdfffa2097d3f
4dc4668abea855f2ccd40e34c739dcc2b3891deb
c46104b74cf589c9840cbd7554dd3c0916ff8932b84365c6914a5ec8db59efec
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: bHjHKAn/xmVeJn5MvrFqV4Dk1NLJMw1gLcRgFmg4XZs0MEE4zxRRPN9K/lp8EHFW5XbdHu88JpEmYiFC9/6qRA==
date: Thu, 09 Feb 2023 00:40:22 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12164
Expires: Thu, 09 Feb 2023 04:03:06 GMT
Date: Thu, 09 Feb 2023 00:40:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12164
Expires: Thu, 09 Feb 2023 04:03:06 GMT
Date: Thu, 09 Feb 2023 00:40:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F049f3f10-52dc-41ec-990c-719ee36485c7.jpeg
34.120.237.76200 OK 3.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F049f3f10-52dc-41ec-990c-719ee36485c7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10fd2f55fa0cfb8616ded6ddc2bb511a
996ed68f1b9770a19a97f6c8d359e338b8c8b3ca
e552d31a5e531386b9830bb58486f09bfcb3400676f726f93fdbea08336a09da
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F049f3f10-52dc-41ec-990c-719ee36485c7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3599
x-amzn-requestid: 658f8678-b67d-4f98-b728-cf9cbad3aa86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ABI38GUpIAMFY0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e38832-2ab19d0f2345fc7515775298;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 11:32:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oBM94J-bP0KLv3VUKHBQcndevBxzLc1rQ27Mc4Z_C-CGOyCH_FlKDw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:14:59 GMT
age: 30692
etag: "996ed68f1b9770a19a97f6c8d359e338b8c8b3ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffa565275-3a2e-4292-b935-18f8fc648689.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffa565275-3a2e-4292-b935-18f8fc648689.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ebad32ed6e84736b26623ed3d9b6cfe7
f9ddc5333953bafc7de7c971a693771a179e8bab
c8cc0ee6bcc93f226bcf774f1354e094bd6715c86e680be7523c84e457b7922d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffa565275-3a2e-4292-b935-18f8fc648689.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8637
x-amzn-requestid: 5d2c1f9d-9088-461f-ad0d-d5ebcc54f78f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fsw9gGk5IAMF1fg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db61ef-1318c7ba1dc92b30228a1aaf;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 07:10:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jCwYb_u5z_XDADfhooA_MtH6KDONfrUsOUESiOTcZciCPM3jwyMgAA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 13:40:47 GMT
etag: "f9ddc5333953bafc7de7c971a693771a179e8bab"
content-type: image/jpeg
age: 39575
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
upgradepro.net/wp-content/uploads/sites/11/2023/02/mayumiwaifu-nude-onlyfans-leaks-225x300.jpg
188.114.96.1200 OK 7.9 kB URL HTTP/1.1 upgradepro.net/wp-content/uploads/sites/11/2023/02/mayumiwaifu-nude-onlyfans-leaks-225x300.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 225x300, components 3\012- data
Hash ebeadd8842914342056b0a8b0e4b17b7
ea3fecdc7af7f5130d5aa262731c385f2f143375
cdf58113a27f7ee92e60e224d612fa556f218723508947e9beb639364b9cfc28
GET /wp-content/uploads/sites/11/2023/02/mayumiwaifu-nude-onlyfans-leaks-225x300.jpg HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:22 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Wed, 08 Feb 2023 19:52:38 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=et9aW3Wwc19k8dNr5SxUWF3n3w4W0Zjrr%2BH7tNcuOOOyc53AluwgDfbOTbIQdHgVqP%2BiQoHb8axCLizGhc%2F%2Fmovgu%2BbYO6V29a0EFLTOBPq9fiDKezMlIER%2BdZGZhPzRrw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688da44a88b4e8-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/uploads/sites/11/2023/02/jillian-murray-leaked-fappening-video-300x200.jpg
188.114.96.1200 OK 8.3 kB URL HTTP/1.1 upgradepro.net/wp-content/uploads/sites/11/2023/02/jillian-murray-leaked-fappening-video-300x200.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 300x200, components 3\012- data
Hash bcd35556ab8c74beb558fecfde1d44d4
1ba4c64b01d598426ace97d0837f877afd340c6c
5d270690079122e9d916e999050ed40861d9408913e8995cb259061beb3e1ade
GET /wp-content/uploads/sites/11/2023/02/jillian-murray-leaked-fappening-video-300x200.jpg HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:22 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Wed, 08 Feb 2023 12:47:05 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M6PWd10aFx96tsCnxTbkosBl8f9VmY4I4o5Ja%2BfVMx80bod2YXvalYOZ6aaZU2AXFwFMdqXQBZE0DG%2Fmn%2F1OuGLZX0Ypy%2Bd7rUCsUzb76M1QpBffa2Oc2zyY2M%2FD7nGjRA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688da449e8b51e-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12164
Expires: Thu, 09 Feb 2023 04:03:06 GMT
Date: Thu, 09 Feb 2023 00:40:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ec996f6-8867-41f0-9850-ad04d05e22e6.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ec996f6-8867-41f0-9850-ad04d05e22e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 464812429ec9f5c766def4ac26e86e4f
170a5d6fcaa69c78896ed8a37442a27c6309c09a
1248df6127626b254420b6ddabba6fba12066c9b7f314386c25ac51781f59060
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ec996f6-8867-41f0-9850-ad04d05e22e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10472
x-amzn-requestid: f43c32c6-0bb3-4154-934d-cd0ad1e3edf7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fv73mHmooAMFRFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dca696-700ab104674033036aba0878;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 06:15:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2kp0tBfU8v-pe5Tft8WnSQKV5deSlUbRVEGthGejjT4uXlbbv1IiAg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 19:00:11 GMT
age: 20411
etag: "170a5d6fcaa69c78896ed8a37442a27c6309c09a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12164
Expires: Thu, 09 Feb 2023 04:03:06 GMT
Date: Thu, 09 Feb 2023 00:40:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 95081172f8e19d19921acc802488e019
8531c150cb11de44361a95624b11cf46b9e0ba02
7a2d8f012c7d590f3f39ad834d4f3f9fb729143b7395bc588bd608b5bdee039b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15019
x-amzn-requestid: 574e3e2c-2fbe-4215-9500-021147338832
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f583LHiioAMFqkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a82d-4f12aac524c39f822ca4f422;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:11:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _3jIo3Giw3zmTmnSkJArAllT6uigN7EEzLPfkGpd6168_mSdqdk_Cg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 08:24:16 GMT
age: 58566
etag: "8531c150cb11de44361a95624b11cf46b9e0ba02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12164
Expires: Thu, 09 Feb 2023 04:03:06 GMT
Date: Thu, 09 Feb 2023 00:40:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fc553a8677d9c0bf4835a0c29a7345c
ec8541dd8ae32e1cf597d40cc1d9d04aefb46ba8
e821faf86e44f2b9c9d5bd8cd3575c0a99acfc58774077034c413e345a7c0c0c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7451
x-amzn-requestid: a900a5b4-85cd-4817-8e70-2516eb33a0a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fox8IHMuIAMFdHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9c9e7-1122726b315a7c5623d1ff3f;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 02:09:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0giOb6VA3jgf_3ep6DqSBrFhYz8aBNWTjxpitvm9NWe2oNQlJ5UbEA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:09:32 GMT
age: 9050
etag: "ec8541dd8ae32e1cf597d40cc1d9d04aefb46ba8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3509a9bb-f5d1-4723-96d3-e2a87a28bbf4.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3509a9bb-f5d1-4723-96d3-e2a87a28bbf4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6c45da743665658afcfbf2309e1594b
04d025452dcec571f3eb6068499290d86e0c4c30
3ddfcf83ea18ba20700364c7095750a142a15575c988ba5688ed2f4dbbba4ee8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3509a9bb-f5d1-4723-96d3-e2a87a28bbf4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6471
x-amzn-requestid: ab4c8119-a2f0-4b3d-bbed-b34c5a0a7a30
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ACiGaGsjoAMFmZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e416f5-7298e0530bee8f997b552e6e;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:41:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qxzdVgRauaFA1GnS6m2WJr7zkXVIpFUNZN0r_mdAQvkDu4nzYanjzQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:10:41 GMT
age: 8981
etag: "04d025452dcec571f3eb6068499290d86e0c4c30"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
upgradepro.net/wp-content/uploads/sites/11/2022/08/jackie-love-nude-onlyfans-leaks-300x300.jpg
188.114.96.1200 OK 14 kB URL HTTP/1.1 upgradepro.net/wp-content/uploads/sites/11/2022/08/jackie-love-nude-onlyfans-leaks-300x300.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 300x300, components 3\012- data
Hash 15e74130978a6c98833ce0aa7d995115
eeee934925a90a0da1be57ed5f3e1f9ab01d2acf
58791218b15c53fe2e03928536736ec81db95a86981b1a0453bf5adc18400d15
GET /wp-content/uploads/sites/11/2022/08/jackie-love-nude-onlyfans-leaks-300x300.jpg HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:22 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Tue, 09 Aug 2022 13:54:44 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lFXnilra0vzdGIuIe0Hi1I4cE2ZWwO5IeCnatJgnwv%2FGml8koX1dFD6KkGyPcD1U%2FGtLNqjleOFa%2F%2BAPqZDVqgmuyLVCHd5NnNEVPsVOZoMtNk5gl7XJHOA40czTO2zRzg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688da47aef0b55-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/uploads/sites/11/2023/02/aoife-oneal-aoifeoneal-onlyfans-leaks-225x300.jpg
188.114.96.1200 OK 15 kB URL HTTP/1.1 upgradepro.net/wp-content/uploads/sites/11/2023/02/aoife-oneal-aoifeoneal-onlyfans-leaks-225x300.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 225x300, components 3\012- data
Hash 7d33dbb94756abd14560612ed9568dfe
d291261e00c3287965802a1c04cbfffe2ffa625b
c0f512a3fe5f9099d747abf724df84dd379d605267a2945c4c4dc3f2bedf3fb4
GET /wp-content/uploads/sites/11/2023/02/aoife-oneal-aoifeoneal-onlyfans-leaks-225x300.jpg HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:22 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Wed, 08 Feb 2023 09:22:12 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BHKe9txMEoLdzTeyfbb6E3dUrUVXmqokW9%2Bh%2B436Yao5cizi%2BlwjSwhf2pXZyqu107wQvnUAdXV9ehw%2FYKQ4gYyUG3FtPwyj70uEeEeAjeRij0bWpu%2FrQMo5EZujQ8J1vQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688da44a1ab4eb-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/uploads/sites/11/2023/02/zoella-mckay-nude-onlyfans-leaks-300x200.jpg
188.114.96.1200 OK 13 kB URL HTTP/1.1 upgradepro.net/wp-content/uploads/sites/11/2023/02/zoella-mckay-nude-onlyfans-leaks-300x200.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 300x200, components 3\012- data
Hash 2adc7b8c0044bfb32ccd59cab36ae8ca
ff397b6bfb3e35cb63285c419eb4d8784099b905
b5ced2153e2139f1b8377774f7b6e82c4a949ef55e565224c69c97db9e3c628b
GET /wp-content/uploads/sites/11/2023/02/zoella-mckay-nude-onlyfans-leaks-300x200.jpg HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:22 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Wed, 08 Feb 2023 08:28:27 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kkeRv78yStZS3%2FH45%2FmHTIuVJaiTN51f4LdmIDnMGe7uwFk6C4ARMixTuUdaok%2BuV56IaZAId25gkoszD3OBK4Y5mzgrnLP%2BIi7t%2BdJgbHw%2BUZGcLRH5DY0c%2FJg4uAirAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688da45df31c0e-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/uploads/sites/11/2022/11/noonzspt-nude-300x300.jpg
188.114.96.1200 OK 7.4 kB URL HTTP/1.1 upgradepro.net/wp-content/uploads/sites/11/2022/11/noonzspt-nude-300x300.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 300x300, components 3\012- data
Hash 83047ec395a75e8867b5b0f966b15e44
6037348f8a400864f048dd7306bbd4cc74d91dc5
d31d16e74ee60f821d1266069b9fe7abaadf2d34c6330c51a563300264886e3b
GET /wp-content/uploads/sites/11/2022/11/noonzspt-nude-300x300.jpg HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:22 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 01 Dec 2022 11:38:00 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a9JgzfKDK7vJn4IwqZwzqfRkURpWUyxXVzWd%2FjqjxicuXbmzT3PgikjTCy%2FEo%2FkJScKAalI%2F5V5B7OkT1REiQqMtOKN5HATuJyMvuTQkQfmLCa2p11QqqR3TH2xdX3Spgw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688da4fa48b51e-OSL
alt-svc: h2=":443"; ma=60
fp.metricswpsh.com/fp?tag_id=34449
157.90.84.242204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=34449
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=34449 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://upgradepro.net/
Origin: http://upgradepro.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Thu, 09 Feb 2023 00:40:22 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: http://upgradepro.net
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
notification.tubecup.net/tags?tag_id=34449&timezone_olson=UTC&version_name=d
88.198.200.36200 OK 1.5 kB URL HTTP/2 notification.tubecup.net/tags?tag_id=34449&timezone_olson=UTC&version_name=d
IP 88.198.200.36:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with very long lines (1461), with no line terminators
Hash 4afb46b3aaeca59660171955a9f64cfa
96f3e4326d91cf64ae82bfd21ef115d080333801
40d92dcc3a927890c01d619fc9906eb66b062314bea038a37f02dc8f9eabab1d
GET /tags?tag_id=34449&timezone_olson=UTC&version_name=d HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://upgradepro.net
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 09 Feb 2023 00:40:22 GMT
content-type: application/json
content-length: 1461
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6bef1343a66278bc250629f5edf46694
5d8a5cf1d990ecd4e75e0d834fd63f88a4abe8a9
bad09148088ec8156ee1ca83d0a67eda4bbe79379b187d0261460fce506da38f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BAD09148088EC8156EE1CA83D0A67EDA4BBE79379B187D0261460FCE506DA38F"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3259
Expires: Thu, 09 Feb 2023 01:34:41 GMT
Date: Thu, 09 Feb 2023 00:40:22 GMT
Connection: keep-alive
upgradepro.net/wp-content/uploads/sites/11/2022/08/praew-phatcharin-nude-onlyfans-leaks-300x300.jpg
188.114.96.1200 OK 14 kB URL HTTP/1.1 upgradepro.net/wp-content/uploads/sites/11/2022/08/praew-phatcharin-nude-onlyfans-leaks-300x300.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 300x300, components 3\012- data
Hash 097b77651f4f50b20a5bf410fefcac53
619432cf5bea85ffb274a9d1777bf2c00cc2c99a
04adb8cda1c7994b3015c26548a3513e156262a0d964734a12574d87e364231c
GET /wp-content/uploads/sites/11/2022/08/praew-phatcharin-nude-onlyfans-leaks-300x300.jpg HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:22 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Wed, 12 Oct 2022 23:08:17 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKPHpy4XuOnuVWowArEaBOxbRGfGwi%2FFipF0GJCWt1YAZ1IxA7J8dScHTidrqTtLb9CIqwyiz61off12WEEnfN9Zu6%2FsATLURio%2FeeG%2B%2FhtbZ5OOx8SoffNL7Owf0YAxBA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688da478c00b4d-OSL
alt-svc: h2=":443"; ma=60
upgradepro.net/wp-content/uploads/sites/11/2022/09/abby-berner-nude-300x300.jpg
188.114.96.1200 OK 13 kB URL HTTP/1.1 upgradepro.net/wp-content/uploads/sites/11/2022/09/abby-berner-nude-300x300.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 300x300, components 3\012- data
Hash a109e5602a2c1b3229ad57997081322a
730136c77f587278bf050d0ee46616ece28d4e82
3b6009999a95e446c59884f9dc894b29bc30274e235ad5f5f9ad7d2179c5ef89
GET /wp-content/uploads/sites/11/2022/09/abby-berner-nude-300x300.jpg HTTP/1.1
Host: upgradepro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upgradepro.net/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:22 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Mon, 10 Oct 2022 22:22:07 GMT
cache-control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FSn3csza%2FnvntdJJbjeH%2FujwGjivuS1Ye9BwRb5QlVcsZfVHGL6Mp7zDOlIKmzajnsMhAvBoENmjmu56tAx51nCyyyVNGMIS8%2BRe3C%2FRRVcRoUZvh1McDOBLr7AX4Vp7%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79688da4faf1b4e8-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 85ffff50a6d79de002fe9eb8b62b600c
2794092e96e1e4b7c36c0dc83c0da1675cb3ff90
22f612472537f0f6f7a7b30b5e341e6fc795677fadb16408b579db2d74e8baab
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22F612472537F0F6F7A7B30B5E341E6FC795677FADB16408B579DB2D74E8BAAB"
Last-Modified: Tue, 07 Feb 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9365
Expires: Thu, 09 Feb 2023 03:16:27 GMT
Date: Thu, 09 Feb 2023 00:40:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 79d3033be0289b758c2178874b1166a0
cf9dbea411077ebaa79c27369d16025fbbb18915
a06bdaa103e32c12de5b5ca402f93578b1d2d64f832db00f2347d00d1c3bb6e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A06BDAA103E32C12DE5B5CA402F93578B1D2D64F832DB00F2347D00D1C3BB6E7"
Last-Modified: Wed, 08 Feb 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11245
Expires: Thu, 09 Feb 2023 03:47:47 GMT
Date: Thu, 09 Feb 2023 00:40:22 GMT
Connection: keep-alive
fp.metricswpsh.com/fp?tag_id=34449
157.90.84.242200 OK 28 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=34449
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash e3af49472d683a217237a6ebaf79bcb7
378db4d7e6171a2676ee15c80b4475d7f5ec9742
7714898d715fb8b1ce7a1de73e0e7c9f6394acc8a08cf1a3b342a7829d4de84a
POST /fp?tag_id=34449 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22285
Origin: http://upgradepro.net
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 09 Feb 2023 00:40:22 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://upgradepro.net
Set-Cookie: id=15848845920863134410; Expires=Fri, 09 Feb 2024 00:40:22 GMT; Secure; SameSite=None
Vary: Origin
4a274b2471.ba01520b8b.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1MzM4NDgyMjI0MTU4NzIwMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjIuMCIsInRhZ19pZCI6MzQ0NDksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC42OCwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjpudWxsLCJ1c2VyX2tleXdvcmRzIjoiU2V4JTJDUGhvdG9zJTJDT25seUZhbnMlMkNMZWFrcyUyQ0Vuam95JTJDTGVha2VkJTJDTnVkZSUyQ1Bob3RvcyUyQ29mJTJDTW9kZWxzJTJDUGF0cmVvbiUyQ09ubHlGYW5zJTJDWW91VHViZSUyQ1R3aXRjaCUyQ1NuYXBjaGF0JTJDSW5zdGFncmFtJTJDTGVha3MlMkNmcm9tJTJDT25seWZhbnMlMkNQYXRyZW9uJTJDTWFueXZpZHMlMkNNWU0uZmFucyUyQ2V0YyUyQ0hvdCUyQ3JlZ3VsYXIlMkNiYWJlcyUyQ2FuZCUyQ3BvcHVsYXIlMkNjZWxlYnJpdGllcyUyQ2FyZSUyQ25ha2VkJTJDaGVyZSUyQ0RhaWx5JTJDdXBkYXRlcy4ifQ==
45.133.44.24200 OK 0 B URL HTTP/2 4a274b2471.ba01520b8b.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1MzM4NDgyMjI0MTU4NzIwMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjIuMCIsInRhZ19pZCI6MzQ0NDksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC42OCwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjpudWxsLCJ1c2VyX2tleXdvcmRzIjoiU2V4JTJDUGhvdG9zJTJDT25seUZhbnMlMkNMZWFrcyUyQ0Vuam95JTJDTGVha2VkJTJDTnVkZSUyQ1Bob3RvcyUyQ29mJTJDTW9kZWxzJTJDUGF0cmVvbiUyQ09ubHlGYW5zJTJDWW91VHViZSUyQ1R3aXRjaCUyQ1NuYXBjaGF0JTJDSW5zdGFncmFtJTJDTGVha3MlMkNmcm9tJTJDT25seWZhbnMlMkNQYXRyZW9uJTJDTWFueXZpZHMlMkNNWU0uZmFucyUyQ2V0YyUyQ0hvdCUyQ3JlZ3VsYXIlMkNiYWJlcyUyQ2FuZCUyQ3BvcHVsYXIlMkNjZWxlYnJpdGllcyUyQ2FyZSUyQ25ha2VkJTJDaGVyZSUyQ0RhaWx5JTJDdXBkYXRlcy4ifQ==
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1MzM4NDgyMjI0MTU4NzIwMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjIuMCIsInRhZ19pZCI6MzQ0NDksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC42OCwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjpudWxsLCJ1c2VyX2tleXdvcmRzIjoiU2V4JTJDUGhvdG9zJTJDT25seUZhbnMlMkNMZWFrcyUyQ0Vuam95JTJDTGVha2VkJTJDTnVkZSUyQ1Bob3RvcyUyQ29mJTJDTW9kZWxzJTJDUGF0cmVvbiUyQ09ubHlGYW5zJTJDWW91VHViZSUyQ1R3aXRjaCUyQ1NuYXBjaGF0JTJDSW5zdGFncmFtJTJDTGVha3MlMkNmcm9tJTJDT25seWZhbnMlMkNQYXRyZW9uJTJDTWFueXZpZHMlMkNNWU0uZmFucyUyQ2V0YyUyQ0hvdCUyQ3JlZ3VsYXIlMkNiYWJlcyUyQ2FuZCUyQ3BvcHVsYXIlMkNjZWxlYnJpdGllcyUyQ2FyZSUyQ25ha2VkJTJDaGVyZSUyQ0RhaWx5JTJDdXBkYXRlcy4ifQ== HTTP/1.1
Host: 4a274b2471.ba01520b8b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://upgradepro.net
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 00:40:22 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
nereserv.com/in/dip?site=native-push&wl=1&event_id=7b3dc0ac-d7e1-4fde-8c81-73eef6b28614&subid=283629230&sid=570560866&spot_id=21859&created_at=2023-02-09&timezone=0&ver=7.36.0-b&is_native=1
157.90.84.246200 OK 0 B URL HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=7b3dc0ac-d7e1-4fde-8c81-73eef6b28614&subid=283629230&sid=570560866&spot_id=21859&created_at=2023-02-09&timezone=0&ver=7.36.0-b&is_native=1
IP 157.90.84.246:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=7b3dc0ac-d7e1-4fde-8c81-73eef6b28614&subid=283629230&sid=570560866&spot_id=21859&created_at=2023-02-09&timezone=0&ver=7.36.0-b&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://upgradepro.net
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 09 Feb 2023 00:40:23 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
sw.swwpush.com/npc/sdk/wpu/ipnpush.m.js
45.133.44.25200 OK 82 kB URL HTTP/2 sw.swwpush.com/npc/sdk/wpu/ipnpush.m.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash aa3a851aab58dac39d96f973f3db5f2b
01b73a985a3b87252522239be7d67f9aff1b722a
bf004801b88ef29d84a280d85f1b6d34f245ace7342482ab8759000341fa2935
GET /npc/sdk/wpu/ipnpush.m.js HTTP/1.1
Host: sw.swwpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 00:40:22 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 07 Feb 2023 14:22:17 GMT
etag: W/"63e25e99-527f6"
content-encoding: gzip
expires: Thu, 09 Feb 2023 00:45:22 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash faf445a5b34d8601b400967eb84b993c
f54e1aa3d0db72a36728b8f43ea7077bbaa69c6e
c4ce62b90b2cc6fda96eb3c58e723b5460cc684d7dbfedb5daa10d2fa5c05f36
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C4CE62B90B2CC6FDA96EB3C58E723B5460CC684D7DBFEDB5DAA10D2FA5C05F36"
Last-Modified: Wed, 08 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9150
Expires: Thu, 09 Feb 2023 03:12:53 GMT
Date: Thu, 09 Feb 2023 00:40:23 GMT
Connection: keep-alive
9028b77447.a5acd46254.com/in/multy
157.90.84.246204 No Content 0 B URL HTTP/2 9028b77447.a5acd46254.com/in/multy
IP 157.90.84.246:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /in/multy HTTP/1.1
Host: 9028b77447.a5acd46254.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://upgradepro.net/
Origin: http://upgradepro.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.20.1
date: Thu, 09 Feb 2023 00:40:23 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
9028b77447.a5acd46254.com/in/multy
157.90.84.246200 OK 20 kB URL HTTP/2 9028b77447.a5acd46254.com/in/multy
IP 157.90.84.246:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (20395), with no line terminators
Hash 5843f805f1673319f96342c91df7fe29
f4af97a9e72d88ddc8193c60a59ded30d5bcc76f
4fc5ff62bbe86ab44d21046bf177192f3e5821c400ceac6817d8f9a7c8113da8
Analyzer Verdict Alert quad9 Sinkholed
POST /in/multy HTTP/1.1
Host: 9028b77447.a5acd46254.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1486
Origin: http://upgradepro.net
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 09 Feb 2023 00:40:24 GMT
content-type: application/json
content-length: 20406
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
9028b77447.a5acd46254.com/in/show/?mid=3106647552337726862&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=283629230&sid=570560866&cid=13433&price=0.0031&is_cpm=0&cpm=0&ecpm=0.1642313881520778&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&tcid=0&out_id=1&ver=7.36.0-b&ver_c=&refdom=upgradepro.net&hostname=auc-inpage-hz-5-b&site_id=3121859&spot_id=21859&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-02-09&is_native=2&auction_queue=0&burl=P6NkZTjs4Ew1xVn7ru1q-jhPClFAYogQA1V-tAfkMKtNWXbzUbXrtw&pop_winurl=&ip=91.90.42.154&testab=1&px_id=5321859&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.028912992636262517&placement_type_id=&skin_test=0&verify_hash=6f0e07d4fa157f98cb54fad578303b16&score=100&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D283629230%26spot_id%3D21859%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fupgradepro.net%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.0031&user_fp=14631201315374251416&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=NBko1gx6eS725wfsq_yoeSyiRZWJd3A2LgJwpykCiZ4qMjQ5taHT-4t4UBHx5giWnauIVBBPbjC7Ml6IPSO2fI2fNTy6A31Woxya4yDdF4Za33iIqy9VRx9BmCmjmsyIPHn_BSdVnopqO6tnOdMmv_69i_b-ERxqQ6zR1GtUiRcRpnw6fg&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&skin_id=2&vertical_id=0&real_bid=0.00295895&pr=&user_keywords=&auc_type=1&aid=3335&ext_cid=0&device_theme=light&keywords=Adult&label_ids=4,83,89,0&conditions=dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=475e6aef-8bf2-42a7-9f69-15d72fcf09e8&mlc=1&format=default-slide-b_r-body
157.90.84.246200 OK 0 B URL HTTP/2 9028b77447.a5acd46254.com/in/show/?mid=3106647552337726862&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=283629230&sid=570560866&cid=13433&price=0.0031&is_cpm=0&cpm=0&ecpm=0.1642313881520778&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&tcid=0&out_id=1&ver=7.36.0-b&ver_c=&refdom=upgradepro.net&hostname=auc-inpage-hz-5-b&site_id=3121859&spot_id=21859&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-02-09&is_native=2&auction_queue=0&burl=P6NkZTjs4Ew1xVn7ru1q-jhPClFAYogQA1V-tAfkMKtNWXbzUbXrtw&pop_winurl=&ip=91.90.42.154&testab=1&px_id=5321859&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.028912992636262517&placement_type_id=&skin_test=0&verify_hash=6f0e07d4fa157f98cb54fad578303b16&score=100&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D283629230%26spot_id%3D21859%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fupgradepro.net%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.0031&user_fp=14631201315374251416&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=NBko1gx6eS725wfsq_yoeSyiRZWJd3A2LgJwpykCiZ4qMjQ5taHT-4t4UBHx5giWnauIVBBPbjC7Ml6IPSO2fI2fNTy6A31Woxya4yDdF4Za33iIqy9VRx9BmCmjmsyIPHn_BSdVnopqO6tnOdMmv_69i_b-ERxqQ6zR1GtUiRcRpnw6fg&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&skin_id=2&vertical_id=0&real_bid=0.00295895&pr=&user_keywords=&auc_type=1&aid=3335&ext_cid=0&device_theme=light&keywords=Adult&label_ids=4,83,89,0&conditions=dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=475e6aef-8bf2-42a7-9f69-15d72fcf09e8&mlc=1&format=default-slide-b_r-body
IP 157.90.84.246:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/show/?mid=3106647552337726862&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=283629230&sid=570560866&cid=13433&price=0.0031&is_cpm=0&cpm=0&ecpm=0.1642313881520778&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&tcid=0&out_id=1&ver=7.36.0-b&ver_c=&refdom=upgradepro.net&hostname=auc-inpage-hz-5-b&site_id=3121859&spot_id=21859&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-02-09&is_native=2&auction_queue=0&burl=P6NkZTjs4Ew1xVn7ru1q-jhPClFAYogQA1V-tAfkMKtNWXbzUbXrtw&pop_winurl=&ip=91.90.42.154&testab=1&px_id=5321859&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.028912992636262517&placement_type_id=&skin_test=0&verify_hash=6f0e07d4fa157f98cb54fad578303b16&score=100&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D283629230%26spot_id%3D21859%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fupgradepro.net%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.0031&user_fp=14631201315374251416&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=NBko1gx6eS725wfsq_yoeSyiRZWJd3A2LgJwpykCiZ4qMjQ5taHT-4t4UBHx5giWnauIVBBPbjC7Ml6IPSO2fI2fNTy6A31Woxya4yDdF4Za33iIqy9VRx9BmCmjmsyIPHn_BSdVnopqO6tnOdMmv_69i_b-ERxqQ6zR1GtUiRcRpnw6fg&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&skin_id=2&vertical_id=0&real_bid=0.00295895&pr=&user_keywords=&auc_type=1&aid=3335&ext_cid=0&device_theme=light&keywords=Adult&label_ids=4,83,89,0&conditions=dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=475e6aef-8bf2-42a7-9f69-15d72fcf09e8&mlc=1&format=default-slide-b_r-body HTTP/1.1
Host: 9028b77447.a5acd46254.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 09 Feb 2023 00:40:24 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
9028b77447.a5acd46254.com/in/show/?mid=3106647552337726862&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=283629230&sid=570560866&cid=13253&price=0.0838&is_cpm=0&cpm=0&ecpm=0.13269678869621065&crid=&crtid=17d43f81cc073548090aad9c92420bae&tcid=0&out_id=0&ver=7.36.0-b&ver_c=&refdom=upgradepro.net&hostname=auc-inpage-hz-5-b&site_id=3121859&spot_id=21859&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-02-09&is_native=1&auction_queue=0&burl=lCXRdiVNm2M46hQOP-aUUkYIU7zVbYZMyBNvhGCSVeq3MvxbxODOrQ&pop_winurl=&ip=91.90.42.154&testab=1&px_id=7321859&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.000836422880539499&placement_type_id=&skin_test=0&verify_hash=3013b9940b83afc1b811dda113b02af0&score=100&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D283629230%26spot_id%3D21859%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fupgradepro.net%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.0838&user_fp=14631201315374251416&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=kKa9N4neKwyIA1mxe_2t2ysUzgVnYG0uGIdgk88rQt6DlPPwYHf7iwR1swjkKrYxvRINJWAEKeSMAFpK_1gqdWjg4Us0ojzTRpNIEp-I_TAYfWWeYxFBNVc0f2nHlUnBG48Pez0Mr1h_V8ktBtV5PpoGJpvlG9Bc-DvXXnKeaYxzXGzZ_oHDxNHmHBkYR_ilzpdvun_rbqzbaM530x_6W5EewriMtom8FJJCtDUVrijDXHVivKGZQeUGgjnNkNxs3kzgBbZeCF14C1cY9tJBgjijA7NslTXI6UhKHBU7GVUnlWH9GrMMqRKG8mB__9LCxdCy-RR-rX3_pAh836SJScRzKc4HvNyyWPt1e8Ikeq1YMQo9nCeMsiTvxhXn7uptgyFSWcmjOH4HEDtvalYM4_G0CvLrY2ygZ9Qjn3jo7kxMiHzZW5q3_-VN8aaCAsMgOaPMoKPYK4WwoVWcVpbW-WA91ZXinWN2J2qFW9BqtX22O7f2izWZdZ9IsgeOXLC5KkTiLi80H6Q4KcbPZS_a7ToBxuQ4ZHsIxOvD_I4-q52Qqpb2ryHAFu9zEl59wLIq2rcxHrFDx8-1Lp5mkpALMIIz63G1y7ztgk4Y8JU9Z9aqtvTkxCCtUpoaZY_AZpOwDjO2zsShPOhTerdg0XpYQGJFff3fPQkVLs0pZcLIsOZwQ1uYak6FJJ7Q16CkVwWCOEVmLQSPrhDhfSrmJr41o2JgtDxkkWb7jaD29psPKSz5DwkS6gUQhe46Sdnc85V7n5ruGTvXP4lg-58JaqXq6nIMvhfq9M1emx99cKQ0PYnd0yrTTOWD9TK4VuQEJTBl6ACRhpg6W56wKfsb3QQQR0nYTQ7o&image_url=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fim%3Fauth%3Dr19um2%26c%3D0yeToRSN8EyhW8riglkYIHBfW0vNhvwCQWjzk0W7hLZ8mgHi0jU1Q6i9GLr0E7mXg9Uz_XLv1Avcuwn43GtVysIgVgwbPJ39vAhCjWgLBjUn0RxMmExOlmUFqUnxQuXYy7vM54XDfWOKFcH7MlMKUZTNkTkAGHe0y8eh0n7pU4ZCjfZGTGFw5jpIshZwONdBcMW5CpzwAy7jM4PETrMpTw85SFGcmFjBfLnQ_ZmfzsJ0lABhRMhxr4hTztHWwEh4JtPTrMV-1FLscB2dlKeQyTtm0ZPApOPo2-d7TmjMcTG0K5nE0VKZ4YtypcCqT8CiP6oPSylJPz5Pa8w75AsCT85Jc3O8pamW62E40WksJ0n6ZV_AH4MqOwylaiyZO6iysXQE_7bYeTa-ADEqiQr6BDtiE8lEQnxLO74RXbQoB--TUECjuCCLTdnOV7_s4K2_m9wveiXueLVowQocLxOZ-9rwNTLo5vaL1mNYu5nsRl76zPKxB2TzDYuLeUMI4pbwWhp7jm8xCCaxKzOCQjq3uQGU9z68HwlL&skin_id=2&vertical_id=15&real_bid=0.08264355999999999&pr=&user_keywords=&auc_type=1&aid=3335&ext_cid=0&device_theme=light&keywords=Adult&label_ids=4,83,90,15&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=63283a32-9e41-4efe-a173-6ed2a39f2259&format=default-slide-b_r-body
157.90.84.246200 OK 0 B URL HTTP/2 9028b77447.a5acd46254.com/in/show/?mid=3106647552337726862&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=283629230&sid=570560866&cid=13253&price=0.0838&is_cpm=0&cpm=0&ecpm=0.13269678869621065&crid=&crtid=17d43f81cc073548090aad9c92420bae&tcid=0&out_id=0&ver=7.36.0-b&ver_c=&refdom=upgradepro.net&hostname=auc-inpage-hz-5-b&site_id=3121859&spot_id=21859&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-02-09&is_native=1&auction_queue=0&burl=lCXRdiVNm2M46hQOP-aUUkYIU7zVbYZMyBNvhGCSVeq3MvxbxODOrQ&pop_winurl=&ip=91.90.42.154&testab=1&px_id=7321859&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.000836422880539499&placement_type_id=&skin_test=0&verify_hash=3013b9940b83afc1b811dda113b02af0&score=100&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D283629230%26spot_id%3D21859%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fupgradepro.net%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.0838&user_fp=14631201315374251416&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=kKa9N4neKwyIA1mxe_2t2ysUzgVnYG0uGIdgk88rQt6DlPPwYHf7iwR1swjkKrYxvRINJWAEKeSMAFpK_1gqdWjg4Us0ojzTRpNIEp-I_TAYfWWeYxFBNVc0f2nHlUnBG48Pez0Mr1h_V8ktBtV5PpoGJpvlG9Bc-DvXXnKeaYxzXGzZ_oHDxNHmHBkYR_ilzpdvun_rbqzbaM530x_6W5EewriMtom8FJJCtDUVrijDXHVivKGZQeUGgjnNkNxs3kzgBbZeCF14C1cY9tJBgjijA7NslTXI6UhKHBU7GVUnlWH9GrMMqRKG8mB__9LCxdCy-RR-rX3_pAh836SJScRzKc4HvNyyWPt1e8Ikeq1YMQo9nCeMsiTvxhXn7uptgyFSWcmjOH4HEDtvalYM4_G0CvLrY2ygZ9Qjn3jo7kxMiHzZW5q3_-VN8aaCAsMgOaPMoKPYK4WwoVWcVpbW-WA91ZXinWN2J2qFW9BqtX22O7f2izWZdZ9IsgeOXLC5KkTiLi80H6Q4KcbPZS_a7ToBxuQ4ZHsIxOvD_I4-q52Qqpb2ryHAFu9zEl59wLIq2rcxHrFDx8-1Lp5mkpALMIIz63G1y7ztgk4Y8JU9Z9aqtvTkxCCtUpoaZY_AZpOwDjO2zsShPOhTerdg0XpYQGJFff3fPQkVLs0pZcLIsOZwQ1uYak6FJJ7Q16CkVwWCOEVmLQSPrhDhfSrmJr41o2JgtDxkkWb7jaD29psPKSz5DwkS6gUQhe46Sdnc85V7n5ruGTvXP4lg-58JaqXq6nIMvhfq9M1emx99cKQ0PYnd0yrTTOWD9TK4VuQEJTBl6ACRhpg6W56wKfsb3QQQR0nYTQ7o&image_url=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fim%3Fauth%3Dr19um2%26c%3D0yeToRSN8EyhW8riglkYIHBfW0vNhvwCQWjzk0W7hLZ8mgHi0jU1Q6i9GLr0E7mXg9Uz_XLv1Avcuwn43GtVysIgVgwbPJ39vAhCjWgLBjUn0RxMmExOlmUFqUnxQuXYy7vM54XDfWOKFcH7MlMKUZTNkTkAGHe0y8eh0n7pU4ZCjfZGTGFw5jpIshZwONdBcMW5CpzwAy7jM4PETrMpTw85SFGcmFjBfLnQ_ZmfzsJ0lABhRMhxr4hTztHWwEh4JtPTrMV-1FLscB2dlKeQyTtm0ZPApOPo2-d7TmjMcTG0K5nE0VKZ4YtypcCqT8CiP6oPSylJPz5Pa8w75AsCT85Jc3O8pamW62E40WksJ0n6ZV_AH4MqOwylaiyZO6iysXQE_7bYeTa-ADEqiQr6BDtiE8lEQnxLO74RXbQoB--TUECjuCCLTdnOV7_s4K2_m9wveiXueLVowQocLxOZ-9rwNTLo5vaL1mNYu5nsRl76zPKxB2TzDYuLeUMI4pbwWhp7jm8xCCaxKzOCQjq3uQGU9z68HwlL&skin_id=2&vertical_id=15&real_bid=0.08264355999999999&pr=&user_keywords=&auc_type=1&aid=3335&ext_cid=0&device_theme=light&keywords=Adult&label_ids=4,83,90,15&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=63283a32-9e41-4efe-a173-6ed2a39f2259&format=default-slide-b_r-body
IP 157.90.84.246:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/show/?mid=3106647552337726862&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=283629230&sid=570560866&cid=13253&price=0.0838&is_cpm=0&cpm=0&ecpm=0.13269678869621065&crid=&crtid=17d43f81cc073548090aad9c92420bae&tcid=0&out_id=0&ver=7.36.0-b&ver_c=&refdom=upgradepro.net&hostname=auc-inpage-hz-5-b&site_id=3121859&spot_id=21859&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-02-09&is_native=1&auction_queue=0&burl=lCXRdiVNm2M46hQOP-aUUkYIU7zVbYZMyBNvhGCSVeq3MvxbxODOrQ&pop_winurl=&ip=91.90.42.154&testab=1&px_id=7321859&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.000836422880539499&placement_type_id=&skin_test=0&verify_hash=3013b9940b83afc1b811dda113b02af0&score=100&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D283629230%26spot_id%3D21859%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fupgradepro.net%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.0838&user_fp=14631201315374251416&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=kKa9N4neKwyIA1mxe_2t2ysUzgVnYG0uGIdgk88rQt6DlPPwYHf7iwR1swjkKrYxvRINJWAEKeSMAFpK_1gqdWjg4Us0ojzTRpNIEp-I_TAYfWWeYxFBNVc0f2nHlUnBG48Pez0Mr1h_V8ktBtV5PpoGJpvlG9Bc-DvXXnKeaYxzXGzZ_oHDxNHmHBkYR_ilzpdvun_rbqzbaM530x_6W5EewriMtom8FJJCtDUVrijDXHVivKGZQeUGgjnNkNxs3kzgBbZeCF14C1cY9tJBgjijA7NslTXI6UhKHBU7GVUnlWH9GrMMqRKG8mB__9LCxdCy-RR-rX3_pAh836SJScRzKc4HvNyyWPt1e8Ikeq1YMQo9nCeMsiTvxhXn7uptgyFSWcmjOH4HEDtvalYM4_G0CvLrY2ygZ9Qjn3jo7kxMiHzZW5q3_-VN8aaCAsMgOaPMoKPYK4WwoVWcVpbW-WA91ZXinWN2J2qFW9BqtX22O7f2izWZdZ9IsgeOXLC5KkTiLi80H6Q4KcbPZS_a7ToBxuQ4ZHsIxOvD_I4-q52Qqpb2ryHAFu9zEl59wLIq2rcxHrFDx8-1Lp5mkpALMIIz63G1y7ztgk4Y8JU9Z9aqtvTkxCCtUpoaZY_AZpOwDjO2zsShPOhTerdg0XpYQGJFff3fPQkVLs0pZcLIsOZwQ1uYak6FJJ7Q16CkVwWCOEVmLQSPrhDhfSrmJr41o2JgtDxkkWb7jaD29psPKSz5DwkS6gUQhe46Sdnc85V7n5ruGTvXP4lg-58JaqXq6nIMvhfq9M1emx99cKQ0PYnd0yrTTOWD9TK4VuQEJTBl6ACRhpg6W56wKfsb3QQQR0nYTQ7o&image_url=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fim%3Fauth%3Dr19um2%26c%3D0yeToRSN8EyhW8riglkYIHBfW0vNhvwCQWjzk0W7hLZ8mgHi0jU1Q6i9GLr0E7mXg9Uz_XLv1Avcuwn43GtVysIgVgwbPJ39vAhCjWgLBjUn0RxMmExOlmUFqUnxQuXYy7vM54XDfWOKFcH7MlMKUZTNkTkAGHe0y8eh0n7pU4ZCjfZGTGFw5jpIshZwONdBcMW5CpzwAy7jM4PETrMpTw85SFGcmFjBfLnQ_ZmfzsJ0lABhRMhxr4hTztHWwEh4JtPTrMV-1FLscB2dlKeQyTtm0ZPApOPo2-d7TmjMcTG0K5nE0VKZ4YtypcCqT8CiP6oPSylJPz5Pa8w75AsCT85Jc3O8pamW62E40WksJ0n6ZV_AH4MqOwylaiyZO6iysXQE_7bYeTa-ADEqiQr6BDtiE8lEQnxLO74RXbQoB--TUECjuCCLTdnOV7_s4K2_m9wveiXueLVowQocLxOZ-9rwNTLo5vaL1mNYu5nsRl76zPKxB2TzDYuLeUMI4pbwWhp7jm8xCCaxKzOCQjq3uQGU9z68HwlL&skin_id=2&vertical_id=15&real_bid=0.08264355999999999&pr=&user_keywords=&auc_type=1&aid=3335&ext_cid=0&device_theme=light&keywords=Adult&label_ids=4,83,90,15&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=63283a32-9e41-4efe-a173-6ed2a39f2259&format=default-slide-b_r-body HTTP/1.1
Host: 9028b77447.a5acd46254.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 09 Feb 2023 00:40:24 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?mlf=1&cpa=667e65ca-96d2-4370-af36-854818cd0861&mlc=1&format=default-slide-b_r-body
78.47.199.210200 OK 790 B URL HTTP/2 static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?mlf=1&cpa=667e65ca-96d2-4370-af36-854818cd0861&mlc=1&format=default-slide-b_r-body
IP 78.47.199.210:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 65156a660e465299370ebd90d84aa461
12ff60b17f579a77e42a8be7b6b1892fc71be33d
e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18
GET /creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?mlf=1&cpa=667e65ca-96d2-4370-af36-854818cd0861&mlc=1&format=default-slide-b_r-body HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 09 Feb 2023 00:40:24 GMT
content-type: image/webp
content-length: 790
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
etag: "5fbd16bb-316"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
78.47.199.210200 OK 790 B URL HTTP/2 static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
IP 78.47.199.210:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 65156a660e465299370ebd90d84aa461
12ff60b17f579a77e42a8be7b6b1892fc71be33d
e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18
GET /creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 09 Feb 2023 00:40:24 GMT
content-type: image/webp
content-length: 790
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
etag: "5fbd16bb-316"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 059d2b22b86f7b0f3cd512346a74c594
0b79a0d5b4b3f355ccede7aae13e0c010b885a36
1c90ee123f79887f855ddd0cf77fac00e272ab46e36ecd0ca9f09ea0d9a72f24
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:24 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 06:28:16 GMT
Expires: Wed, 15 Feb 2023 06:28:15 GMT
Etag: "0b79a0d5b4b3f355ccede7aae13e0c010b885a36"
Cache-Control: max-age=538670,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79688db25ae60b51-OSL
track.trackingtraffo.com/push/ic?auth=r19um2&c=LW6_EnaNVaxqaB2D1xp4fTMoncKQHztR8rqVRt7DiTrqXvhPQACuvqsleVWf8VTGvgfiqaRdMKbtwusiXyzkUwGdat0S1s_kTwQjGoleyetqWD96TbiuStOuMI_Fufqx4rIyXmynhSJSkaFJe0F7Q5g_Cqz8JP9p3KPS6ZhiqK2tOdo9Utbc9ABdkP1p_EYxAq2ANI7QQAcKXNQbCE6yukMSC9kuD8jE0a4G-6tzB0KW1cRMK_od4YvXxUrfYCDKDcrMJdR50LJneyAu0mn9COiELCwBaVti-VtBIy4jFaMggBPV_lgY9vdKCoWa8n_oRBBxdtEtOlcdHgh6WJ5LTL0T9uV3KflcYa92EmV1AVfogiCTZTnPB99kQGMYV9mZYRys6n_ToTQ505urPKzrqYWVZstWoNySPDWDEk9RzMdxVf0cubXeq5YRk3xmHaA8A889BMzA3y-h69L6NVaTz1faGpVwWHJPjkIS3JkxxjCkUUqyVphJsWvSFgVNZo_2uxYdj50RyoRAKKMvESpcZ4IyZUesd96jRmP1Yg&cpa=2bb17758-01b1-4ef7-a5a1-669ccae4414e&format=default-slide-b_r-body
88.214.206.175302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/push/ic?auth=r19um2&c=LW6_EnaNVaxqaB2D1xp4fTMoncKQHztR8rqVRt7DiTrqXvhPQACuvqsleVWf8VTGvgfiqaRdMKbtwusiXyzkUwGdat0S1s_kTwQjGoleyetqWD96TbiuStOuMI_Fufqx4rIyXmynhSJSkaFJe0F7Q5g_Cqz8JP9p3KPS6ZhiqK2tOdo9Utbc9ABdkP1p_EYxAq2ANI7QQAcKXNQbCE6yukMSC9kuD8jE0a4G-6tzB0KW1cRMK_od4YvXxUrfYCDKDcrMJdR50LJneyAu0mn9COiELCwBaVti-VtBIy4jFaMggBPV_lgY9vdKCoWa8n_oRBBxdtEtOlcdHgh6WJ5LTL0T9uV3KflcYa92EmV1AVfogiCTZTnPB99kQGMYV9mZYRys6n_ToTQ505urPKzrqYWVZstWoNySPDWDEk9RzMdxVf0cubXeq5YRk3xmHaA8A889BMzA3y-h69L6NVaTz1faGpVwWHJPjkIS3JkxxjCkUUqyVphJsWvSFgVNZo_2uxYdj50RyoRAKKMvESpcZ4IyZUesd96jRmP1Yg&cpa=2bb17758-01b1-4ef7-a5a1-669ccae4414e&format=default-slide-b_r-body
IP 88.214.206.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /push/ic?auth=r19um2&c=LW6_EnaNVaxqaB2D1xp4fTMoncKQHztR8rqVRt7DiTrqXvhPQACuvqsleVWf8VTGvgfiqaRdMKbtwusiXyzkUwGdat0S1s_kTwQjGoleyetqWD96TbiuStOuMI_Fufqx4rIyXmynhSJSkaFJe0F7Q5g_Cqz8JP9p3KPS6ZhiqK2tOdo9Utbc9ABdkP1p_EYxAq2ANI7QQAcKXNQbCE6yukMSC9kuD8jE0a4G-6tzB0KW1cRMK_od4YvXxUrfYCDKDcrMJdR50LJneyAu0mn9COiELCwBaVti-VtBIy4jFaMggBPV_lgY9vdKCoWa8n_oRBBxdtEtOlcdHgh6WJ5LTL0T9uV3KflcYa92EmV1AVfogiCTZTnPB99kQGMYV9mZYRys6n_ToTQ505urPKzrqYWVZstWoNySPDWDEk9RzMdxVf0cubXeq5YRk3xmHaA8A889BMzA3y-h69L6NVaTz1faGpVwWHJPjkIS3JkxxjCkUUqyVphJsWvSFgVNZo_2uxYdj50RyoRAKKMvESpcZ4IyZUesd96jRmP1Yg&cpa=2bb17758-01b1-4ef7-a5a1-669ccae4414e&format=default-slide-b_r-body HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 09 Feb 2023 00:40:24 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National Casino black.png
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 059d2b22b86f7b0f3cd512346a74c594
0b79a0d5b4b3f355ccede7aae13e0c010b885a36
1c90ee123f79887f855ddd0cf77fac00e272ab46e36ecd0ca9f09ea0d9a72f24
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:40:24 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 06:28:16 GMT
Expires: Wed, 15 Feb 2023 06:28:15 GMT
Etag: "0b79a0d5b4b3f355ccede7aae13e0c010b885a36"
Cache-Control: max-age=538670,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79688db269e2b524-OSL
track.trackingtraffo.com/push/im?auth=r19um2&c=0yeToRSN8EyhW8riglkYIHBfW0vNhvwCQWjzk0W7hLZ8mgHi0jU1Q6i9GLr0E7mXg9Uz_XLv1Avcuwn43GtVysIgVgwbPJ39vAhCjWgLBjUn0RxMmExOlmUFqUnxQuXYy7vM54XDfWOKFcH7MlMKUZTNkTkAGHe0y8eh0n7pU4ZCjfZGTGFw5jpIshZwONdBcMW5CpzwAy7jM4PETrMpTw85SFGcmFjBfLnQ_ZmfzsJ0lABhRMhxr4hTztHWwEh4JtPTrMV-1FLscB2dlKeQyTtm0ZPApOPo2-d7TmjMcTG0K5nE0VKZ4YtypcCqT8CiP6oPSylJPz5Pa8w75AsCT85Jc3O8pamW62E40WksJ0n6ZV_AH4MqOwylaiyZO6iysXQE_7bYeTa-ADEqiQr6BDtiE8lEQnxLO74RXbQoB--TUECjuCCLTdnOV7_s4K2_m9wveiXueLVowQocLxOZ-9rwNTLo5vaL1mNYu5nsRl76zPKxB2TzDYuLeUMI4pbwWhp7jm8xCCaxKzOCQjq3uQGU9z68HwlL
88.214.206.175302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/push/im?auth=r19um2&c=0yeToRSN8EyhW8riglkYIHBfW0vNhvwCQWjzk0W7hLZ8mgHi0jU1Q6i9GLr0E7mXg9Uz_XLv1Avcuwn43GtVysIgVgwbPJ39vAhCjWgLBjUn0RxMmExOlmUFqUnxQuXYy7vM54XDfWOKFcH7MlMKUZTNkTkAGHe0y8eh0n7pU4ZCjfZGTGFw5jpIshZwONdBcMW5CpzwAy7jM4PETrMpTw85SFGcmFjBfLnQ_ZmfzsJ0lABhRMhxr4hTztHWwEh4JtPTrMV-1FLscB2dlKeQyTtm0ZPApOPo2-d7TmjMcTG0K5nE0VKZ4YtypcCqT8CiP6oPSylJPz5Pa8w75AsCT85Jc3O8pamW62E40WksJ0n6ZV_AH4MqOwylaiyZO6iysXQE_7bYeTa-ADEqiQr6BDtiE8lEQnxLO74RXbQoB--TUECjuCCLTdnOV7_s4K2_m9wveiXueLVowQocLxOZ-9rwNTLo5vaL1mNYu5nsRl76zPKxB2TzDYuLeUMI4pbwWhp7jm8xCCaxKzOCQjq3uQGU9z68HwlL
IP 88.214.206.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /push/im?auth=r19um2&c=0yeToRSN8EyhW8riglkYIHBfW0vNhvwCQWjzk0W7hLZ8mgHi0jU1Q6i9GLr0E7mXg9Uz_XLv1Avcuwn43GtVysIgVgwbPJ39vAhCjWgLBjUn0RxMmExOlmUFqUnxQuXYy7vM54XDfWOKFcH7MlMKUZTNkTkAGHe0y8eh0n7pU4ZCjfZGTGFw5jpIshZwONdBcMW5CpzwAy7jM4PETrMpTw85SFGcmFjBfLnQ_ZmfzsJ0lABhRMhxr4hTztHWwEh4JtPTrMV-1FLscB2dlKeQyTtm0ZPApOPo2-d7TmjMcTG0K5nE0VKZ4YtypcCqT8CiP6oPSylJPz5Pa8w75AsCT85Jc3O8pamW62E40WksJ0n6ZV_AH4MqOwylaiyZO6iysXQE_7bYeTa-ADEqiQr6BDtiE8lEQnxLO74RXbQoB--TUECjuCCLTdnOV7_s4K2_m9wveiXueLVowQocLxOZ-9rwNTLo5vaL1mNYu5nsRl76zPKxB2TzDYuLeUMI4pbwWhp7jm8xCCaxKzOCQjq3uQGU9z68HwlL HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 09 Feb 2023 00:40:24 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995125-national-casino.png
ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National%20Casino%20black.png
5.9.105.245200 OK 4.5 kB URL HTTP/1.1 ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National%20Casino%20black.png
IP 5.9.105.245:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 58be17b22d6e1178a54c92cf862c817e
b821bc2f016751647df49e49863077e927a70322
9cc4f3f40313b08baf54c956685ac7a21ac8a3573908b9763865c6f613ce1b5f
GET /creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National%20Casino%20black.png HTTP/1.1
Host: ads.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 09 Feb 2023 00:40:25 GMT
Content-Type: image/png
Content-Length: 4456
Last-Modified: Wed, 18 Jan 2023 15:38:44 GMT
Connection: keep-alive
ETag: "63c81284-1168"
Accept-Ranges: bytes
ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995125-national-casino.png
5.9.105.245200 OK 4.6 kB URL HTTP/1.1 ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995125-national-casino.png
IP 5.9.105.245:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 433 x 176, 8-bit colormap, non-interlaced\012- data
Hash edffdc6a4138205965ac7c1440fbfb50
9cff09cdfdc1e054c431e6cbf4c12e4ec681e601
83ff002a01d8c1668fc4a851cc3eb1c24b929c4aced7ff7eb32b9ae3711c7498
GET /creatives/k1qy286gxmd5g3dpr397nw5v/1659514995125-national-casino.png HTTP/1.1
Host: ads.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 09 Feb 2023 00:40:25 GMT
Content-Type: image/png
Content-Length: 4596
Last-Modified: Wed, 18 Jan 2023 15:38:20 GMT
Connection: keep-alive
ETag: "63c8126c-11f4"
Accept-Ranges: bytes
tracot.com/jCNHCoM4OAflZtdxoEWUMWYX08lW-9yFePtYfo_FTpdGNc6c9opRoJuNW95heNLKkdgHcvR2jvrqFui6Hea9aS6VmqTCpLmCbQEcLr0kJH5lv8xLrmUSJwZjwZWxtYMy58wacNU?kws=sex%2Cphotos%2Conlyfans%2Cleaks%2Cenjoy%2Cleaked%2Cnude%2Cmodels%2Cpatreon%2Cyoutube%2Ctwitch%2Csnapchat%2Cinstagram&abl=0&fsb=0&pageUri=http%3A%2F%2Fupgradepro.net%2F&referer=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Feb%2009%202023%2000%3A41%3A18%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1
88.208.59.102200 OK 0 B URL HTTP/2 tracot.com/jCNHCoM4OAflZtdxoEWUMWYX08lW-9yFePtYfo_FTpdGNc6c9opRoJuNW95heNLKkdgHcvR2jvrqFui6Hea9aS6VmqTCpLmCbQEcLr0kJH5lv8xLrmUSJwZjwZWxtYMy58wacNU?kws=sex%2Cphotos%2Conlyfans%2Cleaks%2Cenjoy%2Cleaked%2Cnude%2Cmodels%2Cpatreon%2Cyoutube%2Ctwitch%2Csnapchat%2Cinstagram&abl=0&fsb=0&pageUri=http%3A%2F%2Fupgradepro.net%2F&referer=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Feb%2009%202023%2000%3A41%3A18%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
GET /jCNHCoM4OAflZtdxoEWUMWYX08lW-9yFePtYfo_FTpdGNc6c9opRoJuNW95heNLKkdgHcvR2jvrqFui6Hea9aS6VmqTCpLmCbQEcLr0kJH5lv8xLrmUSJwZjwZWxtYMy58wacNU?kws=sex%2Cphotos%2Conlyfans%2Cleaks%2Cenjoy%2Cleaked%2Cnude%2Cmodels%2Cpatreon%2Cyoutube%2Ctwitch%2Csnapchat%2Cinstagram&abl=0&fsb=0&pageUri=http%3A%2F%2Fupgradepro.net%2F&referer=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Feb%2009%202023%2000%3A41%3A18%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1 HTTP/1.1
Host: tracot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://upgradepro.net
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 00:40:25 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: http://upgradepro.net
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Thu, 09 Feb 2023 00:40:25 UTC
expires: Thu, 09 Feb 2023 00:40:25 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
js.wpadmngr.com/static/adManager.js
45.133.44.25200 OK 0 B URL HTTP/2 js.wpadmngr.com/static/adManager.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
GET /static/adManager.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 00:40:21 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 05 Dec 2022 13:37:26 GMT
etag: W/"638df416-4dd"
content-encoding: gzip
expires: Thu, 09 Feb 2023 00:45:21 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
nude1.com/?dm=fda710d872f41c4e9e622661faf0f1f2&action=load&blogid=11&siteid=1&t=1372931191&back=https%3A%2F%2Fupgradepro.net%2F
104.21.14.168200 OK 0 B URL HTTP/2 nude1.com/?dm=fda710d872f41c4e9e622661faf0f1f2&action=load&blogid=11&siteid=1&t=1372931191&back=https%3A%2F%2Fupgradepro.net%2F
IP 104.21.14.168:0
GET /?dm=fda710d872f41c4e9e622661faf0f1f2&action=load&blogid=11&siteid=1&t=1372931191&back=https%3A%2F%2Fupgradepro.net%2F HTTP/1.1
Host: nude1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://upgradepro.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 00:40:21 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rQDavdhN7HDxSDpIfH%2BB9ggagqC%2B%2Fq5F4cp2LxU4D479eOEPN2SkUyQVy5uHew8N8MK4v3sqZ70yjjAzucQOYRgk8%2BmD691dnmD19tUkhcXu6LBgHBBUAVd0ASI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79688d9e3f6cb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
js.wpadmngr.com/static/adManager.m.js
45.133.44.25200 OK 0 B URL HTTP/2 js.wpadmngr.com/static/adManager.m.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
GET /static/adManager.m.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 00:40:21 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 02 Feb 2023 09:20:02 GMT
etag: W/"63db8042-18c39"
content-encoding: gzip
expires: Thu, 09 Feb 2023 00:45:21 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.wpushsdk.com/npc/sdk/wpu/csub.m.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpushsdk.com/npc/sdk/wpu/csub.m.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/wpu/csub.m.js HTTP/1.1
Host: js.wpushsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upgradepro.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 00:40:22 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 07 Dec 2022 08:28:22 GMT
etag: W/"63904ea6-16019"
content-encoding: gzip
expires: Thu, 09 Feb 2023 00:45:22 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2