send.cm/wdmov8rsawri/VA_-_Eurovision_Song_Contest_Rotterdam_2021-WEB-2021-ZzZz.rar
104.26.3.171301 Moved Permanently 0 B URL HTTP/1.1 send.cm/wdmov8rsawri/VA_-_Eurovision_Song_Contest_Rotterdam_2021-WEB-2021-ZzZz.rar
IP 104.26.3.171:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wdmov8rsawri/VA_-_Eurovision_Song_Contest_Rotterdam_2021-WEB-2021-ZzZz.rar HTTP/1.1
Host: send.cm
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 20 Oct 2022 20:52:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 20 Oct 2022 21:52:59 GMT
Location: https://send.cm/wdmov8rsawri/VA_-_Eurovision_Song_Contest_Rotterdam_2021-WEB-2021-ZzZz.rar
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VuTkajQJqBTMrZTRqkkHKxOnAfoqWFxxI2SAWf3FGtkwSBcsEwq8qd6VaeIEz2uz08hNYoDU2OXb5z7NPn1GCHUAiapWHSxP3Itdl9%2Ff1t3jV3qg%2B%2FQKcb0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75d4a3f26f28b521-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 24a97183f836954e0f05c4dc794ff4d1
52778bbe39b9f736c16b5798575d1d96607ce9d0
01f6721f2674f54662fff590fdf7247cc8c58a3f84906cae75527fb7b6dd2436
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01F6721F2674F54662FFF590FDF7247CC8C58A3F84906CAE75527FB7B6DD2436"
Last-Modified: Wed, 19 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16628
Expires: Fri, 21 Oct 2022 01:30:08 GMT
Date: Thu, 20 Oct 2022 20:53:00 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 20 Oct 2022 20:51:55 GMT
Expires: Thu, 20 Oct 2022 21:25:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: pbO7iq5sMyIrV2UekvQlnjAc3_QRiDS5OXMf1_zMGo_ISHxNNmI0xA==
Age: 65
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9dc4f23f82148797f6d8041bdda3c7f7
6841ded3e2dd94fd762316d01efd43f7aafb8354
e229db1854a85b320cee574e805210f3adf5797136ea820c0a0ce9abcd63d4dd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E229DB1854A85B320CEE574E805210F3ADF5797136EA820C0A0CE9ABCD63D4DD"
Last-Modified: Thu, 20 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16627
Expires: Fri, 21 Oct 2022 01:30:07 GMT
Date: Thu, 20 Oct 2022 20:53:00 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: XBL8vfHF+Qgo3FbE9DbHVly0aM7ET5Y9TAna8wfrj7tvkP8gDbX3xmh2BBFGixI7gVjdlVqdJvI=
x-amz-request-id: 80G76603P1F1DPH4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 20 Oct 2022 20:36:53 GMT
age: 967
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 20 Oct 2022 20:53:00 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Thu, 20 Oct 2022 20:43:40 GMT
Expires: Thu, 20 Oct 2022 21:33:23 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: z0__hRjyuyeYq6U8qB52wsygvszKrdkIv29cUwEO3yUtcrjT3ot9eg==
Age: 560
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 983e0f9566a73fec0c4705d47d90d691
a876a38c30bafa70a4bb4aa3d6a9c1fd3922c0b0
9f23408bd3cd092b5b7dc089f50ab3b044b1488b8de2947bedb481f20b3fec13
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1932
Cache-Control: max-age=99270
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:00 GMT
Etag: "63508e66-117"
Expires: Sat, 22 Oct 2022 00:27:30 GMT
Last-Modified: Wed, 19 Oct 2022 23:55:18 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 13b2ffd04752d468f707090604f6ed1c
94de24b43698a598b060edea68a4b1b5c6bf9879
98f0ad0db175ed53ed6b048cc4427f902c148adc378d833dcb8cd89d59397aad
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 12 kB IP 93.184.220.29:0
Hash 81033eb522245e7f8c6f6b500f025041
6d914bed711838d264906aec9e801312d85e01f5
8dbe402215b5ee8c83912ad2ba5f18bc9e8b9338b514d29212d1d25a25daecd0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1932
Cache-Control: max-age=99270
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:00 GMT
Etag: "63508e66-117"
Expires: Sat, 22 Oct 2022 00:27:30 GMT
Last-Modified: Wed, 19 Oct 2022 23:55:18 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279
www.googletagmanager.com/gtag/js?id=UA-3400026-25
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-3400026-25
IP 142.250.74.168:0
File type ASCII text, with very long lines (1588)
Hash f308c8d12061a4c9c8a44c8b22399849
29ebbe8afe510103b5fb81f4331570b76c9324c3
a0f22437e752c9a7d1225ca734c2591c916bd481443c4a1ab18bfbd7af92df0c
GET /gtag/js?id=UA-3400026-25 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 20 Oct 2022 20:53:00 GMT
expires: Thu, 20 Oct 2022 20:53:00 GMT
cache-control: private, max-age=900
last-modified: Thu, 20 Oct 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43602
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a5dd4f71f4ddd5be9201466ed7a6c423
1d0832fb6e227d42137d319f728c8bc1414c816f
1edffa6a320210fccbd0e5fa6dbdaa45561678a75a66639985f02791c8283b40
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4929
Cache-Control: max-age=131755
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:00 GMT
Etag: "63510196-1d7"
Expires: Sat, 22 Oct 2022 09:28:55 GMT
Last-Modified: Thu, 20 Oct 2022 08:06:46 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 13b2ffd04752d468f707090604f6ed1c
94de24b43698a598b060edea68a4b1b5c6bf9879
98f0ad0db175ed53ed6b048cc4427f902c148adc378d833dcb8cd89d59397aad
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a91a539a99bcec316d188e892b45b1dc
21b974f63c55f52935e2f838a649ea8291e38344
e120ad6962d8e3812917a5f8a287396a8dfac369d2c73515d2ac2f4b1f2fe49e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5471
Cache-Control: max-age=132688
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:01 GMT
Etag: "6351031e-117"
Expires: Sat, 22 Oct 2022 09:44:29 GMT
Last-Modified: Thu, 20 Oct 2022 08:13:18 GMT
Server: ECS (amb/6B7F)
X-Cache: HIT
Content-Length: 279
secureads.increaserev.com/InvalidAds/getcookietime.php?domain=send.cm
104.26.0.126200 OK 663 B URL HTTP/2 secureads.increaserev.com/InvalidAds/getcookietime.php?domain=send.cm
IP 104.26.0.126:0
File type JSON data\012- , ASCII text, with very long lines (366), with no line terminators
Hash 9ba3aeea44ff9b5ae6798f76e729e451
eb60c4375eb47a2b0885a0a100fa0f50c858b2fb
5b689f379c76bab9ec8eddbd4cc7f4db8adbe1b39d45d81aa247ba53d6ae23f7
GET /InvalidAds/getcookietime.php?domain=send.cm HTTP/1.1
Host: secureads.increaserev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-security-policy: upgrade-insecure-requests;
access-control-allow-origin: *
x-varnish: 30398891 24424400
age: 0
x-cache: HIT
x-cache-hits: 1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vgu2zFdnVkRlMiryTG9IYlSnGhvfDk%2FGSqGrnSBUTE%2B1OIzPIkffPSIe%2BYLFp8%2BvwFm%2F4pu%2BZig49Z5L6PaJLwec5hCLkOetENP2wC%2FM6Cms0sw3no5RJFwuugCOiPYB6yTqvbHpw1rxwY8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75d4a3f9a8f6b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.162.52.254101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.52.254:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Y6Ukv2I4XPONlIEvQNiF4w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 0414aGrdRBrcqqh7NGQ3Oyl/ndw=
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8326adf97558cb7dc54b0a6a3e3183fe
33034be825bd9f8da9cdd28c67610c15485302b5
1dbfc5ad5c68c8b9d46ef88f4434fb8ef972c5a7039313d464fda0870a0f4f1c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=152382
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:01 GMT
Etag: "6351656b-116"
Expires: Sat, 22 Oct 2022 15:12:43 GMT
Last-Modified: Thu, 20 Oct 2022 15:12:43 GMT
Server: nginx
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash be868809917278573c32ab6c90bbe73e
e955f21a65f5d06493900f9a4dc2595b2d95eae1
a5be625f164576bd8a6246e476c646cb6fb30a26f3cfa65d0400d574d85a8a74
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5827
Cache-Control: max-age=129779
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:01 GMT
Etag: "6350f65d-116"
Expires: Sat, 22 Oct 2022 08:56:00 GMT
Last-Modified: Thu, 20 Oct 2022 07:18:53 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 278
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash df37326e8b3c66797eb6cd79c75c6898
146e6146ea818cdf000e8f53f022263d247c12a0
359b400ae6c117bfb3274b803c8423dee6d2e06f6563fb14d9ca9f7686ea06a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "359B400AE6C117BFB3274B803C8423DEE6D2E06F6563FB14D9CA9F7686EA06A9"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16594
Expires: Fri, 21 Oct 2022 01:29:35 GMT
Date: Thu, 20 Oct 2022 20:53:01 GMT
Connection: keep-alive
tzegilo.com/stattag.js
172.67.194.45200 OK 5.5 kB IP 172.67.194.45:0
File type ASCII text, with very long lines (13017), with no line terminators
Hash fbe7deac7dcb0e444110e86caca4919f
29384d07b1d0ab24ebd332c67d927ccfc4422640
4e34b16621ac1fd9b312856cc0d1407e15b38b5ac2607569e24fc639c3b00565
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:01 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 14:05:58 GMT
etag: W/"634eb2c6-32d9"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 7031
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ubZystcvIFNIORDpJptvy70GbHNv5%2F6gtGpdPfcakkRCYowCFT%2By2B1oxKFiM6YrSOQL94uExuRFxu%2FDWP8gn2m5%2BFwbVpPnnq842zKTM8aoguL70yjhBv0mbM6iiw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d4a3fb8d8cb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8326adf97558cb7dc54b0a6a3e3183fe
33034be825bd9f8da9cdd28c67610c15485302b5
1dbfc5ad5c68c8b9d46ef88f4434fb8ef972c5a7039313d464fda0870a0f4f1c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1488
Cache-Control: max-age=153870
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:01 GMT
Etag: "6351656b-116"
Expires: Sat, 22 Oct 2022 15:37:31 GMT
Last-Modified: Thu, 20 Oct 2022 15:12:43 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 278
pl17142106.profitablegatetocontent.com/d2/0b/d9/d20bd9cc9099994d29386eab93410fd0.js
192.243.59.20200 OK 13 kB URL HTTP/1.1 pl17142106.profitablegatetocontent.com/d2/0b/d9/d20bd9cc9099994d29386eab93410fd0.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37139), with no line terminators
Hash 17ac3fdee712f45e398818775696ed05
bb6e270a216798398032cb9b6c29a83f1b4a114a
ae1e8620332b1b15afd27cb28fe6ecd750a29580c45dec5941def0e706028102
Analyzer Verdict Alert quad9 Sinkholed
GET /d2/0b/d9/d20bd9cc9099994d29386eab93410fd0.js HTTP/1.1
Host: pl17142106.profitablegatetocontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 20 Oct 2022 20:53:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b4e1fb691d58374f3277323dc0c1893d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash ba3d26d814fd2a5d2943024442b81095
d6f5425ffe9c64156c645971bd734a38b043bfa3
557c9e9afb6b1eaead8dfb87aadff02c9e5860dc9b94f45c9c7f7bf675e938de
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 20 Oct 2022 20:53:01 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 12:52:18 GMT
Expires: Thu, 27 Oct 2022 12:52:17 GMT
Etag: "d6f5425ffe9c64156c645971bd734a38b043bfa3"
Cache-Control: max-age=575355,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75d4a3fc7dc10afe-OSL
secureads.increaserev.com/InvalidAds/track.php?ip=undefined&domain=send.cm&type=send.js___default
104.26.0.126200 OK 15 B URL HTTP/2 secureads.increaserev.com/InvalidAds/track.php?ip=undefined&domain=send.cm&type=send.js___default
IP 104.26.0.126:0
Hash 571ff9c2455cdda3a8d9fd244ee119d1
a9445a4210bbaf66596ea792d190ce8766751098
236aa992787aa7f042908df1cd1e20dfe0b912ed877fecd677512cabc1ccb01f
GET /InvalidAds/track.php?ip=undefined&domain=send.cm&type=send.js___default HTTP/1.1
Host: secureads.increaserev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-security-policy: upgrade-insecure-requests;
access-control-allow-origin: *
x-varnish: 23588244 28779093
age: 1
x-cache: HIT
x-cache-hits: 6
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EXUsHcz9wR9gndBTczKsrmdQS8%2FU2SkrxnyvbnNaz%2F2LdNOAHE06TMruCGBVaROQPTMjR0jASLU%2BDOENSvkE4AJoWnF0s%2F7dI4ED7LQBuf1IN3J7W8OATVc5trRsMi1M5PC0uz1uS6MeqDY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75d4a3f998e0b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 9635018239402aa5f3633d6bf832194a
63fdff42ab78acd87e9384bc1ba277035ce560b5
4744af82c157cc7cebaf54d145d1c0da8eafdfc1d9509227888cadecb9eb0f94
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4828
Cache-Control: max-age=170890
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:01 GMT
Etag: "63519adb-117"
Expires: Sat, 22 Oct 2022 20:21:11 GMT
Last-Modified: Thu, 20 Oct 2022 19:00:43 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash a0599e5067cd89e17ce846b26bbd7009
9a505569f65e64258f707f6b991c97bfeece6d05
c922ca1b17506c5995aa0461360d8c08a0189e2bf0c8c48dbb2da23dc22bd2a1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 20 Oct 2022 20:53:01 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 18:25:22 GMT
Expires: Thu, 27 Oct 2022 18:25:21 GMT
Etag: "9a505569f65e64258f707f6b991c97bfeece6d05"
Cache-Control: max-age=595339,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75d4a3fd08ccb52d-OSL
my.rtmark.net/gid.js
139.45.195.8200 OK 23 kB IP 139.45.195.8:0
Hash 5c0190fa15f24867f652efd1986ffb2c
207cb83bb3d453c6181f2537fa7852dcb694c6ea
e88c573b54b45c366c9b0fd063fdd7f5803806c0e195232db91eab24ae884f53
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 20 Oct 2022 20:53:01 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://send.cm
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=1d0549d4d6b64266be072590e8b3f36c; expires=Fri, 20 Oct 2023 20:53:01 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/TyKyq2Syz7Q
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/TyKyq2Syz7Q
IP 142.250.74.3:0
Hash 8270dc9b5042518dfa259f5ec9f0cbd4
870971fa7a32a319469cb7f07c451b4dfea2846f
31a9af3dc2ae71a5b9681ea1cc57deddce4545f4cd8b779d19051e0bc49a0ce7
POST /s/gts1p5/TyKyq2Syz7Q HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:01 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash df23ee60bf0a685f1ff7ce7fecd178ae
d56df1f87e238d776f387946776b8ecf18f3bbcf
1a7e76aebdf538bce3f637d8c98f2da150f86d946ae590a644a2c5057d65d16e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "1A7E76AEBDF538BCE3F637D8C98F2DA150F86D946AE590A644A2C5057D65D16E"
Last-Modified: Wed, 19 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16648
Expires: Fri, 21 Oct 2022 01:30:29 GMT
Date: Thu, 20 Oct 2022 20:53:01 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash df23ee60bf0a685f1ff7ce7fecd178ae
d56df1f87e238d776f387946776b8ecf18f3bbcf
1a7e76aebdf538bce3f637d8c98f2da150f86d946ae590a644a2c5057d65d16e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "1A7E76AEBDF538BCE3F637D8C98F2DA150F86D946AE590A644A2C5057D65D16E"
Last-Modified: Wed, 19 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16648
Expires: Fri, 21 Oct 2022 01:30:29 GMT
Date: Thu, 20 Oct 2022 20:53:01 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash c691e52afbb447637eb7399688303160
17a6c533fdf78fd6075ac08361a72532b82f4db1
3d014505e3b925518c151b37945f4649e2ca978dee0b71bfc459a6d802dbe62f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=145718
Date: Thu, 20 Oct 2022 20:53:01 GMT
Etag: "63513f83-1d7"
Expires: Sat, 22 Oct 2022 13:21:39 GMT
Last-Modified: Thu, 20 Oct 2022 12:30:59 GMT
Server: ECS (nyb/1D16)
X-Cache: Miss from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Ygl2bMJfcdslcxWT5C7Sp-zTOfmkXtYhkNkV32mIIhqJBjRetIEtYQ==
Age: 3040
racareewituhi.xyz/utx?cb=9q9pVwo7nmxV&top=send.cm&tid=903813
54.230.111.88204 No Content 0 B URL HTTP/2 racareewituhi.xyz/utx?cb=9q9pVwo7nmxV&top=send.cm&tid=903813
IP 54.230.111.88:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=9q9pVwo7nmxV&top=send.cm&tid=903813 HTTP/1.1
Host: racareewituhi.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 20 Oct 2022 20:53:01 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://send.cm
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 20 Oct 2022 20:54:01 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GjbU2lQmliY5uwmnaU_018-7AXmWwnwqYzaFquTu3sKJunfAz3SGrQ==
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
3.74.98.52200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.74.98.52:0
File type ASCII text, with no line terminators
Hash 5f48df88a8066c136dcf6c58963e482b
73e9583c7099f8a7b37e2b960379c978a5fb82b4
fbe6a8cd193e03d7a1ea94ac2e8564b3a796cf24cb45c3695935e1cf4d80d2bf
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:01 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://send.cm
access-control-allow-credentials: true
set-cookie: uid_id2=4edb7c4c-cb92-43a9-ada2-8d99ffae0af0:3:1; expires=Sun, 17 Oct 2032 20:53:01 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
racareewituhi.xyz/TzY2bVQuVFUAay4LVEshPVoLSGYJEwQrMCIABBgtPFgFXyQ/QhgOOCBDUgsmIFhCQzoqQhNfEgdkcQkRHWN7AxcMWVwLEA55fyU8eVJwP2wrfnQEEBtVRyEAHVdwFAUjfFo0Ex9uf1QQfX9OIgcNV1IqGTl8ZwY+KnFjBRccUgIOOQZxfy4wagR0DhEKQXg+IzlhXCxnAl9FJx4mBlonBhlfey4eenVfHnF9cH0EMwN8YS8sDlp8HDAYbAQ7ZjgPVQMCDFJBCTkrWlUCGAwGTiVmCQVVFywpVV4dZSxzfF4WfWwEOy4WTGwDNyJQbiMgK3MDBTB8e1wsPWJVQyETCWB3AzA1UmAJZCt+eFwFIWwHJwd/YH8+GTxmcydmDgVGFAcXZFwjOiNhEAcnIFhGUAcuUFRcFjcHTwU
54.230.111.88200 OK 1.2 kB URL HTTP/2 racareewituhi.xyz/TzY2bVQuVFUAay4LVEshPVoLSGYJEwQrMCIABBgtPFgFXyQ/QhgOOCBDUgsmIFhCQzoqQhNfEgdkcQkRHWN7AxcMWVwLEA55fyU8eVJwP2wrfnQEEBtVRyEAHVdwFAUjfFo0Ex9uf1QQfX9OIgcNV1IqGTl8ZwY+KnFjBRccUgIOOQZxfy4wagR0DhEKQXg+IzlhXCxnAl9FJx4mBlonBhlfey4eenVfHnF9cH0EMwN8YS8sDlp8HDAYbAQ7ZjgPVQMCDFJBCTkrWlUCGAwGTiVmCQVVFywpVV4dZSxzfF4WfWwEOy4WTGwDNyJQbiMgK3MDBTB8e1wsPWJVQyETCWB3AzA1UmAJZCt+eFwFIWwHJwd/YH8+GTxmcydmDgVGFAcXZFwjOiNhEAcnIFhGUAcuUFRcFjcHTwU
IP 54.230.111.88:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3012), with no line terminators
Hash bb13426d96bd373eefcfd9919976da94
ceae02458e92f3f7b3761e87f56b48524dde424e
3c03bc2b0706de8652d61d81ea4d019ec2f37254939b5bde0312d79238f6c174
GET /TzY2bVQuVFUAay4LVEshPVoLSGYJEwQrMCIABBgtPFgFXyQ/QhgOOCBDUgsmIFhCQzoqQhNfEgdkcQkRHWN7AxcMWVwLEA55fyU8eVJwP2wrfnQEEBtVRyEAHVdwFAUjfFo0Ex9uf1QQfX9OIgcNV1IqGTl8ZwY+KnFjBRccUgIOOQZxfy4wagR0DhEKQXg+IzlhXCxnAl9FJx4mBlonBhlfey4eenVfHnF9cH0EMwN8YS8sDlp8HDAYbAQ7ZjgPVQMCDFJBCTkrWlUCGAwGTiVmCQVVFywpVV4dZSxzfF4WfWwEOy4WTGwDNyJQbiMgK3MDBTB8e1wsPWJVQyETCWB3AzA1UmAJZCt+eFwFIWwHJwd/YH8+GTxmcydmDgVGFAcXZFwjOiNhEAcnIFhGUAcuUFRcFjcHTwU HTTP/1.1
Host: racareewituhi.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1169
date: Thu, 20 Oct 2022 20:53:01 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xJkiRPSZ2TJ6MHg3NNuO4O9GtRi2dlbvyMfwwZUDG1eUuIdxvS3jRg==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash df23ee60bf0a685f1ff7ce7fecd178ae
d56df1f87e238d776f387946776b8ecf18f3bbcf
1a7e76aebdf538bce3f637d8c98f2da150f86d946ae590a644a2c5057d65d16e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "1A7E76AEBDF538BCE3F637D8C98F2DA150F86D946AE590A644A2C5057D65D16E"
Last-Modified: Wed, 19 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16647
Expires: Fri, 21 Oct 2022 01:30:29 GMT
Date: Thu, 20 Oct 2022 20:53:02 GMT
Connection: keep-alive
oherhome.xyz/S1FlVDFkbgYnDB8/MzV8JmhAZnMaPBIXZ3gpIDVgGTABZH86E1Q7Fz84AWkIe2JdZQJtIQwwDHp3FiBQPyQWaQBtOAsyXnZ3E2kAZWJRegNyf1VyRHZgQyBBKjZYZRc7JRE4DHpnU2IDcmhUbQJ7ZV0
172.67.155.180204 No Content 0 B URL HTTP/2 oherhome.xyz/S1FlVDFkbgYnDB8/MzV8JmhAZnMaPBIXZ3gpIDVgGTABZH86E1Q7Fz84AWkIe2JdZQJtIQwwDHp3FiBQPyQWaQBtOAsyXnZ3E2kAZWJRegNyf1VyRHZgQyBBKjZYZRc7JRE4DHpnU2IDcmhUbQJ7ZV0
IP 172.67.155.180:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /S1FlVDFkbgYnDB8/MzV8JmhAZnMaPBIXZ3gpIDVgGTABZH86E1Q7Fz84AWkIe2JdZQJtIQwwDHp3FiBQPyQWaQBtOAsyXnZ3E2kAZWJRegNyf1VyRHZgQyBBKjZYZRc7JRE4DHpnU2IDcmhUbQJ7ZV0 HTTP/1.1
Host: oherhome.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 20 Oct 2022 20:53:02 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IepmijN1kk0jrSTqHoffvZAsVsUIYaNO0yJUcc9fKYbit1Iyjeg5Fsa7KjlOmfUvagTDRPFed9fgWNBmFYVCa56ZvjuBPvqSyAsF%2F88523MyH38lfc7BvU%2BzcqT4kGY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75d4a3febc4d0af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 9635018239402aa5f3633d6bf832194a
63fdff42ab78acd87e9384bc1ba277035ce560b5
4744af82c157cc7cebaf54d145d1c0da8eafdfc1d9509227888cadecb9eb0f94
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4829
Cache-Control: max-age=170890
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:02 GMT
Etag: "63519adb-117"
Expires: Sat, 22 Oct 2022 20:21:12 GMT
Last-Modified: Thu, 20 Oct 2022 19:00:43 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/s/gts1p5/TyKyq2Syz7Q
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/TyKyq2Syz7Q
IP 142.250.74.3:0
Hash 8270dc9b5042518dfa259f5ec9f0cbd4
870971fa7a32a319469cb7f07c451b4dfea2846f
31a9af3dc2ae71a5b9681ea1cc57deddce4545f4cd8b779d19051e0bc49a0ce7
POST /s/gts1p5/TyKyq2Syz7Q HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:02 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3f290cedd01b4a81b6a04cc063ffae78
bee7247a8fe4989960ee73053fd70ac45859b066
9a334b44fbaf8c430e23d564b2ccc751f1313d60bfe545b49ab4f56cf8d9323d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 266
Cache-Control: max-age=127478
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:02 GMT
Etag: "6351031a-1d7"
Expires: Sat, 22 Oct 2022 08:17:40 GMT
Last-Modified: Thu, 20 Oct 2022 08:13:14 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aa4e4decf9754b159cfec13a9fbda4a6
996be3f45d6f1d6edcf8dd0fb5fd28ce8c0f1ddf
a00833ede543721271030f484d6b682de199cb72daef7e6a13bc95284399131a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8709f3baa978d291fda131e2f445ddda
987cf815a2d18b4aeb0a1047e9e7f8783dde6d88
b24f6a13ff0a1f888143ad742bf32a2b80e3d7f5a903d2e59e1dbfbf1a1a3e11
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.hostip.info/get_json.php
104.21.7.251200 OK 556 B URL HTTP/2 api.hostip.info/get_json.php
IP 104.21.7.251:0
File type JSON data\012- , ASCII text, with no line terminators
Hash cca965267f19267b2f36b285414f4795
b0d206c9d83b49c5c5252f71761c1e0e9608a19b
6954573c8b262216b3f8daff1c6fcd394285c195fb0c29f506652ef2ef69369a
GET /get_json.php HTTP/1.1
Host: api.hostip.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:01 GMT
content-type: application/json; charset=iso-8859-1
expires: Fri, 21 Oct 2022 20:53:01 GMT
last-modified: Thu, 20 Oct 2022 20:53:01 GMT
cache-control: public, max-age=86400
pragma: !invalid
access-control-allow-origin: *
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=56oB0va9fLvy%2BMtuLF7e0xHX01ogolZ9b4%2FnyNwGjcyRuT%2F9v9r7fZstvwmLSERd7pP4uVAcVdZn69N3pA3gWlzBA0qvmwRQVp6GXkMKxsOwjyY44ABkE0H26CV%2F0yj1upc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75d4a3fb7e4db51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/tag/js/gpt.js
216.58.207.194200 OK 28 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 216.58.207.194:0
File type ASCII text, with very long lines (45030)
Hash bf30706ebb892c9882f35d4cd83df01f
1e853b88faac40056235535924ba2b02d8e3dbec
4150b7c2bb06d886786d34750fabe44493c71f7849d88a9dac2a4287f566cb4e
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27633
date: Thu, 20 Oct 2022 20:53:02 GMT
expires: Thu, 20 Oct 2022 20:53:02 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1370 / 142 of 1000 / last-modified: 1666278963"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (382)
Hash 753c8004493a7bca6a7e5d155585794e
baf706e25010523b3b0ca4201ab6ae1568437454
b7a49c9cab72f615286b4137646614602453eb8013a113c2c1f90f57658d29c6
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 20 Oct 2022 20:53:02 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1275678292%3A1666299182100635&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrT6gtP0os0dhc5r7pkE0CMyol1G55jbiZW6mjmlKR2ZYOax1R81eFcmETecT5rnY8-eo1c
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-WUfqB-dMQCWb_ZX3lissIA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:7o0eWFtTsrKqAwsqVIyyhoPfd2nhlw:F6bDLxlReDJAgFNe;Path=/;Expires=Sat, 19-Oct-2024 20:53:02 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
creepingbrings.com/sfp.js
172.64.129.12200 OK 28 kB URL HTTP/2 creepingbrings.com/sfp.js
IP 172.64.129.12:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 5d6534c3d77b23dbcc77a430607fd37c
b4e06f436f062f4ce863bae7a68b9cdf00fd222f
764267368b7c53555754d06238b124ccb24654222aaab3014e06bb460d549cf2
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:01 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: e3d1c5a5cadb23b1c1f3a72d81978bb3
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 20 Oct 2022 20:53:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XhBYNeZ7s2qX3Gm8GtTj6IuPMpCeszKQtWrnK5Z939S9WeYvI54w1uFgWWDxXRlVdcSaRNkzwBSay0VZExKtWIEs90KXJGQVR1NjuLOFQm7L0qUh8mEgqj%2FqqiKnJvHVt7eGBKA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d4a3fe8a20067a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8709f3baa978d291fda131e2f445ddda
987cf815a2d18b4aeb0a1047e9e7f8783dde6d88
b24f6a13ff0a1f888143ad742bf32a2b80e3d7f5a903d2e59e1dbfbf1a1a3e11
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9913b2fe72036775e678417cac56a8df
27c2b0d99c3827f12c343763d8ba33c6e2d73188
32c6987be8e8c289fbb1f31350783dbc22003be71e80aa3d4acb293b434d805e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 477 B IP 93.184.220.29:0
Hash b92a27cf67bda7255fbf050c40b3d11d
8be8623c0daff795395336cca215d242b59235a4
c41e7282e3b465f66e110d79afb3286a6415c169ad0061921153bc5018b52d1a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 266
Cache-Control: max-age=127478
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:02 GMT
Etag: "6351031a-1d7"
Expires: Sat, 22 Oct 2022 08:17:40 GMT
Last-Modified: Thu, 20 Oct 2022 08:13:14 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
gloaphoo.net/500/4856335?excludes=&oaid=1d0549d4d6b64266be072590e8b3f36c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fsend.cm%2Fwdmov8rsawri%2FVA_-_Eurovision_Song_Contest_Rotterdam_2021-WEB-2021-ZzZz.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 0 B URL HTTP/2 gloaphoo.net/500/4856335?excludes=&oaid=1d0549d4d6b64266be072590e8b3f36c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fsend.cm%2Fwdmov8rsawri%2FVA_-_Eurovision_Song_Contest_Rotterdam_2021-WEB-2021-ZzZz.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/4856335?excludes=&oaid=1d0549d4d6b64266be072590e8b3f36c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fsend.cm%2Fwdmov8rsawri%2FVA_-_Eurovision_Song_Contest_Rotterdam_2021-WEB-2021-ZzZz.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: gloaphoo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://send.cm/
Origin: https://send.cm
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 20 Oct 2022 20:53:02 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://send.cm
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 28 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (30272)
Hash c02435bc2b44b2019092217bf1ffb617
5fd62caae67599810770dcbd2c416db0c65be6c0
3ea8139800e2caf0a4263b3a27d590badbdfb5a5dbf4b872b579c68d93c1c7c2
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 1FoS1MDJAlqX9TZib/ccU2MAqWsIke7gIl259lfquYKnd0L3S7M+UI+uQV3qX2pamBSwEecL0uKsiOjlRQnpOA==
date: Thu, 20 Oct 2022 20:53:02 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
gloaphoo.net/500/4856335?excludes=&oaid=1d0549d4d6b64266be072590e8b3f36c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fsend.cm%2Fwdmov8rsawri%2FVA_-_Eurovision_Song_Contest_Rotterdam_2021-WEB-2021-ZzZz.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 14 kB URL HTTP/2 gloaphoo.net/500/4856335?excludes=&oaid=1d0549d4d6b64266be072590e8b3f36c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fsend.cm%2Fwdmov8rsawri%2FVA_-_Eurovision_Song_Contest_Rotterdam_2021-WEB-2021-ZzZz.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash 0d962d6bbadeaaf66575d72db024bb5d
05f53d1b80d86d199729f1c155096f99aeff95f3
9404acfa38fd1f2b43cc4d9c8377963e08ee0b3f102fe48fe87eb1b1ba78e21e
Analyzer Verdict Alert quad9 Sinkholed
GET /500/4856335?excludes=&oaid=1d0549d4d6b64266be072590e8b3f36c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fsend.cm%2Fwdmov8rsawri%2FVA_-_Eurovision_Song_Contest_Rotterdam_2021-WEB-2021-ZzZz.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: gloaphoo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Cookie: OAID=8d186f75f4194ff7a8a3d997f2cc1702
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 20 Oct 2022 20:53:02 GMT
content-type: application/javascript
x-trace-id: bcab92f22900a22a6e65fca7b83fe076
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://send.cm
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=1d0549d4d6b64266be072590e8b3f36c; expires=Fri, 20 Oct 2023 20:53:02 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
dm62uysn32ppt.cloudfront.net/HRGdERUMnCCojfDAOIHh6dFR8dHBiDTcqLTRaFyQlJlYGPXI9D2IxOSBadGMvJQkjeGUhCSd4cmIGICd+cEEwNSwvWjA3MisJJi0lJRViMCJ5Cis/KigLJWBxAlJqdWZ2V2w9cnVCdwdmdlcoLC0xH2F3czxfchp1cEJ3B2Z2VzYzZncmfXNtdE5hd3MjAi-cuLGFVAndzdVd0dHN1QnZ1JS0VISMsPEJ2A3pySXRjNnlW
54.230.245.137200 OK 480 B URL HTTP/2 dm62uysn32ppt.cloudfront.net/HRGdERUMnCCojfDAOIHh6dFR8dHBiDTcqLTRaFyQlJlYGPXI9D2IxOSBadGMvJQkjeGUhCSd4cmIGICd+cEEwNSwvWjA3MisJJi0lJRViMCJ5Cis/KigLJWBxAlJqdWZ2V2w9cnVCdwdmdlcoLC0xH2F3czxfchp1cEJ3B2Z2VzYzZncmfXNtdE5hd3MjAi-cuLGFVAndzdVd0dHN1QnZ1JS0VISMsPEJ2A3pySXRjNnlW
IP 54.230.245.137:0
File type ASCII text, with very long lines (658), with no line terminators
Hash 77110461e5be33dffd960761debc8f13
93f75339729437e918c5a3e101f033b6d70b59de
0943c66504558b028340ceb7d43ceae73eb0109dea3268da0d974d7c1fe68606
GET /HRGdERUMnCCojfDAOIHh6dFR8dHBiDTcqLTRaFyQlJlYGPXI9D2IxOSBadGMvJQkjeGUhCSd4cmIGICd+cEEwNSwvWjA3MisJJi0lJRViMCJ5Cis/KigLJWBxAlJqdWZ2V2w9cnVCdwdmdlcoLC0xH2F3czxfchp1cEJ3B2Z2VzYzZncmfXNtdE5hd3MjAi-cuLGFVAndzdVd0dHN1QnZ1JS0VISMsPEJ2A3pySXRjNnlW HTTP/1.1
Host: dm62uysn32ppt.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://racareewituhi.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 480
date: Thu, 20 Oct 2022 20:53:02 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: or0v7JfMsU2BlsZfOuoqgHI3j-g3wbTlkSJYAPCUdFLAAFKLmaTs2g==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16628
Expires: Fri, 21 Oct 2022 01:30:10 GMT
Date: Thu, 20 Oct 2022 20:53:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16628
Expires: Fri, 21 Oct 2022 01:30:10 GMT
Date: Thu, 20 Oct 2022 20:53:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16628
Expires: Fri, 21 Oct 2022 01:30:10 GMT
Date: Thu, 20 Oct 2022 20:53:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16628
Expires: Fri, 21 Oct 2022 01:30:10 GMT
Date: Thu, 20 Oct 2022 20:53:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16628
Expires: Fri, 21 Oct 2022 01:30:10 GMT
Date: Thu, 20 Oct 2022 20:53:02 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1c50c7d-8321-4dac-aa20-04a81680db07.png
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1c50c7d-8321-4dac-aa20-04a81680db07.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8ee7bd4412c0b0eb678b9d53b07bdd9a
a8ba1a075a9c5501d043b9b14c45ed6bcd684e68
2499b2c4414108ed742986b90ca2a1b60c3fd65a82a78322031263650e935c7e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1c50c7d-8321-4dac-aa20-04a81680db07.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10554
x-amzn-requestid: 343fc462-3654-48cb-bb4f-0d0d54c07b58
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aRX9REoMoAMF21g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63506d21-152a7b145b9fcb0e0a97db57;Sampled=0
x-amzn-remapped-date: Wed, 19 Oct 2022 21:33:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kpcuEgGxL1lp6g9MIzYRrJbEYNMxoM0jAOor7pqELF-cXuC2Io99UA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 19 Oct 2022 21:47:22 GMT
age: 83140
etag: "a8ba1a075a9c5501d043b9b14c45ed6bcd684e68"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1da8a8e-07d7-4788-a750-b444d5b94049.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1da8a8e-07d7-4788-a750-b444d5b94049.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa40305eef05745db4726fd428bd8b84
b957772b40c2485d9a50038d9ffa490f85fe1db9
19735ce0eebf21dd8029a7d0766061ad446232b20b2ac3c9d8b138b263f8fde2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1da8a8e-07d7-4788-a750-b444d5b94049.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9746
x-amzn-requestid: 483d8ab7-5f45-489a-b610-ae9fe9d635d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z1AKaEtcIAMFxnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634513dc-027bf86916a9f9dd239ce02f;Sampled=0
x-amzn-remapped-date: Tue, 11 Oct 2022 06:57:32 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Xdy89VB2nPsc5-qy0_aLm-49RUExzR-kVzzi_TmLV7zpkQJfGBXvHA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Thu, 20 Oct 2022 17:58:07 GMT
age: 10495
etag: "b957772b40c2485d9a50038d9ffa490f85fe1db9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe8f8dbb-6db1-4393-8432-8bd91e43c7e5.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe8f8dbb-6db1-4393-8432-8bd91e43c7e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x148, components 3\012- data
Hash ca7d28a29be4cb2dc27c7b45e3aee38b
14a7c5b46fc6ef025c2520c5938a7a7d468e9f5f
0ab860ad47e50297b9b85651506a370785f5f38caaf10838b8816f3068a00027
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe8f8dbb-6db1-4393-8432-8bd91e43c7e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5628
x-amzn-requestid: 03007358-e621-462d-9344-270369820cdf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aRZKEFWpIAMFaKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63506f0d-19a8fbfa1bee2b0e37f76244;Sampled=0
x-amzn-remapped-date: Wed, 19 Oct 2022 21:41:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: V8YNydT8rLBQCGo12Jjfn9vKWK8jXfxs-GqjtVXlk1P2DBxH3hqzLw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Wed, 19 Oct 2022 22:04:23 GMT
age: 82119
etag: "14a7c5b46fc6ef025c2520c5938a7a7d468e9f5f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab5d17f5-6084-45a5-9677-8ae8646d6ee1.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab5d17f5-6084-45a5-9677-8ae8646d6ee1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 81216ad70664e969888ae7b13871fda0
6b15c7d7abb9ff1cc040853401ad5a39f81c19a4
7294e93d890b4c8eeb8383a67aac0be8b88cac5e0882865c9f38ade713157799
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab5d17f5-6084-45a5-9677-8ae8646d6ee1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9607
x-amzn-requestid: 590b20a6-039c-4c25-a61a-5f579c5b31f2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aRZj6HZ7oAMFsSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63506fb2-04b740c442ae735347b4e2c3;Sampled=0
x-amzn-remapped-date: Wed, 19 Oct 2022 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: bL5fVog2SuW8ZNt9a0ECc8jwcAELUBVo63LXPovdnIRxCRnsMWVvvQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 19 Oct 2022 21:49:50 GMT
age: 82992
etag: "6b15c7d7abb9ff1cc040853401ad5a39f81c19a4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F927829d0-802f-4d0d-b566-d5875b574c9a.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F927829d0-802f-4d0d-b566-d5875b574c9a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fd91971508ef6f5985a0017dfcdd73e
e94567c4fe3adade32f19c8c3053a486fe8c3ac9
34966351275d61a81528a5b5eedef55878d9f7b9c0af311ead9471dda8a02e41
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F927829d0-802f-4d0d-b566-d5875b574c9a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7098
x-amzn-requestid: 2f4f7eac-181e-4fe2-b3de-5b22e9e9b9ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aRYSPGRMIAMFZAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63506da7-42ed935836382b62301fc3e5;Sampled=0
x-amzn-remapped-date: Wed, 19 Oct 2022 21:35:35 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 3mTReybPYr9-3La4Em1Uxi6qekm1bmxosNDCFy3m5AT52Kj37jgeFQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Wed, 19 Oct 2022 22:01:35 GMT
age: 82287
etag: "e94567c4fe3adade32f19c8c3053a486fe8c3ac9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
increaserev.com/ads/ob/tagf/send.js
104.26.1.126200 OK 29 kB URL HTTP/2 increaserev.com/ads/ob/tagf/send.js
IP 104.26.1.126:0
File type ASCII text, with very long lines (4245), with CRLF line terminators
Hash 389a08253d9b152ec11fe135e3202187
e255ea9c66c5c8eccdae06bbeb4f32881a0fd2e4
04b5b3a7e90831d5f91416a3d4aee3cb32b55468873f93958301c56008acf596
GET /ads/ob/tagf/send.js HTTP/1.1
Host: increaserev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:00 GMT
content-type: application/javascript
last-modified: Thu, 25 Aug 2022 12:43:53 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: origin, x-requested-with, content-type
access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1487
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tnPQ%2BgtR2qa4zWdCNwLL8lCLLgXfVUBn7LJMAYhbUzdmzLwUvd4vw1qarM0Y3AO0%2F%2BMbjJ%2BIlrTdQaJq24hjAkrc%2Bu%2FcYIqVZysv2Dhc%2B5x1yZ%2FtiBVE%2FtZBEAgmy5XtCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75d4a3f8de0eb506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 20 Oct 2022 20:41:09 GMT
expires: Thu, 20 Oct 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 713
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f0b55633a85caa84bbab66d84cfeaefd
f26db3965219030d152064bc0893b6e2bfcb4957
6f74b2dc627a54e47e4f1ac97fae03d25e5557d2b7e6efd4856e929788e9f956
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 1.3 kB IP 142.250.74.3:0
File type gzip compressed data, max compression\012- data
Hash a705e1c6037bd4ccfc40c9bf73fca209
51cd9309711c42b32cfd179b2120fa0309bda147
5693aa71ddcf1825725863c480a7f23d4fedc56995da74440ec502b127dcb8e6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=send.cm
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=send.cm
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=send.cm HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 20 Oct 2022 20:53:02 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=send.cm
216.58.207.194200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=send.cm
IP 216.58.207.194:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=send.cm HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 20 Oct 2022 20:53:02 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d1e68d9826caf3c02ff5ac5b2548b5e8
17569b6559c6209b27e361a1ad2e776d30d5153e
cd019dac6322dbef863a8bd714bc559d552a5ebf023563a75cdb7f689c3f8d61
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CD019DAC6322DBEF863A8BD714BC559D552A5EBF023563A75CDB7F689C3F8D61"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16819
Expires: Fri, 21 Oct 2022 01:33:21 GMT
Date: Thu, 20 Oct 2022 20:53:02 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f0b55633a85caa84bbab66d84cfeaefd
f26db3965219030d152064bc0893b6e2bfcb4957
6f74b2dc627a54e47e4f1ac97fae03d25e5557d2b7e6efd4856e929788e9f956
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6894994e02f8f5ba7b41315e467ec514
20381d88239721ae42a0637d67417a19b41af581
df9e40affa62e2ef3a0797b0fbb3093c9906ce8254a035f547553d563a329505
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1dc5cd6504a1cf008a51203f1f90180a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
142.250.74.65200 OK 3.1 kB URL HTTP/2 1dc5cd6504a1cf008a51203f1f90180a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5835)
Hash 3fa5e95a358d660ddb3c45769ae1357f
5f6164fbaf8cfbccfd061b00ae48dedfc16bbcd9
d32f4b680031c0e11222eb17385aa9d3b11d2903b05bff34c3d4eb6292631137
GET /safeframe/1-0-38/html/container.html HTTP/1.1
Host: 1dc5cd6504a1cf008a51203f1f90180a.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 20 Oct 2022 20:53:02 GMT
expires: Fri, 20 Oct 2023 20:53:02 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022101701&st=env
142.250.74.2200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022101701&st=env
IP 142.250.74.2:0
File type JSON data\012- , ASCII text, with very long lines (14681), with no line terminators
Hash d8673e47bc119a75cb92ab5092295bf2
02a43e11c0ee09b6f937145bc25dadb76eb9ad59
7b39773b934e4c11a8e170c4d0763e4ddd1b6d582c5a4de3ee1813045588085d
GET /getconfig/sodar?sv=200&tid=gpt&tv=2022101701&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 20 Oct 2022 20:53:02 GMT
server: cafe
cache-control: private
content-length: 11150
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 066b536af9766c6c92adf875fc3cb2e3
12fab069d9413c1c88b71c2414b7d50801830266
ca3f2d37e6ce50fcd319367e4442e699f878f15ef2f286c74b1cbd3d8ace4f9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
142.250.74.33200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Thu, 20 Oct 2022 20:53:03 GMT
expires: Thu, 20 Oct 2022 20:53:03 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
142.250.74.33200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 142.250.74.33:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 18 Oct 2022 21:21:44 GMT
expires: Wed, 18 Oct 2023 21:21:44 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 171079
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 1.3 kB IP 142.250.74.3:0
File type gzip compressed data, max compression\012- data
Hash 725d5e1be25ea84c41fbe28ffae186e8
fdcb48ba40f3c16b25f3f11e07e0ae15fd206ca0
c5eb9939a28b54c3b6962a5ae1be4f7bade40137a11c4c3d2b68df828bd5a1ba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9f4b1d3c4fdfbd28fa4afc92115bd9f9
365125fe68f668bae6f3c13ef21d92bb00783ebe
92ea3ab34acb6f2464ef06496365dd1a54767519d3429346849898739bf05bb5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hermichermicfurnished.com/sbar.json?key=d20bd9cc9099994d29386eab93410fd0&uuid=4edb7c4c-cb92-43a9-ada2-8d99ffae0af0%3A3%3A1
173.233.137.60200 OK 3.8 kB URL HTTP/1.1 hermichermicfurnished.com/sbar.json?key=d20bd9cc9099994d29386eab93410fd0&uuid=4edb7c4c-cb92-43a9-ada2-8d99ffae0af0%3A3%3A1
IP 173.233.137.60:0
File type JSON data\012- , ASCII text, with very long lines (5610), with no line terminators
Hash f6d5c0ee96483eea026b9636554e5658
902423243a0c0d9468f4c5c105dba33466fcf6ea
1f1ee244495470688f57d63069d81bae49d498b239dad0cf8553e65cd5630d72
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=d20bd9cc9099994d29386eab93410fd0&uuid=4edb7c4c-cb92-43a9-ada2-8d99ffae0af0%3A3%3A1 HTTP/1.1
Host: hermichermicfurnished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 20 Oct 2022 20:53:03 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://send.cm
Access-Control-Allow-Origin: https://send.cm
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17041607; expires=Fri, 21 Oct 2022 20:53:02 GMT; secure; SameSite=None
uid_id2=4edb7c4c-cb92-43a9-ada2-8d99ffae0af0:3:1; expires=Thu, 27 Oct 2022 20:53:02 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 21 Oct 2022 20:53:03 GMT; secure; SameSite=None
uncs=1; expires=Fri, 21 Oct 2022 20:53:03 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 21 Oct 2022 20:53:03 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 21 Oct 2022 20:53:03 GMT; secure; SameSite=None
slecd20bd9cc9099994d29386eab93410fd0=[3364845]; expires=Thu, 20 Oct 2022 20:53:08 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 90c6c95f188b69f02ef8f8ad8709a06c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.google.com/recaptcha/api2/aframe
142.250.74.164200 OK 513 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 487db2f635877e1cb47d6a4e12a27879
dcea3c24fa14bfa2453be30f2cb3d4e954c76b87
48a4c946508fb148df25b4fdb41fa66bd410efde12627beca3778047009bfe25
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 20 Oct 2022 20:53:03 GMT
date: Thu, 20 Oct 2022 20:53:03 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-CGxaf54MNGPse9pn3I1eww' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 9b04f881b6ebbe4f75afc278f64452da
502c82c75c4fe3f666f2203f2597fe9b12b0a101
ed137bf986b21268735d29c8cfe99685f84cc5b481c5544281b55c699237492b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6213
Cache-Control: max-age=166542
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:03 GMT
Etag: "63518478-117"
Expires: Sat, 22 Oct 2022 19:08:45 GMT
Last-Modified: Thu, 20 Oct 2022 17:25:12 GMT
Server: ECS (amb/6B71)
X-Cache: HIT
Content-Length: 279
hermichermicfurnished.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidjV1EgiYoFCCBrqAACZ939y53t6SICMHIwvkhAYUO5m%2FPg%2Bd2VjM7t2dXFhEo5VEgUa7f2bECEQIJSiJ0juTClY%2FKBa5pKBASFQW6i8XBNN97817x9L7v8x1%2FSkJ4enLtutlSWtPlS%2FWw9uqHUXS5tqYyP6gNOq2PWs3LNdt%2FI2nVw9dq70i%2BYZbjMArDKIxqK8rK1AyWpyJU%2FiiJ6klYb8b16FITA%2Ft%2F7nwARwOI%2Fil5DkpMFp8EF6H4GFnvu2vSbRQmf%2F3tnte0MBZ9sf9BtpGZMkNvDlMbIM32z9ww7njlMUy2N4sL0%2F%2FXyNSEBIePwbL9s5Bg%2Fd1ZTqYhMzDxDMr%2BGFKPoegY3NyDEscE4AI3biLrPbhhbEk3n6p0qk7I4l9%2FQpUTsvjrRWS9b69qNajdMdoXymQOg7SCGoyhumPk%2FgDF1jmo8gC8%2BBRKEGS9CkqcvNKUgrV5ky9xlsRLzQZNlqig8VJHJEmaUhnSNJwVo9QYKh1DyyGoW4B3AbwK4NMAPg%2FQEyc1HkVROxSchp2E84ZoS9YSYUTbaUSjsNWB59PsQxT5EFwPwe02cruNDTWE9T%2FDrVdwIoArCPqiQikJSkdQUoJSEZQFQdmv9oR2saseCO08i85mfDYb1cgU3R26Z4quzMhOfkouTAsLFs8fYkOe1EQcMpFwnoRJkiRNESeNTktSljSaUZiKEE5VUO4cqAuwpSbk%2Bd%2B%2BRK6On%2F0KjB7A6QNwdQHUvwRajtpxCLo%2BanZCbGX7TmaiznsQpkJeLKLYDHb0KXlhtrHG3d8h%2BdGVj9n1yR8P%2Fwa3FXJb4RP1hKCr749um5Ls3jalI9%2FfzAvVU1t0us07BS3kwtfvys3SWLF6zQ0fvsmnwhQ%2Bel%2B6Yo1mQmVdR765qoSQdsVYLslPq%2B6uZLe8W7%2FqbebztVtvraz2ciudUyYbg6oJIYdH4GpCzv%2BwNzvUFz8roewY1lfo%2BSNy9qDMAXi%2BDZfP8zuzAKvnHpYHKH01sjGbf2pFoOWcU1bB%2FYezOd5x99G1L4MW92b32bcV%2BroC1UM4vzAqcnt05ZfG7IHpYMS0DXaZtvqLp%2BU6dVJrNxohbSWXonabyjZrxp20FQlK42YrbrVoA4Wb8Pd%2BXP4HAAD%2F%2FwEAAP%2F%2FTKd%2BaXMEAAA%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 hermichermicfurnished.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidjV1EgiYoFCCBrqAACZ939y53t6SICMHIwvkhAYUO5m%2FPg%2Bd2VjM7t2dXFhEo5VEgUa7f2bECEQIJSiJ0juTClY%2FKBa5pKBASFQW6i8XBNN97817x9L7v8x1%2FSkJ4enLtutlSWtPlS%2FWw9uqHUXS5tqYyP6gNOq2PWs3LNdt%2FI2nVw9dq70i%2BYZbjMArDKIxqK8rK1AyWpyJU%2FiiJ6klYb8b16FITA%2Ft%2F7nwARwOI%2Fil5DkpMFp8EF6H4GFnvu2vSbRQmf%2F3tnte0MBZ9sf9BtpGZMkNvDlMbIM32z9ww7njlMUy2N4sL0%2F%2FXyNSEBIePwbL9s5Bg%2Fd1ZTqYhMzDxDMr%2BGFKPoegY3NyDEscE4AI3biLrPbhhbEk3n6p0qk7I4l9%2FQpUTsvjrRWS9b69qNajdMdoXymQOg7SCGoyhumPk%2FgDF1jmo8gC8%2BBRKEGS9CkqcvNKUgrV5ky9xlsRLzQZNlqig8VJHJEmaUhnSNJwVo9QYKh1DyyGoW4B3AbwK4NMAPg%2FQEyc1HkVROxSchp2E84ZoS9YSYUTbaUSjsNWB59PsQxT5EFwPwe02cruNDTWE9T%2FDrVdwIoArCPqiQikJSkdQUoJSEZQFQdmv9oR2saseCO08i85mfDYb1cgU3R26Z4quzMhOfkouTAsLFs8fYkOe1EQcMpFwnoRJkiRNESeNTktSljSaUZiKEE5VUO4cqAuwpSbk%2Bd%2B%2BRK6On%2F0KjB7A6QNwdQHUvwRajtpxCLo%2BanZCbGX7TmaiznsQpkJeLKLYDHb0KXlhtrHG3d8h%2BdGVj9n1yR8P%2Fwa3FXJb4RP1hKCr749um5Ls3jalI9%2FfzAvVU1t0us07BS3kwtfvys3SWLF6zQ0fvsmnwhQ%2Bel%2B6Yo1mQmVdR765qoSQdsVYLslPq%2B6uZLe8W7%2FqbebztVtvraz2ciudUyYbg6oJIYdH4GpCzv%2BwNzvUFz8roewY1lfo%2BSNy9qDMAXi%2BDZfP8zuzAKvnHpYHKH01sjGbf2pFoOWcU1bB%2FYezOd5x99G1L4MW92b32bcV%2BroC1UM4vzAqcnt05ZfG7IHpYMS0DXaZtvqLp%2BU6dVJrNxohbSWXonabyjZrxp20FQlK42YrbrVoA4Wb8Pd%2BXP4HAAD%2F%2FwEAAP%2F%2FTKd%2BaXMEAAA%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidjV1EgiYoFCCBrqAACZ939y53t6SICMHIwvkhAYUO5m%2FPg%2Bd2VjM7t2dXFhEo5VEgUa7f2bECEQIJSiJ0juTClY%2FKBa5pKBASFQW6i8XBNN97817x9L7v8x1%2FSkJ4enLtutlSWtPlS%2FWw9uqHUXS5tqYyP6gNOq2PWs3LNdt%2FI2nVw9dq70i%2BYZbjMArDKIxqK8rK1AyWpyJU%2FiiJ6klYb8b16FITA%2Ft%2F7nwARwOI%2Fil5DkpMFp8EF6H4GFnvu2vSbRQmf%2F3tnte0MBZ9sf9BtpGZMkNvDlMbIM32z9ww7njlMUy2N4sL0%2F%2FXyNSEBIePwbL9s5Bg%2Fd1ZTqYhMzDxDMr%2BGFKPoegY3NyDEscE4AI3biLrPbhhbEk3n6p0qk7I4l9%2FQpUTsvjrRWS9b69qNajdMdoXymQOg7SCGoyhumPk%2FgDF1jmo8gC8%2BBRKEGS9CkqcvNKUgrV5ky9xlsRLzQZNlqig8VJHJEmaUhnSNJwVo9QYKh1DyyGoW4B3AbwK4NMAPg%2FQEyc1HkVROxSchp2E84ZoS9YSYUTbaUSjsNWB59PsQxT5EFwPwe02cruNDTWE9T%2FDrVdwIoArCPqiQikJSkdQUoJSEZQFQdmv9oR2saseCO08i85mfDYb1cgU3R26Z4quzMhOfkouTAsLFs8fYkOe1EQcMpFwnoRJkiRNESeNTktSljSaUZiKEE5VUO4cqAuwpSbk%2Bd%2B%2BRK6On%2F0KjB7A6QNwdQHUvwRajtpxCLo%2BanZCbGX7TmaiznsQpkJeLKLYDHb0KXlhtrHG3d8h%2BdGVj9n1yR8P%2Fwa3FXJb4RP1hKCr749um5Ls3jalI9%2FfzAvVU1t0us07BS3kwtfvys3SWLF6zQ0fvsmnwhQ%2Bel%2B6Yo1mQmVdR765qoSQdsVYLslPq%2B6uZLe8W7%2FqbebztVtvraz2ciudUyYbg6oJIYdH4GpCzv%2BwNzvUFz8roewY1lfo%2BSNy9qDMAXi%2BDZfP8zuzAKvnHpYHKH01sjGbf2pFoOWcU1bB%2FYezOd5x99G1L4MW92b32bcV%2BroC1UM4vzAqcnt05ZfG7IHpYMS0DXaZtvqLp%2BU6dVJrNxohbSWXonabyjZrxp20FQlK42YrbrVoA4Wb8Pd%2BXP4HAAD%2F%2FwEAAP%2F%2FTKd%2BaXMEAAA%3D HTTP/1.1
Host: hermichermicfurnished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Cookie: u_pl=17041607; uid_id2=4edb7c4c-cb92-43a9-ada2-8d99ffae0af0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 20 Oct 2022 20:53:03 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 71ff6dcee2334fdad5f26c46ec8137e4
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c8d016614b86133320f44aef94d27a6c
1c87eb97a066fb68e4404eba371a5255e77c456b
1a2cabe37bd769227cc77b7eddeece8a460ce7805ab6701f36152dbf6557d5eb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1A2CABE37BD769227CC77B7EDDEECE8A460CE7805AB6701F36152DBF6557D5EB"
Last-Modified: Wed, 19 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16604
Expires: Fri, 21 Oct 2022 01:29:48 GMT
Date: Thu, 20 Oct 2022 20:53:04 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e6c3e0486533b0a2edffeca191cd7785
2d688b3c35b26c69e8490ed21ccb94dbbe5ddd27
0780ccc7e7101d6bbfb981fcfdc6e9642f49b4671e2109bde58362d5be33c5d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/16/img/icon.jpg
172.64.110.27200 OK 74 kB URL HTTP/2 cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/16/img/icon.jpg
IP 172.64.110.27:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=821, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1232], progressive, precision 8, 500x333, components 3\012- data
Hash edc025c8802080bcfb154c337fdb21a4
41d8d08c7984fcffbeeffee40e680e0a23d7f7e7
343eec76860bcb772bd3b2db18b495c7bd557cc20635141b3173c933b1df8592
GET /sb/interstitial/utility/default/blog/flip_icon_fullpage/16/img/icon.jpg HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:04 GMT
content-type: image/jpeg
content-length: 73837
last-modified: Thu, 10 Feb 2022 09:31:00 GMT
etag: "6204db54-1206d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6778105
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NYryYU47xwGqXVyAWVy1XHKRJ3YjVLriCdv4hHs%2F9Empcc0sRd9%2Fm%2Bhat7NPpDnSWF%2B%2B1ux%2BINXvmLVtNP5V84QWn8xwjh4l15O3rljBNjrXQ6IPSj6t4XjKmjEuRI4xxvY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d4a40cec1b8891-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c8d016614b86133320f44aef94d27a6c
1c87eb97a066fb68e4404eba371a5255e77c456b
1a2cabe37bd769227cc77b7eddeece8a460ce7805ab6701f36152dbf6557d5eb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1A2CABE37BD769227CC77B7EDDEECE8A460CE7805AB6701F36152DBF6557D5EB"
Last-Modified: Wed, 19 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16604
Expires: Fri, 21 Oct 2022 01:29:48 GMT
Date: Thu, 20 Oct 2022 20:53:04 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e6c3e0486533b0a2edffeca191cd7785
2d688b3c35b26c69e8490ed21ccb94dbbe5ddd27
0780ccc7e7101d6bbfb981fcfdc6e9642f49b4671e2109bde58362d5be33c5d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a0738b138f262176b9a5984a8afe3127
513e61f1dd78a6c51077165a5e5391119b9d9228
04a69025a549be2708481584eb6a6a361c5541c0490d9c42ccba8161720e6075
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/16/fonts/SFUIText-Regular.woff
172.64.110.27200 OK 73 kB URL HTTP/2 cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/16/fonts/SFUIText-Regular.woff
IP 172.64.110.27:0
File type Web Open Font Format, TrueType, length 72696, version 11.0\012- data
Hash 53d97caea7ef8a12beab745fcc5744e1
b8c70e4f67957e4f2cb809a58d84c773a3bde6d0
542772868e28df6d786b6f00f9dec929cba214d928cb013b32588485b46f8715
GET /sb/interstitial/utility/default/blog/flip_icon_fullpage/16/fonts/SFUIText-Regular.woff HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://send.cm
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:04 GMT
content-type: application/font-woff
content-length: 72696
last-modified: Thu, 10 Feb 2022 09:30:59 GMT
etag: "6204db53-11bf8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 166075
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=55FgMWqKEphKobnvA7Qft78VyMAbEFHr33B8qWIGT1U6yGRtE3FqFSJkGhVKMFGt1tG2l22Y%2FqacdxSqLez7ZpTRR%2BN5tb1bWXmaoKDGb%2Fmd1L2%2BhdOApaV8qOewH35sntQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d4a40f7a5a8891-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://send.cm
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:34:08 GMT
expires: Thu, 19 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 91136
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
hermichermicfurnished.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidjV1EgiYoFCCBrqAACZ937853t6SICMEowvkhAYUO5m%2FPg2d3VjM7t2dXFhEo5VEgUa7f2bECEQIJSiJ0juTClY%2FKBa5pKBASFQW6i8XBNN97817x9L7v8x1%2FSkJ4enL1utlSWtPllXpYe%2FXDKLpUW1OZH9QG3fZH7dalmu2%2FEbfr4Wu1dyTfMMuNMArDKIxqq8rKxAyWpyJU%2FiiO6nFYbzXq0UoLA%2Ft%2F7nwARwOI%2Fil5DkpMFp8EF6H4GFn63VXpNgqTv%2F526jUtjEVf7H%2BQbWSmzJDOYWIDJNn%2BmRvGHa8%2Bhsn2ZnFh%2Bv8amZqQ4PAxWLZ%2FFhKsvzvLyTRkBiaeQdkfQ%2BoxFB2Dm3tQ4pgAXODGTWTpgxvGlnTzqUqn6oQs%2FvUnVDkhi79eRJZ%2Be0WrQe2O0b5QJnMYJBXUYAzVGyP3Byi2zkGVB%2BDFp1CCIEsrKHHySksK1uEtvsRZ3FhqNWm8RAVtLHVFHCcJlSFNwlkxSo2hkjG0HIK6BXgXwKsAPgng8wCpOKnxKIo6oeA07MacN0VHsrYII9pJIhqF7S48n2YfosiH4HoIbreR221sqCGs%2FxluvYITAVxB0BcVSklQOoKSEpSKoCwIyn61J7RruOqB0M6z6Gw2zmazGpmit0P3TNGTGdnJT8mFaWHB4vlDbMiTmmiETMScx2Ecx3FLNOJmty0pi5utKExECKcqKHcO1AXYUhPy%2FG9fIlfHz34FRg%2Fg9AG4ugDqXwItR51GCLo%2BanVDbGX7TmaizlMIUyEvFlFsBjv6lLww21jz7u%2BQ%2FOjyx%2Bz65I%2BHf4PbCrmt8Il6QtDT90e3TUl2b5vSke9v5oVK1RadbvNOQQu58PW7crM0Vly76oYP3%2BRTYQofvS9dsUYzobKeI99cUUJIu2osl%2BSna%2B6uZLe8W7%2FibebztVtvrV5LcyudUyYbg6oJIYdH4GpCzv%2BwNzvUFz8roewY1ldI%2FRE5e1DmADzfhsvn%2BZ1ZgNVzD8sDlL4a2Qabf2pFoOWcU1bB%2FYezOd5x99GzL4MW92b32bcV%2BroC1UM4vzAqcnt0%2BZfm7IHpYMS0DXaZtvqLp%2BU6dVJrhqLDZCI7TLZWWonkgq2ssJAnnDVFt8tRuAl%2F78flfwAAAP%2F%2FAQAA%2F%2F%2FMc6uBcwQAAA%3D%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 hermichermicfurnished.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidjV1EgiYoFCCBrqAACZ937853t6SICMEowvkhAYUO5m%2FPg2d3VjM7t2dXFhEo5VEgUa7f2bECEQIJSiJ0juTClY%2FKBa5pKBASFQW6i8XBNN97817x9L7v8x1%2FSkJ4enL1utlSWtPllXpYe%2FXDKLpUW1OZH9QG3fZH7dalmu2%2FEbfr4Wu1dyTfMMuNMArDKIxqq8rKxAyWpyJU%2FiiO6nFYbzXq0UoLA%2Ft%2F7nwARwOI%2Fil5DkpMFp8EF6H4GFn63VXpNgqTv%2F526jUtjEVf7H%2BQbWSmzJDOYWIDJNn%2BmRvGHa8%2Bhsn2ZnFh%2Bv8amZqQ4PAxWLZ%2FFhKsvzvLyTRkBiaeQdkfQ%2BoxFB2Dm3tQ4pgAXODGTWTpgxvGlnTzqUqn6oQs%2FvUnVDkhi79eRJZ%2Be0WrQe2O0b5QJnMYJBXUYAzVGyP3Byi2zkGVB%2BDFp1CCIEsrKHHySksK1uEtvsRZ3FhqNWm8RAVtLHVFHCcJlSFNwlkxSo2hkjG0HIK6BXgXwKsAPgng8wCpOKnxKIo6oeA07MacN0VHsrYII9pJIhqF7S48n2YfosiH4HoIbreR221sqCGs%2FxluvYITAVxB0BcVSklQOoKSEpSKoCwIyn61J7RruOqB0M6z6Gw2zmazGpmit0P3TNGTGdnJT8mFaWHB4vlDbMiTmmiETMScx2Ecx3FLNOJmty0pi5utKExECKcqKHcO1AXYUhPy%2FG9fIlfHz34FRg%2Fg9AG4ugDqXwItR51GCLo%2BanVDbGX7TmaizlMIUyEvFlFsBjv6lLww21jz7u%2BQ%2FOjyx%2Bz65I%2BHf4PbCrmt8Il6QtDT90e3TUl2b5vSke9v5oVK1RadbvNOQQu58PW7crM0Vly76oYP3%2BRTYQofvS9dsUYzobKeI99cUUJIu2osl%2BSna%2B6uZLe8W7%2FibebztVtvrV5LcyudUyYbg6oJIYdH4GpCzv%2BwNzvUFz8roewY1ldI%2FRE5e1DmADzfhsvn%2BZ1ZgNVzD8sDlL4a2Qabf2pFoOWcU1bB%2FYezOd5x99GzL4MW92b32bcV%2BroC1UM4vzAqcnt0%2BZfm7IHpYMS0DXaZtvqLp%2BU6dVJrhqLDZCI7TLZWWonkgq2ssJAnnDVFt8tRuAl%2F78flfwAAAP%2F%2FAQAA%2F%2F%2FMc6uBcwQAAA%3D%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidjV1EgiYoFCCBrqAACZ937853t6SICMEowvkhAYUO5m%2FPg2d3VjM7t2dXFhEo5VEgUa7f2bECEQIJSiJ0juTClY%2FKBa5pKBASFQW6i8XBNN97817x9L7v8x1%2FSkJ4enL1utlSWtPllXpYe%2FXDKLpUW1OZH9QG3fZH7dalmu2%2FEbfr4Wu1dyTfMMuNMArDKIxqq8rKxAyWpyJU%2FiiO6nFYbzXq0UoLA%2Ft%2F7nwARwOI%2Fil5DkpMFp8EF6H4GFn63VXpNgqTv%2F526jUtjEVf7H%2BQbWSmzJDOYWIDJNn%2BmRvGHa8%2Bhsn2ZnFh%2Bv8amZqQ4PAxWLZ%2FFhKsvzvLyTRkBiaeQdkfQ%2BoxFB2Dm3tQ4pgAXODGTWTpgxvGlnTzqUqn6oQs%2FvUnVDkhi79eRJZ%2Be0WrQe2O0b5QJnMYJBXUYAzVGyP3Byi2zkGVB%2BDFp1CCIEsrKHHySksK1uEtvsRZ3FhqNWm8RAVtLHVFHCcJlSFNwlkxSo2hkjG0HIK6BXgXwKsAPgng8wCpOKnxKIo6oeA07MacN0VHsrYII9pJIhqF7S48n2YfosiH4HoIbreR221sqCGs%2FxluvYITAVxB0BcVSklQOoKSEpSKoCwIyn61J7RruOqB0M6z6Gw2zmazGpmit0P3TNGTGdnJT8mFaWHB4vlDbMiTmmiETMScx2Ecx3FLNOJmty0pi5utKExECKcqKHcO1AXYUhPy%2FG9fIlfHz34FRg%2Fg9AG4ugDqXwItR51GCLo%2BanVDbGX7TmaizlMIUyEvFlFsBjv6lLww21jz7u%2BQ%2FOjyx%2Bz65I%2BHf4PbCrmt8Il6QtDT90e3TUl2b5vSke9v5oVK1RadbvNOQQu58PW7crM0Vly76oYP3%2BRTYQofvS9dsUYzobKeI99cUUJIu2osl%2BSna%2B6uZLe8W7%2FibebztVtvrV5LcyudUyYbg6oJIYdH4GpCzv%2BwNzvUFz8roewY1ldI%2FRE5e1DmADzfhsvn%2BZ1ZgNVzD8sDlL4a2Qabf2pFoOWcU1bB%2FYezOd5x99GzL4MW92b32bcV%2BroC1UM4vzAqcnt0%2BZfm7IHpYMS0DXaZtvqLp%2BU6dVJrhqLDZCI7TLZWWonkgq2ssJAnnDVFt8tRuAl%2F78flfwAAAP%2F%2FAQAA%2F%2F%2FMc6uBcwQAAA%3D%3D HTTP/1.1
Host: hermichermicfurnished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Cookie: u_pl=17041607; uid_id2=4edb7c4c-cb92-43a9-ada2-8d99ffae0af0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 20 Oct 2022 20:53:04 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d8548a748883584eeddfc90e11139367
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a0738b138f262176b9a5984a8afe3127
513e61f1dd78a6c51077165a5e5391119b9d9228
04a69025a549be2708481584eb6a6a361c5541c0490d9c42ccba8161720e6075
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Oct 2022 20:53:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hermichermicfurnished.com/pixel/sbs?c=1
173.233.137.60200 OK 0 B URL HTTP/1.1 hermichermicfurnished.com/pixel/sbs?c=1
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: hermichermicfurnished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Cookie: u_pl=17041607; uid_id2=4edb7c4c-cb92-43a9-ada2-8d99ffae0af0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 20 Oct 2022 20:53:04 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.10200 OK 703 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.10:0
Hash 8474ef1eda18770a6768ff251fb38e1b
41b3f81960245d73018ff2da85dc5df2b5763e28
ea49ab23fcee96cbc1f33a5a98cd1418e72a3210b775fcff399ebfcfe0ad4111
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 20 Oct 2022 20:53:04 GMT
date: Thu, 20 Oct 2022 20:53:04 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.yourwebbars.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/16/index.html
104.26.6.19200 OK 16 kB URL HTTP/2 cdn.yourwebbars.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/16/index.html
IP 104.26.6.19:0
File type HTML document text\012- HTML document, ASCII text
Hash ff25b76cc182ae78e40b25b62b023252
fc6d6c4fb3ddd5bc09c7390087850c57fa572d23
e97eebf49773bd88ad279ca2bff62e3714c2bb42e8517bba113360aec34407bf
GET /sb/interstitial/utility/default/blog/flip_icon_fullpage/16/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:04 GMT
content-type: text/html
last-modified: Thu, 10 Feb 2022 09:30:55 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oRGg%2FmCE33X7I0cF8NylhWpUmpSqOmy1LsZiDBQQd8fd2Kj8GBir4auLuXlwApitnaAGb589CbQNQce7cN4e4dt4qQphZeJkLjn%2FzkMXruImi9Wggg0rK6VCBQQFWUZoJ9QSTNI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d4a407fb6b1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.199.35200 OK 0 B IP 172.64.199.35:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://send.cm/
Origin: https://send.cm
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:01 GMT
content-type: text/plain
set-cookie: csu=333505813061120@1@1666299181; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://send.cm
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fDw0tfJblpW5qq8qYJVFhtqQCbFVVOjecUNtUZFg7qF5vNvZxqjtSRF4nnqamUGTqOPG%2FAM5m90agK%2FD6zNwLOSazsEj777%2Bgpq%2BCcs3RTGmt8l6SRDcX%2F7%2FMPkO0eQ7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75d4a3feeee206b2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/16/img/close.svg
172.64.110.27200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/16/img/close.svg
IP 172.64.110.27:0
GET /sb/interstitial/utility/default/blog/flip_icon_fullpage/16/img/close.svg HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:04 GMT
content-type: image/svg+xml
last-modified: Thu, 10 Feb 2022 09:30:59 GMT
etag: W/"6204db53-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6778105
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6jgFOKsYPRVzaGbc5JVroB0%2FKfVG1isksoAKiRCw5myQIMVl22KNQGwDG2IQFvNLkrXm3yZbsgFA6%2Ffiv0j5KibNTBrYmVXrkyRoHeU%2Bc4P2xhgyAdD4cX0hLwR7efDsn%2Fk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d4a40cec188891-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
send.cm/wdmov8rsawri/VA_-_Eurovision_Song_Contest_Rotterdam_2021-WEB-2021-ZzZz.rar
104.26.2.171200 OK 0 B URL HTTP/2 send.cm/wdmov8rsawri/VA_-_Eurovision_Song_Contest_Rotterdam_2021-WEB-2021-ZzZz.rar
IP 104.26.2.171:0
GET /wdmov8rsawri/VA_-_Eurovision_Song_Contest_Rotterdam_2021-WEB-2021-ZzZz.rar HTTP/1.1
Host: send.cm
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:00 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=0;includeSubDomains;
expires: Wed, 19 Oct 2022 20:53:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
cf-cache-status: BYPASS
set-cookie: lang=english; domain=.send.cm; path=/
c_7hyj5tegwm4sd1=wdmov8rsawri; domain=.send.cm; path=/
aff=1623; domain=.send.cm; path=/; expires=Thu, 03-Nov-2022 20:53:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wi9ESAYKZVR6RaMT6UJReLsPoYvH4PLhdYSO1%2B8%2Fd6s56gxWw%2FjGxQOK4vIbWW%2BJrSALI0zcAb9OfGtbKvWY%2Bo13ftml1pBy%2F9HIwR38i2eipAKxHgSpw9c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75d4a3f45d46b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.199.35200 OK 0 B IP 172.64.199.35:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://send.cm/
Origin: https://send.cm
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:01 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://send.cm
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4995
last-modified: Thu, 20 Oct 2022 19:29:46 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E3LCaiH1qOCVYA1GXIrVjZLYeWxNoDZJyVlvArgE6XSa8EDYEw6HWslNp3ghZ8Jak1ZFqjyP%2BRLsK%2Fj92TDJARw2abPyOhgL9oPcXNZ2fz%2BDc1H24bYvgSiHZpOUtwG3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d4a3fedec806b2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gloaphoo.net/401/4856335
139.45.197.239200 OK 0 B IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /401/4856335 HTTP/1.1
Host: gloaphoo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 20 Oct 2022 20:53:01 GMT
content-type: application/javascript
x-trace-id: 0ce2a796ad598b6ad40fff3c0c027384
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=8d186f75f4194ff7a8a3d997f2cc1702; expires=Fri, 20 Oct 2023 20:53:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
www.cloudflare.com/cdn-cgi/trace?format=json
104.16.123.96200 OK 0 B URL HTTP/2 www.cloudflare.com/cdn-cgi/trace?format=json
IP 104.16.123.96:0
GET /cdn-cgi/trace?format=json HTTP/1.1
Host: www.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:01 GMT
content-type: text/plain
access-control-allow-origin: *
server: cloudflare
cf-ray: 75d4a3f9eb6cb4f1-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/16/css/animate.css
172.64.110.27200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/16/css/animate.css
IP 172.64.110.27:0
GET /sb/interstitial/utility/default/blog/flip_icon_fullpage/16/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:04 GMT
content-type: text/css
last-modified: Thu, 10 Feb 2022 09:30:57 GMT
etag: W/"6204db51-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 46928
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JR5ciB4AMr0qsnWzeu4gdXb4FTL4H155Zm52Mk%2BYx2GQI5L3utX6CIT%2B3gimue3Msb7fjnalNhaGsoxYpDwjjm3dzRrS4DuGw216%2FoRqSJcpXM9XvMP2D44ls21cQnuy4kA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d4a40cbb9a8891-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
secureads.increaserev.com/InvalidAds/checkblock.php?ip=91.90.42.154&domain=send.cm
104.26.0.126200 OK 0 B URL HTTP/2 secureads.increaserev.com/InvalidAds/checkblock.php?ip=91.90.42.154&domain=send.cm
IP 104.26.0.126:0
GET /InvalidAds/checkblock.php?ip=91.90.42.154&domain=send.cm HTTP/1.1
Host: secureads.increaserev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-security-policy: upgrade-insecure-requests;
access-control-allow-origin: *
x-varnish: 23588245
age: 0
x-cache: MISS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0GNvwL1ilwkhw7hmfuEpVkkx56cEqmKUPQ5I7y%2BJaLcW5Nl90TMZPN4RCw12cBKwO0zoxrSIdhhsZChJi8c%2FRb%2FxYXHolKEZebf%2Bg0%2F2VkJOrnak11V04ms0GgG2exqtCBGjGO6TrtWjbyw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75d4a3fa0967b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/16/css/style.css
172.64.110.27200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/16/css/style.css
IP 172.64.110.27:0
GET /sb/interstitial/utility/default/blog/flip_icon_fullpage/16/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:04 GMT
content-type: text/css
last-modified: Thu, 10 Feb 2022 09:30:56 GMT
etag: W/"6204db50-15b8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 166075
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JrVzmdU71NAd0uNRRqmcmqog2CtAwJ%2Bra3pwUI8TddoAnSxVoZOwoxjTIn0M3oy06muTNrrug0IHRZYKmSwAoIoOfeflj%2BAEeNMcN%2BKSVSAf3Xd5vBd%2FuNfi3ksNOGw5VN8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d4a40ccbac8891-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/16/js/script.js
172.64.110.27200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/interstitial/utility/default/blog/flip_icon_fullpage/16/js/script.js
IP 172.64.110.27:0
GET /sb/interstitial/utility/default/blog/flip_icon_fullpage/16/js/script.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://send.cm
Connection: keep-alive
Referer: https://send.cm/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 20 Oct 2022 20:53:04 GMT
content-type: application/javascript
last-modified: Thu, 10 Feb 2022 09:31:01 GMT
etag: W/"6204db55-18d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 166075
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZlgBg3dB3Z339VuEwTRohBHWi0sctEEGw%2FN7o9UseIsLt4r6G5Y7jyB1swVbEi%2BJhSDvhcFF11PiYSL5Ljvtp2nG8zrqEt25ZVsi0StnK3%2B6TAj5Fb%2FBYigFM0VzuyQ2ZvI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d4a40ccba68891-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2