r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3648
Expires: Sun, 27 Nov 2022 20:06:38 GMT
Date: Sun, 27 Nov 2022 19:05:50 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4401
Cache-Control: max-age=146324
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 19:05:50 GMT
Etag: "63833c71-1d7"
Expires: Tue, 29 Nov 2022 11:44:34 GMT
Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
sh.st/ve1cO
172.67.68.250200 OK 30 kB IP 172.67.68.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (16096), with CRLF, LF line terminators
Hash 3e38e62adbd4db68458a5065f35423fe
eb41a5368a9866f0fd7e0662f88f6a5c01484d05
f30c820151baaa6a1123d55b604daeb6ad2f0661fd83d0be43df839863c27fcd
GET /ve1cO HTTP/1.1
Host: sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 19:05:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40-0+deb8u15
Set-Cookie: PHPSESSID=s3ob1it4gacg4lmhls7nbcv655; expires=Sun, 27-Nov-2022 20:05:50 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
hl=en; expires=Mon, 27-Nov-2023 19:05:50 GMT; Max-Age=31536000; path=/
cookies-enable=1; path=/; httponly
Cache-Control: no-cache
X-Frame-Options: DENY
X-Server-ID: shn05
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cmr0iIdVgF5XxiIL71dKhp5M0OwJIzzoSQHDbJhDyGbfItw0OUXiv7PC9G9vJ0pVMYTPkdby9Rk5%2FgMJ2CIF1%2B4WyjVtzaGr6XS51SzrcKaHVSjXKgaH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 770d233a0cc40b45-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 18:19:23 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2787
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9265
Expires: Sun, 27 Nov 2022 21:40:15 GMT
Date: Sun, 27 Nov 2022 19:05:50 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: j8Lt7UaOz4VxgwxviCtLeLXgghOjKBiDTQ8tdVr0mgBMsP5AXnNn+nZmCyx4LpNwUl4iJNkQ9o8=
x-amz-request-id: T18ZZKWGRKTTP83D
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 18:41:44 GMT
age: 1446
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 19:05:50 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
104.26.7.218200 OK 25 kB URL HTTP/1.1 static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
IP 104.26.7.218:0
File type Unicode text, UTF-8 text, with very long lines (20454)
Hash f7baccd666678569795749f591a8a75a
f3d8c85e9290ec755535df4edd5a91de44f3dc2c
553836bd994a93741a17b68582f4f24d0882ebf4e8da8c9d9e7a74f1c57f7acc
GET /js/packed/interstitial-page.js?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 19:05:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
Cf-Bgj: minify
Cf-Polished: origSize=102880
ETag: W/"62bc140d-191e0"
Expires: Mon, 28 Nov 2022 16:11:55 GMT
Last-Modified: Wed, 29 Jun 2022 08:57:49 GMT
Vary: Accept-Encoding
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
CF-Cache-Status: HIT
Age: 10435
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CY%2F3snzGxk6vHPBAvJYggVz3mgk4g18UD5enDF4QrDlY1qyeKbB%2FA7APf82olDdAE48llhuCFFQ8ntDEaQO2giJ9ocuK2ajxRHCiT6F%2FK9qYa0C78GTO1a%2BvnYoa%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 770d233c68ff1bfe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 19:05:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f14e28baefcff68beb07e17617d91ab3
0c73ec8027e7276162f6d80054f4c709260cfa23
3ce4af0f0db18399bc8e184042f557a851cda9910e6fdc6e013eaa1b75b9d5ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3CE4AF0F0DB18399BC8E184042F557A851CDA9910E6FDC6E013EAA1B75B9D5ED"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16632
Expires: Sun, 27 Nov 2022 23:43:02 GMT
Date: Sun, 27 Nov 2022 19:05:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6e76d2f640d0539162d41f627114498
eb97432ae648698cfe727cf84f9e813a34f00964
6309e4dba86564ee58c3bbb27085d1e32da4ff96002a8b3bee5a065824690cd0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6309E4DBA86564EE58C3BBB27085D1E32DA4FF96002A8B3BEE5A065824690CD0"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12342
Expires: Sun, 27 Nov 2022 22:31:32 GMT
Date: Sun, 27 Nov 2022 19:05:50 GMT
Connection: keep-alive
static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
104.26.7.218200 OK 6.2 kB URL HTTP/1.1 static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
IP 104.26.7.218:0
File type PNG image data, 249 x 62, 8-bit/color RGBA, non-interlaced\012- data
Hash 9ca44d211b1779ef13c1f7406a76c1ff
8b5ab1222409a144c8f1d3bd2a098985bd0bcba7
fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001
GET /b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 19:05:50 GMT
Content-Type: image/png
Content-Length: 6226
Connection: keep-alive
Last-Modified: Fri, 17 Jul 2015 13:29:04 GMT
ETag: "55a90320-1852"
X-Server-ID: shn01
X-UA-Compatible: IE=Edge
Expires: Mon, 28 Nov 2022 10:29:42 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 30968
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cv05zFtVGQrbOrQtVZ9DV%2FCGOnysmaSOxvVUem3%2F4636t0FlzEg7rlIeHAIASNeBsG%2FtRJhzKBiEnn%2FUTg39s8z%2FAiKy935sdLQzGIl4UdlJnOzPdqoVcbjtwYgUuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770d233cf9ae1bfe-OSL
alt-svc: h2=":443"; ma=60
static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
104.26.7.218200 OK 84 kB URL HTTP/1.1 static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
IP 104.26.7.218:0
File type PNG image data, 1000 x 2704, 8-bit colormap, non-interlaced\012- data
Hash 0eb6767d5ee6d6e7b3884a01b7730c80
4bc5d39918bcea70e852e0fb7b3d15caf0993434
8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d
GET /bundles/smeweb/img/widget-sprite.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 19:05:50 GMT
Content-Type: image/png
Content-Length: 84545
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:53 GMT
ETag: "62bc13d5-14a41"
X-Server-ID: shn09
X-UA-Compatible: IE=Edge
Expires: Mon, 28 Nov 2022 11:14:10 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 28300
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a5ad0nGiN22vh2a%2Frt9IRbmVqeI8pSL3A6ARrv1KgEukQn5gP7m%2Fuo36pLTo5D9xsUaA5ml2SsKsL3AE%2FATNgjgwa6XPR7sLKDhiVebiRiGoWh80%2Bow0iog3kOVYOw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770d233d39f81bfe-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 19:05:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sh.st/bundles/smeweb/img/tracking-292569.gif?t=1669575950
172.67.68.250200 OK 43 B URL HTTP/1.1 sh.st/bundles/smeweb/img/tracking-292569.gif?t=1669575950
IP 172.67.68.250:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /bundles/smeweb/img/tracking-292569.gif?t=1669575950 HTTP/1.1
Host: sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/ve1cO
Cookie: hl=en; cookies-enable=1
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 19:05:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn09
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FWBHIOtlnqP0G7etpqMCSPiC1FKAWMa6cN2Hrszglvosq%2B19fIZTP2lLMDW4WEakBwikBqkAyDh6sj2oqMEmaUqr9ldLoe2hMqLvA2I76H2BXELxW8GY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770d233d08890b45-OSL
alt-svc: h2=":443"; ma=60
sh.st/bundles/advertisement/img/tracking.gif?test=08022ffa4eda74e1c4bf640a6eef1b6e2a2273b5
172.67.68.250200 OK 0 B URL HTTP/1.1 sh.st/bundles/advertisement/img/tracking.gif?test=08022ffa4eda74e1c4bf640a6eef1b6e2a2273b5
IP 172.67.68.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bundles/advertisement/img/tracking.gif?test=08022ffa4eda74e1c4bf640a6eef1b6e2a2273b5 HTTP/1.1
Host: sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/ve1cO
Cookie: hl=en; cookies-enable=1
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 19:05:50 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:54 GMT
ETag: "62bc13d6-0"
X-Server-ID: shn06
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=djyGyEwTOAq3iE0EP69x8rnFwbbv6RH9MaVJAYqlWlhwwIX5wDXtFF9kb1F8KcGNgygz1care5FV%2Fw3xeHFjF9o%2FSAxIRl7V%2B07E624NNTcMJwWyrbo5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770d233cfec81c12-OSL
alt-svc: h2=":443"; ma=60
sh.st/bundles/smeweb/img/advertisement-tracking-292569.gif?t=1669575950
172.67.68.250200 OK 43 B URL HTTP/1.1 sh.st/bundles/smeweb/img/advertisement-tracking-292569.gif?t=1669575950
IP 172.67.68.250:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /bundles/smeweb/img/advertisement-tracking-292569.gif?t=1669575950 HTTP/1.1
Host: sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/ve1cO
Cookie: hl=en; cookies-enable=1
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 19:05:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn05
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FNPkJrrcuB4Z834QfyKieBnQTx2vm%2FVRJrQDQ1lIuV%2F6U45M8U6oh2S6UzruBzzAeVSNDHUjXOGZRem3gr9C1AwD7AF6vLwLc4C1NuzPpeUVFinG7JKb"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770d233cf992b517-OSL
alt-svc: h2=":443"; ma=60
ptauxofi.net/pfe/current/tag.min.js?z=4157053
139.45.197.250200 OK 6.5 kB URL HTTP/2 ptauxofi.net/pfe/current/tag.min.js?z=4157053
IP 139.45.197.250:0
Hash b51f5f2cfbc0db3d22084221cf3420e8
f847f56f688a699a2d6ef3892a70415ac3bca08f
7bec0cdfb6783b61722f3f6e2650dbbdaf8a11212b4b5d63106f86d9a2b853e2
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/tag.min.js?z=4157053 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 19:05:50 GMT
content-type: application/javascript
last-modified: Thu, 24 Nov 2022 15:53:54 GMT
etag: W/"637f9392-39be"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
ubbfpm.com/ms/1102360/inpage.js
95.216.206.230200 OK 137 kB URL HTTP/1.1 ubbfpm.com/ms/1102360/inpage.js
IP 95.216.206.230:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (65536), with no line terminators
Size 137 kB (136908 bytes)
Hash be2b696f59791e6ccae3a48be2620c17
31d3b5bb6c2b82235662a8676287a5058d972dca
48e38d39d50c33cd356530d3aa9fe1982ff0a4b1dd0b63ab850bcd02b78a7602
GET /ms/1102360/inpage.js HTTP/1.1
Host: ubbfpm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Nov 2022 19:05:50 GMT
Content-Type: application/javascript
Content-Length: 136908
Last-Modified: Wed, 23 Nov 2022 08:07:37 GMT
Connection: keep-alive
ETag: "637dd4c9-216cc"
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Referrer-Policy: strict-origin
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 19:05:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
216.58.207.195200 OK 46 kB URL HTTP/2 fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Hash c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://sh.st
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 21:13:13 GMT
expires: Tue, 21 Nov 2023 21:13:13 GMT
cache-control: public, max-age=31536000
age: 510758
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 19:05:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 19:05:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
142.250.74.168200 OK 38 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 515847c135fcee74e1c0f9c4271b0c98
d8947a5e4328a524c2c06e0548efef5b3d0382c9
8a950e6d93316fba6dd87a60fb7881e9867e1e24b5f8afbd18fae832bb4f3a0a
GET /gtm.js?id=GTM-5SFMWPJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Nov 2022 19:05:51 GMT
expires: Sun, 27 Nov 2022 19:05:51 GMT
cache-control: private, max-age=900
last-modified: Sun, 27 Nov 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 38022
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ja.rewashwudu.com/fmwhVStpL4dxap/46223
172.255.6.153200 OK 26 B URL HTTP/1.1 ja.rewashwudu.com/fmwhVStpL4dxap/46223
IP 172.255.6.153:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /fmwhVStpL4dxap/46223 HTTP/1.1
Host: ja.rewashwudu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Nov 2022 19:05:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://sh.st
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Mon, 28-Nov-2022 19:05:51 GMT; Max-Age=86400; path=/
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Mon, 28-Nov-2022 19:05:51 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 19:05:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c
142.250.74.168200 OK 53 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash a41bede920705a8f1fc0429ba5bfc962
a40c5af4fb7fef31d322a486be55bd66b93940fe
d633d623ff72ee113e87e3a420e0d022ffc1732be918addabe1e12ef5b1dfcc2
GET /gtag/js?id=AW-997869120&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Nov 2022 19:05:51 GMT
expires: Sun, 27 Nov 2022 19:05:51 GMT
cache-control: private, max-age=900
last-modified: Sun, 27 Nov 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 53027
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 18:08:54 GMT
cache-control: public,max-age=3600
age: 3417
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js
173.233.137.52200 OK 21 kB URL HTTP/1.1 endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js
IP 173.233.137.52:0
File type HTML document, ASCII text, with very long lines (60208), with no line terminators
Hash 09d53ef923af3f49970c42c1d3270d61
92744ddc1a58469f2715bfd79be0972200b49d64
867ca3bfef7a4e30a46a3c4f43e7b62641ce57f6b544041a7535cdf3b2c148e0
Analyzer Verdict Alert quad9 Sinkholed
GET /34/c6/b3/34c6b37755370ea4318f4ff4946df449.js HTTP/1.1
Host: endangersquarereducing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 19:05:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 03ab7d57cc860d202feaf6c766ae631c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5397
Cache-Control: max-age=142258
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 19:05:51 GMT
Etag: "638328ac-1d7"
Expires: Tue, 29 Nov 2022 10:36:49 GMT
Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
sh.st/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669564800
172.67.68.250200 OK 17 kB URL HTTP/1.1 sh.st/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669564800
IP 172.67.68.250:0
File type ASCII text, with very long lines (34915), with no line terminators
Hash 2b38f1668ca04879788f799e677a8879
2a81ce6fc809d3deec24c1e6f640c27f8698aa0c
1a4108c2180575bf1bdd6512d56e772b6f661aef99265aa54dec4c85ef87d1a2
GET /cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669564800 HTTP/1.1
Host: sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: hl=en; cookies-enable=1; _gcl_au=1.1.979809205.1669575951
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 19:05:51 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-control-type-options: nosniff
content-encoding: gzip
cache-control: max-age=14400, public
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tK4o99kFuXu%2FyfWRrN9AQ8BwUs0ULm4jkAGV7EPE4nX369%2FdEQvLOns0JxZAcWVSv4wQcv4hAVnCjXFGTm7guZzq%2BJ5IPGSiPA617sbmVdJmQtIvYStS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 770d23411f9bb517-OSL
alt-svc: h2=":443"; ma=60
ja.rewashwudu.com/fmwhVStpL4dxap/46223
172.255.6.153200 OK 26 B URL HTTP/1.1 ja.rewashwudu.com/fmwhVStpL4dxap/46223
IP 172.255.6.153:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /fmwhVStpL4dxap/46223 HTTP/1.1
Host: ja.rewashwudu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Nov 2022 19:05:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://sh.st
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Mon, 28-Nov-2022 19:05:51 GMT; Max-Age=86400; path=/
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Mon, 28-Nov-2022 19:05:51 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 8781ef7b81ea378c87b9b75e52115397
df3106ed152971215d454459c4e7ad93559aa4ca
e44e3b4621bc2e63c4b7a69aee8cf240a496c5d1cdef6b26f5a6036c0e3007a1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=158988
Date: Sun, 27 Nov 2022 19:05:51 GMT
Etag: "63836697-1d7"
Expires: Tue, 29 Nov 2022 15:15:39 GMT
Last-Modified: Sun, 27 Nov 2022 13:31:03 GMT
Server: ECS (bsa/EB1D)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: oJJkRY7EkHuc5WbK7gedsk1x9xuIl2OvtFeQ_sLfcHuISgJ3Fc4nJw==
Age: 6276
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 07a92bcbf751d398eb9c97825f681a13
228758f4236e745d6600752b0fec93754a4cf9de
e8b4c405e82ab088dfd45547b54c07d885886da15bd3277f4c09221d5c480939
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://sh.st
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 19:05:51 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://sh.st
access-control-allow-credentials: true
set-cookie: uid_id2=24f61156-1d77-4601-96e2-7548f8f9c765:2:1; expires=Wed, 24 Nov 2032 19:05:51 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
integrityprinciplesthorough.com/pixel/purst?dl=0&th=0&sc=0&rs=1044&rd=1044&fd=667&bv=22.10.v.9&tmpl=70
192.243.59.12200 OK 0 B URL HTTP/1.1 integrityprinciplesthorough.com/pixel/purst?dl=0&th=0&sc=0&rs=1044&rd=1044&fd=667&bv=22.10.v.9&tmpl=70
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1044&rd=1044&fd=667&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: integrityprinciplesthorough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 27 Nov 2022 19:05:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
addresseepaper.com/sfp.js
34.160.73.230429 Too Many Requests 298 B URL HTTP/1.1 addresseepaper.com/sfp.js
IP 34.160.73.230:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 2d276fc22806d34e2355196fe7bea1f3
0f2c85ecd7a43e866345fd0eafe5e0fdd4aa7acf
9e522902dee04e1345219cee056a1a291ba4eca674870853ab05f3579875ff38
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/
HTTP/1.1 429 Too Many Requests
Server: openresty
Date: Sun, 27 Nov 2022 19:05:51 GMT
Content-Type: text/html
Content-Length: 298
ETag: "6382c3e0-12a"
Via: 1.1 google
ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=sh.st&var=&ymid=&var_3=
139.45.197.250200 OK 733 B URL HTTP/2 ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=sh.st&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (732)
Hash f67150cc712a448bcf76d68850b93cb9
8ce4c176090f33a371e85073b3a942cac3c9423e
7c48711e2703467d7defd547d9c09a7b423191b7f862be0b04b2c6a6fd7add2f
Analyzer Verdict Alert quad9 Sinkholed
GET /zone?pub=0&zone_id=4157053&is_mobile=false&domain=sh.st&var=&ymid=&var_3= HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sh.st/
Origin: http://sh.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 19:05:51 GMT
content-type: application/json; charset=utf-8
content-length: 733
x-trace-id: 98538af1b559a698154ad57def386b56
access-control-allow-origin: http://sh.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
integrityprinciplesthorough.com/08/26/66/0826667673c6afa9f85340ed4fc8ef57.js
192.243.59.12200 OK 13 kB URL HTTP/1.1 integrityprinciplesthorough.com/08/26/66/0826667673c6afa9f85340ed4fc8ef57.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37138), with no line terminators
Hash ca399a4accef94c8023c1c44a120be80
fc030734465b1b56b47933115afa4782cbe083f7
1aa867ca857d0bc567dc42a9ef0452101592ef144c825295478aff8b32b3aef8
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /08/26/66/0826667673c6afa9f85340ed4fc8ef57.js HTTP/1.1
Host: integrityprinciplesthorough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 27 Nov 2022 19:05:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 84c1d50c324770c29cc78de1c1f5e037
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE3MjA3MSwid2lkIjozOTkwODAsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL3NoLnN0L3ZlMWNP&inc=0
185.162.85.14200 OK 0 B URL HTTP/2 prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE3MjA3MSwid2lkIjozOTkwODAsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL3NoLnN0L3ZlMWNP&inc=0
IP 185.162.85.14:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE3MjA3MSwid2lkIjozOTkwODAsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL3NoLnN0L3ZlMWNP&inc=0 HTTP/1.1
Host: prhzxq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sh.st/
Origin: http://sh.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 27 Nov 2022 19:05:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.41.252.32101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.252.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kVK1/rWdhj1ulLaMuXIqgg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Po0E/TEtmNGvkHUCcR2mHKX48qc=
ptauxofi.net/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
OPTIONS /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://sh.st/
Origin: http://sh.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 19:05:51 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://sh.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
ptauxofi.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sh.st/
Content-Type: application/json
Origin: http://sh.st
Content-Length: 347
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 19:05:51 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 94c9933dbee10dc6b280943a77550af2
access-control-allow-origin: http://sh.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
104.21.234.93200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 104.21.234.93:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 19:05:51 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 5f29d3aefc78dce277e88e2d3ceef6f5
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sun, 27 Nov 2022 19:05:51 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e5nxxyoqQsJlJ8QhTdLuT%2BxTKfRkY%2FzxCMDkFbv7nVUfoyu%2BBi4HP2hNpdKECgnBjK%2BFRHJlkkAHlCnG7Z6L4gl56nsmvwBhUOpdQiTXze%2FJNcum402JOeRECQUUnczDtZTATxw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770d2342983a76a3-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e413346bdf4cea48847886fc7871e4d8
5d89ec3ae90ebf5069321bfc6fb0abeff77db028
85398a907af9d7c7041b28ec00595c5056ee3ecb51d9f09e4e75b6bfa0859d84
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85398A907AF9D7C7041B28EC00595C5056EE3ECB51D9F09E4E75B6BFA0859D84"
Last-Modified: Sat, 26 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5789
Expires: Sun, 27 Nov 2022 20:42:20 GMT
Date: Sun, 27 Nov 2022 19:05:51 GMT
Connection: keep-alive
my.rtmark.net/gid.js?pub=0&userId=0385e09e9f434a14bd92fa1831313a8e&zoneId=4157053&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=0385e09e9f434a14bd92fa1831313a8e&zoneId=4157053&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 9ec1c606ca74a46c0f746712359b499c
b37b1c97837369f4306ede23f80d6ebf4aab384e
e9e02f2a019db914365d0a76310ab62036c9b29e92a44e2ef522b6e291d08b04
GET /gid.js?pub=0&userId=0385e09e9f434a14bd92fa1831313a8e&zoneId=4157053&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sh.st/
Origin: http://sh.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 19:05:51 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://sh.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0385e09e9f434a14bd92fa1831313a8e; expires=Mon, 27 Nov 2023 19:05:51 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/1.1 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 20039
Date: Sun, 27 Nov 2022 18:22:56 GMT
Expires: Sun, 27 Nov 2022 20:22:56 GMT
Cache-Control: public, max-age=7200
Age: 2576
Last-Modified: Tue, 27 Sep 2022 22:01:05 GMT
Content-Type: text/javascript
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 19:05:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 944182230fb3dee3672e31304d1362d5
b3eb80e7b3acd88c1cb8e0f9a008ed47508f1e06
ecc643605e8977b32cacc521e9a315615f20618e0953f8101b90d937aebfd80b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2839
Cache-Control: max-age=136849
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 19:05:52 GMT
Etag: "63831d8a-118"
Expires: Tue, 29 Nov 2022 09:06:41 GMT
Last-Modified: Sun, 27 Nov 2022 08:19:22 GMT
Server: ECS (amb/6B9C)
X-Cache: HIT
Content-Length: 280
googleads.g.doubleclick.net/pagead/viewthroughconversion/997869120/?random=1669575950937&cv=11&fst=1669575950937&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fsh.st%2Fve1cO&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&auid=979809205.1669575951&data=event%3Dgtag.config&rfmt=3&fmt=4
172.217.21.162200 OK 918 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/997869120/?random=1669575950937&cv=11&fst=1669575950937&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fsh.st%2Fve1cO&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&auid=979809205.1669575951&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 172.217.21.162:0
File type ASCII text, with very long lines (2007), with no line terminators
Hash 5601214e02884fcac1b5b76cbea25fd3
5b8fafe969bf0cd37bd13e974ac9678d76555395
0bce47311609cb2c056b576a84daeb656b60351b47eab3e066691700d0b7394d
GET /pagead/viewthroughconversion/997869120/?random=1669575950937&cv=11&fst=1669575950937&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fsh.st%2Fve1cO&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&auid=979809205.1669575951&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 27 Nov 2022 19:05:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 918
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 27-Nov-2022 19:20:52 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 19:05:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ptauxofi.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sh.st/
Content-Type: application/json
Origin: http://sh.st
Content-Length: 348
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 19:05:52 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 0ef5fe406ecb9a47c85af2aee24b5a07
access-control-allow-origin: http://sh.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
banquetunarmedgrater.com/advertisers.js
192.243.61.225200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 27 Nov 2022 19:05:52 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 117cf3a96481343fdee695316a8bbbbe
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash d3c9b092aee5820bdab6595daad65d61
89e983faeedf25b3e15696f9bf6dbf76feb07868
58d24c4dde4a578c2c0191a19a5a42bdcb5be03b21a1907f60c8deaee78b7331
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 19:05:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9f6cc8d3fe9092a6d3901e873a87fd87
2e0aac117a4cc57596efb3d6f6624c269f94b031
e73982e62b92abac3d15b161f4525448cc2bc8b9bacefdcbfc6f87b74ec372e4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 19:05:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j98&a=581943029&t=pageview&_s=1&dl=http%3A%2F%2Fsh.st%2Fve1cO&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1152x836&je=0&_u=YEBAAAABAAAAAC~&jid=2121031776&gjid=1604051600&cid=144271833.1669575952&uid=292569&tid=UA-42296749-1&_gid=1955259117.1669575952&_r=1&_slc=1&cd2=2022-06-29.0&cd7=292569&cd5=0&z=1966947212
142.250.74.174200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=581943029&t=pageview&_s=1&dl=http%3A%2F%2Fsh.st%2Fve1cO&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1152x836&je=0&_u=YEBAAAABAAAAAC~&jid=2121031776&gjid=1604051600&cid=144271833.1669575952&uid=292569&tid=UA-42296749-1&_gid=1955259117.1669575952&_r=1&_slc=1&cd2=2022-06-29.0&cd7=292569&cd5=0&z=1966947212
IP 142.250.74.174:0
File type ASCII text, with no line terminators
Hash 38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
POST /j/collect?v=1&_v=j98&a=581943029&t=pageview&_s=1&dl=http%3A%2F%2Fsh.st%2Fve1cO&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1152x836&je=0&_u=YEBAAAABAAAAAC~&jid=2121031776&gjid=1604051600&cid=144271833.1669575952&uid=292569&tid=UA-42296749-1&_gid=1955259117.1669575952&_r=1&_slc=1&cd2=2022-06-29.0&cd7=292569&cd5=0&z=1966947212 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://sh.st
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://sh.st
date: Sun, 27 Nov 2022 19:05:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/997869120/?random=1669575950937&cv=11&fst=1669575600000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsh.st%2Fve1cO&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3593134218&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/997869120/?random=1669575950937&cv=11&fst=1669575600000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsh.st%2Fve1cO&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3593134218&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/997869120/?random=1669575950937&cv=11&fst=1669575600000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsh.st%2Fve1cO&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3593134218&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 27 Nov 2022 19:05:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.shorte.st/bundles/smeweb/img/favicon.ico?2022-06-29.0
172.67.74.33200 OK 2.3 kB URL HTTP/2 static.shorte.st/bundles/smeweb/img/favicon.ico?2022-06-29.0
IP 172.67.74.33:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash f93cb7a2ad53b3b14e42412e79b7d485
cf8760da6eb643df6fbf21dff669b4151b3891c1
fa3410c1a4de9940b3af4c411f5b921d00b3d76f52c7e40c8612944242f8ccf7
GET /bundles/smeweb/img/favicon.ico?2022-06-29.0 HTTP/1.1
Host: static.shorte.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 19:05:52 GMT
content-type: image/x-icon
last-modified: Wed, 29 Jun 2022 08:56:53 GMT
etag: W/"62bc13d5-a07"
x-server-id: shn09
x-ua-compatible: IE=Edge
expires: Mon, 28 Nov 2022 08:26:14 GMT
cache-control: max-age=86400
cf-cache-status: HIT
age: 38378
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B8NIQ3eaMpMUlx1kjFgZK6nQB5iC9Rqc41PzsxCLzfVD6RgJjFvMYdFXbrzNS%2Bjrta7s%2FMpDB1QZWe60xFaLQEs1271%2Bo7GeVtyPP3zvYXChNYykRe%2BrTS47%2BcuR1wNXKgw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770d2344fb410b45-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash d3c9b092aee5820bdab6595daad65d61
89e983faeedf25b3e15696f9bf6dbf76feb07868
58d24c4dde4a578c2c0191a19a5a42bdcb5be03b21a1907f60c8deaee78b7331
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 19:05:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ptauxofi.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sh.st/
Content-Type: application/json
Origin: http://sh.st
Content-Length: 584
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 19:05:52 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 3039e22f9a7c064fceff983a97f3e93e
access-control-allow-origin: http://sh.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 88e42375d2172305f819b892225cf877
674324641f82700172e72fe259ee2241361e2ea1
6dce3754a67df878b536c368657a492a1f908d408fe7fe5ba43c5d24c44434b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 19:05:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
js-agent.newrelic.com/nr-1216.min.js
151.101.86.137200 OK 14 kB URL HTTP/2 js-agent.newrelic.com/nr-1216.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (32022)
Hash b7c09cc097b2847f9edc784adba62dcb
5aa648623cf5e3b4b215fe5d068a7904c59f2925
6da450b6a3ba53bdab36f6529e987a245cdfca9a37b77790f06dfd8d5797bdaa
GET /nr-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Vf9xsFZHH0UI6bmTnW+KeBzegICGOxvtMLIWtbljNKoJtdkUEk/MfmbYPFui+bgtiUf/4lC5dk8=
x-amz-request-id: 4AV5AVKCCR961CNG
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "9f533d8cd24b2c5e3b4dc886ecbd43e8"
x-amz-version-id: mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sun, 27 Nov 2022 19:05:52 GMT
via: 1.1 varnish
x-served-by: cache-bma1655-BMA
x-cache: HIT
x-cache-hits: 2875
x-timer: S1669575952.429658,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 14391
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6681
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 19:05:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6681
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 19:05:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6681
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 19:05:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6681
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 19:05:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6681
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 19:05:52 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 433875a1b1fef34e45f2d8ac344c07e3
f2129466436cbbdd58abe42a47fb7af19eba58e6
ab1e7b46f3804640c7dd94d70c8c31ec2dfc3e2f0f015a8556d04d9d9089c450
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5099
x-amzn-requestid: 57648043-7820-453d-9549-0f743b6c2557
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4jFBvoAMFl1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-53b59d607b82c264180f469d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VsdLWuh4rCawI5V0YYGaHxEMl2YEVNgsbjfCwzDsrnCZhRK2FkCkVw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:41 GMT
age: 76451
etag: "f2129466436cbbdd58abe42a47fb7af19eba58e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 02:31:24 GMT
age: 59668
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 76c00eceed956377d7469ef58b0815cb
97a135335f5b1b042adeb385718f8808cb78528b
81fb72ab752b2eb39ab6ee015055304490b3b6c3259968703fd07c2a2eed1e61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7380
x-amzn-requestid: 18589644-299c-4a39-9376-db1bd1472009
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iEegIAMFeuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-23990acc0fdc599a75a534e3;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RqsZxAtbOkWBGbXJ3sZHxcS-ZvWOw7Yg2Qd4zj0QLhrp3wAXC8w6jA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:50:08 GMT
age: 76544
etag: "97a135335f5b1b042adeb385718f8808cb78528b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e97baa4851785eac92c719abf481c64
c32a57038d3cdbc514c9081c9938eca6a04fb481
adb59e982648082e5421f58899a5331b2747e9d45be33c495fbe3ab8cc872b22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8387
x-amzn-requestid: e4ce369f-7654-4c1a-94c2-70c913eb1a01
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFL0tEcqIAMFXHw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637ec01d-37bd969f4cdfe220096b8c1f;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 00:51:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: __2hrJIdzCKzhuJ_YfbSSfz-WwyIqnPugk7P6SuYSjn6b2wwm0otCw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 20:58:18 GMT
age: 79654
etag: "c32a57038d3cdbc514c9081c9938eca6a04fb481"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 741ddfb19764ac9a77509e7e87cfbfb2
308c08784ce4a0757cbd112807555b83e17a1d56
e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8817
x-amzn-requestid: 31bd21c7-1d75-4159-af51-52035da16da4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-krGE6AIAMF2Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c1b13-32a7b9c6642592c70783a0cf;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 00:42:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I6egDH0h7D08HhaoQHQ0vgghBhPfje2lGIbnWD-t7p4txzHsFxmZfg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 16:15:23 GMT
age: 10229
etag: "308c08784ce4a0757cbd112807555b83e17a1d56"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ptauxofi.net/pfe/current/universal.min.js?v=3.1.405
139.45.197.250200 OK 44 kB URL HTTP/2 ptauxofi.net/pfe/current/universal.min.js?v=3.1.405
IP 139.45.197.250:0
Hash 8cf73fdb71b62cf713bd2fd35c17dab6
29cd73f42e900dce846c19998f723acf01a40c76
9097f7f26c21a6a3359a79f56a99d99e19f7137fd0f4ea550a6fa5644e59ef0b
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/universal.min.js?v=3.1.405 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sh.st/
Origin: http://sh.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 19:05:51 GMT
content-type: application/javascript
last-modified: Thu, 24 Nov 2022 15:53:54 GMT
etag: W/"637f9392-180b9"
access-control-allow-origin: http://sh.st
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
bam.nr-data.net/1/28e0508023?a=9451001&v=1216.487a282&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=2234&ck=1&ref=http://sh.st/ve1cO&ap=94&be=383&fe=2024&dc=1228&perf=%7B%22timing%22:%7B%22of%22:1669575949934,%22n%22:0,%22f%22:-8,%22dn%22:-8,%22dne%22:-5,%22c%22:-5,%22ce%22:-4,%22rq%22:102,%22rp%22:266,%22rpe%22:299,%22dl%22:355,%22di%22:1219,%22ds%22:1227,%22de%22:1236,%22dc%22:2023,%22l%22:2023,%22le%22:2037%7D,%22navigation%22:%7B%7D%7D&fcp=630&at=GBNTEw1LGR8%3D&jsonp=NREUM.setToken
162.247.241.14402 Payment Required 2 B URL HTTP/1.1 bam.nr-data.net/1/28e0508023?a=9451001&v=1216.487a282&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=2234&ck=1&ref=http://sh.st/ve1cO&ap=94&be=383&fe=2024&dc=1228&perf=%7B%22timing%22:%7B%22of%22:1669575949934,%22n%22:0,%22f%22:-8,%22dn%22:-8,%22dne%22:-5,%22c%22:-5,%22ce%22:-4,%22rq%22:102,%22rp%22:266,%22rpe%22:299,%22dl%22:355,%22di%22:1219,%22ds%22:1227,%22de%22:1236,%22dc%22:2023,%22l%22:2023,%22le%22:2037%7D,%22navigation%22:%7B%7D%7D&fcp=630&at=GBNTEw1LGR8%3D&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /1/28e0508023?a=9451001&v=1216.487a282&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=2234&ck=1&ref=http://sh.st/ve1cO&ap=94&be=383&fe=2024&dc=1228&perf=%7B%22timing%22:%7B%22of%22:1669575949934,%22n%22:0,%22f%22:-8,%22dn%22:-8,%22dne%22:-5,%22c%22:-5,%22ce%22:-4,%22rq%22:102,%22rp%22:266,%22rpe%22:299,%22dl%22:355,%22di%22:1219,%22ds%22:1227,%22de%22:1236,%22dc%22:2023,%22l%22:2023,%22le%22:2037%7D,%22navigation%22:%7B%7D%7D&fcp=630&at=GBNTEw1LGR8%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 402 Payment Required
Date: Sun, 27 Nov 2022 19:05:52 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 2
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770d2348accefab8-OSL
unseenreport.com/pxf.gif?uuid=24f61156-1d77-4601-96e2-7548f8f9c765&eb=10f387f87b313393a6d69bc0ef8596f8&te=8a361a1ceecdc6c0004ea425d91e176f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=24f61156-1d77-4601-96e2-7548f8f9c765&eb=10f387f87b313393a6d69bc0ef8596f8&te=8a361a1ceecdc6c0004ea425d91e176f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=24f61156-1d77-4601-96e2-7548f8f9c765&eb=10f387f87b313393a6d69bc0ef8596f8&te=8a361a1ceecdc6c0004ea425d91e176f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 27 Nov 2022 19:05:53 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ea55c755c8babfaba18494dace379538
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=24f61156-1d77-4601-96e2-7548f8f9c765&eb=10f387f87b313393a6d69bc0ef8596f8&te=8a361a1ceecdc6c0004ea425d91e176f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=24f61156-1d77-4601-96e2-7548f8f9c765&eb=10f387f87b313393a6d69bc0ef8596f8&te=8a361a1ceecdc6c0004ea425d91e176f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=24f61156-1d77-4601-96e2-7548f8f9c765&eb=10f387f87b313393a6d69bc0ef8596f8&te=8a361a1ceecdc6c0004ea425d91e176f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 27 Nov 2022 19:05:53 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9f5144433f635f3f2ea29f57ba553b65
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5c0748d6b73f44e551a70bbd351fa44b
938677b2f0d2152ebb028c00d095492d4946d2ee
4e3fa15077f57b5966d4b60f2a856c9defe22ad657f6374387c83d8afe466861
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4E3FA15077F57B5966D4B60F2A856C9DEFE22AD657F6374387C83D8AFE466861"
Last-Modified: Sat, 26 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14092
Expires: Sun, 27 Nov 2022 23:00:49 GMT
Date: Sun, 27 Nov 2022 19:05:57 GMT
Connection: keep-alive
tallysaturatesnare.com/sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=24f61156-1d77-4601-96e2-7548f8f9c765%3A2%3A1
173.233.137.44200 OK 4.2 kB URL HTTP/1.1 tallysaturatesnare.com/sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=24f61156-1d77-4601-96e2-7548f8f9c765%3A2%3A1
IP 173.233.137.44:0
File type JSON data\012- , ASCII text, with very long lines (5919), with no line terminators
Hash ed59b3baf91e48f0425e2c2abede06d0
c0aa11308d83f3d151fdfd6b46dc79faf614972f
213e14ea39d1a9ed978787ed7fb1b9151665a178d857b2759ca5acb3b038d4bf
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=24f61156-1d77-4601-96e2-7548f8f9c765%3A2%3A1 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://sh.st
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 19:05:57 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://sh.st
Access-Control-Allow-Origin: http://sh.st
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17078832; expires=Mon, 28 Nov 2022 19:05:57 GMT; secure; SameSite=None
uid_id2=24f61156-1d77-4601-96e2-7548f8f9c765:2:1; expires=Sun, 04 Dec 2022 19:05:57 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 28 Nov 2022 19:05:57 GMT; secure; SameSite=None
uncs=1; expires=Mon, 28 Nov 2022 19:05:57 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 28 Nov 2022 19:05:57 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 28 Nov 2022 19:05:57 GMT; secure; SameSite=None
slec0826667673c6afa9f85340ed4fc8ef57=[3789938]; expires=Sun, 27 Nov 2022 19:06:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ed2c62087d14711c854086a554a56242
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
tallysaturatesnare.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSsW8cRRTGZ4PTQEUERQrQCVEECZ9373b37kgREUJQRIitJMgNBbMzs%2BfBszurmd3bsysLS1Y6jg5R7X1nxwpEiBRINCjWHQ1YQsoBQhbCEv8BEiIVBTr7JItX7Htvf6943%2FdmZ1gcExcFPVp5T29KpehSUHdrl1ZlynVpa7fu1jy37l6urco09C%2FX%2BrOP6b3huUHdfa32jmDreqnheq7ruV7tujQi1v2lEwqZPex49Y5b9xt1L%2FDRN%2F%2FvbeHAUge8d0wuQPLp%2BbUfHkGyMdLk62vCruc6e%2F3tpFA01wY9vv9%2Bup7qMkVyVsbGQZzuz6eh7ZSQz85Bp%2FtzBdC93ZkCRHJKnN88ROn%2BfE1Evb3TTSMFkSLiz6HsjSHUGJKOwfQ2JH9CAMZxaxlpcv%2BWNiXdOKV0Rqdk4enfkOWULPzxAtLkq6tK9mt3tCpyqVOLflxB9seQ3TGyYoJ804EsJ2D5x5D8J7L09CbSZHfZKg3Jj15t%2BHHoeUG46PFWa9EPXW%2BxE4rGYivw23E77rBWGJxYJOUYMh5DiQGoPYfCOiikgyJ2UGQOEn5Uo0Endt1WHMXNZttnjDWbjAXtkAe86bdjFwWbaRggzwZgagBmtpCZLazLAUxxALtWwXIHNifo8QqlICgtQUkJSklQ5gRlr9rjyjZsdZ8rW0TePDfmuVmNdN4d0j2dd0VKhtkxeX5mnLPwuYt1cVRz240wDFthq8lCGtNO3A6aviu4H7O2iIMWrKwg7TlQ62BTTsnF0QEyOSXnv%2F0XEZ3AqgmYfAW0eAm0HLUaLujayG%2B72Ewf2DVtclG3ObiukOULyDecoTomF0%2Bu1%2FnFQLDDK38OfzzYvqDBTIXMVPhIfk%2FQVfdGt3VJdm%2Fr0pJHy1kuE7lJZ5e9k9NcLHzxrtgoteE3rtnBgzfZDMzKh3eFzW%2FSlMu0a8mXVyXnwlzXhgny3Q27KqKVwq5dLUxaZDdX3rp%2BI8mMsFbqdAwqn3z4GExOybPJzsmbffn3HUgzhikqJMUhmQeknoBlW7DZ4ZVfx598cOmfCawmMOpsJsoclEU1Mo3o7KeSBEqc9TSqYMWZBZE4fPzXKRvae%2BgaBzTfRppU6JkKPVWBqgFs8cwoz8zhlZ%2BbJ4FIOaNIGWc3UkZ9emqtlUc1EcRuLNyGiOJOFLeoyzux34loxxOtKKAecjtl29%2B8%2BB8AAAD%2F%2FwEAAP%2F%2FAQlvzIsEAAA%3D
173.233.137.44200 OK 7 B URL HTTP/1.1 tallysaturatesnare.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSsW8cRRTGZ4PTQEUERQrQCVEECZ9373b37kgREUJQRIitJMgNBbMzs%2BfBszurmd3bsysLS1Y6jg5R7X1nxwpEiBRINCjWHQ1YQsoBQhbCEv8BEiIVBTr7JItX7Htvf6943%2FdmZ1gcExcFPVp5T29KpehSUHdrl1ZlynVpa7fu1jy37l6urco09C%2FX%2BrOP6b3huUHdfa32jmDreqnheq7ruV7tujQi1v2lEwqZPex49Y5b9xt1L%2FDRN%2F%2FvbeHAUge8d0wuQPLp%2BbUfHkGyMdLk62vCruc6e%2F3tpFA01wY9vv9%2Bup7qMkVyVsbGQZzuz6eh7ZSQz85Bp%2FtzBdC93ZkCRHJKnN88ROn%2BfE1Evb3TTSMFkSLiz6HsjSHUGJKOwfQ2JH9CAMZxaxlpcv%2BWNiXdOKV0Rqdk4enfkOWULPzxAtLkq6tK9mt3tCpyqVOLflxB9seQ3TGyYoJ804EsJ2D5x5D8J7L09CbSZHfZKg3Jj15t%2BHHoeUG46PFWa9EPXW%2BxE4rGYivw23E77rBWGJxYJOUYMh5DiQGoPYfCOiikgyJ2UGQOEn5Uo0Endt1WHMXNZttnjDWbjAXtkAe86bdjFwWbaRggzwZgagBmtpCZLazLAUxxALtWwXIHNifo8QqlICgtQUkJSklQ5gRlr9rjyjZsdZ8rW0TePDfmuVmNdN4d0j2dd0VKhtkxeX5mnLPwuYt1cVRz240wDFthq8lCGtNO3A6aviu4H7O2iIMWrKwg7TlQ62BTTsnF0QEyOSXnv%2F0XEZ3AqgmYfAW0eAm0HLUaLujayG%2B72Ewf2DVtclG3ObiukOULyDecoTomF0%2Bu1%2FnFQLDDK38OfzzYvqDBTIXMVPhIfk%2FQVfdGt3VJdm%2Fr0pJHy1kuE7lJZ5e9k9NcLHzxrtgoteE3rtnBgzfZDMzKh3eFzW%2FSlMu0a8mXVyXnwlzXhgny3Q27KqKVwq5dLUxaZDdX3rp%2BI8mMsFbqdAwqn3z4GExOybPJzsmbffn3HUgzhikqJMUhmQeknoBlW7DZ4ZVfx598cOmfCawmMOpsJsoclEU1Mo3o7KeSBEqc9TSqYMWZBZE4fPzXKRvae%2BgaBzTfRppU6JkKPVWBqgFs8cwoz8zhlZ%2BbJ4FIOaNIGWc3UkZ9emqtlUc1EcRuLNyGiOJOFLeoyzux34loxxOtKKAecjtl29%2B8%2BB8AAAD%2F%2FwEAAP%2F%2FAQlvzIsEAAA%3D
IP 173.233.137.44:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSsW8cRRTGZ4PTQEUERQrQCVEECZ9373b37kgREUJQRIitJMgNBbMzs%2BfBszurmd3bsysLS1Y6jg5R7X1nxwpEiBRINCjWHQ1YQsoBQhbCEv8BEiIVBTr7JItX7Htvf6943%2FdmZ1gcExcFPVp5T29KpehSUHdrl1ZlynVpa7fu1jy37l6urco09C%2FX%2BrOP6b3huUHdfa32jmDreqnheq7ruV7tujQi1v2lEwqZPex49Y5b9xt1L%2FDRN%2F%2FvbeHAUge8d0wuQPLp%2BbUfHkGyMdLk62vCruc6e%2F3tpFA01wY9vv9%2Bup7qMkVyVsbGQZzuz6eh7ZSQz85Bp%2FtzBdC93ZkCRHJKnN88ROn%2BfE1Evb3TTSMFkSLiz6HsjSHUGJKOwfQ2JH9CAMZxaxlpcv%2BWNiXdOKV0Rqdk4enfkOWULPzxAtLkq6tK9mt3tCpyqVOLflxB9seQ3TGyYoJ804EsJ2D5x5D8J7L09CbSZHfZKg3Jj15t%2BHHoeUG46PFWa9EPXW%2BxE4rGYivw23E77rBWGJxYJOUYMh5DiQGoPYfCOiikgyJ2UGQOEn5Uo0Endt1WHMXNZttnjDWbjAXtkAe86bdjFwWbaRggzwZgagBmtpCZLazLAUxxALtWwXIHNifo8QqlICgtQUkJSklQ5gRlr9rjyjZsdZ8rW0TePDfmuVmNdN4d0j2dd0VKhtkxeX5mnLPwuYt1cVRz240wDFthq8lCGtNO3A6aviu4H7O2iIMWrKwg7TlQ62BTTsnF0QEyOSXnv%2F0XEZ3AqgmYfAW0eAm0HLUaLujayG%2B72Ewf2DVtclG3ObiukOULyDecoTomF0%2Bu1%2FnFQLDDK38OfzzYvqDBTIXMVPhIfk%2FQVfdGt3VJdm%2Fr0pJHy1kuE7lJZ5e9k9NcLHzxrtgoteE3rtnBgzfZDMzKh3eFzW%2FSlMu0a8mXVyXnwlzXhgny3Q27KqKVwq5dLUxaZDdX3rp%2BI8mMsFbqdAwqn3z4GExOybPJzsmbffn3HUgzhikqJMUhmQeknoBlW7DZ4ZVfx598cOmfCawmMOpsJsoclEU1Mo3o7KeSBEqc9TSqYMWZBZE4fPzXKRvae%2BgaBzTfRppU6JkKPVWBqgFs8cwoz8zhlZ%2BbJ4FIOaNIGWc3UkZ9emqtlUc1EcRuLNyGiOJOFLeoyzux34loxxOtKKAecjtl29%2B8%2BB8AAAD%2F%2FwEAAP%2F%2FAQlvzIsEAAA%3D HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Cookie: u_pl=17078832; uid_id2=24f61156-1d77-4601-96e2-7548f8f9c765:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0826667673c6afa9f85340ed4fc8ef57=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 19:05:57 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 36538e4054308a5d75788a00d5d8e91a
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c7afa63a2e765a5889feedb036228204
546d048429118d6ff49049b948a6d39c3706b4e1
ce33ebbd5115ffaac9721eacc50f458d369b30dbc875379c5602fe846d078207
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE33EBBD5115FFAAC9721EACC50F458D369B30DBC875379C5602FE846D078207"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9895
Expires: Sun, 27 Nov 2022 21:50:53 GMT
Date: Sun, 27 Nov 2022 19:05:58 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3a1eb8e3d7b5e963c21e1905e849e570
fff8193edc6218562c5612b0e02f73dbcca98c0c
12db50941a08926a1f14146c52b53cfc6acc1dcb6ac858f6fcfb421330dfb12f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12DB50941A08926A1F14146C52B53CFC6ACC1DCB6AC858F6FCFB421330DFB12F"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9599
Expires: Sun, 27 Nov 2022 21:45:57 GMT
Date: Sun, 27 Nov 2022 19:05:58 GMT
Connection: keep-alive
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=381
173.233.137.44200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=381
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=381 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 19:05:58 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3a1eb8e3d7b5e963c21e1905e849e570
fff8193edc6218562c5612b0e02f73dbcca98c0c
12db50941a08926a1f14146c52b53cfc6acc1dcb6ac858f6fcfb421330dfb12f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12DB50941A08926A1F14146C52B53CFC6ACC1DCB6AC858F6FCFB421330DFB12F"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9599
Expires: Sun, 27 Nov 2022 21:45:57 GMT
Date: Sun, 27 Nov 2022 19:05:58 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
172.64.109.13200 OK 322 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
IP 172.64.109.13:0
File type PNG image data, 729 x 331, 8-bit/color RGBA, non-interlaced\012- data
Size 322 kB (322399 bytes)
Hash 47b7ae41a98644de6d46d58a0e51a793
b0f736609af3c0b3214ee52cc9f0798dcc972df6
b2ad5bf8fc066203168fbceb53b7df6012e8897be344b240e94105af1b4ba0f2
GET /sb/notifications/games/nutaku/multi/2/img/girls.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 19:05:58 GMT
content-type: image/png
content-length: 322399
last-modified: Wed, 07 Sep 2022 14:37:32 GMT
etag: "6318acac-4eb5f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1055537
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wwKo0sKYvs6kgbvQ69tVGv3BU%2B9IMfoJucQ0uUFvjm4CrDrpNz1DEh%2FQcOSPlLkU9kE3DEyWpHC8WzW%2Bvg6O%2FYfcl5iBuw2TvJjK83sZnz6QLAzcgZct%2B6eHkw6%2BgYHZZqcVLalE3Yes"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770d236b8e138e14-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
45.133.44.3200 OK 559 B URL HTTP/2 cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text
Hash c4e5a01aaedf4fde1e668eed22d14dd0
bd2690dbccc232477ba7ce5602db40c467da7456
bcf87d871ff6d74f331f685fe978126bfb7af1807e2176684e210efbad318d86
Analyzer Verdict Alert fortinet Phishing
GET /sb/notifications/games/nutaku/multi/2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://sh.st
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 19:05:58 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 15 Sep 2022 10:38:26 GMT
etag: W/"632300a2-514"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 27 Nov 2022 20:05:58 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
172.64.109.13200 OK 2.5 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
IP 172.64.109.13:0
Hash b9262070f55bd5fe315ba34f9dbf6654
33bc9c1a88a983c8128bb2bddf93b3953ac6aedd
2af94949a270b7aa150b7a3970a572e3946da32956651126bd916ae377eaa4bd
GET /sb/notifications/games/nutaku/multi/2/css/styles.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://sh.st
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 19:05:58 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 08:03:32 GMT
etag: W/"632ac554-2c89"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xBygbKUgDeR2lJrCZttzK%2B7HSivxqX7BPbANl1KjVdawczQvbw9BcEFp4jcfTLZoaA2zCP%2FDW0fZ%2B0i3jjoAv4Jl7GTW1AYwTwlY3vgrPwrOKnEGgcPQ52eLxNgqn3E2cjB%2Fdq91TtmI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770d236b7dd18e14-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/animate.css
172.64.109.13200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/animate.css
IP 172.64.109.13:0
Hash c91016401e0a0b7b3d7572de48c76597
12fb634abb5e708b4f55d1489055b4f626d3cdd1
2472e286e0bf6f54cef9d99e9c63301c873fa02bc4e3979e1a18587a6d973120
GET /sb/notifications/games/nutaku/multi/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://sh.st
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 19:05:58 GMT
content-type: text/css
last-modified: Thu, 15 Sep 2022 10:38:28 GMT
etag: W/"632300a4-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QN%2Fp57uVf8HtbTsrNB1g3qJBiLb%2BkAhf65DnIQUI8J1NPKY9hcLIdwJfRbspQRsdbXhhHSpdyyZ6NOO0l1Nj2rIZaa6Q13%2FAywzlqkoocjtjoQ9zhgAP25sIikRUDg3vC6jfqaB27g0W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770d236b7dd48e14-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=270
173.233.137.44200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=270
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=270 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 19:05:58 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tallysaturatesnare.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz4scRRTHq%2BPmoieDHnJQBvEQwZ3tnulfYw7BGCPBmIQkkosHq6uqZ8ut7mqquqcnewouhNwcb%2BKp5zubLNEg5iB4kYQZL7ogZFRkERf8DwQxJw8yuwOL79Dvvf68w%2Ft%2BX90eV%2FvERUX3rrynN6VSdC1ou61TN2TOdW1bl663PLftnm7dkHnon24NFx8zeMNzg7b7WusdwTb0Wsf1XNdzvdZ5aUSqh2sHFLJ40PPaPbftd9pe4GNo%2Ft%2FbyoGlDvhgn5yA5PPj6z88hGRT5NnX54TdKHXx%2BttZpWipDQZ85%2F18I9d1juyoTI2DNN9ZTkPbOSGfHYPOd5YKoAfbCwVI5Jw4v3lI8p3lmkgGdw83TRREjoQ%2Fh3owhVBTSDoF01uQ%2FAkBGMely8ize5e0qenNQ0oXdE5Wnv4NWc%2FJyh8vIM%2B%2BOqvksHVNq6qUOrcYpg3kcArZn6KoZig3Hch6BlZ%2BDMl%2FImtPLyLPti9bpSH53qsdPw09LwhXPR5Fq37oequ9UHRWo8CP0zjtsSgMDiyScgqZTqHECNQeQ2UdVNJBlTqoCgcZ32vRoJe6bpQmabcb%2B4yxbpexIA55wLt%2BnLqo2ELDCGUxAlMjMHMLhbmFDTmCqR7Drjew3IEtCQa8QS0IaktQU4JaEtQlQT1o7nJlO7a5x5WtEm%2BZO8vcbSa67I%2FpXV32RU7GxT55fmGcs%2FK5iw2x13LjThiGURh1WUhT2kvjoOu7gvspi0UaRLCygbTHQK2DTTknJyePUcg5Of7tv0joDFbNwOQroNVLoPUk6rig6xM%2FdrGZ37fr2pSibUtw3aAoV1DedMZqn5w8uF7vFwPBds%2F8Of7x8dYJDWYaFKbBR%2FJ7gr66M7mqa7J9VdeWPLxclDKTm3Rx2WslLcXKF%2B%2BKm7U2%2FMI5O7r%2FJluARfngurDlRZpzmfct%2BfKs5FyY89owQb67YG%2BI5Epl189WJq%2BKi1feOn8hK4ywVup8CiqffPgITM7Js9ntgzf78u%2B3Ic0UpmqQVbtkGZB6Blbcgi12z%2Fw6%2FeSDU%2F%2FMYDWBUUczSeGgrpqJ6SRHP5UkUOKop0kDK44sSMTuo78O2djeQd84oOUW8qzBwDQYqAZUjWCrZyZlYXbP%2FNw9CCTKmSTKONuJMurTQ2ut3GsFni%2FiJI4Y54lg3Is63bjruh3O%2FagnvB5KO2db37z4HwAAAP%2F%2FAQAA%2F%2F8VAeEqiwQAAA%3D%3D
173.233.137.44200 OK 7 B URL HTTP/1.1 tallysaturatesnare.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz4scRRTHq%2BPmoieDHnJQBvEQwZ3tnulfYw7BGCPBmIQkkosHq6uqZ8ut7mqquqcnewouhNwcb%2BKp5zubLNEg5iB4kYQZL7ogZFRkERf8DwQxJw8yuwOL79Dvvf68w%2Ft%2BX90eV%2FvERUX3rrynN6VSdC1ou61TN2TOdW1bl663PLftnm7dkHnon24NFx8zeMNzg7b7WusdwTb0Wsf1XNdzvdZ5aUSqh2sHFLJ40PPaPbftd9pe4GNo%2Ft%2FbyoGlDvhgn5yA5PPj6z88hGRT5NnX54TdKHXx%2BttZpWipDQZ85%2F18I9d1juyoTI2DNN9ZTkPbOSGfHYPOd5YKoAfbCwVI5Jw4v3lI8p3lmkgGdw83TRREjoQ%2Fh3owhVBTSDoF01uQ%2FAkBGMely8ize5e0qenNQ0oXdE5Wnv4NWc%2FJyh8vIM%2B%2BOqvksHVNq6qUOrcYpg3kcArZn6KoZig3Hch6BlZ%2BDMl%2FImtPLyLPti9bpSH53qsdPw09LwhXPR5Fq37oequ9UHRWo8CP0zjtsSgMDiyScgqZTqHECNQeQ2UdVNJBlTqoCgcZ32vRoJe6bpQmabcb%2B4yxbpexIA55wLt%2BnLqo2ELDCGUxAlMjMHMLhbmFDTmCqR7Drjew3IEtCQa8QS0IaktQU4JaEtQlQT1o7nJlO7a5x5WtEm%2BZO8vcbSa67I%2FpXV32RU7GxT55fmGcs%2FK5iw2x13LjThiGURh1WUhT2kvjoOu7gvspi0UaRLCygbTHQK2DTTknJyePUcg5Of7tv0joDFbNwOQroNVLoPUk6rig6xM%2FdrGZ37fr2pSibUtw3aAoV1DedMZqn5w8uF7vFwPBds%2F8Of7x8dYJDWYaFKbBR%2FJ7gr66M7mqa7J9VdeWPLxclDKTm3Rx2WslLcXKF%2B%2BKm7U2%2FMI5O7r%2FJluARfngurDlRZpzmfct%2BfKs5FyY89owQb67YG%2BI5Epl189WJq%2BKi1feOn8hK4ywVup8CiqffPgITM7Js9ntgzf78u%2B3Ic0UpmqQVbtkGZB6Blbcgi12z%2Fw6%2FeSDU%2F%2FMYDWBUUczSeGgrpqJ6SRHP5UkUOKop0kDK44sSMTuo78O2djeQd84oOUW8qzBwDQYqAZUjWCrZyZlYXbP%2FNw9CCTKmSTKONuJMurTQ2ut3GsFni%2FiJI4Y54lg3Is63bjruh3O%2FagnvB5KO2db37z4HwAAAP%2F%2FAQAA%2F%2F8VAeEqiwQAAA%3D%3D
IP 173.233.137.44:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz4scRRTHq%2BPmoieDHnJQBvEQwZ3tnulfYw7BGCPBmIQkkosHq6uqZ8ut7mqquqcnewouhNwcb%2BKp5zubLNEg5iB4kYQZL7ogZFRkERf8DwQxJw8yuwOL79Dvvf68w%2Ft%2BX90eV%2FvERUX3rrynN6VSdC1ou61TN2TOdW1bl663PLftnm7dkHnon24NFx8zeMNzg7b7WusdwTb0Wsf1XNdzvdZ5aUSqh2sHFLJ40PPaPbftd9pe4GNo%2Ft%2FbyoGlDvhgn5yA5PPj6z88hGRT5NnX54TdKHXx%2BttZpWipDQZ85%2F18I9d1juyoTI2DNN9ZTkPbOSGfHYPOd5YKoAfbCwVI5Jw4v3lI8p3lmkgGdw83TRREjoQ%2Fh3owhVBTSDoF01uQ%2FAkBGMely8ize5e0qenNQ0oXdE5Wnv4NWc%2FJyh8vIM%2B%2BOqvksHVNq6qUOrcYpg3kcArZn6KoZig3Hch6BlZ%2BDMl%2FImtPLyLPti9bpSH53qsdPw09LwhXPR5Fq37oequ9UHRWo8CP0zjtsSgMDiyScgqZTqHECNQeQ2UdVNJBlTqoCgcZ32vRoJe6bpQmabcb%2B4yxbpexIA55wLt%2BnLqo2ELDCGUxAlMjMHMLhbmFDTmCqR7Drjew3IEtCQa8QS0IaktQU4JaEtQlQT1o7nJlO7a5x5WtEm%2BZO8vcbSa67I%2FpXV32RU7GxT55fmGcs%2FK5iw2x13LjThiGURh1WUhT2kvjoOu7gvspi0UaRLCygbTHQK2DTTknJyePUcg5Of7tv0joDFbNwOQroNVLoPUk6rig6xM%2FdrGZ37fr2pSibUtw3aAoV1DedMZqn5w8uF7vFwPBds%2F8Of7x8dYJDWYaFKbBR%2FJ7gr66M7mqa7J9VdeWPLxclDKTm3Rx2WslLcXKF%2B%2BKm7U2%2FMI5O7r%2FJluARfngurDlRZpzmfct%2BfKs5FyY89owQb67YG%2BI5Epl189WJq%2BKi1feOn8hK4ywVup8CiqffPgITM7Js9ntgzf78u%2B3Ic0UpmqQVbtkGZB6Blbcgi12z%2Fw6%2FeSDU%2F%2FMYDWBUUczSeGgrpqJ6SRHP5UkUOKop0kDK44sSMTuo78O2djeQd84oOUW8qzBwDQYqAZUjWCrZyZlYXbP%2FNw9CCTKmSTKONuJMurTQ2ut3GsFni%2FiJI4Y54lg3Is63bjruh3O%2FagnvB5KO2db37z4HwAAAP%2F%2FAQAA%2F%2F8VAeEqiwQAAA%3D%3D HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Cookie: u_pl=17078832; uid_id2=24f61156-1d77-4601-96e2-7548f8f9c765:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0826667673c6afa9f85340ed4fc8ef57=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 19:05:58 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e6b6a3a8fc391b411c312a3d4908928a
Strict-Transport-Security: max-age=0; includeSubdomains
www.google-analytics.com/collect?v=1&_v=j98&a=581943029&t=event&_s=2&dl=http%3A%2F%2Fsh.st%2Fve1cO&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1152x836&je=0&ec=interstitial&ea=callback&el=success&_u=aEBAAAABAAAAAC~&jid=&gjid=&cid=144271833.1669575952&uid=292569&tid=UA-42296749-1&_gid=1955259117.1669575952&cd2=2022-06-29.0&cd7=292569&cd5=0&z=1544115293
142.250.74.174200 OK 35 B URL HTTP/1.1 www.google-analytics.com/collect?v=1&_v=j98&a=581943029&t=event&_s=2&dl=http%3A%2F%2Fsh.st%2Fve1cO&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1152x836&je=0&ec=interstitial&ea=callback&el=success&_u=aEBAAAABAAAAAC~&jid=&gjid=&cid=144271833.1669575952&uid=292569&tid=UA-42296749-1&_gid=1955259117.1669575952&cd2=2022-06-29.0&cd7=292569&cd5=0&z=1544115293
IP 142.250.74.174:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&_v=j98&a=581943029&t=event&_s=2&dl=http%3A%2F%2Fsh.st%2Fve1cO&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1152x836&je=0&ec=interstitial&ea=callback&el=success&_u=aEBAAAABAAAAAC~&jid=&gjid=&cid=144271833.1669575952&uid=292569&tid=UA-42296749-1&_gid=1955259117.1669575952&cd2=2022-06-29.0&cd7=292569&cd5=0&z=1544115293 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Sun, 27 Nov 2022 06:37:44 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 44894
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
tallysaturatesnare.com/pixel/sbs?c=1
173.233.137.44200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbs?c=1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Cookie: u_pl=17078832; uid_id2=24f61156-1d77-4601-96e2-7548f8f9c765:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0826667673c6afa9f85340ed4fc8ef57=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 19:05:58 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ptauxofi.net/pfe/current/defaultSkin.min.js
139.45.197.250200 OK 0 B URL HTTP/2 ptauxofi.net/pfe/current/defaultSkin.min.js
IP 139.45.197.250:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sh.st/
Origin: http://sh.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 19:05:52 GMT
content-type: application/javascript
last-modified: Thu, 24 Nov 2022 15:53:54 GMT
etag: W/"637f9392-df63"
access-control-allow-origin: http://sh.st
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
IP 172.64.109.13:0
GET /sb/notifications/games/nutaku/multi/2/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 19:05:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Aug 2022 08:55:17 GMT
etag: W/"62fdfe75-415"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1055537
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5zmDpl0asq7ySaP7%2FFeZNbIZZmkihZVSi%2BcUS52ejdj67%2F2NWBXtL3f6tCmsk0QnRqaPqP%2FzbImXtq09t6Xi8jvmzfUXb6YzpYdaHitLinjt3AQFXtsoGhLV5Ogxb45DFBwjS6JkN32Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770d236b8e0c8e14-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/jquery.min.js
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/jquery.min.js
IP 172.64.109.13:0
GET /sb/notifications/games/nutaku/multi/2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 19:05:58 GMT
content-type: application/javascript
last-modified: Thu, 18 Aug 2022 08:55:27 GMT
etag: W/"62fdfe7f-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1055537
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v0KVCw96%2Fa8qNFQSaiICF3W2kTOPehbg7l2q9KMtgGjEGv03gLnQWpCSkCPhYWZm%2FmYrCrdtLmTid19S7ClxurSCk%2FBnw6HSyfUgPMlC7ZPAGX0NX2uo%2BDhNf7tJuhPo8RT%2FAboDHTzq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770d236b8e168e14-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Raleway:400,700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Raleway:400,700
IP 142.250.74.10:0
GET /css?family=Raleway:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 27 Nov 2022 19:05:50 GMT
date: Sun, 27 Nov 2022 19:05:50 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/main.js
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/main.js
IP 172.64.109.13:0
GET /sb/notifications/games/nutaku/multi/2/js/main.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://sh.st
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 19:05:58 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:29:33 GMT
etag: W/"632abd5d-20ea"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7WM6Fd9ho4sb38oNLhFX0auqGgE3XubTPt5VqnK1Lc%2FtrwkxSKaAQbsOfK8yeaceyZtddYijarXkZ4yzFCEZvqoCvDFIHvuA2bBhmUHn9b83g344Ge2VmEv0S5Qtsz%2FVlVElgozZDxbf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770d236c4eed8e14-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2