Overview

URLmistressspider.top/ypf-qs/tb.php?mp=hw1669942723052
IP 172.67.160.218 (United States)
ASN#13335 CLOUDFLARENET
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-02 01:38:55 UTC
StatusLoading report..
IDS alerts0
Blocklist alert4
urlquery alerts No alerts detected
Tags None

Domain Summary (21)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-01 17:12:49 UTC 34.117.237.239
e1.o.lencr.org (13) 6159 No data No data 23.36.77.32
voicelevel.top (1) 0 2021-06-15 04:38:39 UTC 2022-12-01 21:20:35 UTC 188.114.97.1 Unknown ranking
1.bp.blogspot.com (2) 8403 2013-05-06 20:18:52 UTC 2020-05-14 01:22:22 UTC 142.250.74.161
region1.google-analytics.com (1) 0 2022-03-17 11:26:33 UTC 2022-12-01 18:13:33 UTC 216.239.34.36 Domain (google-analytics.com) ranked at: 8401
hm.baidu.com (8) 8254 2012-05-26 08:38:45 UTC 2020-02-11 02:47:13 UTC 103.235.46.191
bonepa.com (2) 905859 2021-05-30 05:45:50 UTC 2022-12-01 14:19:16 UTC 185.66.201.42
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-12-01 17:14:08 UTC 34.102.187.140
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.149.156.115
ocsp.globalsign.com (4) 2075 2012-07-20 17:46:16 UTC 2020-05-02 20:58:10 UTC 151.101.2.133
cdn.jsdelivr.cc (4) 323508 2021-04-17 12:38:13 UTC 2022-12-01 14:19:16 UTC 104.21.0.245
r3.o.lencr.org (7) 344 No data No data 23.36.77.32
cdnbun.com (6) 0 2022-09-11 07:52:04 UTC 2022-12-01 20:20:43 UTC 104.21.14.142 Unknown ranking
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
ocsp.pki.goog (7) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.131
ocsp.digicert.com (8) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
www.googletagmanager.com (2) 75 2013-05-22 02:07:37 UTC 2022-12-01 18:48:44 UTC 142.250.74.168
263cdn.com (10) 0 2022-06-15 21:39:15 UTC 2022-12-01 14:19:16 UTC 104.21.235.73 Unknown ranking
uprimp.com (1) 216873 2019-02-11 08:10:06 UTC 2022-12-01 14:19:16 UTC 185.66.200.220
mistressspider.top (4) 0 2022-11-12 06:52:14 UTC 2022-12-02 00:34:44 UTC 104.21.15.2 Unknown ranking

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-02 2 mistressspider.top/j/og2.js?_t=1669945122874 Phishing
2022-12-02 2 mistressspider.top/j/og2.php?_t=1669945122996 Phishing
2022-12-02 2 voicelevel.top/8ijE9QWv/ypf-qs/?_t=1669945123065 Malware
2022-12-02 2 bonepa.com/js/responsive.js Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 172.67.160.218
Date UQ / IDS / BL URL IP
2022-12-02 01:38:55 +0000 0 - 0 - 4 mistressspider.top/ypf-qs/tb.php?mp=hw1669942 (...) 172.67.160.218


Last 5 reports on ASN: CLOUDFLARENET
Date UQ / IDS / BL URL IP
2023-01-29 12:27:51 +0000 0 - 0 - 2 westcliffdrive.com/conditions/weds/d79d5212b1 (...) 188.114.96.1
2023-01-29 12:27:19 +0000 0 - 0 - 6 sudamshelar.in/Office/login.php 104.21.4.51
2023-01-29 12:27:04 +0000 0 - 0 - 1 campiar.com/EfgfdbxtLFdiuxGXXE8aWJvQwnCgZIzF/ (...) 172.67.143.41
2023-01-29 12:26:40 +0000 0 - 0 - 1 www.upload-4ever.com/orh86ynf4tiy/Netflix%20C (...) 172.67.152.107
2023-01-29 12:25:35 +0000 0 - 0 - 3 oaxyteek.net/rweasy/-1IWNL/11374213/https:/gi (...) 172.67.157.221


Last 1 reports on domain: mistressspider.top
Date UQ / IDS / BL URL IP
2022-12-02 01:38:55 +0000 0 - 0 - 4 mistressspider.top/ypf-qs/tb.php?mp=hw1669942 (...) 172.67.160.218


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-12-05 23:32:10 +0000 0 - 0 - 4 ratifytexture.cn/ypf-qs/tb.php?ei=zr1670277646346 172.67.143.102
2022-11-29 14:55:55 +0000 0 - 0 - 4 spontaneitytread.cn/ypf-qs/tb.php?gq=lb166973 (...) 104.21.91.68
2022-11-24 15:01:34 +0000 0 - 0 - 4 thornportfolio.cn/ypf-qs/tb.php?ol=ux1669301956595 172.67.183.34
2022-11-24 11:25:16 +0000 0 - 0 - 4 sensationalbook.cn/ypf-qs/tb.php?zp=ad1669289 (...) 104.21.19.201
2022-11-11 20:30:00 +0000 0 - 0 - 5 technologicalversatile.top/ypf-qs/tb.php?ig=j (...) 172.67.167.230

JavaScript

Executed Scripts (25)

Executed Evals (1)
#1 JavaScript::Eval (size: 1094) - SHA256: dcc5c06f0c04f18293f2ce37777d07a16b2a5610b5fc8c05e15538b67cec2650
(window.location.href.indexOf("cauryuda.club") > -1 || window.location.href.indexOf("woomall.xyz") > -1) && Math.ceil(10 * Math.random()) > 7 && setTimeout(() => {
    window.incrementValue1 = function() {
        let e = "https://soarmechanic.xyz/Tesco-Lotus-RM500/tb.php?_t=" + (new Date).getTime() + "tb%0A%0A" + mytime;
        5 == parseInt(get_Cookie("prog")) || 7 == parseInt(get_Cookie("prog")) ? window.open("whatsapp://send?text=" + e) : window.open("whatsapp://send?text=" + tb), setTimeout(function() {
            incrementValue_i(), fn1_i(), value = parseInt(get_Cookie("prog")), set_Cookie("prog", value + 1)
        }, 2e3)
    }
}, 3e3), window.location.href.indexOf("megavouchers.club") > -1 && window.location.href.indexOf("checkers") > -1 && Math.ceil(10 * Math.random()) > 7 && setTimeout(() => {
    window.incrementValue1 = function() {
        let e = "https://rocketecho.xyz/checkers-R5000/tb.php?_t=" + (new Date).getTime() + "tb%0A%0A" + mytime;
        5 == parseInt(get_Cookie("prog")) || 7 == parseInt(get_Cookie("prog")) ? window.open("whatsapp://send?text=" + e) : window.open("whatsapp://send?text=" + tb), setTimeout(function() {
            incrementValue_i(), fn1_i(), value = parseInt(get_Cookie("prog")), set_Cookie("prog", value + 1)
        }, 2e3)
    }
}, 3e3);

Executed Writes (1)
#1 JavaScript::Write (size: 362) - SHA256: 43b18a4336e3060e8351f3eb3fd8a8d0c061c10aacf656e72c4e0ebabcc55e18
< iframe src = "https://uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=166994512542911&xtt=8226635"
width = "300"
height = "50"
frameborder = "0"
marginheight = "0"
marginwidth = "0"
scrolling = "no"
sandbox = "allow-forms allow-pointer-lock allow-popups allow-same-origin allow-scripts"
style = "width:300px !important;height:50px !important;" > < /iframe>


HTTP Transactions (91)


Request Response
                                        
                                            GET /ypf-qs/tb.php?mp=hw1669942723052 HTTP/1.1 
Host: mistressspider.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         104.21.15.2
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 01:38:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iPr2gL5UQTcUis4moEdOm4cF9xSc81S7cVI9W1BosBLau7fxdie5T1DGsc3%2Fw2wgAWcNNF4fYP6y44d4%2FW0v8WFhVpRMKuX9M2sLTBiR2%2BGsgeOfkqfJHDfXIZpFwBbKLyFKRG0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77305840daeeb521-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (479), with CRLF line terminators
Size:   545
Md5:    15293482e58c8c941fc168b6db621cfc
Sha1:   c12bbd52b4de43d704ac98afada03fdd4c537ade
Sha256: bbf9f8135a4131ab96f255c423bf3008361493b5c28396b94d29dc418b6ad98b
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4801
Expires: Fri, 02 Dec 2022 02:58:45 GMT
Date: Fri, 02 Dec 2022 01:38:44 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3136
Expires: Fri, 02 Dec 2022 02:31:00 GMT
Date: Fri, 02 Dec 2022 01:38:44 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4599
Cache-Control: max-age=122947
Date: Fri, 02 Dec 2022 01:38:44 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 11:47:51 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: LHU10CsI3IXz5wD3uvZuxmjUFT2U4C3hOcISn1PkBAbyO74whSdZPPyi50BPILSTAcC6Kw3Bi68=
x-amz-request-id: KJPBNJFTN54KE2DP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 00:46:30 GMT
age: 3134
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 01:19:50 GMT
cache-control: public,max-age=3600
age: 1134
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    30db107dcf4380cef05efea409c2e6a3
Sha1:   96e6a306fbc07299aba64e5c14e2bfca35872fa9
Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 02 Dec 2022 01:38:44 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: mistressspider.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mistressspider.top/ypf-qs/tb.php?mp=hw1669942723052

search
                                         104.21.15.2
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Fri, 02 Dec 2022 01:38:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 27 Dec 2016 03:54:11 GMT
ETag: W/"5861e5e3-1b0"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wh1ADRpiCM5i60CTf7F2Do%2BVA5IADYwpcEE%2FY5%2FE0k5YviY2AQy5noHu%2BvmYAcZxW2BdZJ4SwizuV5dtyPLl2VIiwGv2FGpo293LBNoaStRSNn3CwcL4tcxFi%2BrM3i5sqi93d5A%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773058436c66b521-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   455
Md5:    3c5d244b8b6b192c76a2c4331450c235
Sha1:   7e53f5ad871fcd67705eaf77f1ca9ff247143e1e
Sha256: e0f26b6349453a86cd1f0f87cfd80559ef7edb6d88ff0af9ced7d7e413c548e3
                                        
                                            GET /j/og2.js?_t=1669945122874 HTTP/1.1 
Host: mistressspider.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mistressspider.top/ypf-qs/tb.php?mp=hw1669942723052

search
                                         104.21.15.2
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 02 Dec 2022 01:38:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 16:09:56 GMT
Vary: Accept-Encoding
ETag: W/"635172d4-850"
Expires: Fri, 02 Dec 2022 13:38:44 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FSb%2FcRLYrltc3viBUuJXepnDT%2BR%2F0PZqnCNc6JLwL9jmVw2Xhx5qo6Ua%2FstfoeL47eAoEGULt7aKKXkfalIapCpYQFVrFZtD3pVsrxE2gg5Nb5xDsBYfoaP9XCDtAKsgX9OWZcQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 773058444cfab521-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   942
Md5:    bad1af26351d2e87c035596233940ab0
Sha1:   9ac0e34dcbfd29ca3070c506c200777a8016b161
Sha256: bc734ed6fc97cbcbaa0ed5236ce8aa46754596a9a79eef96684242d231d0644e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /j/og2.php?_t=1669945122996 HTTP/1.1 
Host: mistressspider.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 45
Origin: http://mistressspider.top
Connection: keep-alive
Referer: http://mistressspider.top/ypf-qs/tb.php?mp=hw1669942723052

search
                                         104.21.15.2
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Fri, 02 Dec 2022 01:38:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MqxqmnKNP16oqjMOsE85wbwecRpX6F2mIvQF7ImEQf6rJQ1qz2nWV30fVVeBwKGk67BzK5CtOWeay%2BfQ5NB9MQKT7xwGErnUeY9tZodoGoKKTIWGM9%2BrZzpt74YMH%2FpKN6GeM54%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77305844ed6cb521-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   99
Md5:    05f455ad9c361a49221e3471ebdbe979
Sha1:   843a30e3653f71d897b6e1437b412e07d22bc242
Sha256: 8a9ae292893e13f61381ce70e30967c045a087a955ff2440578394127277c9a8

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 01:11:15 GMT
cache-control: public,max-age=3600
age: 1649
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "B56B6E7F8640BEA5A8C98CAED11BA507AF0A7D85E383C7C2164F5A6FDD01987B"
Last-Modified: Thu, 01 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18959
Expires: Fri, 02 Dec 2022 06:54:43 GMT
Date: Fri, 02 Dec 2022 01:38:44 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "B56B6E7F8640BEA5A8C98CAED11BA507AF0A7D85E383C7C2164F5A6FDD01987B"
Last-Modified: Thu, 01 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18959
Expires: Fri, 02 Dec 2022 06:54:43 GMT
Date: Fri, 02 Dec 2022 01:38:44 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4600
Cache-Control: max-age=117884
Date: Fri, 02 Dec 2022 01:38:45 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 10:23:29 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5968
Cache-Control: 'max-age=158059'
Date: Fri, 02 Dec 2022 01:38:45 GMT
Etag: "6388df4f-118"
Last-Modified: Thu, 01 Dec 2022 23:59:17 GMT
Server: ECS (amb/6B7C)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=142122
Date: Fri, 02 Dec 2022 01:38:45 GMT
Etag: "6388df4f-118"
Expires: Sat, 03 Dec 2022 17:07:27 GMT
Last-Modified: Thu, 01 Dec 2022 17:07:27 GMT
Server: nginx
Content-Length: 280


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   935
Md5:    084287f68e042624f06c2e987a5b1700
Sha1:   e6861d25c221e55ab4cb26bd5baa82e4e8ef099f
Sha256: 35c4bfe3da0ffeed53539e5a8afe715e8898749488d81c390b8e4a382579e8ff
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5968
Cache-Control: 'max-age=158059'
Date: Fri, 02 Dec 2022 01:38:45 GMT
Last-Modified: Thu, 01 Dec 2022 23:59:17 GMT
Server: ECS (amb/6B7C)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 01:38:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 01:38:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 01:38:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DDF60063CBCA367FEB0CB2BB306B555A93831AABA432725B5FD5635509D77306"
Last-Modified: Tue, 29 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9710
Expires: Fri, 02 Dec 2022 04:20:35 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=142122
Date: Fri, 02 Dec 2022 01:38:45 GMT
Etag: "6388df4f-118"
Expires: Sat, 03 Dec 2022 17:07:27 GMT
Last-Modified: Thu, 01 Dec 2022 17:07:27 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /8ijE9QWv/ypf-qs/?_t=1669945123065 HTTP/1.1 
Host: voicelevel.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mistressspider.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         188.114.97.1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Fri, 02 Dec 2022 01:38:44 GMT
vary: Accept-Encoding
set-cookie: ypf-qs-tthh1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.voicelevel.top ypf-qs-tthh2=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.voicelevel.top
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SjgRQ80YYhW6pRv8iUYTBzTjm5dnGHOcfeR0VLqp5DcecpjXQs6eDTCIf3FqaQMJ3brMpMQTHfpLRgU5pOegnUwLE7U7tGpDi6SAHnGnc16Kjvwml73nbHOZreIvYPAeNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773058468e070b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size:   92771
Md5:    e56cd0bfbe121c10fbe1f2478e15db3a
Sha1:   d9be8989c04e32cc9ac1242cebfd512bcddd1b8c
Sha256: 4424fe0a04b9110bd98f1c17075bbbd3ce89d434bff8987ca044ac99d340b132

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /gtag/js?id=G-LW7434MYMN HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Dec 2022 01:38:45 GMT
expires: Fri, 02 Dec 2022 01:38:45 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76263
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (20080)
Size:   76263
Md5:    a3e7493829d238a9b85436b5ca1965cf
Sha1:   ccd9f1f793826f4502d720a9738a7c0e98add484
Sha256: 73367211c4584323ddf4125d945b2ef5dcfc40193a1fe9b0b52e6a63fa704767
                                        
                                            GET /gtag/js?id=G-TL7ZZFZFHR HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Dec 2022 01:38:45 GMT
expires: Fri, 02 Dec 2022 01:38:45 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79037
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (26337)
Size:   79037
Md5:    43e71334c38c8993738d24643df255e8
Sha1:   7b73376a5c5245afcf9d479eb25c7e4de3ca6f73
Sha256: cb96d9b792b88e4b51eae6b1d78dd0045424f98753d96587820c80ded00704ee
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=142122
Date: Fri, 02 Dec 2022 01:38:45 GMT
Etag: "6388df4f-118"
Expires: Sat, 03 Dec 2022 17:07:27 GMT
Last-Modified: Thu, 01 Dec 2022 17:07:27 GMT
Server: nginx
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=142122
Date: Fri, 02 Dec 2022 01:38:45 GMT
Etag: "6388df4f-118"
Expires: Sat, 03 Dec 2022 17:07:27 GMT
Last-Modified: Thu, 01 Dec 2022 17:07:27 GMT
Server: nginx
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B59FEE4DDEE8362FC93D3D3B159A3BC0D541099DB4DEB6837ED4BAA587FF73FF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20749
Expires: Fri, 02 Dec 2022 07:24:34 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 01:38:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Qzj6yoboYf5bKRZbTToqpQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.149.156.115
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fR3RB957vg09nhl109E6Tn6CId0=

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "0D6783A242414471C8015FAB158A5BEAD0DD30E2190E371F3D3F24D6F4D9EFE6"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6065
Expires: Fri, 02 Dec 2022 03:19:50 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "0D6783A242414471C8015FAB158A5BEAD0DD30E2190E371F3D3F24D6F4D9EFE6"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6091
Expires: Fri, 02 Dec 2022 03:20:16 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "0D6783A242414471C8015FAB158A5BEAD0DD30E2190E371F3D3F24D6F4D9EFE6"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6091
Expires: Fri, 02 Dec 2022 03:20:16 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "0D6783A242414471C8015FAB158A5BEAD0DD30E2190E371F3D3F24D6F4D9EFE6"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8104
Expires: Fri, 02 Dec 2022 03:53:49 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   2378
Md5:    77bad1aca1e42b98162aa90ac8df567a
Sha1:   c1d523e82d23324219a99e310760d400cda6d1c0
Sha256: 19f3a3585f15c27e0e9776f784dec066843fe9572bd5582704beccacff581981
                                        
                                            GET /upload/petropargov.box2.png HTTP/1.1 
Host: cdnbun.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.14.142
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
content-length: 2343
x-guploader-uploadid: ADPycdt6uz_wI-jyEV0_hHx-vrydkouawlcutZJBkt0TrdDhp14EUF6yH20GeZJwbLSRSScdK8zYUQZMq-3npFs4V9bRxw
expires: Fri, 02 Dec 2022 01:43:38 GMT
cache-control: public, max-age=14400
last-modified: Wed, 02 Nov 2022 18:14:32 GMT
etag: "33caf1d4d36d6691df1728b2c631a168"
x-goog-generation: 1667412872747640
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 2343
x-goog-hash: crc32c=HuFjDA==, md5=M8rx1NNtZpHfFyiyxjGhaA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n9kUg%2FB1cJoz57tb1XTX2EeoXyqE5vd8dCcUWgk%2BKd9oPWT86fdxqvdNYcpzkWHgwplNANcNPUghsq4Jahu6jDU24VpEiaPdY8YvtGO924BK1hXOcX5IgHratsMY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584a0ccc0afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 350 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size:   2343
Md5:    33caf1d4d36d6691df1728b2c631a168
Sha1:   efa186e88d8198f61408e20c330e85bdbd9aa47f
Sha256: f4fc0653f2de6002678aaba6c114282293e30228b6d5589adcaf25406f8d5f29
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 01:38:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /upload/agtsy-you.png HTTP/1.1 
Host: cdnbun.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.14.142
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
content-length: 329
x-guploader-uploadid: ADPycdubIs1ZWPr4SjgaIUB72wPQbDLazLVu-1qt5hZzh1etI19obgL5jrDph0DqphFFD91iQT_XVI_IDk9Jx4oMnkay8A
x-goog-generation: 1667410595135623
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 329
x-goog-hash: crc32c=BG1utQ==, md5=r300DZIdoukIRAWKhueNow==
x-goog-storage-class: STANDARD
expires: Fri, 02 Dec 2022 01:43:33 GMT
cache-control: public, max-age=14400
last-modified: Wed, 02 Nov 2022 17:36:35 GMT
etag: "af7d340d921da2e90844058a86e78da3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zYS7iJN%2Ba7T3Ww2M9YYxoM6hrwsz2UeKzuS69ZG3b56coAMHedpYh5nnNpUGEhLQPAvUMHprNY%2BE7PW0X6owdBfCIm4vT64hABnTRJOhFtyyj027yo80UvigPkOL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584a1cd20afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 46 x 29, 8-bit/color RGBA, non-interlaced\012- data
Size:   329
Md5:    af7d340d921da2e90844058a86e78da3
Sha1:   3b20b3398c00ffb81f60c7ee2cb2cff61b4f9542
Sha256: 9536c4aee44dce0aa08fe54aefde8ed24927f4aaad64343f09f0449f0406d08e
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "0D6783A242414471C8015FAB158A5BEAD0DD30E2190E371F3D3F24D6F4D9EFE6"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16930
Expires: Fri, 02 Dec 2022 06:20:55 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive

                                        
                                            GET /upload/agtsy-zuo.png HTTP/1.1 
Host: cdnbun.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.14.142
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
content-length: 1638
x-guploader-uploadid: ADPycdvaJPl1Gty_oWp5YxH6JTSZfHDE0O3pIs92c-kqZfdukVZGW-FKYI6_I-FuVCLkj77O15rpqT9Qd3rcj4zeGXbdFA
expires: Fri, 02 Dec 2022 01:43:33 GMT
cache-control: public, max-age=14400
last-modified: Wed, 02 Nov 2022 17:36:34 GMT
etag: "2cb551769e47fab1f7377bba4a81ecba"
x-goog-generation: 1667410594551364
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1638
x-goog-hash: crc32c=wSylhg==, md5=LLVRdp5H+rH3N3u6SoHsug==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rzaf0Y2kPHu21RcJXFGHjnrQc0hs5U76mu2vIhh5hRIaIEk2BAfou9HRaUQ2VVb2nM73gu%2FRLpMnJqOX7uZ8l5F8rRnxNzT5qGRGfyNbazP0MYkcdrPNqfHK4SGJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584a2cd40afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 69 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   1638
Md5:    2cb551769e47fab1f7377bba4a81ecba
Sha1:   ab2bb70a9b6cef30c2232819a32f62c38d954622
Sha256: 8a4a8d1dab9904d863fd67c876c12f8b236ca29d79a75bf0bd6cf9d5b68dc524
                                        
                                            GET /upload/agtsy-img.jpg HTTP/1.1 
Host: cdnbun.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.14.142
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
content-length: 86168
x-guploader-uploadid: ADPycdv_ilebzIbfUSwcR9LOOyRYuouqw_QnrU1tHYHOtOx6gtFMifQBfWXVXqPPak2rzFJceSa7PPY64aYbK80FYP9vgA
expires: Fri, 02 Dec 2022 01:43:34 GMT
cache-control: public, max-age=14400
last-modified: Wed, 02 Nov 2022 17:36:35 GMT
etag: "3ad3019d5c86791d30c0f5e00b126a3e"
x-goog-generation: 1667410595043829
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 86168
x-goog-hash: crc32c=1L6vHA==, md5=OtMBnVyGeR0wwPXgCxJqPg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OxjRXJ%2B0uJWk9XkkshMD3XvDG0Is7yHHb%2BCgpATkre2SMJpwx8Z%2B0ry78fLXP0hd6uxMOOzkIs9h%2Bv7V4NMi2LI%2BWdzbFgDWY8neTN30eSSeWD3cmFjX%2BtPE34mn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584a1ccf0afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 512x288, components 3\012- data
Size:   86168
Md5:    3ad3019d5c86791d30c0f5e00b126a3e
Sha1:   7231c4ffbf716457f81892e1ca2def81db595e6a
Sha256: c6dc3a583d35112b6132af8554898aec77e322a59b314b2567cc6383cc1efa0a
                                        
                                            GET /-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png HTTP/1.1 
Host: 1.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.161
HTTP/2 200 OK
content-type: image/png
                                        
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Norway_inbox.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 13695
x-xss-protection: 0
date: Thu, 01 Dec 2022 21:39:07 GMT
expires: Sun, 06 Nov 2022 03:02:48 GMT
cache-control: public, max-age=86400, no-transform
age: 14378
etag: "v630"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 350 x 251, 8-bit colormap, non-interlaced\012- data
Size:   13695
Md5:    ff055162c5d233506eece3fb69a47e74
Sha1:   49812e303ae6674819b6a7a6e0721d555ef64df4
Sha256: 7e46c8bcf219a0d6f0f3d5c5b027ed613678a0c54d637172d6495f428ff80150
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 01:38:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "041096A10C64C40FD34D9E37FBD2E1AC629DE0580E4977C28729BC8809636A22"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=661
Expires: Fri, 02 Dec 2022 01:49:46 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "041096A10C64C40FD34D9E37FBD2E1AC629DE0580E4977C28729BC8809636A22"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=661
Expires: Fri, 02 Dec 2022 01:49:46 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive

                                        
                                            GET /upload/petropargov.box3.png HTTP/1.1 
Host: cdnbun.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.14.142
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
content-length: 23230
x-guploader-uploadid: ADPycdul7JUIGPe0DgWddF6Eh2APde4p8AhFfYNoRHM2oKolfCZsMQQOV62favqjALVb1hv7X1WaloP110rwhF4o0noYM41KEE4G
expires: Fri, 02 Dec 2022 02:28:31 GMT
cache-control: public, max-age=14400
last-modified: Wed, 02 Nov 2022 18:14:32 GMT
etag: "e82188b058b7b5ce55721a60f81072cd"
x-goog-generation: 1667412872943324
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 23230
x-goog-hash: crc32c=QcJbbQ==, md5=6CGIsFi3tc5Vchpg+BByzQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6K4cFEwGDDhxmxyDwjmeD148zJdPBxV881wN65dIaDsBaEKbkBHB0mLkFFczlst2kHotz4WQxSpsiKncFTa1g5fM%2FlWeqm%2BpZto0Z3A%2F%2B3agr%2FUkg2PSgeZMZ8UE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584a5ce10afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 350 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size:   23230
Md5:    e82188b058b7b5ce55721a60f81072cd
Sha1:   bc7f3c45d9e420716c68a9095328d375445d1f70
Sha256: 4f357b619b51b46549eac459f654f850bdff21ca0fa4ed958c2a3c36b5886bd7
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "041096A10C64C40FD34D9E37FBD2E1AC629DE0580E4977C28729BC8809636A22"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=661
Expires: Fri, 02 Dec 2022 01:49:46 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "0D6783A242414471C8015FAB158A5BEAD0DD30E2190E371F3D3F24D6F4D9EFE6"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16930
Expires: Fri, 02 Dec 2022 06:20:55 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive

                                        
                                            GET /-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png HTTP/1.1 
Host: 1.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.161
HTTP/2 200 OK
content-type: image/png
                                        
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Norway_outbox.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 180954
x-xss-protection: 0
date: Thu, 01 Dec 2022 21:39:07 GMT
expires: Sun, 06 Nov 2022 03:02:48 GMT
cache-control: public, max-age=86400, no-transform
age: 14378
etag: "v632"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 497 x 308, 8-bit/color RGBA, non-interlaced\012- data
Size:   180954
Md5:    fd835c1f326d3e7da0d9839550f66723
Sha1:   5004618bc15011d7d0f569f60f900d076b164b3d
Sha256: b2286c3ed452ee4eeb15d2044a90cfc456d4789b2fdbe42bb9e023c9da18e4a8
                                        
                                            GET /upload/petropargov.box1.png HTTP/1.1 
Host: cdnbun.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.14.142
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
content-length: 8376
x-guploader-uploadid: ADPycdun8VXyCm9Eh0iQczP4g9n64xKkcTFgEZYwqM51FRoudhl7_hE7L4DskbhLSseysqaDx7CnFKFgdrwaf4ruKFNMSA
expires: Fri, 02 Dec 2022 02:28:31 GMT
cache-control: public, max-age=14400
last-modified: Wed, 02 Nov 2022 18:14:32 GMT
etag: "2b2da5ac46210fccbe09d0802516d833"
x-goog-generation: 1667412872857532
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 8376
x-goog-hash: crc32c=/1XhBA==, md5=Ky2lrEYhD8y+CdCAJRbYMw==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BXw%2FDlJnN4AWKaFm7hulLR3DnttDhca%2Fjhyk90JcjOODItyg%2F1sx%2BpS%2FZq%2FByMvTfalSbEbbNgZTThV95CwejoetSNKSUhmk8neK7sdjt5rWByj3KCIUBGOuxVDc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584a9cec0afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 350 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size:   8376
Md5:    2b2da5ac46210fccbe09d0802516d833
Sha1:   32b4775faa5ab6ba6d2603a8cdf75af0994ed206
Sha256: 7269799413853af43da297f5dd0a9a959c106c6864e33a338f2a0041220fd0a4
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 01:38:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /upload/br9.jpg HTTP/1.1 
Host: 263cdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.21.235.73
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
content-length: 10562
x-guploader-uploadid: ADPycdsG3aEo9px90q-tT-p3XK6DRCUIqCO1bFl24luJ8tXGbrKwX-D6RF7m7e0u9kk5MsUwicQRz4-v04_mu_K-uucpXA
expires: Fri, 02 Dec 2022 01:25:23 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "f13809c2eef4af36e6221e0c321cc639"
x-goog-generation: 1655329826660494
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 10562
x-goog-hash: crc32c=IaTdpw==, md5=8TgJwu70rzbmIh4MMhzGOQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1693
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=erxqJ%2F3XT8AXjykDbzZQKs8FA5sZWaA2mj9Ifa1YRENQOGhiNmF4TkFGrBXd8V%2BfaIcmCaSiD5dIu2NfzTaJaEuAXDrKvJr69Ch7%2F04LXevh0Igd1sExt%2BX5jDMG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584ad9f271b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Size:   10562
Md5:    f13809c2eef4af36e6221e0c321cc639
Sha1:   ace9af813be3c79f27b39fbf110ac3152b804947
Sha256: addcc62106b16e6f000ee0879b54eb595000e0b6626268b7a08d3d2ce2f33330
                                        
                                            GET /upload/br10.jpg HTTP/1.1 
Host: 263cdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.235.73
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
content-length: 9192
x-guploader-uploadid: ADPycdvUlrmK7ZZc_Vpu4gCfhnuiq-T9YR3SkuWKdzmTYOXmfaI-Ttz7WjrQhqzg4vDs-GjGnN2b804INC9qXu3bHtHC_ni4s8Fq
x-goog-generation: 1655329825994897
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 9192
x-goog-hash: crc32c=VkzUBQ==, md5=ajbv1ngf8HacPNn9jNB9YA==
x-goog-storage-class: STANDARD
expires: Fri, 02 Dec 2022 02:30:22 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "6a36efd6781ff0769c3cd9fd8cd07d60"
cf-cache-status: HIT
age: 503
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LuJ1IyZKrS3onT7WRU9%2Fv6q85oBaOC3u4KBtV%2FMAimSVwenBxUw8DVybMci3trz21sPAno%2BpQGdtuVkb%2BolCMARA2opCAPsrzgW3KWi69yW93Lnzh9nT6Yv56DgD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584ad9ed71b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Size:   9192
Md5:    6a36efd6781ff0769c3cd9fd8cd07d60
Sha1:   c4ce25b82fd7555f88da9d04b8498389166d6450
Sha256: 838a9dcc32e1009417bf460b730de6febc3c77c3f98977f9a25e58d9e760b754
                                        
                                            GET /upload/br7.jpg HTTP/1.1 
Host: 263cdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.21.235.73
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
content-length: 7121
x-guploader-uploadid: ADPycdsyZvYakIoFgkSod7mubxDzpRiVKN7ZXL1axeka2U5XhelhnWVRtieVHFDe26A8B_wHjIa_NGAgJ7yMsCB2Vbeu67B04_D-
expires: Fri, 02 Dec 2022 01:08:00 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "348a1fc1775375a2041c4f46c1e857f1"
x-goog-generation: 1655329826514326
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7121
x-goog-hash: crc32c=Z1w3fg==, md5=NIofwXdTdaIEHE9GwehX8Q==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1740
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZUwVgkOKT4cfh3pZEnWX7XQMvL8Qagud4a%2BcxU3zWqof9jsQd1HCeRD%2BvC7KPUzTNR2Jx%2FLP8WL%2BDk9FCKD4bQKQOg9z4zA2vb%2FMxIeX82MVRurWxYbqu9j1GgB8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584ad9ef71b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Size:   7121
Md5:    348a1fc1775375a2041c4f46c1e857f1
Sha1:   8f4f78aceafbc18f26e413b8adbddbbbdfb1a5e9
Sha256: ba98581166a1948bd0b688755e4c3b11d5279345cb73a1c4372ada9f31b0cb54
                                        
                                            GET /upload/br8.jpg HTTP/1.1 
Host: 263cdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.21.235.73
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
content-length: 10919
x-guploader-uploadid: ADPycdtYXgqtTQqFcxk1Mw--_8BhFZmwaSJV_Uc9hGYwiVlkk5jTr6GPbeAsbg3dZZzjRbaJTXWXwCxczFYCiTMuNyJNtw
expires: Fri, 02 Dec 2022 01:58:25 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "cde75f5893c6a09c97962401bff1f651"
x-goog-generation: 1655329826503145
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 10919
x-goog-hash: crc32c=I0QPWg==, md5=zedfWJPGoJyXliQBv/H2UQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 506
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bIPeqiI5jkUjSeRbxbs%2Fl%2F9n%2FT9qPGwlnxK%2FGD2PbJgJJV1SoCzAfEEtzBZHnkRVF5RcglAajDirUtmZVoKVbpnBVrbcjbuUoONnOtdxRoQA9xSMFkGLzUUtE53T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584ad9f171b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Size:   10919
Md5:    cde75f5893c6a09c97962401bff1f651
Sha1:   42c491819e3011dab6cb1644f4e3ad16fcbdcf63
Sha256: 7fa0e99909ddb658f9d01b276d3280f209c1cbf0530ee26b8602a9b63ddc2a1f
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "F972AD989A9BA7A75AF1153546156A0063591DF2CC5BA521FC7557A8871FE519"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5125
Expires: Fri, 02 Dec 2022 03:04:10 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive

                                        
                                            GET /upload/br6.jpg HTTP/1.1 
Host: 263cdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.21.235.73
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
content-length: 13307
x-guploader-uploadid: ADPycdsigQgvLSa9yrJk1GyUsyOvGHgkcQhTkdCAQjYDnycrmqQmIpT8NjQtyFJcGLJ5hIymnDNqr5rUcknpFw3ktV2RNSGOAICy
x-goog-generation: 1655329826365830
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 13307
x-goog-hash: crc32c=mUw5og==, md5=Wqui35lGeyLJq6O3P013Fg==
x-goog-storage-class: STANDARD
expires: Fri, 02 Dec 2022 02:18:31 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "5aaba2df99467b22c9aba3b73f4d7716"
cf-cache-status: HIT
age: 503
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YC0qQgJe6MpAKB02uiz%2FRIVc8T0qR9qrFuk0C%2B00iSm8gZhVH3%2FC1NcqwfyC2bKfgAB0lmWVXU8fftcdH4udSd%2Bqxd1eLAVE4pZnkQVU6VmBFsHW4DesqStiaMtp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584ad9ee71b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Size:   13307
Md5:    5aaba2df99467b22c9aba3b73f4d7716
Sha1:   05bbaa23e54f06f28d9f79dabb6184480edd924d
Sha256: 835cbfb92c8564b94e00760d85fa2d4839729e48d9085bbdb150b5bae8a5ab8f
                                        
                                            GET /upload/br2.jpg HTTP/1.1 
Host: 263cdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.235.73
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
content-length: 14395
x-guploader-uploadid: ADPycdt7S319oEaz2QfIhqmI9DmcOPTTGMbHvQtYFTzC2JkOhJkGDbEqRbVshsHitnzsm8cpHzWo2ZB9_g7lEeboOy42vKUcJHVx
expires: Fri, 02 Dec 2022 01:37:08 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "32983c2f4b03d1249fb67313e66137c3"
x-goog-generation: 1655329826154693
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 14395
x-goog-hash: crc32c=u9T/jw==, md5=Mpg8L0sD0SSftnMT5mE3ww==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1740
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lnpq9AOXKDhJXOBBuHVcsEH1CLCgZ3qZnC30zdcgLtgsKWU0JwRMZ3g4n8x86RbgOSNMWsv88ck0wVcqSKtnmoVzV4mcOzM6NatBlYw9dDOcNHpiS7JwRsYiAZCc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584aea0071b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Size:   14395
Md5:    32983c2f4b03d1249fb67313e66137c3
Sha1:   78e522f9e90dd0b492c569da47c60e2b430997e2
Sha256: fecb1d9535690acb0adf0f834ff111a15285118107eaff6ee479b54aec2dddb0
                                        
                                            GET /upload/br3.jpg HTTP/1.1 
Host: 263cdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.235.73
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
content-length: 9121
x-guploader-uploadid: ADPycduzvFSuvG9kfWCqm3cg3HcvLxQlOckaLccQ6_PO5bmb4Q_i4wZ6fwlwO0LdJirMj2tb-9N5ZunNdRukNcmYhTx46g
x-goog-generation: 1655329826245518
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 9121
x-goog-hash: crc32c=+D69SQ==, md5=ZtfNQXv72ivSdrM0ffw9pw==
x-goog-storage-class: STANDARD
expires: Fri, 02 Dec 2022 01:02:26 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "66d7cd417bfbda2bd276b3347dfc3da7"
cf-cache-status: HIT
age: 848
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cBp0wDLQxi40TDZPU2F8OxpzmaLtg%2B8rpYdmjmI1TFaoSXbnZhP%2FdxKZxpszU9jzs38aMumzyUM4Q5mBe4Y5sfINa%2FrMs7EoOD3GST0ZQpow44OmXOmJd%2BN7EA4O"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584afa0371b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Size:   9121
Md5:    66d7cd417bfbda2bd276b3347dfc3da7
Sha1:   048d03dd0b91984e67c78dfdbc01eae1d1e5c4f2
Sha256: df9e448f6762948a2da6faeefc36400eedbb93836eba6139970120c622c30182
                                        
                                            GET /upload/br5.jpg HTTP/1.1 
Host: 263cdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.235.73
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
content-length: 9198
x-guploader-uploadid: ADPycdsz4y3v7tU9CUju8aGqWi9dai8Aoydyu5kTHXYA1rbaKODS7ydqa8NjaFcSXJWSb98T-4cE5LPiJN7Vh0yr1SRnmA
x-goog-generation: 1655329826310264
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 9198
x-goog-hash: crc32c=k6EtFA==, md5=f2NUVMg4vTzPp/lVDfvZGw==
x-goog-storage-class: STANDARD
expires: Fri, 02 Dec 2022 01:21:06 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "7f635454c838bd3ccfa7f9550dfbd91b"
cf-cache-status: HIT
age: 1693
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oV50HeQnMREdICMxz%2Fp6luDE%2FnNNn12yZpP6omvpZR8HgRFmURj%2BKIxg4RbDCTzznX8i6wvTuKGDx96wIm81b4CYy2g8%2BJodT2m%2FJ1LffYW5u55WtBGGKTRKU5o%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584afa0f71b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Size:   9198
Md5:    7f635454c838bd3ccfa7f9550dfbd91b
Sha1:   a7872ff6f626bab2ec04c3ee05fb4e00586e5444
Sha256: 542a9cbe8f09d55dbab27b9357dabc18ad34fd1713aab9247ebe91d7ce188d7e
                                        
                                            GET /upload/br1.jpg HTTP/1.1 
Host: 263cdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.235.73
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
content-length: 13420
x-guploader-uploadid: ADPycdsL0w3XiYEERd0nKqfL5A_2i8Nf4oRQgZSCrcDIOosfoLTY4SmJwE_Ovo7yg5F3uSWmH3Da2MWnScLIh0Rz5UF-1A
x-goog-generation: 1655329825934733
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 13420
x-goog-hash: crc32c=mWHaiQ==, md5=vEe2zdOTrXKLKIGablXC5w==
x-goog-storage-class: STANDARD
expires: Fri, 02 Dec 2022 01:47:26 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:25 GMT
etag: "bc47b6cdd393ad728b28819a6e55c2e7"
cf-cache-status: HIT
age: 3079
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pQ9JSUWwuasTDctmhRew2WUMvwJClvCD%2Fq1ec%2BV6288iC%2FC3vrgUaUQViwypSf7HCZrRk1xXmZttgUSxXTJk4kd%2BBuAohDOzy%2Fz4c9Ai%2BFeQUubWdTmhE8XSjmUY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584afa1171b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Size:   13420
Md5:    bc47b6cdd393ad728b28819a6e55c2e7
Sha1:   e0874c0e94f333fc246097f34a9f2a83c522ad12
Sha256: 094b0e993e6af7f549a6d0fd128cfd6697e865b1866580ec12debbdbf2548565
                                        
                                            GET /upload/br4.jpg HTTP/1.1 
Host: 263cdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.235.73
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
content-length: 13791
x-guploader-uploadid: ADPycdtbvH25e1ZSCgbPBLhQUjfrhnaKNaLzdwxkML4iMGMfpl52oNW1ajtHdR32C8vQA8rr5c5Vrecq3TQRmzij6blqQQ
expires: Fri, 02 Dec 2022 01:29:31 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "a4a4c0d4a70735b72b417784f0b70f53"
x-goog-generation: 1655329826227801
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 13791
x-goog-hash: crc32c=vRJnew==, md5=pKTA1KcHNbcrQXeE8LcPUw==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1740
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bz5cHAmHSouN14b4fSQ4xTt4jFXFcgQpaSyr2zbd4k7YYjCQAT3ft1HE3%2F%2FOZgXIbzcjvta9UfbtdrAu0X8yopEDlFoE3kchqt75hY0JmnUeJh7bnytW9pXDgjrf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584b4a4d71b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Size:   13791
Md5:    a4a4c0d4a70735b72b417784f0b70f53
Sha1:   eb8ab5c4f709d800fc43f2c1969b830b785cbd87
Sha256: 76f67ceb044c404c2f95482e5d69275692989060e8612f57c4d2ca5ec6137b96
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "041096A10C64C40FD34D9E37FBD2E1AC629DE0580E4977C28729BC8809636A22"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4084
Expires: Fri, 02 Dec 2022 02:46:49 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive

                                        
                                            POST /g/collect?v=2&tid=G-TL7ZZFZFHR&gtm=2oebu0&_p=1535966689&cid=1253883171.1669945124&ul=en-us&sr=1280x1024&_s=1&sid=1669945124&sct=1&seg=0&dl=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065&dr=http%3A%2F%2Fmistressspider.top%2F&dt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1 
Host: region1.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://voicelevel.top
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

search
                                         216.239.34.36
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: https://voicelevel.top
date: Fri, 02 Dec 2022 01:38:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19228
Expires: Fri, 02 Dec 2022 06:59:14 GMT
Date: Fri, 02 Dec 2022 01:38:46 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19228
Expires: Fri, 02 Dec 2022 06:59:14 GMT
Date: Fri, 02 Dec 2022 01:38:46 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19228
Expires: Fri, 02 Dec 2022 06:59:14 GMT
Date: Fri, 02 Dec 2022 01:38:46 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:47 GMT
age: 14639
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   2942
Md5:    b47431190f34eccf0a6efb98e2a32b7d
Sha1:   9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
Sha256: 08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cgj3fw3lpngosMNOK7cZUZO94T__4RTy_p7wa6rI62OOvhI5E9wMSw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:19:21 GMT
age: 65965
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8863
Md5:    156e9ea97b774cbd8361072e4041b6c8
Sha1:   fc71ae3cae92ed6011904bb2367f23bf4e69fab4
Sha256: 58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:15:42 GMT
age: 66184
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6174
Md5:    b986f9fcbeca91ed5c8d58fbfaf47d19
Sha1:   6e6c8bd2bce144cc4da1cd7be375b046b60dca79
Sha256: 07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb2cfbf1-2aef-40a6-97e1-99a756e32924.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13461
x-amzn-requestid: 8c0121a6-cf29-4cd0-bd42-d9f67af62b84
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQsyGhGoAMF1-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c7eb-593f28367320530e2dcafbfb;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:03:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: npt-A-TEzjd-QRTVhv5FMJhwlYujCRCF7tyYbathxjCdCFFEwh_vEQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 04:59:42 GMT
age: 74344
etag: "8fe32fffe672f0e91ce773af0e4be960f55bad08"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13461
Md5:    16a112f00456d38c4c9e051ccf40e105
Sha1:   8fe32fffe672f0e91ce773af0e4be960f55bad08
Sha256: 43517bbcd17ec6d05d09a4c0d183610acdc7e2fa4767cb786cb8b936d5f44402
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0842726-801f-4648-a54d-c0cb2cf5348a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5675
x-amzn-requestid: a47e049a-6f76-4af4-8064-fd7722bcfb17
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepGYEIAMFeQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-09e13afe27c4dc5b44e828be;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: U_3ah2pFrsQl9IVVqm9EVI99FnF79b9zOUFVBGX966JAjkDg6UF--A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:47:56 GMT
age: 13850
etag: "898d50ac6e372609656fccee27de3d036bc0281c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5675
Md5:    89502a302863c914b4de5e8c6a7f6846
Sha1:   898d50ac6e372609656fccee27de3d036bc0281c
Sha256: 9bc1f83d570d70b7e17e5de7a1546885851431ea989d915852ae7130387c422f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4840
x-amzn-requestid: 6bc8fa91-5696-4bc6-b1e7-3c36b2c01801
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGxTFxyoAMFRzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e6e-3e85b78905aaa73726eef85a;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UraCGe--VISONXzaUBpA7vuLuD5l7zihtQIph7LVn1QsS8MjLBbvKw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:51 GMT
age: 13795
etag: "5ce119089f4a4cd139b523889b6cd84cd79191f4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4840
Md5:    60ccdde4ce64b4a3fe6fc2a059b3bde1
Sha1:   5ce119089f4a4cd139b523889b6cd84cd79191f4
Sha256: 2089225a6dc13845ab8e031416920d16952ae1461ca10d72c408ad001ed8f27b
                                        
                                            POST /gsrsaovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         151.101.2.133
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Connection: keep-alive
Content-Length: 1432
Server: nginx
Expires: Tue, 06 Dec 2022 01:14:28 GMT
ETag: "51d051bb202212d770498c612dde0abf6ab1d132"
Last-Modified: Fri, 02 Dec 2022 01:14:29 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 02 Dec 2022 01:38:46 GMT
Age: 1457
X-Served-By: cache-qpg1274-QPG, cache-bma1652-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 69, 1
X-Timer: S1669945127.622283,VS0,VE1


--- Additional Info ---
Magic:  data
Size:   1432
Md5:    7d6fb5cd39c262c52ba398c0a4e891ea
Sha1:   51d051bb202212d770498c612dde0abf6ab1d132
Sha256: ca9f8dc8424b06d90a6af24ac6ea4597bc4f5ba1a8a16a38fe105af0b4f37a0f
                                        
                                            POST /gsrsaovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         151.101.2.133
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Connection: keep-alive
Content-Length: 1432
Server: nginx
Expires: Tue, 06 Dec 2022 01:14:28 GMT
ETag: "51d051bb202212d770498c612dde0abf6ab1d132"
Last-Modified: Fri, 02 Dec 2022 01:14:29 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 02 Dec 2022 01:38:46 GMT
Age: 1457
X-Served-By: cache-qpg1274-QPG, cache-bma1666-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 69, 1
X-Timer: S1669945127.622259,VS0,VE1


--- Additional Info ---
Magic:  data
Size:   1432
Md5:    7d6fb5cd39c262c52ba398c0a4e891ea
Sha1:   51d051bb202212d770498c612dde0abf6ab1d132
Sha256: ca9f8dc8424b06d90a6af24ac6ea4597bc4f5ba1a8a16a38fe105af0b4f37a0f
                                        
                                            POST /gsrsaovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         151.101.2.133
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Connection: keep-alive
Content-Length: 1432
Server: nginx
Expires: Tue, 06 Dec 2022 01:14:28 GMT
ETag: "51d051bb202212d770498c612dde0abf6ab1d132"
Last-Modified: Fri, 02 Dec 2022 01:14:29 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 02 Dec 2022 01:38:46 GMT
Age: 1457
X-Served-By: cache-qpg1274-QPG, cache-bma1657-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 69, 1
X-Timer: S1669945127.622504,VS0,VE1


--- Additional Info ---
Magic:  data
Size:   1432
Md5:    7d6fb5cd39c262c52ba398c0a4e891ea
Sha1:   51d051bb202212d770498c612dde0abf6ab1d132
Sha256: ca9f8dc8424b06d90a6af24ac6ea4597bc4f5ba1a8a16a38fe105af0b4f37a0f
                                        
                                            POST /gsrsaovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         151.101.2.133
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Connection: keep-alive
Content-Length: 1432
Server: nginx
Expires: Tue, 06 Dec 2022 01:14:28 GMT
ETag: "51d051bb202212d770498c612dde0abf6ab1d132"
Last-Modified: Fri, 02 Dec 2022 01:14:29 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 02 Dec 2022 01:38:46 GMT
Age: 1457
X-Served-By: cache-qpg1274-QPG, cache-bma1652-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 69, 2
X-Timer: S1669945127.631249,VS0,VE0


--- Additional Info ---
Magic:  data
Size:   1432
Md5:    7d6fb5cd39c262c52ba398c0a4e891ea
Sha1:   51d051bb202212d770498c612dde0abf6ab1d132
Sha256: ca9f8dc8424b06d90a6af24ac6ea4597bc4f5ba1a8a16a38fe105af0b4f37a0f
                                        
                                            GET /hm.js?ba99808308e7272d58c43367a11d1204 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11267
Date: Fri, 02 Dec 2022 01:38:47 GMT
Etag: adcfa815092901993197fed6cca6c6a0
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=08334E134151663A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800


--- Additional Info ---
Magic:  ASCII text, with very long lines (629)
Size:   11267
Md5:    5ba3eddd9d1b2c06a1c24b82175b1e65
Sha1:   4c666cc37dde0221040dea8bbb88f422ee7251dc
Sha256: 4da9c5a7942b0454ad9d5e9f441f816b3116bf52606b417aa6b33b21ba1752a8
                                        
                                            GET /hm.js?fb5c0efbaa67712d369184d9298dc644 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11299
Date: Fri, 02 Dec 2022 01:38:47 GMT
Etag: 95e50193b903ef66e1225be4073094c4
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=A46393A5E416F54B; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800


--- Additional Info ---
Magic:  ASCII text, with very long lines (661)
Size:   11299
Md5:    116f2c421340ba7f400e724d604ac854
Sha1:   c2348f209bd4c95265a319dd80e1118e5ea00928
Sha256: bf680990087c6da7cd8cec0debe04fcc5e26fc7b7ee725c2e8c10a3622165827
                                        
                                            GET /hm.js?8b68846a3ac1709b0ec7199084ee5ea8 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Date: Fri, 02 Dec 2022 01:38:47 GMT
Etag: e899ee1322932a83d6948078178df921
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=ED2D14A1C2B048C9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800


--- Additional Info ---
Magic:  data
Size:   31000
Md5:    47a9dc087e5a9db249cb549f9885e7d4
Sha1:   73f40f9b917a528951e6b09465dcfdce84a8777b
Sha256: 03b9851d02dd8c5334b6f237371beddb4c7e244c557c82d52b229f5c674a9167
                                        
                                            GET /hm.js?9e84975b629767c58a8becc81600bb23 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11307
Date: Fri, 02 Dec 2022 01:38:47 GMT
Etag: afc8d85769783688363bb1e6ab09c504
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=74A143785E618559; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800


--- Additional Info ---
Magic:  ASCII text, with very long lines (669)
Size:   11307
Md5:    454423762b96a64ac45add1a1a64acb7
Sha1:   8d4a9306d26ebce66a8a0520684ef86a027939bc
Sha256: ec34433ee71b0441549bce9691ddda6eb6bcc27859d875724d9c0ddc355d2aa1
                                        
                                            GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=658995335&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Fmistressspider.top%2F&v=1.3.0&lv=1&sn=47791&r=0&ww=1280&u=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065%231669945124328&tt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Date: Fri, 02 Dec 2022 01:38:47 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=DFBA5D522D974AE6; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=419680819&si=fb5c0efbaa67712d369184d9298dc644&su=http%3A%2F%2Fmistressspider.top%2F&v=1.3.0&lv=1&sn=47791&r=0&ww=1280&u=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065%231669945124328&tt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Date: Fri, 02 Dec 2022 01:38:47 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=2514F8FE019E40EB; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1350139742&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Fmistressspider.top%2F&v=1.3.0&lv=1&sn=47791&r=0&ww=1280&u=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065%231669945124328&tt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Date: Fri, 02 Dec 2022 01:38:47 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=0B77C16F4F8C2F0A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1844157396&si=9e84975b629767c58a8becc81600bb23&su=http%3A%2F%2Fmistressspider.top%2F&v=1.3.0&lv=1&sn=47791&r=0&ww=1280&u=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065%231669945124328&tt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Date: Fri, 02 Dec 2022 01:38:48 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=71D61FD2577A98DB; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /npm/jquery@3.6.0/dist/jquery.min.js HTTP/1.1 
Host: cdn.jsdelivr.cc
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.0.245
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
x-guploader-uploadid: ADPycdujKqP4OmsICcw4by2ej4M3gF2bmp67KcND5Yd7ZkChGu92L3U7j930k4J7s5KmD98KzStiLKDZt_7_8jjTVv4
expires: Fri, 02 Dec 2022 01:00:13 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:30:17 GMT
etag: W/"3e4bb227fb55271bfe9c9d4a09147bd8"
x-goog-generation: 1647502217775195
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 89501
x-goog-hash: crc32c=JnXAUA==, md5=PkuyJ/tVJxv+nJ1KCRR72A==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3198
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kqvXs8TKy2RvDuZTFUkb5IMAXonio8g9zO3UeYO8aa1sux1I%2FS%2Bad58dGs2ozjb%2FaZulhSqzSPaiBBPubeZm6cwQDf8d2xo7DNgbCjchms%2BhtL4EvVsAqNPhsTkKOdWwpvM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773058485c46fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /bnr.php?section=General&pub=593174&format=300x50&ga=g HTTP/1.1 
Host: uprimp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.66.200.220
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Fri, 02 Dec 2022 01:38:45 GMT
expires: Fri, 02 Dec 2022 01:38:45 GMT
last-modified: Fri, 02 Dec 2022 01:38:45 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/responsive.js HTTP/1.1 
Host: bonepa.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.66.201.42
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Fri, 02 Dec 2022 01:38:45 GMT
last-modified: Wed, 02 Nov 2022 13:52:39 GMT
etag: W/"63627627-e32"
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1 
Host: cdn.jsdelivr.cc
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.0.245
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
x-guploader-uploadid: ADPycdt8iAiFUD-J6NleyhXb8_vV8-wAPh_5tba_l2ugugXdkSJbrWiN1EsoSHZyahG4iSEJB_zV100HdRQRWXjd72Q
expires: Fri, 02 Dec 2022 01:00:07 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:44:44 GMT
etag: W/"31c898c6d2ea13c30441657ff1900d81"
x-goog-generation: 1647503084523089
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 21236
x-goog-hash: crc32c=7cW0Gg==, md5=MciYxtLqE8MEQWV/8ZANgQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3198
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aZeFmntebC7a5OlL1MPzI6YoMciIrsa1jbawcNqgUY7DbK0pGrxSi2FY%2FuO%2BC%2FwL6iza3yZ3YmIbIHEERRIApelutzIbiHMz0PoXa185ldnkhrx5INN7i4JJ8WXTqWQvV6k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773058484c41fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1 
Host: cdn.jsdelivr.cc
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.0.245
HTTP/2 200 OK
content-type: text/css
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
x-guploader-uploadid: ADPycduCHwg6n53VPzNb_-57qJzhoPJbEBdMgpsWgTX19t4NIh3Tdte6MCXenDGQTAuiJrpSRG3G9WDZErClLNvZVXhXccOSWw
expires: Fri, 02 Dec 2022 00:59:54 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:38:12 GMT
etag: W/"feba0d0760607b9e21393156949afcd9"
x-goog-generation: 1647502692716912
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 161415
x-goog-hash: crc32c=Sb/HMQ==, md5=/roNB2Bge54hOTFWlJr82Q==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3198
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6hI5esjAr%2BW88ckQBFWPxgfOM0OTLi9ojwEAKbu9GJOasL0PVLZ0a1Cro6z1SxO7rSZmQroMOT71cw2v7Gnt9qIBeGK2V0BK%2B2S5n1xWjubwGcaAkttFJ%2BgUBKDDM%2F5P45Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773058485c45fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /npm/bootstrap@4.6.0/dist/js/bootstrap.min.js HTTP/1.1 
Host: cdn.jsdelivr.cc
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.0.245
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Fri, 02 Dec 2022 01:38:45 GMT
x-guploader-uploadid: ADPycdv0chj5F1Awc6K7Usaiie2qXL87Fxg5kp7mYqQH9s8HWV5Nuv0HuTqJ2hz1F5xUG9MGapUfK4P-pfLXRasYr-w
expires: Fri, 02 Dec 2022 00:59:54 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:36:54 GMT
etag: W/"c99230d2575380d7f95ff626606d2426"
x-goog-generation: 1647502614200576
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 63473
x-goog-hash: crc32c=x2l+AA==, md5=yZIw0ldTgNf5X/YmYG0kJg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3198
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6i%2BDgW8z8FTZCs395eYxKcWjXoLa1FpCpAzJGXOijyjD4Xlhy%2FTt%2BVkP%2FKJorPzckov%2BRnpWgJVQhpbBuA%2BNb1Ej0T8AEvhmqLVUBQz0MuflSsweGs01zQvmf00B4Tx6C%2Fk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773058485c4afac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /4fe48aebd6/4f59451604/?placementName=Banner&is_first=true&randomA=0_3867&maxw=0 HTTP/1.1 
Host: bonepa.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         185.66.201.42
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Fri, 02 Dec 2022 01:38:48 GMT
set-cookie: shown1=0; expires=Sat, 03-Dec-2022 01:38:48 GMT; Max-Age=86400; secure; SameSite=None used_ad2633299=1; expires=Fri, 02-Dec-2022 04:59:59 GMT; Max-Age=12071; path=/; secure; SameSite=None total_impressions=1; expires=Fri, 02-Dec-2022 04:59:59 GMT; Max-Age=12071; secure; SameSite=None
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex,nofollow
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---