mistressspider.top/ypf-qs/tb.php?mp=hw1669942723052
104.21.15.2200 OK 545 B URL HTTP/1.1 mistressspider.top/ypf-qs/tb.php?mp=hw1669942723052
IP 104.21.15.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (479), with CRLF line terminators
Hash 15293482e58c8c941fc168b6db621cfc
c12bbd52b4de43d704ac98afada03fdd4c537ade
bbf9f8135a4131ab96f255c423bf3008361493b5c28396b94d29dc418b6ad98b
GET /ypf-qs/tb.php?mp=hw1669942723052 HTTP/1.1
Host: mistressspider.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 01:38:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iPr2gL5UQTcUis4moEdOm4cF9xSc81S7cVI9W1BosBLau7fxdie5T1DGsc3%2Fw2wgAWcNNF4fYP6y44d4%2FW0v8WFhVpRMKuX9M2sLTBiR2%2BGsgeOfkqfJHDfXIZpFwBbKLyFKRG0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77305840daeeb521-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4801
Expires: Fri, 02 Dec 2022 02:58:45 GMT
Date: Fri, 02 Dec 2022 01:38:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3136
Expires: Fri, 02 Dec 2022 02:31:00 GMT
Date: Fri, 02 Dec 2022 01:38:44 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4599
Cache-Control: max-age=122947
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 01:38:44 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 11:47:51 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: LHU10CsI3IXz5wD3uvZuxmjUFT2U4C3hOcISn1PkBAbyO74whSdZPPyi50BPILSTAcC6Kw3Bi68=
x-amz-request-id: KJPBNJFTN54KE2DP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 00:46:30 GMT
age: 3134
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 01:19:50 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1134
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 01:38:44 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
mistressspider.top/favicon.ico
104.21.15.2200 OK 455 B URL HTTP/1.1 mistressspider.top/favicon.ico
IP 104.21.15.2:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 3c5d244b8b6b192c76a2c4331450c235
7e53f5ad871fcd67705eaf77f1ca9ff247143e1e
e0f26b6349453a86cd1f0f87cfd80559ef7edb6d88ff0af9ced7d7e413c548e3
GET /favicon.ico HTTP/1.1
Host: mistressspider.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mistressspider.top/ypf-qs/tb.php?mp=hw1669942723052
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 01:38:44 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 27 Dec 2016 03:54:11 GMT
ETag: W/"5861e5e3-1b0"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wh1ADRpiCM5i60CTf7F2Do%2BVA5IADYwpcEE%2FY5%2FE0k5YviY2AQy5noHu%2BvmYAcZxW2BdZJ4SwizuV5dtyPLl2VIiwGv2FGpo293LBNoaStRSNn3CwcL4tcxFi%2BrM3i5sqi93d5A%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773058436c66b521-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
mistressspider.top/j/og2.js?_t=1669945122874
104.21.15.2200 OK 942 B URL HTTP/1.1 mistressspider.top/j/og2.js?_t=1669945122874
IP 104.21.15.2:0
File type ASCII text, with CRLF line terminators
Hash bad1af26351d2e87c035596233940ab0
9ac0e34dcbfd29ca3070c506c200777a8016b161
bc734ed6fc97cbcbaa0ed5236ce8aa46754596a9a79eef96684242d231d0644e
Analyzer Verdict Alert fortinet Phishing
GET /j/og2.js?_t=1669945122874 HTTP/1.1
Host: mistressspider.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mistressspider.top/ypf-qs/tb.php?mp=hw1669942723052
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 01:38:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 16:09:56 GMT
Vary: Accept-Encoding
ETag: W/"635172d4-850"
Expires: Fri, 02 Dec 2022 13:38:44 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FSb%2FcRLYrltc3viBUuJXepnDT%2BR%2F0PZqnCNc6JLwL9jmVw2Xhx5qo6Ua%2FstfoeL47eAoEGULt7aKKXkfalIapCpYQFVrFZtD3pVsrxE2gg5Nb5xDsBYfoaP9XCDtAKsgX9OWZcQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 773058444cfab521-OSL
alt-svc: h2=":443"; ma=60
mistressspider.top/j/og2.php?_t=1669945122996
104.21.15.2200 OK 99 B URL HTTP/1.1 mistressspider.top/j/og2.php?_t=1669945122996
IP 104.21.15.2:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 05f455ad9c361a49221e3471ebdbe979
843a30e3653f71d897b6e1437b412e07d22bc242
8a9ae292893e13f61381ce70e30967c045a087a955ff2440578394127277c9a8
Analyzer Verdict Alert fortinet Phishing
POST /j/og2.php?_t=1669945122996 HTTP/1.1
Host: mistressspider.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 45
Origin: http://mistressspider.top
Connection: keep-alive
Referer: http://mistressspider.top/ypf-qs/tb.php?mp=hw1669942723052
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 01:38:44 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MqxqmnKNP16oqjMOsE85wbwecRpX6F2mIvQF7ImEQf6rJQ1qz2nWV30fVVeBwKGk67BzK5CtOWeay%2BfQ5NB9MQKT7xwGErnUeY9tZodoGoKKTIWGM9%2BrZzpt74YMH%2FpKN6GeM54%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77305844ed6cb521-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 01:11:15 GMT
cache-control: public,max-age=3600
age: 1649
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3e0e274a91bf887c630052429e770103
6d558108566965cbe9e76e2b3f827e53de4d75bb
b56b6e7f8640bea5a8c98caed11ba507af0a7d85e383c7c2164f5a6fdd01987b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "B56B6E7F8640BEA5A8C98CAED11BA507AF0A7D85E383C7C2164F5A6FDD01987B"
Last-Modified: Thu, 01 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18959
Expires: Fri, 02 Dec 2022 06:54:43 GMT
Date: Fri, 02 Dec 2022 01:38:44 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3e0e274a91bf887c630052429e770103
6d558108566965cbe9e76e2b3f827e53de4d75bb
b56b6e7f8640bea5a8c98caed11ba507af0a7d85e383c7c2164f5a6fdd01987b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "B56B6E7F8640BEA5A8C98CAED11BA507AF0A7D85E383C7C2164F5A6FDD01987B"
Last-Modified: Thu, 01 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18959
Expires: Fri, 02 Dec 2022 06:54:43 GMT
Date: Fri, 02 Dec 2022 01:38:44 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4600
Cache-Control: max-age=117884
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 01:38:45 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 10:23:29 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash ea2fc44bed758d2ec6c08e38212322ff
8bb9b1346e750bb3acfe998140b7fdd753a6623a
bd65b627bdece53af78c91753a2fbda2f96f058c7f763746a3d36eee63fb3259
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5968
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 01:38:45 GMT
Etag: "6388df4f-118"
Last-Modified: Thu, 01 Dec 2022 23:59:17 GMT
Server: ECS (amb/6B7C)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 935 B IP 93.184.220.29:0
File type gzip compressed data, from Unix\012- data
Hash 084287f68e042624f06c2e987a5b1700
e6861d25c221e55ab4cb26bd5baa82e4e8ef099f
35c4bfe3da0ffeed53539e5a8afe715e8898749488d81c390b8e4a382579e8ff
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=142122
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 01:38:45 GMT
Etag: "6388df4f-118"
Expires: Sat, 03 Dec 2022 17:07:27 GMT
Last-Modified: Thu, 01 Dec 2022 17:07:27 GMT
Server: nginx
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash ea2fc44bed758d2ec6c08e38212322ff
8bb9b1346e750bb3acfe998140b7fdd753a6623a
bd65b627bdece53af78c91753a2fbda2f96f058c7f763746a3d36eee63fb3259
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5968
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 01:38:45 GMT
Last-Modified: Thu, 01 Dec 2022 23:59:17 GMT
Server: ECS (amb/6B7C)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 01:38:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 01:38:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 01:38:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 44066bfa9226124a6cedba0d538f7206
2bd72dba68f7418d524d0e123ddadcc81c3edbae
ddf60063cbca367feb0cb2bb306b555a93831aaba432725b5fd5635509d77306
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DDF60063CBCA367FEB0CB2BB306B555A93831AABA432725B5FD5635509D77306"
Last-Modified: Tue, 29 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9710
Expires: Fri, 02 Dec 2022 04:20:35 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash ea2fc44bed758d2ec6c08e38212322ff
8bb9b1346e750bb3acfe998140b7fdd753a6623a
bd65b627bdece53af78c91753a2fbda2f96f058c7f763746a3d36eee63fb3259
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=142122
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 01:38:45 GMT
Etag: "6388df4f-118"
Expires: Sat, 03 Dec 2022 17:07:27 GMT
Last-Modified: Thu, 01 Dec 2022 17:07:27 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280
voicelevel.top/8ijE9QWv/ypf-qs/?_t=1669945123065
188.114.97.1200 OK 93 kB URL HTTP/2 voicelevel.top/8ijE9QWv/ypf-qs/?_t=1669945123065
IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash e56cd0bfbe121c10fbe1f2478e15db3a
d9be8989c04e32cc9ac1242cebfd512bcddd1b8c
4424fe0a04b9110bd98f1c17075bbbd3ce89d434bff8987ca044ac99d340b132
Analyzer Verdict Alert fortinet Malware
GET /8ijE9QWv/ypf-qs/?_t=1669945123065 HTTP/1.1
Host: voicelevel.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mistressspider.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: ypf-qs-tthh1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.voicelevel.top
ypf-qs-tthh2=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.voicelevel.top
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SjgRQ80YYhW6pRv8iUYTBzTjm5dnGHOcfeR0VLqp5DcecpjXQs6eDTCIf3FqaQMJ3brMpMQTHfpLRgU5pOegnUwLE7U7tGpDi6SAHnGnc16Kjvwml73nbHOZreIvYPAeNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773058468e070b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-LW7434MYMN
142.250.74.168200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-LW7434MYMN
IP 142.250.74.168:0
File type ASCII text, with very long lines (20080)
Hash a3e7493829d238a9b85436b5ca1965cf
ccd9f1f793826f4502d720a9738a7c0e98add484
73367211c4584323ddf4125d945b2ef5dcfc40193a1fe9b0b52e6a63fa704767
GET /gtag/js?id=G-LW7434MYMN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Dec 2022 01:38:45 GMT
expires: Fri, 02 Dec 2022 01:38:45 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76263
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-TL7ZZFZFHR
142.250.74.168200 OK 79 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-TL7ZZFZFHR
IP 142.250.74.168:0
File type ASCII text, with very long lines (26337)
Hash 43e71334c38c8993738d24643df255e8
7b73376a5c5245afcf9d479eb25c7e4de3ca6f73
cb96d9b792b88e4b51eae6b1d78dd0045424f98753d96587820c80ded00704ee
GET /gtag/js?id=G-TL7ZZFZFHR HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Dec 2022 01:38:45 GMT
expires: Fri, 02 Dec 2022 01:38:45 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79037
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash ea2fc44bed758d2ec6c08e38212322ff
8bb9b1346e750bb3acfe998140b7fdd753a6623a
bd65b627bdece53af78c91753a2fbda2f96f058c7f763746a3d36eee63fb3259
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=142122
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 01:38:45 GMT
Etag: "6388df4f-118"
Expires: Sat, 03 Dec 2022 17:07:27 GMT
Last-Modified: Thu, 01 Dec 2022 17:07:27 GMT
Server: nginx
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash ea2fc44bed758d2ec6c08e38212322ff
8bb9b1346e750bb3acfe998140b7fdd753a6623a
bd65b627bdece53af78c91753a2fbda2f96f058c7f763746a3d36eee63fb3259
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=142122
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 01:38:45 GMT
Etag: "6388df4f-118"
Expires: Sat, 03 Dec 2022 17:07:27 GMT
Last-Modified: Thu, 01 Dec 2022 17:07:27 GMT
Server: nginx
Content-Length: 280
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 192308a99b557bed384aecc29e85f66b
0943c11e5b7fca30176cdde5e1fc19553b0ab3e8
b59fee4ddee8362fc93d3d3b159a3bc0d541099db4deb6837ed4baa587ff73ff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B59FEE4DDEE8362FC93D3D3B159A3BC0D541099DB4DEB6837ED4BAA587FF73FF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20749
Expires: Fri, 02 Dec 2022 07:24:34 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 01:38:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
54.149.156.115101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.156.115:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Qzj6yoboYf5bKRZbTToqpQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fR3RB957vg09nhl109E6Tn6CId0=
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e68ba8d70e4d126e4cb1d9ca9f9a9ea8
e9668628f5d3ca65b3639ef9a96728744a4a0b88
0d6783a242414471c8015fab158a5bead0dd30e2190e371f3d3f24d6f4d9efe6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "0D6783A242414471C8015FAB158A5BEAD0DD30E2190E371F3D3F24D6F4D9EFE6"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6065
Expires: Fri, 02 Dec 2022 03:19:50 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e68ba8d70e4d126e4cb1d9ca9f9a9ea8
e9668628f5d3ca65b3639ef9a96728744a4a0b88
0d6783a242414471c8015fab158a5bead0dd30e2190e371f3d3f24d6f4d9efe6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "0D6783A242414471C8015FAB158A5BEAD0DD30E2190E371F3D3F24D6F4D9EFE6"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6091
Expires: Fri, 02 Dec 2022 03:20:16 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e68ba8d70e4d126e4cb1d9ca9f9a9ea8
e9668628f5d3ca65b3639ef9a96728744a4a0b88
0d6783a242414471c8015fab158a5bead0dd30e2190e371f3d3f24d6f4d9efe6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "0D6783A242414471C8015FAB158A5BEAD0DD30E2190E371F3D3F24D6F4D9EFE6"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6091
Expires: Fri, 02 Dec 2022 03:20:16 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 2.4 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 77bad1aca1e42b98162aa90ac8df567a
c1d523e82d23324219a99e310760d400cda6d1c0
19f3a3585f15c27e0e9776f784dec066843fe9572bd5582704beccacff581981
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "0D6783A242414471C8015FAB158A5BEAD0DD30E2190E371F3D3F24D6F4D9EFE6"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8104
Expires: Fri, 02 Dec 2022 03:53:49 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive
cdnbun.com/upload/petropargov.box2.png
104.21.14.142200 OK 2.3 kB URL HTTP/2 cdnbun.com/upload/petropargov.box2.png
IP 104.21.14.142:0
File type PNG image data, 350 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 33caf1d4d36d6691df1728b2c631a168
efa186e88d8198f61408e20c330e85bdbd9aa47f
f4fc0653f2de6002678aaba6c114282293e30228b6d5589adcaf25406f8d5f29
GET /upload/petropargov.box2.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: image/png
content-length: 2343
x-guploader-uploadid: ADPycdt6uz_wI-jyEV0_hHx-vrydkouawlcutZJBkt0TrdDhp14EUF6yH20GeZJwbLSRSScdK8zYUQZMq-3npFs4V9bRxw
expires: Fri, 02 Dec 2022 01:43:38 GMT
cache-control: public, max-age=14400
last-modified: Wed, 02 Nov 2022 18:14:32 GMT
etag: "33caf1d4d36d6691df1728b2c631a168"
x-goog-generation: 1667412872747640
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 2343
x-goog-hash: crc32c=HuFjDA==, md5=M8rx1NNtZpHfFyiyxjGhaA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n9kUg%2FB1cJoz57tb1XTX2EeoXyqE5vd8dCcUWgk%2BKd9oPWT86fdxqvdNYcpzkWHgwplNANcNPUghsq4Jahu6jDU24VpEiaPdY8YvtGO924BK1hXOcX5IgHratsMY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584a0ccc0afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f1a1d1c61902f782da72ad648ef0822e
a9f41722a3e5180ec4019998b5f0fdb464f2aafb
f75b6732b286ec9b4694cd53c6a33f64732412c336425c1091cd5316380e26d1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 01:38:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdnbun.com/upload/agtsy-you.png
104.21.14.142200 OK 329 B URL HTTP/2 cdnbun.com/upload/agtsy-you.png
IP 104.21.14.142:0
File type PNG image data, 46 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash af7d340d921da2e90844058a86e78da3
3b20b3398c00ffb81f60c7ee2cb2cff61b4f9542
9536c4aee44dce0aa08fe54aefde8ed24927f4aaad64343f09f0449f0406d08e
GET /upload/agtsy-you.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: image/png
content-length: 329
x-guploader-uploadid: ADPycdubIs1ZWPr4SjgaIUB72wPQbDLazLVu-1qt5hZzh1etI19obgL5jrDph0DqphFFD91iQT_XVI_IDk9Jx4oMnkay8A
x-goog-generation: 1667410595135623
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 329
x-goog-hash: crc32c=BG1utQ==, md5=r300DZIdoukIRAWKhueNow==
x-goog-storage-class: STANDARD
expires: Fri, 02 Dec 2022 01:43:33 GMT
cache-control: public, max-age=14400
last-modified: Wed, 02 Nov 2022 17:36:35 GMT
etag: "af7d340d921da2e90844058a86e78da3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zYS7iJN%2Ba7T3Ww2M9YYxoM6hrwsz2UeKzuS69ZG3b56coAMHedpYh5nnNpUGEhLQPAvUMHprNY%2BE7PW0X6owdBfCIm4vT64hABnTRJOhFtyyj027yo80UvigPkOL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584a1cd20afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e68ba8d70e4d126e4cb1d9ca9f9a9ea8
e9668628f5d3ca65b3639ef9a96728744a4a0b88
0d6783a242414471c8015fab158a5bead0dd30e2190e371f3d3f24d6f4d9efe6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "0D6783A242414471C8015FAB158A5BEAD0DD30E2190E371F3D3F24D6F4D9EFE6"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16930
Expires: Fri, 02 Dec 2022 06:20:55 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive
cdnbun.com/upload/agtsy-zuo.png
104.21.14.142200 OK 1.6 kB URL HTTP/2 cdnbun.com/upload/agtsy-zuo.png
IP 104.21.14.142:0
File type PNG image data, 69 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 2cb551769e47fab1f7377bba4a81ecba
ab2bb70a9b6cef30c2232819a32f62c38d954622
8a4a8d1dab9904d863fd67c876c12f8b236ca29d79a75bf0bd6cf9d5b68dc524
GET /upload/agtsy-zuo.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: image/png
content-length: 1638
x-guploader-uploadid: ADPycdvaJPl1Gty_oWp5YxH6JTSZfHDE0O3pIs92c-kqZfdukVZGW-FKYI6_I-FuVCLkj77O15rpqT9Qd3rcj4zeGXbdFA
expires: Fri, 02 Dec 2022 01:43:33 GMT
cache-control: public, max-age=14400
last-modified: Wed, 02 Nov 2022 17:36:34 GMT
etag: "2cb551769e47fab1f7377bba4a81ecba"
x-goog-generation: 1667410594551364
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1638
x-goog-hash: crc32c=wSylhg==, md5=LLVRdp5H+rH3N3u6SoHsug==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rzaf0Y2kPHu21RcJXFGHjnrQc0hs5U76mu2vIhh5hRIaIEk2BAfou9HRaUQ2VVb2nM73gu%2FRLpMnJqOX7uZ8l5F8rRnxNzT5qGRGfyNbazP0MYkcdrPNqfHK4SGJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584a2cd40afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnbun.com/upload/agtsy-img.jpg
104.21.14.142200 OK 86 kB URL HTTP/2 cdnbun.com/upload/agtsy-img.jpg
IP 104.21.14.142:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 512x288, components 3\012- data
Hash 3ad3019d5c86791d30c0f5e00b126a3e
7231c4ffbf716457f81892e1ca2def81db595e6a
c6dc3a583d35112b6132af8554898aec77e322a59b314b2567cc6383cc1efa0a
GET /upload/agtsy-img.jpg HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: image/jpeg
content-length: 86168
x-guploader-uploadid: ADPycdv_ilebzIbfUSwcR9LOOyRYuouqw_QnrU1tHYHOtOx6gtFMifQBfWXVXqPPak2rzFJceSa7PPY64aYbK80FYP9vgA
expires: Fri, 02 Dec 2022 01:43:34 GMT
cache-control: public, max-age=14400
last-modified: Wed, 02 Nov 2022 17:36:35 GMT
etag: "3ad3019d5c86791d30c0f5e00b126a3e"
x-goog-generation: 1667410595043829
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 86168
x-goog-hash: crc32c=1L6vHA==, md5=OtMBnVyGeR0wwPXgCxJqPg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OxjRXJ%2B0uJWk9XkkshMD3XvDG0Is7yHHb%2BCgpATkre2SMJpwx8Z%2B0ry78fLXP0hd6uxMOOzkIs9h%2Bv7V4NMi2LI%2BWdzbFgDWY8neTN30eSSeWD3cmFjX%2BtPE34mn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584a1ccf0afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
1.bp.blogspot.com/-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png
142.250.74.161200 OK 14 kB URL HTTP/2 1.bp.blogspot.com/-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png
IP 142.250.74.161:0
File type PNG image data, 350 x 251, 8-bit colormap, non-interlaced\012- data
Hash ff055162c5d233506eece3fb69a47e74
49812e303ae6674819b6a7a6e0721d555ef64df4
7e46c8bcf219a0d6f0f3d5c5b027ed613678a0c54d637172d6495f428ff80150
GET /-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Norway_inbox.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 13695
x-xss-protection: 0
date: Thu, 01 Dec 2022 21:39:07 GMT
expires: Sun, 06 Nov 2022 03:02:48 GMT
cache-control: public, max-age=86400, no-transform
age: 14378
etag: "v630"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f1a1d1c61902f782da72ad648ef0822e
a9f41722a3e5180ec4019998b5f0fdb464f2aafb
f75b6732b286ec9b4694cd53c6a33f64732412c336425c1091cd5316380e26d1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 01:38:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dd23da2808ae8aa86b91400946d25876
42f33a327a1e47ca49dddff6997c5ef782ec82ae
041096a10c64c40fd34d9e37fbd2e1ac629de0580e4977c28729bc8809636a22
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "041096A10C64C40FD34D9E37FBD2E1AC629DE0580E4977C28729BC8809636A22"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=661
Expires: Fri, 02 Dec 2022 01:49:46 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dd23da2808ae8aa86b91400946d25876
42f33a327a1e47ca49dddff6997c5ef782ec82ae
041096a10c64c40fd34d9e37fbd2e1ac629de0580e4977c28729bc8809636a22
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "041096A10C64C40FD34D9E37FBD2E1AC629DE0580E4977C28729BC8809636A22"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=661
Expires: Fri, 02 Dec 2022 01:49:46 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive
cdnbun.com/upload/petropargov.box3.png
104.21.14.142200 OK 23 kB URL HTTP/2 cdnbun.com/upload/petropargov.box3.png
IP 104.21.14.142:0
File type PNG image data, 350 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash e82188b058b7b5ce55721a60f81072cd
bc7f3c45d9e420716c68a9095328d375445d1f70
4f357b619b51b46549eac459f654f850bdff21ca0fa4ed958c2a3c36b5886bd7
GET /upload/petropargov.box3.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: image/png
content-length: 23230
x-guploader-uploadid: ADPycdul7JUIGPe0DgWddF6Eh2APde4p8AhFfYNoRHM2oKolfCZsMQQOV62favqjALVb1hv7X1WaloP110rwhF4o0noYM41KEE4G
expires: Fri, 02 Dec 2022 02:28:31 GMT
cache-control: public, max-age=14400
last-modified: Wed, 02 Nov 2022 18:14:32 GMT
etag: "e82188b058b7b5ce55721a60f81072cd"
x-goog-generation: 1667412872943324
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 23230
x-goog-hash: crc32c=QcJbbQ==, md5=6CGIsFi3tc5Vchpg+BByzQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6K4cFEwGDDhxmxyDwjmeD148zJdPBxV881wN65dIaDsBaEKbkBHB0mLkFFczlst2kHotz4WQxSpsiKncFTa1g5fM%2FlWeqm%2BpZto0Z3A%2F%2B3agr%2FUkg2PSgeZMZ8UE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584a5ce10afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 512 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1426dede0bde4e46345475bb72caac35
60d5cd08ecc1c6af32f3cfda68bd51a09e8f5831
56e85d53339f6362af43aa4e4f6689ac5594e83fe0d7c5681f47fb02ec9989a1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "041096A10C64C40FD34D9E37FBD2E1AC629DE0580E4977C28729BC8809636A22"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=661
Expires: Fri, 02 Dec 2022 01:49:46 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e68ba8d70e4d126e4cb1d9ca9f9a9ea8
e9668628f5d3ca65b3639ef9a96728744a4a0b88
0d6783a242414471c8015fab158a5bead0dd30e2190e371f3d3f24d6f4d9efe6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "0D6783A242414471C8015FAB158A5BEAD0DD30E2190E371F3D3F24D6F4D9EFE6"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16930
Expires: Fri, 02 Dec 2022 06:20:55 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive
1.bp.blogspot.com/-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png
142.250.74.161200 OK 181 kB URL HTTP/2 1.bp.blogspot.com/-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png
IP 142.250.74.161:0
File type PNG image data, 497 x 308, 8-bit/color RGBA, non-interlaced\012- data
Size 181 kB (180954 bytes)
Hash fd835c1f326d3e7da0d9839550f66723
5004618bc15011d7d0f569f60f900d076b164b3d
b2286c3ed452ee4eeb15d2044a90cfc456d4789b2fdbe42bb9e023c9da18e4a8
GET /-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Norway_outbox.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 180954
x-xss-protection: 0
date: Thu, 01 Dec 2022 21:39:07 GMT
expires: Sun, 06 Nov 2022 03:02:48 GMT
cache-control: public, max-age=86400, no-transform
age: 14378
etag: "v632"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdnbun.com/upload/petropargov.box1.png
104.21.14.142200 OK 8.4 kB URL HTTP/2 cdnbun.com/upload/petropargov.box1.png
IP 104.21.14.142:0
File type PNG image data, 350 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 2b2da5ac46210fccbe09d0802516d833
32b4775faa5ab6ba6d2603a8cdf75af0994ed206
7269799413853af43da297f5dd0a9a959c106c6864e33a338f2a0041220fd0a4
GET /upload/petropargov.box1.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: image/png
content-length: 8376
x-guploader-uploadid: ADPycdun8VXyCm9Eh0iQczP4g9n64xKkcTFgEZYwqM51FRoudhl7_hE7L4DskbhLSseysqaDx7CnFKFgdrwaf4ruKFNMSA
expires: Fri, 02 Dec 2022 02:28:31 GMT
cache-control: public, max-age=14400
last-modified: Wed, 02 Nov 2022 18:14:32 GMT
etag: "2b2da5ac46210fccbe09d0802516d833"
x-goog-generation: 1667412872857532
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 8376
x-goog-hash: crc32c=/1XhBA==, md5=Ky2lrEYhD8y+CdCAJRbYMw==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BXw%2FDlJnN4AWKaFm7hulLR3DnttDhca%2Fjhyk90JcjOODItyg%2F1sx%2BpS%2FZq%2FByMvTfalSbEbbNgZTThV95CwejoetSNKSUhmk8neK7sdjt5rWByj3KCIUBGOuxVDc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584a9cec0afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f1a1d1c61902f782da72ad648ef0822e
a9f41722a3e5180ec4019998b5f0fdb464f2aafb
f75b6732b286ec9b4694cd53c6a33f64732412c336425c1091cd5316380e26d1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 01:38:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
263cdn.com/upload/br9.jpg
104.21.235.73200 OK 11 kB URL HTTP/2 263cdn.com/upload/br9.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash f13809c2eef4af36e6221e0c321cc639
ace9af813be3c79f27b39fbf110ac3152b804947
addcc62106b16e6f000ee0879b54eb595000e0b6626268b7a08d3d2ce2f33330
GET /upload/br9.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: image/jpeg
content-length: 10562
x-guploader-uploadid: ADPycdsG3aEo9px90q-tT-p3XK6DRCUIqCO1bFl24luJ8tXGbrKwX-D6RF7m7e0u9kk5MsUwicQRz4-v04_mu_K-uucpXA
expires: Fri, 02 Dec 2022 01:25:23 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "f13809c2eef4af36e6221e0c321cc639"
x-goog-generation: 1655329826660494
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 10562
x-goog-hash: crc32c=IaTdpw==, md5=8TgJwu70rzbmIh4MMhzGOQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1693
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=erxqJ%2F3XT8AXjykDbzZQKs8FA5sZWaA2mj9Ifa1YRENQOGhiNmF4TkFGrBXd8V%2BfaIcmCaSiD5dIu2NfzTaJaEuAXDrKvJr69Ch7%2F04LXevh0Igd1sExt%2BX5jDMG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584ad9f271b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/br10.jpg
104.21.235.73200 OK 9.2 kB URL HTTP/2 263cdn.com/upload/br10.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash 6a36efd6781ff0769c3cd9fd8cd07d60
c4ce25b82fd7555f88da9d04b8498389166d6450
838a9dcc32e1009417bf460b730de6febc3c77c3f98977f9a25e58d9e760b754
GET /upload/br10.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: image/jpeg
content-length: 9192
x-guploader-uploadid: ADPycdvUlrmK7ZZc_Vpu4gCfhnuiq-T9YR3SkuWKdzmTYOXmfaI-Ttz7WjrQhqzg4vDs-GjGnN2b804INC9qXu3bHtHC_ni4s8Fq
x-goog-generation: 1655329825994897
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 9192
x-goog-hash: crc32c=VkzUBQ==, md5=ajbv1ngf8HacPNn9jNB9YA==
x-goog-storage-class: STANDARD
expires: Fri, 02 Dec 2022 02:30:22 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "6a36efd6781ff0769c3cd9fd8cd07d60"
cf-cache-status: HIT
age: 503
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LuJ1IyZKrS3onT7WRU9%2Fv6q85oBaOC3u4KBtV%2FMAimSVwenBxUw8DVybMci3trz21sPAno%2BpQGdtuVkb%2BolCMARA2opCAPsrzgW3KWi69yW93Lnzh9nT6Yv56DgD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584ad9ed71b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/br7.jpg
104.21.235.73200 OK 7.1 kB URL HTTP/2 263cdn.com/upload/br7.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash 348a1fc1775375a2041c4f46c1e857f1
8f4f78aceafbc18f26e413b8adbddbbbdfb1a5e9
ba98581166a1948bd0b688755e4c3b11d5279345cb73a1c4372ada9f31b0cb54
GET /upload/br7.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: image/jpeg
content-length: 7121
x-guploader-uploadid: ADPycdsyZvYakIoFgkSod7mubxDzpRiVKN7ZXL1axeka2U5XhelhnWVRtieVHFDe26A8B_wHjIa_NGAgJ7yMsCB2Vbeu67B04_D-
expires: Fri, 02 Dec 2022 01:08:00 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "348a1fc1775375a2041c4f46c1e857f1"
x-goog-generation: 1655329826514326
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7121
x-goog-hash: crc32c=Z1w3fg==, md5=NIofwXdTdaIEHE9GwehX8Q==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1740
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZUwVgkOKT4cfh3pZEnWX7XQMvL8Qagud4a%2BcxU3zWqof9jsQd1HCeRD%2BvC7KPUzTNR2Jx%2FLP8WL%2BDk9FCKD4bQKQOg9z4zA2vb%2FMxIeX82MVRurWxYbqu9j1GgB8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584ad9ef71b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/br8.jpg
104.21.235.73200 OK 11 kB URL HTTP/2 263cdn.com/upload/br8.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash cde75f5893c6a09c97962401bff1f651
42c491819e3011dab6cb1644f4e3ad16fcbdcf63
7fa0e99909ddb658f9d01b276d3280f209c1cbf0530ee26b8602a9b63ddc2a1f
GET /upload/br8.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: image/jpeg
content-length: 10919
x-guploader-uploadid: ADPycdtYXgqtTQqFcxk1Mw--_8BhFZmwaSJV_Uc9hGYwiVlkk5jTr6GPbeAsbg3dZZzjRbaJTXWXwCxczFYCiTMuNyJNtw
expires: Fri, 02 Dec 2022 01:58:25 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "cde75f5893c6a09c97962401bff1f651"
x-goog-generation: 1655329826503145
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 10919
x-goog-hash: crc32c=I0QPWg==, md5=zedfWJPGoJyXliQBv/H2UQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 506
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bIPeqiI5jkUjSeRbxbs%2Fl%2F9n%2FT9qPGwlnxK%2FGD2PbJgJJV1SoCzAfEEtzBZHnkRVF5RcglAajDirUtmZVoKVbpnBVrbcjbuUoONnOtdxRoQA9xSMFkGLzUUtE53T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584ad9f171b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c472d57c61ec23a24089fac9244cefa9
cf35913f706f3f8cc534760abc7f44920a295d0d
f972ad989a9ba7a75af1153546156a0063591df2cc5ba521fc7557a8871fe519
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F972AD989A9BA7A75AF1153546156A0063591DF2CC5BA521FC7557A8871FE519"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5125
Expires: Fri, 02 Dec 2022 03:04:10 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive
263cdn.com/upload/br6.jpg
104.21.235.73200 OK 13 kB URL HTTP/2 263cdn.com/upload/br6.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash 5aaba2df99467b22c9aba3b73f4d7716
05bbaa23e54f06f28d9f79dabb6184480edd924d
835cbfb92c8564b94e00760d85fa2d4839729e48d9085bbdb150b5bae8a5ab8f
GET /upload/br6.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: image/jpeg
content-length: 13307
x-guploader-uploadid: ADPycdsigQgvLSa9yrJk1GyUsyOvGHgkcQhTkdCAQjYDnycrmqQmIpT8NjQtyFJcGLJ5hIymnDNqr5rUcknpFw3ktV2RNSGOAICy
x-goog-generation: 1655329826365830
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 13307
x-goog-hash: crc32c=mUw5og==, md5=Wqui35lGeyLJq6O3P013Fg==
x-goog-storage-class: STANDARD
expires: Fri, 02 Dec 2022 02:18:31 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "5aaba2df99467b22c9aba3b73f4d7716"
cf-cache-status: HIT
age: 503
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YC0qQgJe6MpAKB02uiz%2FRIVc8T0qR9qrFuk0C%2B00iSm8gZhVH3%2FC1NcqwfyC2bKfgAB0lmWVXU8fftcdH4udSd%2Bqxd1eLAVE4pZnkQVU6VmBFsHW4DesqStiaMtp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584ad9ee71b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/br2.jpg
104.21.235.73200 OK 14 kB URL HTTP/2 263cdn.com/upload/br2.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash 32983c2f4b03d1249fb67313e66137c3
78e522f9e90dd0b492c569da47c60e2b430997e2
fecb1d9535690acb0adf0f834ff111a15285118107eaff6ee479b54aec2dddb0
GET /upload/br2.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: image/jpeg
content-length: 14395
x-guploader-uploadid: ADPycdt7S319oEaz2QfIhqmI9DmcOPTTGMbHvQtYFTzC2JkOhJkGDbEqRbVshsHitnzsm8cpHzWo2ZB9_g7lEeboOy42vKUcJHVx
expires: Fri, 02 Dec 2022 01:37:08 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "32983c2f4b03d1249fb67313e66137c3"
x-goog-generation: 1655329826154693
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 14395
x-goog-hash: crc32c=u9T/jw==, md5=Mpg8L0sD0SSftnMT5mE3ww==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1740
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lnpq9AOXKDhJXOBBuHVcsEH1CLCgZ3qZnC30zdcgLtgsKWU0JwRMZ3g4n8x86RbgOSNMWsv88ck0wVcqSKtnmoVzV4mcOzM6NatBlYw9dDOcNHpiS7JwRsYiAZCc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584aea0071b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/br3.jpg
104.21.235.73200 OK 9.1 kB URL HTTP/2 263cdn.com/upload/br3.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash 66d7cd417bfbda2bd276b3347dfc3da7
048d03dd0b91984e67c78dfdbc01eae1d1e5c4f2
df9e448f6762948a2da6faeefc36400eedbb93836eba6139970120c622c30182
GET /upload/br3.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: image/jpeg
content-length: 9121
x-guploader-uploadid: ADPycduzvFSuvG9kfWCqm3cg3HcvLxQlOckaLccQ6_PO5bmb4Q_i4wZ6fwlwO0LdJirMj2tb-9N5ZunNdRukNcmYhTx46g
x-goog-generation: 1655329826245518
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 9121
x-goog-hash: crc32c=+D69SQ==, md5=ZtfNQXv72ivSdrM0ffw9pw==
x-goog-storage-class: STANDARD
expires: Fri, 02 Dec 2022 01:02:26 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "66d7cd417bfbda2bd276b3347dfc3da7"
cf-cache-status: HIT
age: 848
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cBp0wDLQxi40TDZPU2F8OxpzmaLtg%2B8rpYdmjmI1TFaoSXbnZhP%2FdxKZxpszU9jzs38aMumzyUM4Q5mBe4Y5sfINa%2FrMs7EoOD3GST0ZQpow44OmXOmJd%2BN7EA4O"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584afa0371b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/br5.jpg
104.21.235.73200 OK 9.2 kB URL HTTP/2 263cdn.com/upload/br5.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash 7f635454c838bd3ccfa7f9550dfbd91b
a7872ff6f626bab2ec04c3ee05fb4e00586e5444
542a9cbe8f09d55dbab27b9357dabc18ad34fd1713aab9247ebe91d7ce188d7e
GET /upload/br5.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: image/jpeg
content-length: 9198
x-guploader-uploadid: ADPycdsz4y3v7tU9CUju8aGqWi9dai8Aoydyu5kTHXYA1rbaKODS7ydqa8NjaFcSXJWSb98T-4cE5LPiJN7Vh0yr1SRnmA
x-goog-generation: 1655329826310264
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 9198
x-goog-hash: crc32c=k6EtFA==, md5=f2NUVMg4vTzPp/lVDfvZGw==
x-goog-storage-class: STANDARD
expires: Fri, 02 Dec 2022 01:21:06 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "7f635454c838bd3ccfa7f9550dfbd91b"
cf-cache-status: HIT
age: 1693
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oV50HeQnMREdICMxz%2Fp6luDE%2FnNNn12yZpP6omvpZR8HgRFmURj%2BKIxg4RbDCTzznX8i6wvTuKGDx96wIm81b4CYy2g8%2BJodT2m%2FJ1LffYW5u55WtBGGKTRKU5o%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584afa0f71b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/br1.jpg
104.21.235.73200 OK 13 kB URL HTTP/2 263cdn.com/upload/br1.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash bc47b6cdd393ad728b28819a6e55c2e7
e0874c0e94f333fc246097f34a9f2a83c522ad12
094b0e993e6af7f549a6d0fd128cfd6697e865b1866580ec12debbdbf2548565
GET /upload/br1.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: image/jpeg
content-length: 13420
x-guploader-uploadid: ADPycdsL0w3XiYEERd0nKqfL5A_2i8Nf4oRQgZSCrcDIOosfoLTY4SmJwE_Ovo7yg5F3uSWmH3Da2MWnScLIh0Rz5UF-1A
x-goog-generation: 1655329825934733
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 13420
x-goog-hash: crc32c=mWHaiQ==, md5=vEe2zdOTrXKLKIGablXC5w==
x-goog-storage-class: STANDARD
expires: Fri, 02 Dec 2022 01:47:26 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:25 GMT
etag: "bc47b6cdd393ad728b28819a6e55c2e7"
cf-cache-status: HIT
age: 3079
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pQ9JSUWwuasTDctmhRew2WUMvwJClvCD%2Fq1ec%2BV6288iC%2FC3vrgUaUQViwypSf7HCZrRk1xXmZttgUSxXTJk4kd%2BBuAohDOzy%2Fz4c9Ai%2BFeQUubWdTmhE8XSjmUY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584afa1171b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/br4.jpg
104.21.235.73200 OK 14 kB URL HTTP/2 263cdn.com/upload/br4.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash a4a4c0d4a70735b72b417784f0b70f53
eb8ab5c4f709d800fc43f2c1969b830b785cbd87
76f67ceb044c404c2f95482e5d69275692989060e8612f57c4d2ca5ec6137b96
GET /upload/br4.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: image/jpeg
content-length: 13791
x-guploader-uploadid: ADPycdtbvH25e1ZSCgbPBLhQUjfrhnaKNaLzdwxkML4iMGMfpl52oNW1ajtHdR32C8vQA8rr5c5Vrecq3TQRmzij6blqQQ
expires: Fri, 02 Dec 2022 01:29:31 GMT
cache-control: public, max-age=14400
last-modified: Wed, 15 Jun 2022 21:50:26 GMT
etag: "a4a4c0d4a70735b72b417784f0b70f53"
x-goog-generation: 1655329826227801
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 13791
x-goog-hash: crc32c=vRJnew==, md5=pKTA1KcHNbcrQXeE8LcPUw==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1740
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bz5cHAmHSouN14b4fSQ4xTt4jFXFcgQpaSyr2zbd4k7YYjCQAT3ft1HE3%2F%2FOZgXIbzcjvta9UfbtdrAu0X8yopEDlFoE3kchqt75hY0JmnUeJh7bnytW9pXDgjrf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7730584b4a4d71b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dd23da2808ae8aa86b91400946d25876
42f33a327a1e47ca49dddff6997c5ef782ec82ae
041096a10c64c40fd34d9e37fbd2e1ac629de0580e4977c28729bc8809636a22
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "041096A10C64C40FD34D9E37FBD2E1AC629DE0580E4977C28729BC8809636A22"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4084
Expires: Fri, 02 Dec 2022 02:46:49 GMT
Date: Fri, 02 Dec 2022 01:38:45 GMT
Connection: keep-alive
region1.google-analytics.com/g/collect?v=2&tid=G-TL7ZZFZFHR>m=2oebu0&_p=1535966689&cid=1253883171.1669945124&ul=en-us&sr=1280x1024&_s=1&sid=1669945124&sct=1&seg=0&dl=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065&dr=http%3A%2F%2Fmistressspider.top%2F&dt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-TL7ZZFZFHR>m=2oebu0&_p=1535966689&cid=1253883171.1669945124&ul=en-us&sr=1280x1024&_s=1&sid=1669945124&sct=1&seg=0&dl=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065&dr=http%3A%2F%2Fmistressspider.top%2F&dt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-TL7ZZFZFHR>m=2oebu0&_p=1535966689&cid=1253883171.1669945124&ul=en-us&sr=1280x1024&_s=1&sid=1669945124&sct=1&seg=0&dl=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065&dr=http%3A%2F%2Fmistressspider.top%2F&dt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://voicelevel.top
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://voicelevel.top
date: Fri, 02 Dec 2022 01:38:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19228
Expires: Fri, 02 Dec 2022 06:59:14 GMT
Date: Fri, 02 Dec 2022 01:38:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19228
Expires: Fri, 02 Dec 2022 06:59:14 GMT
Date: Fri, 02 Dec 2022 01:38:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19228
Expires: Fri, 02 Dec 2022 06:59:14 GMT
Date: Fri, 02 Dec 2022 01:38:46 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:47 GMT
age: 14639
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cgj3fw3lpngosMNOK7cZUZO94T__4RTy_p7wa6rI62OOvhI5E9wMSw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:19:21 GMT
age: 65965
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:15:42 GMT
age: 66184
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb2cfbf1-2aef-40a6-97e1-99a756e32924.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb2cfbf1-2aef-40a6-97e1-99a756e32924.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 16a112f00456d38c4c9e051ccf40e105
8fe32fffe672f0e91ce773af0e4be960f55bad08
43517bbcd17ec6d05d09a4c0d183610acdc7e2fa4767cb786cb8b936d5f44402
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb2cfbf1-2aef-40a6-97e1-99a756e32924.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13461
x-amzn-requestid: 8c0121a6-cf29-4cd0-bd42-d9f67af62b84
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQsyGhGoAMF1-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c7eb-593f28367320530e2dcafbfb;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:03:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: npt-A-TEzjd-QRTVhv5FMJhwlYujCRCF7tyYbathxjCdCFFEwh_vEQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 04:59:42 GMT
age: 74344
etag: "8fe32fffe672f0e91ce773af0e4be960f55bad08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0842726-801f-4648-a54d-c0cb2cf5348a.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0842726-801f-4648-a54d-c0cb2cf5348a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 89502a302863c914b4de5e8c6a7f6846
898d50ac6e372609656fccee27de3d036bc0281c
9bc1f83d570d70b7e17e5de7a1546885851431ea989d915852ae7130387c422f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0842726-801f-4648-a54d-c0cb2cf5348a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5675
x-amzn-requestid: a47e049a-6f76-4af4-8064-fd7722bcfb17
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepGYEIAMFeQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-09e13afe27c4dc5b44e828be;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: U_3ah2pFrsQl9IVVqm9EVI99FnF79b9zOUFVBGX966JAjkDg6UF--A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:47:56 GMT
age: 13850
etag: "898d50ac6e372609656fccee27de3d036bc0281c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60ccdde4ce64b4a3fe6fc2a059b3bde1
5ce119089f4a4cd139b523889b6cd84cd79191f4
2089225a6dc13845ab8e031416920d16952ae1461ca10d72c408ad001ed8f27b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4840
x-amzn-requestid: 6bc8fa91-5696-4bc6-b1e7-3c36b2c01801
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGxTFxyoAMFRzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e6e-3e85b78905aaa73726eef85a;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UraCGe--VISONXzaUBpA7vuLuD5l7zihtQIph7LVn1QsS8MjLBbvKw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:51 GMT
age: 13795
etag: "5ce119089f4a4cd139b523889b6cd84cd79191f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
151.101.2.133200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 151.101.2.133:0
Hash 7d6fb5cd39c262c52ba398c0a4e891ea
51d051bb202212d770498c612dde0abf6ab1d132
ca9f8dc8424b06d90a6af24ac6ea4597bc4f5ba1a8a16a38fe105af0b4f37a0f
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1432
Server: nginx
Content-Type: application/ocsp-response
Expires: Tue, 06 Dec 2022 01:14:28 GMT
ETag: "51d051bb202212d770498c612dde0abf6ab1d132"
Last-Modified: Fri, 02 Dec 2022 01:14:29 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 02 Dec 2022 01:38:46 GMT
Age: 1457
X-Served-By: cache-qpg1274-QPG, cache-bma1652-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 69, 1
X-Timer: S1669945127.622283,VS0,VE1
ocsp.globalsign.com/gsrsaovsslca2018
151.101.2.133200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 151.101.2.133:0
Hash 7d6fb5cd39c262c52ba398c0a4e891ea
51d051bb202212d770498c612dde0abf6ab1d132
ca9f8dc8424b06d90a6af24ac6ea4597bc4f5ba1a8a16a38fe105af0b4f37a0f
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1432
Server: nginx
Content-Type: application/ocsp-response
Expires: Tue, 06 Dec 2022 01:14:28 GMT
ETag: "51d051bb202212d770498c612dde0abf6ab1d132"
Last-Modified: Fri, 02 Dec 2022 01:14:29 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 02 Dec 2022 01:38:46 GMT
Age: 1457
X-Served-By: cache-qpg1274-QPG, cache-bma1666-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 69, 1
X-Timer: S1669945127.622259,VS0,VE1
ocsp.globalsign.com/gsrsaovsslca2018
151.101.2.133200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 151.101.2.133:0
Hash 7d6fb5cd39c262c52ba398c0a4e891ea
51d051bb202212d770498c612dde0abf6ab1d132
ca9f8dc8424b06d90a6af24ac6ea4597bc4f5ba1a8a16a38fe105af0b4f37a0f
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1432
Server: nginx
Content-Type: application/ocsp-response
Expires: Tue, 06 Dec 2022 01:14:28 GMT
ETag: "51d051bb202212d770498c612dde0abf6ab1d132"
Last-Modified: Fri, 02 Dec 2022 01:14:29 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 02 Dec 2022 01:38:46 GMT
Age: 1457
X-Served-By: cache-qpg1274-QPG, cache-bma1657-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 69, 1
X-Timer: S1669945127.622504,VS0,VE1
ocsp.globalsign.com/gsrsaovsslca2018
151.101.2.133200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 151.101.2.133:0
Hash 7d6fb5cd39c262c52ba398c0a4e891ea
51d051bb202212d770498c612dde0abf6ab1d132
ca9f8dc8424b06d90a6af24ac6ea4597bc4f5ba1a8a16a38fe105af0b4f37a0f
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1432
Server: nginx
Content-Type: application/ocsp-response
Expires: Tue, 06 Dec 2022 01:14:28 GMT
ETag: "51d051bb202212d770498c612dde0abf6ab1d132"
Last-Modified: Fri, 02 Dec 2022 01:14:29 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 02 Dec 2022 01:38:46 GMT
Age: 1457
X-Served-By: cache-qpg1274-QPG, cache-bma1652-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 69, 2
X-Timer: S1669945127.631249,VS0,VE0
hm.baidu.com/hm.js?ba99808308e7272d58c43367a11d1204
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?ba99808308e7272d58c43367a11d1204
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (629)
Hash 5ba3eddd9d1b2c06a1c24b82175b1e65
4c666cc37dde0221040dea8bbb88f422ee7251dc
4da9c5a7942b0454ad9d5e9f441f816b3116bf52606b417aa6b33b21ba1752a8
GET /hm.js?ba99808308e7272d58c43367a11d1204 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11267
Content-Type: application/javascript
Date: Fri, 02 Dec 2022 01:38:47 GMT
Etag: adcfa815092901993197fed6cca6c6a0
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=08334E134151663A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?fb5c0efbaa67712d369184d9298dc644
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?fb5c0efbaa67712d369184d9298dc644
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (661)
Hash 116f2c421340ba7f400e724d604ac854
c2348f209bd4c95265a319dd80e1118e5ea00928
bf680990087c6da7cd8cec0debe04fcc5e26fc7b7ee725c2e8c10a3622165827
GET /hm.js?fb5c0efbaa67712d369184d9298dc644 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11299
Content-Type: application/javascript
Date: Fri, 02 Dec 2022 01:38:47 GMT
Etag: 95e50193b903ef66e1225be4073094c4
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=A46393A5E416F54B; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?8b68846a3ac1709b0ec7199084ee5ea8
103.235.46.191200 OK 31 kB URL HTTP/1.1 hm.baidu.com/hm.js?8b68846a3ac1709b0ec7199084ee5ea8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
Hash 47a9dc087e5a9db249cb549f9885e7d4
73f40f9b917a528951e6b09465dcfdce84a8777b
03b9851d02dd8c5334b6f237371beddb4c7e244c557c82d52b229f5c674a9167
GET /hm.js?8b68846a3ac1709b0ec7199084ee5ea8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Fri, 02 Dec 2022 01:38:47 GMT
Etag: e899ee1322932a83d6948078178df921
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=ED2D14A1C2B048C9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?9e84975b629767c58a8becc81600bb23
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?9e84975b629767c58a8becc81600bb23
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (669)
Hash 454423762b96a64ac45add1a1a64acb7
8d4a9306d26ebce66a8a0520684ef86a027939bc
ec34433ee71b0441549bce9691ddda6eb6bcc27859d875724d9c0ddc355d2aa1
GET /hm.js?9e84975b629767c58a8becc81600bb23 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11307
Content-Type: application/javascript
Date: Fri, 02 Dec 2022 01:38:47 GMT
Etag: afc8d85769783688363bb1e6ab09c504
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=74A143785E618559; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=658995335&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Fmistressspider.top%2F&v=1.3.0&lv=1&sn=47791&r=0&ww=1280&u=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065%231669945124328&tt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=658995335&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Fmistressspider.top%2F&v=1.3.0&lv=1&sn=47791&r=0&ww=1280&u=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065%231669945124328&tt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=658995335&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Fmistressspider.top%2F&v=1.3.0&lv=1&sn=47791&r=0&ww=1280&u=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065%231669945124328&tt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 02 Dec 2022 01:38:47 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=DFBA5D522D974AE6; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=419680819&si=fb5c0efbaa67712d369184d9298dc644&su=http%3A%2F%2Fmistressspider.top%2F&v=1.3.0&lv=1&sn=47791&r=0&ww=1280&u=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065%231669945124328&tt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=419680819&si=fb5c0efbaa67712d369184d9298dc644&su=http%3A%2F%2Fmistressspider.top%2F&v=1.3.0&lv=1&sn=47791&r=0&ww=1280&u=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065%231669945124328&tt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=419680819&si=fb5c0efbaa67712d369184d9298dc644&su=http%3A%2F%2Fmistressspider.top%2F&v=1.3.0&lv=1&sn=47791&r=0&ww=1280&u=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065%231669945124328&tt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 02 Dec 2022 01:38:47 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=2514F8FE019E40EB; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1350139742&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Fmistressspider.top%2F&v=1.3.0&lv=1&sn=47791&r=0&ww=1280&u=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065%231669945124328&tt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1350139742&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Fmistressspider.top%2F&v=1.3.0&lv=1&sn=47791&r=0&ww=1280&u=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065%231669945124328&tt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1350139742&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Fmistressspider.top%2F&v=1.3.0&lv=1&sn=47791&r=0&ww=1280&u=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065%231669945124328&tt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 02 Dec 2022 01:38:47 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=0B77C16F4F8C2F0A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1844157396&si=9e84975b629767c58a8becc81600bb23&su=http%3A%2F%2Fmistressspider.top%2F&v=1.3.0&lv=1&sn=47791&r=0&ww=1280&u=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065%231669945124328&tt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1844157396&si=9e84975b629767c58a8becc81600bb23&su=http%3A%2F%2Fmistressspider.top%2F&v=1.3.0&lv=1&sn=47791&r=0&ww=1280&u=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065%231669945124328&tt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1844157396&si=9e84975b629767c58a8becc81600bb23&su=http%3A%2F%2Fmistressspider.top%2F&v=1.3.0&lv=1&sn=47791&r=0&ww=1280&u=https%3A%2F%2Fvoicelevel.top%2F8ijE9QWv%2Fypf-qs%2F%3F_t%3D1669945123065%231669945124328&tt=%F0%9F%8E%89%EF%B8%8F%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8FYPF%20fuel%20resource%20subsidy!%F0%9F%92%95%F0%9F%8E%81%F0%9F%8E%8A HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 02 Dec 2022 01:38:48 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=71D61FD2577A98DB; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
104.21.0.245200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
IP 104.21.0.245:0
GET /npm/jquery@3.6.0/dist/jquery.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdujKqP4OmsICcw4by2ej4M3gF2bmp67KcND5Yd7ZkChGu92L3U7j930k4J7s5KmD98KzStiLKDZt_7_8jjTVv4
expires: Fri, 02 Dec 2022 01:00:13 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:30:17 GMT
etag: W/"3e4bb227fb55271bfe9c9d4a09147bd8"
x-goog-generation: 1647502217775195
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 89501
x-goog-hash: crc32c=JnXAUA==, md5=PkuyJ/tVJxv+nJ1KCRR72A==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3198
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kqvXs8TKy2RvDuZTFUkb5IMAXonio8g9zO3UeYO8aa1sux1I%2FS%2Bad58dGs2ozjb%2FaZulhSqzSPaiBBPubeZm6cwQDf8d2xo7DNgbCjchms%2BhtL4EvVsAqNPhsTkKOdWwpvM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773058485c46fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
185.66.200.220200 OK 0 B URL HTTP/2 uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
IP 185.66.200.220:0
ASN #201702 skHosting.eu s.r.o.
GET /bnr.php?section=General&pub=593174&format=300x50&ga=g HTTP/1.1
Host: uprimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: application/javascript
expires: Fri, 02 Dec 2022 01:38:45 GMT
last-modified: Fri, 02 Dec 2022 01:38:45 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2
bonepa.com/js/responsive.js
185.66.201.42200 OK 0 B URL HTTP/2 bonepa.com/js/responsive.js
IP 185.66.201.42:0
ASN #201702 skHosting.eu s.r.o.
Analyzer Verdict Alert fortinet Phishing
GET /js/responsive.js HTTP/1.1
Host: bonepa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 13:52:39 GMT
etag: W/"63627627-e32"
content-encoding: br
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js
104.21.0.245200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js
IP 104.21.0.245:0
GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdt8iAiFUD-J6NleyhXb8_vV8-wAPh_5tba_l2ugugXdkSJbrWiN1EsoSHZyahG4iSEJB_zV100HdRQRWXjd72Q
expires: Fri, 02 Dec 2022 01:00:07 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:44:44 GMT
etag: W/"31c898c6d2ea13c30441657ff1900d81"
x-goog-generation: 1647503084523089
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 21236
x-goog-hash: crc32c=7cW0Gg==, md5=MciYxtLqE8MEQWV/8ZANgQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3198
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aZeFmntebC7a5OlL1MPzI6YoMciIrsa1jbawcNqgUY7DbK0pGrxSi2FY%2FuO%2BC%2FwL6iza3yZ3YmIbIHEERRIApelutzIbiHMz0PoXa185ldnkhrx5INN7i4JJ8WXTqWQvV6k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773058484c41fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
104.21.0.245200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
IP 104.21.0.245:0
GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: text/css
x-guploader-uploadid: ADPycduCHwg6n53VPzNb_-57qJzhoPJbEBdMgpsWgTX19t4NIh3Tdte6MCXenDGQTAuiJrpSRG3G9WDZErClLNvZVXhXccOSWw
expires: Fri, 02 Dec 2022 00:59:54 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:38:12 GMT
etag: W/"feba0d0760607b9e21393156949afcd9"
x-goog-generation: 1647502692716912
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 161415
x-goog-hash: crc32c=Sb/HMQ==, md5=/roNB2Bge54hOTFWlJr82Q==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3198
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6hI5esjAr%2BW88ckQBFWPxgfOM0OTLi9ojwEAKbu9GJOasL0PVLZ0a1Cro6z1SxO7rSZmQroMOT71cw2v7Gnt9qIBeGK2V0BK%2B2S5n1xWjubwGcaAkttFJ%2BgUBKDDM%2F5P45Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773058485c45fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
104.21.0.245200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
IP 104.21.0.245:0
GET /npm/bootstrap@4.6.0/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 01:38:45 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdv0chj5F1Awc6K7Usaiie2qXL87Fxg5kp7mYqQH9s8HWV5Nuv0HuTqJ2hz1F5xUG9MGapUfK4P-pfLXRasYr-w
expires: Fri, 02 Dec 2022 00:59:54 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:36:54 GMT
etag: W/"c99230d2575380d7f95ff626606d2426"
x-goog-generation: 1647502614200576
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 63473
x-goog-hash: crc32c=x2l+AA==, md5=yZIw0ldTgNf5X/YmYG0kJg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 3198
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6i%2BDgW8z8FTZCs395eYxKcWjXoLa1FpCpAzJGXOijyjD4Xlhy%2FTt%2BVkP%2FKJorPzckov%2BRnpWgJVQhpbBuA%2BNb1Ej0T8AEvhmqLVUBQz0MuflSsweGs01zQvmf00B4Tx6C%2Fk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773058485c4afac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bonepa.com/4fe48aebd6/4f59451604/?placementName=Banner&is_first=true&randomA=0_3867&maxw=0
185.66.201.42200 OK 0 B URL HTTP/2 bonepa.com/4fe48aebd6/4f59451604/?placementName=Banner&is_first=true&randomA=0_3867&maxw=0
IP 185.66.201.42:0
ASN #201702 skHosting.eu s.r.o.
GET /4fe48aebd6/4f59451604/?placementName=Banner&is_first=true&randomA=0_3867&maxw=0 HTTP/1.1
Host: bonepa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voicelevel.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 01:38:48 GMT
content-type: text/html; charset=UTF-8
set-cookie: shown1=0; expires=Sat, 03-Dec-2022 01:38:48 GMT; Max-Age=86400; secure; SameSite=None
used_ad2633299=1; expires=Fri, 02-Dec-2022 04:59:59 GMT; Max-Age=12071; path=/; secure; SameSite=None
total_impressions=1; expires=Fri, 02-Dec-2022 04:59:59 GMT; Max-Age=12071; secure; SameSite=None
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex,nofollow
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2