usaupload.com/6gs8/steam_vac_remover.rar?download_token=5084a30a925e2aae5b3d3cc384cadb9d844ea1f14acbf6413ada59a9ace7dbd2
65.109.18.14301 Moved Permanently 162 B URL HTTP/1.1 usaupload.com/6gs8/steam_vac_remover.rar?download_token=5084a30a925e2aae5b3d3cc384cadb9d844ea1f14acbf6413ada59a9ace7dbd2
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert quad9 Sinkholed
GET /6gs8/steam_vac_remover.rar?download_token=5084a30a925e2aae5b3d3cc384cadb9d844ea1f14acbf6413ada59a9ace7dbd2 HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 29 Dec 2022 18:09:34 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://usaupload.com/6gs8/steam_vac_remover.rar?download_token=5084a30a925e2aae5b3d3cc384cadb9d844ea1f14acbf6413ada59a9ace7dbd2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cd2bda30513692aa11a672c6a599935d
a944c3aa26b461063194a4bb95ce427d23a32d03
d975d1eab40c9fe4986ae0675d79e4f982eb9c0e2f503ca72b3bdf0ec9e7dfdc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D975D1EAB40C9FE4986AE0675D79E4F982EB9C0E2F503CA72B3BDF0EC9E7DFDC"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4738
Expires: Thu, 29 Dec 2022 19:28:32 GMT
Date: Thu, 29 Dec 2022 18:09:34 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 78f1f94544ef06b96bb43283f59d100f
fa2f1a3730a98c6fa5ebf976143fb6093a7298be
889af22ee304adea2e23491acbc89ebdcaf322e8c45af2bebf7520e3e9b0a6a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "889AF22EE304ADEA2E23491ACBC89EBDCAF322E8C45AF2BEBF7520E3E9B0A6A9"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6408
Expires: Thu, 29 Dec 2022 19:56:22 GMT
Date: Thu, 29 Dec 2022 18:09:34 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 29 Dec 2022 17:46:52 GMT
content-type: application/json
age: 1362
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 07e619a5a572fa9bcb54fa70de27f0d4
c0499dcc7551831f517f189465812859d0f48ced
2213c856ce4dd64ebe28e4deff34d449b2c08be98565c0405427453ae948fa74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2213C856CE4DD64EBE28E4DEFF34D449B2C08BE98565C0405427453AE948FA74"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6630
Expires: Thu, 29 Dec 2022 20:00:04 GMT
Date: Thu, 29 Dec 2022 18:09:34 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: WBPNevlKdzx24VAIwIraJ2dot1RO0AzF7V0ItguiURQRDvh/TfDa455uLKYJecKn62yAyQ9OXHiY8D2tDfNcLA==
x-amz-request-id: JSTZRKEXTJBPS4W2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 29 Dec 2022 17:56:42 GMT
age: 772
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:34 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/bootstrap.min.css
65.109.18.14200 OK 77 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/bootstrap.min.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (65324)
Hash bc48830f50049b0cbbe3dd417755a347
e5cdb6545f9b4bce4eeda78f64a714e2de4d0e09
7d56baeec9679114562cdc56d3f28cb9a43263cada11b1f64809851e7a8b1419
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/bootstrap.min.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: text/css
content-length: 76917
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-12c75"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/stack-interface.css
65.109.18.14200 OK 3.1 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/stack-interface.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash 6406d626f8bfc1e6815698bfecf9a2f8
a918901be3ab1b9bb4ce9980db521eb4731bb82b
f620d1bf10d3f45a7b19edd4f863090c5dd5031411918508493634c4018e81b7
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/stack-interface.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: text/css
content-length: 3082
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-c0a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/socicon.css
65.109.18.14200 OK 9.3 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/socicon.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash b23fff7d228bbe8796ad8b3d280e3401
1a9861031bda4d3c1cb58564107d8b777982750b
17beb90ae4f385180d6b7d184dcb640ccd2a360e4ee03af0254c83b00ef87202
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/socicon.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: text/css
content-length: 9283
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-2443"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/lightbox.min.css
65.109.18.14200 OK 3.7 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/lightbox.min.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash 40cab6b747df96a8a66f5c0ac4e034dd
85dd24bc614fb1ecaeb873f4e686213aa53927c3
798da60d899fcd9aa5074834d88b63c398dd72af5711ed48d7f68dde8dc8db5e
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/lightbox.min.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: text/css
content-length: 3668
last-modified: Mon, 28 Sep 2020 14:26:46 GMT
etag: "5f71f2a6-e54"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/flickity.css
65.109.18.14200 OK 2.4 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/flickity.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash 5439695b076327f53edcda86d192856b
d938327051f0bf044bc65b68721ad3193bd2ef12
1709404c1e9beb94953cc95fcc3477e7cb4213e03bfe9bbe0f8a37877c1c6e42
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/flickity.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: text/css
content-length: 2392
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-958"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/jquery.steps.css
65.109.18.14200 OK 5.6 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/jquery.steps.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash a0ed38e9ba9498867df1f62407377def
6d2278f924b80328695e8fe5213b252ae499fc77
70110803124af60b1e1dc1ea3c0408353947b4a0d7000f47873c85287de875d5
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/jquery.steps.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: text/css
content-length: 5638
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-1606"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/cookiealert.css
65.109.18.14200 OK 12 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/cookiealert.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (11486), with CRLF line terminators
Hash 3d2946aeae3cc8f43e2acf82ea029bd4
c25a0bd445ff9e6034d34e8f388f5565515a2783
705d9fc8952ac3bf3d9300e3d9ea6753284cdd920c34be0213ec8bc862df7a28
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/cookiealert.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: text/css
content-length: 12369
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-3051"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a76f9a6cacbb107da9d8d0b989936128
35f6bf4cf5d983f4f8edcb3e0db58cee5f2b552e
0a0ab2ab5964131b0bca0c63cc6ce85704e5d61b30c00555dbec6f399af6fedd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 794630798ece5fdc7622c5736cfc8c4c
b88d8c63c8c85072202fb76e4106789df8394ff3
aa8225bea6518ce7a35b1dcdd5ae62b217b5720d9d9143f9ae4360e8614c0c18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 794630798ece5fdc7622c5736cfc8c4c
b88d8c63c8c85072202fb76e4106789df8394ff3
aa8225bea6518ce7a35b1dcdd5ae62b217b5720d9d9143f9ae4360e8614c0c18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
usaupload.com/themes/spirit/assets/frontend/css/font-awesome.min.css
65.109.18.14200 OK 59 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/font-awesome.min.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (58929)
Hash 66e407beb68fdbb8bacd87d91ddf7829
5ed55601e30871fb757dc4b78a40a432f9a3600b
eb98a660b34391ce502005c6b8553af83defcf0832489134efb499498051d1d9
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/font-awesome.min.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: text/css
content-length: 59115
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-e6eb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/custom.css
65.109.18.14200 OK 8.9 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/custom.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type assembler source, ASCII text, with CRLF line terminators
Hash 65417cde74809cb9b9e66d0ab4adc448
9729ccac013729aed790fdc25d71d858f50a137b
c8dee41785c1f45859a70f3bb9a65b3cba83d866dd46ca0096d07067fec9d280
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/custom.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: text/css
content-length: 8936
last-modified: Thu, 04 Feb 2021 16:28:50 GMT
etag: "601c20c2-22e8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/iconsmind.css
65.109.18.14200 OK 96 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/iconsmind.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash 39aa385af1cfd640bac73a09de3ac9fe
6d17dff21d04138cd8ab3ef9dfe1eae79994834c
0909de268b3276cb7464acb2f86701f62974a893dd374312908a3f8efc363438
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/iconsmind.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: text/css
content-length: 96447
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-178bf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-163791795-1
142.250.74.40200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-163791795-1
IP 142.250.74.40:0
File type ASCII text, with very long lines (1921)
Hash 4f0a5304f91733655bbdf3fa2e9fd94b
2c435348db2e7daa5d014e1febe4d5b92160129a
40707cded52180863d7edb8f117f5a99bb3593ccb0d5933e71cb3ef8d68619d1
GET /gtag/js?id=UA-163791795-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 29 Dec 2022 18:09:35 GMT
expires: Thu, 29 Dec 2022 18:09:35 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43569
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 794630798ece5fdc7622c5736cfc8c4c
b88d8c63c8c85072202fb76e4106789df8394ff3
aa8225bea6518ce7a35b1dcdd5ae62b217b5720d9d9143f9ae4360e8614c0c18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 76cbec9f16aa86443ee15e71d84ff8ee
5553f619cf45df21a74d1b5b0fb65e1a5717be45
0afb9710c22630969ad33eece17100dfb136820bd2ccad92c47435e5d3969ab0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
usaupload.com/themes/spirit/assets/frontend/css/theme.css
65.109.18.14200 OK 197 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/theme.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type assembler source text\012- assembler source, ASCII text
Size 197 kB (197080 bytes)
Hash 0070ae7b5bb75d59ef0f36de1f3cb4b4
58b9bcb364df74184f35e8dc0231b3573cb9c332
db7c96fb23e5c19f26d7de6f407cef6c779c2a207c8c2e16615e8e9b3e89efd8
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/theme.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: text/css
content-length: 197080
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-301d8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/flickity.min.js
65.109.18.14200 OK 54 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/flickity.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (32032)
Hash 81a84001ccd9bdd589d1b4f187311b15
5cdf8cb0d97b5b16a5f812e1541ad387a7cb8af5
5a28889b1faf91d12eeb5b5d173c50135eefd7fdc29a951b365340cf473bd9b2
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/flickity.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 53861
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-d265"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/typed.min.js
65.109.18.14200 OK 3.9 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/typed.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (3949), with no line terminators
Hash 2f6185a8a32a50b2b3e04849f44359d4
0e5501588c5c0d1c9462f34b0d56c21abff5bfef
914df93a9770d8a0e132b6ce3e8f1cfba0e0fae8f3b9002a3f0eb47c3d0cc97b
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/typed.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 3949
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-f6d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/datepicker.js
65.109.18.14200 OK 21 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/datepicker.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (12692), with CRLF line terminators
Hash 8cfe207a6a21c7495cfb751c761217a6
35d686a6c4ecc9946c35444ce93e110cb0e1611c
804e3c2608de23694fa71684178e2f9815115d56ee022ec770e1fcb208847acc
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/datepicker.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 20975
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-51ef"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/granim.min.js
65.109.18.14200 OK 11 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/granim.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (10573)
Hash 2c16a9a724563fc0c306abb5bdeb03fe
90c2032537714e66059a3eaa150b93f3c9c80163
997a15cf01d5118cb0106587f441c32de2074c8dc12d85cf7c7dc430e2ee342e
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/granim.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 10634
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-298a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/jquery.steps.min.js
65.109.18.14200 OK 14 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/jquery.steps.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (13686)
Hash 4c5e9f4e84d32b7df69af7420b355e03
14e1e287ec98e8cc0a992ee996783b0c42f9ec0f
c9459a9e11e4c63fb7a30d2a644e80b733fc9599302ef3da8142cbe8f9d9333d
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/jquery.steps.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 13857
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-3621"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/countdown.min.js
65.109.18.14200 OK 5.3 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/countdown.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (4136)
Hash 5d3ff3c3fbaa67cc639501f44eeb07be
bd66e4cd58de09c198e7abc77fa4c883955d189e
2249399b2268c260d0698542503d16afebc80e437c846239f12196744ebbd40f
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/countdown.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 5339
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-14db"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js
65.109.18.14200 OK 6.0 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (4887)
Hash b67e171349c4716dd7bb15c018a2c8c1
60b204148c0eed83b06043897d1cbd54709eab66
8daef829c397c41e42a1f9faffc25aa4834334e5305805419933a1b44b6c1e30
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/smooth-scroll.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 6006
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-1776"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/cookiealert.js
65.109.18.14200 OK 1.8 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/cookiealert.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 81279e22c8ece9e1d0536a402484daa3
911797507fb12d4f451d5900e32db96ad697c401
5c6237178e88ab7f1c6e26c9e99547e58782450b8f2a182129448ff4d99e89ab
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/cookiealert.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 1836
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-72c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js
65.109.18.14200 OK 87 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (32030)
Hash e071abda8fe61194711cfc2ab99fe104
f647a6d37dc4ca055ced3cf64bbc1f490070acba
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/jquery-3.1.1.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 86709
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-152b5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js
65.109.18.14200 OK 70 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (768)
Hash 737f853e9fd6a31d62f5028e88663c9f
cf144f2ab49f53a69fbfe10d3588fc23437d2736
6c3ca64b7acfdd29b3ca6f1b9b46696369abd462d4546182085c347f72211841
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/jquery.dataTables.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 69604
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-10fe4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/cache/themes/spirit/logo_inverse.png
65.109.18.14200 OK 47 kB URL HTTP/2 usaupload.com/cache/themes/spirit/logo_inverse.png
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 2395 x 523, 8-bit/color RGBA, non-interlaced\012- data
Hash 4a27d711f28aba5323cc3ec041fa5b02
d9085bc35de1f67fcc747a4e65326211da1a325b
2d8eee896b0e8b89f72080dc107998f372efb2e311ab8110e589b2e12ab3e357
Analyzer Verdict Alert quad9 Sinkholed
GET /cache/themes/spirit/logo_inverse.png HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: image/png
content-length: 46999
last-modified: Thu, 07 Apr 2022 17:42:41 GMT
etag: "624f2291-b797"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/scripts.js
65.109.18.14200 OK 112 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/scripts.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (914)
Size 112 kB (111905 bytes)
Hash ccd6c308b2b8e36ae154d7bacea4240d
f7d2f7195150771246dd599dbb4ff3bc2f0f2179
fc2a8bf60f1e7577697c0b457c01aeeecfd2b18ea68c93e2d374bf6d95fbe7a0
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/scripts.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 111905
last-modified: Wed, 14 Oct 2020 16:17:02 GMT
etag: "5f87247e-1b521"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/cache/themes/spirit/logo.png
65.109.18.14200 OK 45 kB URL HTTP/2 usaupload.com/cache/themes/spirit/logo.png
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 2395 x 523, 8-bit/color RGBA, non-interlaced\012- data
Hash e772ff8c144c6dab2b01cc460c09ed46
cc3d762f0be3af03b5d47e559cf1a941273126c3
8fd6aa3f0b8b3d4211fff4f800eeed179c4edd178a90c55848d9d063c76d39c4
Analyzer Verdict Alert quad9 Sinkholed
GET /cache/themes/spirit/logo.png HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: image/png
content-length: 44604
last-modified: Thu, 07 Apr 2022 17:58:15 GMT
etag: "624f2637-ae3c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/images/flags/us.png
65.109.18.14200 OK 609 B URL HTTP/2 usaupload.com/themes/spirit/assets/images/flags/us.png
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced\012- data
Hash 968591e0050981be9fa94bd2597afb48
dd9e149e2b5ad59dd8b4b262f5fdeb5cc10ecf43
36cce5cae3d2e0045b2b2b6cbffdad7a0aba3e99919cc219bbf0578efdc45585
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/images/flags/us.png HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: image/png
content-length: 609
last-modified: Mon, 28 Sep 2020 14:27:40 GMT
etag: "5f71f2dc-261"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631
65.109.18.14200 OK 4.3 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type Web Open Font Format (Version 2), TrueType, length 4292, version 1.0\012- data
Hash ae072782b361d2afdbf43db08d3cfb73
f3db2e65b53d97491672f8631e21d6d05905cc88
31205df908aed9881f6d2d3ae7d38975252bf99e38268978b4236dc3c314754b
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631 HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://usaupload.com/themes/spirit/assets/frontend/css/stack-interface.css
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: font/woff2
content-length: 4292
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-10c4"
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 107c7b24cc9711281977c9e9094da7af
18e6f30a0dbc072380e414236b2a8296e7a7f6f6
c8a97836b9b198c55753dd8e72c0ae03fe473f02f098deb2c4145b677d19be08
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 107c7b24cc9711281977c9e9094da7af
18e6f30a0dbc072380e414236b2a8296e7a7f6f6
c8a97836b9b198c55753dd8e72c0ae03fe473f02f098deb2c4145b677d19be08
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 107c7b24cc9711281977c9e9094da7af
18e6f30a0dbc072380e414236b2a8296e7a7f6f6
c8a97836b9b198c55753dd8e72c0ae03fe473f02f098deb2c4145b677d19be08
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://usaupload.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Dec 2022 18:52:41 GMT
expires: Tue, 26 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 256614
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
142.250.74.35200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://usaupload.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Dec 2022 18:56:10 GMT
expires: Tue, 26 Dec 2023 18:56:10 GMT
cache-control: public, max-age=31536000
age: 256405
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Last-Modified, Retry-After, Content-Type, Alert, Pragma, ETag, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 29 Dec 2022 18:08:08 GMT
age: 87
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png
65.109.18.14200 OK 5.0 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash a9a8c24cea41bed7ef78ed1d12d48291
cd86d71e15b97ab602e0e39bb6e9bbaf6779f4d7
3b379c83d1c0b117cec88debed9390723daffc2fb99cf51cc2175c47169d190e
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 18:09:35 GMT
content-type: image/png
content-length: 5016
last-modified: Mon, 28 Sep 2020 14:26:42 GMT
etag: "5f71f2a2-1398"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.googleapis.com/icon?family=Material+Icons
142.250.74.106200 OK 788 B URL HTTP/2 fonts.googleapis.com/icon?family=Material+Icons
IP 142.250.74.106:0
Hash 7111bf17c3ac97e2aba6fa16e1edd04e
b5c961ddab2ce6805f8cf4e8384f7c7b4851bf41
815fd31fc26b3d8c3b10743901d21b8f402bdd38836b91967661902f0dba3fa6
GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 29 Dec 2022 18:09:35 GMT
date: Thu, 29 Dec 2022 18:09:35 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 107c7b24cc9711281977c9e9094da7af
18e6f30a0dbc072380e414236b2a8296e7a7f6f6
c8a97836b9b198c55753dd8e72c0ae03fe473f02f098deb2c4145b677d19be08
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash aff94ab908d47a02a12d3a22aa7532ae
1dc1591860c8cf9d2044c2e0738013688844770d
1dbe84578c7cb1c7886469e36ed6ddc11a9d1892e46dcdcd6d6533331e64a1a3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3146060301369196
142.250.74.2200 OK 50 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3146060301369196
IP 142.250.74.2:0
File type ASCII text, with very long lines (4885)
Hash e0815f8d7cddd21fe4fcfc25aa0b47f5
ed1d1b3f8b2afd9d270282f627b1cd703754c6ce
2809723acf9e985628400f9cc9af8b1029547dc42ecde7114ef181b3634629d6
GET /pagead/js/adsbygoogle.js?client=ca-pub-3146060301369196 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://usaupload.com
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 29 Dec 2022 18:09:35 GMT
expires: Thu, 29 Dec 2022 18:09:35 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 15207311304477817829
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 49665
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 29 Dec 2022 17:34:02 GMT
expires: Thu, 29 Dec 2022 19:34:02 GMT
cache-control: public, max-age=7200
age: 2133
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash aff94ab908d47a02a12d3a22aa7532ae
1dc1591860c8cf9d2044c2e0738013688844770d
1dbe84578c7cb1c7886469e36ed6ddc11a9d1892e46dcdcd6d6533331e64a1a3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0a08dc71eb7ba3512abb4d29505eb034
e66404bda80b355bae30b0d4db3daa193a6e4276
357891f99263d30eaded85985217d9627cd60369ee8d01a7eacdb2d0f2d8b2dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 970
Cache-Control: max-age=141201
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:35 GMT
Etag: "63ad58a7-1d7"
Expires: Sat, 31 Dec 2022 09:22:56 GMT
Last-Modified: Thu, 29 Dec 2022 09:06:47 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
googleads.g.doubleclick.net/pagead/html/r20221207/r20190131/zrt_lookup.html
216.58.207.226200 OK 4.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20221207/r20190131/zrt_lookup.html
IP 216.58.207.226:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2579)
Hash 2fb3574102373e2e076cfa2ff90cdf25
d06c985183def975546d6e47ab6369c11dcf7195
e61cbc207f7fc2f429deceff11e7a339a3d9a9574da6d035054eba02ee381345
GET /pagead/html/r20221207/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4242
x-xss-protection: 0
date: Thu, 29 Dec 2022 15:28:25 GMT
expires: Thu, 12 Jan 2023 15:28:25 GMT
cache-control: public, max-age=1209600
age: 9670
etag: 10353107486223812946
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c9a6a4c5ca0c5f3edafc44366269c44a
9d5e3d681a413142372bd90d7a52a333b5051f0f
ddaa67b57bc244d6eeb7dc8e0b9f0fb4a46876df61cd612c74442e7f328a5101
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5c99bc2bdc49e510ab1eaaba3318e81f
a26e89bef2ccb2aee1a8638f4164d130bd7c290f
e8879091414885eab109e13ccb0216ec0c103f744ecbec5ed13628cf1803427f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=usaupload.com
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=usaupload.com
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=usaupload.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 29 Dec 2022 18:09:36 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=usaupload.com
142.250.74.130200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=usaupload.com
IP 142.250.74.130:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=usaupload.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 29 Dec 2022 18:09:36 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 33ddc91698b093b101c72304e1804b95
e3889a5dc96cdd04f981338f13489f72cb5d013c
b570ea4b5aa23c1b64d52e997e821f5f607e844529a0b810533fbdb06c93882d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8b09274f35f179f5864c1239bc5cab72
bdcba81321107acec70cf2473bdd19b4b99590e1
8fa4c07e35ccbf18d0821d7f84d680401fc0e3ffb7ec21d98afce1a10ff31679
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
35.86.38.2101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.86.38.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: V5f5jEG3ccfZz4mOc4cl/A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: O0KaB7/pVL2Pq6aSBRTEZE7iVds=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 58f16dc497b3f884e2c830bdf344cd80
322e70c4b62d1482294f69752ae325f8a705f231
91e58e3782d5091a0407a602836e1a853ce9b754f16c2df501c3c4d65ef136d0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=usaupload.com&callback=_gfp_s_&client=ca-pub-3146060301369196&gpid_exp=1
216.58.207.194200 OK 252 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=usaupload.com&callback=_gfp_s_&client=ca-pub-3146060301369196&gpid_exp=1
IP 216.58.207.194:0
File type ASCII text, with very long lines (393), with no line terminators
Hash 7e04d3ab91db89ce6808cbc9a095b5bf
a14f7237db41120fdfe88f67f273401efbb514f8
3e26baa1e57dbcfd5012efa3d05c445f01d92f7816de8570ef7e8530ec9ac796
GET /gampad/cookie.js?domain=usaupload.com&callback=_gfp_s_&client=ca-pub-3146060301369196&gpid_exp=1 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 29 Dec 2022 18:09:36 GMT
server: cafe
cache-control: private
content-length: 252
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 33ddc91698b093b101c72304e1804b95
e3889a5dc96cdd04f981338f13489f72cb5d013c
b570ea4b5aa23c1b64d52e997e821f5f607e844529a0b810533fbdb06c93882d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=usaupload.com
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=usaupload.com
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=usaupload.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 29 Dec 2022 18:09:36 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7254fcaa2965cbd6fa483a99adf4d5c0
4603e2526e3a9f4b37f15e12cb8e67511ce99ba9
80832b7b64b7d860b1473f90242bc4de0ca731bbe230b7b5a6ef4a08f95efc80
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 754cf019e3474c47b014e3a836711a24
a906a928c61650232f4a733c6d77e6f5d26f563d
7cec94a1e234f1c0c1f9f0bbad56fa596b7b1e3779d54503bbae40414630e252
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js
142.250.74.97200 OK 7.5 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js
IP 142.250.74.97:0
File type ASCII text, with very long lines (1542)
Hash 6f59900fa87e133bae329372aebefe36
260937d2934233c07b112f3564ec9eca7b529fd7
156c12ec7d6973b5742504716567b70740dd66bee9cc0e1a1608df56e77011fd
GET /pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 7480
x-xss-protection: 0
date: Thu, 29 Dec 2022 17:34:14 GMT
expires: Thu, 12 Jan 2023 17:34:14 GMT
cache-control: public, max-age=1209600
age: 2122
etag: 15631949847000551034
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite_fy2021.js
142.250.74.97200 OK 9.4 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite_fy2021.js
IP 142.250.74.97:0
File type ASCII text, with very long lines (1592)
Hash 5a5aa8d035ffaad9c0b8653b0a412d2f
f09fe4da7a3d328089a611e314d326aa5cb598f5
de6d29b666b737e039c2de5bedaf81dda437c47a79e17d0d10f188358916187a
GET /pagead/js/r20221207/r20110914/abg_lite_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 9443
x-xss-protection: 0
date: Wed, 28 Dec 2022 22:04:59 GMT
expires: Wed, 11 Jan 2023 22:04:59 GMT
cache-control: public, max-age=1209600
age: 72277
etag: 9828741834572772835
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
142.250.74.98200 OK 48 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP 142.250.74.98:0
File type ASCII text, with very long lines (3501)
Hash 0aea457deb170b60b680d7d723b4a6e2
3acbe700c709c2c5c07d6fb145ea7b448cc07a90
86c662679bc2508be7e8064c91055a3c5be7db2c24d58e5f27676f35702ba339
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 47725
date: Thu, 29 Dec 2022 18:09:36 GMT
expires: Thu, 29 Dec 2022 18:09:36 GMT
cache-control: private, max-age=3000
etag: "1670417373259609"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 281e831db193bdbb80e6ff33b3047078
91c685f3d3fa05fe966cd40c01fbf7e8f3a82ca6
d8f34ff19d7fa4165490af8228d1e3ab2a835c5cf02b80d2efe8203ade76e38d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 18:09:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/drt/ui
216.58.211.4302 Found 0 B URL HTTP/2 www.google.com/pagead/drt/ui
IP 216.58.211.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/drt/ui HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 29 Dec 2022 18:09:36 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221207&st=env
142.250.74.2200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221207&st=env
IP 142.250.74.2:0
File type JSON data\012- , ASCII text, with very long lines (14674), with no line terminators
Hash 1c34241798a80ae61ca6f8711f28adaa
e77fe0b6a405f3b9924cf22700f0c0d96ac5a4e2
b836bdd6ee74be022eec1d70978fae06d838d0dd6c62204ac1b51609852bdd10
GET /getconfig/sodar?sv=200&tid=gda&tv=r20221207&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://usaupload.com
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Thu, 29 Dec 2022 18:09:37 GMT
server: cafe
content-length: 11074
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18979
Expires: Thu, 29 Dec 2022 23:25:56 GMT
Date: Thu, 29 Dec 2022 18:09:37 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18979
Expires: Thu, 29 Dec 2022 23:25:56 GMT
Date: Thu, 29 Dec 2022 18:09:37 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18979
Expires: Thu, 29 Dec 2022 23:25:56 GMT
Date: Thu, 29 Dec 2022 18:09:37 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18979
Expires: Thu, 29 Dec 2022 23:25:56 GMT
Date: Thu, 29 Dec 2022 18:09:37 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18979
Expires: Thu, 29 Dec 2022 23:25:56 GMT
Date: Thu, 29 Dec 2022 18:09:37 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e77cad2-6b0d-46d1-a2e4-ce29f7cc173e.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e77cad2-6b0d-46d1-a2e4-ce29f7cc173e.jpeg
IP 34.120.237.76:0
File type gzip compressed data, max compression\012- data
Hash 0eb0cf7600b4cb43845fad8a6cf2de60
08de99c776fdfa86b22fee7fa932c7c073820149
dc6a8b6bb14194b3e90e6e85d3b975a454896a40a701e4551840ed1d10ae2c02
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e77cad2-6b0d-46d1-a2e4-ce29f7cc173e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8505
x-amzn-requestid: de8ce29e-7947-4c4f-95f5-14efae45cfda
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d4p9MGW9IAMFqdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63acf054-5cf23dcf7bdbd784373222a9;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 01:41:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: D6x3bwfydhVtrU5ZXbBbxfTYvW4S0EPViQTdwuverqNNdx7qHzJiqg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 01:49:22 GMT
age: 58815
etag: "9364105419c6662123999ed11912de21ad32f6ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4aacfdf9-29e5-4cca-88eb-1d7fb007e520.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4aacfdf9-29e5-4cca-88eb-1d7fb007e520.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 51406d6bd4a7322a475fc2a98267154e
9fa03002aa1974d4a9557cedad8bd5d7fefa52ad
a1858d9fd203972f0dc3fe97f36e07796b84f6e2851c9990d406f452793e3454
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4aacfdf9-29e5-4cca-88eb-1d7fb007e520.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11315
x-amzn-requestid: 77dd9348-e3a9-448e-8ae9-499d5d672a41
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d4GZpGTRIAMFTUg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63acb770-7dec07d1447e6f10125b8b6f;Sampled=0
x-amzn-remapped-date: Wed, 28 Dec 2022 21:38:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GSYumV2NSYm8rXhKjnqtKlPvR-Q8U2Uk67_wXkLubVExh2iwshz7BQ==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Dec 2022 21:42:23 GMT
age: 73634
etag: "9fa03002aa1974d4a9557cedad8bd5d7fefa52ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff495beea-cff9-4016-a188-b0f4b2547a59.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff495beea-cff9-4016-a188-b0f4b2547a59.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9592ede9af5f26a2748ba2e1e649ee1
7c99d49f3f6f9d1808bf7f7f17c1c3507838951e
e9b2526f714d4d123b80fca340737b450a3c09058d8f7c7b3b180e3509eb8d27
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff495beea-cff9-4016-a188-b0f4b2547a59.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7462
x-amzn-requestid: f433f7ae-20f5-4446-a7ce-4b88ec6d19ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d4GQxFceoAMF5GQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63acb737-509b4ce327ed792719fd2c58;Sampled=0
x-amzn-remapped-date: Wed, 28 Dec 2022 21:37:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vUpx0k9Eg5cG4EGjzp91A274liLuvkmgX7siRALfLiRNIvRmFCI7-g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Dec 2022 21:42:24 GMT
age: 73633
etag: "7c99d49f3f6f9d1808bf7f7f17c1c3507838951e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F456f5bce-faff-4228-812f-34f3dba57003.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F456f5bce-faff-4228-812f-34f3dba57003.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 58db86c1b07c8d9b8a0757bac6f388ee
e00f93653f15242afa913b8da63edf3de57c505c
04c97fe001f76973d740a8df0b46e4b0e3fb0383efa6b3c31cd24a3963ea3cd6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F456f5bce-faff-4228-812f-34f3dba57003.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4479
x-amzn-requestid: 896f1286-234b-4cfb-8d9a-7ba1161ea913
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dy1EWHA4IAMF4Rw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa9bb5-7c5035e15a3ed8ad7f9364c2;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 07:16:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GbW9VEQAVwF7xeX3RkwBgXi0nJ0sCfRAMVyE75nMC714jqkv4eXsjg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 07:16:17 GMT
age: 39200
etag: "e00f93653f15242afa913b8da63edf3de57c505c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46059ea9-17d4-4278-9387-8af033f275e1.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46059ea9-17d4-4278-9387-8af033f275e1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e100e2dc00534d3c6e4a4eccabd256d4
bb36fdbdd2ff78b5eac4becf508470d6f0a3512f
991a44a7aa774e41289f4b3ea2f13d0af69c86756d25763e81c274a9b3420e9a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46059ea9-17d4-4278-9387-8af033f275e1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5687
x-amzn-requestid: 471d328e-be03-4970-989e-3df8cfeb0508
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dyRhTFEkIAMFhtg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa62d4-2cc5cfe03405063e107f7cd4;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 03:13:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 152yzpQR6RzaHS87gKY8B3wuu9vnZvj1391HjcILecABkb8gVJjFcQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 03:46:14 GMT
age: 51803
etag: "bb36fdbdd2ff78b5eac4becf508470d6f0a3512f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac8e7926-34e8-4a65-ba5a-894c252c5826.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac8e7926-34e8-4a65-ba5a-894c252c5826.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b970ffab86fbe4a36726473524096ed1
92bc9a2cc454608eae4e310456f2ec180d4ccdca
9d9377466c1d69d25cbde0092dbebb8579ba3f172a001e3068690c7d7efc779c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac8e7926-34e8-4a65-ba5a-894c252c5826.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9103
x-amzn-requestid: d35b52dd-fc72-47ca-8232-00e48cd6d209
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d0z_EEruIAMFlQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab66c6-574a052f67683ba238966de5;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 21:42:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ohxADRAP902PofikgbhHb6N0yLainQlafqatm4eBQ1u5DHGr1r15Fg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Dec 2022 21:42:48 GMT
age: 73609
etag: "92bc9a2cc454608eae4e310456f2ec180d4ccdca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuZJYTTf918llQXBKIeflVAKy7afFqB3JbMsQ4UDc9sJGVcgPfC7ymJK0Sz_30eUapdd2S3V4dt-pzb7gDN1nsXE0qZjp24T50VuBjY5L7D7tJQfjfuRJn5JghUctetCMzZvUh2oQ&sai=AMfl-YSbce1Ftf0ZLlX5lQfeVPO6sgYnvb_k4on3UStt7pWDrFf-FCBpY0ur6-6zLie606nx6mm10mbR_5Q_eeY&sig=Cg0ArKJSzKPse8ronVNMEAE&cid=CAQSGwDq26N92Mu6O1CnRRvi3Ki8kJCFQXIeN7JDcRgBIBM&id=lidar2&mcvt=1000&p=35,0,315,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1213588912&rs=2&la=1&cr=0&vs=4&r=v&rst=1672337370515&rpt=1170&met=mue&wmsd=0&pbe=0
142.250.74.2200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuZJYTTf918llQXBKIeflVAKy7afFqB3JbMsQ4UDc9sJGVcgPfC7ymJK0Sz_30eUapdd2S3V4dt-pzb7gDN1nsXE0qZjp24T50VuBjY5L7D7tJQfjfuRJn5JghUctetCMzZvUh2oQ&sai=AMfl-YSbce1Ftf0ZLlX5lQfeVPO6sgYnvb_k4on3UStt7pWDrFf-FCBpY0ur6-6zLie606nx6mm10mbR_5Q_eeY&sig=Cg0ArKJSzKPse8ronVNMEAE&cid=CAQSGwDq26N92Mu6O1CnRRvi3Ki8kJCFQXIeN7JDcRgBIBM&id=lidar2&mcvt=1000&p=35,0,315,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1213588912&rs=2&la=1&cr=0&vs=4&r=v&rst=1672337370515&rpt=1170&met=mue&wmsd=0&pbe=0
IP 142.250.74.2:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pcs/activeview?xai=AKAOjsuZJYTTf918llQXBKIeflVAKy7afFqB3JbMsQ4UDc9sJGVcgPfC7ymJK0Sz_30eUapdd2S3V4dt-pzb7gDN1nsXE0qZjp24T50VuBjY5L7D7tJQfjfuRJn5JghUctetCMzZvUh2oQ&sai=AMfl-YSbce1Ftf0ZLlX5lQfeVPO6sgYnvb_k4on3UStt7pWDrFf-FCBpY0ur6-6zLie606nx6mm10mbR_5Q_eeY&sig=Cg0ArKJSzKPse8ronVNMEAE&cid=CAQSGwDq26N92Mu6O1CnRRvi3Ki8kJCFQXIeN7JDcRgBIBM&id=lidar2&mcvt=1000&p=35,0,315,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1213588912&rs=2&la=1&cr=0&vs=4&r=v&rst=1672337370515&rpt=1170&met=mue&wmsd=0&pbe=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://googleads.g.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: image/gif
date: Thu, 29 Dec 2022 18:09:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuYXy6ilqUniMr6mHXP78ShR5HrJdnkE6FDMF5UJX7pI9h4M0gCjS9DfbPhPVxqjDr9FxLbaPWyfv4Z-JOl7GhJbPa0fxvMBjKa8ZOTuccFQr3iQJN5DexO52OOQvPXpvFdbcKEnQ&sai=AMfl-YTi9XOGJCSsox78keMVC_MlUdS3Lx5PwjVhqJ18m0PKC9q2Zn_GJtT8RaFIePNwgM3sjXTthlQ9dmesoVQ&sig=Cg0ArKJSzNum1LC2b5EYEAE&cid=CAQSGwDq26N9LbJ0wHv1gmlOos_0QyX2btRSq87LlxgBIBM&id=lidar2&mcvt=1001&p=113,0,237,1005&mtos=611,831,1001,1119,1272&tos=611,220,170,118,153&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1672337371077&rpt=627&met=mue&wmsd=0&pbe=0
142.250.74.2200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuYXy6ilqUniMr6mHXP78ShR5HrJdnkE6FDMF5UJX7pI9h4M0gCjS9DfbPhPVxqjDr9FxLbaPWyfv4Z-JOl7GhJbPa0fxvMBjKa8ZOTuccFQr3iQJN5DexO52OOQvPXpvFdbcKEnQ&sai=AMfl-YTi9XOGJCSsox78keMVC_MlUdS3Lx5PwjVhqJ18m0PKC9q2Zn_GJtT8RaFIePNwgM3sjXTthlQ9dmesoVQ&sig=Cg0ArKJSzNum1LC2b5EYEAE&cid=CAQSGwDq26N9LbJ0wHv1gmlOos_0QyX2btRSq87LlxgBIBM&id=lidar2&mcvt=1001&p=113,0,237,1005&mtos=611,831,1001,1119,1272&tos=611,220,170,118,153&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1672337371077&rpt=627&met=mue&wmsd=0&pbe=0
IP 142.250.74.2:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pcs/activeview?xai=AKAOjsuYXy6ilqUniMr6mHXP78ShR5HrJdnkE6FDMF5UJX7pI9h4M0gCjS9DfbPhPVxqjDr9FxLbaPWyfv4Z-JOl7GhJbPa0fxvMBjKa8ZOTuccFQr3iQJN5DexO52OOQvPXpvFdbcKEnQ&sai=AMfl-YTi9XOGJCSsox78keMVC_MlUdS3Lx5PwjVhqJ18m0PKC9q2Zn_GJtT8RaFIePNwgM3sjXTthlQ9dmesoVQ&sig=Cg0ArKJSzNum1LC2b5EYEAE&cid=CAQSGwDq26N9LbJ0wHv1gmlOos_0QyX2btRSq87LlxgBIBM&id=lidar2&mcvt=1001&p=113,0,237,1005&mtos=611,831,1001,1119,1272&tos=611,220,170,118,153&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1672337371077&rpt=627&met=mue&wmsd=0&pbe=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://googleads.g.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: image/gif
date: Thu, 29 Dec 2022 18:09:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
65.109.18.14200 OK 0 B URL HTTP/2 usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert quad9 Sinkholed
GET /error?e=File+can+not+be+located%2C+please+try+again+later. HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, no-cache
date: Thu, 29 Dec 2022 18:09:34 GMT
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i
IP 142.250.74.106:0
GET /css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 29 Dec 2022 18:09:35 GMT
date: Thu, 29 Dec 2022 18:09:35 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
usaupload.com/6gs8/steam_vac_remover.rar?download_token=5084a30a925e2aae5b3d3cc384cadb9d844ea1f14acbf6413ada59a9ace7dbd2
65.109.18.14302 Found 0 B URL HTTP/2 usaupload.com/6gs8/steam_vac_remover.rar?download_token=5084a30a925e2aae5b3d3cc384cadb9d844ea1f14acbf6413ada59a9ace7dbd2
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert quad9 Sinkholed
GET /6gs8/steam_vac_remover.rar?download_token=5084a30a925e2aae5b3d3cc384cadb9d844ea1f14acbf6413ada59a9ace7dbd2 HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
content-type: text/html; charset=UTF-8
location: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
set-cookie: filehosting=3gef8p3b71emoha1ku3kakbtnl; expires=Fri, 30-Dec-2022 18:09:34 GMT; Max-Age=86400; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, no-cache
date: Thu, 29 Dec 2022 18:09:34 GMT
X-Firefox-Spdy: h2