surl.li/img/pc-rouded-icon.svg
104.26.5.19200 OK 28 kB URL GET HTTP/2 surl.li/img/pc-rouded-icon.svg
IP 104.26.5.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type SVG Scalable Vector Graphics image
Hash 7005e41f692583c19abac0a7fd5b7c5f
bda49cd99401420d490a32f2f547e4ddd43b7300
2f9e711abfb70ec1515ded7f4c18c9208b1325f53b551698b90fa4664542ceed
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/pc-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: W/"66213285-4f3e"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AQSom%2FhyXDjGKTfuXGIuOJCFiVgoys1F0V5d2w734ti5D2VJ9Vk1EkECTiwr6d34jM5LManbRl0ttZmHwQn6MB1UI5EeLQL1pRyGXiTbby5qAleGq2%2FUhKw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833948b77569a-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/img/gears-rouded-icon.svg
104.26.5.19200 OK 140 kB URL GET HTTP/2 surl.li/img/gears-rouded-icon.svg
IP 104.26.5.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type SVG Scalable Vector Graphics image
Size 140 kB (140183 bytes)
Hash aecbc06e12760ff4f4334696cb12f70f
479d2ba236eeb0c524d10d2681beaf890b154604
b08ee81fa51d661b5c24460f41bb2ee09eeb5157c9426c6b3b83d7ada262473d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/gears-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: W/"66213285-e1f"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=irNI3WyFvKiA0ftgeW1XSLgvEAOIJx9hE9ZJsh1XcrW5bPpgp%2BloAQedc45nvgXszREjC0xN3ElQhW0r31SG%2FS%2BzF6Zi44r7iYykvXlVsDdbWRUoLnFNNF0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833948b79569a-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/img/planet-rouded-icon.svg
104.26.5.19200 OK 132 kB URL GET HTTP/2 surl.li/img/planet-rouded-icon.svg
IP 104.26.5.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type SVG Scalable Vector Graphics image
Size 132 kB (132202 bytes)
Hash 7a6de872239474d5c24060e4d6b89bae
9c921e59d96e37770aad1045ba2900e233d5b657
6c847af4400d327ad6a64ae87c50f6990011348f1cbbe293de44b7bc283eb379
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/planet-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: W/"66213285-1574"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sTgjHvzLNWLeHLblTTGVXKjSnWZHqthoJhzXOArMSB1hBvSFEP%2BjoeaqArg9Tj9%2BbhYtt4lOA1RKNnON724VBrRHS2PwBzfYG1zQDsi%2B5jIxtfrj%2FBDLqek%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833948b7a569a-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/fonts/rubik/Rubik-Medium.ttf
104.26.5.19200 OK 116 kB URL GET HTTP/2 surl.li/fonts/rubik/Rubik-Medium.ttf
IP 104.26.5.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409
Size 116 kB (116056 bytes)
Hash 4dd3023b03ba2b68d4b9da9176b7285a
d734c149587c12d9083c03bc90009c84b52aec78
ce40d27c6c90b990229510c46115ec852237276e1aa09cdebffc6ae085b1d1e2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /fonts/rubik/Rubik-Medium.ttf HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: application/octet-stream
content-length: 116056
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: "66213285-1c558"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UV1hubZCPBuHzW4deBs%2B84lez%2BEO4nbHUesSUHZZL9S9ndynfYJdMFXUFUJ359kKPojzvhLWJR79FAwpPNzJx8i3KoUEmhZtTjnEGY8bQLwYCK7c6TUga9Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833955c02569a-OSL
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=https://t.me/LR_game_queen_0106
142.250.74.100301 Moved Permanently 344 B URL GET HTTP/2 www.google.com/s2/favicons?domain=https://t.me/LR_game_queen_0106
IP 142.250.74.100:443
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintCC:CC:99:46:65:6C:77:0B:C8:AA:AD:5E:58:B6:2D:19:B2:C7:0B:06
ValidityMon, 04 Mar 2024 07:19:07 GMT - Mon, 27 May 2024 07:19:06 GMT
File type HTML document, ASCII text, with CRLF, LF line terminators
Hash 0c93a6eed052c9b7405e3b636e8927ff
8084f8e0ec6dc8a0c5483b0d055dce7794e111c5
cc4b95215011739b1d41dfc490b82e92f8930052efede56d87f3c92f0bb1a999
GET /s2/favicons?domain=https://t.me/LR_game_queen_0106 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
location: https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://t.me/LR_game_queen_0106&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 18 Apr 2024 22:48:17 GMT
expires: Thu, 18 Apr 2024 23:18:17 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 344
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
web-screen.com/storage/screenshots/2024/03/acc08714-ba87-40c1-8eab-c43f64cb6db9.png
104.21.20.132200 OK 385 kB URL GET HTTP/3 web-screen.com/storage/screenshots/2024/03/acc08714-ba87-40c1-8eab-c43f64cb6db9.png
IP 104.21.20.132:443
Certificate IssuerCloudflare, Inc.
Subjectweb-screen.com
FingerprintA2:90:6A:2E:A9:56:79:71:CC:53:5D:F0:D7:0A:ED:BB:54:19:F9:A9
ValidityMon, 22 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File type PNG image data, 800 x 800, 8-bit/color RGBA, non-interlaced
Size 385 kB (385289 bytes)
Hash 46514ea7a5f7c1560caedee2fbf173f5
a1ac2ba4f9f9dc8abe01cb129cca5d75090c37f7
6619a587a97b9854431f0000d932cdeace7a7f0b16c6cc45a448b53914d8358a
GET /storage/screenshots/2024/03/acc08714-ba87-40c1-8eab-c43f64cb6db9.png HTTP/1.1
Host: web-screen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: image/png
content-length: 385289
last-modified: Thu, 28 Mar 2024 14:17:55 GMT
etag: "66057c13-5e109"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7SOhOEgjYE2UlbUMvT1CcGTprVV1jaDD85SHnGTuCkSCVJhofvz9CXi2SZrzk8VhXsMq70fFN5X9FWeq52kQDVGnnn4siR6cZ3keoBlXn9ccQQbRmogrV7JEhvWEbMx7Tg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833970e1db4eb-OSL
alt-svc: h3=":443"; ma=86400
t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://t.me/LR_game_queen_0106&size=16
172.217.21.164200 OK 325 B URL GET HTTP/2 t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://t.me/LR_game_queen_0106&size=16
IP 172.217.21.164:443
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Hash 7d9da589fc799850f6d70bc4164098b8
503630487f4d3aef60fedd4f6fa10a6f6932701c
7dd8012f6e461c3da9ded542f7542fe98aa9e52c41b00f176d51de4cac47d140
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://t.me/LR_game_queen_0106&size=16 HTTP/1.1
Host: t0.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://surl.li/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://telegram.org/img/website_icon.svg?4
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 325
date: Thu, 18 Apr 2024 22:48:18 GMT
expires: Thu, 25 Apr 2024 22:48:18 GMT
cache-control: public, max-age=604800
last-modified: Thu, 07 Sep 2023 19:46:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
surl.li/css/app.css
104.26.5.19200 OK 28 kB IP 104.26.5.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type Unicode text, UTF-8 text, with very long lines (65305)
Hash fe365dbe3eae340f056236a1bd3c3bfb
0f33b3da6a8cf61a1678a4d163cc5c6792502e6f
af0aa34df3fa81b0c4b798d3ad818d8b7188a03a0a75fa79a830e2c0c1a78061
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /css/app.css HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: text/css
last-modified: Tue, 09 Apr 2024 12:14:36 GMT
etag: W/"6615312c-27950"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1hQ%2BTaxnE%2BBLxwTxWDPbcbMmeCWbtfK0%2BPVhZLCkMb9t1a%2BHFHEWKSzuIG2Of2vWoo8yOFwih7CvvwHw9RBrDFDaKyzbGw2m7KDp9Y7m1%2FiXFfySdn7rAEg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833948b67569a-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/img/surli-logo.svg
104.26.5.19200 OK 14 kB URL GET HTTP/2 surl.li/img/surli-logo.svg
IP 104.26.5.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type SVG Scalable Vector Graphics image
Hash 482601fd25a8410e0868ce1e178cbaea
79a25cfa623613a31fc7d3813cfa9a223b54b2a8
f389fb51afbd8077d4e8e260bf820115f7111c246e02cc4aab081c5317c56db6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/surli-logo.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: W/"66213285-233d"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NfYWe%2ByGja1kwL9nqbjljt9bhy3XNWVsaRVoDWVXOebj6ETGj%2BYFv6bQd2o6DSXABLswnlg7rf0CknQ4%2Fa2iTMlnq5zdD%2FAOjnYpW0Yywz8DeAzVJKnLE6U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833948b6c569a-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/getPreview
104.26.5.19200 OK 8.3 kB IP 104.26.5.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type ASCII text, with no line terminators
Hash b5f8b7bc5d48582ddbe36904364462ed
96a0c8ebdaad43bb17ed91685a7a76ddad32826e
2b12d3381f934eb813d49acd63f32a13a095eaceeee270a356684fe87e2a7a02
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /getPreview HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-CSRF-TOKEN: YbaJ4rPRuDXbJkMVAZhWuTQTF04Zt2WqPmo7N2xy
X-Requested-With: XMLHttpRequest
Content-Length: 43
Origin: https://surl.li
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: application/json
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IkFwZVVNZzlwZmhHMC9xNXFPeStORGc9PSIsInZhbHVlIjoiTUlLNmhwY21ITEE5YWZNMTRYZGNLUGVBNWpaclNhVnQ5R2xGL0dQTC9uNGNmZldCMkVxVEJHTFhhbktDKzRUcEVKeTNxaUxydE5hQXBsa1FPbGNaa3hYYVlmQUZMZWlsZU94UUYrWnFWclJ2a1J6RWNKc3pRTUYvM0JzOXhQL3giLCJtYWMiOiJjODRmYzIyYzIyYjg3YzRmYWU0NWUzNzM2MjM1ZmViNjI2NjUwNWRmZjlmZjQxYTQzMTllMmRmMDllYWFmYzFmIiwidGFnIjoiIn0%3D; expires=Fri, 19 Apr 2024 00:48:17 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6IlVsUkNvNWVMd0ljYXRrZWd5amg5NVE9PSIsInZhbHVlIjoiUUxtY2IzZ2xpZnNhbVNwWFNNN2J0QjZONnNuSTR5QXdhcWcwb04xaWdCNmtGY3EwWllSd3pBTWx4UlEyY0E4eUx5Y2djS2VPV0xDZWFOUkZya3dEZ01SMVBBL1FNakJlZy96aUhBeTd0R1lJQjBkc3ZaVEwzRUlzUmxicFpkeTciLCJtYWMiOiJjMmMwYmZjMTZlY2FmMzYyMWQ3Y2M0OGU0YmYyYzg2NjQ5ZmI4YmZmZWRiZDZlMWRlZmM2OTc0Y2IyNGQ3ODJiIiwidGFnIjoiIn0%3D; expires=Fri, 19 Apr 2024 00:48:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8uNWFrDoupsfn8GD78%2B5IgdMm3gRF7m3p6h55XwDiYu%2BzYIfwx6jVea7V1F262kiyCWToF%2BXUVPAyBwyin3AwbTon7wg5w60NL2EwIMCjrOyFTmE6i8MAws%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876833958c1a569a-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/img/favicon.ico
104.26.5.19200 OK 15 kB IP 104.26.5.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Hash ec9741289f19f212fd2ffb2dda1df05c
9b97a75a795b848f086f75db50903dd15954a573
13c9447a56e92641eff376880ff848e6e8e25719f721421f9b276a9b152753d4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/favicon.ico HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: image/x-icon
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: W/"66213285-3aee"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=do56obP0y64dMecj73%2F%2BuGO6mbl%2Fv998U9flkhrtdInvR%2BQ%2FH4mYgqMkEBt4Hk61FH6VVoKC96gq5I9RTACihDIGsxCXb8ezcoJjtkXLuRm2lSmymuYOsdk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87683396dcfb569a-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/js/app.js
104.26.5.19200 OK 191 kB IP 104.26.5.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
Size 191 kB (190893 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/app.js HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 17 Jan 2024 14:23:01 GMT
etag: W/"65a7e2c5-2e9ad"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LBUjCnHfsM%2B3WVscPdKPFkUzfGQ3S6SAPczhxDt71HjmJgAK5QorIhycPL2K4Lm%2BbdCFc4ftgfVs46PYwIbUWD%2FTk%2Fi6hSJM7dJ95LyTXlDjKMD1C2ajwmw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833948b7b569a-OSL
content-encoding: br
X-Firefox-Spdy: h2
web-screen.com/img/plug.jpg
104.21.20.132200 OK 14 kB URL GET HTTP/2 web-screen.com/img/plug.jpg
IP 104.21.20.132:443
Certificate IssuerCloudflare, Inc.
Subjectweb-screen.com
FingerprintA2:90:6A:2E:A9:56:79:71:CC:53:5D:F0:D7:0A:ED:BB:54:19:F9:A9
ValidityMon, 22 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File type PNG image data, 1280 x 720, 8-bit/color RGB, non-interlaced
Hash 6448aca5739995f3b9c1b3c5e50ce7a0
f50fa07327f55f864a42698fd8fa86270f35da9b
856f999ea580bfa2f03ce5872b848246a66492f17675693e2f429938250d231a
GET /img/plug.jpg HTTP/1.1
Host: web-screen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: image/jpeg
content-length: 13510
last-modified: Mon, 29 Aug 2022 13:27:44 GMT
etag: "630cbed0-34c6"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3587
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vNm295MSQVIeo5A3%2Bm9%2FuWPolmV9gJ3wQerOt2w%2FC9q%2BCPJ0UnZ9qWW6gvUR44FaSlarGE8LbaDomtftXQkIDc%2FUNA9eHE3l2qXK5qcqCrE0kW25ic8kPHJBWbHtWkwv4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87683394ff5b568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
surl.li/fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea
104.26.5.19200 OK 139 kB URL GET HTTP/2 surl.li/fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea
IP 104.26.5.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type TrueType Font data, 17 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2016 The Nunito Sans Project Authors (https://github.com/Fonthausen/NunitoSans)Nunito
Size 139 kB (139168 bytes)
Hash 4dac705158fb1ca226d583b3829f82a0
771b9299e1d5d4239c032c7d4243a6f9343f89c4
7acb3e456d98d55be401bb07a32c9cb04e074de37bd58932b11bcf0fe9f59ab0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: application/octet-stream
content-length: 139168
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: "66213285-21fa0"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EpZ8R0ZDRNRaHPvdt47U53dwVXWkck8bkfjHFlyDz5L8I66J3zVsPCyu55VyN2OeLZR%2BmBHAxIyAwa557DA0aIG%2BcE6K4kVxfvsu3roQ7OPVlitY4nuOTY8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87683394fbd4569a-OSL
X-Firefox-Spdy: h2
surl.li/fonts/roboto/Roboto-Regular.ttf
104.26.5.19200 OK 130 kB URL GET HTTP/2 surl.li/fonts/roboto/Roboto-Regular.ttf
IP 104.26.5.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularhtt
Size 130 kB (129584 bytes)
Hash afe8eacfc0903cc0612dc696881f0480
ba879317acdc045b8fa78cb8f948650627d0477c
7277cfb805def6410f317129b8e1f78bdd47d1a4e24c233077d06e88a36e57ae
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /fonts/roboto/Roboto-Regular.ttf HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: application/octet-stream
content-length: 129584
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: "66213285-1fa30"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=07Esf6lnBaZH4b8K3fJ60OH87EmJcLWKR1KpmpKk5G1iFk6wRHZ6Doz01olOCmwCCOeNil7ntYcOsBTQGDAUVwLbUx1BN28u72CPNx0zC5pMOH5BeGgHFTo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833950bd7569a-OSL
X-Firefox-Spdy: h2
surl.li/getMetaInfo
104.26.5.19200 OK 59 B IP 104.26.5.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 94a2aef30f94a79ea7db90788223c580
5792a3f8cb223d02cafd8af00bdbfcd1404c96b6
fc1d48cb6bd2e225fdbf0a2a5d9e888b2bcebc8dd1d00c54478312f18a192cdc
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /getMetaInfo HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-CSRF-TOKEN: YbaJ4rPRuDXbJkMVAZhWuTQTF04Zt2WqPmo7N2xy
X-Requested-With: XMLHttpRequest
Content-Length: 43
Origin: https://surl.li
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: application/json
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImNEVDM4MU9iMFptWTZRREtINlN5NGc9PSIsInZhbHVlIjoia2M1eHNTdFBWYU9pS3Y4T3NUa3VudnBHaUcrdnV4ZnRPaFoxZ1VEc3lzY1g2d3BUZ1F0Vk0rYUV6UXNWUjFjc2gxUUZaU1JES09XWGZMaHB2QmJqZ204cXNocDRLKzhuTDFTTXpUUkgzWkJYdmdTZXZXOTM2ZTdFVmN6alJ3cEkiLCJtYWMiOiI5N2QzYTMyNGM0OGNkMzc5YWEwMWE3NWNmNmQyYTFmMDY3NmI0NmNjYzY5NGQ5Y2EwMmVlMmIxMWM1ZTRkM2M5IiwidGFnIjoiIn0%3D; expires=Fri, 19 Apr 2024 00:48:17 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6IkdkZXNFeldhcXBidC9KMUZnSUhaeFE9PSIsInZhbHVlIjoiaVB5a3dRNGNGT0cyVkJhN1RnUkNvVEtueWdqNjZtcGxSaDF5TDhVOHlsL2kxT0J3eG9QOUovNHlUZTFNWEZ5VnIrV3plZTFTK09ITHFubFdKWGY3WXpaVWlWRTdVeGx2RXB0VjBSZEwrT0JyclVMOWVSbTF3T1poTTZWSk0zMjAiLCJtYWMiOiI3OWM0ODk2N2QyM2E4Y2YzYzYwNTRiYzA2M2ViZTkyOGI3NjQyYjgwZmIwODQ0ODBmYTAzMDRkZDI0NmE1NTk4IiwidGFnIjoiIn0%3D; expires=Fri, 19 Apr 2024 00:48:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gObZ6w6IQtfWDKm%2B%2FKKukt%2FIsD27dZ1dRTCxZInNToENDcUZ4pvlQd%2F5e%2Fp0XvphIlhSgIBlWzLs0NjQbqOMjt9cRiGhuhCBw%2FYCt3cioeMAk%2FrYKdwLOXo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876833958c1c569a-OSL
content-encoding: br
X-Firefox-Spdy: h2
104.26.5.19200 OK 13 kB URL User Request GET HTTP/2 IP 104.26.5.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /safau HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: text/html; charset=utf-8
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; expires=Fri, 19 Apr 2024 00:48:17 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D; expires=Fri, 19 Apr 2024 00:48:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GOBlYVf0jRct2UbxL8YjF7uq%2FBqwDHekXUXQFs1rWteq18GTO0ywa79I9RFaV0QdgWoVBwJPyZOR85HehpoWmYf6VAAZGbF%2BJqseOGLuPqrLlwTOKJ6SajQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87683391fa29569a-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/js/preview.js
104.26.5.19200 OK 90 kB IP 104.26.5.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/preview.js HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 17 Jan 2024 14:23:01 GMT
etag: W/"65a7e2c5-160f5"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jccLxxhy7pf1XpjUx7DNFXO5HmcOnWlS41RAfl1sO4Iaf26Vaqt6BalvfMKrKjaQWpTaTlAoWy8mLidZUm9sbe9k43AKbzHT%2Fy2O0Gaot4owzZbagmiexic%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833949b7d569a-OSL
content-encoding: br
X-Firefox-Spdy: h2