bluemediafiles.com/url-generator.php?url=onAhF5ZLCDGjfP3AAUIv/XlRmDn+wudFEkfnJ7uEgBd29/uSa9OJhQtp9tRlY26BBX7meoLdsOVexkoL1PugZCGUvJlA7vpgJ0CEAmEgVyBkhBKJweLvp9i6DPdyGmAc
172.67.206.114200 OK 27 kB URL HTTP/1.1 bluemediafiles.com/url-generator.php?url=onAhF5ZLCDGjfP3AAUIv/XlRmDn+wudFEkfnJ7uEgBd29/uSa9OJhQtp9tRlY26BBX7meoLdsOVexkoL1PugZCGUvJlA7vpgJ0CEAmEgVyBkhBKJweLvp9i6DPdyGmAc
IP 172.67.206.114:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (49342), with CRLF line terminators
Hash 4a128732c968f725d727aa41ff73fc20
4b4b3ffd662406247496a56006b8e3e4218220d1
4258f30b34b2a4ffdf3973a8d6a8d119a1724cb1439fe8067816ed1eb985a79b
GET /url-generator.php?url=onAhF5ZLCDGjfP3AAUIv/XlRmDn+wudFEkfnJ7uEgBd29/uSa9OJhQtp9tRlY26BBX7meoLdsOVexkoL1PugZCGUvJlA7vpgJ0CEAmEgVyBkhBKJweLvp9i6DPdyGmAc HTTP/1.1
Host: bluemediafiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 15:10:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-Download-Options: noopen
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B%2FJrnpyM0pjrfGSnHJGbYZMrSRr9YKpcVVfdgZkOGXTrIUchb6ND0sS98tL0YsNv0bPY75OrlF5VDoo6ayY7GWsA2ND2L7HElIMMZsbDg5vEKLMAUG1ZVntCBBvlHGvYh%2B5zhKc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f31266ec410af6-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3763
Expires: Thu, 24 Nov 2022 16:13:14 GMT
Date: Thu, 24 Nov 2022 15:10:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 260e9998c20d831b66f1029c8f47aac9
716d630f647c54dc69a7f9c63a6cac294b3df7f7
c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10079
Expires: Thu, 24 Nov 2022 17:58:30 GMT
Date: Thu, 24 Nov 2022 15:10:31 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af40a2fcf8debb90c3608002da6c907a
3c75d6c0b557a3bd8d5db50155b8d896e852c145
555617a51ee3077552545a29a3baf0b43e8a82367e4c08110ee480ebedc8b523
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5853
Cache-Control: max-age=161893
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 15:10:31 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 12:08:44 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: X2+08zuzIJ644L683/US8yT8oqDDf8a3PNFpJ3Ph3RqkXplc9MvZu/Z3NWGydGvjEiuQU/HI/Ow=
x-amz-request-id: BPN174B2R62X82XS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 24 Nov 2022 14:40:26 GMT
age: 1805
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 24 Nov 2022 14:17:18 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3193
alt-svc: clear
X-Firefox-Spdy: h2
bluemediafiles.com/img/FNF.jpg
172.67.206.114200 OK 25 kB URL HTTP/1.1 bluemediafiles.com/img/FNF.jpg
IP 172.67.206.114:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 369x325, components 3\012- data
Hash 7418012172aa768421d58dd355d161ee
59d544071c9e9989a184fd9478fb2d9c7b2e311e
20ed5ba08f022de75d81c278a9a1660119161d8790202828035b67170ad1b68c
GET /img/FNF.jpg HTTP/1.1
Host: bluemediafiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bluemediafiles.com/url-generator.php?url=onAhF5ZLCDGjfP3AAUIv/XlRmDn+wudFEkfnJ7uEgBd29/uSa9OJhQtp9tRlY26BBX7meoLdsOVexkoL1PugZCGUvJlA7vpgJ0CEAmEgVyBkhBKJweLvp9i6DPdyGmAc
Connection: keep-alive
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 15:10:31 GMT
Content-Type: image/jpeg
Content-Length: 24818
Connection: keep-alive
Last-Modified: Sun, 07 Mar 2021 22:22:08 GMT
Vary: Accept-Encoding
ETag: "60455210-60f2"
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-Download-Options: noopen
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4228
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZfViGLlaIPCPtzUBx%2BXDfS9VcFC1xUvfsMZA0ZGd8nKUzTzp8S6xuJtBfDZbgAJi6mMsyP%2BzbcLT%2FxypoH0KF1TYdK8v75ldjLTaTjIhv%2Be4EqjBroTZy56U0Te4FVVKLrurAn4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f31268bdd20af6-OSL
alt-svc: h2=":443"; ma=60
bluemediafiles.com/sw.js
172.67.206.114200 OK 40 kB IP 172.67.206.114:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash eee22552773b2a7908bdcb36e1b4b189
6370a4892c7b8f6d1df7bfd5b44702faa182e141
af2ec8ae8876d2957f7b37441451a201b177cb90552b1b998fad6ae4e34251a1
Analyzer Verdict Alert fortinet Malware
GET /sw.js HTTP/1.1
Host: bluemediafiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bluemediafiles.com/url-generator.php?url=onAhF5ZLCDGjfP3AAUIv/XlRmDn+wudFEkfnJ7uEgBd29/uSa9OJhQtp9tRlY26BBX7meoLdsOVexkoL1PugZCGUvJlA7vpgJ0CEAmEgVyBkhBKJweLvp9i6DPdyGmAc
Connection: keep-alive
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 15:10:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 31 Mar 2022 14:18:59 GMT
Vary: Accept-Encoding
ETag: W/"6245b853-19279"
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-Download-Options: noopen
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4228
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9cTuluMqW8i4ExqDVPYJTnQZZTq5MsuUTxM3pQz850XFwvYfjR8q0iAAvPSr14oKqvTBYy%2BrWH03pqhSBiS4GBEACZ8NJ7%2B9jbh62OXuul2Dzjk2qRJuDVlzJceFfDtRLLEH2Sc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f31268cde10af6-OSL
alt-svc: h2=":443"; ma=60
bluemediafiles.com/img/AdblockDetected.jpg
172.67.206.114200 OK 1.8 kB URL HTTP/1.1 bluemediafiles.com/img/AdblockDetected.jpg
IP 172.67.206.114:0
File type PNG image data, 110 x 110, 8-bit colormap, non-interlaced\012- data
Hash 9cdc27677a5cb0141819b1568704ed75
61c073267ac68d157c7ce3fbe8a08c9be4d7607f
9ee2d8c99591cd61d18edd30a3b241c6198c3f76fbb05f9a9ea6e5a98c4f1f1b
GET /img/AdblockDetected.jpg HTTP/1.1
Host: bluemediafiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bluemediafiles.com/url-generator.php?url=onAhF5ZLCDGjfP3AAUIv/XlRmDn+wudFEkfnJ7uEgBd29/uSa9OJhQtp9tRlY26BBX7meoLdsOVexkoL1PugZCGUvJlA7vpgJ0CEAmEgVyBkhBKJweLvp9i6DPdyGmAc
Connection: keep-alive
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 15:10:31 GMT
Content-Type: image/jpeg
Content-Length: 1849
Connection: keep-alive
Last-Modified: Sat, 28 Sep 2019 21:03:28 GMT
Vary: Accept-Encoding
ETag: "5d8fcaa0-739"
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-Download-Options: noopen
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4228
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VyDF1kqf6PEm3VyZbX3lKgGB0OU0ErLt0g2zj0dMPBOeqhgubEl9j82XLNEiF8fXwVcLJW%2B1VcuFvSIS19bCJ3dC%2FF5L%2FvXaVVFtY65rxYDSR9RzKqLA%2BtkYFKWnzprtK%2F8scvw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f31268cf2bb524-OSL
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 15:10:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dd0dd96ca622aa07354fabdd0da767bf
a29eaa02a81dabed2c12be20a89d65a5a0417524
6a670e9031ec8c94bdc91c47a2d6a4ca2bd95fe032fec28888a8e6d7dc163cb4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 15:10:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 15:10:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
142.250.74.170200 OK 31 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (65451)
Hash 81182f4b684635f6bdcbdd907ee66f25
a1f2f151df72ede41397c8131bd47a3ce85575b3
be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 17:00:13 GMT
expires: Wed, 22 Nov 2023 17:00:13 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 166218
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-155998700-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-155998700-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 1ad5f04f8e943593026ae1bd711218e0
c06d54f6fb69b3459699ffc72063ce80d7da3086
252841320c16d0332a261ff2480b8edbe32804ceba893d40ba6af170d9910fb1
GET /gtag/js?id=UA-155998700-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 24 Nov 2022 15:10:31 GMT
expires: Thu, 24 Nov 2022 15:10:31 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43682
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 15:10:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dd0dd96ca622aa07354fabdd0da767bf
a29eaa02a81dabed2c12be20a89d65a5a0417524
6a670e9031ec8c94bdc91c47a2d6a4ca2bd95fe032fec28888a8e6d7dc163cb4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 15:10:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 222bbd95f1b1877bde7ce14770d860b5
9edd497f9a292def8c5ac4f12cc681de3e0b89f0
3abc8f9918ec0ef554aff4577b034c32b471ca4e173d9096b3ad450a790bb070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3ABC8F9918EC0EF554AFF4577B034C32B471CA4E173D9096B3AD450A790BB070"
Last-Modified: Tue, 22 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9199
Expires: Thu, 24 Nov 2022 17:43:50 GMT
Date: Thu, 24 Nov 2022 15:10:31 GMT
Connection: keep-alive
d301cxwfymy227.cloudfront.net/?fwxcd=809779
54.230.245.195200 OK 189 kB URL HTTP/1.1 d301cxwfymy227.cloudfront.net/?fwxcd=809779
IP 54.230.245.195:0
File type Unicode text, UTF-8 text, with very long lines (15945)
Size 189 kB (188705 bytes)
Hash ed7e13b4ed8fd68fa1e358334dcc369f
102ec46817880d13f54a03438bbb0680527843bf
d2de150fa89c7b7a1c95f64ea7c9ede66ff86dda141cbd6de314898eee973ad3
GET /?fwxcd=809779 HTTP/1.1
Host: d301cxwfymy227.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bluemediafiles.com/
Connection: keep-alive
HTTP/1.1 200 OK
Content-Length: 188705
Connection: keep-alive
Date: Thu, 24 Nov 2022 15:10:31 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: G6c8fslFebPbP4ZnhiWckqMH2fQyM0SnpPZ2kOEv68MB4x7ejSQwTQ==
hw.ascentcolley.com/f637b6d7bf2fff637b6d7bf3000/48166
23.109.82.101200 OK 26 B URL HTTP/1.1 hw.ascentcolley.com/f637b6d7bf2fff637b6d7bf3000/48166
IP 23.109.82.101:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /f637b6d7bf2fff637b6d7bf3000/48166 HTTP/1.1
Host: hw.ascentcolley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 15:10:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://bluemediafiles.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Fri, 25-Nov-2022 15:10:31 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Fri, 25-Nov-2022 15:10:31 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
choobinoobi.com/RXJrazk%2BUBgcZjAAB0kDZxofH0l%2FXUQJVTAXBg5dLBMNAlUgAUUIVihdGBwXLwFJRxs2Hw1JA3ReSRhUM1BRSQ1rQUlHGzETDDRQIVBRSQB2QlhSDGdeSRhMJy0CDwtnSElfAXxDD1oMIV8OXwFxX19dWiRfUw8Ld18NCF8mEF8OCyRHXl4bOA
52.20.131.174502 Bad Gateway 0 B URL HTTP/1.1 choobinoobi.com/RXJrazk%2BUBgcZjAAB0kDZxofH0l%2FXUQJVTAXBg5dLBMNAlUgAUUIVihdGBwXLwFJRxs2Hw1JA3ReSRhUM1BRSQ1rQUlHGzETDDRQIVBRSQB2QlhSDGdeSRhMJy0CDwtnSElfAXxDD1oMIV8OXwFxX19dWiRfUw8Ld18NCF8mEF8OCyRHXl4bOA
IP 52.20.131.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /RXJrazk%2BUBgcZjAAB0kDZxofH0l%2FXUQJVTAXBg5dLBMNAlUgAUUIVihdGBwXLwFJRxs2Hw1JA3ReSRhUM1BRSQ1rQUlHGzETDDRQIVBRSQB2QlhSDGdeSRhMJy0CDwtnSElfAXxDD1oMIV8OXwFxX19dWiRfUw8Ld18NCF8mEF8OCyRHXl4bOA HTTP/1.1
Host: choobinoobi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bluemediafiles.com/
Connection: keep-alive
HTTP/1.1 502 Bad Gateway
Server: openresty/1.15.8.3
Date: Thu, 24 Nov 2022 15:10:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: 4b9f0e8e79a8d135ce1c622258109cc0=1; Max-Age=604800
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: X-Requested-With,content-type
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4f86e152e080297ee8cba39a80a13e38
f916875bce604836a95a022234321e02b375bb67
0ad073449cdc28013c246ef309c9c3792f582172d4686af74f0b737cb68df6f1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0AD073449CDC28013C246EF309C9C3792F582172D4686AF74F0B737CB68DF6F1"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4654
Expires: Thu, 24 Nov 2022 16:28:06 GMT
Date: Thu, 24 Nov 2022 15:10:32 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4f86e152e080297ee8cba39a80a13e38
f916875bce604836a95a022234321e02b375bb67
0ad073449cdc28013c246ef309c9c3792f582172d4686af74f0b737cb68df6f1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0AD073449CDC28013C246EF309C9C3792F582172D4686AF74F0B737CB68DF6F1"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4654
Expires: Thu, 24 Nov 2022 16:28:06 GMT
Date: Thu, 24 Nov 2022 15:10:32 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4f86e152e080297ee8cba39a80a13e38
f916875bce604836a95a022234321e02b375bb67
0ad073449cdc28013c246ef309c9c3792f582172d4686af74f0b737cb68df6f1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0AD073449CDC28013C246EF309C9C3792F582172D4686AF74F0B737CB68DF6F1"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4654
Expires: Thu, 24 Nov 2022 16:28:06 GMT
Date: Thu, 24 Nov 2022 15:10:32 GMT
Connection: keep-alive
mantedtonisms.com/Y3paODACGDlVDwJHOB5FERZnHQIlX2h+VFBKa1tIFBwjVUlRSG0WUw8VL1xWERU0TB4NHy4dAiUJFApXUDc2emUhSzZtUlM3GG1HWhUYCXUiOA1TYiIRCFxgCB4MXl0XCg1PYlQsHn4IJxIcf3sPNAx6SDJCDF9qMj5pYmMhFgtoaTE/EG0BIQ4bCAUnKzABUzUsb1x5JSMDamZbQgtPaTEoIH17ISwycX81CR9uWAcTOW4AOTs0bXY0OGN+fzURF291NhAfVF8rIhlpYzQdOXxpIRYDfVcmKR9UXysoDlRqOx0XYGlQLBR6YSoVG25HMDsIcWM0HXdccSkSEFpUBDQ9eVs6Mh0LZSUtHHpoLkstcHUEOw16ZgQ9G1VxJC0bYWg6HTl3aAg7a21hByocCnobLQtbeAUdPndhBEMyHloQFTRIDSojY1RcLxw7c1Y
54.230.111.116200 OK 1.2 kB URL HTTP/1.1 mantedtonisms.com/Y3paODACGDlVDwJHOB5FERZnHQIlX2h+VFBKa1tIFBwjVUlRSG0WUw8VL1xWERU0TB4NHy4dAiUJFApXUDc2emUhSzZtUlM3GG1HWhUYCXUiOA1TYiIRCFxgCB4MXl0XCg1PYlQsHn4IJxIcf3sPNAx6SDJCDF9qMj5pYmMhFgtoaTE/EG0BIQ4bCAUnKzABUzUsb1x5JSMDamZbQgtPaTEoIH17ISwycX81CR9uWAcTOW4AOTs0bXY0OGN+fzURF291NhAfVF8rIhlpYzQdOXxpIRYDfVcmKR9UXysoDlRqOx0XYGlQLBR6YSoVG25HMDsIcWM0HXdccSkSEFpUBDQ9eVs6Mh0LZSUtHHpoLkstcHUEOw16ZgQ9G1VxJC0bYWg6HTl3aAg7a21hByocCnobLQtbeAUdPndhBEMyHloQFTRIDSojY1RcLxw7c1Y
IP 54.230.111.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Hash d735680e7f82a938eb19e6c0701c078f
511c8114ece42661f9b0e645ad5b504e3ead5aee
a7c4f3d91e4b07eb0803fcac757d5c2fcc1a2716161d18d569ef58dbda5569e6
Analyzer Verdict Alert fortinet Phishing
GET /Y3paODACGDlVDwJHOB5FERZnHQIlX2h+VFBKa1tIFBwjVUlRSG0WUw8VL1xWERU0TB4NHy4dAiUJFApXUDc2emUhSzZtUlM3GG1HWhUYCXUiOA1TYiIRCFxgCB4MXl0XCg1PYlQsHn4IJxIcf3sPNAx6SDJCDF9qMj5pYmMhFgtoaTE/EG0BIQ4bCAUnKzABUzUsb1x5JSMDamZbQgtPaTEoIH17ISwycX81CR9uWAcTOW4AOTs0bXY0OGN+fzURF291NhAfVF8rIhlpYzQdOXxpIRYDfVcmKR9UXysoDlRqOx0XYGlQLBR6YSoVG25HMDsIcWM0HXdccSkSEFpUBDQ9eVs6Mh0LZSUtHHpoLkstcHUEOw16ZgQ9G1VxJC0bYWg6HTl3aAg7a21hByocCnobLQtbeAUdPndhBEMyHloQFTRIDSojY1RcLxw7c1Y HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bluemediafiles.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1187
Connection: keep-alive
Date: Thu, 24 Nov 2022 15:10:32 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: OwtmiRL7t9B6j1Fw2d297IfLicba_jX2cHTgVjKS0h4w_rEx8SnWnw==
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dbf67e3775d6e7826199116b4c8cf056
53101e7f23d7b1ad510f41572c86e864c18a0c5e
0498296323143365a1589ec5708cc71735e975d60d5e6770d16549b06b599ef0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0498296323143365A1589EC5708CC71735E975D60D5E6770D16549B06B599EF0"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21331
Expires: Thu, 24 Nov 2022 21:06:03 GMT
Date: Thu, 24 Nov 2022 15:10:32 GMT
Connection: keep-alive
mantedtonisms.com/M0tLcXFSKSgcTlJ2KVcEQSd2VEN1bnk3FQB7ehIJRC0yHAgBeXxfEl8kPhUXQSQlBV9dLj9UQ3UABSc3Xh0cKyZjLCwLJmYOfzAcWy0KJidhEh08JXwzHkcydh04NBZEHxobEgASJ0k0VzMCBzBUIyMgNVgDHAsrUSg8PxN+Jz8aIHUaejM2WxgOCCRkBCxBOHwKIB0zAx4hMgtYGBxCEmcFDQUoYyM8STJfIDwgQ1AsCjlIZCgNIDdWGQ5JMnUObkMzdhgRNTMBDgI4JH4DEicVXxgKJ0FlGS81MwEOGSEwVA8RJD9eAQkzG2UieiAwaxkdN0F+AxIjXGIhGgYoYh15JyV0eQ0hEnUaDT8WfnkPJwEDHQk/JHEcCSYrZSgNKDR9JR0dPAcNDzAwZCInNStKCg4oJ318HRk8WBx5IFdZOCQfAQ4/EgQGVRp8SEA
54.230.111.116200 OK 1.2 kB URL HTTP/1.1 mantedtonisms.com/M0tLcXFSKSgcTlJ2KVcEQSd2VEN1bnk3FQB7ehIJRC0yHAgBeXxfEl8kPhUXQSQlBV9dLj9UQ3UABSc3Xh0cKyZjLCwLJmYOfzAcWy0KJidhEh08JXwzHkcydh04NBZEHxobEgASJ0k0VzMCBzBUIyMgNVgDHAsrUSg8PxN+Jz8aIHUaejM2WxgOCCRkBCxBOHwKIB0zAx4hMgtYGBxCEmcFDQUoYyM8STJfIDwgQ1AsCjlIZCgNIDdWGQ5JMnUObkMzdhgRNTMBDgI4JH4DEicVXxgKJ0FlGS81MwEOGSEwVA8RJD9eAQkzG2UieiAwaxkdN0F+AxIjXGIhGgYoYh15JyV0eQ0hEnUaDT8WfnkPJwEDHQk/JHEcCSYrZSgNKDR9JR0dPAcNDzAwZCInNStKCg4oJ318HRk8WBx5IFdZOCQfAQ4/EgQGVRp8SEA
IP 54.230.111.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash e81e166cfffcc8fb45644db57f954458
a11d6acbcc69e022198a9deac0d31e6ab970da76
a4f04ce7b6506582da699d9881b89e8843db2687bb82b0679a9db49b1b24e461
Analyzer Verdict Alert fortinet Phishing
GET /M0tLcXFSKSgcTlJ2KVcEQSd2VEN1bnk3FQB7ehIJRC0yHAgBeXxfEl8kPhUXQSQlBV9dLj9UQ3UABSc3Xh0cKyZjLCwLJmYOfzAcWy0KJidhEh08JXwzHkcydh04NBZEHxobEgASJ0k0VzMCBzBUIyMgNVgDHAsrUSg8PxN+Jz8aIHUaejM2WxgOCCRkBCxBOHwKIB0zAx4hMgtYGBxCEmcFDQUoYyM8STJfIDwgQ1AsCjlIZCgNIDdWGQ5JMnUObkMzdhgRNTMBDgI4JH4DEicVXxgKJ0FlGS81MwEOGSEwVA8RJD9eAQkzG2UieiAwaxkdN0F+AxIjXGIhGgYoYh15JyV0eQ0hEnUaDT8WfnkPJwEDHQk/JHEcCSYrZSgNKDR9JR0dPAcNDzAwZCInNStKCg4oJ318HRk8WBx5IFdZOCQfAQ4/EgQGVRp8SEA HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bluemediafiles.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1185
Connection: keep-alive
Date: Thu, 24 Nov 2022 15:10:32 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2xpiK87ePh_l84ZowjU6SK6XxYkMJOLTQDjOlT9SwgXY4FlI35D8FA==
mantedtonisms.com/NWd3NThUBRRYB1RaFRNNRwtKEApzQkVzXAZXRlZAQgEOWEEHVUAbW1kIAlFeRwgZQRZbAgMQCnMeElhQbwMgWmJ3HRRhbmRTNWVtXTQkY0hANiF/W3QOGFR6dBche21WCjZZeUIqNHwBcjU2VmB0Ljp9fngCNnRAXjUiQm92MxRmbgQQOXtAbz8kBQwBIiZdcG0vT3R7BQQxe18NIzFSaQEyMVIAbT8Tc2wFDy5WaXwjMXRPByYfWV5iChxXcFleFlRtZwYhc1ANNR5dXmIKHHZ5TTUSV253PThwCUc1JX91bS8PcnNzXhZUaVYELwRLbDUxRWhnClpZW2FXH2xoXSY9cGlRXyVMQHwwMF1+YgwDbFlzJS5mXwEQNUIAViUOc2liIw9vWWAlMmZTARQkc0sTDQRaVkVaGwd0TV8ecHByFj5cDk0DMg
54.230.111.116200 OK 1.2 kB URL HTTP/1.1 mantedtonisms.com/NWd3NThUBRRYB1RaFRNNRwtKEApzQkVzXAZXRlZAQgEOWEEHVUAbW1kIAlFeRwgZQRZbAgMQCnMeElhQbwMgWmJ3HRRhbmRTNWVtXTQkY0hANiF/W3QOGFR6dBche21WCjZZeUIqNHwBcjU2VmB0Ljp9fngCNnRAXjUiQm92MxRmbgQQOXtAbz8kBQwBIiZdcG0vT3R7BQQxe18NIzFSaQEyMVIAbT8Tc2wFDy5WaXwjMXRPByYfWV5iChxXcFleFlRtZwYhc1ANNR5dXmIKHHZ5TTUSV253PThwCUc1JX91bS8PcnNzXhZUaVYELwRLbDUxRWhnClpZW2FXH2xoXSY9cGlRXyVMQHwwMF1+YgwDbFlzJS5mXwEQNUIAViUOc2liIw9vWWAlMmZTARQkc0sTDQRaVkVaGwd0TV8ecHByFj5cDk0DMg
IP 54.230.111.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3030), with no line terminators
Hash 27c8532a13a0cc6e8456de791996189c
b8420f6403e10aff0900c022dba235aaaa53b536
2e5cffb82e64587e81ef68d6dc91565af47a45f66873cc68f8dd7378193aa831
Analyzer Verdict Alert fortinet Phishing
GET /NWd3NThUBRRYB1RaFRNNRwtKEApzQkVzXAZXRlZAQgEOWEEHVUAbW1kIAlFeRwgZQRZbAgMQCnMeElhQbwMgWmJ3HRRhbmRTNWVtXTQkY0hANiF/W3QOGFR6dBche21WCjZZeUIqNHwBcjU2VmB0Ljp9fngCNnRAXjUiQm92MxRmbgQQOXtAbz8kBQwBIiZdcG0vT3R7BQQxe18NIzFSaQEyMVIAbT8Tc2wFDy5WaXwjMXRPByYfWV5iChxXcFleFlRtZwYhc1ANNR5dXmIKHHZ5TTUSV253PThwCUc1JX91bS8PcnNzXhZUaVYELwRLbDUxRWhnClpZW2FXH2xoXSY9cGlRXyVMQHwwMF1+YgwDbFlzJS5mXwEQNUIAViUOc2liIw9vWWAlMmZTARQkc0sTDQRaVkVaGwd0TV8ecHByFj5cDk0DMg HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bluemediafiles.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1180
Connection: keep-alive
Date: Thu, 24 Nov 2022 15:10:32 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: qrt4Lol2CqxFK6ygBbTL-t7hZZmBpUV6tfOC47mFwuj7hTV234jMTw==
lj.euscarosheaf.com/style.css?cb=2023964
23.109.82.97200 OK 89 B URL HTTP/1.1 lj.euscarosheaf.com/style.css?cb=2023964
IP 23.109.82.97:0
File type ASCII text, with no line terminators
Hash fdb451429ddf56c453b44f3ee918f193
36ee16a30afd5bddb6403a7ebc26a6ab5d468732
0d45ae3b6a1eca63962a2270a78fb109b412c9758fd069539b98e17f9854ff9a
GET /style.css?cb=2023964 HTTP/1.1
Host: lj.euscarosheaf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 15:10:32 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://bluemediafiles.com
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, megageocheckolololo
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Fri, 25-Nov-2022 15:10:32 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Fri, 25-Nov-2022 15:10:32 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
mantedtonisms.com/V3JFb2g2ECYCVzZPJ0kdJR54SloRV3cpDGRCdAwQIBQ8AhFlQHJBCzsdMAsOJR0rG0Y5FzFKWhELJisyIyR1ADwAIwgXDAYgIyw/JwgUGDINKyslPw8wcVsiFjMJITwaOAwnWDw9KyIhNRsmWwoWIAgsPydEEwMHGj0WXiYSMyJaIwJCDTwSDgcACBwNERFbKQAjHx4hL0sCKys0Rg05Bw09EhguAUMEWSIGAiMuPCQAEz45JSsoPSkSQ3wBMTAWIy4SGh4HXz4eKB0ADQYZLQMNPDcCPlozBBRcOh4oHQAgDwULBw47JwMjWx1GFCpdNSt3ViwzN2gHBDIVDy47ECMJPjkNKyA3GA03dFYGGyATOSo9GjM+BhUUH1wcFjApFwYyQxAqMAM3Ly4EGj4KKyIBMAYbBTIZEDYwDzdgXS4DIyZJAiQdKx9VDxYGPyMeH3wXMB0d
54.230.111.116200 OK 1.2 kB URL HTTP/1.1 mantedtonisms.com/V3JFb2g2ECYCVzZPJ0kdJR54SloRV3cpDGRCdAwQIBQ8AhFlQHJBCzsdMAsOJR0rG0Y5FzFKWhELJisyIyR1ADwAIwgXDAYgIyw/JwgUGDINKyslPw8wcVsiFjMJITwaOAwnWDw9KyIhNRsmWwoWIAgsPydEEwMHGj0WXiYSMyJaIwJCDTwSDgcACBwNERFbKQAjHx4hL0sCKys0Rg05Bw09EhguAUMEWSIGAiMuPCQAEz45JSsoPSkSQ3wBMTAWIy4SGh4HXz4eKB0ADQYZLQMNPDcCPlozBBRcOh4oHQAgDwULBw47JwMjWx1GFCpdNSt3ViwzN2gHBDIVDy47ECMJPjkNKyA3GA03dFYGGyATOSo9GjM+BhUUH1wcFjApFwYyQxAqMAM3Ly4EGj4KKyIBMAYbBTIZEDYwDzdgXS4DIyZJAiQdKx9VDxYGPyMeH3wXMB0d
IP 54.230.111.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3042), with no line terminators
Hash f3a9ea773e47cd9f08a68b544e9c2a61
d27204d8ce5c41a44a55fb9b103afe7d8671268e
772f326c1e549f7c5807ed60b82ffa9aecfe258b525414806c1a78a5a8e3ec4b
Analyzer Verdict Alert fortinet Phishing
GET /V3JFb2g2ECYCVzZPJ0kdJR54SloRV3cpDGRCdAwQIBQ8AhFlQHJBCzsdMAsOJR0rG0Y5FzFKWhELJisyIyR1ADwAIwgXDAYgIyw/JwgUGDINKyslPw8wcVsiFjMJITwaOAwnWDw9KyIhNRsmWwoWIAgsPydEEwMHGj0WXiYSMyJaIwJCDTwSDgcACBwNERFbKQAjHx4hL0sCKys0Rg05Bw09EhguAUMEWSIGAiMuPCQAEz45JSsoPSkSQ3wBMTAWIy4SGh4HXz4eKB0ADQYZLQMNPDcCPlozBBRcOh4oHQAgDwULBw47JwMjWx1GFCpdNSt3ViwzN2gHBDIVDy47ECMJPjkNKyA3GA03dFYGGyATOSo9GjM+BhUUH1wcFjApFwYyQxAqMAM3Ly4EGj4KKyIBMAYbBTIZEDYwDzdgXS4DIyZJAiQdKx9VDxYGPyMeH3wXMB0d HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bluemediafiles.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1192
Connection: keep-alive
Date: Thu, 24 Nov 2022 15:10:32 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: XHe9_IclQdDvVAy_P2vX1p3zXrb7VE8ShBFBPnShhpGv-2xksWqPFg==
mantedtonisms.com/cXdLeFkQFSgVZhBKKV4sAxt2XWs3Unk+PUJHehshBhEyFSBDRXxWOh0YPhw/AxglDHcfEj9dazc5Hj8XHhYeSCM1NhIoOhgmADwfI0YSFA8QIHgUazIlOD8QCDUuMhseARsuAxQgCBQpNB8JGjgIJhE8HyNOLx9hOzUyCC0jJnswFRxGGCw+FgcGFGwSIzETPjU2BS0WNUMDPAhJHBsfADwjMR8hKRAePxcLHBs6GBkYEhEPFSV4SWgkISM6FhscBTwYKEECSAMQIBg1MiMbOyI/NjUFLxwJUnk6HBotKi8NHkIPLmwVFgw1MSUhP0ESNyEoLBFFJBkUdAEtGwEDNiAyEGEoMRE/DiYlei0PFjgAPBQ4NXsAfEMxDRQfKCADST4kGyMhODY9Hzw+MFJ5PhcgIgM9DhkeAS41KxIDTQ0lHzMPACBRIQs2Hwd2NCoTGn5OaBVOOgBr
54.230.111.116200 OK 1.2 kB URL HTTP/1.1 mantedtonisms.com/cXdLeFkQFSgVZhBKKV4sAxt2XWs3Unk+PUJHehshBhEyFSBDRXxWOh0YPhw/AxglDHcfEj9dazc5Hj8XHhYeSCM1NhIoOhgmADwfI0YSFA8QIHgUazIlOD8QCDUuMhseARsuAxQgCBQpNB8JGjgIJhE8HyNOLx9hOzUyCC0jJnswFRxGGCw+FgcGFGwSIzETPjU2BS0WNUMDPAhJHBsfADwjMR8hKRAePxcLHBs6GBkYEhEPFSV4SWgkISM6FhscBTwYKEECSAMQIBg1MiMbOyI/NjUFLxwJUnk6HBotKi8NHkIPLmwVFgw1MSUhP0ESNyEoLBFFJBkUdAEtGwEDNiAyEGEoMRE/DiYlei0PFjgAPBQ4NXsAfEMxDRQfKCADST4kGyMhODY9Hzw+MFJ5PhcgIgM9DhkeAS41KxIDTQ0lHzMPACBRIQs2Hwd2NCoTGn5OaBVOOgBr
IP 54.230.111.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3041), with no line terminators
Hash 734b732f8fe4415f77f2e68aa06d90b6
b9ca1a64edeb12d94bca8d4fe15f2392d43abe84
7906fc0bc0db911bca1a8a095616c1989ca41e907af56bfb5621a62227abdf6b
Analyzer Verdict Alert fortinet Phishing
GET /cXdLeFkQFSgVZhBKKV4sAxt2XWs3Unk+PUJHehshBhEyFSBDRXxWOh0YPhw/AxglDHcfEj9dazc5Hj8XHhYeSCM1NhIoOhgmADwfI0YSFA8QIHgUazIlOD8QCDUuMhseARsuAxQgCBQpNB8JGjgIJhE8HyNOLx9hOzUyCC0jJnswFRxGGCw+FgcGFGwSIzETPjU2BS0WNUMDPAhJHBsfADwjMR8hKRAePxcLHBs6GBkYEhEPFSV4SWgkISM6FhscBTwYKEECSAMQIBg1MiMbOyI/NjUFLxwJUnk6HBotKi8NHkIPLmwVFgw1MSUhP0ESNyEoLBFFJBkUdAEtGwEDNiAyEGEoMRE/DiYlei0PFjgAPBQ4NXsAfEMxDRQfKCADST4kGyMhODY9Hzw+MFJ5PhcgIgM9DhkeAS41KxIDTQ0lHzMPACBRIQs2Hwd2NCoTGn5OaBVOOgBr HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bluemediafiles.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1192
Connection: keep-alive
Date: Thu, 24 Nov 2022 15:10:32 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: aPDRNh75nCvBUHjJZcjEmcLYwP3-ZtC72gLiwY7XwYUg5qZv7LRUDA==
hw.ascentcolley.com/f637b6d7bf2fff637b6d7bf3000/48166
23.109.82.101200 OK 26 B URL HTTP/1.1 hw.ascentcolley.com/f637b6d7bf2fff637b6d7bf3000/48166
IP 23.109.82.101:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /f637b6d7bf2fff637b6d7bf3000/48166 HTTP/1.1
Host: hw.ascentcolley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 15:10:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://bluemediafiles.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3b0c4eaecf89ae5b6f2cdd6ca341deae
909e636a8708035d537ebefefe035b6870cbea9b
4e06ee62f72f626412e7f450028aa23aee0d70f910220580c669ad1e0a457b14
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3658
Cache-Control: max-age=109995
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 15:10:32 GMT
Etag: "637e85c9-118"
Expires: Fri, 25 Nov 2022 21:43:47 GMT
Last-Modified: Wed, 23 Nov 2022 20:42:49 GMT
Server: ECS (amb/6B9F)
X-Cache: HIT
Content-Length: 280
engingsecondu.com/VjNndDF5DAQHDAx2LS5QAwoyEVw+UgEia2dqIU0UZHUyGmckZFQXFyJaA0kJZAVVRgVwQw4QDGUBQQdFN0cSBwxnFQ4aVzkOQQIMZh1fWgBkHVdSRGsCQQBBN1RaRRcmRxMYDGcFUU0CZgFRRwBuBV8
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/VjNndDF5DAQHDAx2LS5QAwoyEVw+UgEia2dqIU0UZHUyGmckZFQXFyJaA0kJZAVVRgVwQw4QDGUBQQdFN0cSBwxnFQ4aVzkOQQIMZh1fWgBkHVdSRGsCQQBBN1RaRRcmRxMYDGcFUU0CZgFRRwBuBV8
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VjNndDF5DAQHDAx2LS5QAwoyEVw+UgEia2dqIU0UZHUyGmckZFQXFyJaA0kJZAVVRgVwQw4QDGUBQQdFN0cSBwxnFQ4aVzkOQQIMZh1fWgBkHVdSRGsCQQBBN1RaRRcmRxMYDGcFUU0CZgFRRwBuBV8 HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 15:10:32 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ni3e34aTrAvSbRJ3TuoIHZqGLp8VgoF4D99%2BE768SalB2ExdDTkiaDavFRd34cicrBLkUkArdjEaGymfPXZAiqrAxQ6CIftYHR%2Fwg6pSUmLUAW%2Bwj9CE%2Fx6Mz%2B8XQ7dAPN8CRw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f3126bbe53b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bookljlihooli.com/utx?tid=930395&top=bluemediafiles.com&cb=i794of0IPpVt
54.230.111.117204 0 B URL HTTP/1.1 bookljlihooli.com/utx?tid=930395&top=bluemediafiles.com&cb=i794of0IPpVt
IP 54.230.111.117:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?tid=930395&top=bluemediafiles.com&cb=i794of0IPpVt HTTP/1.1
Host: bookljlihooli.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bluemediafiles.com/
Origin: http://bluemediafiles.com
Connection: keep-alive
HTTP/1.1 204
Content-Type: text/plain
Connection: keep-alive
Date: Thu, 24 Nov 2022 15:10:32 GMT
Server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://bluemediafiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
Set-Cookie: ut=x; Expires=Thu, 24 Nov 2022 15:11:32 GMT; Max-Age=60
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: la04g7nbs85Ig6ZcYhU3OxROxPuG_9huDZoAsGTYR6M0DWXGEgAe-g==
engingsecondu.com/WGxVOUJ3UzZKfww5BE4baSpgWgMWDg9hLmsuOWMyPTQEcRVqNXNNKzxRbQl7b1tsHzIxCGgIZCsYNE03K1FkHys2CjoEZC5RZBdxbEJmCGxpSiAEc34YJVglZV1zSTYsAGgIdG5VZglwbl9kAXBo
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/WGxVOUJ3UzZKfww5BE4baSpgWgMWDg9hLmsuOWMyPTQEcRVqNXNNKzxRbQl7b1tsHzIxCGgIZCsYNE03K1FkHys2CjoEZC5RZBdxbEJmCGxpSiAEc34YJVglZV1zSTYsAGgIdG5VZglwbl9kAXBo
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WGxVOUJ3UzZKfww5BE4baSpgWgMWDg9hLmsuOWMyPTQEcRVqNXNNKzxRbQl7b1tsHzIxCGgIZCsYNE03K1FkHys2CjoEZC5RZBdxbEJmCGxpSiAEc34YJVglZV1zSTYsAGgIdG5VZglwbl9kAXBo HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 15:10:32 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g4F1KDuMAGWmkEwrfDhD8IK9qchPCJQ6TpxPRtTUeEauc5wqDOyZDdmUiNSQ%2BUj6XIrJLaunmamj7KSV8LYmgdDBT3bz8NC5HnFux4D7ww5qDjAT9n5SKxectVuVNAh9N0knEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f3126bbe4eb52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
engingsecondu.com/Q01xeXhschIKRSF/ASg1KCkmLi8aDxIvSRAUIDddcQsmP0kpDykgXjckFURAcH9GTUBlPRgdRXJ1VwoMIjkECkVyaxgXHixwVw9FcmNBV0ptf1cMRXJrBQkZJHBAXwg3OR1ESXV7SEpIcXtCSEB3eg
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/Q01xeXhschIKRSF/ASg1KCkmLi8aDxIvSRAUIDddcQsmP0kpDykgXjckFURAcH9GTUBlPRgdRXJ1VwoMIjkECkVyaxgXHixwVw9FcmNBV0ptf1cMRXJrBQkZJHBAXwg3OR1ESXV7SEpIcXtCSEB3eg
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Q01xeXhschIKRSF/ASg1KCkmLi8aDxIvSRAUIDddcQsmP0kpDykgXjckFURAcH9GTUBlPRgdRXJ1VwoMIjkECkVyaxgXHixwVw9FcmNBV0ptf1cMRXJrBQkZJHBAXwg3OR1ESXV7SEpIcXtCSEB3eg HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 15:10:32 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5BaVc9RXvMzTpDqCqwEG9x8aQV4E2nerkQClaN0EBe5zO9T%2Bvkzq4jl4%2FQNL71%2B%2FZYuByizOiQNBp1fCZ%2FkNlg%2FfVN0l0JtKuohXg5j59M1UZzda6%2F2ISP5mK1tPPYnFuLZqDA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f3126bbe51b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
engingsecondu.com/aW5YdDVGUTsHCD1eLAZXByh9RnMKXygQZFpfYCFZASw9LE0zNh0fEx0HPEkNW1hqRgFPHjEQCFpcfgdBCBotBwhbXmhDEwAAPhsIW0guSQVHVnZFB0defgEIWEgsBFQOU2lSRR0aNEkEX1hhRwVbWGtFDV5e
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/aW5YdDVGUTsHCD1eLAZXByh9RnMKXygQZFpfYCFZASw9LE0zNh0fEx0HPEkNW1hqRgFPHjEQCFpcfgdBCBotBwhbXmhDEwAAPhsIW0guSQVHVnZFB0defgEIWEgsBFQOU2lSRR0aNEkEX1hhRwVbWGtFDV5e
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aW5YdDVGUTsHCD1eLAZXByh9RnMKXygQZFpfYCFZASw9LE0zNh0fEx0HPEkNW1hqRgFPHjEQCFpcfgdBCBotBwhbXmhDEwAAPhsIW0guSQVHVnZFB0defgEIWEgsBFQOU2lSRR0aNEkEX1hhRwVbWGtFDV5e HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 15:10:32 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3oHAy%2FyXkWYuNM1DthH7H4KCLezlNX%2BJ3KVkFeXtED05woiquxfdYCwkAQejGUEFehgiDAWat8Ged74IVSA8hDosph%2F43hbwMX8Kzd3vgkO0Wd%2BE3ZkuXvVl9IulR813eST2%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f3126bbe54b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
engingsecondu.com/OGJVMHcXXTZDSm4POWcSfRY4ZzBuIDZdTmE4PgVSCiQMZgNOMw1HUUwLMQ1ODFZiBEIeEjxUSglEJkQWTBcmDUYeCztWGAVEIw1GFlFhHkQJTGQWAgVTc0QHWQVoAVFIFiFcSglUYwlECFBjA0YAVmU
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/OGJVMHcXXTZDSm4POWcSfRY4ZzBuIDZdTmE4PgVSCiQMZgNOMw1HUUwLMQ1ODFZiBEIeEjxUSglEJkQWTBcmDUYeCztWGAVEIw1GFlFhHkQJTGQWAgVTc0QHWQVoAVFIFiFcSglUYwlECFBjA0YAVmU
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /OGJVMHcXXTZDSm4POWcSfRY4ZzBuIDZdTmE4PgVSCiQMZgNOMw1HUUwLMQ1ODFZiBEIeEjxUSglEJkQWTBcmDUYeCztWGAVEIw1GFlFhHkQJTGQWAgVTc0QHWQVoAVFIFiFcSglUYwlECFBjA0YAVmU HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 15:10:32 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oKYtB2ZM%2Fv%2BGsYX5POKa2Z0q5k0iH7OHNqWSd7G6uEy%2B%2FLsOPYgBx4WvJHr%2BGoNhHSYqsS4twxmGacGZrB2UJNf5wo6MaFOsKjZ8cgh2KHDgcNBE8apM%2B8EStwEn5sx79ltJtA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f3126bbe4fb52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bluemediafiles.com/imgads/CH2.gif
172.67.206.114200 OK 537 kB URL HTTP/2 bluemediafiles.com/imgads/CH2.gif
IP 172.67.206.114:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 537 kB (537432 bytes)
Hash dae31e55722e586281b36bc7ff2f9374
ceaf43445bd7752af1b2c2852ac83c2755289dd5
0fcde9a9e20ec3906b42f1d687e533c5353f0fedf87316d5e49cb0cc6b393009
GET /imgads/CH2.gif HTTP/1.1
Host: bluemediafiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 15:10:32 GMT
content-type: image/gif
content-length: 537432
last-modified: Mon, 14 Jun 2021 13:28:56 GMT
vary: Accept-Encoding
etag: "60c75998-83358"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
cache-control: max-age=14400
cf-cache-status: HIT
age: 6776
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qc5EObYMQZ2IKAnQIk9wY4TThnKYwdanaQBl1uxSUDNNAoZZHRVpd8Fwhywm%2FkhMiS6kRuGQOhm8DhZhZZMpos7%2Bi3UhBR6zA%2BcJ7Vv%2BZYlX8onraSZFnRYZAL66bPEGwAtndrY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f3126c78a7b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
engingsecondu.com/d1cxVlNYaFIlbiIfXR4FMhlbAj0xP1RkOzo0dhRjFgJ3ZjEvDhciOhNqCGVjQ2IJcCMeMwxkalEkRTcnAiQMZ3UeOVc5blEhDGd9R3kHZn1GcURrYlEjQTc0SmYXJicDOwxnZUFuAmZhQWQAbmZB
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/d1cxVlNYaFIlbiIfXR4FMhlbAj0xP1RkOzo0dhRjFgJ3ZjEvDhciOhNqCGVjQ2IJcCMeMwxkalEkRTcnAiQMZ3UeOVc5blEhDGd9R3kHZn1GcURrYlEjQTc0SmYXJicDOwxnZUFuAmZhQWQAbmZB
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d1cxVlNYaFIlbiIfXR4FMhlbAj0xP1RkOzo0dhRjFgJ3ZjEvDhciOhNqCGVjQ2IJcCMeMwxkalEkRTcnAiQMZ3UeOVc5blEhDGd9R3kHZn1GcURrYlEjQTc0SmYXJicDOwxnZUFuAmZhQWQAbmZB HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 15:10:32 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kinc0BqTDjzB6ydss0QHFhbYb8Gp3mMJ2ELTRWId98O5O1gvCuRYeieXePJ5LOpNGjBcnYSo7dlPFzP7DWAgVGFtzFChMIwm6sWkZyjJC63lB2v4zfZOHJ7rWvXlfy68K3yqFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f3126bbe52b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4f86e152e080297ee8cba39a80a13e38
f916875bce604836a95a022234321e02b375bb67
0ad073449cdc28013c246ef309c9c3792f582172d4686af74f0b737cb68df6f1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0AD073449CDC28013C246EF309C9C3792F582172D4686AF74F0B737CB68DF6F1"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4654
Expires: Thu, 24 Nov 2022 16:28:06 GMT
Date: Thu, 24 Nov 2022 15:10:32 GMT
Connection: keep-alive
d301cxwfymy227.cloudfront.net/sN2g3MlBUB1lUb0MBUw9oB1EABWkRAkRdPkdVfmtpWwR7VDF8DhFGKlNVBxQ8VgZQD3ZSBlQPYREJU1BtA05DQj9cVV5dIFYYRV88QwYRRzEKBVhIOVsEVhdicV0ZAnUFWB9FOVkMWEUjEloHXCQSWgcDYBlYEgESEloHRTlZXgMXY3VNBQIoAVwSARISWg-dAJhJbdgNgAkYHG3UFWFBXM1wHEgAWBVgGAmAGWAYXYgcOXkA1UQdPF2JxWQcHfgdOQg9h
54.230.245.195200 OK 620 B URL HTTP/1.1 d301cxwfymy227.cloudfront.net/sN2g3MlBUB1lUb0MBUw9oB1EABWkRAkRdPkdVfmtpWwR7VDF8DhFGKlNVBxQ8VgZQD3ZSBlQPYREJU1BtA05DQj9cVV5dIFYYRV88QwYRRzEKBVhIOVsEVhdicV0ZAnUFWB9FOVkMWEUjEloHXCQSWgcDYBlYEgESEloHRTlZXgMXY3VNBQIoAVwSARISWg-dAJhJbdgNgAkYHG3UFWFBXM1wHEgAWBVgGAmAGWAYXYgcOXkA1UQdPF2JxWQcHfgdOQg9h
IP 54.230.245.195:0
File type ASCII text, with very long lines (862), with no line terminators
Hash 39085fdda5b5ba5895ef25499075efcc
d01ec56a93f0ebffd726752384adce6a1bd3d012
588ca7a7468fe962f3a3f96e459f6a0d4b23c4c61a673ef5b2f1a33cb4e2b703
GET /sN2g3MlBUB1lUb0MBUw9oB1EABWkRAkRdPkdVfmtpWwR7VDF8DhFGKlNVBxQ8VgZQD3ZSBlQPYREJU1BtA05DQj9cVV5dIFYYRV88QwYRRzEKBVhIOVsEVhdicV0ZAnUFWB9FOVkMWEUjEloHXCQSWgcDYBlYEgESEloHRTlZXgMXY3VNBQIoAVwSARISWg-dAJhJbdgNgAkYHG3UFWFBXM1wHEgAWBVgGAmAGWAYXYgcOXkA1UQdPF2JxWQcHfgdOQg9h HTTP/1.1
Host: d301cxwfymy227.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mantedtonisms.com/
HTTP/1.1 200 OK
Content-Length: 620
Connection: keep-alive
Date: Thu, 24 Nov 2022 15:10:32 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: AvDlKLQ_vmbej6FMj-iEsSvUuBt8N0xNO-mXShzKznMENTL4H0DPkA==
d301cxwfymy227.cloudfront.net/KNVFmVWZWPggzWUE4AmhfAWVRYVMTOxU6CEVsEgwTQjc3Yl8EdxIvAghhQDkHWzZbcwNbMltkQFQ1BGhSEyUWOg0IOAklB0UjCzkSW3cTNFtYPhw8ClkwQ2cgAH9WcFQFeRE8CFE+ESZDB2EIIUMHYVdlSAV0VRdDB2ERPAgDZUNmJBBjVi1QAXRVF0MHYR-QjQwYQV2VTG2FPcFQFNgM2DVp0VBNUBWBWZVcFYENnVlM4FDAAWilDZyAEYVN7VhMkW2Q
54.230.245.195200 OK 540 B URL HTTP/1.1 d301cxwfymy227.cloudfront.net/KNVFmVWZWPggzWUE4AmhfAWVRYVMTOxU6CEVsEgwTQjc3Yl8EdxIvAghhQDkHWzZbcwNbMltkQFQ1BGhSEyUWOg0IOAklB0UjCzkSW3cTNFtYPhw8ClkwQ2cgAH9WcFQFeRE8CFE+ESZDB2EIIUMHYVdlSAV0VRdDB2ERPAgDZUNmJBBjVi1QAXRVF0MHYR-QjQwYQV2VTG2FPcFQFNgM2DVp0VBNUBWBWZVcFYENnVlM4FDAAWilDZyAEYVN7VhMkW2Q
IP 54.230.245.195:0
File type ASCII text, with very long lines (757), with no line terminators
Hash e9bd48fa81e9c2bbc390a920c0b12e33
ee96c8f8e015f19f3966f46311b648c1d10074bc
c1e66e68477189af7a2542b18ca87d92d602d10a20f93b4d942d647fafab4abc
GET /KNVFmVWZWPggzWUE4AmhfAWVRYVMTOxU6CEVsEgwTQjc3Yl8EdxIvAghhQDkHWzZbcwNbMltkQFQ1BGhSEyUWOg0IOAklB0UjCzkSW3cTNFtYPhw8ClkwQ2cgAH9WcFQFeRE8CFE+ESZDB2EIIUMHYVdlSAV0VRdDB2ERPAgDZUNmJBBjVi1QAXRVF0MHYR-QjQwYQV2VTG2FPcFQFNgM2DVp0VBNUBWBWZVcFYENnVlM4FDAAWilDZyAEYVN7VhMkW2Q HTTP/1.1
Host: d301cxwfymy227.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mantedtonisms.com/
HTTP/1.1 200 OK
Content-Length: 540
Connection: keep-alive
Date: Thu, 24 Nov 2022 15:10:32 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RZu2O5k6C9mCV7oGV4d0kXOF2fy9xYmAYr9ZIzV0DGmlV1gSy5Yd_A==
bluemediafiles.com/img/favicon-16x16.png
172.67.206.114200 OK 1.2 kB URL HTTP/1.1 bluemediafiles.com/img/favicon-16x16.png
IP 172.67.206.114:0
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash 868a2d23436f008f0c63fd8e0e0ba515
d3c84f637c7c71de847aa7167758467c7a76d391
b47d45cef48ad6c1d1cd50167396a22b1bfe603c92f5da62269b0bb0242942b4
GET /img/favicon-16x16.png HTTP/1.1
Host: bluemediafiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bluemediafiles.com/url-generator.php?url=onAhF5ZLCDGjfP3AAUIv/XlRmDn+wudFEkfnJ7uEgBd29/uSa9OJhQtp9tRlY26BBX7meoLdsOVexkoL1PugZCGUvJlA7vpgJ0CEAmEgVyBkhBKJweLvp9i6DPdyGmAc
Connection: keep-alive
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 15:10:32 GMT
Content-Type: image/png
Content-Length: 1183
Connection: keep-alive
Last-Modified: Wed, 10 Mar 2021 15:53:54 GMT
Vary: Accept-Encoding
ETag: "6048eb92-49f"
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-Download-Options: noopen
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3739
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lyOkr%2Fdn5GRqwhMCpwguHjZvy0nEhU04iQNPU19g34pgenmiaTA9wq%2FpBCzHc2nfL60WBEWj6p%2FSOSOFlpXmwhQzBBk5Zugi5fT3u%2BRVwkJufO9l25MEV32tr5BvPUtG7hYa%2B%2Fc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f3126ced7bb524-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 235d4a6b5567bc38e62c098329f9c11d
33c3e5be6f9612c972c5cb8f5fe30849987db9e8
e191530e4c1e7f2d03ac1d79df95b63e520e826c642094b50641ca1429ecdf83
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3738
Cache-Control: max-age=139581
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 15:10:32 GMT
Etag: "637ef90b-117"
Expires: Sat, 26 Nov 2022 05:56:53 GMT
Last-Modified: Thu, 24 Nov 2022 04:54:35 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
d301cxwfymy227.cloudfront.net/ycDZtV0oTWQMxdQRfCWpzQwZZYnJWXB44JAALNTMJIH0kOnMIbic4bARMCWp6VloMOS1NEAg5KU0HSzYuEgtZcT4AWQZqIx9GDCc4HVoZOWwFV1A6JQpfATsrVQQrYmRAE19nYgdfAzMlB0VIZXoeQkhlekEGQ2dvQ3RIZXoHXwNhflUFL3J4QE5bY29DdE-hlegJASGQLQQZYeXpZE19nLRVVBjhvQnBfZ3tABlxne1UEXTEjAlMLODJVBCtmekUYXXE/TQc
54.230.245.195200 OK 450 B URL HTTP/1.1 d301cxwfymy227.cloudfront.net/ycDZtV0oTWQMxdQRfCWpzQwZZYnJWXB44JAALNTMJIH0kOnMIbic4bARMCWp6VloMOS1NEAg5KU0HSzYuEgtZcT4AWQZqIx9GDCc4HVoZOWwFV1A6JQpfATsrVQQrYmRAE19nYgdfAzMlB0VIZXoeQkhlekEGQ2dvQ3RIZXoHXwNhflUFL3J4QE5bY29DdE-hlegJASGQLQQZYeXpZE19nLRVVBjhvQnBfZ3tABlxne1UEXTEjAlMLODJVBCtmekUYXXE/TQc
IP 54.230.245.195:0
File type ASCII text, with very long lines (596), with no line terminators
Hash be12874f62707a44c247300c36830293
a5ad802d2fb7140b7e9a9447cceb8041b2fb36a5
81f9e81176afd67825aa79dcb04a60522e988f0cd998d71b36011489fc8650dc
GET /ycDZtV0oTWQMxdQRfCWpzQwZZYnJWXB44JAALNTMJIH0kOnMIbic4bARMCWp6VloMOS1NEAg5KU0HSzYuEgtZcT4AWQZqIx9GDCc4HVoZOWwFV1A6JQpfATsrVQQrYmRAE19nYgdfAzMlB0VIZXoeQkhlekEGQ2dvQ3RIZXoHXwNhflUFL3J4QE5bY29DdE-hlegJASGQLQQZYeXpZE19nLRVVBjhvQnBfZ3tABlxne1UEXTEjAlMLODJVBCtmekUYXXE/TQc HTTP/1.1
Host: d301cxwfymy227.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mantedtonisms.com/
HTTP/1.1 200 OK
Content-Length: 450
Connection: keep-alive
Date: Thu, 24 Nov 2022 15:10:32 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ilfgWpi0NYADjTI_bDxee-S8VBeX4QVAvAmM35E4R9mH3GX770DMLQ==
d301cxwfymy227.cloudfront.net/yemhZdWoZBzcTVQ4BPUhSSVpuQVJcAioaBApVNUcmAlAwMCI9GRAcXAIMHFMeAAxkRUwWCTcSV1wNNxZXS044EQhHXH8AC0cFNg8DFgQ4UFg8XXdFT0hYcQIDFAw2AhlfWmkbHl9aaURaVFh8RihfWmkCAxRebVBZOE1rRRJMXHxGKF9aaQccX1sYRFpPRm-lcT0hYPhAJEQd8RyxIWGhFWktYaFBYSg4wBw8cByFQWDxZaUBESk4sSFs
54.230.245.195200 OK 193 B URL HTTP/1.1 d301cxwfymy227.cloudfront.net/yemhZdWoZBzcTVQ4BPUhSSVpuQVJcAioaBApVNUcmAlAwMCI9GRAcXAIMHFMeAAxkRUwWCTcSV1wNNxZXS044EQhHXH8AC0cFNg8DFgQ4UFg8XXdFT0hYcQIDFAw2AhlfWmkbHl9aaURaVFh8RihfWmkCAxRebVBZOE1rRRJMXHxGKF9aaQccX1sYRFpPRm-lcT0hYPhAJEQd8RyxIWGhFWktYaFBYSg4wBw8cByFQWDxZaUBESk4sSFs
IP 54.230.245.195:0
File type ASCII text, with no line terminators
Hash 0c1a1ea11eb971474cf3b3338f6d7a12
5a6d28fbfc76bc1ccbc5076f793a19d17ca25f9d
ced624c8a57125239ce045d65f9e3669997ae4861df941b4a7eec66ed39b7ea6
GET /yemhZdWoZBzcTVQ4BPUhSSVpuQVJcAioaBApVNUcmAlAwMCI9GRAcXAIMHFMeAAxkRUwWCTcSV1wNNxZXS044EQhHXH8AC0cFNg8DFgQ4UFg8XXdFT0hYcQIDFAw2AhlfWmkbHl9aaURaVFh8RihfWmkCAxRebVBZOE1rRRJMXHxGKF9aaQccX1sYRFpPRm-lcT0hYPhAJEQd8RyxIWGhFWktYaFBYSg4wBw8cByFQWDxZaUBESk4sSFs HTTP/1.1
Host: d301cxwfymy227.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mantedtonisms.com/
HTTP/1.1 200 OK
Content-Length: 193
Connection: keep-alive
Date: Thu, 24 Nov 2022 15:10:32 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: R1dg_YBFvEsltsKi6sdA2K3AX4mgulqXmezr28IW06QsURxilhFiGQ==
d301cxwfymy227.cloudfront.net/NUGNoaU0zDAYPciQKDFR1YlVaW3l2CRsGIyBeJBovPVZeWClpEhBbayQZDFR9dg8JByptRQ0HLm1STggpMl5cTzkgDANUOD4HDQ8kPgYMTzgxXgUGNzkPBAhoYiVdR311UVhBOjkNDAY6I0ZaWSMkRlpZfGBNWEx+EkZaWTo5DV5daGMhTVt9KFVcTH4SRl-pZPyZGWyh8YFZGWWR1UVgOKDMIB0x/FlFYWH1gUlhYaGJTDgA/NQUHEWhiJVlZeH5TThxwYQ
54.230.245.195200 OK 363 B URL HTTP/1.1 d301cxwfymy227.cloudfront.net/NUGNoaU0zDAYPciQKDFR1YlVaW3l2CRsGIyBeJBovPVZeWClpEhBbayQZDFR9dg8JByptRQ0HLm1STggpMl5cTzkgDANUOD4HDQ8kPgYMTzgxXgUGNzkPBAhoYiVdR311UVhBOjkNDAY6I0ZaWSMkRlpZfGBNWEx+EkZaWTo5DV5daGMhTVt9KFVcTH4SRl-pZPyZGWyh8YFZGWWR1UVgOKDMIB0x/FlFYWH1gUlhYaGJTDgA/NQUHEWhiJVlZeH5TThxwYQ
IP 54.230.245.195:0
File type ASCII text, with very long lines (460), with no line terminators
Hash 423e59ee3e4d5003c753b192669037e7
90f8c09018d7b87d47d718e880f535797d835d5e
f5b7232377c2eed787e5e4cdb372340c016549fba81add4d77c10321d6b740e1
GET /NUGNoaU0zDAYPciQKDFR1YlVaW3l2CRsGIyBeJBovPVZeWClpEhBbayQZDFR9dg8JByptRQ0HLm1STggpMl5cTzkgDANUOD4HDQ8kPgYMTzgxXgUGNzkPBAhoYiVdR311UVhBOjkNDAY6I0ZaWSMkRlpZfGBNWEx+EkZaWTo5DV5daGMhTVt9KFVcTH4SRl-pZPyZGWyh8YFZGWWR1UVgOKDMIB0x/FlFYWH1gUlhYaGJTDgA/NQUHEWhiJVlZeH5TThxwYQ HTTP/1.1
Host: d301cxwfymy227.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mantedtonisms.com/
HTTP/1.1 200 OK
Content-Length: 363
Connection: keep-alive
Date: Thu, 24 Nov 2022 15:10:32 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: c-cmEjOnfxclY36e9sgN74vvkcOIAlQ632Fwqk1KPxwXCgAP7Ggdfw==
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 24 Nov 2022 14:11:11 GMT
cache-control: public,max-age=3600
age: 3561
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 235d4a6b5567bc38e62c098329f9c11d
33c3e5be6f9612c972c5cb8f5fe30849987db9e8
e191530e4c1e7f2d03ac1d79df95b63e520e826c642094b50641ca1429ecdf83
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3738
Cache-Control: max-age=139581
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 15:10:32 GMT
Etag: "637ef90b-117"
Expires: Sat, 26 Nov 2022 05:56:53 GMT
Last-Modified: Thu, 24 Nov 2022 04:54:35 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43590d3cdc6d87840c90fdfc4320028d
40d15b8a046a321b9edaf9665cc6edbf7e9ae719
b4a9dd9a946e3a00d3f960f24e359f6f112e85f01da9d930f95a29c743ce82e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 15:10:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 24 Nov 2022 14:41:08 GMT
expires: Thu, 24 Nov 2022 16:41:08 GMT
cache-control: public, max-age=7200
age: 1764
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3b0c4eaecf89ae5b6f2cdd6ca341deae
909e636a8708035d537ebefefe035b6870cbea9b
4e06ee62f72f626412e7f450028aa23aee0d70f910220580c669ad1e0a457b14
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3658
Cache-Control: max-age=109995
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 15:10:32 GMT
Etag: "637e85c9-118"
Expires: Fri, 25 Nov 2022 21:43:47 GMT
Last-Modified: Wed, 23 Nov 2022 20:42:49 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43590d3cdc6d87840c90fdfc4320028d
40d15b8a046a321b9edaf9665cc6edbf7e9ae719
b4a9dd9a946e3a00d3f960f24e359f6f112e85f01da9d930f95a29c743ce82e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 15:10:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b6e7c5faf2d24e0d958ab10ee95f6791
16b68ad4b4a2776571697dff8edc9369a3c5c451
1431771f6fd4ad8c028d53a7489acc16b829e32e01d92df5e8c923723024b75a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2445
Cache-Control: max-age=86085
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 15:10:32 GMT
Etag: "637e2d20-1d7"
Expires: Fri, 25 Nov 2022 15:05:17 GMT
Last-Modified: Wed, 23 Nov 2022 14:24:32 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8b3e124061cc7e93d4765f3898aeffe9
7da7e0018d31c72c2616b1ae314f1c5ba64c1e35
9f21ba59178ffa8b9ebc5ada8bd970b378138e22584f2d61ebb3934ad1bd843d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "9F21BA59178FFA8B9EBC5ADA8BD970B378138E22584F2D61EBB3934AD1BD843D"
Last-Modified: Tue, 22 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4530
Expires: Thu, 24 Nov 2022 16:26:02 GMT
Date: Thu, 24 Nov 2022 15:10:32 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8b3e124061cc7e93d4765f3898aeffe9
7da7e0018d31c72c2616b1ae314f1c5ba64c1e35
9f21ba59178ffa8b9ebc5ada8bd970b378138e22584f2d61ebb3934ad1bd843d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "9F21BA59178FFA8B9EBC5ADA8BD970B378138E22584F2D61EBB3934AD1BD843D"
Last-Modified: Tue, 22 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4530
Expires: Thu, 24 Nov 2022 16:26:02 GMT
Date: Thu, 24 Nov 2022 15:10:32 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 392 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash b87a1621884dd96552114a453fb7fa92
02a3e2d4fd1a7ce1ae6b03a89544fc6ba92d8982
ff6c2c8fc83be93e43d1c3f1cc67b39a8c6a680c8cca79d673ce31342715d6d1
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 24 Nov 2022 15:10:32 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1477171534%3A1669302632632057&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuikbYVsMl4j3YR6KXL10OMJC8veZZQARl25S6OXbNwRb4A-KDEt5zYiSXTrTFY3IwnlKMIbw
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-17m3jYDt7SgvnlxMG6F6GA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 392
server: GSE
set-cookie: __Host-GAPS=1:IOJz0FYEy3H2_jpGpWELrZ7BHsvNCQ:rvEVivuXJIqWTSAh;Path=/;Expires=Sat, 23-Nov-2024 15:10:32 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j98&a=1745193590&t=pageview&_s=1&dl=http%3A%2F%2Fbluemediafiles.com%2Furl-generator.php%3Furl%3DonAhF5ZLCDGjfP3AAUIv%2FXlRmDn%2BwudFEkfnJ7uEgBd29%2FuSa9OJhQtp9tRlY26BBX7meoLdsOVexkoL1PugZCGUvJlA7vpgJ0CEAmEgVyBkhBKJweLvp9i6DPdyGmAc&ul=en-us&de=UTF-8&dt=Download%20Link%20Generator%20-%20IGGGAMES&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1122348729&gjid=515404917&cid=1219180834.1669302632&tid=UA-155998700-1&_gid=2043800382.1669302632&_r=1>m=2oub90&z=1051041292
142.250.74.174200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=1745193590&t=pageview&_s=1&dl=http%3A%2F%2Fbluemediafiles.com%2Furl-generator.php%3Furl%3DonAhF5ZLCDGjfP3AAUIv%2FXlRmDn%2BwudFEkfnJ7uEgBd29%2FuSa9OJhQtp9tRlY26BBX7meoLdsOVexkoL1PugZCGUvJlA7vpgJ0CEAmEgVyBkhBKJweLvp9i6DPdyGmAc&ul=en-us&de=UTF-8&dt=Download%20Link%20Generator%20-%20IGGGAMES&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1122348729&gjid=515404917&cid=1219180834.1669302632&tid=UA-155998700-1&_gid=2043800382.1669302632&_r=1>m=2oub90&z=1051041292
IP 142.250.74.174:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j98&a=1745193590&t=pageview&_s=1&dl=http%3A%2F%2Fbluemediafiles.com%2Furl-generator.php%3Furl%3DonAhF5ZLCDGjfP3AAUIv%2FXlRmDn%2BwudFEkfnJ7uEgBd29%2FuSa9OJhQtp9tRlY26BBX7meoLdsOVexkoL1PugZCGUvJlA7vpgJ0CEAmEgVyBkhBKJweLvp9i6DPdyGmAc&ul=en-us&de=UTF-8&dt=Download%20Link%20Generator%20-%20IGGGAMES&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1122348729&gjid=515404917&cid=1219180834.1669302632&tid=UA-155998700-1&_gid=2043800382.1669302632&_r=1>m=2oub90&z=1051041292 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Content-Type: text/plain
Content-Length: 0
Origin: http://bluemediafiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: http://bluemediafiles.com
date: Thu, 24 Nov 2022 15:10:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mantedtonisms.com/utx?cb=bZP0s5xjdX24&top=bluemediafiles.com&tid=944745
54.230.111.116204 No Content 0 B URL HTTP/2 mantedtonisms.com/utx?cb=bZP0s5xjdX24&top=bluemediafiles.com&tid=944745
IP 54.230.111.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=bZP0s5xjdX24&top=bluemediafiles.com&tid=944745 HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Origin: http://bluemediafiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 15:10:32 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://bluemediafiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 24 Nov 2022 15:11:32 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: j7rv6f2hvfTIdlOxOXIuIclHVYCaIwwuz7dyai6LYw96lQr32IUK1A==
X-Firefox-Spdy: h2
mantedtonisms.com/utx?cb=mihyUj6BDSFX&top=bluemediafiles.com&tid=809779
54.230.111.116204 No Content 0 B URL HTTP/2 mantedtonisms.com/utx?cb=mihyUj6BDSFX&top=bluemediafiles.com&tid=809779
IP 54.230.111.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=mihyUj6BDSFX&top=bluemediafiles.com&tid=809779 HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Origin: http://bluemediafiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 15:10:32 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://bluemediafiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 24 Nov 2022 15:11:32 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0vDnCJYre7vgjjMi4vUCdZa2shAioOss7lKGeygCjGvEOCJc3UqjlQ==
X-Firefox-Spdy: h2
mantedtonisms.com/utx?cb=cBcmkvPajHTr&top=bluemediafiles.com&tid=930458
54.230.111.116204 No Content 0 B URL HTTP/2 mantedtonisms.com/utx?cb=cBcmkvPajHTr&top=bluemediafiles.com&tid=930458
IP 54.230.111.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=cBcmkvPajHTr&top=bluemediafiles.com&tid=930458 HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Origin: http://bluemediafiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 15:10:32 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://bluemediafiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 24 Nov 2022 15:11:32 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qEb3Siq8cUPT2_6E5L3fus3n9L2O9aLD5tcGdObjDiQ31MhQegE6nA==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Hash 3519e9a3d79caeeed06435e69489f7e3
e2c6ddd300a766eb7ad3ac101291f85734a097e5
6015d89c7868d64fdc1ea0171131d713da388c7f0eb147415f856e315e25e109
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 24 Nov 2022 15:10:32 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1693786716%3A1669302632677792&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuhTL7vaBFBThT1vVq3ozW_3RXrn-G_b7QbuYXfkFqn2tJl6utoUSDo7kHvn7yaTf1UpYTTxA
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-56PZkKL5QZyzpNFAB5lExg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:1pe-K326tmBzcSrNi5ydfjZLB5jpRw:vU7uJhekuyTR7Sg0;Path=/;Expires=Sat, 23-Nov-2024 15:10:32 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6fe23ae41ec0cbb3d702b1c64028cd13
e0e4d852454a5eae80a797aaa6f0991834dcc19a
47a12f27ec1ec271d17295d822c69d1b49c6a24107f3f7ce06a320688fae7f3c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 15:10:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d301cxwfymy227.cloudfront.net/
54.230.245.195200 OK 73 B URL HTTP/2 d301cxwfymy227.cloudfront.net/
IP 54.230.245.195:0
File type ASCII text, with no line terminators
Hash de37377b72195a4f064edf7ec8a76676
ed544d5b6a37acad78498099407c648a93316ddb
b3209cc0b1d1b71e85af4e843afe00a3079f3286d52b3fb47e72c6c5c48b8399
GET / HTTP/1.1
Host: d301cxwfymy227.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Origin: http://bluemediafiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73
date: Thu, 24 Nov 2022 15:10:32 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://bluemediafiles.com
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Zuvb_Br1jtJ2sPVak7Eo2TzvxbgIrFvq2R_ePV3Enr6CDlBblF8erw==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb6949e7abaa473393f7c604691de14f
599681bba3947709baa603bbae2dd7afd04059a4
36c5165526ea9d34de14d36655ed494d0cffaa11ca3271ee47824ac11246ba13
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5149
Cache-Control: max-age=156126
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 15:10:32 GMT
Etag: "637f3429-1d7"
Expires: Sat, 26 Nov 2022 10:32:38 GMT
Last-Modified: Thu, 24 Nov 2022 09:06:49 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
jsc.adskeeper.com/i/g/igg-games.com.1382676.js
172.64.151.192200 OK 920 B URL HTTP/2 jsc.adskeeper.com/i/g/igg-games.com.1382676.js
IP 172.64.151.192:0
File type ASCII text, with very long lines (2358)
Hash dbcfa8adef06754f45a47fab1d65a847
f4addf70769680ca3f196e55d715424fba8f6b57
c846f96cf1f3cd6a14da905cf4911114e47a69cd8bf6c2dd01d1eeea77b739ce
GET /i/g/igg-games.com.1382676.js HTTP/1.1
Host: jsc.adskeeper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 15:10:32 GMT
content-type: text/javascript
content-length: 920
x-amz-id-2: cRr8OI8s9kTKO/k0WUVNXELp3eMuM1ZAjtAYyA2qNyVNpPwimSSKi2jxKyVoZzde4i2x4Fam2Qo=
x-amz-request-id: G0YWYTWKW0TB431Q
last-modified: Wed, 23 Nov 2022 12:05:50 GMT
etag: "dbcfa8adef06754f45a47fab1d65a847"
content-encoding: gzip
x-amz-version-id: cPmdzpRYYWzRo.EYdZPDLpgl9XI5mC_2
cf-cache-status: HIT
expires: Thu, 24 Nov 2022 19:10:32 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f3126d9cf4b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mantedtonisms.com/utx?cb=B5SOYcIzVO1c&top=bluemediafiles.com&tid=826224
54.230.111.116204 No Content 0 B URL HTTP/2 mantedtonisms.com/utx?cb=B5SOYcIzVO1c&top=bluemediafiles.com&tid=826224
IP 54.230.111.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=B5SOYcIzVO1c&top=bluemediafiles.com&tid=826224 HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Origin: http://bluemediafiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 24 Nov 2022 15:10:32 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://bluemediafiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 24 Nov 2022 15:11:32 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZaD_XapflzKXLSOxk_lP3vYq5b2ZITjvfhuVMmU972x0B-iO-VhDTA==
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1477171534%3A1669302632632057&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuikbYVsMl4j3YR6KXL10OMJC8veZZQARl25S6OXbNwRb4A-KDEt5zYiSXTrTFY3IwnlKMIbw
216.58.207.237403 Forbidden 1.1 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1477171534%3A1669302632632057&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuikbYVsMl4j3YR6KXL10OMJC8veZZQARl25S6OXbNwRb4A-KDEt5zYiSXTrTFY3IwnlKMIbw
IP 216.58.207.237:0
Hash 62d040fd2c2665fd36eb953ec661eeb6
e0a24b30623e72ae6da46f568fbba431bd57075a
4a88683c7e6a59358b7207a9292aee4781bc492234603ab6089060f476dcdd19
GET /v3/signin/identifier?dsh=S1477171534%3A1669302632632057&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuikbYVsMl4j3YR6KXL10OMJC8veZZQARl25S6OXbNwRb4A-KDEt5zYiSXTrTFY3IwnlKMIbw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 24 Nov 2022 15:10:32 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-security-policy: script-src 'nonce-B_HPWYc13TJJt5vlZg0C_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jsc.adskeeper.com/i/g/igg-games.com.1382673.js
172.64.151.192200 OK 920 B URL HTTP/2 jsc.adskeeper.com/i/g/igg-games.com.1382673.js
IP 172.64.151.192:0
File type ASCII text, with very long lines (2358)
Hash cd9faaadf2e1cdae00a586749a4aa0d3
c8b400395e01bfa496b5aed4da4cd1f0af3acfd1
e62b04c79ca66e9f139d67cf6fd02f55d701a733945083978732a3fcf5328966
GET /i/g/igg-games.com.1382673.js HTTP/1.1
Host: jsc.adskeeper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 15:10:32 GMT
content-type: text/javascript
content-length: 920
x-amz-id-2: cBo8oGiXckjdDnEJEWwMcXFF3u5IAXx25xbcqkWry9jjF9WxdatU0Vt+abWvPuokf22qnwcr6LY=
x-amz-request-id: BSWWSC9NA8RG9AS6
last-modified: Thu, 10 Nov 2022 14:26:03 GMT
etag: "cd9faaadf2e1cdae00a586749a4aa0d3"
content-encoding: gzip
x-amz-version-id: QXwVSUhO.YMgO8xpYF5iIFuZwmLQnrEM
cf-cache-status: HIT
expires: Thu, 24 Nov 2022 19:10:32 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f3126dcd20b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8b3e124061cc7e93d4765f3898aeffe9
7da7e0018d31c72c2616b1ae314f1c5ba64c1e35
9f21ba59178ffa8b9ebc5ada8bd970b378138e22584f2d61ebb3934ad1bd843d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "9F21BA59178FFA8B9EBC5ADA8BD970B378138E22584F2D61EBB3934AD1BD843D"
Last-Modified: Tue, 22 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4530
Expires: Thu, 24 Nov 2022 16:26:02 GMT
Date: Thu, 24 Nov 2022 15:10:32 GMT
Connection: keep-alive
engingsecondu.com/popunder.gif
104.21.55.224200 OK 58 B URL HTTP/1.1 engingsecondu.com/popunder.gif
IP 104.21.55.224:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 79c15b369d32d2f0f17c116f541b6df3
3039289d4d1f5bc7385a81621deb2614423b769b
e3a3c6b90f511e80a77636fdd4c6047336d4ed5b2c86adf74318a08142649e08
GET /popunder.gif HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bluemediafiles.com/
Connection: keep-alive
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 15:10:32 GMT
Content-Type: image/gif
Content-Length: 58
Connection: keep-alive
access-control-allow-origin: *
Pragma: public
cache-control: public, max-age=604800, immutable
content-encoding: gzip
CF-Cache-Status: HIT
Age: 75331
Last-Modified: Wed, 23 Nov 2022 18:15:01 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=db0JKCQnOFk290zOC1pH%2Fq7CmbzRwC8UFlB7Q5EF8YhgA1PRKSdVI5Xj9JInfhleyPt4c0T1z9AEST%2B7193Ud%2BmfvwUOF%2FtL67Hl%2Bvvx4bcR%2BzCJRnBuob0hGmF00SpXOMepww%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f3126f7e50fab4-OSL
alt-svc: h2=":443"; ma=60
jsc.adskeeper.com/i/g/igg-games.com.1382676.es6.js
172.64.151.192200 OK 80 kB URL HTTP/2 jsc.adskeeper.com/i/g/igg-games.com.1382676.es6.js
IP 172.64.151.192:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (33608)
Hash ccd861d3d9b8319761441ce67f5d052c
7a76a0ffe3974421225ee7053bf6e68b70af6b6e
bd406cc733649ede5ebe362e769d2bf417b83b2e34fd4a3e244c7db6f2519bde
GET /i/g/igg-games.com.1382676.es6.js HTTP/1.1
Host: jsc.adskeeper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 15:10:32 GMT
content-type: text/javascript
content-length: 80258
x-amz-id-2: 0Pbz0sgHoY0V9V9k4mz/8AXViraSYCJpy4xBybCz2hCdadF9ONIuVgPGSH6cy8lwuOuguJjHKwI=
x-amz-request-id: 2TP602E7B0Y56JXP
last-modified: Wed, 23 Nov 2022 12:05:50 GMT
etag: "ccd861d3d9b8319761441ce67f5d052c"
content-encoding: gzip
x-amz-version-id: fO5SPA8L3sZfpdGsoHyHLfUbpLzzeYU0
cf-cache-status: HIT
expires: Thu, 24 Nov 2022 19:10:32 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f3126ede82b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mantedtonisms.com/multi?cs=bk1iQ01delR2dVZ4VXd6V3VReng&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=930458&rxy=1280_1024&u=649333642077129&agec=1669302632&fs=1&ref=http%3A%2F%2Fbluemediafiles.com%2Furl-generator.php%3Furl%3DonAhF5ZLCDGjfP3AAUIv%2FXlRmDn%2BwudFEkfnJ7uEgBd29%2FuSa9OJhQtp9tRlY26BBX7meoLdsOVexkoL1PugZCGUvJlA7vpgJ0CEAmEgVyBkhBKJweLvp9i6DPdyGmAc&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_VWG6=1669302632566&crc=1
54.230.111.116200 OK 1.5 kB URL HTTP/2 mantedtonisms.com/multi?cs=bk1iQ01delR2dVZ4VXd6V3VReng&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=930458&rxy=1280_1024&u=649333642077129&agec=1669302632&fs=1&ref=http%3A%2F%2Fbluemediafiles.com%2Furl-generator.php%3Furl%3DonAhF5ZLCDGjfP3AAUIv%2FXlRmDn%2BwudFEkfnJ7uEgBd29%2FuSa9OJhQtp9tRlY26BBX7meoLdsOVexkoL1PugZCGUvJlA7vpgJ0CEAmEgVyBkhBKJweLvp9i6DPdyGmAc&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_VWG6=1669302632566&crc=1
IP 54.230.111.116:0
File type ASCII text, with very long lines (3167), with no line terminators
Hash 3376c0ee6dd10c48749d9b98ba3e6de9
b4a7e1c25ccf20f84cff19bca978e59f449c7edb
0c804610bf965f2755b729cf3e4caf6bc38e5756d05b2a4b2146da58f88ec69f
GET /multi?cs=bk1iQ01delR2dVZ4VXd6V3VReng&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=930458&rxy=1280_1024&u=649333642077129&agec=1669302632&fs=1&ref=http%3A%2F%2Fbluemediafiles.com%2Furl-generator.php%3Furl%3DonAhF5ZLCDGjfP3AAUIv%2FXlRmDn%2BwudFEkfnJ7uEgBd29%2FuSa9OJhQtp9tRlY26BBX7meoLdsOVexkoL1PugZCGUvJlA7vpgJ0CEAmEgVyBkhBKJweLvp9i6DPdyGmAc&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_VWG6=1669302632566&crc=1 HTTP/1.1
Host: mantedtonisms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Origin: http://bluemediafiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1490
date: Thu, 24 Nov 2022 15:10:32 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://bluemediafiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=19ce9d7e-1edf-4164-82bc-0d439ae39dc1
csu=649333642077129
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 69SDH698RBXFrTT4AY2-RpNr0G8EIxRttCBqCchMnZ_GZRvLuDVguA==
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-1693786716%3A1669302632677792&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuhTL7vaBFBThT1vVq3ozW_3RXrn-G_b7QbuYXfkFqn2tJl6utoUSDo7kHvn7yaTf1UpYTTxA
216.58.207.237403 Forbidden 833 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1693786716%3A1669302632677792&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuhTL7vaBFBThT1vVq3ozW_3RXrn-G_b7QbuYXfkFqn2tJl6utoUSDo7kHvn7yaTf1UpYTTxA
IP 216.58.207.237:0
Hash 2b9d0a5e7f11ee967c00ff2bc960d100
c83da8bc2124e894500a24f2987591acfa57eac8
dbda5c6eaeeee6844e1442eb49f2739bbf54111c4f57b5b053a05714c566da0b
GET /v3/signin/identifier?dsh=S-1693786716%3A1669302632677792&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuhTL7vaBFBThT1vVq3ozW_3RXrn-G_b7QbuYXfkFqn2tJl6utoUSDo7kHvn7yaTf1UpYTTxA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 24 Nov 2022 15:10:32 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-3-8-p_fIjMH6hTcFdgqnZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.149.156.115101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.156.115:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Ppm+DbKtWJL3Y9yn43dx3Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: jUp0zyprRc3HXw83RA8rIoqQyeM=
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b6e7c5faf2d24e0d958ab10ee95f6791
16b68ad4b4a2776571697dff8edc9369a3c5c451
1431771f6fd4ad8c028d53a7489acc16b829e32e01d92df5e8c923723024b75a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3169
Cache-Control: max-age=86808
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 15:10:33 GMT
Etag: "637e2d20-1d7"
Expires: Fri, 25 Nov 2022 15:17:21 GMT
Last-Modified: Wed, 23 Nov 2022 14:24:32 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
pogothere.xyz/
172.64.172.27200 OK 5.7 kB IP 172.64.172.27:0
File type ASCII text, with no line terminators
Hash 7dc63ef7fb42d06959929d807022da3b
765a56f64c7441357a8f90c6201707c533d91e15
5ea52aff1ca9b55dc462e651f54250b7184dfa10a42edb8884124d07d4562086
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Origin: http://bluemediafiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 15:10:32 GMT
content-type: text/plain
set-cookie: csu=649333642077129@1@1669302632; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://bluemediafiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=76rta6UQDP3VmDfCUOtIHRxnbfKL%2FWSPacXp4uVmpq08BRlMgF1AoSc6s36ybDIKBx0xqSwnYUsQMtr1a6gISDsIr9vh9IKgam7EXv9GqvxbQQaJqFLS04z01r95SGt5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f3126e1b0c7587-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13379
Expires: Thu, 24 Nov 2022 18:53:33 GMT
Date: Thu, 24 Nov 2022 15:10:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13379
Expires: Thu, 24 Nov 2022 18:53:33 GMT
Date: Thu, 24 Nov 2022 15:10:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13379
Expires: Thu, 24 Nov 2022 18:53:33 GMT
Date: Thu, 24 Nov 2022 15:10:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13379
Expires: Thu, 24 Nov 2022 18:53:33 GMT
Date: Thu, 24 Nov 2022 15:10:34 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9d93b2a6875d446c3467eb49767eef5
303c571b13b05fcf27ee1159d8fdf6369aaef0a2
2a2345a925e0187979930a7f2de8548957ad9f2baae77364dcb157286e2b3fcf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: 4d94ce1b-d18f-43b8-bb4d-e7093f9bea42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvd2G9UIAMFrEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5f2-64a570135be59b83031811da;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:04:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JygkDI7XSvlgurUTot874ZAXlOIqnv4cntMQ55IvHVqw93JBcksZjQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:10:24 GMT
age: 28810
etag: "303c571b13b05fcf27ee1159d8fdf6369aaef0a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4157f2c5c3c77ce699324ecb08f47c7
a7d9135f9d01ba13c3cdaf8b038c70212f159297
2305f7afee95bb34d9e8dbff571c6b146ba7b694be96e9e925c32d1f41785916
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7462
x-amzn-requestid: 1f6fb14d-83e0-43d3-9dab-5bc83af1a7c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwV3HV9oAMFs9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9425-634d43db6308e0be596aa5a0;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GW5UTfY7-TwPWTno9z1e21a2cA9fmU7GfHFYWdL-zQvMLxeq-S9Trg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 22:08:16 GMT
age: 61338
etag: "a7d9135f9d01ba13c3cdaf8b038c70212f159297"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0856fdb55f19f03a1bec38b3d6e0ac77
89accd230fba95fe0049678070817b36ead015fa
17c6e6f9bb8f4261fff2dc2a43ed994986418761624b8afead768e89927594f2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5070
x-amzn-requestid: d86d95ad-9b78-4047-82e7-04e83a97e330
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwViF1GIAMF_PQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9423-10809ba1634776171cf79cb8;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:03 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rrs7G6Wto6iY0rT6KsKwKAOPJjehXqD0jHZrR_eaiqpepQILFr7Dtw==
via: 1.1 0dc4feb22bb4657ce2bb95fd05ec7122.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:49:07 GMT
age: 62487
etag: "89accd230fba95fe0049678070817b36ead015fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 92c78302bcce1568eb6a5563100b932c
43d1dec7fc06879988c9c3cadd800cc8145df988
0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YJuHCuUgkLuFFiQUlrPWgv9grHznufMTU08hi4ZMpQTBmou6BGWrhQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:47:52 GMT
age: 62562
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 64d79191f005c9876b952c5f948aa0f7
1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a
00fb36c3d322e8302c5ce202d6d4119d637510cd6f3b63e1347781ec3bb9d7fc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13882
x-amzn-requestid: 9022b0b3-31d5-4149-a969-02514f11b95a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvzNHjMoAMFWMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9347-0e8354a02bef623644714e31;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DYBcunpyI0FBJsJGh1kKpFI3X8kzCkO3mCxzUtWnaMKBT-Bv-zkq3Q==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:59:18 GMT
age: 61876
etag: "1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 05:04:28 GMT
age: 36366
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hypermusk.com/dsp-stats/impression/1795175?var=826224&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&ip=91.90.42.154&pl=gDolDUg5ZNLDqgg3uDl405Y7fmz46OA-MhLjg_towsEFuVR4znRvKpzr_6Yidoc4YUqua11U7yRm_39ZLxZepV6oon43L0MljQhOAA4_xHcULjGYJVqFJdG_igTxApuDtoQw4kIeHZH-M3UJ3im1hM9EgMjU-7MsCXQ7CXLDmcZNmywE1G2ERBlH6xMAV7cto2jQElmxzwOj8kV7Kcl8QnoS6LOZ-2M6jXNNfhbw3uDj6yXHrlAL84leUosDf04cbIAYoHVZsQsN4GINYV0_7WlO64xeQpY5WddL5SNLd34Nv5MaHdhZWmUpiEYL-mEpNVwGBZVTBoIqzIwyIWbMfqMaLdbQZpsUS9khee8RRLR1WQnx9ZD2LBRnpANV64cZHGpAEl9DBXwT8EIabLMrEljlXlDEL8qzb8AQAvvgxTIGSzLVLFD_FVB_6OJJv7DtZE4WUPMVQJt5exSgmUv7hmnfD4nhsAQJFFfI1hskHHZkuQpmJVMpI6JqfJh7jUNr6MRtXEEtoGxzZe5Py7Mi8TCcbrtiFpjKYgYvAPfF6pTxB_Jin5CRi7jffmmzI7TxlL6gTj5MhkYpSh_LI3aDr5uM6s5HEfLho2ljlAVrqc7cJGxMMmb6zkfEZQhN6WHMyEvnxw1mzwpVx4shDGKnRHTSMptlPX-eiPmAAxZC7dw7J6RY4SqRAytOqe54oig-aIklsW0qRphq_QkaF-QicLRgEBHZ6vbFcHVnbpEHV98GvpU-0wBmbqwYFWeW7H2U9pURNssQTuLfutXM79SFa0DZP9ss585u91X8jiurZ6h26VD96aKG8nU8b31MRILtuwWOqajiSlQbEKxwNg7M65BGLkhOEa2pK0Rpv65w2oVa2ULslNUsoyds2IPORZxml55wwogQbLKZIQtA4cDyK815IR-yRLGwtqNK-PjnagKi55yUGIDajLVB1qKrKi9paQSe5L7PBpiaVwIuW3HYY7x014TPF66jLOqYcWYGSWy1VXPY9s8QdxseFb0N188ybLoyiFRHPtBuC25JyEOksN6s2jlGbwROyHcPkFzTMPCi&rd=roZS-e7j9ajh_BSNCvC3ul-ymIQutkDHtLsroKhZrzuWDCDiCjQG7V649ixlWKVMgAuyQBUPF-P_h8qMdU7wUJYW3PHcDUWnpPtOWVOcjBOzrKWmoFpce0o15K6IWsY73OztugMPf53XYHrNQbDXIUo=
62.122.171.12302 Found 108 B URL HTTP/2 hypermusk.com/dsp-stats/impression/1795175?var=826224&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&ip=91.90.42.154&pl=gDolDUg5ZNLDqgg3uDl405Y7fmz46OA-MhLjg_towsEFuVR4znRvKpzr_6Yidoc4YUqua11U7yRm_39ZLxZepV6oon43L0MljQhOAA4_xHcULjGYJVqFJdG_igTxApuDtoQw4kIeHZH-M3UJ3im1hM9EgMjU-7MsCXQ7CXLDmcZNmywE1G2ERBlH6xMAV7cto2jQElmxzwOj8kV7Kcl8QnoS6LOZ-2M6jXNNfhbw3uDj6yXHrlAL84leUosDf04cbIAYoHVZsQsN4GINYV0_7WlO64xeQpY5WddL5SNLd34Nv5MaHdhZWmUpiEYL-mEpNVwGBZVTBoIqzIwyIWbMfqMaLdbQZpsUS9khee8RRLR1WQnx9ZD2LBRnpANV64cZHGpAEl9DBXwT8EIabLMrEljlXlDEL8qzb8AQAvvgxTIGSzLVLFD_FVB_6OJJv7DtZE4WUPMVQJt5exSgmUv7hmnfD4nhsAQJFFfI1hskHHZkuQpmJVMpI6JqfJh7jUNr6MRtXEEtoGxzZe5Py7Mi8TCcbrtiFpjKYgYvAPfF6pTxB_Jin5CRi7jffmmzI7TxlL6gTj5MhkYpSh_LI3aDr5uM6s5HEfLho2ljlAVrqc7cJGxMMmb6zkfEZQhN6WHMyEvnxw1mzwpVx4shDGKnRHTSMptlPX-eiPmAAxZC7dw7J6RY4SqRAytOqe54oig-aIklsW0qRphq_QkaF-QicLRgEBHZ6vbFcHVnbpEHV98GvpU-0wBmbqwYFWeW7H2U9pURNssQTuLfutXM79SFa0DZP9ss585u91X8jiurZ6h26VD96aKG8nU8b31MRILtuwWOqajiSlQbEKxwNg7M65BGLkhOEa2pK0Rpv65w2oVa2ULslNUsoyds2IPORZxml55wwogQbLKZIQtA4cDyK815IR-yRLGwtqNK-PjnagKi55yUGIDajLVB1qKrKi9paQSe5L7PBpiaVwIuW3HYY7x014TPF66jLOqYcWYGSWy1VXPY9s8QdxseFb0N188ybLoyiFRHPtBuC25JyEOksN6s2jlGbwROyHcPkFzTMPCi&rd=roZS-e7j9ajh_BSNCvC3ul-ymIQutkDHtLsroKhZrzuWDCDiCjQG7V649ixlWKVMgAuyQBUPF-P_h8qMdU7wUJYW3PHcDUWnpPtOWVOcjBOzrKWmoFpce0o15K6IWsY73OztugMPf53XYHrNQbDXIUo=
IP 62.122.171.12:0
File type HTML document, ASCII text
Hash 022a95cacd9f3720430e1eb4fe87c905
d83c5db5fc6dbdc5893f3f500476188192467a45
6a5340804ff6302bc8a5761fbefccbc3624b9e6307a4d80a95c8a9b9eee68a4e
GET /dsp-stats/impression/1795175?var=826224&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&ip=91.90.42.154&pl=gDolDUg5ZNLDqgg3uDl405Y7fmz46OA-MhLjg_towsEFuVR4znRvKpzr_6Yidoc4YUqua11U7yRm_39ZLxZepV6oon43L0MljQhOAA4_xHcULjGYJVqFJdG_igTxApuDtoQw4kIeHZH-M3UJ3im1hM9EgMjU-7MsCXQ7CXLDmcZNmywE1G2ERBlH6xMAV7cto2jQElmxzwOj8kV7Kcl8QnoS6LOZ-2M6jXNNfhbw3uDj6yXHrlAL84leUosDf04cbIAYoHVZsQsN4GINYV0_7WlO64xeQpY5WddL5SNLd34Nv5MaHdhZWmUpiEYL-mEpNVwGBZVTBoIqzIwyIWbMfqMaLdbQZpsUS9khee8RRLR1WQnx9ZD2LBRnpANV64cZHGpAEl9DBXwT8EIabLMrEljlXlDEL8qzb8AQAvvgxTIGSzLVLFD_FVB_6OJJv7DtZE4WUPMVQJt5exSgmUv7hmnfD4nhsAQJFFfI1hskHHZkuQpmJVMpI6JqfJh7jUNr6MRtXEEtoGxzZe5Py7Mi8TCcbrtiFpjKYgYvAPfF6pTxB_Jin5CRi7jffmmzI7TxlL6gTj5MhkYpSh_LI3aDr5uM6s5HEfLho2ljlAVrqc7cJGxMMmb6zkfEZQhN6WHMyEvnxw1mzwpVx4shDGKnRHTSMptlPX-eiPmAAxZC7dw7J6RY4SqRAytOqe54oig-aIklsW0qRphq_QkaF-QicLRgEBHZ6vbFcHVnbpEHV98GvpU-0wBmbqwYFWeW7H2U9pURNssQTuLfutXM79SFa0DZP9ss585u91X8jiurZ6h26VD96aKG8nU8b31MRILtuwWOqajiSlQbEKxwNg7M65BGLkhOEa2pK0Rpv65w2oVa2ULslNUsoyds2IPORZxml55wwogQbLKZIQtA4cDyK815IR-yRLGwtqNK-PjnagKi55yUGIDajLVB1qKrKi9paQSe5L7PBpiaVwIuW3HYY7x014TPF66jLOqYcWYGSWy1VXPY9s8QdxseFb0N188ybLoyiFRHPtBuC25JyEOksN6s2jlGbwROyHcPkFzTMPCi&rd=roZS-e7j9ajh_BSNCvC3ul-ymIQutkDHtLsroKhZrzuWDCDiCjQG7V649ixlWKVMgAuyQBUPF-P_h8qMdU7wUJYW3PHcDUWnpPtOWVOcjBOzrKWmoFpce0o15K6IWsY73OztugMPf53XYHrNQbDXIUo= HTTP/1.1
Host: hypermusk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 24 Nov 2022 15:10:34 GMT
content-type: text/html; charset=utf-8
content-length: 108
location: https://cdn.pncloudfl.com/pn/3d1/9ee/8df/3d19ee8df6dee83f3dc85d0341cbcfc37e61b32e.jpg
x-route-id: stats.push-notifications.dsp-impression
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash edb117bcfab14ab5c123a067f05be410
c89936ecab125d0400720c1c0109b3d1b23fddb3
f75c594facb82461667798964c5c8ebe78cf2a62c7446e0fff49c35e34e7d695
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F75C594FACB82461667798964C5C8EBE78CF2A62C7446E0FFF49C35E34E7D695"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4192
Expires: Thu, 24 Nov 2022 16:20:26 GMT
Date: Thu, 24 Nov 2022 15:10:34 GMT
Connection: keep-alive
hypermusk.com/dsp-stats/impression/1795175?var=826224&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&ip=91.90.42.154&pl=gDolDUg5ZNLDqgg3uDl405Y7fmz46OA-MhLjg_towsEFuVR4znRvKpzr_6Yidoc4YUqua11U7yRm_39ZLxZepV6oon43L0MljQhOAA4_xHcULjGYJVqFJdG_igTxApuDtoQw4kIeHZH-M3UJ3im1hM9EgMjU-7MsCXQ7CXLDmcZNmywE1G2ERBlH6xMAV7cto2jQElmxzwOj8kV7Kcl8QnoS6LOZ-2M6jXNNfhbw3uDj6yXHrlAL84leUosDf04cbIAYoHVZsQsN4GINYV0_7WlO64xeQpY5WddL5SNLd34Nv5MaHdhZWmUpiEYL-mEpNVwGBZVTBoIqzIwyIWbMfqMaLdbQZpsUS9khee8RRLR1WQnx9ZD2LBRnpANV64cZHGpAEl9DBXwT8EIabLMrEljlXlDEL8qzb8AQAvvgxTIGSzLVLFD_FVB_6OJJv7DtZE4WUPMVQJt5exSgmUv7hmnfD4nhsAQJFFfI1hskHHZkuQpmJVMpI6JqfJh7jUNr6MRtXEEtoGxzZe5Py7Mi8TCcbrtiFpjKYgYvAPfF6pTxB_Jin5CRi7jffmmzI7TxlL6gTj5MhkYpSh_LI3aDr5uM6s5HEfLho2ljlAVrqc7cJGxMMmb6zkfEZQhN6WHMyEvnxw1mzwpVx4shDGKnRHTSMptlPX-eiPmAAxZC7dw7J6RY4SqRAytOqe54oig-aIklsW0qRphq_QkaF-QicLRgEBHZ6vbFcHVnbpEHV98GvpU-0wBmbqwYFWeW7H2U9pURNssQTuLfutXM79SFa0DZP9ss585u91X8jiurZ6h26VD96aKG8nU8b31MRILtuwWOqajiSlQbEKxwNg7M65BGLkhOEa2pK0Rpv65w2oVa2ULslNUsoyds2IPORZxml55wwogQbLKZIQtA4cDyK815IR-yRLGwtqNK-PjnagKi55yUGIDajLVB1qKrKi9paQSe5L7PBpiaVwIuW3HYY7x014TPF66jLOqYcWYGSWy1VXPY9s8QdxseFb0N188ybLoyiFRHPtBuC25JyEOksN6s2jlGbwROyHcPkFzTMPCi&rd=roZS-e7j9ajh_BSNCvC3ul-ymIQutkDHtLsroKhZrzuWDCDiCjQG7V649ixlWKVMgAuyQBUPF-P_h8qMdU7wUJYW3PHcDUWnpPtOWVOcjBOzrKWmoFpce0o15K6IWsY73OztugMPf53XYHrNQbDXIUo=
62.122.171.12302 Found 108 B URL HTTP/2 hypermusk.com/dsp-stats/impression/1795175?var=826224&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&ip=91.90.42.154&pl=gDolDUg5ZNLDqgg3uDl405Y7fmz46OA-MhLjg_towsEFuVR4znRvKpzr_6Yidoc4YUqua11U7yRm_39ZLxZepV6oon43L0MljQhOAA4_xHcULjGYJVqFJdG_igTxApuDtoQw4kIeHZH-M3UJ3im1hM9EgMjU-7MsCXQ7CXLDmcZNmywE1G2ERBlH6xMAV7cto2jQElmxzwOj8kV7Kcl8QnoS6LOZ-2M6jXNNfhbw3uDj6yXHrlAL84leUosDf04cbIAYoHVZsQsN4GINYV0_7WlO64xeQpY5WddL5SNLd34Nv5MaHdhZWmUpiEYL-mEpNVwGBZVTBoIqzIwyIWbMfqMaLdbQZpsUS9khee8RRLR1WQnx9ZD2LBRnpANV64cZHGpAEl9DBXwT8EIabLMrEljlXlDEL8qzb8AQAvvgxTIGSzLVLFD_FVB_6OJJv7DtZE4WUPMVQJt5exSgmUv7hmnfD4nhsAQJFFfI1hskHHZkuQpmJVMpI6JqfJh7jUNr6MRtXEEtoGxzZe5Py7Mi8TCcbrtiFpjKYgYvAPfF6pTxB_Jin5CRi7jffmmzI7TxlL6gTj5MhkYpSh_LI3aDr5uM6s5HEfLho2ljlAVrqc7cJGxMMmb6zkfEZQhN6WHMyEvnxw1mzwpVx4shDGKnRHTSMptlPX-eiPmAAxZC7dw7J6RY4SqRAytOqe54oig-aIklsW0qRphq_QkaF-QicLRgEBHZ6vbFcHVnbpEHV98GvpU-0wBmbqwYFWeW7H2U9pURNssQTuLfutXM79SFa0DZP9ss585u91X8jiurZ6h26VD96aKG8nU8b31MRILtuwWOqajiSlQbEKxwNg7M65BGLkhOEa2pK0Rpv65w2oVa2ULslNUsoyds2IPORZxml55wwogQbLKZIQtA4cDyK815IR-yRLGwtqNK-PjnagKi55yUGIDajLVB1qKrKi9paQSe5L7PBpiaVwIuW3HYY7x014TPF66jLOqYcWYGSWy1VXPY9s8QdxseFb0N188ybLoyiFRHPtBuC25JyEOksN6s2jlGbwROyHcPkFzTMPCi&rd=roZS-e7j9ajh_BSNCvC3ul-ymIQutkDHtLsroKhZrzuWDCDiCjQG7V649ixlWKVMgAuyQBUPF-P_h8qMdU7wUJYW3PHcDUWnpPtOWVOcjBOzrKWmoFpce0o15K6IWsY73OztugMPf53XYHrNQbDXIUo=
IP 62.122.171.12:0
File type HTML document, ASCII text
Hash 022a95cacd9f3720430e1eb4fe87c905
d83c5db5fc6dbdc5893f3f500476188192467a45
6a5340804ff6302bc8a5761fbefccbc3624b9e6307a4d80a95c8a9b9eee68a4e
GET /dsp-stats/impression/1795175?var=826224&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&ip=91.90.42.154&pl=gDolDUg5ZNLDqgg3uDl405Y7fmz46OA-MhLjg_towsEFuVR4znRvKpzr_6Yidoc4YUqua11U7yRm_39ZLxZepV6oon43L0MljQhOAA4_xHcULjGYJVqFJdG_igTxApuDtoQw4kIeHZH-M3UJ3im1hM9EgMjU-7MsCXQ7CXLDmcZNmywE1G2ERBlH6xMAV7cto2jQElmxzwOj8kV7Kcl8QnoS6LOZ-2M6jXNNfhbw3uDj6yXHrlAL84leUosDf04cbIAYoHVZsQsN4GINYV0_7WlO64xeQpY5WddL5SNLd34Nv5MaHdhZWmUpiEYL-mEpNVwGBZVTBoIqzIwyIWbMfqMaLdbQZpsUS9khee8RRLR1WQnx9ZD2LBRnpANV64cZHGpAEl9DBXwT8EIabLMrEljlXlDEL8qzb8AQAvvgxTIGSzLVLFD_FVB_6OJJv7DtZE4WUPMVQJt5exSgmUv7hmnfD4nhsAQJFFfI1hskHHZkuQpmJVMpI6JqfJh7jUNr6MRtXEEtoGxzZe5Py7Mi8TCcbrtiFpjKYgYvAPfF6pTxB_Jin5CRi7jffmmzI7TxlL6gTj5MhkYpSh_LI3aDr5uM6s5HEfLho2ljlAVrqc7cJGxMMmb6zkfEZQhN6WHMyEvnxw1mzwpVx4shDGKnRHTSMptlPX-eiPmAAxZC7dw7J6RY4SqRAytOqe54oig-aIklsW0qRphq_QkaF-QicLRgEBHZ6vbFcHVnbpEHV98GvpU-0wBmbqwYFWeW7H2U9pURNssQTuLfutXM79SFa0DZP9ss585u91X8jiurZ6h26VD96aKG8nU8b31MRILtuwWOqajiSlQbEKxwNg7M65BGLkhOEa2pK0Rpv65w2oVa2ULslNUsoyds2IPORZxml55wwogQbLKZIQtA4cDyK815IR-yRLGwtqNK-PjnagKi55yUGIDajLVB1qKrKi9paQSe5L7PBpiaVwIuW3HYY7x014TPF66jLOqYcWYGSWy1VXPY9s8QdxseFb0N188ybLoyiFRHPtBuC25JyEOksN6s2jlGbwROyHcPkFzTMPCi&rd=roZS-e7j9ajh_BSNCvC3ul-ymIQutkDHtLsroKhZrzuWDCDiCjQG7V649ixlWKVMgAuyQBUPF-P_h8qMdU7wUJYW3PHcDUWnpPtOWVOcjBOzrKWmoFpce0o15K6IWsY73OztugMPf53XYHrNQbDXIUo= HTTP/1.1
Host: hypermusk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Thu, 24 Nov 2022 15:10:34 GMT
content-type: text/html; charset=utf-8
content-length: 108
location: https://cdn.pncloudfl.com/pn/3d1/9ee/8df/3d19ee8df6dee83f3dc85d0341cbcfc37e61b32e.jpg
x-route-id: stats.push-notifications.dsp-impression
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1ed8c5f86552ebc38ffaf0e1e02d33d7
da287cd9b4e561cc586dcfda7af66459f3848b89
449945210aa2d26dd9782687f9ebefdf50f8b03a1c3f107605895a3ae47d56ce
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6078
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 15:10:34 GMT
Last-Modified: Thu, 24 Nov 2022 13:29:16 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 280
imgdelnw.com/ie?v=4&c=eJ-jiFwa1-58Sl4EJamR-A7Gu67T5TXV87QO4GULgLj3W_G1FYyxs4Kj1O_uC_fRjygR7ugS2A26Uq-oLwZHlzA829nrfiDbiq2brGMriyzAr4-cWai2zAbE1hKqYRc5gXjopFGjFwSRlve5h-Au6ASKLmRrA1agoozu-bB6em0e8PkQoVzAYZMZHANwm0o4jV7zkAFqj6J_fmYDXtV7Rx96Iu5fwIvTSdHpQH8sEDyHon--gBs5TwNPxt-pvJB8sde4_R5kJXf_WlJkemzFIWkG2Q3Xt4xM-qIaZQ9EfrbkyynMz97WYLLKYaW1FhDWUY-3-ZpgXRPv-nrhgOkTIFzeg8Crp1RXF4_audOVbSKNObbwKqop4MVG72Q9rdK0P1z5YgPJXi2TCUtk4FcRkYg3OAoIhsXQlIKHouC4JgyBEKBdOEAO4n9BVM8xIiTPbw==&v1=79&v2=68678
213.239.207.252301 Moved Permanently 0 B URL HTTP/1.1 imgdelnw.com/ie?v=4&c=eJ-jiFwa1-58Sl4EJamR-A7Gu67T5TXV87QO4GULgLj3W_G1FYyxs4Kj1O_uC_fRjygR7ugS2A26Uq-oLwZHlzA829nrfiDbiq2brGMriyzAr4-cWai2zAbE1hKqYRc5gXjopFGjFwSRlve5h-Au6ASKLmRrA1agoozu-bB6em0e8PkQoVzAYZMZHANwm0o4jV7zkAFqj6J_fmYDXtV7Rx96Iu5fwIvTSdHpQH8sEDyHon--gBs5TwNPxt-pvJB8sde4_R5kJXf_WlJkemzFIWkG2Q3Xt4xM-qIaZQ9EfrbkyynMz97WYLLKYaW1FhDWUY-3-ZpgXRPv-nrhgOkTIFzeg8Crp1RXF4_audOVbSKNObbwKqop4MVG72Q9rdK0P1z5YgPJXi2TCUtk4FcRkYg3OAoIhsXQlIKHouC4JgyBEKBdOEAO4n9BVM8xIiTPbw==&v1=79&v2=68678
IP 213.239.207.252:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=eJ-jiFwa1-58Sl4EJamR-A7Gu67T5TXV87QO4GULgLj3W_G1FYyxs4Kj1O_uC_fRjygR7ugS2A26Uq-oLwZHlzA829nrfiDbiq2brGMriyzAr4-cWai2zAbE1hKqYRc5gXjopFGjFwSRlve5h-Au6ASKLmRrA1agoozu-bB6em0e8PkQoVzAYZMZHANwm0o4jV7zkAFqj6J_fmYDXtV7Rx96Iu5fwIvTSdHpQH8sEDyHon--gBs5TwNPxt-pvJB8sde4_R5kJXf_WlJkemzFIWkG2Q3Xt4xM-qIaZQ9EfrbkyynMz97WYLLKYaW1FhDWUY-3-ZpgXRPv-nrhgOkTIFzeg8Crp1RXF4_audOVbSKNObbwKqop4MVG72Q9rdK0P1z5YgPJXi2TCUtk4FcRkYg3OAoIhsXQlIKHouC4JgyBEKBdOEAO4n9BVM8xIiTPbw==&v1=79&v2=68678 HTTP/1.1
Host: imgdelnw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Thu, 24 Nov 2022 15:10:33 GMT
content-length: 0
location: https://img.vmmcdn.com/get/7609021/200747_icon.png
x-app-id: 12
cdn.pncloudfl.com/pn/3d1/9ee/8df/3d19ee8df6dee83f3dc85d0341cbcfc37e61b32e.jpg
104.22.58.221200 OK 3.3 kB URL HTTP/2 cdn.pncloudfl.com/pn/3d1/9ee/8df/3d19ee8df6dee83f3dc85d0341cbcfc37e61b32e.jpg
IP 104.22.58.221:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 08cbcae432e7e9ae625966004a149b37
039d163adb8f2e85c67bbb5ee60a6a87af85cde5
4ca10713b3a32298e406f966879a8fd59c198479cae2bd4008fa58c33092d39a
GET /pn/3d1/9ee/8df/3d19ee8df6dee83f3dc85d0341cbcfc37e61b32e.jpg HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 15:10:34 GMT
content-type: image/webp
content-length: 3310
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=5912
content-disposition: inline; filename="3d19ee8df6dee83f3dc85d0341cbcfc37e61b32e.webp"
etag: 0a9c3bcc55125dbc4b43809747567310
expires: Fri, 25 Nov 2022 22:44:21 GMT
last-modified: Fri, 14 Jan 2022 13:46:01 GMT
vary: Accept
x-openstack-request-id: tx88da71cc9b214abfb87c3-0061e18331
x-proxy-cache: HIT
x-timestamp: 1642167960.59843
x-trans-id: tx88da71cc9b214abfb87c3-0061e18331
cf-cache-status: HIT
age: 59173
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 76f3127a1b4b1c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1ed8c5f86552ebc38ffaf0e1e02d33d7
da287cd9b4e561cc586dcfda7af66459f3848b89
449945210aa2d26dd9782687f9ebefdf50f8b03a1c3f107605895a3ae47d56ce
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3446
Cache-Control: max-age=117678
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 15:10:34 GMT
Etag: "637ea4a2-118"
Expires: Fri, 25 Nov 2022 23:51:52 GMT
Last-Modified: Wed, 23 Nov 2022 22:54:26 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 14217ff4adef280923c2fb81b156c9c6
71353e4ecdfb1a3e49cf1256c7ead7356dfe9baa
d44a41b69b13f4bcfeae704c045b0e308bb0b931bee004d8bb1038d2a7a52f3c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D44A41B69B13F4BCFEAE704C045B0E308BB0B931BEE004D8BB1038D2A7A52F3C"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9803
Expires: Thu, 24 Nov 2022 17:53:57 GMT
Date: Thu, 24 Nov 2022 15:10:34 GMT
Connection: keep-alive
img.vmmcdn.com/get/7609021/200747_icon.png
138.201.51.142200 OK 78 kB URL HTTP/1.1 img.vmmcdn.com/get/7609021/200747_icon.png
IP 138.201.51.142:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 53282b73b589873fa79c738c03b4e47d
ca5ab91a4e36ebddd6b326fa67071e915415085d
530d10989a16c4cbdec879d1f82bb200fe63f5fb111179d873354058460dacc8
GET /get/7609021/200747_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 24 Nov 2022 15:10:34 GMT
Content-Type: image/png
Content-Length: 78410
Connection: keep-alive
Last-Modified: Mon, 07 Nov 2022 15:29:52 GMT
Cache-Control: public, max-age=604800
ETag: "63692470-1324a"
X-Proxy-Cache: HIT
Accept-Ranges: bytes
bluemediafiles.com/img/NUTDL.jpg
172.67.206.114200 OK 2.9 kB URL HTTP/1.1 bluemediafiles.com/img/NUTDL.jpg
IP 172.67.206.114:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 344x49, components 3\012- data
Hash fb48df482049de320eb7a80417229285
3cd45f25fdc94e73c7b97759f4d2dfc6c413aee9
fa4be2aa84a1216af71cf516f815f4bbd2bdc66ee04a22b491a3b3a7c92781aa
GET /img/NUTDL.jpg HTTP/1.1
Host: bluemediafiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bluemediafiles.com/url-generator.php?url=onAhF5ZLCDGjfP3AAUIv/XlRmDn+wudFEkfnJ7uEgBd29/uSa9OJhQtp9tRlY26BBX7meoLdsOVexkoL1PugZCGUvJlA7vpgJ0CEAmEgVyBkhBKJweLvp9i6DPdyGmAc
Connection: keep-alive
Cookie: _ga=GA1.2.1219180834.1669302632; _gid=GA1.2.2043800382.1669302632; _gat_gtag_UA_155998700_1=1; AdskeeperStorage=%7B%220%22%3A%7B%22svspr%22%3A%22%22%2C%22svsds%22%3A2%7D%2C%22C1382676%22%3A%7B%22page%22%3A1%7D%2C%22C1382673%22%3A%7B%22page%22%3A1%7D%7D
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 15:10:37 GMT
Content-Type: image/jpeg
Content-Length: 2934
Connection: keep-alive
Last-Modified: Sun, 07 Mar 2021 22:22:12 GMT
Vary: Accept-Encoding
ETag: "60455214-b76"
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-Download-Options: noopen
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4228
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=22HX8pam7a5XpaNlxzysy%2F9QLeQRfRucWT%2B4MP0THrzynz74hVnYY9dIl9%2B7W%2Fa3tgRIuBsgrilZM5Q9voYWBVOmcVJwkI6TQddffrBrWuT1oIXtg29PsQkGJ5%2BHHdHokDEJaqs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f3128f6d80b524-OSL
alt-svc: h2=":443"; ma=60
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Origin: http://bluemediafiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 15:10:32 GMT
content-type: text/plain
set-cookie: csu=114841295004278@1@1669302632; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://bluemediafiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fmmbP35Vg1MutwxSKpztOFhitrsXWNVIfeFA%2BSGzNkYP6S3uWwQ56BrV%2BvtEnbkb1EjLW2X7goxIj44PvH%2FGyvix%2Fc47N9FnOW0PqwBS0QgTkifAC98bLC%2BtLjbjbFNP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f3126edc867587-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.200.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 4mon8nxB3KHL9lVknWS+K5A5cZvwgepYhj0Dix9OqnfoauSkr2ofllvyCMlebgDKlqG9Y3Ld8NeR8Egff8Y1/g==
date: Thu, 24 Nov 2022 15:10:33 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Origin: http://bluemediafiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 24 Nov 2022 15:10:32 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://bluemediafiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Thu, 24 Nov 2022 09:06:46 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tV%2BszJHd09YGSK%2BJGbYFDQ6vayFH%2BuOlNMuA3X5Epfq4ondMDlI5I4IcKLEbrrKaGB7HTkBMykPPhU58zUN9vmdpEm9n3j2HbLp3hlTtx78Bnp82lLFXo1P3t1qCvxSn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f3126e1b087587-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Origin: http://bluemediafiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 24 Nov 2022 15:10:32 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://bluemediafiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Thu, 24 Nov 2022 09:06:46 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PFGvnRtRyOV%2FYkO5mCzSj%2BT2RAKiPPgY2hSNyCM8jDvCN%2FIZzZLib%2FOtM4TJOqayktQHt45FzgOdeNHoRnOj58l5GBBB4ZYlxi8V7S32W7uM7SSXTY4y6alWy54a80P6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f3126e1afd7587-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Origin: http://bluemediafiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 24 Nov 2022 15:10:32 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://bluemediafiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Thu, 24 Nov 2022 09:06:46 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SnmqzmRKBYgh%2F5bno7BsyYuFA71TpVE3hmBO8DrTRhhKXMgdSExUG2qpGU6VWVEO8mlkNxarlXU3fGpwuZaB%2BcWjOSVd%2FNPB7%2F61Up%2BSvPH%2FU2iN3nS03WcOXmM2XkUF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f3126e2b107587-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bluemediafiles.com/
Origin: http://bluemediafiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 24 Nov 2022 15:10:32 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://bluemediafiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Thu, 24 Nov 2022 09:06:46 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bOHH4v0sUhIvd84iBwHjSuz6yzSidxKlFEMAICOtYbzb3d3fF21Log2T0dVONR5wKuV52SLhlUwlF5ygU2goakcZD2tQT0zZeodXQorleA%2BK3Bf2BUap2rxvg59%2BDf2y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f3126e1b057587-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2