send.cm/ct7nwa8jmkdx/GRAPHPAD_PRISM_V9.4.1-XFORCE.rar
104.26.3.171301 Moved Permanently 0 B URL HTTP/1.1 send.cm/ct7nwa8jmkdx/GRAPHPAD_PRISM_V9.4.1-XFORCE.rar
IP 104.26.3.171:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ct7nwa8jmkdx/GRAPHPAD_PRISM_V9.4.1-XFORCE.rar HTTP/1.1
Host: send.cm
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 10 Sep 2022 11:08:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 10 Sep 2022 12:08:38 GMT
Location: https://send.cm/ct7nwa8jmkdx/GRAPHPAD_PRISM_V9.4.1-XFORCE.rar
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vJHMo9CNWnXsFtEKXuqWYplLYqS0PEx%2FsZbvQryVXZvw%2BUkWExtZHWt6ox3hM%2Fur6zG6h9Ou5BqfUWbEBtTUQXdGjxp%2FxGZ%2FpOyWK1xgOkm3EnSNfi1UQBI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7487b4f42bc80b31-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 10 Sep 2022 10:48:06 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: aLNbVYfr6PY-rXaJToiKHXdfYUvZRMGiTeApmE4gdOn7Kkx55V4HDA==
Age: 1232
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f55e483f32b3fd50b1a2414aaada9b61
9d6b22edb98866e002e3b1ace44dfb0f8d00935f
4b09e1d2b887ded061e4ec5f82ec70ce699eeed428acc6b4fd3ef10ed9233c89
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B09E1D2B887DED061E4EC5F82EC70CE699EEED428ACC6B4FD3EF10ED9233C89"
Last-Modified: Thu, 08 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8732
Expires: Sat, 10 Sep 2022 13:34:10 GMT
Date: Sat, 10 Sep 2022 11:08:38 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 10 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: V7FwCLx0x83x2PJFdizgCWCbTWUQFDjx1sUNYWssLOweZLLmln1NMQ==
age: 13886
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 11:08:38 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 960 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
Hash 54c056d11ceac3371fb509f300f53417
3a66e77797e3f5ba742f190d2a7d9b09f24051e7
03949d14273eee9fd6802fc0457e470d25da234ec0826aea33f693b6fad68382
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sat, 10 Sep 2022 10:56:07 GMT
Expires: Sat, 10 Sep 2022 11:03:19 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: T8IrY33so3dUhumRqLo5Qb5cw-6xk5ysoBrElUS8t3ykzYRczBYMhw==
Age: 752
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 36fe04277220227ba5ecfe7d2ff1d9d9
2eb9f6560336248cc45c1cd66d87505b5ebdf5d4
94f8f2f8f3b67db18825ea48740ff0ce218d7156fe851d6b023ef43b6bee4f7f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1935
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 11:08:39 GMT
Last-Modified: Sat, 10 Sep 2022 10:36:24 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 14 kB IP 142.250.74.3:0
Hash ead3f3839ae601c47a7abc197a9903ba
dd3239c20b8ed708a9e1b8fe2fbca4e113586f96
b6b8ace4006be86171ccbd43511ebe96042e4f66f6b4ffb66dd7dc1d3b60820d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 11:08:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-3400026-25
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-3400026-25
IP 142.250.74.72:0
File type ASCII text, with very long lines (1615)
Hash f8b748085f0f805c98f8aae011c68e78
e1305162f940748df22650063dd9acfaa528e381
7ef99d92f90cd3247476093d3c09842933adcb4ec5fbde51308e612585fd0efb
GET /gtag/js?id=UA-3400026-25 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 10 Sep 2022 11:08:39 GMT
expires: Sat, 10 Sep 2022 11:08:39 GMT
cache-control: private, max-age=900
last-modified: Sat, 10 Sep 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41904
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
increaserev.com/ads/ob/tagf/send.js
104.26.0.126200 OK 24 kB URL HTTP/2 increaserev.com/ads/ob/tagf/send.js
IP 104.26.0.126:0
File type ASCII text, with very long lines (4245), with CRLF line terminators
Hash b1ae8e3209689ff9d48f25924feb325c
d8be66ef603a8bb12b76131a4e6e06608abd894a
e435226fcfba5340587ed9660262b3160cb0ce548f725841abef86651023f09f
GET /ads/ob/tagf/send.js HTTP/1.1
Host: increaserev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:39 GMT
content-type: application/javascript
last-modified: Thu, 25 Aug 2022 12:43:53 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: origin, x-requested-with, content-type
access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4160
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dMQQTsIoQdr%2F5THYpjDQyW8odA%2BDqR%2FFVpBFZGdv7Tb1aXxJm1pkvbfAQze%2FTUT8AFVZtdUU9Ii%2FPRj0ZQhSAgAtxzj%2BdWCokvWZOlWeYt6iMtKN1H%2BmLrQg7HCKAcSbcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7487b4f969f00afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a2349084590878b4d1086644ab3990a1
ea14e6188f8bbbe32a6d9f125322d4959ee06364
e4861bf5c385cf5ec5bddfffeb5bba940a1b90cf43b9ae74faf744a774ec300b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E4861BF5C385CF5EC5BDDFFFEB5BBA940A1B90CF43B9AE74FAF744A774EC300B"
Last-Modified: Sat, 10 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7467
Expires: Sat, 10 Sep 2022 13:13:06 GMT
Date: Sat, 10 Sep 2022 11:08:39 GMT
Connection: keep-alive
push.services.mozilla.com/
34.213.140.56101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.213.140.56:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pRt7njDsbMp5CSeTckhCXA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rdgKaYliXqHqwnimdvnKTKFz9Sg=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f9f5ea3b291997be63946c4621b1bbff
30cfd7790ab977e4d16edf66e4133f052fca9a25
bb8bc8f75ada690fc34d282857171c56992fec1aca33b00f8d20f9c110d84519
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB8BC8F75ADA690FC34D282857171C56992FEC1ACA33B00F8D20F9C110D84519"
Last-Modified: Fri, 09 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7911
Expires: Sat, 10 Sep 2022 13:20:30 GMT
Date: Sat, 10 Sep 2022 11:08:39 GMT
Connection: keep-alive
pl17142106.profitablegatetocontent.com/d2/0b/d9/d20bd9cc9099994d29386eab93410fd0.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 pl17142106.profitablegatetocontent.com/d2/0b/d9/d20bd9cc9099994d29386eab93410fd0.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37121), with no line terminators
Hash 94e516ef1cb2e0bd1f7aecd559f3d342
c18ce495d51961e371e38799e6b32acc9570dc8e
ceaf94bceffc91f725ead772647b0f468af65ed20a4cabec509823ed6cb04040
Analyzer Verdict Alert quad9 Sinkholed
GET /d2/0b/d9/d20bd9cc9099994d29386eab93410fd0.js HTTP/1.1
Host: pl17142106.profitablegatetocontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 10 Sep 2022 11:08:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4b51449bbf7e85b4eac77df8492d4095
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sectigo.com/
172.64.155.188200 OK 23 kB IP 172.64.155.188:0
Hash cf07af8bf8112d9689708e6d3504ffe3
a7ec680b6e2f1ece120be11373259de7b44f5d13
1c50c6859bf354ca0cdf9f5614c0cab3b13a7ed2c6b182f91fdcf999c28a45fb
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 11:08:39 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=457600,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7487b4fd59d0b523-OSL
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 197fd65497ec7d02252819c3f8613972
067fad4f90f4c49acdca4bcc8fa66f2c3ca14c5a
7aa0265defadef9ffdebebb5762b6c27733a8f2a8430b373e85c477eb488ec3b
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 11:08:39 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://send.cm
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=baaf9e350510498b98e2aeae63dbc943; expires=Sun, 10 Sep 2023 11:08:39 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 431bccffdaad5a26e75e6dd4f8b1abaa
e4b0ac57e7c2d6d00e508cd99231b0f8d58942af
d2b9c8db43c744d36bc73630962238d7fb9017730f8ef8df9b6af1913b08cf35
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 11:08:40 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 12:52:23 GMT
Expires: Thu, 15 Sep 2022 12:52:22 GMT
Etag: "e4b0ac57e7c2d6d00e508cd99231b0f8d58942af"
Cache-Control: max-age=437622,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7487b4fcdd08b4fa-OSL
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4ab4266788d64f4bfdc9f1efb429c49a
3533a113e8560a9dc1bb01888a538cf405f86069
17549e4f8b4c5885030c9fa965bcf2d8ea33440e96819ae80f58dea13735a57f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "17549E4F8B4C5885030C9FA965BCF2D8EA33440E96819AE80F58DEA13735A57F"
Last-Modified: Fri, 09 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7681
Expires: Sat, 10 Sep 2022 13:16:41 GMT
Date: Sat, 10 Sep 2022 11:08:40 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4ab4266788d64f4bfdc9f1efb429c49a
3533a113e8560a9dc1bb01888a538cf405f86069
17549e4f8b4c5885030c9fa965bcf2d8ea33440e96819ae80f58dea13735a57f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "17549E4F8B4C5885030C9FA965BCF2D8EA33440E96819AE80F58DEA13735A57F"
Last-Modified: Fri, 09 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7681
Expires: Sat, 10 Sep 2022 13:16:41 GMT
Date: Sat, 10 Sep 2022 11:08:40 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1035ca30d5330a5d814361b7d59be719
50871f2f0dd600cc9f3ab10fe913f6dae3c7ec74
77389a008c6eb7151248708cad54c2b485b4067b5263ff89b342d6c89f63278d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "77389A008C6EB7151248708CAD54C2B485B4067B5263FF89B342D6C89F63278D"
Last-Modified: Fri, 09 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7768
Expires: Sat, 10 Sep 2022 13:18:08 GMT
Date: Sat, 10 Sep 2022 11:08:40 GMT
Connection: keep-alive
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://send.cm/
Content-Type: text/plain;charset=UTF-8
Origin: https://send.cm
Content-Length: 1547
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 10 Sep 2022 11:08:51 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://send.cm
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4ab4266788d64f4bfdc9f1efb429c49a
3533a113e8560a9dc1bb01888a538cf405f86069
17549e4f8b4c5885030c9fa965bcf2d8ea33440e96819ae80f58dea13735a57f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "17549E4F8B4C5885030C9FA965BCF2D8EA33440E96819AE80F58DEA13735A57F"
Last-Modified: Fri, 09 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7681
Expires: Sat, 10 Sep 2022 13:16:41 GMT
Date: Sat, 10 Sep 2022 11:08:40 GMT
Connection: keep-alive
pectthatmye.shop/utx?cb=sOfE9R6ZrDEk&top=send.cm&tid=903813
54.230.111.36204 No Content 0 B URL HTTP/2 pectthatmye.shop/utx?cb=sOfE9R6ZrDEk&top=send.cm&tid=903813
IP 54.230.111.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=sOfE9R6ZrDEk&top=send.cm&tid=903813 HTTP/1.1
Host: pectthatmye.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 10 Sep 2022 11:08:40 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://send.cm
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 10 Sep 2022 11:09:40 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4LPEw1MuHesu26xb4NTrF-7hUWYHAAAglPFSLOyw66zI3RJsRwCsfg==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7ab7f12c93ee7981d243caafe3be285b
83d9dad02b7311396d908e9464973b12fc38cb12
11d3a98a6a261c8cf6dc279aa7775b7987756fd5bee4169be6e0ef8bd72779c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "11D3A98A6A261C8CF6DC279AA7775B7987756FD5BEE4169BE6E0EF8BD72779C6"
Last-Modified: Thu, 08 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7421
Expires: Sat, 10 Sep 2022 13:12:21 GMT
Date: Sat, 10 Sep 2022 11:08:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7ab7f12c93ee7981d243caafe3be285b
83d9dad02b7311396d908e9464973b12fc38cb12
11d3a98a6a261c8cf6dc279aa7775b7987756fd5bee4169be6e0ef8bd72779c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "11D3A98A6A261C8CF6DC279AA7775B7987756FD5BEE4169BE6E0EF8BD72779C6"
Last-Modified: Thu, 08 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7421
Expires: Sat, 10 Sep 2022 13:12:21 GMT
Date: Sat, 10 Sep 2022 11:08:40 GMT
Connection: keep-alive
pectthatmye.shop/RXZBaVAkFCIEbyRLI08lNxp8TGIDU3MvNHZHMQFoIxA1C2Q3RTlHMykZNA02NxkvHX4rEzVMYgMOEz4oLiMEGj0EAS5bNAEzBygXdA8lP2kmLxkBOgceIkxiAzwVPwIHRAQQESIeGSE6Ih4LPBkuOxIvAhM+GAcaBD8FCwd1EQAONDETLCQeBDILWzMQGRAgExQDFDg7KT87HhEEHxBQGyIGAiMDNUIAOCM0PygCEQcuF1wRdBoKMBdwRRksJyoTLzsaEw4LHDR0AQgmAxABBywWLBM7WAUQEXhQMxAaGSw9cEUZKwkoFC8wJB0hGwU0ECADMD42HwI4fSZBCy4SID8sI2chMDk8CR0CcToGHxENOicgNxUwOxUjLT4WKzw7ODwXRBEHOCFQKxo/KwZ8CmE8MSVaHjYSCA
54.230.111.36200 OK 1.2 kB URL HTTP/2 pectthatmye.shop/RXZBaVAkFCIEbyRLI08lNxp8TGIDU3MvNHZHMQFoIxA1C2Q3RTlHMykZNA02NxkvHX4rEzVMYgMOEz4oLiMEGj0EAS5bNAEzBygXdA8lP2kmLxkBOgceIkxiAzwVPwIHRAQQESIeGSE6Ih4LPBkuOxIvAhM+GAcaBD8FCwd1EQAONDETLCQeBDILWzMQGRAgExQDFDg7KT87HhEEHxBQGyIGAiMDNUIAOCM0PygCEQcuF1wRdBoKMBdwRRksJyoTLzsaEw4LHDR0AQgmAxABBywWLBM7WAUQEXhQMxAaGSw9cEUZKwkoFC8wJB0hGwU0ECADMD42HwI4fSZBCy4SID8sI2chMDk8CR0CcToGHxENOicgNxUwOxUjLT4WKzw7ODwXRBEHOCFQKxo/KwZ8CmE8MSVaHjYSCA
IP 54.230.111.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3013), with no line terminators
Hash cf9b40285627ee8dec8da96c4a51592c
603f69d9b3e8751b7ae3b5db06b879ee0e308de3
a8e1eb10ca7bad2d270910319df506948c84c7a41e717d2ec84cf7398d40cccf
GET /RXZBaVAkFCIEbyRLI08lNxp8TGIDU3MvNHZHMQFoIxA1C2Q3RTlHMykZNA02NxkvHX4rEzVMYgMOEz4oLiMEGj0EAS5bNAEzBygXdA8lP2kmLxkBOgceIkxiAzwVPwIHRAQQESIeGSE6Ih4LPBkuOxIvAhM+GAcaBD8FCwd1EQAONDETLCQeBDILWzMQGRAgExQDFDg7KT87HhEEHxBQGyIGAiMDNUIAOCM0PygCEQcuF1wRdBoKMBdwRRksJyoTLzsaEw4LHDR0AQgmAxABBywWLBM7WAUQEXhQMxAaGSw9cEUZKwkoFC8wJB0hGwU0ECADMD42HwI4fSZBCy4SID8sI2chMDk8CR0CcToGHxENOicgNxUwOxUjLT4WKzw7ODwXRBEHOCFQKxo/KwZ8CmE8MSVaHjYSCA HTTP/1.1
Host: pectthatmye.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1169
date: Sat, 10 Sep 2022 11:08:40 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: --p6RMAM_Ixv-EVpa7jknsVM_oD3wHeiwU1k9orQX60izNaXxJzoww==
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 180750f63aa7b3ca11be257a1837e7a4
2bdea9b6f133b088143fd6fdcd5eccb4c29a1e53
1c44497894377a85da8493a8da6b8ec59f02ebf9408c0b2a6d6e72b5d7637519
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 10 Sep 2022 11:08:40 GMT
Last-Modified: Sat, 10 Sep 2022 10:05:30 GMT
Server: ECS (nyb/1D0F)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Xn5fmoO8Qox7iTS_H_3tGyJ1u470YQ4OPMAL7b0BuXf0nmkD9yjovA==
Age: 3790
simplewebanalysis.com/stats
52.59.153.168200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.59.153.168:0
File type ASCII text, with no line terminators
Hash f519cdd83a92bbc0121c093ff1d1ddb0
d44928b1317208ea8959aa22cd46378dd396df15
6bf4c5fa2280ac34d2f6bc03e2167687e426c295376fdbed329285dd6de77123
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:40 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://send.cm
access-control-allow-credentials: true
set-cookie: uid_id2=26c0e2ab-ac7e-41bf-9705-c752d6ac3cfa:2:1; expires=Tue, 07 Sep 2032 11:08:40 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
pymondardin.xyz/a0U1RE1EelY3cDl1e3AsPxMQdgsOdVkVDyMPAxULGAhRKj0kElIBax8sUXl0W3YNdX5NNVwgcFpjRjAsHzBGeXxNLFsiIlZjQ3l8RXYBan9TawRiOFZ0EzA9CiIIdWsbMUEocFpzA3Z1W30EdX1ZcwU
104.21.45.130204 No Content 119 B URL HTTP/2 pymondardin.xyz/a0U1RE1EelY3cDl1e3AsPxMQdgsOdVkVDyMPAxULGAhRKj0kElIBax8sUXl0W3YNdX5NNVwgcFpjRjAsHzBGeXxNLFsiIlZjQ3l8RXYBan9TawRiOFZ0EzA9CiIIdWsbMUEocFpzA3Z1W30EdX1ZcwU
IP 104.21.45.130:0
Hash 1053d2fdebd18c1339cec210c34184a0
e2cbb443480230b8088f130e5a6c5c4e8192fd85
2c29904d404064b79d7121980181335579b3bd8373f456df9c12779dc94d8df1
GET /a0U1RE1EelY3cDl1e3AsPxMQdgsOdVkVDyMPAxULGAhRKj0kElIBax8sUXl0W3YNdX5NNVwgcFpjRjAsHzBGeXxNLFsiIlZjQ3l8RXYBan9TawRiOFZ0EzA9CiIIdWsbMUEocFpzA3Z1W30EdX1ZcwU HTTP/1.1
Host: pymondardin.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 10 Sep 2022 11:08:40 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5JDDovT35%2FAQU2s3XjuEt%2BjefUwixhzyeXB7q0vgNu4pvy4D57wSFlxA3kNn8dvn0kmBFcC2dRLxaDcD5VmbEeZGyoWue%2FWFLbpgEEUWhmhNtnlCy%2B1aBqz78S9mFxbquA4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7487b4fe3d181c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 180750f63aa7b3ca11be257a1837e7a4
2bdea9b6f133b088143fd6fdcd5eccb4c29a1e53
1c44497894377a85da8493a8da6b8ec59f02ebf9408c0b2a6d6e72b5d7637519
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 10 Sep 2022 11:08:40 GMT
Last-Modified: Sat, 10 Sep 2022 10:07:00 GMT
Server: ECS (nyb/1D31)
X-Cache: Miss from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: O9v_i4O9IBdCuA5nJPxMaQIc855bgt7L4UmT54rbnmQCCYCDVaseSA==
Age: 3700
thaudray.com/tag.min.js
139.45.197.237200 OK 23 kB IP 139.45.197.237:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 6ab05fcba561130fa8b1e1804849562c
4e3a0f1ae58bdaa2e439f99fb0b295ea9b2439d0
befd4129d45f26ce3155b5aab8248420d5863dc69ec8207f1e0691ca62d9d469
Analyzer Verdict Alert fortinet Malware
GET /tag.min.js HTTP/1.1
Host: thaudray.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 11:08:40 GMT
content-type: text/javascript; charset=utf-8
content-length: 22987
content-encoding: br
x-trace-id: 55af1c0cb440aed0debf33f1d45467b3
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Thu, 08 Sep 2022 14:31:14 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1035ca30d5330a5d814361b7d59be719
50871f2f0dd600cc9f3ab10fe913f6dae3c7ec74
77389a008c6eb7151248708cad54c2b485b4067b5263ff89b342d6c89f63278d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "77389A008C6EB7151248708CAD54C2B485B4067B5263FF89B342D6C89F63278D"
Last-Modified: Fri, 09 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7768
Expires: Sat, 10 Sep 2022 13:18:08 GMT
Date: Sat, 10 Sep 2022 11:08:40 GMT
Connection: keep-alive
glizauvo.net/500/4856335?excludes=&oaid=baaf9e350510498b98e2aeae63dbc943&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fsend.cm%2Fct7nwa8jmkdx%2FGRAPHPAD_PRISM_V9.4.1-XFORCE.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.236200 OK 0 B URL HTTP/2 glizauvo.net/500/4856335?excludes=&oaid=baaf9e350510498b98e2aeae63dbc943&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fsend.cm%2Fct7nwa8jmkdx%2FGRAPHPAD_PRISM_V9.4.1-XFORCE.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/4856335?excludes=&oaid=baaf9e350510498b98e2aeae63dbc943&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fsend.cm%2Fct7nwa8jmkdx%2FGRAPHPAD_PRISM_V9.4.1-XFORCE.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: glizauvo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://send.cm/
Origin: https://send.cm
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 11:08:40 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://send.cm
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.59.153.168200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.59.153.168:0
File type ASCII text, with no line terminators
Hash c01d428fdbaec77770bbd602943fb9b6
85e97d5ae5dec4944639ee8f1040d8e8bab14d81
3ed8e5f01c39c257e11c4aa1d85cd23c52b9c2aa72e9f6a30b03b3e313fe6803
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:40 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://send.cm
access-control-allow-credentials: true
set-cookie: uid_id2=397da8e7-902f-4507-a406-5de3619a5bae:1:1; expires=Tue, 07 Sep 2032 11:08:40 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 97e5566c275b9fe27464690811145846
fa8973c8004db59d9a8fd46e9743fb6c9a8d3efd
e77cd1a4510c736e628aa10719f7694d7c7fef15adf1a449d800f90cde76fb88
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 11:08:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 485397c66e82076e87f9e7d4d79e385e
54781cc6e37457730287a0584975b5ebe2e65120
414e95b8a0e26ea9b880655cf169e18deb6d9ed6ad4d18e92adc0e823bf1b10d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3392
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 11:08:40 GMT
Last-Modified: Sat, 10 Sep 2022 10:12:08 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4cc4218e586f6bff1e9cbca4bf8c6209
5ec1fa5620128855dc4e726f9def56ffa1828f96
2fdcdee1f9aec4d22528d984312b40199c757c169c8d1368ee5f9792ae739357
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 11:08:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4cc4218e586f6bff1e9cbca4bf8c6209
5ec1fa5620128855dc4e726f9def56ffa1828f96
2fdcdee1f9aec4d22528d984312b40199c757c169c8d1368ee5f9792ae739357
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 11:08:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securepubads.g.doubleclick.net/tag/js/gpt.js
142.250.74.66200 OK 29 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 142.250.74.66:0
File type ASCII text, with very long lines (45064)
Hash 78fe8f1150881feabfab31290bd65805
40134aa20d2ece7c43f20be1fb34dc9663d9bc6f
6344416ba5ba1cd18ce272b41c66c7a431c3fba0f125eb048f99a728f1e0b126
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 28684
date: Sat, 10 Sep 2022 11:08:40 GMT
expires: Sat, 10 Sep 2022 11:08:40 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1329 / 952 of 1000 / last-modified: 1662761167"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
glizauvo.net/500/4856335?excludes=&oaid=baaf9e350510498b98e2aeae63dbc943&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fsend.cm%2Fct7nwa8jmkdx%2FGRAPHPAD_PRISM_V9.4.1-XFORCE.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.236200 OK 1.5 kB URL HTTP/2 glizauvo.net/500/4856335?excludes=&oaid=baaf9e350510498b98e2aeae63dbc943&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fsend.cm%2Fct7nwa8jmkdx%2FGRAPHPAD_PRISM_V9.4.1-XFORCE.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.236:0
File type JSON data\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1411)
Hash bbab92ae6c187d02589951918a5aa805
92f4836eba129874a37d28c75f4de17471e0f1d0
cf1c3704a8fa7b89e44e9287f4a0cf05883f253d052a23851bdc543dfbc42007
Analyzer Verdict Alert quad9 Sinkholed
GET /500/4856335?excludes=&oaid=baaf9e350510498b98e2aeae63dbc943&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fsend.cm%2Fct7nwa8jmkdx%2FGRAPHPAD_PRISM_V9.4.1-XFORCE.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: glizauvo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Cookie: OAID=13a503aa986945308324f6d6d0fd1cab
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 11:08:40 GMT
content-type: application/javascript
x-trace-id: 7cebede365da5d0ffad81edc91dcc127
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://send.cm
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=baaf9e350510498b98e2aeae63dbc943; expires=Sun, 10 Sep 2023 11:08:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 97e5566c275b9fe27464690811145846
fa8973c8004db59d9a8fd46e9743fb6c9a8d3efd
e77cd1a4510c736e628aa10719f7694d7c7fef15adf1a449d800f90cde76fb88
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 11:08:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 400 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 0408dc529e076d3d90860f37f97dd070
ef7939783caaa9abf896937b8d2d27834a8b5406
39198e8de3bfd8e6ea0bb7f64628b4e07f3899ebb6658061435e733d75304643
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 10 Sep 2022 11:08:40 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-854620768%3A1662808120473565&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWr9n1O90FuKpFurVzEeFVO5eb_c7MTzg-kctqPZC9bc7easwPZpotac2kKsT57Qin7HwBxU1Q
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-F_mfqqnSf0jbFn5rG6G1iw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 400
server: GSE
set-cookie: __Host-GAPS=1:SW2J9A4aJGVFJP5_a9P3-tFrmuJkAg:LlI_n4fh4dU0Z9iT;Path=/;Expires=Mon, 09-Sep-2024 11:08:40 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 90af7f9fc306540e02535db3d00dca64
9e05b003b35ed57277b6b295adde93add7c41b0b
64abd990305ef3f25ffb3fb2ccae04b76e178375752ecb2020411df8f7974fcf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 11:08:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 10 kB IP 93.184.220.29:0
Hash 59acdb1c07cec9cf9fc9bf503aee985d
194cbbaa40a796b4a7ab66938483be738350cd61
8e3d6be3e21ce5e9fbb3704aaed311c61093a95ac4a6a5dafefdc002a91f3f26
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2758
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 11:08:40 GMT
Last-Modified: Sat, 10 Sep 2022 10:22:42 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
offerimage.com/www/images/3d08aacb36c7474e0d13b60f8f4adc14.png
172.67.22.216200 OK 66 kB URL HTTP/2 offerimage.com/www/images/3d08aacb36c7474e0d13b60f8f4adc14.png
IP 172.67.22.216:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 3d08aacb36c7474e0d13b60f8f4adc14
e4af2de372b5e3a2211579a5973ef7ed160e7be4
54b0569cf052e12dd373e86031009d0a54a893275a21c2ef863277a9a978ab1c
GET /www/images/3d08aacb36c7474e0d13b60f8f4adc14.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:40 GMT
content-type: image/png
content-length: 66121
last-modified: Thu, 03 Jun 2021 06:45:06 GMT
etag: "60b87a72-10249"
expires: Sat, 10 Sep 2022 12:48:55 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 80384
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7487b5016e791c0e-OSL
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.200.35200 OK 29 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.200.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (30177)
Hash f668d1150ca996ca051071e42db97bf0
0c172b40650e6ea5016536238d857a248a61f225
5b81318998bdbf369372d3a9ce309d12750dd52f2b261e7bab48051e624b023e
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: wQr/6vQrQfnLomDxDvcJHf0oaA7ilceRZvZJ0Fe5FkfgabN3rBLEwHIaywsLbRJz+8Y69WK5USEWAPovXeXQ6w==
date: Sat, 10 Sep 2022 11:08:40 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pl15995674.profitablegatetocontent.com/9c/ed/24/9ced2453f41586bc39632e754938332a.json
192.243.59.13200 OK 409 B URL HTTP/1.1 pl15995674.profitablegatetocontent.com/9c/ed/24/9ced2453f41586bc39632e754938332a.json
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (409), with no line terminators
Hash d300cc417ae91eaca1dcdf3446964838
039f934ea64f85cda3f89cc28a4aba4494d7efff
5a712978cbca3c66e6439d5c0db5fdbbc6a83223266a849f84b2c02f188f6fa5
Analyzer Verdict Alert quad9 Sinkholed
GET /9c/ed/24/9ced2453f41586bc39632e754938332a.json HTTP/1.1
Host: pl15995674.profitablegatetocontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 10 Sep 2022 11:08:40 GMT
Content-Type: application/json
Content-Length: 409
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6a7dd668e14ea54011713ce2122f3637
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cb260f695580f58c6e36d3b8079c85cd
2f38fcf0b1ce3460a59fa60f3d458f71397db491
512582d966d42131bc95e57e129eb31306f3d198f9bce10ccd46e34fd9afb88b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "512582D966D42131BC95E57E129EB31306F3D198F9BCE10CCD46E34FD9AFB88B"
Last-Modified: Wed, 07 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7664
Expires: Sat, 10 Sep 2022 13:16:24 GMT
Date: Sat, 10 Sep 2022 11:08:40 GMT
Connection: keep-alive
d31ph8fftb4r3x.cloudfront.net/xRWxkUEsmAwo2dDEFAG1ydV9cYXhjBhc/JTVRB2EyAghXHjghJUIkMSFRVHYnJAIDbW0gAgdtemMNADJ2cUoQICQuUQklIzwAAiQ9KgpCJSp4AQsqIikABXV5A1lKYG53XEwoenRJVxJud1wIOSUwFEFiez1UUg99cUlXEm53XBYmbnYtXWZldUVBYnsiCQ-c7JGBeImJ7dFxUYXt0SVZgLSweATYkPUlWFnJzQlR2Pnhd
54.230.245.31200 OK 492 B URL HTTP/2 d31ph8fftb4r3x.cloudfront.net/xRWxkUEsmAwo2dDEFAG1ydV9cYXhjBhc/JTVRB2EyAghXHjghJUIkMSFRVHYnJAIDbW0gAgdtemMNADJ2cUoQICQuUQklIzwAAiQ9KgpCJSp4AQsqIikABXV5A1lKYG53XEwoenRJVxJud1wIOSUwFEFiez1UUg99cUlXEm53XBYmbnYtXWZldUVBYnsiCQ-c7JGBeImJ7dFxUYXt0SVZgLSweATYkPUlWFnJzQlR2Pnhd
IP 54.230.245.31:0
File type ASCII text, with very long lines (674), with no line terminators
Hash 4db6771b215c1724363de6795398b7bf
eac723ec62f1f7e23178b51dc6176eb3bb50aa0e
f1a51c3c012d5de3d3fc9ad64f455b602db791ee8efbd16843d81927cf719c05
GET /xRWxkUEsmAwo2dDEFAG1ydV9cYXhjBhc/JTVRB2EyAghXHjghJUIkMSFRVHYnJAIDbW0gAgdtemMNADJ2cUoQICQuUQklIzwAAiQ9KgpCJSp4AQsqIikABXV5A1lKYG53XEwoenRJVxJud1wIOSUwFEFiez1UUg99cUlXEm53XBYmbnYtXWZldUVBYnsiCQ-c7JGBeImJ7dFxUYXt0SVZgLSweATYkPUlWFnJzQlR2Pnhd HTTP/1.1
Host: d31ph8fftb4r3x.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pectthatmye.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 492
date: Sat, 10 Sep 2022 11:08:40 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FIZmfnWUs8C_lTn4qFueaG1cBTZb_BGR8gHqmUjYmAcBSLmlJTnd5A==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cb260f695580f58c6e36d3b8079c85cd
2f38fcf0b1ce3460a59fa60f3d458f71397db491
512582d966d42131bc95e57e129eb31306f3d198f9bce10ccd46e34fd9afb88b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "512582D966D42131BC95E57E129EB31306F3D198F9BCE10CCD46E34FD9AFB88B"
Last-Modified: Wed, 07 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7664
Expires: Sat, 10 Sep 2022 13:16:24 GMT
Date: Sat, 10 Sep 2022 11:08:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3076
Expires: Sat, 10 Sep 2022 11:59:56 GMT
Date: Sat, 10 Sep 2022 11:08:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3076
Expires: Sat, 10 Sep 2022 11:59:56 GMT
Date: Sat, 10 Sep 2022 11:08:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3076
Expires: Sat, 10 Sep 2022 11:59:56 GMT
Date: Sat, 10 Sep 2022 11:08:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3076
Expires: Sat, 10 Sep 2022 11:59:56 GMT
Date: Sat, 10 Sep 2022 11:08:40 GMT
Connection: keep-alive
www.cloudflare.com/cdn-cgi/trace?format=json
104.16.124.96200 OK 8.9 kB URL HTTP/2 www.cloudflare.com/cdn-cgi/trace?format=json
IP 104.16.124.96:0
Hash 6e6d776a159ace126f313c0df767954b
6cc45630dfaee9e1f09f6e4dee5f064044f3d038
e0ed08e25058bf2b5f7745ce2a1c998595c03ca4b2962b7308fc89fa179a3ad7
GET /cdn-cgi/trace?format=json HTTP/1.1
Host: www.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:39 GMT
content-type: text/plain
access-control-allow-origin: *
server: cloudflare
cf-ray: 7487b4fa191b0b31-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bedecf7-d9af-4aa7-88b0-94b2a33f9e1a.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bedecf7-d9af-4aa7-88b0-94b2a33f9e1a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ade70e6dbcfb3ca1765f95112671e69
3768753be084c0e0fc268be5b192d02d769114b6
9670a3bf2476ba193cfeb3153c1254bdcfc980a28503dda0d9b398a3a59f53f4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bedecf7-d9af-4aa7-88b0-94b2a33f9e1a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9766
x-amzn-requestid: 720a4111-91de-4672-88c8-f40db517c07d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YHsjRE13oAMFbCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63195ae1-288f1f5456bf4d146dcf774c;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 03:00:49 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: CjZw9xgHd4_7KvhiiZEIBivRgoQeh1BYxEc_bOBbTvWoqHgTPq0sSA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 d2575afea3774df33dcf5e5ff475025e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 05:37:01 GMT
age: 19899
etag: "3768753be084c0e0fc268be5b192d02d769114b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
104.21.234.254200 OK 30 kB URL HTTP/2 addresseepaper.com/sfp.js
IP 104.21.234.254:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 881127b20ab4046405a1438e583ecc1a
7a9fc9dd0ac22498b0279f01084cb6086ecf5798
0808fadb7ec5a2fa423eb15a3d22147850617e7597bdf070b23e413f28968766
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:40 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 3347f237b03ef1029fc18787d92c5aef
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 10 Sep 2022 11:08:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9%2F68NAsQf4Jsj3%2BllIzD%2BzIFPvheYOCpGR9BwHzC1E9WI0v0YhlE89hl88PTEruM%2FJpW3kPMWjU6Sw5YDX7QrIJaQ2Oro%2F2Eq69phf85OkIO8zB5HQAGVPK2JMrLKxGGdgCkjlQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7487b502af9e888f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
secureads.increaserev.com/InvalidAds/getcookietime.php?domain=send.cm
104.26.0.126200 OK 8.4 kB URL HTTP/2 secureads.increaserev.com/InvalidAds/getcookietime.php?domain=send.cm
IP 104.26.0.126:0
File type JSON data\012- , ASCII text, with very long lines (366), with no line terminators
Hash 38d644e462cd18dae5a8bb46da9fc68b
3f3dcdec0e3bcc9e59fda37e7cc442a88dba4591
5578fed7fedd79e63117bad2bc4d4e9feadc4e20ca35c0bd650512e666ab43db
GET /InvalidAds/getcookietime.php?domain=send.cm HTTP/1.1
Host: secureads.increaserev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:39 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-security-policy: upgrade-insecure-requests;
access-control-allow-origin: *
x-varnish: 616695773 603887153
age: 1
x-cache: HIT
x-cache-hits: 7
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9R5NbOEvfm80if7Xql5VcE9NJRwABhEzEH%2F9YjodKmJQdrz%2F4ltdY5YXt4ujXQ9il0N09XYyis4s3mbnOJ11lv8oJMT0WGAKJL1xgvUpBZ6MMSEnoYU0aI7IX%2FsdgNqc0wI%2BxyAsfsNhhjA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7487b4fa1b45b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c7c5434-1873-4130-a7ce-78209ce54bf0.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c7c5434-1873-4130-a7ce-78209ce54bf0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 15249f3dafdd1690bc87ebb4fa6d518d
f930fcb22325e28592bc39b0b1974f5197c19afd
a0b9e88c78e85a037363e0b0e4e03478718f8715fe69e72bfd159922eca28301
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c7c5434-1873-4130-a7ce-78209ce54bf0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10950
x-amzn-requestid: 435fc2f4-fbcb-4eec-81d8-a23154dcec61
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YFUwZEfvIAMFjCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63186802-2348a4000430702d4e9ea132;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 09:44:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ORlM8dFTc_iThvJghFakY86D3ToJ5TCmP8Ip2PcvXCCkSKKHpWQ0Zw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 22:13:18 GMT
age: 46522
etag: "f930fcb22325e28592bc39b0b1974f5197c19afd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
creepingbrings.com/sfp.js
104.21.234.233200 OK 32 kB URL HTTP/2 creepingbrings.com/sfp.js
IP 104.21.234.233:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 9a7d8c5fa3769aebe358f6a31e8e0fcf
8f3f64f7e3a54eb3461523a6858cc345d2693957
b106382e8cad9b1682ce68f0227979de63be01804f2fc4cf9ed6c6e2216ef397
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:40 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: a6a488243ab38285286a34497475536c
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 10 Sep 2022 11:08:39 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FPdZsILUA4xzVFz0%2BX6rtIPvVmhRi%2BRuxCXfxpGCji3YRLXDUD9zWl4Xn5BGcfMUnnCo1pOgi9rETEfYdzW2uzf5ILxj%2F5%2BzycHYQc8jZA90%2BRr%2FDFl4sbeMs0WYdM5OljU%2BT1g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7487b4fded6088a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3ee1f861bc3271c7648d939f3dab2111
b419129bb6596e6954d867eedccff208eaf4a70c
b7ab0757be22eff55a38052ae741fc087ad317a904393010e7a529493b4317e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B7AB0757BE22EFF55A38052AE741FC087AD317A904393010E7A529493B4317E4"
Last-Modified: Fri, 09 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8256
Expires: Sat, 10 Sep 2022 13:26:16 GMT
Date: Sat, 10 Sep 2022 11:08:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 389c0d6068ca833cf36712da13002203
64fc73a020e4dc4c63181e9661920f0f5b0c85fb
cfda4df8127ad2da88538abc7c23c4cc6a82d2e3cc9dbd4d976689d5fc83f4cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFDA4DF8127AD2DA88538ABC7C23C4CC6A82D2E3CC9DBD4D976689D5FC83F4CB"
Last-Modified: Thu, 08 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10353
Expires: Sat, 10 Sep 2022 14:01:14 GMT
Date: Sat, 10 Sep 2022 11:08:41 GMT
Connection: keep-alive
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Sat, 10 Sep 2022 10:41:12 GMT
expires: Sat, 10 Sep 2022 12:41:12 GMT
cache-control: public, max-age=7200
age: 1649
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
perryvolleyball.com/sbar.json?key=d20bd9cc9099994d29386eab93410fd0&uuid=26c0e2ab-ac7e-41bf-9705-c752d6ac3cfa%3A2%3A1
192.243.59.20200 OK 4.0 kB URL HTTP/1.1 perryvolleyball.com/sbar.json?key=d20bd9cc9099994d29386eab93410fd0&uuid=26c0e2ab-ac7e-41bf-9705-c752d6ac3cfa%3A2%3A1
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5647), with no line terminators
Hash 50501a5d5265e0856cce22e50047bed3
9a57c39d070df19a68733dbaaca7292625c143ea
c0e90df46c9f97ae457484aa5a86498dfaef378363fb5340942a4461e3d9b0d0
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=d20bd9cc9099994d29386eab93410fd0&uuid=26c0e2ab-ac7e-41bf-9705-c752d6ac3cfa%3A2%3A1 HTTP/1.1
Host: perryvolleyball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 10 Sep 2022 11:08:41 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://send.cm
Access-Control-Allow-Origin: https://send.cm
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17041607; expires=Sun, 11 Sep 2022 11:08:41 GMT; secure; SameSite=None
uid_id2=26c0e2ab-ac7e-41bf-9705-c752d6ac3cfa:2:1; expires=Sat, 17 Sep 2022 11:08:41 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 11 Sep 2022 11:08:41 GMT; secure; SameSite=None
uncs=1; expires=Sun, 11 Sep 2022 11:08:41 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 11 Sep 2022 11:08:41 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 11 Sep 2022 11:08:41 GMT; secure; SameSite=None
slecd20bd9cc9099994d29386eab93410fd0=[3364903]; expires=Sat, 10 Sep 2022 11:08:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cbc540133a0f2578bbe770e2b86529c4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
dismantlepenantiterrorist.com/pxf.gif?uuid=397da8e7-902f-4507-a406-5de3619a5bae&eb=571189e4c7fd56c848e0c687526c64f1&te=94d4becc704af97ad9b7161ef0f8c2eb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=9ced2453f41586bc39632e754938332a&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
192.243.61.225200 OK 1 B URL HTTP/1.1 dismantlepenantiterrorist.com/pxf.gif?uuid=397da8e7-902f-4507-a406-5de3619a5bae&eb=571189e4c7fd56c848e0c687526c64f1&te=94d4becc704af97ad9b7161ef0f8c2eb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=9ced2453f41586bc39632e754938332a&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=397da8e7-902f-4507-a406-5de3619a5bae&eb=571189e4c7fd56c848e0c687526c64f1&te=94d4becc704af97ad9b7161ef0f8c2eb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=9ced2453f41586bc39632e754938332a&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: dismantlepenantiterrorist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 10 Sep 2022 11:08:41 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fe54768680a570c2212fb131e82011e3
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 478 B IP 142.250.74.3:0
Hash 58c5f2f8ddffcf3c23a7970baf309053
0b26645b35d5bf81630f2b6b2c0b71178e7900c9
ed43f74d7659a4c17043b1b2061163a976db7e5c3947ce1b62957bb02e1d019a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 11:08:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 18d9c80e93810b52880aab445613e4b7
ca08ea7190fac815eae23eb6022d7f524694a518
6ed2db33b116fbb84b14f8509886515c5b9d8277437c8ac00b5735712f7f662f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 11:08:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=send.cm
216.58.211.2200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=send.cm
IP 216.58.211.2:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=send.cm HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 10 Sep 2022 11:08:41 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=send.cm
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=send.cm
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=send.cm HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 10 Sep 2022 11:08:41 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dismantlepenantiterrorist.com/pxf.gif?uuid=397da8e7-902f-4507-a406-5de3619a5bae&eb=571189e4c7fd56c848e0c687526c64f1&te=94d4becc704af97ad9b7161ef0f8c2eb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=d20bd9cc9099994d29386eab93410fd0&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
192.243.61.225200 OK 1 B URL HTTP/1.1 dismantlepenantiterrorist.com/pxf.gif?uuid=397da8e7-902f-4507-a406-5de3619a5bae&eb=571189e4c7fd56c848e0c687526c64f1&te=94d4becc704af97ad9b7161ef0f8c2eb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=d20bd9cc9099994d29386eab93410fd0&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=397da8e7-902f-4507-a406-5de3619a5bae&eb=571189e4c7fd56c848e0c687526c64f1&te=94d4becc704af97ad9b7161ef0f8c2eb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=d20bd9cc9099994d29386eab93410fd0&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: dismantlepenantiterrorist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 10 Sep 2022 11:08:41 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a2c7c847c20555dc31c681c904ea7b10
Strict-Transport-Security: max-age=0; includeSubdomains
perryvolleyball.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSMWwcRRSdTVxEgiYoFCBAVyABEj7v7p33bkkRYYyRhRNHCYh0MDszdx48u7Oa2bk9u7KIiFIeBRLl%2Bp0dKxAhkGiJ0DmSC0tIPioXuKZFSKko0F0sDn7z39v3irfvz71dd0Z8OHq6fF1vS6XowmLdr715Jwiu1tZk5vq1fjv6NGperZneO3FU99%2BqfSDYpl4I%2FcD3Az%2BorUgjOrq%2FMBEh80dxUI%2F9ejOsB4tN9M3%2FuXUeLPXAe2fkBUg%2BnnviXYFkI2TpD8vCbhY6f%2Fv91ClaaIMeP%2Fg428x0mSGdwY7x0MkOzt3Q9mTlMXS2P40L3fvXmMgx8Y4eI8kOzkMi6e1NcyYKIkPCn0PZG0GoESQdgem7kPyEAIzjxjqy9MENbUq69UylE3VM5p7%2BBVmOydzvV5Cl3y8p2a%2Fd1soVUmcW%2FU4F2R9BdkfI3SGK7QuQ5SFY8QUk%2F5UsPF1Dlu6tW6Uh%2BenrYcR8EdJknrKWmG8GSWc%2BbvmL86y1GPKIsgbr0GlBUo4gOyMoMQC1F%2BCsByc9uI4Hl3tI%2BWmNBUHQ8jmjfjtmrMFbIom4H9BWJ6CBH7Xh2OQfBijyAZgagJkd5GYHm3IA436B3ahguQdbEPR4hVIQlJagpASlJCgLgrJX7XNlQ1s94Mq6JDjf4fluVENddHfpvi66IiO7%2BRm5PCnOm7t0hE1xWuOhn%2FCYsdiP4zhu8jButCNBk7jRDPwO92FlBWkvgFoP23JMXvzja%2BTy5PlvkNBDWHUIJi%2BDuldBy2Er9EE3hs22j%2B3swIqM11kKrivkxRyKLW9XnZGXppdr3HkDgh1f%2Byy5Pv7z4d9gpkJuKnwunxB01f3hLV2SvVu6tOTH9byQqdymk6veLmghLn77odgqteGry3bw8F02ESbw0UfCFms04zLrWvLdkuRcmBVtmCA%2Fr9pPRHLT2Y0lZzKXr918b2U1zY2wVupsBCrHhBwdg8kxufTT%2FvTBvvzlPUgzgnEVUndMzgdSH4LlO7D5LL%2FVF2HUzJPkHkpXDU2YzD4qSaDEjNOkgv0PT2Z4195H17wGWtxFllbomQo9VYGqAay7OCxyc3ztt8Z0kChvmCjj7SXKqK%2BelWvlaa3VaPg0iheDVouKVtIM250o4JSGzSiMItpAYcfslTz%2BBwAA%2F%2F8BAAD%2F%2F2jglRV7BAAA
192.243.59.20200 OK 7 B URL HTTP/1.1 perryvolleyball.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSMWwcRRSdTVxEgiYoFCBAVyABEj7v7p33bkkRYYyRhRNHCYh0MDszdx48u7Oa2bk9u7KIiFIeBRLl%2Bp0dKxAhkGiJ0DmSC0tIPioXuKZFSKko0F0sDn7z39v3irfvz71dd0Z8OHq6fF1vS6XowmLdr715Jwiu1tZk5vq1fjv6NGperZneO3FU99%2BqfSDYpl4I%2FcD3Az%2BorUgjOrq%2FMBEh80dxUI%2F9ejOsB4tN9M3%2FuXUeLPXAe2fkBUg%2BnnviXYFkI2TpD8vCbhY6f%2Fv91ClaaIMeP%2Fg428x0mSGdwY7x0MkOzt3Q9mTlMXS2P40L3fvXmMgx8Y4eI8kOzkMi6e1NcyYKIkPCn0PZG0GoESQdgem7kPyEAIzjxjqy9MENbUq69UylE3VM5p7%2BBVmOydzvV5Cl3y8p2a%2Fd1soVUmcW%2FU4F2R9BdkfI3SGK7QuQ5SFY8QUk%2F5UsPF1Dlu6tW6Uh%2BenrYcR8EdJknrKWmG8GSWc%2BbvmL86y1GPKIsgbr0GlBUo4gOyMoMQC1F%2BCsByc9uI4Hl3tI%2BWmNBUHQ8jmjfjtmrMFbIom4H9BWJ6CBH7Xh2OQfBijyAZgagJkd5GYHm3IA436B3ahguQdbEPR4hVIQlJagpASlJCgLgrJX7XNlQ1s94Mq6JDjf4fluVENddHfpvi66IiO7%2BRm5PCnOm7t0hE1xWuOhn%2FCYsdiP4zhu8jButCNBk7jRDPwO92FlBWkvgFoP23JMXvzja%2BTy5PlvkNBDWHUIJi%2BDuldBy2Er9EE3hs22j%2B3swIqM11kKrivkxRyKLW9XnZGXppdr3HkDgh1f%2Byy5Pv7z4d9gpkJuKnwunxB01f3hLV2SvVu6tOTH9byQqdymk6veLmghLn77odgqteGry3bw8F02ESbw0UfCFms04zLrWvLdkuRcmBVtmCA%2Fr9pPRHLT2Y0lZzKXr918b2U1zY2wVupsBCrHhBwdg8kxufTT%2FvTBvvzlPUgzgnEVUndMzgdSH4LlO7D5LL%2FVF2HUzJPkHkpXDU2YzD4qSaDEjNOkgv0PT2Z4195H17wGWtxFllbomQo9VYGqAay7OCxyc3ztt8Z0kChvmCjj7SXKqK%2BelWvlaa3VaPg0iheDVouKVtIM250o4JSGzSiMItpAYcfslTz%2BBwAA%2F%2F8BAAD%2F%2F2jglRV7BAAA
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSMWwcRRSdTVxEgiYoFCBAVyABEj7v7p33bkkRYYyRhRNHCYh0MDszdx48u7Oa2bk9u7KIiFIeBRLl%2Bp0dKxAhkGiJ0DmSC0tIPioXuKZFSKko0F0sDn7z39v3irfvz71dd0Z8OHq6fF1vS6XowmLdr715Jwiu1tZk5vq1fjv6NGperZneO3FU99%2BqfSDYpl4I%2FcD3Az%2BorUgjOrq%2FMBEh80dxUI%2F9ejOsB4tN9M3%2FuXUeLPXAe2fkBUg%2BnnviXYFkI2TpD8vCbhY6f%2Fv91ClaaIMeP%2Fg428x0mSGdwY7x0MkOzt3Q9mTlMXS2P40L3fvXmMgx8Y4eI8kOzkMi6e1NcyYKIkPCn0PZG0GoESQdgem7kPyEAIzjxjqy9MENbUq69UylE3VM5p7%2BBVmOydzvV5Cl3y8p2a%2Fd1soVUmcW%2FU4F2R9BdkfI3SGK7QuQ5SFY8QUk%2F5UsPF1Dlu6tW6Uh%2BenrYcR8EdJknrKWmG8GSWc%2BbvmL86y1GPKIsgbr0GlBUo4gOyMoMQC1F%2BCsByc9uI4Hl3tI%2BWmNBUHQ8jmjfjtmrMFbIom4H9BWJ6CBH7Xh2OQfBijyAZgagJkd5GYHm3IA436B3ahguQdbEPR4hVIQlJagpASlJCgLgrJX7XNlQ1s94Mq6JDjf4fluVENddHfpvi66IiO7%2BRm5PCnOm7t0hE1xWuOhn%2FCYsdiP4zhu8jButCNBk7jRDPwO92FlBWkvgFoP23JMXvzja%2BTy5PlvkNBDWHUIJi%2BDuldBy2Er9EE3hs22j%2B3swIqM11kKrivkxRyKLW9XnZGXppdr3HkDgh1f%2Byy5Pv7z4d9gpkJuKnwunxB01f3hLV2SvVu6tOTH9byQqdymk6veLmghLn77odgqteGry3bw8F02ESbw0UfCFms04zLrWvLdkuRcmBVtmCA%2Fr9pPRHLT2Y0lZzKXr918b2U1zY2wVupsBCrHhBwdg8kxufTT%2FvTBvvzlPUgzgnEVUndMzgdSH4LlO7D5LL%2FVF2HUzJPkHkpXDU2YzD4qSaDEjNOkgv0PT2Z4195H17wGWtxFllbomQo9VYGqAay7OCxyc3ztt8Z0kChvmCjj7SXKqK%2BelWvlaa3VaPg0iheDVouKVtIM250o4JSGzSiMItpAYcfslTz%2BBwAA%2F%2F8BAAD%2F%2F2jglRV7BAAA HTTP/1.1
Host: perryvolleyball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Cookie: u_pl=17041607; uid_id2=26c0e2ab-ac7e-41bf-9705-c752d6ac3cfa:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecd20bd9cc9099994d29386eab93410fd0=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 10 Sep 2022 11:08:41 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2cd9664c7490c6e2c4082689e52df58c
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 18d9c80e93810b52880aab445613e4b7
ca08ea7190fac815eae23eb6022d7f524694a518
6ed2db33b116fbb84b14f8509886515c5b9d8277437c8ac00b5735712f7f662f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 11:08:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
eeb8dc320005cccd239a5568bfb881c8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
142.250.74.65200 OK 3.1 kB URL HTTP/2 eeb8dc320005cccd239a5568bfb881c8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5835)
Hash 3fa5e95a358d660ddb3c45769ae1357f
5f6164fbaf8cfbccfd061b00ae48dedfc16bbcd9
d32f4b680031c0e11222eb17385aa9d3b11d2903b05bff34c3d4eb6292631137
GET /safeframe/1-0-38/html/container.html HTTP/1.1
Host: eeb8dc320005cccd239a5568bfb881c8.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 10 Sep 2022 11:08:41 GMT
expires: Sun, 10 Sep 2023 11:08:41 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022090601&st=env
142.250.74.162200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022090601&st=env
IP 142.250.74.162:0
File type JSON data\012- , ASCII text, with very long lines (14554), with no line terminators
Hash 5c45a40b7373f0fb49dd3c701a72f747
0ebe2896671bb3ac7f313415205a330fa05ed508
fc5e6828a900c8d0e1813a2d23b85ffc3f330bde6884b71c8e9f9f85829a273a
GET /getconfig/sodar?sv=200&tid=gpt&tv=2022090601&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 10 Sep 2022 11:08:41 GMT
server: cafe
cache-control: private
content-length: 11048
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash d05ef576937b19aecc86c0b097007e08
19a762c0f50235ccf55fbda3a8a9908967cdf20e
790eed01195b69d2172d23b08133aeaea33e3201ce49d9db6a5c15acf0bc4512
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 11:08:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
142.250.74.33200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Sat, 10 Sep 2022 11:08:41 GMT
expires: Sat, 10 Sep 2022 11:08:41 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
142.250.74.33200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 142.250.74.33:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Sep 2022 07:47:45 GMT
expires: Fri, 08 Sep 2023 07:47:45 GMT
cache-control: public, max-age=31536000
age: 184856
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/
172.67.137.152200 OK 499 B IP 172.67.137.152:0
File type ASCII text, with no line terminators
Hash 17c942cd1a99f4fe539de3c905d327a3
4b878d0badbb63f88f69b8969c93e0b3d2ce3325
7e7c2df2550249e94fdb4900329821aaa77136650b78a22eedbc5af96223dc35
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://send.cm/
Origin: https://send.cm
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:40 GMT
content-type: text/plain
set-cookie: csu=2024026665542894@1@1662808120; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://send.cm
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c195Spa7KGhTde3%2BvfuQ348jUPqZMmAtQ7qu3cav%2FyX9x3Wl25BfPqsfLUxZ5UAaLLjM4A2dyWGHZlZK5f6PHEtqALgqo0GqRarFsH9wenhIhZm%2B4MXirXLrl9Hqh6xr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7487b4fe2a8fb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google.com/recaptcha/api2/aframe
142.250.74.164200 OK 514 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 40de5335024681dbd33e0dcfd13a495a
aca0f31726f87b1bd1da60f0ac2d74141f44f820
28df5854348639ae009f75b986a39a954fe4576e41de5e1f9f288055296eb184
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 10 Sep 2022 11:08:42 GMT
date: Sat, 10 Sep 2022 11:08:42 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-4CZgLHM0BvzqMlBlUIcDPg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/index.html
104.26.7.19200 OK 427 B URL HTTP/2 cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/index.html
IP 104.26.7.19:0
File type HTML document text\012- HTML document, ASCII text
Hash 8693070f0adf83df6bb1cb58b14baf71
d465d54050430256e7faac3a5e5c1c5767fa85e9
3ac43eb1b36509f20c611a6c95cec9101245835a58910dea433c7270e16fecd6
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:42 GMT
content-type: text/html
last-modified: Wed, 09 Feb 2022 11:25:40 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EbY4Q8W61gQHPwdAiYSUtKzBJN%2FahhHiAGjVv3shPSd2C%2FmOtJ3ABqzpd1ke9Ifi72G0fN%2B6uTNM%2FlLdiXnbqw%2B4CaSTlptvV3FSKD4s6APb2%2Fjj5WMIqh%2FfSuVVhX4U0WG%2FwSk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7487b507480e0b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 11a62de4541037ab66a1ee3a198916bd
767beb0fd7d3ef086d2dff0a984f54f6b6f9d0e4
1f6a4b80a80691e041057bf8a0a5beb9440df1a1a9af8d2447af252055850d1a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1F6A4B80A80691E041057BF8A0A5BEB9440DF1A1A9AF8D2447AF252055850D1A"
Last-Modified: Sat, 10 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8071
Expires: Sat, 10 Sep 2022 13:23:13 GMT
Date: Sat, 10 Sep 2022 11:08:42 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 11a62de4541037ab66a1ee3a198916bd
767beb0fd7d3ef086d2dff0a984f54f6b6f9d0e4
1f6a4b80a80691e041057bf8a0a5beb9440df1a1a9af8d2447af252055850d1a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1F6A4B80A80691E041057BF8A0A5BEB9440DF1A1A9AF8D2447AF252055850D1A"
Last-Modified: Sat, 10 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8071
Expires: Sat, 10 Sep 2022 13:23:13 GMT
Date: Sat, 10 Sep 2022 11:08:42 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 11a62de4541037ab66a1ee3a198916bd
767beb0fd7d3ef086d2dff0a984f54f6b6f9d0e4
1f6a4b80a80691e041057bf8a0a5beb9440df1a1a9af8d2447af252055850d1a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1F6A4B80A80691E041057BF8A0A5BEB9440DF1A1A9AF8D2447AF252055850D1A"
Last-Modified: Sat, 10 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8071
Expires: Sat, 10 Sep 2022 13:23:13 GMT
Date: Sat, 10 Sep 2022 11:08:42 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 11a62de4541037ab66a1ee3a198916bd
767beb0fd7d3ef086d2dff0a984f54f6b6f9d0e4
1f6a4b80a80691e041057bf8a0a5beb9440df1a1a9af8d2447af252055850d1a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1F6A4B80A80691E041057BF8A0A5BEB9440DF1A1A9AF8D2447AF252055850D1A"
Last-Modified: Sat, 10 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8071
Expires: Sat, 10 Sep 2022 13:23:13 GMT
Date: Sat, 10 Sep 2022 11:08:42 GMT
Connection: keep-alive
perryvolleyball.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Findex.html&l=1659&fd=595
192.243.59.20200 OK 0 B URL HTTP/1.1 perryvolleyball.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Findex.html&l=1659&fd=595
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Findex.html&l=1659&fd=595 HTTP/1.1
Host: perryvolleyball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Cookie: u_pl=17041607; uid_id2=26c0e2ab-ac7e-41bf-9705-c752d6ac3cfa:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecd20bd9cc9099994d29386eab93410fd0=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 10 Sep 2022 11:08:42 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f1fa8224847ea7d9b4dc8e598fae4142
cb703a2944e58d97dd48a7e56ee9f4510ced78b4
920094aad2886535e2ba9e38d4731f63fbde93038d92b38f0030b0a0f47c2ac8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 11:08:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
perryvolleyball.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fanimate.css&l=79245&fd=72
192.243.59.20200 OK 0 B URL HTTP/1.1 perryvolleyball.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fanimate.css&l=79245&fd=72
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fanimate.css&l=79245&fd=72 HTTP/1.1
Host: perryvolleyball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Cookie: u_pl=17041607; uid_id2=26c0e2ab-ac7e-41bf-9705-c752d6ac3cfa:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecd20bd9cc9099994d29386eab93410fd0=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 10 Sep 2022 11:08:42 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f1fa8224847ea7d9b4dc8e598fae4142
cb703a2944e58d97dd48a7e56ee9f4510ced78b4
920094aad2886535e2ba9e38d4731f63fbde93038d92b38f0030b0a0f47c2ac8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 11:08:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
perryvolleyball.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fjs%2Fscript.js&l=468&fd=67
192.243.59.20200 OK 0 B URL HTTP/1.1 perryvolleyball.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fjs%2Fscript.js&l=468&fd=67
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fjs%2Fscript.js&l=468&fd=67 HTTP/1.1
Host: perryvolleyball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Cookie: u_pl=17041607; uid_id2=26c0e2ab-ac7e-41bf-9705-c752d6ac3cfa:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecd20bd9cc9099994d29386eab93410fd0=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 10 Sep 2022 11:08:42 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
perryvolleyball.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fstyle.css&l=10065&fd=72
192.243.59.20200 OK 0 B URL HTTP/1.1 perryvolleyball.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fstyle.css&l=10065&fd=72
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fstyle.css&l=10065&fd=72 HTTP/1.1
Host: perryvolleyball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Cookie: u_pl=17041607; uid_id2=26c0e2ab-ac7e-41bf-9705-c752d6ac3cfa:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecd20bd9cc9099994d29386eab93410fd0=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 10 Sep 2022 11:08:42 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
send.cm/ct7nwa8jmkdx/GRAPHPAD_PRISM_V9.4.1-XFORCE.rar
104.26.3.171200 OK 115 kB URL HTTP/2 send.cm/ct7nwa8jmkdx/GRAPHPAD_PRISM_V9.4.1-XFORCE.rar
IP 104.26.3.171:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (60845)
Size 115 kB (115280 bytes)
Hash a6632d3c8654917f03eed4b148b70c75
fc0981809fff2825e998f8b3f32b9ef844315183
5885d837f930ee6a7e6784fdf9f3bc21766471a96e5d1ea1660e70266a1b786d
GET /ct7nwa8jmkdx/GRAPHPAD_PRISM_V9.4.1-XFORCE.rar HTTP/1.1
Host: send.cm
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=0;includeSubDomains;
expires: Fri, 09 Sep 2022 11:08:38 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
cf-cache-status: BYPASS
set-cookie: lang=english; domain=.send.cm; path=/
c_7hyj5tegwm4sd1=ct7nwa8jmkdx; domain=.send.cm; path=/
aff=1623; domain=.send.cm; path=/; expires=Sat, 24-Sep-2022 11:08:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tXU%2FKq7ZYKjAGy9ryrgbU%2FyTwmaA99R4miPLBOjlKSs4sxFp3nC4fGKr46yBkIbIsIiZFkyT8vjrRqU8d726qWCyJ0EabglJHZ8PPyYZoVydmsjWfH%2BQwpY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7487b4f549db0b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.67.137.152200 OK 103 kB IP 172.67.137.152:0
Size 103 kB (102871 bytes)
Hash d2fe702cae5489845922eb61e4c0fde4
0647ad29efbacfb332a140af5628f3883b1db135
0b90f42d50861d5d4d4d7a63ecd73ba58b4f9e915ecb41cdc646312b4bff49a9
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://send.cm/
Origin: https://send.cm
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:40 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://send.cm
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4300
last-modified: Sat, 10 Sep 2022 09:57:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lfRnBnmztFAkGn6mYRlAJaSlX5Seq9t2HhnQtFK9e3N7DpHhkYy8G2%2B6uE%2Bj34N%2FDtrC0ezjffoKW1YznB0535RWMg3%2Bxr4Jz0O4hDxsl1fET4xBKdnziDJCoip2bPEX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7487b4fe2a87b523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://send.cm
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 228874
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://send.cm
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 228874
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
perryvolleyball.com/pixel/sbs?c=1
192.243.59.20200 OK 0 B URL HTTP/1.1 perryvolleyball.com/pixel/sbs?c=1
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: perryvolleyball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Cookie: u_pl=17041607; uid_id2=26c0e2ab-ac7e-41bf-9705-c752d6ac3cfa:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecd20bd9cc9099994d29386eab93410fd0=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 10 Sep 2022 11:08:42 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
perryvolleyball.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidtV1EgiYoFCBAVyABEj7v3v%2BSIsIYIwsnjhIQ6WD%2B9jx4dmc1s3t7dmUREaU8CiTK9Ts7ViBCINESoXMkF5aQfFQucE2LkFJRoLtYHHzN996%2BV7x939zby8%2BJj5yerVw3O0prutSs%2BpU37wTB1cq6SvJ%2Bpd9pfdpqXK3Y3jthq%2Bq%2FVflA8i2zVPMD3w%2F8oLKqrIxMf2kiQqWPwqAa%2BtVGrRo0G%2Bjb%2F3OXe3DUg%2BidkxegxHjhiXcFio%2BQxD%2BsSLeVmfTt9%2BNc08xY9MThx8lWYooE8QxG1kOUHF64Ydzp6mOY5GAaF6b3r5GpMfGOH4MlhxchwXr705xMQyZg4jkUvRGkHkHREbi5CyVOCcAFbmwgiR%2FcMLag289UOlHHZOHpX1DFmCz8fgVJ%2FP2yVv3KbaPzTJnEoR%2BVUP0RVHeEND9CtjMHVRyBZ19AiV%2FJ0tN1JPH%2BhtMGSpy9XmtxX9YoW6S8LRcbAYsWw7bfXOTtZk20KK%2FziE4LUmoEFY2g5QDUzSF3HnLlIY885KmHWJxVeBAEbV9w6ndCzuuiLVlL%2BAFtRwEN%2FFYHOZ%2F8wwBZOgDXA3C7i9TuYksNYPNf4DZLOOHBZQQ9UaKQBIUjKChBoQiKjKDolQdCu5orHwjtchZc7NrFrpdDk3X36IHJujIhe%2Bk5uTwpzlu4dIwteVYRNZ%2BJkPPQD8MwbIhaWO%2B0JGVhvRH4kfDhVAnl5kCdhx01Ji%2F%2B8TVSdfr8N2D0CE4fgavLoPmroMWwXfNBN4eNjo%2Bd5NDJRFR5DGFKpNkCsm1vT5%2BTl6aXq995A5KfXPuMXR%2F%2F%2BfBvcFsitSU%2BV08Iuvr%2B8JYpyP4tUzjy40aaqVjt0MlVb2c0k%2FPffii3C2PF2oobPHyXT4QJfPSRdNk6TYRKuo58t6yEkHbVWC7Jz2vuE8lu5m5zObdJnq7ffG91LU6tdE6ZZASqxoQcn4CrMbn008H0wb785T0oO4LNS8T5CbkYKHMEnu7CpbP8zszD6pmHpR6KvBzaGpt91IpAyxmnrIT7D2czvOfuo2tfA83uIolL9GyJni5B9QAunx9mqT259lt9OmDaGzJtvX2mrf7qWblOnVXqvmgzGck2k41mI5JcsGaT%2BTzirC46HY7MjfkrafgPAAAA%2F%2F8BAAD%2F%2F%2Bg0QP17BAAA
192.243.59.20200 OK 7 B URL HTTP/1.1 perryvolleyball.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidtV1EgiYoFCBAVyABEj7v3v%2BSIsIYIwsnjhIQ6WD%2B9jx4dmc1s3t7dmUREaU8CiTK9Ts7ViBCINESoXMkF5aQfFQucE2LkFJRoLtYHHzN996%2BV7x939zby8%2BJj5yerVw3O0prutSs%2BpU37wTB1cq6SvJ%2Bpd9pfdpqXK3Y3jthq%2Bq%2FVflA8i2zVPMD3w%2F8oLKqrIxMf2kiQqWPwqAa%2BtVGrRo0G%2Bjb%2F3OXe3DUg%2BidkxegxHjhiXcFio%2BQxD%2BsSLeVmfTt9%2BNc08xY9MThx8lWYooE8QxG1kOUHF64Ydzp6mOY5GAaF6b3r5GpMfGOH4MlhxchwXr705xMQyZg4jkUvRGkHkHREbi5CyVOCcAFbmwgiR%2FcMLag289UOlHHZOHpX1DFmCz8fgVJ%2FP2yVv3KbaPzTJnEoR%2BVUP0RVHeEND9CtjMHVRyBZ19AiV%2FJ0tN1JPH%2BhtMGSpy9XmtxX9YoW6S8LRcbAYsWw7bfXOTtZk20KK%2FziE4LUmoEFY2g5QDUzSF3HnLlIY885KmHWJxVeBAEbV9w6ndCzuuiLVlL%2BAFtRwEN%2FFYHOZ%2F8wwBZOgDXA3C7i9TuYksNYPNf4DZLOOHBZQQ9UaKQBIUjKChBoQiKjKDolQdCu5orHwjtchZc7NrFrpdDk3X36IHJujIhe%2Bk5uTwpzlu4dIwteVYRNZ%2BJkPPQD8MwbIhaWO%2B0JGVhvRH4kfDhVAnl5kCdhx01Ji%2F%2B8TVSdfr8N2D0CE4fgavLoPmroMWwXfNBN4eNjo%2Bd5NDJRFR5DGFKpNkCsm1vT5%2BTl6aXq995A5KfXPuMXR%2F%2F%2BfBvcFsitSU%2BV08Iuvr%2B8JYpyP4tUzjy40aaqVjt0MlVb2c0k%2FPffii3C2PF2oobPHyXT4QJfPSRdNk6TYRKuo58t6yEkHbVWC7Jz2vuE8lu5m5zObdJnq7ffG91LU6tdE6ZZASqxoQcn4CrMbn008H0wb785T0oO4LNS8T5CbkYKHMEnu7CpbP8zszD6pmHpR6KvBzaGpt91IpAyxmnrIT7D2czvOfuo2tfA83uIolL9GyJni5B9QAunx9mqT259lt9OmDaGzJtvX2mrf7qWblOnVXqvmgzGck2k41mI5JcsGaT%2BTzirC46HY7MjfkrafgPAAAA%2F%2F8BAAD%2F%2F%2Bg0QP17BAAA
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidtV1EgiYoFCBAVyABEj7v3v%2BSIsIYIwsnjhIQ6WD%2B9jx4dmc1s3t7dmUREaU8CiTK9Ts7ViBCINESoXMkF5aQfFQucE2LkFJRoLtYHHzN996%2BV7x939zby8%2BJj5yerVw3O0prutSs%2BpU37wTB1cq6SvJ%2Bpd9pfdpqXK3Y3jthq%2Bq%2FVflA8i2zVPMD3w%2F8oLKqrIxMf2kiQqWPwqAa%2BtVGrRo0G%2Bjb%2F3OXe3DUg%2BidkxegxHjhiXcFio%2BQxD%2BsSLeVmfTt9%2BNc08xY9MThx8lWYooE8QxG1kOUHF64Ydzp6mOY5GAaF6b3r5GpMfGOH4MlhxchwXr705xMQyZg4jkUvRGkHkHREbi5CyVOCcAFbmwgiR%2FcMLag289UOlHHZOHpX1DFmCz8fgVJ%2FP2yVv3KbaPzTJnEoR%2BVUP0RVHeEND9CtjMHVRyBZ19AiV%2FJ0tN1JPH%2BhtMGSpy9XmtxX9YoW6S8LRcbAYsWw7bfXOTtZk20KK%2FziE4LUmoEFY2g5QDUzSF3HnLlIY885KmHWJxVeBAEbV9w6ndCzuuiLVlL%2BAFtRwEN%2FFYHOZ%2F8wwBZOgDXA3C7i9TuYksNYPNf4DZLOOHBZQQ9UaKQBIUjKChBoQiKjKDolQdCu5orHwjtchZc7NrFrpdDk3X36IHJujIhe%2Bk5uTwpzlu4dIwteVYRNZ%2BJkPPQD8MwbIhaWO%2B0JGVhvRH4kfDhVAnl5kCdhx01Ji%2F%2B8TVSdfr8N2D0CE4fgavLoPmroMWwXfNBN4eNjo%2Bd5NDJRFR5DGFKpNkCsm1vT5%2BTl6aXq995A5KfXPuMXR%2F%2F%2BfBvcFsitSU%2BV08Iuvr%2B8JYpyP4tUzjy40aaqVjt0MlVb2c0k%2FPffii3C2PF2oobPHyXT4QJfPSRdNk6TYRKuo58t6yEkHbVWC7Jz2vuE8lu5m5zObdJnq7ffG91LU6tdE6ZZASqxoQcn4CrMbn008H0wb785T0oO4LNS8T5CbkYKHMEnu7CpbP8zszD6pmHpR6KvBzaGpt91IpAyxmnrIT7D2czvOfuo2tfA83uIolL9GyJni5B9QAunx9mqT259lt9OmDaGzJtvX2mrf7qWblOnVXqvmgzGck2k41mI5JcsGaT%2BTzirC46HY7MjfkrafgPAAAA%2F%2F8BAAD%2F%2F%2Bg0QP17BAAA HTTP/1.1
Host: perryvolleyball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Cookie: u_pl=17041607; uid_id2=26c0e2ab-ac7e-41bf-9705-c752d6ac3cfa:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecd20bd9cc9099994d29386eab93410fd0=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 10 Sep 2022 11:08:42 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b83ae0ac734902ae7a54342b0255a001
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ebc205cf750164c31d1fce2318d1636b
9309949107d69193b1c5156d45fbcc91e20a0fe4
4ab7f53d17c5d642e17a3e78aa93dc133c4713e44ccccb849f04fdcca62be8b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 11:08:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
glizauvo.net/impression/fkxR53r5tQW7z7v3Hquazq-prRodJOvV1J1DMg7VuqU6Gxe6NRl2t2y21g3bRoQHJBa68LFomgwxVfDI34wCuz15sQ381wSq3TVSk2gqhWVn44DSYA_66qaNQ2XniLYRe107gIARJjahiCNawxWIvHBlTYcknSmhBLvgXY0W5EYcPMHQoAGWKoYRKeK5TGhO_7y_C0Xt60EVK5ARL3sTD3u8un5x6sJ5QHos646BNzOpMn09BOVlDGkzk833SxnUgoV-FK3-WNnUHWD4XQCXnd3ANmwUMvou05eJl-h5P2QVAkczOG6o69dLUUImkbyapXkrSCxoSe4nWwNwQM7sxrF69DOdhaHiz7bxKLbc4L5R5i2OdDK_pKh8NG9AK8hBXizsyLoSZY8CpKHEaFYDc9cj-_-_bX_9nATcEPAtJaWHOoY8sm0ajlKInmRpxF4AM1fWDeuR0wDhf1167595sX5jg1FUQWd1mDOGuXDSm7imv_K__MMcQ_hQCQmQNpWZDby3sTeAk_8Jl8veVwFuBi-x2FPeRLVvVSu0HZ2NUe7FFIzxn53JrVKCuJElh07xycjgJfmpPZV4WEWaydlKCg==?_z=4856335&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fsend.cm%2Fct7nwa8jmkdx%2FGRAPHPAD_PRISM_V9.4.1-XFORCE.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.236200 OK 43 B URL HTTP/2 glizauvo.net/impression/fkxR53r5tQW7z7v3Hquazq-prRodJOvV1J1DMg7VuqU6Gxe6NRl2t2y21g3bRoQHJBa68LFomgwxVfDI34wCuz15sQ381wSq3TVSk2gqhWVn44DSYA_66qaNQ2XniLYRe107gIARJjahiCNawxWIvHBlTYcknSmhBLvgXY0W5EYcPMHQoAGWKoYRKeK5TGhO_7y_C0Xt60EVK5ARL3sTD3u8un5x6sJ5QHos646BNzOpMn09BOVlDGkzk833SxnUgoV-FK3-WNnUHWD4XQCXnd3ANmwUMvou05eJl-h5P2QVAkczOG6o69dLUUImkbyapXkrSCxoSe4nWwNwQM7sxrF69DOdhaHiz7bxKLbc4L5R5i2OdDK_pKh8NG9AK8hBXizsyLoSZY8CpKHEaFYDc9cj-_-_bX_9nATcEPAtJaWHOoY8sm0ajlKInmRpxF4AM1fWDeuR0wDhf1167595sX5jg1FUQWd1mDOGuXDSm7imv_K__MMcQ_hQCQmQNpWZDby3sTeAk_8Jl8veVwFuBi-x2FPeRLVvVSu0HZ2NUe7FFIzxn53JrVKCuJElh07xycjgJfmpPZV4WEWaydlKCg==?_z=4856335&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fsend.cm%2Fct7nwa8jmkdx%2FGRAPHPAD_PRISM_V9.4.1-XFORCE.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.236:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/fkxR53r5tQW7z7v3Hquazq-prRodJOvV1J1DMg7VuqU6Gxe6NRl2t2y21g3bRoQHJBa68LFomgwxVfDI34wCuz15sQ381wSq3TVSk2gqhWVn44DSYA_66qaNQ2XniLYRe107gIARJjahiCNawxWIvHBlTYcknSmhBLvgXY0W5EYcPMHQoAGWKoYRKeK5TGhO_7y_C0Xt60EVK5ARL3sTD3u8un5x6sJ5QHos646BNzOpMn09BOVlDGkzk833SxnUgoV-FK3-WNnUHWD4XQCXnd3ANmwUMvou05eJl-h5P2QVAkczOG6o69dLUUImkbyapXkrSCxoSe4nWwNwQM7sxrF69DOdhaHiz7bxKLbc4L5R5i2OdDK_pKh8NG9AK8hBXizsyLoSZY8CpKHEaFYDc9cj-_-_bX_9nATcEPAtJaWHOoY8sm0ajlKInmRpxF4AM1fWDeuR0wDhf1167595sX5jg1FUQWd1mDOGuXDSm7imv_K__MMcQ_hQCQmQNpWZDby3sTeAk_8Jl8veVwFuBi-x2FPeRLVvVSu0HZ2NUe7FFIzxn53JrVKCuJElh07xycjgJfmpPZV4WEWaydlKCg==?_z=4856335&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fsend.cm%2Fct7nwa8jmkdx%2FGRAPHPAD_PRISM_V9.4.1-XFORCE.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: glizauvo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Cookie: OAID=baaf9e350510498b98e2aeae63dbc943
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 11:08:44 GMT
content-type: image/gif
content-length: 43
x-trace-id: de47dcbbae9676ec1fb96efe2e017a6d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
secureads.increaserev.com/InvalidAds/addRequest.php?ip=91.90.42.154&domain=send.cm&os=Linux&adstype={%22_336x280%22:1}
104.26.0.126200 OK 0 B URL HTTP/2 secureads.increaserev.com/InvalidAds/addRequest.php?ip=91.90.42.154&domain=send.cm&os=Linux&adstype={%22_336x280%22:1}
IP 104.26.0.126:0
GET /InvalidAds/addRequest.php?ip=91.90.42.154&domain=send.cm&os=Linux&adstype={%22_336x280%22:1} HTTP/1.1
Host: secureads.increaserev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-security-policy: upgrade-insecure-requests;
access-control-allow-origin: *
x-varnish: 624263467
age: 0
x-cache: MISS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kd79%2FBDnq60jiruxMSgB9cjWYfLPlMfM7kNp9XCVNGhYe6O77e%2BVt4rgADSXdJRuLi6Ynp9YykAMiF1ublOF0fc69yt2zhCwT9HCiY6BfJxulLu4ucqahThzIYN%2B%2F2ZBxvBQDmYClAQXKaM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7487b5191e1bb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
glizauvo.net/401/4856335
139.45.197.236200 OK 0 B IP 139.45.197.236:0
Analyzer Verdict Alert quad9 Sinkholed
GET /401/4856335 HTTP/1.1
Host: glizauvo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 11:08:39 GMT
content-type: application/javascript
x-trace-id: e90d2e48aacb9c10609aec7fa0946a8a
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=13a503aa986945308324f6d6d0fd1cab; expires=Sun, 10 Sep 2023 11:08:39 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
api.hostip.info/get_json.php
104.21.84.241200 OK 0 B URL HTTP/2 api.hostip.info/get_json.php
IP 104.21.84.241:0
GET /get_json.php HTTP/1.1
Host: api.hostip.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:39 GMT
content-type: application/json; charset=iso-8859-1
expires: Sun, 11 Sep 2022 11:08:39 GMT
last-modified: Sat, 10 Sep 2022 11:08:39 GMT
cache-control: public, max-age=86400
pragma: !invalid
access-control-allow-origin: *
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xGRtRcp2JAn4VTLhefzCcjW%2Frt%2FPBn3xJjJ3cx8VEr8ECYL46ND84QjCCnhcHOur%2BUR5qUxzKSuK7uo1p%2B0CdH6xWhnJsOlm0bZK4Pgm%2FemTyK2%2BehEQnse6rgtvJMm6XxE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7487b4f9ca070b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thaudray.com/5/4277204/?oo=1&aab=1
139.45.197.237200 OK 0 B URL HTTP/2 thaudray.com/5/4277204/?oo=1&aab=1
IP 139.45.197.237:0
GET /5/4277204/?oo=1&aab=1 HTTP/1.1
Host: thaudray.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 11:08:40 GMT
content-type: application/json
x-trace-id: 87575904e5fbedaf882f23721f8a7922
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://send.cm
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=98a747266b724b37adfa7d3a9cc52926; expires=Sun, 10 Sep 2023 11:08:40 GMT; path=/; secure; SameSite=None
oaidts=1662808120; expires=Sun, 10 Sep 2023 11:08:40 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/animate.css
104.21.51.177200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/animate.css
IP 104.21.51.177:0
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:42 GMT
content-type: text/css
last-modified: Mon, 17 Jan 2022 14:25:59 GMT
etag: W/"61e57c77-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 344355
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jbHXgQWGcJsCTidAuBaxsQgGHKrY6iOXdx3of4EX7pQViHQFiF%2F%2FA0v84FY4qSu7nEYei%2BI3TxR4khXsJSPdFizGyFT10cx9TZP%2FqaG1P6zWj0wZ0TwuVh9w3kO9uu8s8Q4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7487b50b4802b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
secureads.increaserev.com/InvalidAds/checkblock.php?ip=91.90.42.154&domain=send.cm
104.26.0.126200 OK 0 B URL HTTP/2 secureads.increaserev.com/InvalidAds/checkblock.php?ip=91.90.42.154&domain=send.cm
IP 104.26.0.126:0
GET /InvalidAds/checkblock.php?ip=91.90.42.154&domain=send.cm HTTP/1.1
Host: secureads.increaserev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:39 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-security-policy: upgrade-insecure-requests;
access-control-allow-origin: *
x-varnish: 596062871
age: 0
x-cache: MISS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0PFdu1FOtlAe71n0VRLwe0JdZP2RdmYwgjGrShnkhSAYLKBXtkp06dqbx0w6n7sGMhckVPk7dRIDi02RLonG6zJGOAeuijnJg5Mppsk3KP5gVMki4xrIbF0LwF%2FYnXsmWSxAz4YXIvftQlU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7487b4fa4b62b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
104.21.22.169200 OK 0 B IP 104.21.22.169:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:39 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 1219
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BdPMIWeIB2K9uMTbcUoJTCZAEpbFT%2FYKAk1uebscQE0d7ALs1bQS%2BTNG8Oq5gOfBOzUHg7dJR0Z9j9VW2XaEJwycHia8VxlVhd4%2FxAdaYN1Wl%2BpEJ4%2FzgKIBqFWEXw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7487b4fba84ab505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thaudray.com/?rb=GtQMPnsvKkoUjXaFTLKnXlaM57bMe11_Mt0uAzL-3jFJR7DBUmzqGGaxcCRyF9_27bEYeD7LAa9KpKhYGI1-bGr5dAFzbdFyIy2RzCdvShXArwmJflEPh-nFCgUmHGPMRPz1mcL2g59-Uor1M2ZuzMdDz38eDRnIm_JRV8iz6uw0Ea8U07-MLIz9GsnhxabHFTrudZHl-6maOOlj&request_ab2=0&zoneid=4277204&js_build=iclick-v1.425.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fsend.cm%2Fct7nwa8jmkdx%2FGRAPHPAD_PRISM_V9.4.1-XFORCE.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.425.0&bs=be53e9f7-75a3-42e8-b080-73410acaf4c7&userId=baaf9e350510498b98e2aeae63dbc943&m=link
139.45.197.237200 OK 0 B URL HTTP/2 thaudray.com/?rb=GtQMPnsvKkoUjXaFTLKnXlaM57bMe11_Mt0uAzL-3jFJR7DBUmzqGGaxcCRyF9_27bEYeD7LAa9KpKhYGI1-bGr5dAFzbdFyIy2RzCdvShXArwmJflEPh-nFCgUmHGPMRPz1mcL2g59-Uor1M2ZuzMdDz38eDRnIm_JRV8iz6uw0Ea8U07-MLIz9GsnhxabHFTrudZHl-6maOOlj&request_ab2=0&zoneid=4277204&js_build=iclick-v1.425.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fsend.cm%2Fct7nwa8jmkdx%2FGRAPHPAD_PRISM_V9.4.1-XFORCE.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.425.0&bs=be53e9f7-75a3-42e8-b080-73410acaf4c7&userId=baaf9e350510498b98e2aeae63dbc943&m=link
IP 139.45.197.237:0
GET /?rb=GtQMPnsvKkoUjXaFTLKnXlaM57bMe11_Mt0uAzL-3jFJR7DBUmzqGGaxcCRyF9_27bEYeD7LAa9KpKhYGI1-bGr5dAFzbdFyIy2RzCdvShXArwmJflEPh-nFCgUmHGPMRPz1mcL2g59-Uor1M2ZuzMdDz38eDRnIm_JRV8iz6uw0Ea8U07-MLIz9GsnhxabHFTrudZHl-6maOOlj&request_ab2=0&zoneid=4277204&js_build=iclick-v1.425.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fsend.cm%2Fct7nwa8jmkdx%2FGRAPHPAD_PRISM_V9.4.1-XFORCE.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.425.0&bs=be53e9f7-75a3-42e8-b080-73410acaf4c7&userId=baaf9e350510498b98e2aeae63dbc943&m=link HTTP/1.1
Host: thaudray.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://send.cm/
Origin: https://send.cm
Connection: keep-alive
Cookie: OAID=98a747266b724b37adfa7d3a9cc52926; oaidts=1662808120
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 11:08:40 GMT
content-type: application/json
x-trace-id: ecd260b388c1be3a5dbdef001b9de6a9
access-control-allow-origin: https://send.cm
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=baaf9e350510498b98e2aeae63dbc943; expires=Sun, 10 Sep 2023 11:08:40 GMT; path=/; secure; SameSite=None
oaidts=1662808120; expires=Sun, 10 Sep 2023 11:08:40 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 17 Sep 2022 11:08:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
secureads.increaserev.com/InvalidAds/track.php?ip=undefined&domain=send.cm&type=send.js___default
104.26.0.126200 OK 0 B URL HTTP/2 secureads.increaserev.com/InvalidAds/track.php?ip=undefined&domain=send.cm&type=send.js___default
IP 104.26.0.126:0
GET /InvalidAds/track.php?ip=undefined&domain=send.cm&type=send.js___default HTTP/1.1
Host: secureads.increaserev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:39 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-security-policy: upgrade-insecure-requests;
access-control-allow-origin: *
x-varnish: 596062870 615319655
age: 0
x-cache: HIT
x-cache-hits: 7
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ei%2FlxqBgyTdNxkeBS27GPmIC3QZCfVdEYjf0P%2FTVBl2CRl412dSCz6ohWy7We39Y6Ez0uJpvvnQ6Xibyr%2FZvb1jF8Ap0Izoq7hucw0rZRbcNoj5%2BqCPlUsCAUr0ezDYoF3GdyKG0NJizkuE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7487b4fa1b42b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/style.css
104.21.51.177200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/style.css
IP 104.21.51.177:0
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 11:08:42 GMT
content-type: text/css
last-modified: Wed, 09 Feb 2022 11:25:27 GMT
etag: W/"6203a4a7-2751"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 344355
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2BMiT5r8UH%2FXqRl0CBdp%2F7bdENjO04VfRLcdmRcrNWlCPAYJHoi92fOGt9CmyfOK82OXhrZxk85W16FQU1UgeAxf46WNlJa%2Fqr72kn48RjSsj0R67bq2%2FsehOWKfcPk%2BC8Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7487b50b4ff7b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.10:0
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 10 Sep 2022 11:08:42 GMT
date: Sat, 10 Sep 2022 11:08:42 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2