www.file-upload.com/va6noqhsd49d
104.21.79.149200 OK 5.6 kB URL HTTP/1.1 www.file-upload.com/va6noqhsd49d
IP 104.21.79.149:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (842)
Hash f57e65d7751d0f00cba1924b05283feb
e9cc2793dfa742443c255b1b626509cb240a08bf
dca0b3f01d456b6e55fdc0ef5455aaac8c1c76d06b1603050f6f27afbdc8917d
GET /va6noqhsd49d HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 20:13:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=0;includeSubDomains;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Expires: Thu, 24 Nov 2022 20:13:43 GMT
Set-Cookie: lang=english; domain=.file-upload.com; path=/
X-Cache: HIT from Backend
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Myv%2FBYeAqQ9qnXa4ikG9tWvCO4Uus3lkS5TqOfMMlu%2BGjiSGZiJ7WyN2yLOUir4a31Mm%2B83r%2FGgkWdRfJwVzdVDX1cKakVphYIiCvjRchNpeDhkGNu73tJTfw3ditSxW7cYkmtF1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76fd0bec0a89b51e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3853
Expires: Fri, 25 Nov 2022 21:17:56 GMT
Date: Fri, 25 Nov 2022 20:13:43 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 10730f388c028d64e19b8a48d414768f
e43b104e57e5ea7ff8568835776858cf2ede6f00
f3c30c6d139288f1bfe13fce85c6ddc1514e1639fcf4d31a6012a3309ed1d50d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4683
Cache-Control: max-age=142534
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:43 GMT
Etag: "63809972-1d7"
Expires: Sun, 27 Nov 2022 11:49:17 GMT
Last-Modified: Fri, 25 Nov 2022 10:31:14 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 19:19:09 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3274
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c63b226725ca6e92e3ef586ac19e603
d21ae42a1927501e5293ff3564f52b49f6b0decc
141ac47acc3800e5d35a82012fa4b044277abad3a95dc24415f66fb72c972ae6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3025
Expires: Fri, 25 Nov 2022 21:04:09 GMT
Date: Fri, 25 Nov 2022 20:13:44 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: WoT6FZ2nHP8r5NnemTtVWr3Nzsnd3cWapH+eq+ydInC14LKYAfWZSLaqTaykt73aUsKXESK0it4=
x-amz-request-id: S86FF1ETV0BQEZ6Z
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 19:40:55 GMT
age: 1969
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 20:13:44 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.file-upload.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
104.21.79.149200 OK 3.9 kB URL HTTP/1.1 www.file-upload.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP 104.21.79.149:0
File type ASCII text, with very long lines (12331)
Hash 54c87b7a9007d256c837e382cab4170d
6c8f44204021f68596af9ae5a742c3ad1b76a6ec
3a09f98b09786cd8fbe71cc17d07660e767fc1c8d2ea467f912bc328766a54a1
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/va6noqhsd49d
Cookie: lang=english
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 20:13:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 13:35:09 GMT
ETag: W/"637cd00d-302c"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hpAOsEgBpaASku4msAdXE1SjL869udJX7QWjpSmihPD2vSctU0tSkmF7b%2BX508hLf8DVDmqo4iCol6zKWPvI1yuDserR3herScX4kv4TmjAj0t984GX607jZZ3hu1eo3YNIud6jT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76fd0beeaf2eb51e-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Expires: Sun, 27 Nov 2022 20:13:44 GMT
Cache-Control: max-age=172800, public
Content-Encoding: gzip
www.file-upload.com/mngez/images/anti2.png
104.21.79.149200 OK 641 B URL HTTP/2 www.file-upload.com/mngez/images/anti2.png
IP 104.21.79.149:0
File type PNG image data, 100 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash 722859ca75e68c14f4d803e76f846b92
0a00fa9439d602f40e3acd72dfb08b2f89c3fa2f
fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f
GET /mngez/images/anti2.png HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:44 GMT
content-type: image/png
content-length: 641
cache-control: max-age=315360000
cf-bgj: csam-hash
etag: "5c26aa0b-281"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 28 Dec 2018 22:56:11 GMT
cf-cache-status: HIT
age: 49159916
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=COKUrF%2FrNcrmO4SdjG0Ms1IWm1E1YU7z6rmiGGmC5AYXPxU7TvdZqu3mZ1Oxz56BQWs2pKXZPRXIJeTEFX0ldAhLOcE7ldWhg4q%2Fsay8clAUJkhDJoM8Wnna1PNlcBIvvaSpRWZX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fd0beec9cdb503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
151.139.128.10200 OK 4.5 kB URL HTTP/1.1 images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
IP 151.139.128.10:0
File type PNG image data, 135 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash b0e239fa4ddfbcdf08cbcb34a13b2a0f
957fdb58c09d85e41cc6a6ea134a9365adee4ec9
0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994
GET /Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766 HTTP/1.1
Host: images.dmca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 20:13:44 GMT
Content-Type: image/png
Last-Modified: Thu, 02 Jun 2011 03:26:26 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Cache-Control: public,max-age=31536000
ETag: "0abbdbd420cc1:0"
X-Powered-By: ASP.NET
X-HW: 1669407224.cds017.sk1.h2,1669407224.cds246.sk1.c
Link: <http://www.dmca.com/Badges/_dmca_premi_badge_4.png>; rel="canonical"
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 4535
d26adrx9c3n0mq.cloudfront.net/?xrdad=888399
54.230.245.178200 OK 50 kB URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/?xrdad=888399
IP 54.230.245.178:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Hash f16cbbb926636897bd3ffe2b0cacd3ec
5db1439f0acc9e1a024ca70885b0dd7dd98b5f50
0f5560a61284ed354116975e1bb50d2e9a09beb755007e8c81f691b5b9087717
GET /?xrdad=888399 HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Content-Length: 50139
Connection: keep-alive
Date: Fri, 25 Nov 2022 20:13:44 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: euDqP6mrixoD8D0kGWKeipPNdll_Q7_d83t_2iJUSMheH7AWBNNbbg==
d26adrx9c3n0mq.cloudfront.net/?xrdad=888398
54.230.245.178200 OK 163 kB URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/?xrdad=888398
IP 54.230.245.178:0
File type Unicode text, UTF-8 text, with very long lines (15945)
Size 163 kB (163154 bytes)
Hash 411f27a0c0367ead8c1a1344ccb7159b
dbca74297b5662aae944163ab4414ce2fc13331f
b4261b8cbf8f3cc70487b3e9fedd90fca96b3cf988fbe9c1c980ea14bfad9732
GET /?xrdad=888398 HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Content-Length: 163154
Connection: keep-alive
Date: Fri, 25 Nov 2022 20:13:44 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Sgb1IulWJC8HiDdRNrBLnxhNEZbWJHzL3WWeRPkXTW7Kuboy6ylxUg==
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b156b13201300b5fc82d76594bcfb9f9
fe48f8c97af5e4223646ef86c4bd4a6b425a82e4
15c65436ee71be9d1c2d3bb8f9ba0d86050cc843a0b76847679804d32f3a1396
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "15C65436EE71BE9D1C2D3BB8F9BA0D86050CC843A0B76847679804D32F3A1396"
Last-Modified: Thu, 24 Nov 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18108
Expires: Sat, 26 Nov 2022 01:15:32 GMT
Date: Fri, 25 Nov 2022 20:13:44 GMT
Connection: keep-alive
www.file-upload.com/assets/images/logo_new.png
104.21.79.149200 OK 80 kB URL HTTP/2 www.file-upload.com/assets/images/logo_new.png
IP 104.21.79.149:0
File type PNG image data, 388 x 100, 8-bit colormap, non-interlaced\012- data
Hash 02ea523d459f06cb721c6c3b0e6d9db4
8a70ae9dab0ebf527cbff63d40bdb8a66e9486c5
87596c89af4f0fcfb8ad8131b0e8ec77f64bda95351e9fa6105dbdbad6cad738
GET /assets/images/logo_new.png HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:44 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Fri, 09 Nov 2018 12:00:31 GMT
etag: W/"c8f-57a3a191435c0"
cache-control: public, max-age=31536000
expires: Mon, 13 Jun 2022 22:20:06 GMT
x-cache: HIT from Backend
cf-cache-status: HIT
age: 14853218
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KrH4cA%2B0Ws3%2BV9QRlMdaodIwdzyxWVhrpZlP63CJj9fdakIjlTSPFKRUeBAw4QjoBk9uncfZve7RQRwZFpa9zhdy5PGSjlM%2BZ7dqTRBE2XPtaJYGcjfik31d%2F0cD533kwgmcxPW1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fd0beed9dbb503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
eraltradiansid.com/ODRtT0VZVg4ielkJD2kwSlhQand+EV8JIQoCDCs3QA0OfCsIWRxhJlRbGCsjSlsDO2tWURlqd35DCSETdFclBhN/XTgYEWl9DgN1CX85JD0AZgYdFHBOCikNeW4kBi55ZiInKlV3BQIkcHNdCgZ6fiQqdGFRKzc2S2A7HhF/TQUBFAl1OAM9cmQ8IwgdBisOBwhQPgwua3EsLBV3ZTQKAV8FGQ0XdngqDBRzcxUgH3NYOw4IfXYBHgNccT8YCHBzFSgXcnUODRAIUFoHImJgP3wxemUBJwNaXyA4EAhQWg09S208fHxuZTkdFF1hLAQUfXIYHj96YD98aEt3LwkLf3cGCQZpBRl4Em5QKB0WT2IoHXVZVgYGdWpxO3kUfX4lHR1IYjwKHGx9CgYdfXYCNRNtdRodDUxyNQofbGQGfgEeXh4gK0gJBH8mdFsANSRUXQ
13.227.153.84200 OK 1.2 kB URL HTTP/1.1 eraltradiansid.com/ODRtT0VZVg4ielkJD2kwSlhQand+EV8JIQoCDCs3QA0OfCsIWRxhJlRbGCsjSlsDO2tWURlqd35DCSETdFclBhN/XTgYEWl9DgN1CX85JD0AZgYdFHBOCikNeW4kBi55ZiInKlV3BQIkcHNdCgZ6fiQqdGFRKzc2S2A7HhF/TQUBFAl1OAM9cmQ8IwgdBisOBwhQPgwua3EsLBV3ZTQKAV8FGQ0XdngqDBRzcxUgH3NYOw4IfXYBHgNccT8YCHBzFSgXcnUODRAIUFoHImJgP3wxemUBJwNaXyA4EAhQWg09S208fHxuZTkdFF1hLAQUfXIYHj96YD98aEt3LwkLf3cGCQZpBRl4Em5QKB0WT2IoHXVZVgYGdWpxO3kUfX4lHR1IYjwKHGx9CgYdfXYCNRNtdRodDUxyNQofbGQGfgEeXh4gK0gJBH8mdFsANSRUXQ
IP 13.227.153.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Hash c86c8beb6bb95e91f9fbf2d4512e67a3
03f91f2525340318cb8f0105592eb0444d563ce0
bcb44b37f29dae2d4c9412d89da1187fcc1857e92d1e5087e53dcbdaa96535a4
GET /ODRtT0VZVg4ielkJD2kwSlhQand+EV8JIQoCDCs3QA0OfCsIWRxhJlRbGCsjSlsDO2tWURlqd35DCSETdFclBhN/XTgYEWl9DgN1CX85JD0AZgYdFHBOCikNeW4kBi55ZiInKlV3BQIkcHNdCgZ6fiQqdGFRKzc2S2A7HhF/TQUBFAl1OAM9cmQ8IwgdBisOBwhQPgwua3EsLBV3ZTQKAV8FGQ0XdngqDBRzcxUgH3NYOw4IfXYBHgNccT8YCHBzFSgXcnUODRAIUFoHImJgP3wxemUBJwNaXyA4EAhQWg09S208fHxuZTkdFF1hLAQUfXIYHj96YD98aEt3LwkLf3cGCQZpBRl4Em5QKB0WT2IoHXVZVgYGdWpxO3kUfX4lHR1IYjwKHGx9CgYdfXYCNRNtdRodDUxyNQofbGQGfgEeXh4gK0gJBH8mdFsANSRUXQ HTTP/1.1
Host: eraltradiansid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1187
Connection: keep-alive
Date: Fri, 25 Nov 2022 20:13:44 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 68bd6f488cd5f9867287f467b777d12a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC51-C1
X-Amz-Cf-Id: ApgpGmBHqh7E7lzd72KhHEK8BsLGF6Rjly2XHaPgoCvv3R5_x2LAbA==
ceprovidingsesse.com/NUh6U0UadxkgeGEOPDgIWCBOMhNwDC8LdF8QOwUcUw84AARZCVwnLFF1Qmt9BnFCdTVcLEdiY0Y8GycwRnVLdSxbLhVuY0N1S312AWZJYmsEbg9udBM8CjIiCHlcIzFBJEdicwNxTmNyB3pJZHQB
104.21.20.247204 No Content 15 kB URL HTTP/2 ceprovidingsesse.com/NUh6U0UadxkgeGEOPDgIWCBOMhNwDC8LdF8QOwUcUw84AARZCVwnLFF1Qmt9BnFCdTVcLEdiY0Y8GycwRnVLdSxbLhVuY0N1S312AWZJYmsEbg9udBM8CjIiCHlcIzFBJEdicwNxTmNyB3pJZHQB
IP 104.21.20.247:0
File type PNG image data, 1248 x 11, 8-bit/color RGBA, non-interlaced\012- data
Hash d4fb57708a39de8290622e0f24106367
35c34ad03af2e3556f239bb2ece83a71b9e8e192
3e4dc309817221417205c20dceff2dc39d90c460fbfae740a4bd99cd27194ae9
GET /NUh6U0UadxkgeGEOPDgIWCBOMhNwDC8LdF8QOwUcUw84AARZCVwnLFF1Qmt9BnFCdTVcLEdiY0Y8GycwRnVLdSxbLhVuY0N1S312AWZJYmsEbg9udBM8CjIiCHlcIzFBJEdicwNxTmNyB3pJZHQB HTTP/1.1
Host: ceprovidingsesse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 20:13:44 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DSHqW7dDyWOkp2lb61smGAdJyOj3zMbZqIN6%2FFVCllmIlDjh8HViqjiMrt6bD9XmAarbXTwOg%2Fc2FbCsrU09mv5nt2IqAPeCGBHgCV1tLIF%2B5hliQrlNWLtav5zWNliXXLXmrFmlaw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fd0bf0eb46fab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
eraltradiansid.com/QlpGWWMjOCU0XCNnJH8WMDZ7fFEEf3QfB3BsJz0ROmMlag1yNzd3AC41Mz0FMDUoLU0sPzJ8UQQ5CAwXCjg8AzQIGS0TIBcfLxBSCwoEag9zDSEMNwsOFxg0Bwx0HyUYEgc+Mi8WKyFGcBwPHiYgDgAfUSZqKjg1AQ8hDAsACwwKMREYPhQSCy12FSIVajwRUi4/IjA2DAwDCBsMCCoYNxYULh4PIRMMMAQUAncyDQgxKRwAcW82ARsPEiNrWxsCdyoVCRguHyYKNnUYNgsLIwEHJxguLVQbNj5pJgo2dR4lezggAS0JGB49FiYMfxYicWMvASsTCyMBTiE+FxshdhgqbSQDHRBqMSoXDjwaAxEQD1cpAypoFABpMms7NQMDPFAYEQQYNjYWLmg3FyMXfFEECSELGSc0IjgkAwwyFA8LEmAzEC00NmQweytxFgIDAAwy
13.227.153.84200 OK 1.2 kB URL HTTP/1.1 eraltradiansid.com/QlpGWWMjOCU0XCNnJH8WMDZ7fFEEf3QfB3BsJz0ROmMlag1yNzd3AC41Mz0FMDUoLU0sPzJ8UQQ5CAwXCjg8AzQIGS0TIBcfLxBSCwoEag9zDSEMNwsOFxg0Bwx0HyUYEgc+Mi8WKyFGcBwPHiYgDgAfUSZqKjg1AQ8hDAsACwwKMREYPhQSCy12FSIVajwRUi4/IjA2DAwDCBsMCCoYNxYULh4PIRMMMAQUAncyDQgxKRwAcW82ARsPEiNrWxsCdyoVCRguHyYKNnUYNgsLIwEHJxguLVQbNj5pJgo2dR4lezggAS0JGB49FiYMfxYicWMvASsTCyMBTiE+FxshdhgqbSQDHRBqMSoXDjwaAxEQD1cpAypoFABpMms7NQMDPFAYEQQYNjYWLmg3FyMXfFEECSELGSc0IjgkAwwyFA8LEmAzEC00NmQweytxFgIDAAwy
IP 13.227.153.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Hash e450cca040237f3dbad36fbfe5798234
032fd88d3427e3997a4769e58ffb9fd6d41afb80
c55cf5eec6a0bdb0535c6bb13625a3c877ded1ed1ed44142afe4ecf528cf56e7
GET /QlpGWWMjOCU0XCNnJH8WMDZ7fFEEf3QfB3BsJz0ROmMlag1yNzd3AC41Mz0FMDUoLU0sPzJ8UQQ5CAwXCjg8AzQIGS0TIBcfLxBSCwoEag9zDSEMNwsOFxg0Bwx0HyUYEgc+Mi8WKyFGcBwPHiYgDgAfUSZqKjg1AQ8hDAsACwwKMREYPhQSCy12FSIVajwRUi4/IjA2DAwDCBsMCCoYNxYULh4PIRMMMAQUAncyDQgxKRwAcW82ARsPEiNrWxsCdyoVCRguHyYKNnUYNgsLIwEHJxguLVQbNj5pJgo2dR4lezggAS0JGB49FiYMfxYicWMvASsTCyMBTiE+FxshdhgqbSQDHRBqMSoXDjwaAxEQD1cpAypoFABpMms7NQMDPFAYEQQYNjYWLmg3FyMXfFEECSELGSc0IjgkAwwyFA8LEmAzEC00NmQweytxFgIDAAwy HTTP/1.1
Host: eraltradiansid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1188
Connection: keep-alive
Date: Fri, 25 Nov 2022 20:13:44 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 c66d7cd8a71d7efc3d827bff2547e828.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC51-C1
X-Amz-Cf-Id: MLP5CO7RxVh0LMjXgfS8_jWR-4mtQe0jqSVPyoqxoiTO5NCuE_VyQg==
ceprovidingsesse.com/d1pHamlYZSQZVBQMDR8+IxwOC1gbMgQ/DQYCKhkqJB0jMggmC2EeABNnf1JQQGxxTBkePnpbTwQuJh4cBGd2TAAZPChXTwFndkRaQ3R0W0dGfDJXWFEuNwsOSmthGh0DNnpbX0Fjc1peRWh0XV1G
104.21.20.247204 No Content 0 B URL HTTP/2 ceprovidingsesse.com/d1pHamlYZSQZVBQMDR8+IxwOC1gbMgQ/DQYCKhkqJB0jMggmC2EeABNnf1JQQGxxTBkePnpbTwQuJh4cBGd2TAAZPChXTwFndkRaQ3R0W0dGfDJXWFEuNwsOSmthGh0DNnpbX0Fjc1peRWh0XV1G
IP 104.21.20.247:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d1pHamlYZSQZVBQMDR8+IxwOC1gbMgQ/DQYCKhkqJB0jMggmC2EeABNnf1JQQGxxTBkePnpbTwQuJh4cBGd2TAAZPChXTwFndkRaQ3R0W0dGfDJXWFEuNwsOSmthGh0DNnpbX0Fjc1peRWh0XV1G HTTP/1.1
Host: ceprovidingsesse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 20:13:44 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0wKzKUSjBb3Ooobf3E2Us4GANVCiML5yGiJ%2FFJRJv2w%2BFM%2FO9ngWUKowhUCE%2FevQGQkoX9ZVKrQyDUext%2FBsR%2BYXJNnHyWW0D%2FdHUKDyKWIWK0%2Brwcl42zqmYvrl0BUmubzsLH7svQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fd0bf0eb48fab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ceprovidingsesse.com/OXp1bngWRRYdRVhIOBkvVzQTOw9dFSZfSWw7RwY+bhYWLxpsO1MaEV1HTFxKC09GSAhQHkhfXkoOFBoNSkdESBFXHBpTXk9HREBLDVRGX1YIXABTSR8OBQ8fBEtTHgxNFkhfTg9DQV5PC0hGWU0M
104.21.20.247204 No Content 0 B URL HTTP/2 ceprovidingsesse.com/OXp1bngWRRYdRVhIOBkvVzQTOw9dFSZfSWw7RwY+bhYWLxpsO1MaEV1HTFxKC09GSAhQHkhfXkoOFBoNSkdESBFXHBpTXk9HREBLDVRGX1YIXABTSR8OBQ8fBEtTHgxNFkhfTg9DQV5PC0hGWU0M
IP 104.21.20.247:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /OXp1bngWRRYdRVhIOBkvVzQTOw9dFSZfSWw7RwY+bhYWLxpsO1MaEV1HTFxKC09GSAhQHkhfXkoOFBoNSkdESBFXHBpTXk9HREBLDVRGX1YIXABTSR8OBQ8fBEtTHgxNFkhfTg9DQV5PC0hGWU0M HTTP/1.1
Host: ceprovidingsesse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 20:13:44 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Faeo6Rbr6HgvRn3uBLcgveuAYRFomZnMFTdblhleswSn6Tv97ecUaw2rZeCSBgzRjyN5ixBUZqpJJOezIfMQVhIe1cl6kTHFjNJcITYRGiM2QlKJRALrKPR%2BHKB4R29AE2Xnbl2MGg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fd0bf0fb70fab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ceprovidingsesse.com/ejUwNUVVClNGeCBzXEYUSntmVHQsTFMEBxViA3N1InIJUCYiZBZBLB4ICAxzSwwIEzUTUQ0EfVxGRFQxD0YNBGMTW1ZaeFxDDQRrShsCG3dcQA0EYw5FUVJ4SxNAQTEWCAEDc0MBAAJ3SAYHA3w
104.21.20.247204 No Content 0 B URL HTTP/2 ceprovidingsesse.com/ejUwNUVVClNGeCBzXEYUSntmVHQsTFMEBxViA3N1InIJUCYiZBZBLB4ICAxzSwwIEzUTUQ0EfVxGRFQxD0YNBGMTW1ZaeFxDDQRrShsCG3dcQA0EYw5FUVJ4SxNAQTEWCAEDc0MBAAJ3SAYHA3w
IP 104.21.20.247:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ejUwNUVVClNGeCBzXEYUSntmVHQsTFMEBxViA3N1InIJUCYiZBZBLB4ICAxzSwwIEzUTUQ0EfVxGRFQxD0YNBGMTW1ZaeFxDDQRrShsCG3dcQA0EYw5FUVJ4SxNAQTEWCAEDc0MBAAJ3SAYHA3w HTTP/1.1
Host: ceprovidingsesse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 20:13:44 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=asvmpkaE29Jo%2BTwwbDwPLFmOlqrWvZzeLbjTGJMakGbH%2BW1iCcaJxlN9qcCF%2BOmRDcFyWNi1%2FaGW4L4zrEDMWeg55nTP36cFAUv9ZCrIUeQcfWNIbbPohELC9SpMNLOH%2Fqd0Xi6yhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fd0bf10b83fab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ceprovidingsesse.com/NTZYUXYaCTsiS1EFGhoUBHQQAD5BYQJhJHBVNGQRZwYKZS5yb34lH1ELYGlOBg9hdwZcUmViRBNFLDACQEVlYFBcWD4+SxNAZWFYDRhpY1gFEC1sRxNCKDARCAd+IQJBWmVgQAMPbGFBBwRrZk4G
104.21.20.247204 No Content 0 B URL HTTP/2 ceprovidingsesse.com/NTZYUXYaCTsiS1EFGhoUBHQQAD5BYQJhJHBVNGQRZwYKZS5yb34lH1ELYGlOBg9hdwZcUmViRBNFLDACQEVlYFBcWD4+SxNAZWFYDRhpY1gFEC1sRxNCKDARCAd+IQJBWmVgQAMPbGFBBwRrZk4G
IP 104.21.20.247:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /NTZYUXYaCTsiS1EFGhoUBHQQAD5BYQJhJHBVNGQRZwYKZS5yb34lH1ELYGlOBg9hdwZcUmViRBNFLDACQEVlYFBcWD4+SxNAZWFYDRhpY1gFEC1sRxNCKDARCAd+IQJBWmVgQAMPbGFBBwRrZk4G HTTP/1.1
Host: ceprovidingsesse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 20:13:44 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8mVYTrOTe6ofYwQA9J4PbG5tnyMV93oqnDYhRHhqm3h2EVghPclhuSxr5g3AtS%2FuUfblIRj5fF9edwNpTKM3Wvb9k8TGKZ19SwM1tl8ANJOzpS1AVBi7vc6bKEWPvXP0Eb0CmmI19w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fd0bf11b8dfab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ceprovidingsesse.com/R3VsOFpoSg9LZxEZOlA7EgEBYgwFJAp/DC8iOlBtHRgqbA0pRUpMMyNIVABidExVHiouEVELaGEGGFkuMgZRCmp3QkpRNCEaUQp8MUhcFmJpRF4WamEAUQl8MwUNX2d2UxxMLitIXQ5sfkFcD2h1RlsAbw
104.21.20.247204 No Content 0 B URL HTTP/2 ceprovidingsesse.com/R3VsOFpoSg9LZxEZOlA7EgEBYgwFJAp/DC8iOlBtHRgqbA0pRUpMMyNIVABidExVHiouEVELaGEGGFkuMgZRCmp3QkpRNCEaUQp8MUhcFmJpRF4WamEAUQl8MwUNX2d2UxxMLitIXQ5sfkFcD2h1RlsAbw
IP 104.21.20.247:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /R3VsOFpoSg9LZxEZOlA7EgEBYgwFJAp/DC8iOlBtHRgqbA0pRUpMMyNIVABidExVHiouEVELaGEGGFkuMgZRCmp3QkpRNCEaUQp8MUhcFmJpRF4WamEAUQl8MwUNX2d2UxxMLitIXQ5sfkFcD2h1RlsAbw HTTP/1.1
Host: ceprovidingsesse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 20:13:44 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xL0p2WN9ASEHbW1MOHWottux0Z2jWGOfcua4AQBTQT7%2B2pBDwsWy8lmxeFT%2Fc4FscG8w9eknX%2FJA0gKJCbxZuZdjkouI9gA73rznZX%2BoLqL2sF031rA0FwtFmptwVA5ZbFrbVqtlPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fd0bf11b90fab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
eraltradiansid.com/MmNiMnZTAQFfSVNeABQDQA9fF0R0RlB0EgBVA1YESloBARgCDhMcFV4MF1YQQAwMRlhcBhYXRHQZN3QkWzkJWQx9FBVzElsyW3AaRhsDdQ5gO1F0RGILJ3g8SyESfzV7Ci1hRkAlG2cVUQs7UTplUglgN10MMlg4VDIhRVMAISwDT2oBGHcBcyUWCxJbIjFxJXgXLFU3dywhXRt0ISNKPXoqOnBFY1otShFiKTZFR2BSM2IsahMxY0VGBARwI2IpGGNBdDE0QS9fMi93G0oKOHQ4ZTlQcA5nMDBBL18yNHYPVg47dxJkIFFkG2cLVxdEdDkqdCR4JBpbLHBOI2MUdS40Z0doWwRfJH4yUUYRfxQBdD9YWhpnNXBUO3UgYTUMWhFoNgZnE2Y6W3c3fxUySw56NSMLHmglBnsTajoKakdRRQhBGVwTX2AyWQobewdeLw
13.227.153.84200 OK 1.2 kB URL HTTP/1.1 eraltradiansid.com/MmNiMnZTAQFfSVNeABQDQA9fF0R0RlB0EgBVA1YESloBARgCDhMcFV4MF1YQQAwMRlhcBhYXRHQZN3QkWzkJWQx9FBVzElsyW3AaRhsDdQ5gO1F0RGILJ3g8SyESfzV7Ci1hRkAlG2cVUQs7UTplUglgN10MMlg4VDIhRVMAISwDT2oBGHcBcyUWCxJbIjFxJXgXLFU3dywhXRt0ISNKPXoqOnBFY1otShFiKTZFR2BSM2IsahMxY0VGBARwI2IpGGNBdDE0QS9fMi93G0oKOHQ4ZTlQcA5nMDBBL18yNHYPVg47dxJkIFFkG2cLVxdEdDkqdCR4JBpbLHBOI2MUdS40Z0doWwRfJH4yUUYRfxQBdD9YWhpnNXBUO3UgYTUMWhFoNgZnE2Y6W3c3fxUySw56NSMLHmglBnsTajoKakdRRQhBGVwTX2AyWQobewdeLw
IP 13.227.153.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash 3a4807ad2aebf07a1c77ebed87cf9298
c0c5a4ca372134516459a587070da50e384d6e09
60400ddd8e8a5a032993f5ddc28718d670176748b8dcb805a0a6f798a34f332b
GET /MmNiMnZTAQFfSVNeABQDQA9fF0R0RlB0EgBVA1YESloBARgCDhMcFV4MF1YQQAwMRlhcBhYXRHQZN3QkWzkJWQx9FBVzElsyW3AaRhsDdQ5gO1F0RGILJ3g8SyESfzV7Ci1hRkAlG2cVUQs7UTplUglgN10MMlg4VDIhRVMAISwDT2oBGHcBcyUWCxJbIjFxJXgXLFU3dywhXRt0ISNKPXoqOnBFY1otShFiKTZFR2BSM2IsahMxY0VGBARwI2IpGGNBdDE0QS9fMi93G0oKOHQ4ZTlQcA5nMDBBL18yNHYPVg47dxJkIFFkG2cLVxdEdDkqdCR4JBpbLHBOI2MUdS40Z0doWwRfJH4yUUYRfxQBdD9YWhpnNXBUO3UgYTUMWhFoNgZnE2Y6W3c3fxUySw56NSMLHmglBnsTajoKakdRRQhBGVwTX2AyWQobewdeLw HTTP/1.1
Host: eraltradiansid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1189
Connection: keep-alive
Date: Fri, 25 Nov 2022 20:13:44 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 c66d7cd8a71d7efc3d827bff2547e828.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC51-C1
X-Amz-Cf-Id: 152ucBUNqEdQUeVpnSuvt-M7141Z9U7DU9LRVdpIRNFU_Ql25kobLw==
eraltradiansid.com/RURMRWckJi8oWCR5LmMSNyhxYFUDYX4DA3dyLSEVPX0vdgl1KT1rBCkrOSEBNysiMUkrIThgVQMyGxMLNREbJlELIy92MAZ0OwEwPSIVEiEkJQpwQncCAT0IYHYOBjQpLwsyPi4PHzEBBD0BCikXLH8AHgh9GgIhBwoYIi8LKDxgVQMUDSYeEikkYFUDBwgQIR8DfRUtFyd+CAsULw8RV30ANiItFQB9FS0EHicLJhw2CC8ydAcEFzENdjQNPhAOPiQyACkILwR8BiUcMiMDOB83PQp0JFYpIxp2AzUQCwwLIwM4Hy0icH8nVnR0GgcTfRN+AAEndn0IPiwSdCRWaC8mAD89NQcCJR0mBCE9IAEGNwYUcHwHIwx2GAIqLSV+KT4cEigqBhMsfBMwLmF+AyYGCQ8VHRwWKAMyIyUKKQwWEyBgVQMMCz0wYy4/Kgk1eT4SJDU2ehcjEig9
13.227.153.84200 OK 1.2 kB URL HTTP/1.1 eraltradiansid.com/RURMRWckJi8oWCR5LmMSNyhxYFUDYX4DA3dyLSEVPX0vdgl1KT1rBCkrOSEBNysiMUkrIThgVQMyGxMLNREbJlELIy92MAZ0OwEwPSIVEiEkJQpwQncCAT0IYHYOBjQpLwsyPi4PHzEBBD0BCikXLH8AHgh9GgIhBwoYIi8LKDxgVQMUDSYeEikkYFUDBwgQIR8DfRUtFyd+CAsULw8RV30ANiItFQB9FS0EHicLJhw2CC8ydAcEFzENdjQNPhAOPiQyACkILwR8BiUcMiMDOB83PQp0JFYpIxp2AzUQCwwLIwM4Hy0icH8nVnR0GgcTfRN+AAEndn0IPiwSdCRWaC8mAD89NQcCJR0mBCE9IAEGNwYUcHwHIwx2GAIqLSV+KT4cEigqBhMsfBMwLmF+AyYGCQ8VHRwWKAMyIyUKKQwWEyBgVQMMCz0wYy4/Kgk1eT4SJDU2ehcjEig9
IP 13.227.153.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3038), with no line terminators
Hash b42a8d64200cacc46ee374be4261c59f
00708394f2d2dd62064fadd8110dc279ae142254
eb2fa90e889ff7f6894baef9920091aed074ce1218d2fe4ab56bf9940f61c9b2
GET /RURMRWckJi8oWCR5LmMSNyhxYFUDYX4DA3dyLSEVPX0vdgl1KT1rBCkrOSEBNysiMUkrIThgVQMyGxMLNREbJlELIy92MAZ0OwEwPSIVEiEkJQpwQncCAT0IYHYOBjQpLwsyPi4PHzEBBD0BCikXLH8AHgh9GgIhBwoYIi8LKDxgVQMUDSYeEikkYFUDBwgQIR8DfRUtFyd+CAsULw8RV30ANiItFQB9FS0EHicLJhw2CC8ydAcEFzENdjQNPhAOPiQyACkILwR8BiUcMiMDOB83PQp0JFYpIxp2AzUQCwwLIwM4Hy0icH8nVnR0GgcTfRN+AAEndn0IPiwSdCRWaC8mAD89NQcCJR0mBCE9IAEGNwYUcHwHIwx2GAIqLSV+KT4cEigqBhMsfBMwLmF+AyYGCQ8VHRwWKAMyIyUKKQwWEyBgVQMMCz0wYy4/Kgk1eT4SJDU2ehcjEig9 HTTP/1.1
Host: eraltradiansid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1188
Connection: keep-alive
Date: Fri, 25 Nov 2022 20:13:44 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 c0093508e95ee3f9ebe60485284279c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC51-C1
X-Amz-Cf-Id: sXgbYcLuhY5mzw8TCSYg_sUfCmQQ5x9JsSmDZuBBV6BIuAaogxD04A==
eraltradiansid.com/TnRNREYvFi4peS9JL2IzPBhwYXQIUX8CInxCLCA0Nk0udyh+GTxqJSIbOCAgPBsjMGggETlhdAgQGBEyBRYVFT8ENxwIFTchJAgqDDksDHd5Igg8dQcgJgcBJzJ/Bix2MQsFByQ6NR0oBCcAHA99F2h2AAM1IQ4fGUQgAAQhRikpMQczJw50K0Q+EggdGH4TEAcfBiolDzM0Ny8EEwgSIgYfABMAPhwvKi4qLA4dLwQ1JiYMJBw7HHYfUX8CFnxNKxYBDEMXAnccLSooMBZEHCkPJyYvFQ4cQA4BLgktGQp+GSILLQUZTSsWBQNNL3Vyfy0FMGN8Mhx0FHoWI2kuKjE3FSkHJQcWHzlFeRwTGBwodzIqJhUWcysTPiAPN0A+BSE2RCgVPi0mChYqKx8+BiQGG2suNSEaPXkKHAQIDy8UFjsqLzQj
13.227.153.84200 OK 1.2 kB URL HTTP/1.1 eraltradiansid.com/TnRNREYvFi4peS9JL2IzPBhwYXQIUX8CInxCLCA0Nk0udyh+GTxqJSIbOCAgPBsjMGggETlhdAgQGBEyBRYVFT8ENxwIFTchJAgqDDksDHd5Igg8dQcgJgcBJzJ/Bix2MQsFByQ6NR0oBCcAHA99F2h2AAM1IQ4fGUQgAAQhRikpMQczJw50K0Q+EggdGH4TEAcfBiolDzM0Ny8EEwgSIgYfABMAPhwvKi4qLA4dLwQ1JiYMJBw7HHYfUX8CFnxNKxYBDEMXAnccLSooMBZEHCkPJyYvFQ4cQA4BLgktGQp+GSILLQUZTSsWBQNNL3Vyfy0FMGN8Mhx0FHoWI2kuKjE3FSkHJQcWHzlFeRwTGBwodzIqJhUWcysTPiAPN0A+BSE2RCgVPi0mChYqKx8+BiQGG2suNSEaPXkKHAQIDy8UFjsqLzQj
IP 13.227.153.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3023), with no line terminators
Hash cbadf48a3fc099ec0f2c30e603f8cf5e
590193249147a0523bbf461d5c0140d51b5ba9e0
5d697f217c0b8faed24df475b4df6f6891cd8259d31be2604d558b767a2ed143
GET /TnRNREYvFi4peS9JL2IzPBhwYXQIUX8CInxCLCA0Nk0udyh+GTxqJSIbOCAgPBsjMGggETlhdAgQGBEyBRYVFT8ENxwIFTchJAgqDDksDHd5Igg8dQcgJgcBJzJ/Bix2MQsFByQ6NR0oBCcAHA99F2h2AAM1IQ4fGUQgAAQhRikpMQczJw50K0Q+EggdGH4TEAcfBiolDzM0Ny8EEwgSIgYfABMAPhwvKi4qLA4dLwQ1JiYMJBw7HHYfUX8CFnxNKxYBDEMXAnccLSooMBZEHCkPJyYvFQ4cQA4BLgktGQp+GSILLQUZTSsWBQNNL3Vyfy0FMGN8Mhx0FHoWI2kuKjE3FSkHJQcWHzlFeRwTGBwodzIqJhUWcysTPiAPN0A+BSE2RCgVPi0mChYqKx8+BiQGG2suNSEaPXkKHAQIDy8UFjsqLzQj HTTP/1.1
Host: eraltradiansid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1176
Connection: keep-alive
Date: Fri, 25 Nov 2022 20:13:44 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 b9d1e7cb821ef47093334e703f701a70.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC51-C1
X-Amz-Cf-Id: OqLW5PLy3gjSjWqjuwdypq6gLVUymeE6G8OJzzO7qC5lRn3iJ5nddw==
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b156b13201300b5fc82d76594bcfb9f9
fe48f8c97af5e4223646ef86c4bd4a6b425a82e4
15c65436ee71be9d1c2d3bb8f9ba0d86050cc843a0b76847679804d32f3a1396
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "15C65436EE71BE9D1C2D3BB8F9BA0D86050CC843A0B76847679804D32F3A1396"
Last-Modified: Thu, 24 Nov 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18108
Expires: Sat, 26 Nov 2022 01:15:32 GMT
Date: Fri, 25 Nov 2022 20:13:44 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash cfcd447e937c394caf93b2c379aead46
fada549ba7600b60cb1ab2fd40d946e5a2dbefd1
d4b4d0aa3cb51138f76325ce384d21ab891a3a903dbedbdf7c2ecc29044450f3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 20:13:44 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 19:59:30 GMT
Expires: Fri, 02 Dec 2022 19:59:29 GMT
Etag: "fada549ba7600b60cb1ab2fd40d946e5a2dbefd1"
Cache-Control: max-age=603344,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76fd0bf12b79b4f3-OSL
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 20:11:11 GMT
cache-control: public,max-age=3600
age: 153
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
d26adrx9c3n0mq.cloudfront.net/cNUtHbzZWJCkJCUEiI1IPB3l1WgUTITQAWEV2FFZHAgQmLmx/IGEbTFF2d0laVCUgUhBQJSRSBxMqIw0LAW0zH1lediUNVEQxNRlATTNhGlcIJigVX1knJkoEc35pXxMHe28YX1svKBhFEHl3AUIQeXdeBht7Ylx0EHl3GF9bfXNKBXdudV9OA39iXHQQeX-cdQBB4Bl4GAGV3RhMHeyAKVV4kYl1wB3t2XwYEe3ZKBAUtLh1TUyQ/SgRzendaGAVtMlIH
54.230.245.178200 OK 492 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/cNUtHbzZWJCkJCUEiI1IPB3l1WgUTITQAWEV2FFZHAgQmLmx/IGEbTFF2d0laVCUgUhBQJSRSBxMqIw0LAW0zH1lediUNVEQxNRlATTNhGlcIJigVX1knJkoEc35pXxMHe28YX1svKBhFEHl3AUIQeXdeBht7Ylx0EHl3GF9bfXNKBXdudV9OA39iXHQQeX-cdQBB4Bl4GAGV3RhMHeyAKVV4kYl1wB3t2XwYEe3ZKBAUtLh1TUyQ/SgRzendaGAVtMlIH
IP 54.230.245.178:0
File type ASCII text, with very long lines (670), with no line terminators
Hash 17342a9b7ad7f3ad35dd14fed540f872
079775516ae6c3a87928146f7578a3c02def9d44
ced4dee85743c68a7bf67b5ba480c4edaae8f06e90898e19efc918fa463428e4
GET /cNUtHbzZWJCkJCUEiI1IPB3l1WgUTITQAWEV2FFZHAgQmLmx/IGEbTFF2d0laVCUgUhBQJSRSBxMqIw0LAW0zH1lediUNVEQxNRlATTNhGlcIJigVX1knJkoEc35pXxMHe28YX1svKBhFEHl3AUIQeXdeBht7Ylx0EHl3GF9bfXNKBXdudV9OA39iXHQQeX-cdQBB4Bl4GAGV3RhMHeyAKVV4kYl1wB3t2XwYEe3ZKBAUtLh1TUyQ/SgRzendaGAVtMlIH HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eraltradiansid.com/
HTTP/1.1 200 OK
Content-Length: 492
Connection: keep-alive
Date: Fri, 25 Nov 2022 20:13:44 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: JlHqzcjXOYj0GBU_ImnodnXU-98Ua9ZXj48xvdR1R4rZ2jqwSPzQkA==
d26adrx9c3n0mq.cloudfront.net/wdnVLcHIVGiUWTQIcL01KTkx8RkRQHzgfHAZIIkAROhomChMaHG0ECBJIe1YeFxssTVQTGyhNQ1AULxJPQlM/AB0dSCkSEAcPOQYEDg1tBRNLGCQKGxoZKlVAMEBlQFdERWMHGxgRJAcBU0d7HgZTR3tBQlhFbkMwU0d7BxsYQ39VQTRQeUAKQEFuQzBTR3-sCBFNGCkFCQ1t7WVdERSwVER0abkI0REV6QEJHRXpVQEYTIgIXEBozVUAwRHtFXEZTPk1D
54.230.245.178200 OK 624 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/wdnVLcHIVGiUWTQIcL01KTkx8RkRQHzgfHAZIIkAROhomChMaHG0ECBJIe1YeFxssTVQTGyhNQ1AULxJPQlM/AB0dSCkSEAcPOQYEDg1tBRNLGCQKGxoZKlVAMEBlQFdERWMHGxgRJAcBU0d7HgZTR3tBQlhFbkMwU0d7BxsYQ39VQTRQeUAKQEFuQzBTR3-sCBFNGCkFCQ1t7WVdERSwVER0abkI0REV6QEJHRXpVQEYTIgIXEBozVUAwRHtFXEZTPk1D
IP 54.230.245.178:0
File type ASCII text, with very long lines (870), with no line terminators
Hash 89eed23a1004343b0c6f44b6e61b7ccf
53eff7a0d9d2221fcd4ec02cdcb29451300dfba6
aa0ccbbe7047e04f33ef1297e3450acb3ea23ad7015baafc7db61307ed55e582
GET /wdnVLcHIVGiUWTQIcL01KTkx8RkRQHzgfHAZIIkAROhomChMaHG0ECBJIe1YeFxssTVQTGyhNQ1AULxJPQlM/AB0dSCkSEAcPOQYEDg1tBRNLGCQKGxoZKlVAMEBlQFdERWMHGxgRJAcBU0d7HgZTR3tBQlhFbkMwU0d7BxsYQ39VQTRQeUAKQEFuQzBTR3-sCBFNGCkFCQ1t7WVdERSwVER0abkI0REV6QEJHRXpVQEYTIgIXEBozVUAwRHtFXEZTPk1D HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eraltradiansid.com/
HTTP/1.1 200 OK
Content-Length: 624
Connection: keep-alive
Date: Fri, 25 Nov 2022 20:13:44 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 7BC74F_rTasBXz13Z2hJhUyAEJPx11JSEg7X6yksdQ0srRImdlavGA==
d26adrx9c3n0mq.cloudfront.net/zUFRiZkkzOwwAdiQ9BltxaGxRX3F2PhEJJyBpMCIiOS0rFyUcchYcLW1kRAooPjNfQCw+N19XbzEwAFt9diASCSJtNgAEOComFBAxKHIXB3Q9OxgPJTw1R1QPZXpSQ3tgfBUPJzQ7FRVsYmQMEmxiZFNWZ2BxUSRsYmQVDydmYEdVC3VmUh5/ZHFRJGxiZB-AQbGMVU1Z8fmRLQ3tgMwcFIj9xUCB7YGVSVnhgZUdUeTY9EAMvPyxHVA9hZFdIeXYhX1c
54.230.245.178200 OK 615 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/zUFRiZkkzOwwAdiQ9BltxaGxRX3F2PhEJJyBpMCIiOS0rFyUcchYcLW1kRAooPjNfQCw+N19XbzEwAFt9diASCSJtNgAEOComFBAxKHIXB3Q9OxgPJTw1R1QPZXpSQ3tgfBUPJzQ7FRVsYmQMEmxiZFNWZ2BxUSRsYmQVDydmYEdVC3VmUh5/ZHFRJGxiZB-AQbGMVU1Z8fmRLQ3tgMwcFIj9xUCB7YGVSVnhgZUdUeTY9EAMvPyxHVA9hZFdIeXYhX1c
IP 54.230.245.178:0
File type ASCII text, with very long lines (869), with no line terminators
Hash a9bddbaa5c392cbe1c2916ce81f97450
4945e6b5ccfa9bb94b041193ddca9d993577d77b
9239ab524a7e1778c36d423d827e951c2c17499c34c956ee744db3009247a435
GET /zUFRiZkkzOwwAdiQ9BltxaGxRX3F2PhEJJyBpMCIiOS0rFyUcchYcLW1kRAooPjNfQCw+N19XbzEwAFt9diASCSJtNgAEOComFBAxKHIXB3Q9OxgPJTw1R1QPZXpSQ3tgfBUPJzQ7FRVsYmQMEmxiZFNWZ2BxUSRsYmQVDydmYEdVC3VmUh5/ZHFRJGxiZB-AQbGMVU1Z8fmRLQ3tgMwcFIj9xUCB7YGVSVnhgZUdUeTY9EAMvPyxHVA9hZFdIeXYhX1c HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eraltradiansid.com/
HTTP/1.1 200 OK
Content-Length: 615
Connection: keep-alive
Date: Fri, 25 Nov 2022 20:13:44 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: TUcft0ObEAxSoLbyo9NBYkaE3bTrTAWU-Oe01mPTYug7KmJhAYP4-A==
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash df06e70fc8a35facf1d8db463d18e231
fa8a2975566cc792898f870e48ae7518d3657326
4cef7e704f4d575ce6733f6f2d803d241b597be51ff3fb03f72e5c33a893b504
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4141
Cache-Control: max-age=136928
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:44 GMT
Etag: "638085ab-1d7"
Expires: Sun, 27 Nov 2022 10:15:52 GMT
Last-Modified: Fri, 25 Nov 2022 09:06:51 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
file-upload.site/page.js
66.29.132.14200 OK 193 B IP 66.29.132.14:0
File type ASCII text, with no line terminators
Hash 391f261aab9787c46e979046b0e25a65
3f2eec09b02e10bff81bf689d9a380b137f87244
bf2dbac3a4aab3d31cc8e6b3e84a14203add0d903a5611f10025d7cfe158801a
GET /page.js HTTP/1.1
Host: file-upload.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 02 Dec 2022 20:13:44 GMT
content-type: application/javascript
last-modified: Mon, 21 Nov 2022 21:53:53 GMT
accept-ranges: bytes
content-length: 193
date: Fri, 25 Nov 2022 20:13:44 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
d26adrx9c3n0mq.cloudfront.net/dUUtKbXQyJCQLSyUiLlBMaH17VEx3ITkCGiF2Bj8EFAAjNxYnJSMXI3c/MAlJYW0mDBo2dmwIGjJ2e0sVNSl3WVIkKncAGysiJgEVdHkMWFphbnhdXCYiJAkbJjhvX0Q/P29fRGB7ZF1RYglvX0QmIiRbQHR4CEhGYTN8WVFiCW9fRCM9b141YHt/Q0R4bn-hdEzQoIQJRYw14XUVhe3tdRXR5egsdIy4sAgx0eQxcRGRleksBbHo
54.230.245.178200 OK 192 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/dUUtKbXQyJCQLSyUiLlBMaH17VEx3ITkCGiF2Bj8EFAAjNxYnJSMXI3c/MAlJYW0mDBo2dmwIGjJ2e0sVNSl3WVIkKncAGysiJgEVdHkMWFphbnhdXCYiJAkbJjhvX0Q/P29fRGB7ZF1RYglvX0QmIiRbQHR4CEhGYTN8WVFiCW9fRCM9b141YHt/Q0R4bn-hdEzQoIQJRYw14XUVhe3tdRXR5egsdIy4sAgx0eQxcRGRleksBbHo
IP 54.230.245.178:0
File type ASCII text, with no line terminators
Hash 9548377dc17a244bcb71531fd9f7dec5
246cb9ca6bc20dc5453a3fddcde083f7ae731224
f5da158e66b3888480a9c69396fab2ef399eb429f7f76d3f083be6a1127c81ce
GET /dUUtKbXQyJCQLSyUiLlBMaH17VEx3ITkCGiF2Bj8EFAAjNxYnJSMXI3c/MAlJYW0mDBo2dmwIGjJ2e0sVNSl3WVIkKncAGysiJgEVdHkMWFphbnhdXCYiJAkbJjhvX0Q/P29fRGB7ZF1RYglvX0QmIiRbQHR4CEhGYTN8WVFiCW9fRCM9b141YHt/Q0R4bn-hdEzQoIQJRYw14XUVhe3tdRXR5egsdIy4sAgx0eQxcRGRleksBbHo HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eraltradiansid.com/
HTTP/1.1 200 OK
Content-Length: 192
Connection: keep-alive
Date: Fri, 25 Nov 2022 20:13:44 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 68rk_x-4WZBXibCAA4H9D5ukwSCyl99QW16fmN70WnTAXEQR4Yko5w==
d26adrx9c3n0mq.cloudfront.net/vWVlpUWc6Ngc3WC0wDWxfYWFaaF5/Mxo+CSlkGwYkKStfAyMONRh3EyM9VGFBNTgHNlp/PAcyWmh/CDUFZG1PJRc2MlQkCT08DzgJPD1PJAZkNAYrDjU1CHRVH2xHYUJraUEmDjc9BiYUfGtZPxN8a1lgV3dpTGIlfGtZJg43b110VBt8W2Efb21MYiV8a1-kjEXxqKGBXbHdZeEJraQ40BDI2TGMha2lYYVdoaVh0VWk/ACMCPzYRdFUfaFlkSWl/HGxW
54.230.245.178200 OK 359 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/vWVlpUWc6Ngc3WC0wDWxfYWFaaF5/Mxo+CSlkGwYkKStfAyMONRh3EyM9VGFBNTgHNlp/PAcyWmh/CDUFZG1PJRc2MlQkCT08DzgJPD1PJAZkNAYrDjU1CHRVH2xHYUJraUEmDjc9BiYUfGtZPxN8a1lgV3dpTGIlfGtZJg43b110VBt8W2Efb21MYiV8a1-kjEXxqKGBXbHdZeEJraQ40BDI2TGMha2lYYVdoaVh0VWk/ACMCPzYRdFUfaFlkSWl/HGxW
IP 54.230.245.178:0
File type ASCII text, with very long lines (463), with no line terminators
Hash 99a7129a188706e7938986033f99ff2c
d5a624f7e011f40b6b6f44622ed590a71352ec89
6bab8ebcf86de3c8c98617c9248bb3538a686368c5b828926dd9bcacda3250ad
GET /vWVlpUWc6Ngc3WC0wDWxfYWFaaF5/Mxo+CSlkGwYkKStfAyMONRh3EyM9VGFBNTgHNlp/PAcyWmh/CDUFZG1PJRc2MlQkCT08DzgJPD1PJAZkNAYrDjU1CHRVH2xHYUJraUEmDjc9BiYUfGtZPxN8a1lgV3dpTGIlfGtZJg43b110VBt8W2Efb21MYiV8a1-kjEXxqKGBXbHdZeEJraQ40BDI2TGMha2lYYVdoaVh0VWk/ACMCPzYRdFUfaFlkSWl/HGxW HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eraltradiansid.com/
HTTP/1.1 200 OK
Content-Length: 359
Connection: keep-alive
Date: Fri, 25 Nov 2022 20:13:44 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: yjEhvNVvxofR_Xf7_7SsMCA666VEIL10Oz9wjckrmp0oyRxprwvzgg==
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash fade763a5ceb7674d607c462aca5d544
46439b1604884bc5f8566864b51deca850779464
b631b5eff209c873a350ee96d7e4ccdb74bf5d686ad36adba088619721d94cce
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2358
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:44 GMT
Last-Modified: Fri, 25 Nov 2022 19:34:26 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash fade763a5ceb7674d607c462aca5d544
46439b1604884bc5f8566864b51deca850779464
b631b5eff209c873a350ee96d7e4ccdb74bf5d686ad36adba088619721d94cce
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2359
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:45 GMT
Last-Modified: Fri, 25 Nov 2022 19:34:26 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 278
outbursttones.com/01/10/5f/01105f188a1c32226733edcb09dd3870.js
192.243.61.227200 OK 21 kB URL HTTP/1.1 outbursttones.com/01/10/5f/01105f188a1c32226733edcb09dd3870.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (60201), with no line terminators
Hash b0c80476dc255e7d655e34ef0054e787
93b0375b250a6fd389efb397a32abddf636e3c3f
f01aa9b167d0398b13e0621e83ebd7d911c1a8b8923b8add6d9307ec8cc13162
Analyzer Verdict Alert fortinet Malware
GET /01/10/5f/01105f188a1c32226733edcb09dd3870.js HTTP/1.1
Host: outbursttones.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 25 Nov 2022 20:13:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8155059f38cebb3e4430dd1825602066
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ceprovidingsesse.com/popunder.gif
104.21.20.247200 OK 58 B URL HTTP/1.1 ceprovidingsesse.com/popunder.gif
IP 104.21.20.247:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 79c15b369d32d2f0f17c116f541b6df3
3039289d4d1f5bc7385a81621deb2614423b769b
e3a3c6b90f511e80a77636fdd4c6047336d4ed5b2c86adf74318a08142649e08
GET /popunder.gif HTTP/1.1
Host: ceprovidingsesse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 20:13:45 GMT
Content-Type: image/gif
Content-Length: 58
Connection: keep-alive
access-control-allow-origin: *
Pragma: public
cache-control: public, max-age=604800, immutable
content-encoding: gzip
CF-Cache-Status: HIT
Age: 3529
Last-Modified: Fri, 25 Nov 2022 19:14:56 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F0OzMWQBxlGyexY1Ptvu4eAgw%2BY7nR1SSTAUh078%2F6O2Dd3wALtIy0AbOSjfqUr0Fwp5I6nauF%2BTzFvtgiLXFbY17PIj5Kqbk1k2UGnNMK5oVknJ4UCWY4MOXuteS71QqEad4C6PrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76fd0bf52948b509-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 54f24adb80ed3e82590fae1e776d2df6
502bcc08679c733c00caab73fb2facaaa2f04fe7
581b3030b7c35b78f5537d3fffd0630add6c5e4b7873f7b97cb71fc0993a6fe6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "581B3030B7C35B78F5537D3FFFD0630ADD6C5E4B7873F7B97CB71FC0993A6FE6"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11605
Expires: Fri, 25 Nov 2022 23:27:10 GMT
Date: Fri, 25 Nov 2022 20:13:45 GMT
Connection: keep-alive
push.services.mozilla.com/
34.214.236.46101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.236.46:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GedY6l3W8sBVmWPnWLhHWA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8DmxnzYe6lfd/XKlWmr28BWdJs4=
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 966255e8eae5f73b5fe45aab88646f99
57eadbf09ae6a8170cdfe3b0691b908f49e2c08d
a99ecadf4c294cebf0c392ea036f508443cb471c44773cc5ea0212ab86074cbe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4775
Cache-Control: max-age=123887
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:45 GMT
Etag: "63805041-1d7"
Expires: Sun, 27 Nov 2022 06:38:32 GMT
Last-Modified: Fri, 25 Nov 2022 05:18:57 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash e61028bc752671cea11924bc1a42a422
b2555d630c063dda53f0e5a84324759e42b48352
23c45f9941b1a476fe0cd4650c9ea13a22e05e5640025e380b13faa4997109ca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash e61028bc752671cea11924bc1a42a422
b2555d630c063dda53f0e5a84324759e42b48352
23c45f9941b1a476fe0cd4650c9ea13a22e05e5640025e380b13faa4997109ca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3f4a7fb0a46243afcdef495930802d62
979a0675885be263f28e6b3cf9a699c8cdd69f04
6428e7f877dc58c23c7ac0d9597d40db3548026b8e5aa5f5c58706841b45bd1c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6428E7F877DC58C23C7AC0D9597D40DB3548026B8E5AA5F5C58706841B45BD1C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16339
Expires: Sat, 26 Nov 2022 00:46:04 GMT
Date: Fri, 25 Nov 2022 20:13:45 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 393 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash a77111409530b8dc65a4e71f329b38b6
567bee86420ddc54df79ce91ccff81e7e0bcf9d3
121bb08db6fcef3148d3934092bbabd023d6690ad231a8b4c96d9741924f89a5
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 25 Nov 2022 20:13:45 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-570128243%3A1669407225391414&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAtAHmlc7e8bO3999n_GmC4CjieyQMNI5qLhe5YmFPBMkgE4ykB-WJpBnOD0C6XFBuI7kl4-8w
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-FUHLFqKNUetCPlNIZfVwiA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:2dEvock24wocfs4qzdenD-1Jszf7Bw:NNDk9_EAisz9Za90;Path=/;Expires=Sun, 24-Nov-2024 20:13:45 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash bc8d456542f88a5e3712f8679104234f
a4bc16d08d7a947bbe90d88dc91bb62e84e53897
eb150b7f1125829f285ce9921321db482eb89099687d14f9f80796a60052f6b1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4297
Cache-Control: max-age=134205
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:45 GMT
Etag: "63807a6d-118"
Expires: Sun, 27 Nov 2022 09:30:30 GMT
Last-Modified: Fri, 25 Nov 2022 08:18:53 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash 74e75e5730ceb922c64dc60fbfcbe185
8b4f8ca893502f27a467c9008f604e4f1bf10d37
33351b297123910a8411d89061d6683d2b40027cb9cd6ee19d7e8d82ee730de5
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 25 Nov 2022 20:13:45 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S856243082%3A1669407225401616&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAtD-i46fEUYRlyAHBJEn1V2Eyv9DKuTOlRzfmzAnzjDGC0LwP9I_nzfJ792ePKRTcwpauF5rw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-V7hl4VkyEQ2Hs9Nj31S9-A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:JjZocXsp7ZLJpy9HL65dRu9XFLMNNQ:nyNKO0-EAdP2Smp5;Path=/;Expires=Sun, 24-Nov-2024 20:13:45 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ab6e654cfddec8c489aa5d3b99a47517
60d065be654e0b422b9f669a51ffda7a998243c6
91f93955ababb7c2f2d190a9bdc78e71499693d2316eb834ba7c5e70f9cc29d2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91F93955ABABB7C2F2D190A9BDC78E71499693D2316EB834BA7C5E70F9CC29D2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6121
Expires: Fri, 25 Nov 2022 21:55:46 GMT
Date: Fri, 25 Nov 2022 20:13:45 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 65992aeb8efb9a0b8fd59687090733fe
526a2afccc93d32849185d153fafe44b72797df9
b6677984b6c3602d7b62df776158c09a3e57eec4c0edbddafb0624200715f10e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 966255e8eae5f73b5fe45aab88646f99
57eadbf09ae6a8170cdfe3b0691b908f49e2c08d
a99ecadf4c294cebf0c392ea036f508443cb471c44773cc5ea0212ab86074cbe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4775
Cache-Control: max-age=123887
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:45 GMT
Etag: "63805041-1d7"
Expires: Sun, 27 Nov 2022 06:38:32 GMT
Last-Modified: Fri, 25 Nov 2022 05:18:57 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0a5c1b54daca67c400e76b7224ae5521
2583cebe55e8d1bfe6c921d595d8d36cf480ff2f
941e5441730c4558040e0decdec018ff15dad6abc6be4858c6417f2e941dbcbd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "941E5441730C4558040E0DECDEC018FF15DAD6ABC6BE4858C6417F2E941DBCBD"
Last-Modified: Thu, 24 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18696
Expires: Sat, 26 Nov 2022 01:25:21 GMT
Date: Fri, 25 Nov 2022 20:13:45 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash bc8d456542f88a5e3712f8679104234f
a4bc16d08d7a947bbe90d88dc91bb62e84e53897
eb150b7f1125829f285ce9921321db482eb89099687d14f9f80796a60052f6b1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4297
Cache-Control: max-age=134205
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:45 GMT
Etag: "63807a6d-118"
Expires: Sun, 27 Nov 2022 09:30:30 GMT
Last-Modified: Fri, 25 Nov 2022 08:18:53 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
eraltradiansid.com/utx?cb=v8Hi5QRk4MZg&top=www.file-upload.com&tid=889766
13.227.153.84204 No Content 0 B URL HTTP/2 eraltradiansid.com/utx?cb=v8Hi5QRk4MZg&top=www.file-upload.com&tid=889766
IP 13.227.153.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=v8Hi5QRk4MZg&top=www.file-upload.com&tid=889766 HTTP/1.1
Host: eraltradiansid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 20:13:45 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 25 Nov 2022 20:14:45 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 7581b95dc5c9e1ffa79fb8e4b4276bf8.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC51-C1
x-amz-cf-id: RJUsKkIEnsfkwhPSQTIgrXp9h2nLaSvninnInlwBJlpKBDeYtl5Edw==
X-Firefox-Spdy: h2
eraltradiansid.com/utx?cb=ZLEspFEaZPmT&top=www.file-upload.com&tid=888399
13.227.153.84204 No Content 0 B URL HTTP/2 eraltradiansid.com/utx?cb=ZLEspFEaZPmT&top=www.file-upload.com&tid=888399
IP 13.227.153.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=ZLEspFEaZPmT&top=www.file-upload.com&tid=888399 HTTP/1.1
Host: eraltradiansid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 20:13:45 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 25 Nov 2022 20:14:45 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 7581b95dc5c9e1ffa79fb8e4b4276bf8.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC51-C1
x-amz-cf-id: 7vu4LAzOrwL4oj7K_8fEWidcx-ZCheWx_eVH6JMbI1Gpvg0aviHnVQ==
X-Firefox-Spdy: h2
eraltradiansid.com/utx?cb=PF5xH2bWiBml&top=www.file-upload.com&tid=922253
13.227.153.84204 No Content 0 B URL HTTP/2 eraltradiansid.com/utx?cb=PF5xH2bWiBml&top=www.file-upload.com&tid=922253
IP 13.227.153.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=PF5xH2bWiBml&top=www.file-upload.com&tid=922253 HTTP/1.1
Host: eraltradiansid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 20:13:45 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 25 Nov 2022 20:14:45 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 7581b95dc5c9e1ffa79fb8e4b4276bf8.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC51-C1
x-amz-cf-id: 1DjbpN6REFyjuHP_N0dsHdtkQALhrVolCXK5xUgmCz0CIZWE86Vf4Q==
X-Firefox-Spdy: h2
eraltradiansid.com/utx?cb=ooHHcgHg2VUX&top=www.file-upload.com&tid=888398
13.227.153.84204 No Content 0 B URL HTTP/2 eraltradiansid.com/utx?cb=ooHHcgHg2VUX&top=www.file-upload.com&tid=888398
IP 13.227.153.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=ooHHcgHg2VUX&top=www.file-upload.com&tid=888398 HTTP/1.1
Host: eraltradiansid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 20:13:45 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 25 Nov 2022 20:14:45 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 7581b95dc5c9e1ffa79fb8e4b4276bf8.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC51-C1
x-amz-cf-id: 2zQMdV5e7dX0Emf7ssNwCeKLxaWUcO2QZsGjGAlte0V5Foui8tO7fA==
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=56f36aec3049476a893081f9700bcc2a
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=56f36aec3049476a893081f9700bcc2a
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 7bd474cc9b48a382a2266f436be026a7
08b1d0576e413359680d1a04e81af43851e3a565
d6e40a39c05aee529bd6d2eb10ad93766852d0ac6b9d315074f99bbcbf3b07b6
GET /gid.js?userId=56f36aec3049476a893081f9700bcc2a HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 20:13:45 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://www.file-upload.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=56f36aec3049476a893081f9700bcc2a; expires=Sat, 25 Nov 2023 20:13:45 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3f4a7fb0a46243afcdef495930802d62
979a0675885be263f28e6b3cf9a699c8cdd69f04
6428e7f877dc58c23c7ac0d9597d40db3548026b8e5aa5f5c58706841b45bd1c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6428E7F877DC58C23C7AC0D9597D40DB3548026B8E5AA5F5C58706841B45BD1C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16339
Expires: Sat, 26 Nov 2022 00:46:04 GMT
Date: Fri, 25 Nov 2022 20:13:45 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash c910a44bf58b708c25d146fd52adb8e9
374a72c3026ea1fa5defd1e8eb7be2ca7184dfd5
3cf34029e6a112320130d154ac1291e49bcb4a80f0caaf84309456986f0adc77
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 20:13:45 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 13:33:17 GMT
Expires: Fri, 02 Dec 2022 13:33:16 GMT
Etag: "374a72c3026ea1fa5defd1e8eb7be2ca7184dfd5"
Cache-Control: max-age=580170,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76fd0bf80aa3b4f3-OSL
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
37.48.68.71200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 902
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 25 Nov 2022 20:13:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: http://www.file-upload.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
eraltradiansid.com/floater?cs=TlJLVjh%2BYnpvD31mc2cIfmZ5ZQ4&abt=0&red=1&sm=83&k=download%20rateur%20code%20package&v=0.8.12.0&sts=0&prn=0&emb=0&tid=888399&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww.file-upload.com%2Fva6noqhsd49d&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=ta2_oi1_&_yi4m=1669407224493&crc=1
13.227.153.84200 OK 1.3 kB URL HTTP/2 eraltradiansid.com/floater?cs=TlJLVjh%2BYnpvD31mc2cIfmZ5ZQ4&abt=0&red=1&sm=83&k=download%20rateur%20code%20package&v=0.8.12.0&sts=0&prn=0&emb=0&tid=888399&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww.file-upload.com%2Fva6noqhsd49d&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=ta2_oi1_&_yi4m=1669407224493&crc=1
IP 13.227.153.84:0
File type ASCII text, with very long lines (2011), with no line terminators
Hash 7b42e06c621fc22224e812324c325f38
b803606761fc92827c8e057fc918b93e1e18978b
f1fff88d96a25b72da1d81b565e677773457895f3c31a0b82cf5958c4a4a669c
GET /floater?cs=TlJLVjh%2BYnpvD31mc2cIfmZ5ZQ4&abt=0&red=1&sm=83&k=download%20rateur%20code%20package&v=0.8.12.0&sts=0&prn=0&emb=0&tid=888399&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww.file-upload.com%2Fva6noqhsd49d&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=ta2_oi1_&_yi4m=1669407224493&crc=1 HTTP/1.1
Host: eraltradiansid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
content-length: 1283
date: Fri, 25 Nov 2022 20:13:45 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=0d68ec89-4ff4-4f49-bb0b-f82cb58edfb3
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 7581b95dc5c9e1ffa79fb8e4b4276bf8.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC51-C1
x-amz-cf-id: u55K1qApZUCUb21pz08oC10nZsNKPEfR-kIXelAPmbDHlcqTYyBGLg==
X-Firefox-Spdy: h2
oaphoace.net/500/5419445?excludes=&oaid=56f36aec3049476a893081f9700bcc2a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2Fva6noqhsd49d&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 0 B URL HTTP/2 oaphoace.net/500/5419445?excludes=&oaid=56f36aec3049476a893081f9700bcc2a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2Fva6noqhsd49d&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5419445?excludes=&oaid=56f36aec3049476a893081f9700bcc2a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2Fva6noqhsd49d&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 20:13:45 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: http://www.file-upload.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.173.27200 OK 355 B IP 172.64.173.27:0
File type ASCII text, with no line terminators
Hash b11ae9f3e20127f6c1ca34b34f2c7bcd
7c93e6f4d121b73d71d6bb8db31dd51dfcaaa140
5af97a7cdb11ff72267bb405ec694d77424e79048da1715c6e3f6adc8025d645
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:45 GMT
content-type: text/plain
set-cookie: csu=1914818846444624@1@1669407225; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2WjthjyzAZhqDbbaEMmYOAydkIScgpulsNMNyioVtm0JKs8U0WlIda2SEXP9ZgNujsgZkHGhJENEtpN%2Fo1KDkGMhat2EmcNuZAOgzhYIcpjacTshJYC3EyhpjaW5xCXu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fd0bf7b89d0676-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash fe29cf8b79ffa4c0adb3ab4ca8265a83
e9d128a7b2c275f0bb0e7c0b9707b769b150f7db
4b543fabe82e66efbae309130363c09e8209582c288fa2f81831b7b9c7ffa078
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6185
Cache-Control: max-age=110176
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:46 GMT
Etag: "63801531-117"
Expires: Sun, 27 Nov 2022 02:50:02 GMT
Last-Modified: Fri, 25 Nov 2022 01:06:57 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash e691756a7eaad68b37a05d81052d4625
51ae79d1a300529013b576ed5f30fd7eeb93f57d
b4057cce093dbc0c5928df15ca2dfa39a93ae1e9b9c0a2824a4bd09b8c356e75
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=149496
Date: Fri, 25 Nov 2022 20:13:46 GMT
Etag: "6380c395-1d7"
Expires: Sun, 27 Nov 2022 13:45:22 GMT
Last-Modified: Fri, 25 Nov 2022 13:31:01 GMT
Server: ECS (dcb/7F5B)
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rwHpGjhrF6ONL_g3sUNRrlhGCrRhVKrSkYiazAIrHmqh6KrmKPNRVg==
Age: 861
offerimage.com/www/images/50b11cc01fbd6cdb8acdae00f1fb43dc.jpeg
172.67.22.216200 OK 19 kB URL HTTP/2 offerimage.com/www/images/50b11cc01fbd6cdb8acdae00f1fb43dc.jpeg
IP 172.67.22.216:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 50b11cc01fbd6cdb8acdae00f1fb43dc
be6a1b25cba82f870544fdbc294a968fcb16c2fe
537da3b3b033713497f246da40482daedd785ea4e39818d52a9d5c314ba9d30c
GET /www/images/50b11cc01fbd6cdb8acdae00f1fb43dc.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:46 GMT
content-type: image/jpeg
content-length: 18821
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6232a397-4985"
expires: Sat, 26 Nov 2022 18:45:07 GMT
last-modified: Thu, 17 Mar 2022 02:57:27 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 5319
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fd0bfada210b41-OSL
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash bc1742a97f28facda50d069eadb4fb66
755512586aa4ac45ff77ed855b0eed6b399fe9d8
7bc1bf2e3f3ecde1a36fb229e797b08f19ec3d20b4bb0f5cf918528d84f84c1a
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:46 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
set-cookie: uid_id2=639d9de4-3140-42b5-8126-06622d7f1530:2:1; expires=Mon, 22 Nov 2032 20:13:46 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
oaphoace.net/500/5419445?excludes=&oaid=56f36aec3049476a893081f9700bcc2a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2Fva6noqhsd49d&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 18 kB URL HTTP/2 oaphoace.net/500/5419445?excludes=&oaid=56f36aec3049476a893081f9700bcc2a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2Fva6noqhsd49d&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (2338)
Hash 8e6a2042b0e9518ec815263f64f228b3
ba3efc565573947ea6578102ef648b7e15fd6859
6ce4459d91a786450f79d7e5d00efb97106c5ef5ee110ffc778762d702e93a20
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5419445?excludes=&oaid=56f36aec3049476a893081f9700bcc2a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2Fva6noqhsd49d&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: OAID=56f36aec3049476a893081f9700bcc2a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 20:13:45 GMT
content-type: application/javascript
x-trace-id: c283dd23bc56d412b2f652bd04d8660d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: http://www.file-upload.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=56f36aec3049476a893081f9700bcc2a; expires=Sat, 25 Nov 2023 20:13:45 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
oaphoace.net/401/5419445?oo=1&oaid=56f36aec3049476a893081f9700bcc2a
139.45.197.239200 OK 2.5 kB URL HTTP/2 oaphoace.net/401/5419445?oo=1&oaid=56f36aec3049476a893081f9700bcc2a
IP 139.45.197.239:0
File type JSON data\012- , ASCII text, with very long lines (2164)
Hash 3889f2202345f271a56ba1b363a2b84d
003e6b82371a7ff6714907e16ad9eec22975841e
e59865782e704c574ece11e9bea642722c70ecffb168c2d64f2d41cdc34579d7
Analyzer Verdict Alert quad9 Sinkholed
GET /401/5419445?oo=1&oaid=56f36aec3049476a893081f9700bcc2a HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: OAID=ec75a2906e0441209b9bda27103fe22b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 20:13:45 GMT
content-type: application/json
x-trace-id: a4cb978f6b8954789b4717da7dc81885
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: http://www.file-upload.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=56f36aec3049476a893081f9700bcc2a; expires=Sat, 25 Nov 2023 20:13:45 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=514228950&utmhn=www.file-upload.com&utmcs=UTF-8&utmsr=1280x1024&utmvp=1268x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20G%C3%A9n%C3%A9rateur%20code%20vip%20package%20rar&utmhid=1547193039&utmr=-&utmp=%2Fva6noqhsd49d&utmht=1669407225580&utmac=UA-42931250-7&utmcc=__utma%3D184767038.1447410018.1669407226.1669407226.1669407226.1%3B%2B__utmz%3D184767038.1669407226.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=595210457&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
142.250.74.174302 Found 369 B URL HTTP/1.1 www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=514228950&utmhn=www.file-upload.com&utmcs=UTF-8&utmsr=1280x1024&utmvp=1268x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20G%C3%A9n%C3%A9rateur%20code%20vip%20package%20rar&utmhid=1547193039&utmr=-&utmp=%2Fva6noqhsd49d&utmht=1669407225580&utmac=UA-42931250-7&utmcc=__utma%3D184767038.1447410018.1669407226.1669407226.1669407226.1%3B%2B__utmz%3D184767038.1669407226.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=595210457&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
IP 142.250.74.174:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 90f2a3ba3e5897c17832093ae574b782
c40956ae94f357e8b6eda1ea8be11dc7e7d9731e
71c0ab2917ae1547fc4289f00f46f478aeec39f9fd6fb58c0f3d3991b34f62dc
GET /r/__utm.gif?utmwv=5.7.2&utms=1&utmn=514228950&utmhn=www.file-upload.com&utmcs=UTF-8&utmsr=1280x1024&utmvp=1268x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20G%C3%A9n%C3%A9rateur%20code%20vip%20package%20rar&utmhid=1547193039&utmr=-&utmp=%2Fva6noqhsd49d&utmht=1669407225580&utmac=UA-42931250-7&utmcc=__utma%3D184767038.1447410018.1669407226.1669407226.1669407226.1%3B%2B__utmz%3D184767038.1669407226.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=595210457&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 302 Found
Location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-42931250-7&cid=1447410018.1669407226&jid=595210457&_v=5.7.2&z=514228950
Access-Control-Allow-Origin: *
Date: Fri, 25 Nov 2022 20:13:46 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
Server: Golfe2
Content-Length: 369
whiskerssituationdisturb.com/38/f0/0a/38f00a36b3d7705a00e14d2d7baaa601.js
173.233.137.60200 OK 13 kB URL HTTP/1.1 whiskerssituationdisturb.com/38/f0/0a/38f00a36b3d7705a00e14d2d7baaa601.js
IP 173.233.137.60:0
Hash 77dbb618f8adfe05f69e264a767c00e6
c18e35b41ca1b46cf75428cf5d488274e68c9900
5c9b3d9fe76d38862c0ad376acdaec2d772659df218f08a46ec2d446716af5dd
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /38/f0/0a/38f00a36b3d7705a00e14d2d7baaa601.js HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 20:13:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0fb46278dfe84676dfb1a196b4a3d65f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d3d2d21ac304813a16da64921ce18ba4
98b1762c675c61eeb18254986461e6b1074ebc92
af00429c189464ddb8df704dc48035421f943444df6ca17390fb97466c2e7e9b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bedrapiona.com/5/5003260/?oo=1&js_build=iclick-v1.454.0
139.45.197.234200 OK 7.2 kB URL HTTP/2 bedrapiona.com/5/5003260/?oo=1&js_build=iclick-v1.454.0
IP 139.45.197.234:0
Hash 02d20938e5013bba979964cef266c08f
d37b4eb34b8c2cf8a7dd757344a606972e43922d
8df2f3a7bc8f97015719a91a259b20bb48ddc2b16a6d061f991760fe8f81f677
GET /5/5003260/?oo=1&js_build=iclick-v1.454.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 20:13:45 GMT
content-type: application/json
x-trace-id: bc36572003c8f034b698ef75952dd6be
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=56f36aec3049476a893081f9700bcc2a; expires=Sat, 25 Nov 2023 20:13:45 GMT; path=/; secure; SameSite=None
oaidts=1669407225; expires=Sat, 25 Nov 2023 20:13:45 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-42931250-7&cid=1447410018.1669407226&jid=595210457&_v=5.7.2&z=514228950
142.251.1.154302 Found 367 B URL HTTP/2 stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-42931250-7&cid=1447410018.1669407226&jid=595210457&_v=5.7.2&z=514228950
IP 142.251.1.154:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash ac70d8f5cc499ffea86fe0ccd9e1f838
6cdc3794530c4af3c930dbff0c43b1e6bd3e385a
f0850742b66a26830b4b43a8399f49056e2918e196b46c7d58c88edf1241dee3
GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-42931250-7&cid=1447410018.1669407226&jid=595210457&_v=5.7.2&z=514228950 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=1447410018.1669407226&jid=595210457&_v=5.7.2&z=514228950
access-control-allow-origin: *
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 25 Nov 2022 20:13:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: Golfe2
content-length: 367
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3622
Expires: Fri, 25 Nov 2022 21:14:08 GMT
Date: Fri, 25 Nov 2022 20:13:46 GMT
Connection: keep-alive
pogothere.xyz/asd100.bin
172.64.173.27200 OK 103 kB IP 172.64.173.27:0
Size 103 kB (102903 bytes)
Hash 2d58d9754cddd16bec2e8a052b05af11
db6622ad02a9ad5b66cd300a0b108d80ab01c894
b2b68722c342b46307091d6172d6709108351ea7d8dae1d4102c80eecbab9be2
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:45 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Fri, 25 Nov 2022 13:55:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FDLThye%2FuQyolOcPh3b21qaaAuebOub1CneFFAZXlaA1qpQ8odCkizOH5r4%2BEwvh4zpGQ6xDZ3DyC4FHIyrUe8VBJ2MAdbO1JTkVFYCSTW2nbKsXVvBl6Urn1rb3LCIk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fd0bf6cf3a0676-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 05:04:28 GMT
age: 54558
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4006a9037ab5f28dca62b0aa7a704c41
74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b
556ae6516a1f272a96569a3637858292731a34e82672b682f6e7442ca68f4b1d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3955
x-amzn-requestid: 42c8d309-a8d2-47cc-8d97-c7fa3a63f8cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM9NGJHoAMF4sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8eba-2a06cda9346bd02c46955444;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5MlzpHpq7auKLSAYikINuPAylXI11VJL3xxIJ9Dyub-7rjQaPfg0WQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 04:23:00 GMT
age: 57046
etag: "74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
connect.facebook.net/en_US/sdk.js?hash=8c7a66080be7a461f54cf59f806ad282
157.240.200.14200 OK 88 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=8c7a66080be7a461f54cf59f806ad282
IP 157.240.200.14:0
File type ASCII text, with very long lines (18530)
Hash 8111d9e6391b71f13c0101ee4007876c
75e7f82747575e4d9ac5e8e8222a9c68f7c3f52d
9a8a1c1a011167a8e6058cebdf2c953ea98a3388110d517dc7a8bfd17a1d98fa
GET /en_US/sdk.js?hash=8c7a66080be7a461f54cf59f806ad282 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 3f9c8c5a9aa352733ac5003fcd38f62e
etag: "03196578fce3813d6fe791bea6ab02da"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sat, 25 Nov 2023 19:14:45 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: gRHZ5jkbcfE8AQHuQAeHbA==
x-fb-debug: XsXHkUfAasoIA4CFcgTO0HQSdou87gkMClRx2PX4ly+SMeiMUYGzaV5oX9vi/tWJbbfcgT3VBDtdod1s57ZJLg==
content-length: 88359
x-fb-trip-id: 1679558926
date: Fri, 25 Nov 2022 20:13:46 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8784bb7a8b88736a6016f712e3183bf3
b0ddc1555d2506177adcdcea77864d75f1245d07
8e331713b0ad0b5670dd33dfdadde665e076a40ddb80905d4df89876d49803d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11743
x-amzn-requestid: 9ab0aba7-5cd1-4f6c-8984-dc221e1cbf8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cICD-F7joAMFqmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe3b2-152ba5f1495a44447356cdab;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oWSNdsrz59sJC2znLnFqa_Zm3T14_d6j-rjzDQe4yV22Dy2Qc4Swaw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:54:45 GMT
age: 80341
etag: "b0ddc1555d2506177adcdcea77864d75f1245d07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8b6ee13d43732f7c764a49500d092865
5d15fd672e968d59b541e4d5d0d01cd5e69f4075
fc3623d527147e1c6aab399251ed8d527e6eefdee6ad7183f00df2613498bfe4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8006
x-amzn-requestid: 78aab013-df11-464b-a1c7-ee41b7e77b40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-AHSrIAMFvKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38c-4d795f410a57fc2c21d7075d;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NntLZ3wUdcX9kEo-afFLU0TPKgqAlSK3bToNh2mmoqoyLBJINNk7ow==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:54:39 GMT
age: 80347
etag: "5d15fd672e968d59b541e4d5d0d01cd5e69f4075"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d3d2d21ac304813a16da64921ce18ba4
98b1762c675c61eeb18254986461e6b1074ebc92
af00429c189464ddb8df704dc48035421f943444df6ca17390fb97466c2e7e9b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 76544babbcf6515110bd81aaee8e7e63
043497692868c67ac84cdfe70d0a484517abd1c2
a19d5958d683662375a2469d1d7e551188469b967eb6f2bae2d5e43dac51a4f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=1447410018.1669407226&jid=595210457&_v=5.7.2&z=514228950
142.250.74.164302 Found 0 B URL HTTP/2 www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=1447410018.1669407226&jid=595210457&_v=5.7.2&z=514228950
IP 142.250.74.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=1447410018.1669407226&jid=595210457&_v=5.7.2&z=514228950 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 20:13:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=1447410018.1669407226&jid=595210457&_v=5.7.2&z=514228950&slf_rd=1&random=1381749212
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 163d4912a06d8358abc770dc0351d7b4
1e8dc04b95e704679ab729f81716466ea8a3e591
72245d178d481350af611804e557032ffb7bb3a3e8cdb83f3332a5ffba78d193
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=1447410018.1669407226&jid=595210457&_v=5.7.2&z=514228950&slf_rd=1&random=1381749212
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=1447410018.1669407226&jid=595210457&_v=5.7.2&z=514228950&slf_rd=1&random=1381749212
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=1447410018.1669407226&jid=595210457&_v=5.7.2&z=514228950&slf_rd=1&random=1381749212 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 20:13:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 163d4912a06d8358abc770dc0351d7b4
1e8dc04b95e704679ab729f81716466ea8a3e591
72245d178d481350af611804e557032ffb7bb3a3e8cdb83f3332a5ffba78d193
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
friendshipmale.com/sfp.js
172.64.163.31200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 172.64.163.31:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 20:13:46 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: c7b4f8641e4ee17c1c9f1728519ae37b
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 25 Nov 2022 20:13:46 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xyd5y9RrdxOTqH1%2FT7RRjFkc8%2ByxEb7dXfMHNqMKTpUUci5n6Y9HY%2B56h8Qyc%2F0zNzliEGLCzTq9ltgvxy9ywySmVdjkwL1aho6hcXW65WtiDd9hm6WQu8Sa87u4sW0xsdMBNOE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76fd0bfdc82f0672-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e6d361864dc7df25449d987390b4580
b31810e4d1f722f291d9e0115adede9d8f5fff55
fe6f09bffe208e0aedffa45395437fefbd27af3b370df0d8d9916673fcee80ce
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FE6F09BFFE208E0AEDFFA45395437FEFBD27AF3B370DF0D8D9916673FCEE80CE"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5236
Expires: Fri, 25 Nov 2022 21:41:03 GMT
Date: Fri, 25 Nov 2022 20:13:47 GMT
Connection: keep-alive
xml.serve-servee.com/thumbnail?i=-4FEpS7xkro_1&imgt=icon
172.64.111.7302 Found 0 B URL HTTP/2 xml.serve-servee.com/thumbnail?i=-4FEpS7xkro_1&imgt=icon
IP 172.64.111.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=-4FEpS7xkro_1&imgt=icon HTTP/1.1
Host: xml.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 25 Nov 2022 20:13:47 GMT
content-length: 0
location: https://static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AAEh3x%2BO0kHlX2krkVMIvyMW40xrn%2Ft059I9bZBOyNdQL0yAntVUnf%2BPs0JZ9mCpS0%2F2J7QKq%2Fsm1dPYxj0Z3ndtWzcKwdUhSp1qkkbMCcpt7mBwjnseQQQCIOx7rwLZ4rhXfRtVow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fd0c016c8b88c2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
172.64.111.7200 OK 1.1 kB URL HTTP/2 static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
IP 172.64.111.7:0
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash 4fa2beaeca8f598401f3ec6300cb860b
45634806ea1fa936c0e600b8b22f835600529b36
ef897a0bab353d84bf69ae3570347dea36236575a7b1bbd5992b8f256f856577
GET /n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png HTTP/1.1
Host: static.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:47 GMT
content-type: image/png
content-length: 1112
last-modified: Fri, 24 Apr 2020 13:59:43 GMT
accept-ranges: bytes
etag: "5ea2f0cf-458"
cache-control: max-age=86400
x-hw: 1669407227.cds218.lo4.h2,1669407227.cds216.lo4.c
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZbtgQskgWWxA5Q2UTCVuIPkF7I2gnZLXfmyAOCXOosEpe77Y03Bzi1ucZVauu5CodjpZx%2FX33QZ84cX4d7iMJMepJeCyjbfHiHjM0RUyXNNGqskaP0sAGEQqYSkGnLmrC6CTQbdG6rC2rA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fd0c024e2788c2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e6d361864dc7df25449d987390b4580
b31810e4d1f722f291d9e0115adede9d8f5fff55
fe6f09bffe208e0aedffa45395437fefbd27af3b370df0d8d9916673fcee80ce
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FE6F09BFFE208E0AEDFFA45395437FEFBD27AF3B370DF0D8D9916673FCEE80CE"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5236
Expires: Fri, 25 Nov 2022 21:41:03 GMT
Date: Fri, 25 Nov 2022 20:13:47 GMT
Connection: keep-alive
oaphoace.net/impression/ZMc4V7gXyLK5-olfTzwg7hH4bMHEuISpQTjIk3QDtsFCNkx8m7nxUNgCbzgFIcVT0rgYZdIjbiRchhWGdw-y7jFNolPeq5vY2JyIG7xTtY6KsbR4TJ1pDtCKCI0p9Tx8t2N8B_IhfMS6YPgDsb9OYwHq-OO8FWrEn_uT9aV2JIjYYh7r8UBU_refOF7Q2Y0VAI4eMlMmL4dBMh6Yd6NFWQkGNuovJZA7cFSkf5DLkPEwrtB0B703_00qIEAJ1uU6lgVmZxd4MgYK0PTQdKHm3MIW_VsjMHqUbTL15m2hsDN29p1V7DPSKvw6oTSurDKql6Q6zoOXZevenGMJy9iu0x5PDWmdm2vN2t4cEpByJfVRHa9WmjRdwqxw88A_ndO1jsvjKAiuiFXWIRAsh5wI_e5sXKnxITo3fCRWypm5kZJRWc18tMXlEtaJAaIIvOWrDtGdperBnuaLl_wIH79-Ww1ntaAQi-3Ijex0DFMTUOPqit7uOCBMzHUMoX3lxAK2kOQAdPdLr-FAtuo8NFSJPUUSm57XaWnoqm9ShrIhe9YpaYYKxhk8jaS3S5O60WDHAFGGfUUpCGC9_PIiPeQCt85qtmENH5jzGmE4Hg==?_z=5419445&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fwww.file-upload.com%2Fva6noqhsd49d&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 43 B URL HTTP/2 oaphoace.net/impression/ZMc4V7gXyLK5-olfTzwg7hH4bMHEuISpQTjIk3QDtsFCNkx8m7nxUNgCbzgFIcVT0rgYZdIjbiRchhWGdw-y7jFNolPeq5vY2JyIG7xTtY6KsbR4TJ1pDtCKCI0p9Tx8t2N8B_IhfMS6YPgDsb9OYwHq-OO8FWrEn_uT9aV2JIjYYh7r8UBU_refOF7Q2Y0VAI4eMlMmL4dBMh6Yd6NFWQkGNuovJZA7cFSkf5DLkPEwrtB0B703_00qIEAJ1uU6lgVmZxd4MgYK0PTQdKHm3MIW_VsjMHqUbTL15m2hsDN29p1V7DPSKvw6oTSurDKql6Q6zoOXZevenGMJy9iu0x5PDWmdm2vN2t4cEpByJfVRHa9WmjRdwqxw88A_ndO1jsvjKAiuiFXWIRAsh5wI_e5sXKnxITo3fCRWypm5kZJRWc18tMXlEtaJAaIIvOWrDtGdperBnuaLl_wIH79-Ww1ntaAQi-3Ijex0DFMTUOPqit7uOCBMzHUMoX3lxAK2kOQAdPdLr-FAtuo8NFSJPUUSm57XaWnoqm9ShrIhe9YpaYYKxhk8jaS3S5O60WDHAFGGfUUpCGC9_PIiPeQCt85qtmENH5jzGmE4Hg==?_z=5419445&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fwww.file-upload.com%2Fva6noqhsd49d&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/ZMc4V7gXyLK5-olfTzwg7hH4bMHEuISpQTjIk3QDtsFCNkx8m7nxUNgCbzgFIcVT0rgYZdIjbiRchhWGdw-y7jFNolPeq5vY2JyIG7xTtY6KsbR4TJ1pDtCKCI0p9Tx8t2N8B_IhfMS6YPgDsb9OYwHq-OO8FWrEn_uT9aV2JIjYYh7r8UBU_refOF7Q2Y0VAI4eMlMmL4dBMh6Yd6NFWQkGNuovJZA7cFSkf5DLkPEwrtB0B703_00qIEAJ1uU6lgVmZxd4MgYK0PTQdKHm3MIW_VsjMHqUbTL15m2hsDN29p1V7DPSKvw6oTSurDKql6Q6zoOXZevenGMJy9iu0x5PDWmdm2vN2t4cEpByJfVRHa9WmjRdwqxw88A_ndO1jsvjKAiuiFXWIRAsh5wI_e5sXKnxITo3fCRWypm5kZJRWc18tMXlEtaJAaIIvOWrDtGdperBnuaLl_wIH79-Ww1ntaAQi-3Ijex0DFMTUOPqit7uOCBMzHUMoX3lxAK2kOQAdPdLr-FAtuo8NFSJPUUSm57XaWnoqm9ShrIhe9YpaYYKxhk8jaS3S5O60WDHAFGGfUUpCGC9_PIiPeQCt85qtmENH5jzGmE4Hg==?_z=5419445&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fwww.file-upload.com%2Fva6noqhsd49d&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: OAID=56f36aec3049476a893081f9700bcc2a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 20:13:48 GMT
content-type: image/gif
content-length: 43
x-trace-id: b26c4614127a9b733081f22991f72a1d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b44543de9922ec7d97f2e0be1865553e
caef856450efd75de0cfae9402903b1f4bd6de4c
d251377b4bc11c32a847ce4dc5dfda92e56031617f5b3eeea54fdcd0945b3eb7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
142.250.74.10200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP 142.250.74.10:0
Hash 20ba0c83ef82cabc901196ec1d26acca
0848dff81e070857fea326b49f7eb5f94981aed5
f17fc7d04014308039c5f1a02488d9d28e2a7f10027f417052e9e1458c558776
GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 25 Nov 2022 20:13:49 GMT
date: Fri, 25 Nov 2022 20:13:49 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 87de3dd2c7dce12b01a337d1554a222a
30e0bd68bbb78995aa8a0686ac02848fd5a7a699
533c21806ef66401ea5faeeb37366a33f19f0e9052b4fb06f22981ec73b21a59
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 87de3dd2c7dce12b01a337d1554a222a
30e0bd68bbb78995aa8a0686ac02848fd5a7a699
533c21806ef66401ea5faeeb37366a33f19f0e9052b4fb06f22981ec73b21a59
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:08 GMT
expires: Thu, 23 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 175181
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:53:49 GMT
expires: Thu, 23 Nov 2023 18:53:49 GMT
cache-control: public, max-age=31536000
age: 177600
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 87de3dd2c7dce12b01a337d1554a222a
30e0bd68bbb78995aa8a0686ac02848fd5a7a699
533c21806ef66401ea5faeeb37366a33f19f0e9052b4fb06f22981ec73b21a59
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 46851561ddffd8c312b6a7e87ce9be40
4dac90d5dfaeefac573c8a414e0d2732a8f707a7
6b518ee89587078376f3c5b6ff4f1bd6a615ed9d0b0c94037b9235d25152ff0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6B518EE89587078376F3C5B6FF4F1BD6A615ED9D0B0C94037B9235D25152FF0D"
Last-Modified: Wed, 23 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13825
Expires: Sat, 26 Nov 2022 00:04:16 GMT
Date: Fri, 25 Nov 2022 20:13:51 GMT
Connection: keep-alive
tallysaturatesnare.com/sbar.json?key=38f00a36b3d7705a00e14d2d7baaa601&uuid=639d9de4-3140-42b5-8126-06622d7f1530%3A2%3A1
192.243.61.227200 OK 9.3 kB URL HTTP/1.1 tallysaturatesnare.com/sbar.json?key=38f00a36b3d7705a00e14d2d7baaa601&uuid=639d9de4-3140-42b5-8126-06622d7f1530%3A2%3A1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (16563), with no line terminators
Hash 2dd7cb1d292149fe9054b0f07ca622d6
b816a117d4fcaca39da643f211b4fa3ebdb3b6f7
c15fb44e8a155c5f9b66be384cb138920720935b769f5d3bac85a942e0765822
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=38f00a36b3d7705a00e14d2d7baaa601&uuid=639d9de4-3140-42b5-8126-06622d7f1530%3A2%3A1 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 25 Nov 2022 20:13:51 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://www.file-upload.com
Access-Control-Allow-Origin: http://www.file-upload.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16537667; expires=Sat, 26 Nov 2022 20:13:51 GMT; secure; SameSite=None
uid_id2=639d9de4-3140-42b5-8126-06622d7f1530:2:1; expires=Fri, 02 Dec 2022 20:13:51 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 26 Nov 2022 20:13:51 GMT; secure; SameSite=None
uncs=1; expires=Sat, 26 Nov 2022 20:13:51 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 26 Nov 2022 20:13:51 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 26 Nov 2022 20:13:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bb35648a5e479dbb1d1d8f48d6cc5b2b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
tallysaturatesnare.com/ren.gif?sid=H4sIAAAAAAAC%2F3RWTagkWVbOV7YiunJ0oyA8%2B1mDgvnyxn9kN0OREZkZGZmRmZE%2FkX8W5NyIe%2BMn4zfjP3M1OiKzEWrc6Epe3eqedpzBsRGchQjyyo0UCP0EpRpsceNaEWclKO9VSbc4fQjinHvPXZzvnu%2B7nN99XnzWAKSAr%2FVxfPaCALa4a3D5a2svQnGVXU6WlxS4Bu9frr2IZ9%2B%2FrO9%2FafkeBbhr8OuXCrb8uEUDCgAKUJd9L8V2XLcessRLvt%2BmrtvgmqWvKY4ldfp%2F11lxQTJ4QVD5WeMrxEN3P%2Bn%2B7cfEs25JFP5ZF2d%2BHie%2F0QuLAOZxSkr0kRH5UVxFJPw8tNMLYkcfvT1N4uyu0fjDRySOPnqLgMTlB%2FcIiOndNS7%2BkSJm9NHbMolZfvimUjMgOCIm%2BllSlbcEB7fEg7fEir9JPPRJgxALkcmUROF3JnFawdObLLzP3jXe%2BdF%2FEK%2B6a7zzT79AovBPpcCrLxdxUOReHGWktm%2BIV98Sz7klSfGS5OcL4lUviZX%2FNvHQ3zVaP9JIFH4wzYKYeOj1r%2FJMG7URZpsMxYImS5tcU6Rovgl4nqaRYFMcAx6uyPNuiWffkgA%2FIzB7RIrsghTeBSnsC1IkFyREry8h17YBEGzTZhiRtSyLYSyLE3nEIYYVbUAK6x7DM5Inz4gVPCNW%2Bg2SpN8gvvftT7ivkLT4a5K5NyRDFyTLG6REN6TCDVJlDVLBBqm8BqnyBqnKmw9RkNHZzXdQkBUm9dbTbz1z8yLOnefwwzh3cNR4nnzW%2BLmHu%2FuvjUx8%2FPqSEW0AIMObDBIEwEEAMMUiGgkmhJAHFMm8G%2BJljwjMLsj5vpH%2F8HWS3PvevxATviRZ8JJY3rsEFr9MYPVCoAGB7gtWBOQc%2FcD2AtwskiCG6NqKQ4LiG5Lk75D8dPE8%2BKzxiw%2BlMF%2F9T4KtV0%2F%2B%2FPd%2F84d%2F8Zc%2FT6z0hiTpDTl4f9MgTvCtF%2FO4anwwj6us8fE0yb3QO8P7Fi9ymOPGn4zwqYpTpHazZ9%2FtWPeJ%2B%2FD7S5zlGoyQFzlZ43uShxBO%2B3Fq4cZfqdkam3qRuVKRRkWi6XJfDZMUZ5kXR7cEep%2BYK2J5d42ffvkzD%2BT9JfRHxEtfkrT49OLf3TxP3mu1IMK15cLIwQ7M8T26Fopb1nXiJk%2ByHIYw%2F1r4WJAf0%2FffzJsUqtvzcsVgpGFbGQDUQwOdqfVryIPHtFwaYr7Zu%2FIWCG2fDQrLhcr4ON2w2jBXx1LqWNnIY4V6vEBZVHYXJV5V1Ho%2FK07UUY5W%2BsTVxM1mfzhya9vqRgrbnk0Pwxp6vhb6sYl2i5ArnUWiG9y0k5WSk%2BcGb6z9cTBWzNkhHY6jJHA2nWl%2FuUcq3e7AQ5iKVAKOGmQCnbM6RZwd55ITj9VKy5q7oK8sS0vvO8fOed3jGKG73DAnp6tN90cxHbjOYrQ%2BcmvNGceR0NPiZokUbpmpiKYpUQp9pS%2FrM0NdKe3CSTflblJmZ%2F2UhyM4WDvA38z5oaxtFe2Y7bUKZaeZpIRz3vDn0aQ%2FnlWDxHWGBxVq6oTJQFOteoK7nK4HQ8QESyhbDqcIq0DsKmHbhnlZx%2BdlekorY4cCS0ybTtSnFyt7JUTaklqVVlZp52Dc8xKBY3JF76apWXRY503zSFi8evJvjQcjXnxLrOR3vnt1tVSXWu%2Fq6nsTjNElvFzpkyc%2FuLrq9hbyXNWX6nRydfVDOQ4TmOLL3MWXJs7y%2B1PX19cfX13p08VS6sijvTHXFldXnz56%2Fe4DsZ62nv4Yat3v1U9bcYKjNDeftuinrcqLvoRrtHaMGY1%2B4BrX%2FCLXeJ56TMvMKpkotHcS0%2FU2oY1xOt8whapNm2dZrlZ0XCyM5rLdwcZh0TztAtDuolBZ%2B%2B5ZMr0Fa0xF2M9mfV0qF4uyMDJRm7n5lrbFkAq6p3ihDPsQD8XTbHSWamcohLoVd63pqK%2Boq%2FmkEyx8INkH17PmpwllN3lR2kph25hSqmoY44RBQrYodMPf%2BtO5nVSV4pwhx3TUXOxHqRMdeHhuMmYzKaqi8sdUeMzFSJbU0WZgUqmSrIEOgch5dGcQH7srnVegH9vV5oDoadjPwTyF661aVYbX3JhrYzE91AZc0Gp40kW1hE19hcerCrkbprmbHE3tAMY4cBhVGUgsHnWnA3ESNvPp1k%2FqZdyczw5Lndnx7V62dSU%2FlXqHoxzgvVQZ66HST4Yu8kPNmMpSOJ6VY3Y9Gvf7kbucbDdVinvUlnHaw3ia72RvqS%2FX5VCdJ2tKDMLeAGy55aCojcHGTHmeaUbjvcsp%2BZyr5RUaqEK%2FveaTdCEZ5%2FXYENT9kJ6wa3fNhyO8ZVWvLtCc8aQ5CEIknHCkqvVsTWl9Wkybac%2FdTAKzLUipuBqvcdzcKsWKiXvllPWz4ZEFXZcPe6WDY%2FeossJ6M9zYtXbMK3o70pXuetTfTqzTWOolUlIsGWk6qd6Q76sQ1fsk9Sz8NXANBJ7l6Hf%2F%2BOpKle%2Fl8Prr9xTP3mu1rDTFSfzwaOI6N2HUYgDfpkVAg5aVYph7Jc5aNMOxNBDYFidAFvE0oLHI2JA2RQDavIkRwhzPCTbaCzwLrpPIIVnyqvHWSBY3SBp8vjaTC1IVnz765MtfcIjq%2FxVZi%2F5yiVWH7T5nhqf4%2F0tMtPnHtCyfcS7jUcc9AHyU95KTYNjbMgyKslA8H%2Fn2AFJyc1noUpdXZG7Os7sTvQlx0wfmzmJ63DlR0hOWqDoZdodNO0T6zN06vlof16PiDHu5K9uTEz89Sy6SBVhr7eVOoLw9aHY8TQj3whmHzsqEOhJ0v92dF6YoBf0wGjuq59ZjO5yCfdwuDWdqLcyE7asr0OeE8XIr%2BRIuE92v53pPAHvOKPqqOZJ2gQ77lrI%2FpuudLIyMpcTSonRwTXEcrIT5RjzzzLG3DzbRGY1mwsQFe5zvosNqH82FebxILU1wak6sJgfN6RZDOiklt55ouQaO7QJPxonKxL5YTErnKO7dY7LhrTJZMoc9h1gXB5NeUcrHYd%2FFHUCPNwe3SxvjqBDlRKf81WJolS4za7qWn%2B2kZR735NSSRYnKuzNRSkZsYth6FwFP43OTxlw9tfo%2BnqDVOTmxRZKJymEhTGnscANkH3wjQhDFk0VX8Y0EjzCc7LsHZQ5OHVU5qZWQbOp2mS2s%2FbTumuGyG%2B1n%2BxoULtR4WKC4Fnsj067NNa8om2FAswbdrJgg489ok%2B2HiXU4TIEZa%2FLilBvH3bTM5BVjGPJeWHPq0UEZGuvJcjAJJrtOUEk8f%2FaQHu652ZdK7EVKm5%2FPT4F312j%2F60%2BRAL968ge%2FN%2F3n99GOQPOGZPgLWvg8fp59izjpBYH5N0kU3pAyvSFlcENg8IxkxU%2B8yJP01ZO%2FZx6MmMHFCzNILz4wgzT49pvZLfNeX2LOBjYGNDbttmkLEKC2zbZN2KawYHKQInl2Z%2F3Wr%2Fz3%2FwAAAP%2F%2FAQAA%2F%2F%2FcZfeE9QwAAA%3D%3D
192.243.61.227200 OK 7 B URL HTTP/1.1 tallysaturatesnare.com/ren.gif?sid=H4sIAAAAAAAC%2F3RWTagkWVbOV7YiunJ0oyA8%2B1mDgvnyxn9kN0OREZkZGZmRmZE%2FkX8W5NyIe%2BMn4zfjP3M1OiKzEWrc6Epe3eqedpzBsRGchQjyyo0UCP0EpRpsceNaEWclKO9VSbc4fQjinHvPXZzvnu%2B7nN99XnzWAKSAr%2FVxfPaCALa4a3D5a2svQnGVXU6WlxS4Bu9frr2IZ9%2B%2FrO9%2FafkeBbhr8OuXCrb8uEUDCgAKUJd9L8V2XLcessRLvt%2BmrtvgmqWvKY4ldfp%2F11lxQTJ4QVD5WeMrxEN3P%2Bn%2B7cfEs25JFP5ZF2d%2BHie%2F0QuLAOZxSkr0kRH5UVxFJPw8tNMLYkcfvT1N4uyu0fjDRySOPnqLgMTlB%2FcIiOndNS7%2BkSJm9NHbMolZfvimUjMgOCIm%2BllSlbcEB7fEg7fEir9JPPRJgxALkcmUROF3JnFawdObLLzP3jXe%2BdF%2FEK%2B6a7zzT79AovBPpcCrLxdxUOReHGWktm%2BIV98Sz7klSfGS5OcL4lUviZX%2FNvHQ3zVaP9JIFH4wzYKYeOj1r%2FJMG7URZpsMxYImS5tcU6Rovgl4nqaRYFMcAx6uyPNuiWffkgA%2FIzB7RIrsghTeBSnsC1IkFyREry8h17YBEGzTZhiRtSyLYSyLE3nEIYYVbUAK6x7DM5Inz4gVPCNW%2Bg2SpN8gvvftT7ivkLT4a5K5NyRDFyTLG6REN6TCDVJlDVLBBqm8BqnyBqnKmw9RkNHZzXdQkBUm9dbTbz1z8yLOnefwwzh3cNR4nnzW%2BLmHu%2FuvjUx8%2FPqSEW0AIMObDBIEwEEAMMUiGgkmhJAHFMm8G%2BJljwjMLsj5vpH%2F8HWS3PvevxATviRZ8JJY3rsEFr9MYPVCoAGB7gtWBOQc%2FcD2AtwskiCG6NqKQ4LiG5Lk75D8dPE8%2BKzxiw%2BlMF%2F9T4KtV0%2F%2B%2FPd%2F84d%2F8Zc%2FT6z0hiTpDTl4f9MgTvCtF%2FO4anwwj6us8fE0yb3QO8P7Fi9ymOPGn4zwqYpTpHazZ9%2FtWPeJ%2B%2FD7S5zlGoyQFzlZ43uShxBO%2B3Fq4cZfqdkam3qRuVKRRkWi6XJfDZMUZ5kXR7cEep%2BYK2J5d42ffvkzD%2BT9JfRHxEtfkrT49OLf3TxP3mu1IMK15cLIwQ7M8T26Fopb1nXiJk%2ByHIYw%2F1r4WJAf0%2FffzJsUqtvzcsVgpGFbGQDUQwOdqfVryIPHtFwaYr7Zu%2FIWCG2fDQrLhcr4ON2w2jBXx1LqWNnIY4V6vEBZVHYXJV5V1Ho%2FK07UUY5W%2BsTVxM1mfzhya9vqRgrbnk0Pwxp6vhb6sYl2i5ArnUWiG9y0k5WSk%2BcGb6z9cTBWzNkhHY6jJHA2nWl%2FuUcq3e7AQ5iKVAKOGmQCnbM6RZwd55ITj9VKy5q7oK8sS0vvO8fOed3jGKG73DAnp6tN90cxHbjOYrQ%2BcmvNGceR0NPiZokUbpmpiKYpUQp9pS%2FrM0NdKe3CSTflblJmZ%2F2UhyM4WDvA38z5oaxtFe2Y7bUKZaeZpIRz3vDn0aQ%2FnlWDxHWGBxVq6oTJQFOteoK7nK4HQ8QESyhbDqcIq0DsKmHbhnlZx%2BdlekorY4cCS0ybTtSnFyt7JUTaklqVVlZp52Dc8xKBY3JF76apWXRY503zSFi8evJvjQcjXnxLrOR3vnt1tVSXWu%2Fq6nsTjNElvFzpkyc%2FuLrq9hbyXNWX6nRydfVDOQ4TmOLL3MWXJs7y%2B1PX19cfX13p08VS6sijvTHXFldXnz56%2Fe4DsZ62nv4Yat3v1U9bcYKjNDeftuinrcqLvoRrtHaMGY1%2B4BrX%2FCLXeJ56TMvMKpkotHcS0%2FU2oY1xOt8whapNm2dZrlZ0XCyM5rLdwcZh0TztAtDuolBZ%2B%2B5ZMr0Fa0xF2M9mfV0qF4uyMDJRm7n5lrbFkAq6p3ihDPsQD8XTbHSWamcohLoVd63pqK%2Boq%2FmkEyx8INkH17PmpwllN3lR2kph25hSqmoY44RBQrYodMPf%2BtO5nVSV4pwhx3TUXOxHqRMdeHhuMmYzKaqi8sdUeMzFSJbU0WZgUqmSrIEOgch5dGcQH7srnVegH9vV5oDoadjPwTyF661aVYbX3JhrYzE91AZc0Gp40kW1hE19hcerCrkbprmbHE3tAMY4cBhVGUgsHnWnA3ESNvPp1k%2FqZdyczw5Lndnx7V62dSU%2FlXqHoxzgvVQZ66HST4Yu8kPNmMpSOJ6VY3Y9Gvf7kbucbDdVinvUlnHaw3ia72RvqS%2FX5VCdJ2tKDMLeAGy55aCojcHGTHmeaUbjvcsp%2BZyr5RUaqEK%2FveaTdCEZ5%2FXYENT9kJ6wa3fNhyO8ZVWvLtCc8aQ5CEIknHCkqvVsTWl9Wkybac%2FdTAKzLUipuBqvcdzcKsWKiXvllPWz4ZEFXZcPe6WDY%2FeossJ6M9zYtXbMK3o70pXuetTfTqzTWOolUlIsGWk6qd6Q76sQ1fsk9Sz8NXANBJ7l6Hf%2F%2BOpKle%2Fl8Prr9xTP3mu1rDTFSfzwaOI6N2HUYgDfpkVAg5aVYph7Jc5aNMOxNBDYFidAFvE0oLHI2JA2RQDavIkRwhzPCTbaCzwLrpPIIVnyqvHWSBY3SBp8vjaTC1IVnz765MtfcIjq%2FxVZi%2F5yiVWH7T5nhqf4%2F0tMtPnHtCyfcS7jUcc9AHyU95KTYNjbMgyKslA8H%2Fn2AFJyc1noUpdXZG7Os7sTvQlx0wfmzmJ63DlR0hOWqDoZdodNO0T6zN06vlof16PiDHu5K9uTEz89Sy6SBVhr7eVOoLw9aHY8TQj3whmHzsqEOhJ0v92dF6YoBf0wGjuq59ZjO5yCfdwuDWdqLcyE7asr0OeE8XIr%2BRIuE92v53pPAHvOKPqqOZJ2gQ77lrI%2FpuudLIyMpcTSonRwTXEcrIT5RjzzzLG3DzbRGY1mwsQFe5zvosNqH82FebxILU1wak6sJgfN6RZDOiklt55ouQaO7QJPxonKxL5YTErnKO7dY7LhrTJZMoc9h1gXB5NeUcrHYd%2FFHUCPNwe3SxvjqBDlRKf81WJolS4za7qWn%2B2kZR735NSSRYnKuzNRSkZsYth6FwFP43OTxlw9tfo%2BnqDVOTmxRZKJymEhTGnscANkH3wjQhDFk0VX8Y0EjzCc7LsHZQ5OHVU5qZWQbOp2mS2s%2FbTumuGyG%2B1n%2BxoULtR4WKC4Fnsj067NNa8om2FAswbdrJgg489ok%2B2HiXU4TIEZa%2FLilBvH3bTM5BVjGPJeWHPq0UEZGuvJcjAJJrtOUEk8f%2FaQHu652ZdK7EVKm5%2FPT4F312j%2F60%2BRAL968ge%2FN%2F3n99GOQPOGZPgLWvg8fp59izjpBYH5N0kU3pAyvSFlcENg8IxkxU%2B8yJP01ZO%2FZx6MmMHFCzNILz4wgzT49pvZLfNeX2LOBjYGNDbttmkLEKC2zbZN2KawYHKQInl2Z%2F3Wr%2Fz3%2FwAAAP%2F%2FAQAA%2F%2F%2FcZfeE9QwAAA%3D%3D
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F3RWTagkWVbOV7YiunJ0oyA8%2B1mDgvnyxn9kN0OREZkZGZmRmZE%2FkX8W5NyIe%2BMn4zfjP3M1OiKzEWrc6Epe3eqedpzBsRGchQjyyo0UCP0EpRpsceNaEWclKO9VSbc4fQjinHvPXZzvnu%2B7nN99XnzWAKSAr%2FVxfPaCALa4a3D5a2svQnGVXU6WlxS4Bu9frr2IZ9%2B%2FrO9%2FafkeBbhr8OuXCrb8uEUDCgAKUJd9L8V2XLcessRLvt%2BmrtvgmqWvKY4ldfp%2F11lxQTJ4QVD5WeMrxEN3P%2Bn%2B7cfEs25JFP5ZF2d%2BHie%2F0QuLAOZxSkr0kRH5UVxFJPw8tNMLYkcfvT1N4uyu0fjDRySOPnqLgMTlB%2FcIiOndNS7%2BkSJm9NHbMolZfvimUjMgOCIm%2BllSlbcEB7fEg7fEir9JPPRJgxALkcmUROF3JnFawdObLLzP3jXe%2BdF%2FEK%2B6a7zzT79AovBPpcCrLxdxUOReHGWktm%2BIV98Sz7klSfGS5OcL4lUviZX%2FNvHQ3zVaP9JIFH4wzYKYeOj1r%2FJMG7URZpsMxYImS5tcU6Rovgl4nqaRYFMcAx6uyPNuiWffkgA%2FIzB7RIrsghTeBSnsC1IkFyREry8h17YBEGzTZhiRtSyLYSyLE3nEIYYVbUAK6x7DM5Inz4gVPCNW%2Bg2SpN8gvvftT7ivkLT4a5K5NyRDFyTLG6REN6TCDVJlDVLBBqm8BqnyBqnKmw9RkNHZzXdQkBUm9dbTbz1z8yLOnefwwzh3cNR4nnzW%2BLmHu%2FuvjUx8%2FPqSEW0AIMObDBIEwEEAMMUiGgkmhJAHFMm8G%2BJljwjMLsj5vpH%2F8HWS3PvevxATviRZ8JJY3rsEFr9MYPVCoAGB7gtWBOQc%2FcD2AtwskiCG6NqKQ4LiG5Lk75D8dPE8%2BKzxiw%2BlMF%2F9T4KtV0%2F%2B%2FPd%2F84d%2F8Zc%2FT6z0hiTpDTl4f9MgTvCtF%2FO4anwwj6us8fE0yb3QO8P7Fi9ymOPGn4zwqYpTpHazZ9%2FtWPeJ%2B%2FD7S5zlGoyQFzlZ43uShxBO%2B3Fq4cZfqdkam3qRuVKRRkWi6XJfDZMUZ5kXR7cEep%2BYK2J5d42ffvkzD%2BT9JfRHxEtfkrT49OLf3TxP3mu1IMK15cLIwQ7M8T26Fopb1nXiJk%2ByHIYw%2F1r4WJAf0%2FffzJsUqtvzcsVgpGFbGQDUQwOdqfVryIPHtFwaYr7Zu%2FIWCG2fDQrLhcr4ON2w2jBXx1LqWNnIY4V6vEBZVHYXJV5V1Ho%2FK07UUY5W%2BsTVxM1mfzhya9vqRgrbnk0Pwxp6vhb6sYl2i5ArnUWiG9y0k5WSk%2BcGb6z9cTBWzNkhHY6jJHA2nWl%2FuUcq3e7AQ5iKVAKOGmQCnbM6RZwd55ITj9VKy5q7oK8sS0vvO8fOed3jGKG73DAnp6tN90cxHbjOYrQ%2BcmvNGceR0NPiZokUbpmpiKYpUQp9pS%2FrM0NdKe3CSTflblJmZ%2F2UhyM4WDvA38z5oaxtFe2Y7bUKZaeZpIRz3vDn0aQ%2FnlWDxHWGBxVq6oTJQFOteoK7nK4HQ8QESyhbDqcIq0DsKmHbhnlZx%2BdlekorY4cCS0ybTtSnFyt7JUTaklqVVlZp52Dc8xKBY3JF76apWXRY503zSFi8evJvjQcjXnxLrOR3vnt1tVSXWu%2Fq6nsTjNElvFzpkyc%2FuLrq9hbyXNWX6nRydfVDOQ4TmOLL3MWXJs7y%2B1PX19cfX13p08VS6sijvTHXFldXnz56%2Fe4DsZ62nv4Yat3v1U9bcYKjNDeftuinrcqLvoRrtHaMGY1%2B4BrX%2FCLXeJ56TMvMKpkotHcS0%2FU2oY1xOt8whapNm2dZrlZ0XCyM5rLdwcZh0TztAtDuolBZ%2B%2B5ZMr0Fa0xF2M9mfV0qF4uyMDJRm7n5lrbFkAq6p3ihDPsQD8XTbHSWamcohLoVd63pqK%2Boq%2FmkEyx8INkH17PmpwllN3lR2kph25hSqmoY44RBQrYodMPf%2BtO5nVSV4pwhx3TUXOxHqRMdeHhuMmYzKaqi8sdUeMzFSJbU0WZgUqmSrIEOgch5dGcQH7srnVegH9vV5oDoadjPwTyF661aVYbX3JhrYzE91AZc0Gp40kW1hE19hcerCrkbprmbHE3tAMY4cBhVGUgsHnWnA3ESNvPp1k%2FqZdyczw5Lndnx7V62dSU%2FlXqHoxzgvVQZ66HST4Yu8kPNmMpSOJ6VY3Y9Gvf7kbucbDdVinvUlnHaw3ia72RvqS%2FX5VCdJ2tKDMLeAGy55aCojcHGTHmeaUbjvcsp%2BZyr5RUaqEK%2FveaTdCEZ5%2FXYENT9kJ6wa3fNhyO8ZVWvLtCc8aQ5CEIknHCkqvVsTWl9Wkybac%2FdTAKzLUipuBqvcdzcKsWKiXvllPWz4ZEFXZcPe6WDY%2FeossJ6M9zYtXbMK3o70pXuetTfTqzTWOolUlIsGWk6qd6Q76sQ1fsk9Sz8NXANBJ7l6Hf%2F%2BOpKle%2Fl8Prr9xTP3mu1rDTFSfzwaOI6N2HUYgDfpkVAg5aVYph7Jc5aNMOxNBDYFidAFvE0oLHI2JA2RQDavIkRwhzPCTbaCzwLrpPIIVnyqvHWSBY3SBp8vjaTC1IVnz765MtfcIjq%2FxVZi%2F5yiVWH7T5nhqf4%2F0tMtPnHtCyfcS7jUcc9AHyU95KTYNjbMgyKslA8H%2Fn2AFJyc1noUpdXZG7Os7sTvQlx0wfmzmJ63DlR0hOWqDoZdodNO0T6zN06vlof16PiDHu5K9uTEz89Sy6SBVhr7eVOoLw9aHY8TQj3whmHzsqEOhJ0v92dF6YoBf0wGjuq59ZjO5yCfdwuDWdqLcyE7asr0OeE8XIr%2BRIuE92v53pPAHvOKPqqOZJ2gQ77lrI%2FpuudLIyMpcTSonRwTXEcrIT5RjzzzLG3DzbRGY1mwsQFe5zvosNqH82FebxILU1wak6sJgfN6RZDOiklt55ouQaO7QJPxonKxL5YTErnKO7dY7LhrTJZMoc9h1gXB5NeUcrHYd%2FFHUCPNwe3SxvjqBDlRKf81WJolS4za7qWn%2B2kZR735NSSRYnKuzNRSkZsYth6FwFP43OTxlw9tfo%2BnqDVOTmxRZKJymEhTGnscANkH3wjQhDFk0VX8Y0EjzCc7LsHZQ5OHVU5qZWQbOp2mS2s%2FbTumuGyG%2B1n%2BxoULtR4WKC4Fnsj067NNa8om2FAswbdrJgg489ok%2B2HiXU4TIEZa%2FLilBvH3bTM5BVjGPJeWHPq0UEZGuvJcjAJJrtOUEk8f%2FaQHu652ZdK7EVKm5%2FPT4F312j%2F60%2BRAL968ge%2FN%2F3n99GOQPOGZPgLWvg8fp59izjpBYH5N0kU3pAyvSFlcENg8IxkxU%2B8yJP01ZO%2FZx6MmMHFCzNILz4wgzT49pvZLfNeX2LOBjYGNDbttmkLEKC2zbZN2KawYHKQInl2Z%2F3Wr%2Fz3%2FwAAAP%2F%2FAQAA%2F%2F%2FcZfeE9QwAAA%3D%3D HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: u_pl=16537667; uid_id2=639d9de4-3140-42b5-8126-06622d7f1530:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 25 Nov 2022 20:13:51 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 325539554bdececcee4a801426ac7d7a
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f46bbbaed40ddd7d66dc07a510d128e6
63f0c610a767c70c337b06cfaa01a7a152249196
9d1088838a00c0d99333fb0e41c67616e11f6df0169d4337a38ac3384e66aca4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D1088838A00C0D99333FB0E41C67616E11F6DF0169D4337A38AC3384E66ACA4"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15105
Expires: Sat, 26 Nov 2022 00:25:37 GMT
Date: Fri, 25 Nov 2022 20:13:52 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 666f0822fa3b2bd37642dc6f1f9b95ea
b082ce304fa32d1afd9eee2c00c4d751d444f730
ea0fd5b59bc464c03f64e107247d245f8b9e65b5ad6593400952e0f978ba5251
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EA0FD5B59BC464C03F64E107247D245F8B9E65B5AD6593400952E0F978BA5251"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2959
Expires: Fri, 25 Nov 2022 21:03:11 GMT
Date: Fri, 25 Nov 2022 20:13:52 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 666f0822fa3b2bd37642dc6f1f9b95ea
b082ce304fa32d1afd9eee2c00c4d751d444f730
ea0fd5b59bc464c03f64e107247d245f8b9e65b5ad6593400952e0f978ba5251
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EA0FD5B59BC464C03F64E107247D245F8B9E65B5AD6593400952E0F978BA5251"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2959
Expires: Fri, 25 Nov 2022 21:03:11 GMT
Date: Fri, 25 Nov 2022 20:13:52 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.10200 OK 660 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.10:0
Hash 55130bf120bd75a4bba7d678be617cdf
77b172c0cc1d15e60ab95edccf3ac1e640d16812
262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Fri, 25 Nov 2022 20:13:52 GMT
Date: Fri, 25 Nov 2022 20:13:52 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/img/close.png
172.64.108.13200 OK 769 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/img/close.png
IP 172.64.108.13:0
File type PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash 13b3b0cc6ce924780c0eec0b24c40c33
53b78225158a60f9327e135be26e365eb842f0df
7907c875d2dd81230f15826dffe1faa695cfb1f385adbb4d9480058d0d0112ad
GET /sb/notifications/rtb/os-box/1-2/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:52 GMT
content-type: image/png
content-length: 769
last-modified: Wed, 30 Mar 2022 13:44:01 GMT
etag: "62445ea1-301"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 886982
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tfjCg%2FfgrpUP3CX8EhFgu%2B2vm2pzdL9KfgGfGLQj45wMhK4YzUCfksKNX%2Fhym1Kyf6evun8bCj83GV0AA3Wg90Lll3tYgUA5tDPYjyQfDB7YevI%2BwTp8i5EHO7ir%2BYh%2FrsxY0n%2Fd33Il"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fd0c225ded7443-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/js/jquery.min.js
172.64.108.13200 OK 31 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/js/jquery.min.js
IP 172.64.108.13:0
File type ASCII text, with very long lines (32025)
Hash 0b27c8789e910c6fce9f5cd43209b883
23d9adce8381370bf90a4d55d8d3200bb8bd15ae
fd973cad91550c2db2daa90f96f66d042a11de96c281450620d81bb22f07da0d
GET /sb/notifications/rtb/os-box/1-2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:52 GMT
content-type: application/javascript
last-modified: Wed, 30 Mar 2022 13:44:03 GMT
etag: W/"62445ea3-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 886982
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2BUcgCgImNcHJaC3llHbh0JgnGSoZ9xNqNNzbHu4OPyaLB2pGsts5RoZqa08H%2BY3i4ldzyQueS4CCSplxdy28lPJYA6f6YLKqwpw337hOq7oUiwdH4GQ%2BB4wExEIBlAYUBQkSbNJAvOi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fd0c225df07443-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a42a1951042d38682b728083351bb993
7a1d0148407eb716a1f886b48bb035dce198f822
d98708f028e826f4d503f05c729156e165d88b8c25177e90cb682f8504233a7c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6400
Cache-Control: max-age=164732
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:52 GMT
Etag: "6380e97c-117"
Expires: Sun, 27 Nov 2022 17:59:24 GMT
Last-Modified: Fri, 25 Nov 2022 16:12:44 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Frtb%2Fos-box%2F1-2%2Findex.html&l=1258&fd=405
192.243.61.227200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Frtb%2Fos-box%2F1-2%2Findex.html&l=1258&fd=405
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Frtb%2Fos-box%2F1-2%2Findex.html&l=1258&fd=405 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 25 Nov 2022 20:13:52 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
adexchangegate.com/adx/openrtb/2/win.php?stamat=m%7C%2C%2CQ2Lqo3L2tGU3B5-GH0dEdHP3xP.661%2C3VpNG2iy8rWYp2UMrRX3uILO-zCCwV2ouSU-T9AeUjS-yZl09DdmGWkhzBbiS4UO8aFsQFPBvSSvuUs8LQhtY2f8m1lDyoSGJFaeJ8yQKzBxgJ7mPcoDcOKFGIVRNAlSk0BfjhicRyN1f-68BYBm9UO1IIUUMp3d7sSuPUkYkORfpwwGgza53AIt8Fnrgnj6az-3b-puwuwkM1mqt8nCBIKXHb1rGpW0Pa085i2AHoqDVP6GakofwXjd2OmFt0RraWYIwwUi-XbWUSOjxUaS2ImyP8Iva-PVeMVwdhX3-ZNqbLj0Melg3IGHB4eKDOH8Nm-tOYkpxTo-RQjTP3Z69EsYhBkrBEjqCle_BwUWJGFpJhdkmLUOCBmMQvM4WKMFFnhTNYXwreE1Y3g9JoOtZCiTPTWvJIRpW18lmEH0Y5THuxUHXbr663-nM_h5GtR5xCVdHI7F9W6prSBUzWMU7I_J2N4WhW6mKeY4IixudR3iBR0lmd7yenIIxQW1LF28r-rEhXNlb97Br8VMWeo-YGuV3oEvO4ksJq40Dh6mEvgeohqI47WXJXfxLqtw2YKPGDWKFYNcyMBEpBpuT3BONw%2C%2C&adx_price=0.076452
35.208.56.33204 No Content 0 B URL HTTP/1.1 adexchangegate.com/adx/openrtb/2/win.php?stamat=m%7C%2C%2CQ2Lqo3L2tGU3B5-GH0dEdHP3xP.661%2C3VpNG2iy8rWYp2UMrRX3uILO-zCCwV2ouSU-T9AeUjS-yZl09DdmGWkhzBbiS4UO8aFsQFPBvSSvuUs8LQhtY2f8m1lDyoSGJFaeJ8yQKzBxgJ7mPcoDcOKFGIVRNAlSk0BfjhicRyN1f-68BYBm9UO1IIUUMp3d7sSuPUkYkORfpwwGgza53AIt8Fnrgnj6az-3b-puwuwkM1mqt8nCBIKXHb1rGpW0Pa085i2AHoqDVP6GakofwXjd2OmFt0RraWYIwwUi-XbWUSOjxUaS2ImyP8Iva-PVeMVwdhX3-ZNqbLj0Melg3IGHB4eKDOH8Nm-tOYkpxTo-RQjTP3Z69EsYhBkrBEjqCle_BwUWJGFpJhdkmLUOCBmMQvM4WKMFFnhTNYXwreE1Y3g9JoOtZCiTPTWvJIRpW18lmEH0Y5THuxUHXbr663-nM_h5GtR5xCVdHI7F9W6prSBUzWMU7I_J2N4WhW6mKeY4IixudR3iBR0lmd7yenIIxQW1LF28r-rEhXNlb97Br8VMWeo-YGuV3oEvO4ksJq40Dh6mEvgeohqI47WXJXfxLqtw2YKPGDWKFYNcyMBEpBpuT3BONw%2C%2C&adx_price=0.076452
IP 35.208.56.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adx/openrtb/2/win.php?stamat=m%7C%2C%2CQ2Lqo3L2tGU3B5-GH0dEdHP3xP.661%2C3VpNG2iy8rWYp2UMrRX3uILO-zCCwV2ouSU-T9AeUjS-yZl09DdmGWkhzBbiS4UO8aFsQFPBvSSvuUs8LQhtY2f8m1lDyoSGJFaeJ8yQKzBxgJ7mPcoDcOKFGIVRNAlSk0BfjhicRyN1f-68BYBm9UO1IIUUMp3d7sSuPUkYkORfpwwGgza53AIt8Fnrgnj6az-3b-puwuwkM1mqt8nCBIKXHb1rGpW0Pa085i2AHoqDVP6GakofwXjd2OmFt0RraWYIwwUi-XbWUSOjxUaS2ImyP8Iva-PVeMVwdhX3-ZNqbLj0Melg3IGHB4eKDOH8Nm-tOYkpxTo-RQjTP3Z69EsYhBkrBEjqCle_BwUWJGFpJhdkmLUOCBmMQvM4WKMFFnhTNYXwreE1Y3g9JoOtZCiTPTWvJIRpW18lmEH0Y5THuxUHXbr663-nM_h5GtR5xCVdHI7F9W6prSBUzWMU7I_J2N4WhW6mKeY4IixudR3iBR0lmd7yenIIxQW1LF28r-rEhXNlb97Br8VMWeo-YGuV3oEvO4ksJq40Dh6mEvgeohqI47WXJXfxLqtw2YKPGDWKFYNcyMBEpBpuT3BONw%2C%2C&adx_price=0.076452 HTTP/1.1
Host: adexchangegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 204 No Content
Server: openresty
Date: Fri, 25 Nov 2022 20:13:52 GMT
Access-Control-Allow-Origin: *
Via: 1.1 google
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a42a1951042d38682b728083351bb993
7a1d0148407eb716a1f886b48bb035dce198f822
d98708f028e826f4d503f05c729156e165d88b8c25177e90cb682f8504233a7c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6400
Cache-Control: max-age=164732
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 20:13:52 GMT
Etag: "6380e97c-117"
Expires: Sun, 27 Nov 2022 17:59:24 GMT
Last-Modified: Fri, 25 Nov 2022 16:12:44 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fos-box%2F1-2%2Fcss%2Fanimate.css&l=79249&fd=249
192.243.61.227200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fos-box%2F1-2%2Fcss%2Fanimate.css&l=79249&fd=249
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fos-box%2F1-2%2Fcss%2Fanimate.css&l=79249&fd=249 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 25 Nov 2022 20:13:52 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fos-box%2F1-2%2Fcss%2Fstyle.css&l=3695&fd=378
192.243.61.227200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fos-box%2F1-2%2Fcss%2Fstyle.css&l=3695&fd=378
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fos-box%2F1-2%2Fcss%2Fstyle.css&l=3695&fd=378 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 25 Nov 2022 20:13:52 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 23 Nov 2022 20:16:50 GMT
Expires: Thu, 23 Nov 2023 20:16:50 GMT
Cache-Control: public, max-age=31536000
Age: 172622
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 23 Nov 2022 20:16:46 GMT
Expires: Thu, 23 Nov 2023 20:16:46 GMT
Cache-Control: public, max-age=31536000
Age: 172626
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2
cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/css/animate.css
172.64.108.13200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/css/animate.css
IP 172.64.108.13:0
Hash c91016401e0a0b7b3d7572de48c76597
12fb634abb5e708b4f55d1489055b4f626d3cdd1
2472e286e0bf6f54cef9d99e9c63301c873fa02bc4e3979e1a18587a6d973120
GET /sb/notifications/rtb/os-box/1-2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:52 GMT
content-type: text/css
last-modified: Wed, 30 Mar 2022 13:43:59 GMT
etag: W/"62445e9f-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BcZyReGFSs1%2B1h8rJZpOcqBSO2hnB%2Bc1f49zlhTUvWnOIny4I7iJz1Pceso0VVgSspiQ6o75CSXaHceYNJQBFKNU2VJkvG9CEXaoeYFHk2mGRYDEbCEjQS3chAY3stx2F%2Bo%2FodbSmm4y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fd0c222da17443-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/css/style.css
172.64.108.13200 OK 1.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/css/style.css
IP 172.64.108.13:0
Hash 13a1dad61c0c9b366f6610d0aeba53cc
208ef254b823b64b9eb18c33b775a57991a8a678
3c72e2405f0bd12f468032c8d5fc7857570b646ba6a048366c5079a098840564
GET /sb/notifications/rtb/os-box/1-2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:52 GMT
content-type: text/css
last-modified: Wed, 30 Mar 2022 13:43:59 GMT
etag: W/"62445e9f-e6f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BGxYgn9X%2Bl7TgS%2BntsacDByufus%2BFSQGNvOAieWmrNFxalGLnklgPj7wata2IsejQAsiSytoUt9FQ3d0uAoWnDGRGl12ymwykLtLuNDgTEY4Pf3HpBdbv4uYCglYL4hFVE72IKj40sHZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fd0c222da47443-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.file-upload.com/mngez/css/app.css?v=1
104.21.79.149200 OK 0 B URL HTTP/2 www.file-upload.com/mngez/css/app.css?v=1
IP 104.21.79.149:0
GET /mngez/css/app.css?v=1 HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:44 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=253169
etag: W/"5cd288a6-3dcf1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 08 May 2019 07:43:34 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 49160275
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jx7c8FlFhxWBxru4nKgPv5A5A0DCkX7rVoYyKynqnq%2BKgLeiFFca5k%2FoZgsvfyDYZc3cZNDqR%2ByQWvDpdq32yq58JXPS6IOb1AVk2K%2B2rdoziv4i0e%2B4qVbnqUdlVgibnry2dzlf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fd0beec9c3b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
inklinkor.com/tag.min.js
104.21.91.63200 OK 0 B IP 104.21.91.63:0
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:45 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 0dfc9db43d11fa24b465cbef76f32d33
cache-control: max-age=86400
last-modified: Wed, 23 Nov 2022 10:06:19 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Sat, 26 Nov 2022 19:37:58 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 2147
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uzt%2FuwBfQwy%2F5%2BVfuUiDM6rJomzPUJpVYc4VMMHt8Jy2qaOVWY3CC78XmZizeogkwpRqDHsOcVkFmZAqhZURV3qQj8IUEliWPOofI94i%2FP2gFTkdGkurGHxTGcmT%2FG5m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fd0bf44b230b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
104.21.84.149200 OK 0 B IP 104.21.84.149:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:45 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:42 GMT
etag: W/"637e373e-32a6"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 7104
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zK%2BHtxzPZ1K%2FbRkkwsyxw1IE5PApKBmq2UvbBvn3XGQUbb8E%2BxeHcfIJZ7B%2B00icGBiebOtu%2BkyF%2FWCl7TWP22z8qjkorpU5s9s7LzWNUfShMfmoZRsdtMO3%2BOapTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fd0bf6ec9eb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:45 GMT
content-type: text/plain
set-cookie: csu=81182310533918@1@1669407225; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FNlvN3rzOk3kMwu5qbovZTLg3pnMp5kRM061M%2BHe5OY3dHf5tB1SOYdz%2FY2WP7RlJs%2Fiz8nSLv08Aou1BEmEhv7k%2BeHSrBZCOUbVqvMDB7bZZPiqGHok7sIRCTBBU%2Bxg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fd0bf6ef6c0676-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
oaphoace.net/401/5419445
139.45.197.239200 OK 0 B IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /401/5419445 HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 20:13:45 GMT
content-type: application/javascript
x-trace-id: cc2a531d9639de2f74405ca1852acde3
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=ec75a2906e0441209b9bda27103fe22b; expires=Sat, 25 Nov 2023 20:13:45 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
crrepo.com/extban/306928020/creatives/23542074/57a4d6202e83fa2b80096bedde5657fd_7640.png
104.21.235.114200 OK 0 B URL HTTP/2 crrepo.com/extban/306928020/creatives/23542074/57a4d6202e83fa2b80096bedde5657fd_7640.png
IP 104.21.235.114:0
GET /extban/306928020/creatives/23542074/57a4d6202e83fa2b80096bedde5657fd_7640.png HTTP/1.1
Host: crrepo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:52 GMT
content-type: image/png
last-modified: Sat, 12 Nov 2022 09:34:43 GMT
etag: W/"636f68b3-2132"
via: 1.1 google
cache-control: max-age=14400
cf-cache-status: HIT
age: 1860
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=45OKAUwv3y4PJsY%2BoV6zpQkmGrwTtWxSha8ukC1dbXmt5dEFU1VthYjAkX7iVqxmAqjMjrbGU6Q2K43AIRJezNTBnhHVpcHUzTeY5CoadnIBigfRiBLNDfdmzgM2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fd0c2308ea71d2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:45 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Fri, 25 Nov 2022 13:55:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e5FrXWu5JLJK%2BM8%2F81VeCTkjpw9u%2BF%2FKiQG%2Fn5LSXyMAPCVcRdAQ5fnZ76D%2F2Lg7%2FULod6DS8cntQqWZPPHRdG0m%2BPRnelh4fgPmCLx7rmF1Bk0lQvtDzLc9FEdQomiH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fd0bf6cf3d0676-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/notifications/rtb/os-box/1-2/index.html
45.133.44.4200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/notifications/rtb/os-box/1-2/index.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/notifications/rtb/os-box/1-2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:52 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 30 Mar 2022 13:43:57 GMT
etag: W/"62445e9d-4ea"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 25 Nov 2022 21:13:52 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
www.file-upload.com/assets/images/norton.png
104.21.79.149200 OK 0 B URL HTTP/2 www.file-upload.com/assets/images/norton.png
IP 104.21.79.149:0
GET /assets/images/norton.png HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:44 GMT
content-type: image/png
cache-control: max-age=315360000
cf-bgj: csam-hash
etag: W/"5be576df-1363"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 09 Nov 2018 12:00:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 49047806
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JqZYJ7DNb75o%2Fof4sLZ2XalR1kdkb10%2BMwL9uzqbxdZw4RT66HSBHI0Kz%2Bv%2FgB28MeoRbVrWRhHmadkIZoe3zL8g2L0Ss%2B06BNdCdEMFD1cs2ifa1dC1TCoFNWL%2BpCgNn%2B0wq5uj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fd0beec9ccb503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:45 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Fri, 25 Nov 2022 13:55:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EdJoYfDjwqgaAw2jUofA%2BwcRu%2BvWpoSzq3u%2FSIq%2BM23o6541vAunPLWw2isMrF3oOV3i81RmdSMv6gM4z2SgS4nf1ggISivjMATKy510c09TK1pZ2ciNkdpdLNg06ele"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fd0bf6cf3f0676-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.file-upload.com/mngez/images/anti1.png
104.21.79.149200 OK 0 B URL HTTP/2 www.file-upload.com/mngez/images/anti1.png
IP 104.21.79.149:0
GET /mngez/images/anti1.png HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:44 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Fri, 28 Dec 2018 22:57:30 GMT
etag: W/"4aae-57e1cfcdbca80"
cache-control: public, max-age=31536000
expires: Mon, 13 Jun 2022 22:59:53 GMT
x-cache: HIT from Backend
cf-cache-status: HIT
age: 14850831
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mBWQb11auSnssLI%2FECT96LAfJDVy9Lq3qb5JYyijL3ryaxY1CMbACUG2kmLDsRAB4wRGBx0PhskdbuFKJaCK56YOOfTOD6LCNyTzAfErGP%2B9xgrMya72WNDqbo18xAK4lndN3yEK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fd0beec9cbb503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:45 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Fri, 25 Nov 2022 13:55:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5I9AqKM5i8FL46Vx91UaAq7iLy2EaNMSnpWeAAMmjm336q3fHN120QVMKZHEceetoNl9%2BvWClosIDlMK%2BSscI7BixEbmCPUC30JD5A8VIYIrZU9n2nIUwyjkYKZ5DrZs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fd0bf6ef720676-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/js/script.js
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/js/script.js
IP 172.64.108.13:0
GET /sb/notifications/rtb/os-box/1-2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 20:13:52 GMT
content-type: application/javascript
last-modified: Wed, 30 Mar 2022 13:44:03 GMT
etag: W/"62445ea3-307"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oH0Nb52jSw9nr8jtVpV7U6i1PDPxvcJE7hWg%2BUPeLnHz5bdbuNAxWuPvK13v6uCBN4B09aZOAfAQOPJzJ%2FepbtuK7Fh3NtPwedgfwAQlQXSXovH18dRFV72JmbmAjB9kOSpK4lBsHP1G"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fd0c22eed67443-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2