usaupload.com/5zse/ganpower.7z?download_token=2098749686dbf7e0dd0235eea5780fd848b499d9d01160d8373a2e82a99ce885
65.109.18.14301 Moved Permanently 162 B URL HTTP/1.1 usaupload.com/5zse/ganpower.7z?download_token=2098749686dbf7e0dd0235eea5780fd848b499d9d01160d8373a2e82a99ce885
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert quad9 Sinkholed
GET /5zse/ganpower.7z?download_token=2098749686dbf7e0dd0235eea5780fd848b499d9d01160d8373a2e82a99ce885 HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 06 Jan 2023 17:50:01 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://usaupload.com/5zse/ganpower.7z?download_token=2098749686dbf7e0dd0235eea5780fd848b499d9d01160d8373a2e82a99ce885
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 326898eb925368408f6f42ee173b9d89
b8b20ee34b7e7b139e7729b8e46a54ea25f54ac8
96c2c75f700ab55649882111713ca3cfb2eaf08e404c2bc245a641dc12ae168a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96C2C75F700AB55649882111713CA3CFB2EAF08E404C2BC245A641DC12AE168A"
Last-Modified: Wed, 04 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9326
Expires: Fri, 06 Jan 2023 20:25:27 GMT
Date: Fri, 06 Jan 2023 17:50:01 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ce8af3d72e7e9af609039abee59c8b87
8e1b16591fbc632df35f15e23da55ee86af31bc3
52edddbda4a3a3b778f61a491b21e6ea439e9d8024189e636b1f37b2dd7226fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52EDDDBDA4A3A3B778F61A491B21E6EA439E9D8024189E636B1F37B2DD7226FC"
Last-Modified: Wed, 04 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12186
Expires: Fri, 06 Jan 2023 21:13:07 GMT
Date: Fri, 06 Jan 2023 17:50:01 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 06 Jan 2023 17:48:03 GMT
content-type: application/json
age: 118
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash da484f5e9c6805745e063b236fb81473
ae454bf4a7ae0e96935afc81ee0f89c049097b15
068d0da23acbe7f6b600c4e7dbe9c81d3ad78c8afd122255bbf3550e8a290686
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "068D0DA23ACBE7F6B600C4E7DBE9C81D3AD78C8AFD122255BBF3550E8A290686"
Last-Modified: Wed, 04 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3029
Expires: Fri, 06 Jan 2023 18:40:30 GMT
Date: Fri, 06 Jan 2023 17:50:01 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: BhHSnZSO1IV0e7ci958TuJpc8BRRRY78HvcSDAEGykV+qHZDyOuMYQh/rVOTQhtgu1xqJpBB0u8=
x-amz-request-id: 99CH4PT8KDREA7J5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 06 Jan 2023 17:02:16 GMT
age: 2865
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:01 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/bootstrap.min.css
65.109.18.14200 OK 77 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/bootstrap.min.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (65324)
Hash bc48830f50049b0cbbe3dd417755a347
e5cdb6545f9b4bce4eeda78f64a714e2de4d0e09
7d56baeec9679114562cdc56d3f28cb9a43263cada11b1f64809851e7a8b1419
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/bootstrap.min.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: text/css
content-length: 76917
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-12c75"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/stack-interface.css
65.109.18.14200 OK 3.1 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/stack-interface.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash 6406d626f8bfc1e6815698bfecf9a2f8
a918901be3ab1b9bb4ce9980db521eb4731bb82b
f620d1bf10d3f45a7b19edd4f863090c5dd5031411918508493634c4018e81b7
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/stack-interface.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: text/css
content-length: 3082
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-c0a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/socicon.css
65.109.18.14200 OK 9.3 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/socicon.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash b23fff7d228bbe8796ad8b3d280e3401
1a9861031bda4d3c1cb58564107d8b777982750b
17beb90ae4f385180d6b7d184dcb640ccd2a360e4ee03af0254c83b00ef87202
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/socicon.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: text/css
content-length: 9283
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-2443"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/lightbox.min.css
65.109.18.14200 OK 3.7 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/lightbox.min.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash 40cab6b747df96a8a66f5c0ac4e034dd
85dd24bc614fb1ecaeb873f4e686213aa53927c3
798da60d899fcd9aa5074834d88b63c398dd72af5711ed48d7f68dde8dc8db5e
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/lightbox.min.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: text/css
content-length: 3668
last-modified: Mon, 28 Sep 2020 14:26:46 GMT
etag: "5f71f2a6-e54"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/flickity.css
65.109.18.14200 OK 2.4 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/flickity.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash 5439695b076327f53edcda86d192856b
d938327051f0bf044bc65b68721ad3193bd2ef12
1709404c1e9beb94953cc95fcc3477e7cb4213e03bfe9bbe0f8a37877c1c6e42
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/flickity.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: text/css
content-length: 2392
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-958"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/jquery.steps.css
65.109.18.14200 OK 5.6 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/jquery.steps.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash a0ed38e9ba9498867df1f62407377def
6d2278f924b80328695e8fe5213b252ae499fc77
70110803124af60b1e1dc1ea3c0408353947b4a0d7000f47873c85287de875d5
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/jquery.steps.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: text/css
content-length: 5638
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-1606"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/cookiealert.css
65.109.18.14200 OK 12 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/cookiealert.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (11486), with CRLF line terminators
Hash 3d2946aeae3cc8f43e2acf82ea029bd4
c25a0bd445ff9e6034d34e8f388f5565515a2783
705d9fc8952ac3bf3d9300e3d9ea6753284cdd920c34be0213ec8bc862df7a28
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/cookiealert.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: text/css
content-length: 12369
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-3051"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/font-awesome.min.css
65.109.18.14200 OK 59 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/font-awesome.min.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (58929)
Hash 66e407beb68fdbb8bacd87d91ddf7829
5ed55601e30871fb757dc4b78a40a432f9a3600b
eb98a660b34391ce502005c6b8553af83defcf0832489134efb499498051d1d9
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/font-awesome.min.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: text/css
content-length: 59115
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-e6eb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/css/custom.css
65.109.18.14200 OK 8.9 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/custom.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type assembler source, ASCII text, with CRLF line terminators
Hash 65417cde74809cb9b9e66d0ab4adc448
9729ccac013729aed790fdc25d71d858f50a137b
c8dee41785c1f45859a70f3bb9a65b3cba83d866dd46ca0096d07067fec9d280
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/custom.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: text/css
content-length: 8936
last-modified: Thu, 04 Feb 2021 16:28:50 GMT
etag: "601c20c2-22e8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e5782ef491c4bb5e1dc5245aed1640b7
2a34a0380e837befa2d6f2ba794c58fca083302a
88fa0e25126e72bd99d8333a8093ad8fa9d2ada9f2012bc64af23c5a7dd143a3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e4fdd703d4ebb3209cd70c0ffd234da1
2e3a0a6fe0e63d2991e4b8726d5a2c21406a0dc1
ff40f371b1ebac1fbc0e809a0e85f500977372f25e8a72eda450083755fef11d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 623e85ff33837eb6c59e11ae2759237a
cea1948490802e652e7f6678dc76694e0d6ab61a
1fb30f3579d3277435c860f472008bea3680db1202d838ad4669d943ec88ba65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
usaupload.com/themes/spirit/assets/frontend/css/iconsmind.css
65.109.18.14200 OK 96 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/iconsmind.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Hash 39aa385af1cfd640bac73a09de3ac9fe
6d17dff21d04138cd8ab3ef9dfe1eae79994834c
0909de268b3276cb7464acb2f86701f62974a893dd374312908a3f8efc363438
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/iconsmind.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: text/css
content-length: 96447
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-178bf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-163791795-1
172.217.21.168200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-163791795-1
IP 172.217.21.168:0
File type ASCII text, with very long lines (1759)
Hash 41727d0f89cd793f62b5ee2f0c4a3334
e88166059b986009ae0ab5b2ff0adfaf25a0465e
5f9745edf5682d7204e8466b2f597c4695c9a1ed3bcb67be294fc74f6802da43
GET /gtag/js?id=UA-163791795-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 06 Jan 2023 17:50:02 GMT
expires: Fri, 06 Jan 2023 17:50:02 GMT
cache-control: private, max-age=900
last-modified: Fri, 06 Jan 2023 15:47:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 45275
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i
142.250.74.74200 OK 1.5 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i
IP 142.250.74.74:0
Hash 9dc1d85ce2df2fc6ae8f3a3077bfcd8b
4b8a25b69d30e76b1322cc638c3282dc752a7c65
7a3b28dd0cb9e7b38b29cd6ba22ec35b5abea4891ced8d8ae5b02067aff11c9d
GET /css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 06 Jan 2023 17:50:02 GMT
date: Fri, 06 Jan 2023 17:50:02 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 623e85ff33837eb6c59e11ae2759237a
cea1948490802e652e7f6678dc76694e0d6ab61a
1fb30f3579d3277435c860f472008bea3680db1202d838ad4669d943ec88ba65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
usaupload.com/themes/spirit/assets/frontend/css/theme.css
65.109.18.14200 OK 197 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/css/theme.css
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type assembler source text\012- assembler source, ASCII text
Size 197 kB (197080 bytes)
Hash 0070ae7b5bb75d59ef0f36de1f3cb4b4
58b9bcb364df74184f35e8dc0231b3573cb9c332
db7c96fb23e5c19f26d7de6f407cef6c779c2a207c8c2e16615e8e9b3e89efd8
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/css/theme.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: text/css
content-length: 197080
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-301d8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/flickity.min.js
65.109.18.14200 OK 54 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/flickity.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (32032)
Hash 81a84001ccd9bdd589d1b4f187311b15
5cdf8cb0d97b5b16a5f812e1541ad387a7cb8af5
5a28889b1faf91d12eeb5b5d173c50135eefd7fdc29a951b365340cf473bd9b2
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/flickity.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 53861
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-d265"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/typed.min.js
65.109.18.14200 OK 3.9 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/typed.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (3949), with no line terminators
Hash 2f6185a8a32a50b2b3e04849f44359d4
0e5501588c5c0d1c9462f34b0d56c21abff5bfef
914df93a9770d8a0e132b6ce3e8f1cfba0e0fae8f3b9002a3f0eb47c3d0cc97b
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/typed.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 3949
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-f6d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/datepicker.js
65.109.18.14200 OK 21 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/datepicker.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (12692), with CRLF line terminators
Hash 8cfe207a6a21c7495cfb751c761217a6
35d686a6c4ecc9946c35444ce93e110cb0e1611c
804e3c2608de23694fa71684178e2f9815115d56ee022ec770e1fcb208847acc
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/datepicker.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 20975
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-51ef"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/granim.min.js
65.109.18.14200 OK 11 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/granim.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (10573)
Hash 2c16a9a724563fc0c306abb5bdeb03fe
90c2032537714e66059a3eaa150b93f3c9c80163
997a15cf01d5118cb0106587f441c32de2074c8dc12d85cf7c7dc430e2ee342e
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/granim.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 10634
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-298a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/jquery.steps.min.js
65.109.18.14200 OK 14 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/jquery.steps.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (13686)
Hash 4c5e9f4e84d32b7df69af7420b355e03
14e1e287ec98e8cc0a992ee996783b0c42f9ec0f
c9459a9e11e4c63fb7a30d2a644e80b733fc9599302ef3da8142cbe8f9d9333d
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/jquery.steps.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 13857
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-3621"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/countdown.min.js
65.109.18.14200 OK 5.3 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/countdown.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (4136)
Hash 5d3ff3c3fbaa67cc639501f44eeb07be
bd66e4cd58de09c198e7abc77fa4c883955d189e
2249399b2268c260d0698542503d16afebc80e437c846239f12196744ebbd40f
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/countdown.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 5339
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-14db"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js
65.109.18.14200 OK 6.0 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (4887)
Hash b67e171349c4716dd7bb15c018a2c8c1
60b204148c0eed83b06043897d1cbd54709eab66
8daef829c397c41e42a1f9faffc25aa4834334e5305805419933a1b44b6c1e30
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/smooth-scroll.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 6006
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-1776"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 06 Jan 2023 17:33:39 GMT
age: 983
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/cookiealert.js
65.109.18.14200 OK 1.8 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/cookiealert.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 81279e22c8ece9e1d0536a402484daa3
911797507fb12d4f451d5900e32db96ad697c401
5c6237178e88ab7f1c6e26c9e99547e58782450b8f2a182129448ff4d99e89ab
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/cookiealert.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 1836
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-72c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js
65.109.18.14200 OK 87 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (32030)
Hash e071abda8fe61194711cfc2ab99fe104
f647a6d37dc4ca055ced3cf64bbc1f490070acba
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/jquery-3.1.1.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 86709
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-152b5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/cache/themes/spirit/logo_inverse.png
65.109.18.14200 OK 47 kB URL HTTP/2 usaupload.com/cache/themes/spirit/logo_inverse.png
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 2395 x 523, 8-bit/color RGBA, non-interlaced\012- data
Hash 4a27d711f28aba5323cc3ec041fa5b02
d9085bc35de1f67fcc747a4e65326211da1a325b
2d8eee896b0e8b89f72080dc107998f372efb2e311ab8110e589b2e12ab3e357
Analyzer Verdict Alert quad9 Sinkholed
GET /cache/themes/spirit/logo_inverse.png HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: image/png
content-length: 46999
last-modified: Thu, 07 Apr 2022 17:42:41 GMT
etag: "624f2291-b797"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 75cfc8b3d7a22c317465a354b950897b
272651a02a8fa17067d9e4e9ff4878d2c1af75af
40dc9698f6d97aeada27973d1b096a149bb5bb299c38a6ed87e853e6d724d26b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
usaupload.com/themes/spirit/assets/frontend/js/scripts.js
65.109.18.14200 OK 112 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/scripts.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (914)
Size 112 kB (111905 bytes)
Hash ccd6c308b2b8e36ae154d7bacea4240d
f7d2f7195150771246dd599dbb4ff3bc2f0f2179
fc2a8bf60f1e7577697c0b457c01aeeecfd2b18ea68c93e2d374bf6d95fbe7a0
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/scripts.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 111905
last-modified: Wed, 14 Oct 2020 16:17:02 GMT
etag: "5f87247e-1b521"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/cache/themes/spirit/logo.png
65.109.18.14200 OK 45 kB URL HTTP/2 usaupload.com/cache/themes/spirit/logo.png
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 2395 x 523, 8-bit/color RGBA, non-interlaced\012- data
Hash e772ff8c144c6dab2b01cc460c09ed46
cc3d762f0be3af03b5d47e559cf1a941273126c3
8fd6aa3f0b8b3d4211fff4f800eeed179c4edd178a90c55848d9d063c76d39c4
Analyzer Verdict Alert quad9 Sinkholed
GET /cache/themes/spirit/logo.png HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: image/png
content-length: 44604
last-modified: Thu, 07 Apr 2022 17:58:15 GMT
etag: "624f2637-ae3c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/images/flags/us.png
65.109.18.14200 OK 609 B URL HTTP/2 usaupload.com/themes/spirit/assets/images/flags/us.png
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced\012- data
Hash 968591e0050981be9fa94bd2597afb48
dd9e149e2b5ad59dd8b4b262f5fdeb5cc10ecf43
36cce5cae3d2e0045b2b2b6cbffdad7a0aba3e99919cc219bbf0578efdc45585
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/images/flags/us.png HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: image/png
content-length: 609
last-modified: Mon, 28 Sep 2020 14:27:40 GMT
etag: "5f71f2dc-261"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631
65.109.18.14200 OK 4.3 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type Web Open Font Format (Version 2), TrueType, length 4292, version 1.0\012- data
Hash ae072782b361d2afdbf43db08d3cfb73
f3db2e65b53d97491672f8631e21d6d05905cc88
31205df908aed9881f6d2d3ae7d38975252bf99e38268978b4236dc3c314754b
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631 HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://usaupload.com/themes/spirit/assets/frontend/css/stack-interface.css
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: font/woff2
content-length: 4292
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-10c4"
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 75cfc8b3d7a22c317465a354b950897b
272651a02a8fa17067d9e4e9ff4878d2c1af75af
40dc9698f6d97aeada27973d1b096a149bb5bb299c38a6ed87e853e6d724d26b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 75cfc8b3d7a22c317465a354b950897b
272651a02a8fa17067d9e4e9ff4878d2c1af75af
40dc9698f6d97aeada27973d1b096a149bb5bb299c38a6ed87e853e6d724d26b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://usaupload.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 02 Jan 2023 18:52:41 GMT
expires: Tue, 02 Jan 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 341841
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
142.250.74.35200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://usaupload.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 02 Jan 2023 18:56:10 GMT
expires: Tue, 02 Jan 2024 18:56:10 GMT
cache-control: public, max-age=31536000
age: 341632
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 43c8442b7447debab97b0f6bc973e23a
38a5f1869cff7f6ddbfd3a24e57a3da7851ba3b0
4eb7adc914570287dde1317395d1d95b07271c8fe20b97a8928025c292c47dba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4541
Cache-Control: max-age=145947
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:02 GMT
Etag: "63b7e4a8-1d7"
Expires: Sun, 08 Jan 2023 10:22:29 GMT
Last-Modified: Fri, 06 Jan 2023 09:06:48 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
usaupload.com/themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png
65.109.18.14200 OK 5.0 kB URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash a9a8c24cea41bed7ef78ed1d12d48291
cd86d71e15b97ab602e0e39bb6e9bbaf6779f4d7
3b379c83d1c0b117cec88debed9390723daffc2fb99cf51cc2175c47169d190e
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: image/png
content-length: 5016
last-modified: Mon, 28 Sep 2020 14:26:42 GMT
etag: "5f71f2a2-1398"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/img/favicon/favicon-16x16.png
65.109.18.14200 OK 447 B URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/img/favicon/favicon-16x16.png
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash f3d5da06fe8d5a2425d5d229285e5eea
01032b864f3c74bbf44771e2ba41eeb2251fad90
d11d596429d3543bfb07191a87a67a8c22e198113c6f3a109158a5a85bf82f26
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/img/favicon/favicon-16x16.png HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: image/png
content-length: 447
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-1bf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 75cfc8b3d7a22c317465a354b950897b
272651a02a8fa17067d9e4e9ff4878d2c1af75af
40dc9698f6d97aeada27973d1b096a149bb5bb299c38a6ed87e853e6d724d26b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash b9d5eb404693c69bc3cd4a08162568e5
7283a3be604758d65fdd222bda42ce54c1b28316
4bc0f440f12b15760b0c0bd5f989bd76100e48f94fca8a8a7ca5cd3025320ccb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3146060301369196
142.250.74.98200 OK 50 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3146060301369196
IP 142.250.74.98:0
File type ASCII text, with very long lines (4885)
Hash 3fb8f448ad7eaa1184cc87ebea4d15d5
e31113c06847027b6075778809416839586e2e88
487d0f3a69a4a5a6a6a85c6965bdfbf0ea8d43de738d074714c47f1f4c99238b
GET /pagead/js/adsbygoogle.js?client=ca-pub-3146060301369196 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://usaupload.com
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 06 Jan 2023 17:50:02 GMT
expires: Fri, 06 Jan 2023 17:50:02 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 16335433962655502667
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 49496
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash b9d5eb404693c69bc3cd4a08162568e5
7283a3be604758d65fdd222bda42ce54c1b28316
4bc0f440f12b15760b0c0bd5f989bd76100e48f94fca8a8a7ca5cd3025320ccb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 06 Jan 2023 17:43:41 GMT
expires: Fri, 06 Jan 2023 19:43:41 GMT
cache-control: public, max-age=7200
age: 381
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.160.45.85101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.45.85:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: BDgVvFOujOOwMrjD1pIl5w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 69o8ee/O1ZgppvlBnNFO6RYCVEQ=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 1ba8980c8d4510ec1fa094f4478daf86
df0785127f6649e3f3e884e331ad94d5a968e8b5
470063fcad3af7a95d7ea41a96647e5ceb2efab72403a6dec11ff7afd31372c4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5ddd48b55142ea746fa6165da9c75916
a2e4ddea65431b1b1bddbcbf257874fddd7cc332
f6f85f03bb7716bf8d960e8cd94b66495040371cc68c1642f4a30e0f95e7c27e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3c9ae1015474fb56273490512807cef4
03cd8827553652d6a8a0becc76997f7ffe2e23f8
dceac28e6aae42862d52fe3561bb10432af2913a7b900cc2b266f0e622d91084
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=usaupload.com&callback=_gfp_s_&client=ca-pub-3146060301369196&gpid_exp=1
216.58.207.226200 OK 252 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=usaupload.com&callback=_gfp_s_&client=ca-pub-3146060301369196&gpid_exp=1
IP 216.58.207.226:0
File type ASCII text, with very long lines (393), with no line terminators
Hash 190c7e5e0a00100beac5caf1972b2b70
e2e86df2d0d30a266677ba601d41b1fea28cfd3a
88801e5010b6a15d582553b9b4baf54b230d20aa6d9d0b66ed46ef9f2376549a
GET /gampad/cookie.js?domain=usaupload.com&callback=_gfp_s_&client=ca-pub-3146060301369196&gpid_exp=1 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 06 Jan 2023 17:50:03 GMT
server: cafe
cache-control: private
content-length: 252
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=usaupload.com
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=usaupload.com
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=usaupload.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 06 Jan 2023 17:50:03 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=usaupload.com
142.250.74.130200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=usaupload.com
IP 142.250.74.130:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=usaupload.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 06 Jan 2023 17:50:03 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 1ba8980c8d4510ec1fa094f4478daf86
df0785127f6649e3f3e884e331ad94d5a968e8b5
470063fcad3af7a95d7ea41a96647e5ceb2efab72403a6dec11ff7afd31372c4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3c9ae1015474fb56273490512807cef4
03cd8827553652d6a8a0becc76997f7ffe2e23f8
dceac28e6aae42862d52fe3561bb10432af2913a7b900cc2b266f0e622d91084
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ff3b4cd0aa28a61ef1a039c7ff73ce71
1081a41936a63ccdf3e9ebc021835a19c4125a87
367f96729ad2d9dbe57a5881a37c0bc7893ad0858af6fff7f8b565204eae3a1f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230104&st=env
142.250.74.98200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230104&st=env
IP 142.250.74.98:0
File type JSON data\012- , ASCII text, with very long lines (14578), with no line terminators
Hash b537d54103611486c681cf3ce84a3741
b5b86992d827407d39bbaea2990398eabd138a15
2b59cef1ee027700b72afe7f6ce92bf4636ddc41490c0737e486453412129500
GET /getconfig/sodar?sv=200&tid=gda&tv=r20230104&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://usaupload.com
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Fri, 06 Jan 2023 17:50:03 GMT
server: cafe
content-length: 11006
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9082930c8b50014b9808385bfcce0228
e6b20ed08286b7c53238ee1ce3f8985741960b9e
fb5d667a61179921a1a033ba4b8ee81f8cd3e62f84891b5424b9c62ff229d8dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=usaupload.com
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=usaupload.com
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=usaupload.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 06 Jan 2023 17:50:03 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2.js
142.250.74.97200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 142.250.74.97:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Fri, 06 Jan 2023 17:50:03 GMT
expires: Fri, 06 Jan 2023 17:50:03 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
142.250.74.97200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 06 Jan 2023 16:50:05 GMT
expires: Sat, 06 Jan 2024 16:50:05 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 3598
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 29bbb88937e291fb70ac7920c1e4eeb1
d95e6da4d4dc4c4e301ff073f057c417986099fe
f5b298d0f4129a8139623fef229a0cda537587b380837c81968f418f3fba8c69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 17:50:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
142.250.74.132200 OK 514 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash e87a05744942a55c87e88a81b74e929c
c6809575bb0e50cf81fd3dd032913640b39921f2
9a9e8feb3f956a952b0a3c8c60b8c6f1f9e8b5e27cc3d7f43059944ade9fee67
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 06 Jan 2023 17:50:03 GMT
date: Fri, 06 Jan 2023 17:50:03 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-u9e9kD19Q0U38A-d2D51qA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
142.250.74.3200 OK 205 B URL HTTP/2 www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
IP 142.250.74.3:0
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 4087858e2c9db9aa8f6a840aedcfb533
d1ffe861da6bd0e95fd1a365b0c3d3ceb6cd58a3
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
GET /images/icons/material/system/2x/feedback_grey600_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 205
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 05 Jan 2023 00:09:10 GMT
expires: Fri, 05 Jan 2024 00:09:10 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: image/png
age: 150054
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
142.250.74.3200 OK 604 B URL HTTP/2 www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
IP 142.250.74.3:0
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 7bd42e5a35b5fb3ff852d6ea9191ca83
8a141eb392a05a2dea3dcd83b97940ef70a81ebc
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
GET /images/icons/material/system/2x/settings_grey600_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 04 Jan 2023 07:51:56 GMT
expires: Thu, 04 Jan 2024 07:51:56 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: image/png
age: 208688
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/mysidia/1507d5c23d710c2e70b81f354fbf7065.js?tag=mysidia_one_click_handler_one_afma_2019
142.250.74.3200 OK 14 kB URL HTTP/2 www.gstatic.com/mysidia/1507d5c23d710c2e70b81f354fbf7065.js?tag=mysidia_one_click_handler_one_afma_2019
IP 142.250.74.3:0
File type C++ source, ASCII text, with very long lines (1672)
Hash 95a09a61fb1b3529fa7ee85a8672e514
61175e2f180916d2ba6b1f2b270e61f05bbe43cd
6a43079319ffe2b0608ea015d3b28873b8356b906b507655773a13559f70e88c
GET /mysidia/1507d5c23d710c2e70b81f354fbf7065.js?tag=mysidia_one_click_handler_one_afma_2019 HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="mysidia"
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-length: 14033
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 05 Jan 2023 06:20:42 GMT
expires: Wed, 05 Apr 2023 06:20:42 GMT
cache-control: public, max-age=7776000
last-modified: Thu, 05 Jan 2023 01:26:36 GMT
content-type: text/javascript
age: 127762
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9416
Expires: Fri, 06 Jan 2023 20:27:00 GMT
Date: Fri, 06 Jan 2023 17:50:04 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9416
Expires: Fri, 06 Jan 2023 20:27:00 GMT
Date: Fri, 06 Jan 2023 17:50:04 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9416
Expires: Fri, 06 Jan 2023 20:27:00 GMT
Date: Fri, 06 Jan 2023 17:50:04 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9416
Expires: Fri, 06 Jan 2023 20:27:00 GMT
Date: Fri, 06 Jan 2023 17:50:04 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9416
Expires: Fri, 06 Jan 2023 20:27:00 GMT
Date: Fri, 06 Jan 2023 17:50:04 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F727b2cef-2229-487d-9623-29ccec44ab1f.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F727b2cef-2229-487d-9623-29ccec44ab1f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d256d063b2698bb9d915589a2c79fbce
d7c083857e9512ad3ecb3bbaf285409926473ceb
d4e5f901f62fa98b525fc1ecbe187032fd2d0e112c6f1b9534b742b2d6c05b08
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F727b2cef-2229-487d-9623-29ccec44ab1f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5809
x-amzn-requestid: 16b4843e-ac69-402f-87e7-66c24984cecb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eSeJoHgwIAMFhdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b743d7-507b52112e0f1176182e5d99;Sampled=0
x-amzn-remapped-date: Thu, 05 Jan 2023 21:40:39 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JGGMyfzW2uwEbY-V22ZCWjFegXRLY-wAlWxSjLCM6C1A5kjXa2DTGw==
via: 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 21:46:41 GMT
age: 72203
etag: "d7c083857e9512ad3ecb3bbaf285409926473ceb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb84dc300-436d-4ab6-93ff-5c34a5e8faa9.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb84dc300-436d-4ab6-93ff-5c34a5e8faa9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 905c01ccaa57e0ea71e9a2f58bbb2ca4
6cf4b068623644dd0ca790dbc75e3533e7759f8b
4b579d86c6b957bf5c777b44b474c1c8fac699ffe695757d43f9752b079ef42a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb84dc300-436d-4ab6-93ff-5c34a5e8faa9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4473
x-amzn-requestid: 4732a7f2-382c-41a0-a96a-dbd073af76dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eScwQG6hoAMFQaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b7419b-4b3c3ebf3c06242b360e6421;Sampled=0
x-amzn-remapped-date: Thu, 05 Jan 2023 21:31:07 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XRsEwpela3bYpgBLNQxwiFzDcHzfFiXWmAEAl1jvIb1ustFu2lJdaA==
via: 1.1 adc2002956acc4d61bfbf3b973fdf246.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 22:00:17 GMT
age: 71387
etag: "6cf4b068623644dd0ca790dbc75e3533e7759f8b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0cc6987-cb45-42f9-8b7e-1ec781513572.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0cc6987-cb45-42f9-8b7e-1ec781513572.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 884498828be14529bda4485a38b033c3
9443f22559b64c5861bbc50d0980dad8da158352
c48b1203e6b6e9468dc9a07934709f5ec2ba064fb2c9dd97f6cdc0e452a7dd77
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0cc6987-cb45-42f9-8b7e-1ec781513572.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6268
x-amzn-requestid: 3674eb24-1902-4722-8ea0-63b5fb36b41e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eSdsIEtbIAMFYsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b7431a-1e840ef57d3fa7ab2362f37c;Sampled=0
x-amzn-remapped-date: Thu, 05 Jan 2023 21:37:30 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jSI7UFknz6hbv5lG44ZUvaRg2ekHMRdi4NaLtpDGbpNrolofHvqbAQ==
via: 1.1 b838ef1ff22a4a994af82d5178c30e1c.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 21:46:41 GMT
age: 72203
etag: "9443f22559b64c5861bbc50d0980dad8da158352"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f37a3ca-5b31-4876-bbcd-442c1f718b3c.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f37a3ca-5b31-4876-bbcd-442c1f718b3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e832123ea0c92a446b5894e75efc86ae
bb438ca635b43819701067ef07a3d910ad29a0c7
e1b0c6cd873f304de15664f96af6b6914e13fbbfb3e2179ba43369e116446773
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f37a3ca-5b31-4876-bbcd-442c1f718b3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5578
x-amzn-requestid: 93353c3e-1b26-424c-b4c6-0d113703edd6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eFvpBFGvIAMFobw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b22c9f-1d07cff31ae39320693642f0;Sampled=0
x-amzn-remapped-date: Mon, 02 Jan 2023 01:00:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: skIlgzeKmjJ2Wsx2QeubgMvO7chgpPNZYqW4E_xhRgkCtDEhAfBp4w==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 06 Jan 2023 07:33:22 GMT
age: 37002
etag: "bb438ca635b43819701067ef07a3d910ad29a0c7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F426acd7d-b225-4d35-a3be-10ba23ba69c9.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F426acd7d-b225-4d35-a3be-10ba23ba69c9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 49cab8228badce0317f63284420a2a06
94abc863dc8ac54c9ab9e57a791b404a8a09729e
399c22a3adea805a2fa373f6a85d842f47798088593803b6b38034f942e092af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F426acd7d-b225-4d35-a3be-10ba23ba69c9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8693
x-amzn-requestid: ae2b861d-87b8-4913-853a-64c76f410bf4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eNLADE-ZoAMFttw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b52533-6e5412c92f70fbd12a893047;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 07:05:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 78YflWiepSLgVw3s7rsefJd1FkwKcScpFt2tIHNaBjbpF3ZQmxT9Zw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Fri, 06 Jan 2023 07:48:09 GMT
age: 36115
etag: "94abc863dc8ac54c9ab9e57a791b404a8a09729e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4210cd0d-e5ae-416b-b3b1-984a5c3f750c.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4210cd0d-e5ae-416b-b3b1-984a5c3f750c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e96507584bce9f14a50123fb78a8102
c45249ddffb15b9e957af8f5203d7d06ddf32cf8
118f62631c92e42b135046647e828eb80a54405603f5b461320b483bce0c55ba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4210cd0d-e5ae-416b-b3b1-984a5c3f750c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11746
x-amzn-requestid: dfac0548-1ee6-4eb6-8fb6-4be00f9cf601
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eRlO6Hc_IAMFT0g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b6e8c5-4459ff7b3622ddff7dc3e3ff;Sampled=0
x-amzn-remapped-date: Thu, 05 Jan 2023 15:12:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: P31AbiVmWqCAQfjCxt7iXE3RtDtZHNiXtBXcjBWKR_u-U_sHT1ZvTg==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 06 Jan 2023 15:17:05 GMT
age: 9179
etag: "c45249ddffb15b9e957af8f5203d7d06ddf32cf8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash de996b0efc9fb434e895a2176e0e25b9
701c3d5edabaef37983420700866b09b2761cf7f
8300bfc5d6b8fb1e72c384dcf1a462f8ef6089949eb22b580c3e5466c486931b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8300BFC5D6B8FB1E72C384DCF1A462F8EF6089949EB22B580C3E5466C486931B"
Last-Modified: Wed, 04 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4087
Expires: Fri, 06 Jan 2023 18:58:11 GMT
Date: Fri, 06 Jan 2023 17:50:04 GMT
Connection: keep-alive
hal9000.redintelligence.net/zone/7lb6qbnvrhza?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCOq-6S1-4Y8ntCYSw6wTPh574Asm5opxpvLTNztUP8C4QASCK_6V8YMOEgICYGMgBCakCE9TeMTugsT6oAwGqBPgBT9CaW9Fy7SNIQtYDdbQegjawsxlHel5eHToYLVXnKOKVUZNaeKfQZ70PACl8mx-TV2gSuZttHhKWBXpUe-lTUxKVF5RytYTfKyFf5aoNZiETNrz3QxONxRC59dOKE_noqZm9wMAozSwaMXe8b4xqQutUA66NUsLY8FzTjdyiCI3DNCBoXh4Qjd1jLtPtv1zgBEKvYPbivFj3nSFwdGwz4exl25rBQQNwNc6m6Ke-9rywF53xT3LSMAEyIph8g9WsxAYUJiItP9grcUv9ApUgdtxJpGDqegZAhaKheu7U0y0a5zIkaHDnjabYYgKXyLRyJ8xDS7s4ISvABMG9lPzzA-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggSCIjhgBAQARgfMgOqggE6AoBAgAoBmAsByAsBgAwBsBOcos0O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSPgDq26N91ZORUxiS-FEDwQFB8U_xFCupGZOSPVUAr-Anbv752aIC49bMA2ZtlA6HgOfOtOwE6jGUBj_gEOw_GAEgEw%26sig%3DAOD64_1b4azVT_8mTXKjTjEk5gtTuSoFbQ%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-BBaSvM6pH_O5B0av0HaAm5r1aFH_BJ7IYAsGcF0C7sY3TRMn9T3qODLVj3-yWiaHkrIAddwfCLQh24QBiRoBF6qqh9SpYt6OEQswThBrRxmhI7EXP-sC4QAWJmWFHHDY0h64gRkqB6hW7nR7Fm3ots9T7bm_IL4g3gp71FHgkSXOYpqD8%26cry%3D1%26dbm_d%3DAKAmf-AdVUwB5UDE-9ir_wbtJTxyrUOQEv3H7rdiiwbbG1xclTAtNFyu9wDI4hs2f-Z-_3X7sC6yehtq5wmWL_1NJamQSMhCTJrb0VFSNfPTU1LfqLiv7U-FiAX8LHKDDtYRJ5y5dC2M43lFb2nnK2fMiZIiY8kDBqYy9cpqZHjaAvLRPVFeIH2XWAIdK5gtUgiPu15uTM2axjmFvSfTMkR2raxTbJz6slbXNiVdQUawaRC7kuJRt2GXrOZdSGRmF2i3KrI2r46IcLyI_Meyi2cE4-A4JUkPQh9xMIHfAicBiUCUuVrMXvUS7Xjl6IRsPKySxqxoALS_WBUKMoyUgTkz_ALdxYLuVmPuqJ_R2Wx4sE13X-CGg97PtqutBgmjjlGkxCmKIiQQfpMpaO6d2RlJXRbzB7UcymzWfNv3I6eRwKaeSrsbLZHG1YjggszldNjwqwbF2aaDISBhRfzb6zUuPrz6G0RuSOfrZM6SZj1uT5sMaIR9M7B0UdHoNQBL_Bb4mODLAIo57tBcdrclXO8pN8m2biW3s17DrJC0-gLkDnLDpZmm_GE83iP1AG_JzBFzkWJvekpMzgzLcdtUh-cFF37nTwHmqcnpF3wmhJ_AuBqJOR0LwvI%26adurl%3D
138.201.63.157200 OK 4.1 kB URL HTTP/1.1 hal9000.redintelligence.net/zone/7lb6qbnvrhza?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCOq-6S1-4Y8ntCYSw6wTPh574Asm5opxpvLTNztUP8C4QASCK_6V8YMOEgICYGMgBCakCE9TeMTugsT6oAwGqBPgBT9CaW9Fy7SNIQtYDdbQegjawsxlHel5eHToYLVXnKOKVUZNaeKfQZ70PACl8mx-TV2gSuZttHhKWBXpUe-lTUxKVF5RytYTfKyFf5aoNZiETNrz3QxONxRC59dOKE_noqZm9wMAozSwaMXe8b4xqQutUA66NUsLY8FzTjdyiCI3DNCBoXh4Qjd1jLtPtv1zgBEKvYPbivFj3nSFwdGwz4exl25rBQQNwNc6m6Ke-9rywF53xT3LSMAEyIph8g9WsxAYUJiItP9grcUv9ApUgdtxJpGDqegZAhaKheu7U0y0a5zIkaHDnjabYYgKXyLRyJ8xDS7s4ISvABMG9lPzzA-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggSCIjhgBAQARgfMgOqggE6AoBAgAoBmAsByAsBgAwBsBOcos0O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSPgDq26N91ZORUxiS-FEDwQFB8U_xFCupGZOSPVUAr-Anbv752aIC49bMA2ZtlA6HgOfOtOwE6jGUBj_gEOw_GAEgEw%26sig%3DAOD64_1b4azVT_8mTXKjTjEk5gtTuSoFbQ%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-BBaSvM6pH_O5B0av0HaAm5r1aFH_BJ7IYAsGcF0C7sY3TRMn9T3qODLVj3-yWiaHkrIAddwfCLQh24QBiRoBF6qqh9SpYt6OEQswThBrRxmhI7EXP-sC4QAWJmWFHHDY0h64gRkqB6hW7nR7Fm3ots9T7bm_IL4g3gp71FHgkSXOYpqD8%26cry%3D1%26dbm_d%3DAKAmf-AdVUwB5UDE-9ir_wbtJTxyrUOQEv3H7rdiiwbbG1xclTAtNFyu9wDI4hs2f-Z-_3X7sC6yehtq5wmWL_1NJamQSMhCTJrb0VFSNfPTU1LfqLiv7U-FiAX8LHKDDtYRJ5y5dC2M43lFb2nnK2fMiZIiY8kDBqYy9cpqZHjaAvLRPVFeIH2XWAIdK5gtUgiPu15uTM2axjmFvSfTMkR2raxTbJz6slbXNiVdQUawaRC7kuJRt2GXrOZdSGRmF2i3KrI2r46IcLyI_Meyi2cE4-A4JUkPQh9xMIHfAicBiUCUuVrMXvUS7Xjl6IRsPKySxqxoALS_WBUKMoyUgTkz_ALdxYLuVmPuqJ_R2Wx4sE13X-CGg97PtqutBgmjjlGkxCmKIiQQfpMpaO6d2RlJXRbzB7UcymzWfNv3I6eRwKaeSrsbLZHG1YjggszldNjwqwbF2aaDISBhRfzb6zUuPrz6G0RuSOfrZM6SZj1uT5sMaIR9M7B0UdHoNQBL_Bb4mODLAIo57tBcdrclXO8pN8m2biW3s17DrJC0-gLkDnLDpZmm_GE83iP1AG_JzBFzkWJvekpMzgzLcdtUh-cFF37nTwHmqcnpF3wmhJ_AuBqJOR0LwvI%26adurl%3D
IP 138.201.63.157:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1734), with CRLF line terminators
Hash d8ae2d72d122b24e2e43f9a6ab56531f
d09d3b7a6cda9284129c6f68525c6b8c0c50a3d9
470fe8472d26ac04f69b5b2113f203e80527adcdfd8b54f58b40f86f077b99db
GET /zone/7lb6qbnvrhza?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCOq-6S1-4Y8ntCYSw6wTPh574Asm5opxpvLTNztUP8C4QASCK_6V8YMOEgICYGMgBCakCE9TeMTugsT6oAwGqBPgBT9CaW9Fy7SNIQtYDdbQegjawsxlHel5eHToYLVXnKOKVUZNaeKfQZ70PACl8mx-TV2gSuZttHhKWBXpUe-lTUxKVF5RytYTfKyFf5aoNZiETNrz3QxONxRC59dOKE_noqZm9wMAozSwaMXe8b4xqQutUA66NUsLY8FzTjdyiCI3DNCBoXh4Qjd1jLtPtv1zgBEKvYPbivFj3nSFwdGwz4exl25rBQQNwNc6m6Ke-9rywF53xT3LSMAEyIph8g9WsxAYUJiItP9grcUv9ApUgdtxJpGDqegZAhaKheu7U0y0a5zIkaHDnjabYYgKXyLRyJ8xDS7s4ISvABMG9lPzzA-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggSCIjhgBAQARgfMgOqggE6AoBAgAoBmAsByAsBgAwBsBOcos0O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSPgDq26N91ZORUxiS-FEDwQFB8U_xFCupGZOSPVUAr-Anbv752aIC49bMA2ZtlA6HgOfOtOwE6jGUBj_gEOw_GAEgEw%26sig%3DAOD64_1b4azVT_8mTXKjTjEk5gtTuSoFbQ%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-BBaSvM6pH_O5B0av0HaAm5r1aFH_BJ7IYAsGcF0C7sY3TRMn9T3qODLVj3-yWiaHkrIAddwfCLQh24QBiRoBF6qqh9SpYt6OEQswThBrRxmhI7EXP-sC4QAWJmWFHHDY0h64gRkqB6hW7nR7Fm3ots9T7bm_IL4g3gp71FHgkSXOYpqD8%26cry%3D1%26dbm_d%3DAKAmf-AdVUwB5UDE-9ir_wbtJTxyrUOQEv3H7rdiiwbbG1xclTAtNFyu9wDI4hs2f-Z-_3X7sC6yehtq5wmWL_1NJamQSMhCTJrb0VFSNfPTU1LfqLiv7U-FiAX8LHKDDtYRJ5y5dC2M43lFb2nnK2fMiZIiY8kDBqYy9cpqZHjaAvLRPVFeIH2XWAIdK5gtUgiPu15uTM2axjmFvSfTMkR2raxTbJz6slbXNiVdQUawaRC7kuJRt2GXrOZdSGRmF2i3KrI2r46IcLyI_Meyi2cE4-A4JUkPQh9xMIHfAicBiUCUuVrMXvUS7Xjl6IRsPKySxqxoALS_WBUKMoyUgTkz_ALdxYLuVmPuqJ_R2Wx4sE13X-CGg97PtqutBgmjjlGkxCmKIiQQfpMpaO6d2RlJXRbzB7UcymzWfNv3I6eRwKaeSrsbLZHG1YjggszldNjwqwbF2aaDISBhRfzb6zUuPrz6G0RuSOfrZM6SZj1uT5sMaIR9M7B0UdHoNQBL_Bb4mODLAIo57tBcdrclXO8pN8m2biW3s17DrJC0-gLkDnLDpZmm_GE83iP1AG_JzBFzkWJvekpMzgzLcdtUh-cFF37nTwHmqcnpF3wmhJ_AuBqJOR0LwvI%26adurl%3D HTTP/1.1
Host: hal9000.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 06 Jan 2023 17:50:04 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4144
Connection: close
Content-Type: text/html; charset=UTF-8
hal900025.redintelligence.net/request.php?zone=7lb6qbnvrhza&nw=20&renderingType=javascript&namespace=f409ffaf77&subid=&uid=a07f662d0acda12e&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCOq-6S1-4Y8ntCYSw6wTPh574Asm5opxpvLTNztUP8C4QASCK_6V8YMOEgICYGMgBCakCE9TeMTugsT6oAwGqBPgBT9CaW9Fy7SNIQtYDdbQegjawsxlHel5eHToYLVXnKOKVUZNaeKfQZ70PACl8mx-TV2gSuZttHhKWBXpUe-lTUxKVF5RytYTfKyFf5aoNZiETNrz3QxONxRC59dOKE_noqZm9wMAozSwaMXe8b4xqQutUA66NUsLY8FzTjdyiCI3DNCBoXh4Qjd1jLtPtv1zgBEKvYPbivFj3nSFwdGwz4exl25rBQQNwNc6m6Ke-9rywF53xT3LSMAEyIph8g9WsxAYUJiItP9grcUv9ApUgdtxJpGDqegZAhaKheu7U0y0a5zIkaHDnjabYYgKXyLRyJ8xDS7s4ISvABMG9lPzzA-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggSCIjhgBAQARgfMgOqggE6AoBAgAoBmAsByAsBgAwBsBOcos0O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSPgDq26N91ZORUxiS-FEDwQFB8U_xFCupGZOSPVUAr-Anbv752aIC49bMA2ZtlA6HgOfOtOwE6jGUBj_gEOw_GAEgEw%26sig%3DAOD64_1b4azVT_8mTXKjTjEk5gtTuSoFbQ%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-BBaSvM6pH_O5B0av0HaAm5r1aFH_BJ7IYAsGcF0C7sY3TRMn9T3qODLVj3-yWiaHkrIAddwfCLQh24QBiRoBF6qqh9SpYt6OEQswThBrRxmhI7EXP-sC4QAWJmWFHHDY0h64gRkqB6hW7nR7Fm3ots9T7bm_IL4g3gp71FHgkSXOYpqD8%26cry%3D1%26dbm_d%3DAKAmf-AdVUwB5UDE-9ir_wbtJTxyrUOQEv3H7rdiiwbbG1xclTAtNFyu9wDI4hs2f-Z-_3X7sC6yehtq5wmWL_1NJamQSMhCTJrb0VFSNfPTU1LfqLiv7U-FiAX8LHKDDtYRJ5y5dC2M43lFb2nnK2fMiZIiY8kDBqYy9cpqZHjaAvLRPVFeIH2XWAIdK5gtUgiPu15uTM2axjmFvSfTMkR2raxTbJz6slbXNiVdQUawaRC7kuJRt2GXrOZdSGRmF2i3KrI2r46IcLyI_Meyi2cE4-A4JUkPQh9xMIHfAicBiUCUuVrMXvUS7Xjl6IRsPKySxqxoALS_WBUKMoyUgTkz_ALdxYLuVmPuqJ_R2Wx4sE13X-CGg97PtqutBgmjjlGkxCmKIiQQfpMpaO6d2RlJXRbzB7UcymzWfNv3I6eRwKaeSrsbLZHG1YjggszldNjwqwbF2aaDISBhRfzb6zUuPrz6G0RuSOfrZM6SZj1uT5sMaIR9M7B0UdHoNQBL_Bb4mODLAIo57tBcdrclXO8pN8m2biW3s17DrJC0-gLkDnLDpZmm_GE83iP1AG_JzBFzkWJvekpMzgzLcdtUh-cFF37nTwHmqcnpF3wmhJ_AuBqJOR0LwvI%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230104%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&ancestorOrigins=null&random=4107909749249&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
138.201.84.245302 Found 0 B URL HTTP/1.1 hal900025.redintelligence.net/request.php?zone=7lb6qbnvrhza&nw=20&renderingType=javascript&namespace=f409ffaf77&subid=&uid=a07f662d0acda12e&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCOq-6S1-4Y8ntCYSw6wTPh574Asm5opxpvLTNztUP8C4QASCK_6V8YMOEgICYGMgBCakCE9TeMTugsT6oAwGqBPgBT9CaW9Fy7SNIQtYDdbQegjawsxlHel5eHToYLVXnKOKVUZNaeKfQZ70PACl8mx-TV2gSuZttHhKWBXpUe-lTUxKVF5RytYTfKyFf5aoNZiETNrz3QxONxRC59dOKE_noqZm9wMAozSwaMXe8b4xqQutUA66NUsLY8FzTjdyiCI3DNCBoXh4Qjd1jLtPtv1zgBEKvYPbivFj3nSFwdGwz4exl25rBQQNwNc6m6Ke-9rywF53xT3LSMAEyIph8g9WsxAYUJiItP9grcUv9ApUgdtxJpGDqegZAhaKheu7U0y0a5zIkaHDnjabYYgKXyLRyJ8xDS7s4ISvABMG9lPzzA-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggSCIjhgBAQARgfMgOqggE6AoBAgAoBmAsByAsBgAwBsBOcos0O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSPgDq26N91ZORUxiS-FEDwQFB8U_xFCupGZOSPVUAr-Anbv752aIC49bMA2ZtlA6HgOfOtOwE6jGUBj_gEOw_GAEgEw%26sig%3DAOD64_1b4azVT_8mTXKjTjEk5gtTuSoFbQ%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-BBaSvM6pH_O5B0av0HaAm5r1aFH_BJ7IYAsGcF0C7sY3TRMn9T3qODLVj3-yWiaHkrIAddwfCLQh24QBiRoBF6qqh9SpYt6OEQswThBrRxmhI7EXP-sC4QAWJmWFHHDY0h64gRkqB6hW7nR7Fm3ots9T7bm_IL4g3gp71FHgkSXOYpqD8%26cry%3D1%26dbm_d%3DAKAmf-AdVUwB5UDE-9ir_wbtJTxyrUOQEv3H7rdiiwbbG1xclTAtNFyu9wDI4hs2f-Z-_3X7sC6yehtq5wmWL_1NJamQSMhCTJrb0VFSNfPTU1LfqLiv7U-FiAX8LHKDDtYRJ5y5dC2M43lFb2nnK2fMiZIiY8kDBqYy9cpqZHjaAvLRPVFeIH2XWAIdK5gtUgiPu15uTM2axjmFvSfTMkR2raxTbJz6slbXNiVdQUawaRC7kuJRt2GXrOZdSGRmF2i3KrI2r46IcLyI_Meyi2cE4-A4JUkPQh9xMIHfAicBiUCUuVrMXvUS7Xjl6IRsPKySxqxoALS_WBUKMoyUgTkz_ALdxYLuVmPuqJ_R2Wx4sE13X-CGg97PtqutBgmjjlGkxCmKIiQQfpMpaO6d2RlJXRbzB7UcymzWfNv3I6eRwKaeSrsbLZHG1YjggszldNjwqwbF2aaDISBhRfzb6zUuPrz6G0RuSOfrZM6SZj1uT5sMaIR9M7B0UdHoNQBL_Bb4mODLAIo57tBcdrclXO8pN8m2biW3s17DrJC0-gLkDnLDpZmm_GE83iP1AG_JzBFzkWJvekpMzgzLcdtUh-cFF37nTwHmqcnpF3wmhJ_AuBqJOR0LwvI%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230104%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&ancestorOrigins=null&random=4107909749249&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
IP 138.201.84.245:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /request.php?zone=7lb6qbnvrhza&nw=20&renderingType=javascript&namespace=f409ffaf77&subid=&uid=a07f662d0acda12e&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCOq-6S1-4Y8ntCYSw6wTPh574Asm5opxpvLTNztUP8C4QASCK_6V8YMOEgICYGMgBCakCE9TeMTugsT6oAwGqBPgBT9CaW9Fy7SNIQtYDdbQegjawsxlHel5eHToYLVXnKOKVUZNaeKfQZ70PACl8mx-TV2gSuZttHhKWBXpUe-lTUxKVF5RytYTfKyFf5aoNZiETNrz3QxONxRC59dOKE_noqZm9wMAozSwaMXe8b4xqQutUA66NUsLY8FzTjdyiCI3DNCBoXh4Qjd1jLtPtv1zgBEKvYPbivFj3nSFwdGwz4exl25rBQQNwNc6m6Ke-9rywF53xT3LSMAEyIph8g9WsxAYUJiItP9grcUv9ApUgdtxJpGDqegZAhaKheu7U0y0a5zIkaHDnjabYYgKXyLRyJ8xDS7s4ISvABMG9lPzzA-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggSCIjhgBAQARgfMgOqggE6AoBAgAoBmAsByAsBgAwBsBOcos0O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSPgDq26N91ZORUxiS-FEDwQFB8U_xFCupGZOSPVUAr-Anbv752aIC49bMA2ZtlA6HgOfOtOwE6jGUBj_gEOw_GAEgEw%26sig%3DAOD64_1b4azVT_8mTXKjTjEk5gtTuSoFbQ%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-BBaSvM6pH_O5B0av0HaAm5r1aFH_BJ7IYAsGcF0C7sY3TRMn9T3qODLVj3-yWiaHkrIAddwfCLQh24QBiRoBF6qqh9SpYt6OEQswThBrRxmhI7EXP-sC4QAWJmWFHHDY0h64gRkqB6hW7nR7Fm3ots9T7bm_IL4g3gp71FHgkSXOYpqD8%26cry%3D1%26dbm_d%3DAKAmf-AdVUwB5UDE-9ir_wbtJTxyrUOQEv3H7rdiiwbbG1xclTAtNFyu9wDI4hs2f-Z-_3X7sC6yehtq5wmWL_1NJamQSMhCTJrb0VFSNfPTU1LfqLiv7U-FiAX8LHKDDtYRJ5y5dC2M43lFb2nnK2fMiZIiY8kDBqYy9cpqZHjaAvLRPVFeIH2XWAIdK5gtUgiPu15uTM2axjmFvSfTMkR2raxTbJz6slbXNiVdQUawaRC7kuJRt2GXrOZdSGRmF2i3KrI2r46IcLyI_Meyi2cE4-A4JUkPQh9xMIHfAicBiUCUuVrMXvUS7Xjl6IRsPKySxqxoALS_WBUKMoyUgTkz_ALdxYLuVmPuqJ_R2Wx4sE13X-CGg97PtqutBgmjjlGkxCmKIiQQfpMpaO6d2RlJXRbzB7UcymzWfNv3I6eRwKaeSrsbLZHG1YjggszldNjwqwbF2aaDISBhRfzb6zUuPrz6G0RuSOfrZM6SZj1uT5sMaIR9M7B0UdHoNQBL_Bb4mODLAIo57tBcdrclXO8pN8m2biW3s17DrJC0-gLkDnLDpZmm_GE83iP1AG_JzBFzkWJvekpMzgzLcdtUh-cFF37nTwHmqcnpF3wmhJ_AuBqJOR0LwvI%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230104%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&ancestorOrigins=null&random=4107909749249&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 HTTP/1.1
Host: hal900025.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 06 Jan 2023 17:50:04 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Fri, 06 Jan 2023 17:50:04 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 8lcfmzhxc8d6_uid=f78d4bce1cc8abb4; expires=Thu, 06-Apr-2023 17:50:04 GMT; Max-Age=7776000; path=/; domain=.redintelligence.net; secure; SameSite=None
Location: request.php?zone=7lb6qbnvrhza&nw=20&renderingType=javascript&namespace=f409ffaf77&subid=&uid=a07f662d0acda12e&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCOq-6S1-4Y8ntCYSw6wTPh574Asm5opxpvLTNztUP8C4QASCK_6V8YMOEgICYGMgBCakCE9TeMTugsT6oAwGqBPgBT9CaW9Fy7SNIQtYDdbQegjawsxlHel5eHToYLVXnKOKVUZNaeKfQZ70PACl8mx-TV2gSuZttHhKWBXpUe-lTUxKVF5RytYTfKyFf5aoNZiETNrz3QxONxRC59dOKE_noqZm9wMAozSwaMXe8b4xqQutUA66NUsLY8FzTjdyiCI3DNCBoXh4Qjd1jLtPtv1zgBEKvYPbivFj3nSFwdGwz4exl25rBQQNwNc6m6Ke-9rywF53xT3LSMAEyIph8g9WsxAYUJiItP9grcUv9ApUgdtxJpGDqegZAhaKheu7U0y0a5zIkaHDnjabYYgKXyLRyJ8xDS7s4ISvABMG9lPzzA-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggSCIjhgBAQARgfMgOqggE6AoBAgAoBmAsByAsBgAwBsBOcos0O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSPgDq26N91ZORUxiS-FEDwQFB8U_xFCupGZOSPVUAr-Anbv752aIC49bMA2ZtlA6HgOfOtOwE6jGUBj_gEOw_GAEgEw%26sig%3DAOD64_1b4azVT_8mTXKjTjEk5gtTuSoFbQ%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-BBaSvM6pH_O5B0av0HaAm5r1aFH_BJ7IYAsGcF0C7sY3TRMn9T3qODLVj3-yWiaHkrIAddwfCLQh24QBiRoBF6qqh9SpYt6OEQswThBrRxmhI7EXP-sC4QAWJmWFHHDY0h64gRkqB6hW7nR7Fm3ots9T7bm_IL4g3gp71FHgkSXOYpqD8%26cry%3D1%26dbm_d%3DAKAmf-AdVUwB5UDE-9ir_wbtJTxyrUOQEv3H7rdiiwbbG1xclTAtNFyu9wDI4hs2f-Z-_3X7sC6yehtq5wmWL_1NJamQSMhCTJrb0VFSNfPTU1LfqLiv7U-FiAX8LHKDDtYRJ5y5dC2M43lFb2nnK2fMiZIiY8kDBqYy9cpqZHjaAvLRPVFeIH2XWAIdK5gtUgiPu15uTM2axjmFvSfTMkR2raxTbJz6slbXNiVdQUawaRC7kuJRt2GXrOZdSGRmF2i3KrI2r46IcLyI_Meyi2cE4-A4JUkPQh9xMIHfAicBiUCUuVrMXvUS7Xjl6IRsPKySxqxoALS_WBUKMoyUgTkz_ALdxYLuVmPuqJ_R2Wx4sE13X-CGg97PtqutBgmjjlGkxCmKIiQQfpMpaO6d2RlJXRbzB7UcymzWfNv3I6eRwKaeSrsbLZHG1YjggszldNjwqwbF2aaDISBhRfzb6zUuPrz6G0RuSOfrZM6SZj1uT5sMaIR9M7B0UdHoNQBL_Bb4mODLAIo57tBcdrclXO8pN8m2biW3s17DrJC0-gLkDnLDpZmm_GE83iP1AG_JzBFzkWJvekpMzgzLcdtUh-cFF37nTwHmqcnpF3wmhJ_AuBqJOR0LwvI%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230104%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&ancestorOrigins=null&random=4107909749249&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
hal900025.redintelligence.net/request.php?zone=7lb6qbnvrhza&nw=20&renderingType=javascript&namespace=f409ffaf77&subid=&uid=a07f662d0acda12e&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCOq-6S1-4Y8ntCYSw6wTPh574Asm5opxpvLTNztUP8C4QASCK_6V8YMOEgICYGMgBCakCE9TeMTugsT6oAwGqBPgBT9CaW9Fy7SNIQtYDdbQegjawsxlHel5eHToYLVXnKOKVUZNaeKfQZ70PACl8mx-TV2gSuZttHhKWBXpUe-lTUxKVF5RytYTfKyFf5aoNZiETNrz3QxONxRC59dOKE_noqZm9wMAozSwaMXe8b4xqQutUA66NUsLY8FzTjdyiCI3DNCBoXh4Qjd1jLtPtv1zgBEKvYPbivFj3nSFwdGwz4exl25rBQQNwNc6m6Ke-9rywF53xT3LSMAEyIph8g9WsxAYUJiItP9grcUv9ApUgdtxJpGDqegZAhaKheu7U0y0a5zIkaHDnjabYYgKXyLRyJ8xDS7s4ISvABMG9lPzzA-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggSCIjhgBAQARgfMgOqggE6AoBAgAoBmAsByAsBgAwBsBOcos0O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSPgDq26N91ZORUxiS-FEDwQFB8U_xFCupGZOSPVUAr-Anbv752aIC49bMA2ZtlA6HgOfOtOwE6jGUBj_gEOw_GAEgEw%26sig%3DAOD64_1b4azVT_8mTXKjTjEk5gtTuSoFbQ%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-BBaSvM6pH_O5B0av0HaAm5r1aFH_BJ7IYAsGcF0C7sY3TRMn9T3qODLVj3-yWiaHkrIAddwfCLQh24QBiRoBF6qqh9SpYt6OEQswThBrRxmhI7EXP-sC4QAWJmWFHHDY0h64gRkqB6hW7nR7Fm3ots9T7bm_IL4g3gp71FHgkSXOYpqD8%26cry%3D1%26dbm_d%3DAKAmf-AdVUwB5UDE-9ir_wbtJTxyrUOQEv3H7rdiiwbbG1xclTAtNFyu9wDI4hs2f-Z-_3X7sC6yehtq5wmWL_1NJamQSMhCTJrb0VFSNfPTU1LfqLiv7U-FiAX8LHKDDtYRJ5y5dC2M43lFb2nnK2fMiZIiY8kDBqYy9cpqZHjaAvLRPVFeIH2XWAIdK5gtUgiPu15uTM2axjmFvSfTMkR2raxTbJz6slbXNiVdQUawaRC7kuJRt2GXrOZdSGRmF2i3KrI2r46IcLyI_Meyi2cE4-A4JUkPQh9xMIHfAicBiUCUuVrMXvUS7Xjl6IRsPKySxqxoALS_WBUKMoyUgTkz_ALdxYLuVmPuqJ_R2Wx4sE13X-CGg97PtqutBgmjjlGkxCmKIiQQfpMpaO6d2RlJXRbzB7UcymzWfNv3I6eRwKaeSrsbLZHG1YjggszldNjwqwbF2aaDISBhRfzb6zUuPrz6G0RuSOfrZM6SZj1uT5sMaIR9M7B0UdHoNQBL_Bb4mODLAIo57tBcdrclXO8pN8m2biW3s17DrJC0-gLkDnLDpZmm_GE83iP1AG_JzBFzkWJvekpMzgzLcdtUh-cFF37nTwHmqcnpF3wmhJ_AuBqJOR0LwvI%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230104%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&ancestorOrigins=null&random=4107909749249&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
138.201.84.245200 OK 512 B URL HTTP/1.1 hal900025.redintelligence.net/request.php?zone=7lb6qbnvrhza&nw=20&renderingType=javascript&namespace=f409ffaf77&subid=&uid=a07f662d0acda12e&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCOq-6S1-4Y8ntCYSw6wTPh574Asm5opxpvLTNztUP8C4QASCK_6V8YMOEgICYGMgBCakCE9TeMTugsT6oAwGqBPgBT9CaW9Fy7SNIQtYDdbQegjawsxlHel5eHToYLVXnKOKVUZNaeKfQZ70PACl8mx-TV2gSuZttHhKWBXpUe-lTUxKVF5RytYTfKyFf5aoNZiETNrz3QxONxRC59dOKE_noqZm9wMAozSwaMXe8b4xqQutUA66NUsLY8FzTjdyiCI3DNCBoXh4Qjd1jLtPtv1zgBEKvYPbivFj3nSFwdGwz4exl25rBQQNwNc6m6Ke-9rywF53xT3LSMAEyIph8g9WsxAYUJiItP9grcUv9ApUgdtxJpGDqegZAhaKheu7U0y0a5zIkaHDnjabYYgKXyLRyJ8xDS7s4ISvABMG9lPzzA-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggSCIjhgBAQARgfMgOqggE6AoBAgAoBmAsByAsBgAwBsBOcos0O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSPgDq26N91ZORUxiS-FEDwQFB8U_xFCupGZOSPVUAr-Anbv752aIC49bMA2ZtlA6HgOfOtOwE6jGUBj_gEOw_GAEgEw%26sig%3DAOD64_1b4azVT_8mTXKjTjEk5gtTuSoFbQ%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-BBaSvM6pH_O5B0av0HaAm5r1aFH_BJ7IYAsGcF0C7sY3TRMn9T3qODLVj3-yWiaHkrIAddwfCLQh24QBiRoBF6qqh9SpYt6OEQswThBrRxmhI7EXP-sC4QAWJmWFHHDY0h64gRkqB6hW7nR7Fm3ots9T7bm_IL4g3gp71FHgkSXOYpqD8%26cry%3D1%26dbm_d%3DAKAmf-AdVUwB5UDE-9ir_wbtJTxyrUOQEv3H7rdiiwbbG1xclTAtNFyu9wDI4hs2f-Z-_3X7sC6yehtq5wmWL_1NJamQSMhCTJrb0VFSNfPTU1LfqLiv7U-FiAX8LHKDDtYRJ5y5dC2M43lFb2nnK2fMiZIiY8kDBqYy9cpqZHjaAvLRPVFeIH2XWAIdK5gtUgiPu15uTM2axjmFvSfTMkR2raxTbJz6slbXNiVdQUawaRC7kuJRt2GXrOZdSGRmF2i3KrI2r46IcLyI_Meyi2cE4-A4JUkPQh9xMIHfAicBiUCUuVrMXvUS7Xjl6IRsPKySxqxoALS_WBUKMoyUgTkz_ALdxYLuVmPuqJ_R2Wx4sE13X-CGg97PtqutBgmjjlGkxCmKIiQQfpMpaO6d2RlJXRbzB7UcymzWfNv3I6eRwKaeSrsbLZHG1YjggszldNjwqwbF2aaDISBhRfzb6zUuPrz6G0RuSOfrZM6SZj1uT5sMaIR9M7B0UdHoNQBL_Bb4mODLAIo57tBcdrclXO8pN8m2biW3s17DrJC0-gLkDnLDpZmm_GE83iP1AG_JzBFzkWJvekpMzgzLcdtUh-cFF37nTwHmqcnpF3wmhJ_AuBqJOR0LwvI%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230104%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&ancestorOrigins=null&random=4107909749249&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
IP 138.201.84.245:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash c32c5abc6dea6635e50949fefa6fb0af
4a41d02b80fc85f4405ec860d201f5b77e189190
68d6f2cb0105c144ca364cf866548fd79e53760e62de1de8fcce47387652389c
GET /request.php?zone=7lb6qbnvrhza&nw=20&renderingType=javascript&namespace=f409ffaf77&subid=&uid=a07f662d0acda12e&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCOq-6S1-4Y8ntCYSw6wTPh574Asm5opxpvLTNztUP8C4QASCK_6V8YMOEgICYGMgBCakCE9TeMTugsT6oAwGqBPgBT9CaW9Fy7SNIQtYDdbQegjawsxlHel5eHToYLVXnKOKVUZNaeKfQZ70PACl8mx-TV2gSuZttHhKWBXpUe-lTUxKVF5RytYTfKyFf5aoNZiETNrz3QxONxRC59dOKE_noqZm9wMAozSwaMXe8b4xqQutUA66NUsLY8FzTjdyiCI3DNCBoXh4Qjd1jLtPtv1zgBEKvYPbivFj3nSFwdGwz4exl25rBQQNwNc6m6Ke-9rywF53xT3LSMAEyIph8g9WsxAYUJiItP9grcUv9ApUgdtxJpGDqegZAhaKheu7U0y0a5zIkaHDnjabYYgKXyLRyJ8xDS7s4ISvABMG9lPzzA-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggSCIjhgBAQARgfMgOqggE6AoBAgAoBmAsByAsBgAwBsBOcos0O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSPgDq26N91ZORUxiS-FEDwQFB8U_xFCupGZOSPVUAr-Anbv752aIC49bMA2ZtlA6HgOfOtOwE6jGUBj_gEOw_GAEgEw%26sig%3DAOD64_1b4azVT_8mTXKjTjEk5gtTuSoFbQ%26client%3Dca-pub-3146060301369196%26dbm_c%3DAKAmf-BBaSvM6pH_O5B0av0HaAm5r1aFH_BJ7IYAsGcF0C7sY3TRMn9T3qODLVj3-yWiaHkrIAddwfCLQh24QBiRoBF6qqh9SpYt6OEQswThBrRxmhI7EXP-sC4QAWJmWFHHDY0h64gRkqB6hW7nR7Fm3ots9T7bm_IL4g3gp71FHgkSXOYpqD8%26cry%3D1%26dbm_d%3DAKAmf-AdVUwB5UDE-9ir_wbtJTxyrUOQEv3H7rdiiwbbG1xclTAtNFyu9wDI4hs2f-Z-_3X7sC6yehtq5wmWL_1NJamQSMhCTJrb0VFSNfPTU1LfqLiv7U-FiAX8LHKDDtYRJ5y5dC2M43lFb2nnK2fMiZIiY8kDBqYy9cpqZHjaAvLRPVFeIH2XWAIdK5gtUgiPu15uTM2axjmFvSfTMkR2raxTbJz6slbXNiVdQUawaRC7kuJRt2GXrOZdSGRmF2i3KrI2r46IcLyI_Meyi2cE4-A4JUkPQh9xMIHfAicBiUCUuVrMXvUS7Xjl6IRsPKySxqxoALS_WBUKMoyUgTkz_ALdxYLuVmPuqJ_R2Wx4sE13X-CGg97PtqutBgmjjlGkxCmKIiQQfpMpaO6d2RlJXRbzB7UcymzWfNv3I6eRwKaeSrsbLZHG1YjggszldNjwqwbF2aaDISBhRfzb6zUuPrz6G0RuSOfrZM6SZj1uT5sMaIR9M7B0UdHoNQBL_Bb4mODLAIo57tBcdrclXO8pN8m2biW3s17DrJC0-gLkDnLDpZmm_GE83iP1AG_JzBFzkWJvekpMzgzLcdtUh-cFF37nTwHmqcnpF3wmhJ_AuBqJOR0LwvI%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230104%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&ancestorOrigins=null&random=4107909749249&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1 HTTP/1.1
Host: hal900025.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://googleads.g.doubleclick.net/
Connection: keep-alive
Cookie: 8lcfmzhxc8d6_uid=f78d4bce1cc8abb4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 06 Jan 2023 17:50:04 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Fri, 06 Jan 2023 17:50:04 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 8lcfmzhxc8d6_uid=f78d4bce1cc8abb4; expires=Thu, 06-Apr-2023 17:50:04 GMT; Max-Age=7776000; path=/; domain=.redintelligence.net; secure; SameSite=None
X-NEORY-SubId: 29124400156316304438316012196025
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 512
Connection: close
Content-Type: application/x-javascript; charset=utf-8
hal900025.redintelligence.net/request_content.php?s=29124400156316304438316012196025&a=faca977d
138.201.84.245200 OK 1.5 kB URL HTTP/1.1 hal900025.redintelligence.net/request_content.php?s=29124400156316304438316012196025&a=faca977d
IP 138.201.84.245:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash a473aa5e17e7ed4bfab027c749b403d2
6d21c9c45367c48901eff4f9044600d06ddc494e
55bf0487e06a0c1c8aca74bfe37fafc59c61acf4b1007f6849ab7473030133c0
GET /request_content.php?s=29124400156316304438316012196025&a=faca977d HTTP/1.1
Host: hal900025.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Cookie: 8lcfmzhxc8d6_uid=f78d4bce1cc8abb4
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 06 Jan 2023 17:50:05 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Fri, 06 Jan 2023 17:50:05 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1500
Connection: close
Content-Type: text/html; charset=utf-8
hal900025.redintelligence.net/viewability?s=29124400156316304438316012196025&a=3e7b6f85&vb=m
138.201.84.245200 OK 0 B URL HTTP/1.1 hal900025.redintelligence.net/viewability?s=29124400156316304438316012196025&a=3e7b6f85&vb=m
IP 138.201.84.245:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /viewability?s=29124400156316304438316012196025&a=3e7b6f85&vb=m HTTP/1.1
Host: hal900025.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal900025.redintelligence.net/request_content.php?s=29124400156316304438316012196025&a=faca977d
Cookie: 8lcfmzhxc8d6_uid=f78d4bce1cc8abb4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 06 Jan 2023 17:50:05 GMT
Server: Apache
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
cdn.contentspread.net/24i/content/soberfb/EN/S-728x90.gif
88.99.65.215200 OK 24 kB URL HTTP/1.1 cdn.contentspread.net/24i/content/soberfb/EN/S-728x90.gif
IP 88.99.65.215:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 728 x 90\012- data
Hash 16d604b22cf44e876b2c8f5a80b9fe18
42bc165a33da7671c208a66a0e9f3635cfe0d0bc
bb7af425c43258678e12b76bf22f6eaab51fd7dfd6e285131a86a3002d547ee9
GET /24i/content/soberfb/EN/S-728x90.gif HTTP/1.1
Host: cdn.contentspread.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal900025.redintelligence.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 06 Jan 2023 17:50:05 GMT
Content-Type: image/gif
Content-Length: 24505
Last-Modified: Mon, 23 Jul 2018 15:19:29 GMT
Connection: close
ETag: "5b55f201-5fb9"
Accept-Ranges: bytes
usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
65.109.18.14200 OK 0 B URL HTTP/2 usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert quad9 Sinkholed
GET /error?e=File+can+not+be+located%2C+please+try+again+later. HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, no-cache
date: Fri, 06 Jan 2023 17:50:01 GMT
X-Firefox-Spdy: h2
usaupload.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js
65.109.18.14200 OK 0 B URL HTTP/2 usaupload.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/spirit/assets/frontend/js/jquery.dataTables.min.js HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=fdmqtvp72df8un4hulga9n67ua
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 17:50:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 69604
last-modified: Mon, 28 Sep 2020 14:26:40 GMT
etag: "5f71f2a0-10fe4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.googleapis.com/icon?family=Material+Icons
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/icon?family=Material+Icons
IP 142.250.74.74:0
GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 06 Jan 2023 17:50:02 GMT
date: Fri, 06 Jan 2023 17:50:02 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
usaupload.com/5zse/ganpower.7z?download_token=2098749686dbf7e0dd0235eea5780fd848b499d9d01160d8373a2e82a99ce885
65.109.18.14302 Found 0 B URL HTTP/2 usaupload.com/5zse/ganpower.7z?download_token=2098749686dbf7e0dd0235eea5780fd848b499d9d01160d8373a2e82a99ce885
IP 65.109.18.14:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert quad9 Sinkholed
GET /5zse/ganpower.7z?download_token=2098749686dbf7e0dd0235eea5780fd848b499d9d01160d8373a2e82a99ce885 HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
content-type: text/html; charset=UTF-8
location: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
set-cookie: filehosting=fdmqtvp72df8un4hulga9n67ua; expires=Sat, 07-Jan-2023 17:50:01 GMT; Max-Age=86400; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, no-cache
date: Fri, 06 Jan 2023 17:50:01 GMT
X-Firefox-Spdy: h2