r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9185
Expires: Thu, 02 Feb 2023 19:19:36 GMT
Date: Thu, 02 Feb 2023 16:46:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7e05c8461bd2dc5a149f71e2c465ea29
705983959c887e243cb55a8a1796757b579ee977
4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3856
Expires: Thu, 02 Feb 2023 17:50:47 GMT
Date: Thu, 02 Feb 2023 16:46:31 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 16:43:31 GMT
content-type: application/json
age: 180
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2722
Expires: Thu, 02 Feb 2023 17:31:53 GMT
Date: Thu, 02 Feb 2023 16:46:31 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: LL3BHR2O0v6BCshsP3W+FAI63604KO1AHCBBtxp7X253ql67eTUEsHt3dRMyftuvw6mAucC3seg=
x-amz-request-id: 5Z5ZWD49HF2WBFGH
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 02 Feb 2023 15:52:02 GMT
age: 3269
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 16:46:31 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 02 Feb 2023 16:07:19 GMT
age: 2353
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13518
Expires: Thu, 02 Feb 2023 20:31:50 GMT
Date: Thu, 02 Feb 2023 16:46:32 GMT
Connection: keep-alive
www.file-upload.com/vuukzxu4tds5
188.114.96.1200 OK 5.6 kB URL HTTP/1.1 www.file-upload.com/vuukzxu4tds5
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (842)
Hash 45d97f14211317ae81e304f73e3ca03a
343927525caa88bba04c8b7a851df373ba612455
da449a49a8953445be4308b491c9ff4fd91cf39f91b11e4c2632b44376a3b883
GET /vuukzxu4tds5 HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 16:46:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=0;includeSubDomains;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Expires: Wed, 01 Feb 2023 16:46:32 GMT
Set-Cookie: lang=english; domain=.file-upload.com; path=/
aff=585644; domain=.file-upload.com; path=/; expires=Thu, 16-Feb-2023 16:46:32 GMT
X-Cache: HIT from Backend
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3xVfeX0g8igBz9fKV%2F7KFxKRXF91CVUjUeQc3%2FiZEHgAFC3Q5Vq6hwgv2ouF0QaMAzEznJuIOmexD2PAYYRU3ZfaH5mdv7rl6F0B3o4lEHEn5l%2BjxvmwMD%2B%2B0NBXoqDzarSb6ylF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79346747bf860b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
35.83.81.40101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.83.81.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ryv275XcmR32hMXNs8l9mQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FqMPEJ1NXezoRfXU4Y+UxlqyQbU=
www.file-upload.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
188.114.96.1200 OK 3.9 kB URL HTTP/1.1 www.file-upload.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (12331)
Hash 54c87b7a9007d256c837e382cab4170d
6c8f44204021f68596af9ae5a742c3ad1b76a6ec
3a09f98b09786cd8fbe71cc17d07660e767fc1c8d2ea467f912bc328766a54a1
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/vuukzxu4tds5
Cookie: lang=english; aff=585644
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 16:46:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 30 Jan 2023 14:59:41 GMT
ETag: W/"63d7db5d-302c"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UBglCmco2pKSOEzlmROt6Yl8K3QguR3958xF0mXJKp6aW1T1KB%2FbrVHA5Ts4ljW0ykXpD%2FUrEUNa37FMVqSOqBA1tcknwu%2Fpjt3T2Jnn2xz%2Bn6z8V1kLgG9AQY3FR5FBKWvnacRt"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7934674f7f5d0b65-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Expires: Sat, 04 Feb 2023 16:46:32 GMT
Cache-Control: max-age=172800, public
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9149ab6c1785e726beba057d3145037f
ae1c8f7ff79cd69563e5edc8bd4bc43e4b157361
b1051706016bdd32c3c72a89d2df0e514c0654905bd1336b3d041092720c2761
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3494
Cache-Control: max-age=129975
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 16:46:32 GMT
Etag: "63db33f9-118"
Expires: Sat, 04 Feb 2023 04:52:47 GMT
Last-Modified: Thu, 02 Feb 2023 03:54:33 GMT
Server: ECS (amb/6B71)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9149ab6c1785e726beba057d3145037f
ae1c8f7ff79cd69563e5edc8bd4bc43e4b157361
b1051706016bdd32c3c72a89d2df0e514c0654905bd1336b3d041092720c2761
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1878
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 16:46:32 GMT
Etag: "63db33f9-118"
Last-Modified: Thu, 02 Feb 2023 16:15:14 GMT
Server: ECS (amb/6BAB)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash acf892e6b3e5c698864b9bff72c5df1d
0da5d835a391a7ddd10ef47f3e18783893d6f425
f4ff80c8023349ad36bc69fbd5ea7eebce348485be891f80c740e6194081d388
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F4FF80C8023349AD36BC69FBD5EA7EEBCE348485BE891F80C740E6194081D388"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6392
Expires: Thu, 02 Feb 2023 18:33:04 GMT
Date: Thu, 02 Feb 2023 16:46:32 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9149ab6c1785e726beba057d3145037f
ae1c8f7ff79cd69563e5edc8bd4bc43e4b157361
b1051706016bdd32c3c72a89d2df0e514c0654905bd1336b3d041092720c2761
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4486
Cache-Control: max-age=130967
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 16:46:32 GMT
Etag: "63db33f9-118"
Expires: Sat, 04 Feb 2023 05:09:19 GMT
Last-Modified: Thu, 02 Feb 2023 03:54:33 GMT
Server: ECS (amb/6B74)
X-Cache: HIT
Content-Length: 280
www.file-upload.com/mngez/images/anti2.png
188.114.96.1200 OK 641 B URL HTTP/2 www.file-upload.com/mngez/images/anti2.png
IP 188.114.96.1:0
File type PNG image data, 100 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash 722859ca75e68c14f4d803e76f846b92
0a00fa9439d602f40e3acd72dfb08b2f89c3fa2f
fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f
GET /mngez/images/anti2.png HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:32 GMT
content-type: image/png
content-length: 641
cache-control: max-age=315360000
cf-bgj: csam-hash
etag: "5c26aa0b-281"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 28 Dec 2018 22:56:11 GMT
cf-cache-status: HIT
age: 55109084
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NnGbySmWfULYQW8IGYeP1Uth58nVMVZh3N5j1NB5foiX4Lt7RZtlYLbRaSX1BMRMbmGra7riblob4Nep75qVQHxRLRyYanMQTtgjiJyZGNe3eJraM1TY8uGjAJVDN2X40hwCkpM1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7934674fda100b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
151.139.128.10200 OK 4.5 kB URL HTTP/1.1 images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
IP 151.139.128.10:0
File type PNG image data, 135 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash b0e239fa4ddfbcdf08cbcb34a13b2a0f
957fdb58c09d85e41cc6a6ea134a9365adee4ec9
0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994
GET /Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766 HTTP/1.1
Host: images.dmca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 16:46:32 GMT
Content-Type: image/png
Last-Modified: Thu, 02 Jun 2011 03:26:26 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Cache-Control: public,max-age=31536000
ETag: "0abbdbd420cc1:0"
X-Powered-By: ASP.NET
X-HW: 1675356392.cds253.sk1.h2,1675356392.cds246.sk1.c
Link: <http://www.dmca.com/Badges/_dmca_premi_badge_4.png>; rel="canonical"
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 4535
d26adrx9c3n0mq.cloudfront.net/?xrdad=888399
54.230.245.178200 OK 52 kB URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/?xrdad=888399
IP 54.230.245.178:0
File type Unicode text, UTF-8 text, with very long lines (15955)
Hash 92ded67c2b9d7535de8b76815917f206
ef9ba7b241d01b6f6fdd06b87a0dd72731205f48
90e1f51d74660a144ef5213588caebaf241aeb137a44795cf35fc26622469adf
GET /?xrdad=888399 HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Content-Length: 51516
Connection: keep-alive
Date: Thu, 02 Feb 2023 16:45:19 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Hit from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: TYmcun6D_SFTFhlfaVdx4ADGvLZrHA21I9w6-SSnAQMHvDfquWqt1Q==
Age: 73
galanasorra.com/r7GAfpgOogQq3/61001
23.109.248.131200 OK 25 B URL HTTP/1.1 galanasorra.com/r7GAfpgOogQq3/61001
IP 23.109.248.131:0
File type ASCII text, with no line terminators
Hash 2339750dbbbcbd8fe83612a65b72e03d
672074d493c051cffcc96bce7d15f77ec6ef1889
1fa220e7725025343d910d83e9f0e663b82419a3422e5465dc73c092b0853ccd
GET /r7GAfpgOogQq3/61001 HTTP/1.1
Host: galanasorra.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 16:46:32 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://www.file-upload.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Fri, 03-Feb-2023 16:46:32 GMT; Max-Age=86400; path=/
GL_GI10=eJw9i7sOgkAURAENEQXMJH6APyA%2BgoWtWhoojPUG8Wo2wl7Crg%2F8elETq5mcOWNZljMK4cgK%2FmoerWZRvIjmyxidCzGcJIWf802ZuhEqKwluwvUja%2BDWdJGsAgx%2BReR8IvSTdHJQV8UP9R8%2BtwDdXJomgPeJrxv20JG6Qrgu5HO85%2BJmWlvDU2SErohO8DbZsaDpdr9D%2BKffs2ujJ7Woan42bR8aWdKLFQk%2BnzWZFtl313kDsc5BIg%3D%3D; expires=Fri, 03-Feb-2023 16:46:32 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9149ab6c1785e726beba057d3145037f
ae1c8f7ff79cd69563e5edc8bd4bc43e4b157361
b1051706016bdd32c3c72a89d2df0e514c0654905bd1336b3d041092720c2761
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3494
Cache-Control: max-age=129975
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 16:46:32 GMT
Etag: "63db33f9-118"
Expires: Sat, 04 Feb 2023 04:52:47 GMT
Last-Modified: Thu, 02 Feb 2023 03:54:33 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 280
babup.com/page.js
51.15.15.22301 Moved Permanently 237 B IP 51.15.15.22:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3c38132a11f8bae735ac184c8c7e8a76
e4713e27c3e6821809559c87e75794e25e0c9e28
e2bf44c13b9b4f7d9482501f4b184b954f021aaaeb8e4439bde8b12069bc0fe2
GET /page.js HTTP/1.1
Host: babup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 16:46:32 GMT
Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2o-fips
Location: https://www.babup.com/page.js
Content-Length: 237
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9149ab6c1785e726beba057d3145037f
ae1c8f7ff79cd69563e5edc8bd4bc43e4b157361
b1051706016bdd32c3c72a89d2df0e514c0654905bd1336b3d041092720c2761
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 16:46:32 GMT
Etag: "63db33f9-118"
Server: ECS (amb/6B9D)
Content-Length: 280
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 68a3606a3e151f5316fd8df4c1ce29ae
9eaacb0da3b1ba0797a6507249a63848ef153966
2b499079f996fc4d73001bf1bad09005310385205dedd4aec3f4cffc74a838e9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "2B499079F996FC4D73001BF1BAD09005310385205DEDD4AEC3F4CFFC74A838E9"
Last-Modified: Wed, 01 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13443
Expires: Thu, 02 Feb 2023 20:30:36 GMT
Date: Thu, 02 Feb 2023 16:46:33 GMT
Connection: keep-alive
www.babup.com/page.js
51.15.15.22200 OK 12 kB IP 51.15.15.22:0
File type ASCII text, with very long lines (22552)
Hash 6960e7e17e53491d27538e8b2e60439f
4b3d03009dc69d1898651f50da5418f4536fbdaa
53181be5ae9b6317f9d1801fa181492be68dbfed57ad174695b25a5e79d55162
GET /page.js HTTP/1.1
Host: www.babup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 16:46:33 GMT
Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2o-fips
Last-Modified: Tue, 10 Jan 2023 19:06:58 GMT
ETag: "59c0-5f1ed967f5080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 11769
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
pyoungstersofto.xyz/aml5dVNFVhoGbj8vLzoKBiMVFxsCPRgYNx4MLyc0Mz5IRwY9MF8BOg5UQU1qXV9PUyMDDUREdRkdGAEmGVRIUzoEDxZIdRxUSFtgXkdKRH1YTwxIYkwdCRQ0V1hfBSceBUREZV1cSkBlXltJRWBb
172.67.207.205204 No Content 0 B URL HTTP/2 pyoungstersofto.xyz/aml5dVNFVhoGbj8vLzoKBiMVFxsCPRgYNx4MLyc0Mz5IRwY9MF8BOg5UQU1qXV9PUyMDDUREdRkdGAEmGVRIUzoEDxZIdRxUSFtgXkdKRH1YTwxIYkwdCRQ0V1hfBSceBUREZV1cSkBlXltJRWBb
IP 172.67.207.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aml5dVNFVhoGbj8vLzoKBiMVFxsCPRgYNx4MLyc0Mz5IRwY9MF8BOg5UQU1qXV9PUyMDDUREdRkdGAEmGVRIUzoEDxZIdRxUSFtgXkdKRH1YTwxIYkwdCRQ0V1hfBSceBUREZV1cSkBlXltJRWBb HTTP/1.1
Host: pyoungstersofto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 02 Feb 2023 16:46:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P8SKfyUXmTsKeRZuCMVNZJIFbsGa1vBmhdu66zVfWHIRmDpzecncd7ksyva4WwsNTI47Ok8Q5PoIM2PBoJVm2PKwqJ1OPe60WNiHdO09OI6swzdS1Nr4Uri5iDxKOyEtLZsX%2FD4h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79346750ef831bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pyoungstersofto.xyz/QXZaUXluSTkiRAwhFB4vCT8ZBhcxGgkmFRYQDRc9AiAIZSAEFXwlECVLY2NLc0NpdwkoEmdgXzICOyUMMktrdxAvEDVsXzdLa39KdVhpYFdzUC9sSGcCKjAefEd8IQ01GmdgT3ZDaWRPdURqYU1w
172.67.207.205204 No Content 0 B URL HTTP/2 pyoungstersofto.xyz/QXZaUXluSTkiRAwhFB4vCT8ZBhcxGgkmFRYQDRc9AiAIZSAEFXwlECVLY2NLc0NpdwkoEmdgXzICOyUMMktrdxAvEDVsXzdLa39KdVhpYFdzUC9sSGcCKjAefEd8IQ01GmdgT3ZDaWRPdURqYU1w
IP 172.67.207.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /QXZaUXluSTkiRAwhFB4vCT8ZBhcxGgkmFRYQDRc9AiAIZSAEFXwlECVLY2NLc0NpdwkoEmdgXzICOyUMMktrdxAvEDVsXzdLa39KdVhpYFdzUC9sSGcCKjAefEd8IQ01GmdgT3ZDaWRPdURqYU1w HTTP/1.1
Host: pyoungstersofto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 02 Feb 2023 16:46:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gLMPams7qv9X6KGcPCUziYrmBFVsQEqAOpQYW2A8J432yHPW3BpwO%2FXhynmoIKu7yv258B8hoEGhCxZbxnGiD7u9YOWRWTjwnqGigl58Xv9NQv8hiWxE8%2BfRy4YdBLJb7LT6khgK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79346750ef801bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pyoungstersofto.xyz/N0lqODYYdglLC1UeMGFjYC0JbWECJDIJZGUrLXpkbw8kSm8GDExMX1N0UgAOBHBSHkZeLVcJEEQ9C0xDRHRbHl9ZLwUFEEF0WxYFA2dZCRgFbx8FBxE9GllRCnhMSEJDJVcJAAB8WQ0AA3taCAcH
172.67.207.205204 No Content 0 B URL HTTP/2 pyoungstersofto.xyz/N0lqODYYdglLC1UeMGFjYC0JbWECJDIJZGUrLXpkbw8kSm8GDExMX1N0UgAOBHBSHkZeLVcJEEQ9C0xDRHRbHl9ZLwUFEEF0WxYFA2dZCRgFbx8FBxE9GllRCnhMSEJDJVcJAAB8WQ0AA3taCAcH
IP 172.67.207.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /N0lqODYYdglLC1UeMGFjYC0JbWECJDIJZGUrLXpkbw8kSm8GDExMX1N0UgAOBHBSHkZeLVcJEEQ9C0xDRHRbHl9ZLwUFEEF0WxYFA2dZCRgFbx8FBxE9GllRCnhMSEJDJVcJAAB8WQ0AA3taCAcH HTTP/1.1
Host: pyoungstersofto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 02 Feb 2023 16:46:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zujNh68tNfqjNM2Sa3dQs5HnpLYfZ3WmrfUmi5GdaLA4gIxLc2lRkjGxJm5B0zeJrOxO5xaJI9hPEvc4J%2Bko6BF3oZNbs9iri7XxLAS3x%2BG8wBjqdZap2986VFMScemN2WcCkDbz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79346750ef7d1bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
racterdeet.com/QWxIN00gDitaciBRKhE4MwB1En8HSXpxKXNaKVM/OVUrBCNxATkZLi0DPVMrMwMmQ2MvCTwSfwcmLFopOQ4fXBsCLnB7GyYlB3EbAz4cW3QCOg5xHAU9AXQPNjYpfQ4yOAZODHkqCQNocyoBXA8NJBlACRUqeWcKJjUudCETPQlfdQ46DVMPBC0jex5wIhBwHyo2DHI6AysvfgYABHh+DyY1DGQ1NjQfXzoCKTAPAQk9MHofAioNZnwtOB5iCwckIA8HBz0BUg8UJgxvHCIvGVwDJTsNbQcQOSBWAwQmDG8fdQoLYikbOA1iIRcqcW0JLSoOZAsuXBlcYA8ID0APAj0hTxQTAAJRFRQuHGEYBCcMdRgMJCNfLwwqHnUVBwAPYSYHDxxyHxkqP2YvBBsNUgsUFA1+GAMIEHElGTowXxgTG25dPi4COAoYBxYJcAA4CwFyfA
54.192.99.102200 OK 1.2 kB URL HTTP/1.1 racterdeet.com/QWxIN00gDitaciBRKhE4MwB1En8HSXpxKXNaKVM/OVUrBCNxATkZLi0DPVMrMwMmQ2MvCTwSfwcmLFopOQ4fXBsCLnB7GyYlB3EbAz4cW3QCOg5xHAU9AXQPNjYpfQ4yOAZODHkqCQNocyoBXA8NJBlACRUqeWcKJjUudCETPQlfdQ46DVMPBC0jex5wIhBwHyo2DHI6AysvfgYABHh+DyY1DGQ1NjQfXzoCKTAPAQk9MHofAioNZnwtOB5iCwckIA8HBz0BUg8UJgxvHCIvGVwDJTsNbQcQOSBWAwQmDG8fdQoLYikbOA1iIRcqcW0JLSoOZAsuXBlcYA8ID0APAj0hTxQTAAJRFRQuHGEYBCcMdRgMJCNfLwwqHnUVBwAPYSYHDxxyHxkqP2YvBBsNUgsUFA1+GAMIEHElGTowXxgTG25dPi4COAoYBxYJcAA4CwFyfA
IP 54.192.99.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3040), with no line terminators
Hash 4d6d62af9e7a8deafa38da7c6e06638f
c2eae9804b483f4b1ae8c852ac2590b2c8a71c65
75cd90b574f051ab3f1a052775a8edc1cddecb688ec9f319e7d89c600d8b934e
GET /QWxIN00gDitaciBRKhE4MwB1En8HSXpxKXNaKVM/OVUrBCNxATkZLi0DPVMrMwMmQ2MvCTwSfwcmLFopOQ4fXBsCLnB7GyYlB3EbAz4cW3QCOg5xHAU9AXQPNjYpfQ4yOAZODHkqCQNocyoBXA8NJBlACRUqeWcKJjUudCETPQlfdQ46DVMPBC0jex5wIhBwHyo2DHI6AysvfgYABHh+DyY1DGQ1NjQfXzoCKTAPAQk9MHofAioNZnwtOB5iCwckIA8HBz0BUg8UJgxvHCIvGVwDJTsNbQcQOSBWAwQmDG8fdQoLYikbOA1iIRcqcW0JLSoOZAsuXBlcYA8ID0APAj0hTxQTAAJRFRQuHGEYBCcMdRgMJCNfLwwqHnUVBwAPYSYHDxxyHxkqP2YvBBsNUgsUFA1+GAMIEHElGTowXxgTG25dPi4COAoYBxYJcAA4CwFyfA HTTP/1.1
Host: racterdeet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1191
Connection: keep-alive
Date: Thu, 02 Feb 2023 16:46:33 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 fb13343f41a549822047f18ba839fd5a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN1-C1
X-Amz-Cf-Id: VDuplnV6cHQhVPJmhTOtTIvQGkceeaGM0RYT19ClpYSDLg-VIT3trA==
racterdeet.com/WGozYmI5CFAPXTlXUUQXKgYOR1AeTwEkBmpcUgYQIFNQUQxoB0JMATQFRgYEKgVdFkw2D0dHUB4BaSooEDNfNyoQOVgnAzArUStTYRllCSBpPAE4IR8uYiwtIDhjIA43XXIJERUhcFoBEihmNgEgK3orU2EGYgpWNS53KDgOKXovLDQGdzszFRJxCVsiOHAnNxA5SwQtCgl0KQodBnEzKzUvey8wHVlcMi0wXlEpFWxaYjcjGjwAFjcOWWUxBAonUSkzAVx2FSQxP3Q3KRoHeTM4DjxwAzQSHWUYIDE/dDc2HxNfNzsNLHEgNzwEZSMSIDxdIDoVLR4oMwI4aic7NC9mNDcSE2clNBY8ADQxFQ12MC4ZW0Q0CApbZg8wDTtdODECL3UjBi87CyQKOwJ3MVMaO3IkNgI8dQEGaDtUNTcVTFkRDTYaDiNaNgwKKSgiEmUwEw
54.192.99.102200 OK 1.2 kB URL HTTP/1.1 racterdeet.com/WGozYmI5CFAPXTlXUUQXKgYOR1AeTwEkBmpcUgYQIFNQUQxoB0JMATQFRgYEKgVdFkw2D0dHUB4BaSooEDNfNyoQOVgnAzArUStTYRllCSBpPAE4IR8uYiwtIDhjIA43XXIJERUhcFoBEihmNgEgK3orU2EGYgpWNS53KDgOKXovLDQGdzszFRJxCVsiOHAnNxA5SwQtCgl0KQodBnEzKzUvey8wHVlcMi0wXlEpFWxaYjcjGjwAFjcOWWUxBAonUSkzAVx2FSQxP3Q3KRoHeTM4DjxwAzQSHWUYIDE/dDc2HxNfNzsNLHEgNzwEZSMSIDxdIDoVLR4oMwI4aic7NC9mNDcSE2clNBY8ADQxFQ12MC4ZW0Q0CApbZg8wDTtdODECL3UjBi87CyQKOwJ3MVMaO3IkNgI8dQEGaDtUNTcVTFkRDTYaDiNaNgwKKSgiEmUwEw
IP 54.192.99.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3042), with no line terminators
Hash fae01727f5c998d568b255ab8afd1030
98234111b887f87ec46769dcf32aeb7d6a540e67
d342bcf7c38025bd38a21bb79e75539061ab762412241140d631569e595f2ce7
GET /WGozYmI5CFAPXTlXUUQXKgYOR1AeTwEkBmpcUgYQIFNQUQxoB0JMATQFRgYEKgVdFkw2D0dHUB4BaSooEDNfNyoQOVgnAzArUStTYRllCSBpPAE4IR8uYiwtIDhjIA43XXIJERUhcFoBEihmNgEgK3orU2EGYgpWNS53KDgOKXovLDQGdzszFRJxCVsiOHAnNxA5SwQtCgl0KQodBnEzKzUvey8wHVlcMi0wXlEpFWxaYjcjGjwAFjcOWWUxBAonUSkzAVx2FSQxP3Q3KRoHeTM4DjxwAzQSHWUYIDE/dDc2HxNfNzsNLHEgNzwEZSMSIDxdIDoVLR4oMwI4aic7NC9mNDcSE2clNBY8ADQxFQ12MC4ZW0Q0CApbZg8wDTtdODECL3UjBi87CyQKOwJ3MVMaO3IkNgI8dQEGaDtUNTcVTFkRDTYaDiNaNgwKKSgiEmUwEw HTTP/1.1
Host: racterdeet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1191
Connection: keep-alive
Date: Thu, 02 Feb 2023 16:46:33 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 3529bf84e9522012233c3dd2a59fdfe8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN1-C1
X-Amz-Cf-Id: HZml35VanWwzsZthyzDEDBm3FYSy0dePXH3OWfexq5ASxeh8nYqi3A==
racterdeet.com/cUtOVXAQKS04TxB2LHMFAydzcEI3bnwTFEN9LzECCXItZh5BJj97Ex0kOzEWAyQgIV4fLjpwQjcRGQE6KB0bJkYpHxcvFDJ6LAU3GTEXBAQHEn1kVUMNGRYDRwEdPiA2HA8QPxwGDw8aQXIcPxwLGzcbJyscGCE+JwZ8GB4rbnwTJgsSfDEdFh4BATUBEQ8PVUMJBwEDQxwZAEU+CH8zOwgePx4mPDotL0RFDzQARjwfDDA+NRk7NEMjPytmBEkKCT1JIQ8MNiA1JHYeGBU6FAYlBQ18JRwUJiU2ETkJehIIFToUAQcGEwlgGBMmPiIWJi95HCEjOC0dFxMNfHgAHQQdbSgQMxxjESAvfA8nO3MPEhcIByQlKj94DGA4BgkhDzgFOw9nGBopIyYzISE5YCA3Gn0ZJ0Q5KhIcHS0gNjMXIgxnETBtJCYfHztzFEU+KB8NQwcvOjQ
54.192.99.102200 OK 1.2 kB URL HTTP/1.1 racterdeet.com/cUtOVXAQKS04TxB2LHMFAydzcEI3bnwTFEN9LzECCXItZh5BJj97Ex0kOzEWAyQgIV4fLjpwQjcRGQE6KB0bJkYpHxcvFDJ6LAU3GTEXBAQHEn1kVUMNGRYDRwEdPiA2HA8QPxwGDw8aQXIcPxwLGzcbJyscGCE+JwZ8GB4rbnwTJgsSfDEdFh4BATUBEQ8PVUMJBwEDQxwZAEU+CH8zOwgePx4mPDotL0RFDzQARjwfDDA+NRk7NEMjPytmBEkKCT1JIQ8MNiA1JHYeGBU6FAYlBQ18JRwUJiU2ETkJehIIFToUAQcGEwlgGBMmPiIWJi95HCEjOC0dFxMNfHgAHQQdbSgQMxxjESAvfA8nO3MPEhcIByQlKj94DGA4BgkhDzgFOw9nGBopIyYzISE5YCA3Gn0ZJ0Q5KhIcHS0gNjMXIgxnETBtJCYfHztzFEU+KB8NQwcvOjQ
IP 54.192.99.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3040), with no line terminators
Hash bfabc322d22628d2e783e0ea5bd32e24
4b38b0e3433e745c41583771423da02795832a23
34fbf524b4161147744fff8b7d7a505b226aeff4ca352f65f0d08d6e00acce52
GET /cUtOVXAQKS04TxB2LHMFAydzcEI3bnwTFEN9LzECCXItZh5BJj97Ex0kOzEWAyQgIV4fLjpwQjcRGQE6KB0bJkYpHxcvFDJ6LAU3GTEXBAQHEn1kVUMNGRYDRwEdPiA2HA8QPxwGDw8aQXIcPxwLGzcbJyscGCE+JwZ8GB4rbnwTJgsSfDEdFh4BATUBEQ8PVUMJBwEDQxwZAEU+CH8zOwgePx4mPDotL0RFDzQARjwfDDA+NRk7NEMjPytmBEkKCT1JIQ8MNiA1JHYeGBU6FAYlBQ18JRwUJiU2ETkJehIIFToUAQcGEwlgGBMmPiIWJi95HCEjOC0dFxMNfHgAHQQdbSgQMxxjESAvfA8nO3MPEhcIByQlKj94DGA4BgkhDzgFOw9nGBopIyYzISE5YCA3Gn0ZJ0Q5KhIcHS0gNjMXIgxnETBtJCYfHztzFEU+KB8NQwcvOjQ HTTP/1.1
Host: racterdeet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1194
Connection: keep-alive
Date: Thu, 02 Feb 2023 16:46:33 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 667bc9576cb65b03461f4c2ed893152e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN1-C1
X-Amz-Cf-Id: Nknt7kUyLiUwldKd1oKjENoh5J8GmI5SLHN6OGrSDifSH-qg1i3sRg==
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 68a3606a3e151f5316fd8df4c1ce29ae
9eaacb0da3b1ba0797a6507249a63848ef153966
2b499079f996fc4d73001bf1bad09005310385205dedd4aec3f4cffc74a838e9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "2B499079F996FC4D73001BF1BAD09005310385205DEDD4AEC3F4CFFC74A838E9"
Last-Modified: Wed, 01 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13443
Expires: Thu, 02 Feb 2023 20:30:36 GMT
Date: Thu, 02 Feb 2023 16:46:33 GMT
Connection: keep-alive
pyoungstersofto.xyz/U25wU3N8URMgTgk7CDkQOF8nNR8FLRY/PWI4GzdKBgAEBSFgHVYnGjdTSGpFYldIdQM6Ck1iS3UdBDIHJh1NYlU6ABY8TnUYTWJdY0BCfUF1G01iVSceETROYkgAJwc/U0FlRGZdRWVHYV5AZkM
172.67.207.205204 No Content 0 B URL HTTP/2 pyoungstersofto.xyz/U25wU3N8URMgTgk7CDkQOF8nNR8FLRY/PWI4GzdKBgAEBSFgHVYnGjdTSGpFYldIdQM6Ck1iS3UdBDIHJh1NYlU6ABY8TnUYTWJdY0BCfUF1G01iVSceETROYkgAJwc/U0FlRGZdRWVHYV5AZkM
IP 172.67.207.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /U25wU3N8URMgTgk7CDkQOF8nNR8FLRY/PWI4GzdKBgAEBSFgHVYnGjdTSGpFYldIdQM6Ck1iS3UdBDIHJh1NYlU6ABY8TnUYTWJdY0BCfUF1G01iVSceETROYkgAJwc/U0FlRGZdRWVHYV5AZkM HTTP/1.1
Host: pyoungstersofto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 02 Feb 2023 16:46:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bExYvDhDqK8Mbdb3ayZ%2BLLAuzT%2BkcXjWDwXR83P91%2Bbri98Dr%2FNK83jtkYOLKKP1SS2IOEvAh7lzi3PEh254iwy2zeWncOe6RPJe9sQhvyD5GF2BB%2B1Ejnj0mYvpalBou6u2wz3g"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793467510f9a1bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pyoungstersofto.xyz/dnl6OTdZRhlKCjtJNHF6LjgxXX8vOyl4Q0QdDVFxN0oKC3QzLFxNXhJEQgEPRUBDH0cfHUcKBVAKDlhDAwpHCBEfFxxWClAPRwkZT1dLFwdQDEcIEQIJG14KR18KTUMaREsPAENKTw8DRElKDwY
172.67.207.205204 No Content 0 B URL HTTP/2 pyoungstersofto.xyz/dnl6OTdZRhlKCjtJNHF6LjgxXX8vOyl4Q0QdDVFxN0oKC3QzLFxNXhJEQgEPRUBDH0cfHUcKBVAKDlhDAwpHCBEfFxxWClAPRwkZT1dLFwdQDEcIEQIJG14KR18KTUMaREsPAENKTw8DRElKDwY
IP 172.67.207.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dnl6OTdZRhlKCjtJNHF6LjgxXX8vOyl4Q0QdDVFxN0oKC3QzLFxNXhJEQgEPRUBDH0cfHUcKBVAKDlhDAwpHCBEfFxxWClAPRwkZT1dLFwdQDEcIEQIJG14KR18KTUMaREsPAENKTw8DRElKDwY HTTP/1.1
Host: pyoungstersofto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 02 Feb 2023 16:46:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=neYjmKNPTrQp76Dzpmhxv5Bslx2ndOeMjSPI9Qfdfv2TI7qSzFhDbheCtCsDWqwl4JcqG%2Bqteo%2BpLXBIZ55K%2F9Y1j%2B7MmnjG736Pi1giYM1bDfXlB7XAqlMbUvIRLwqGx2s7BExJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793467511fab1bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
racterdeet.com/SExLV2UpLig6WilxKXEQOiB2clcOaXkRAXp6KjMXMHUoZAt4ITp5BiQjPjMDOiMlI0smKT9yVw4jBAIOPygmZgQCIH8GMCN8LAEgPBoKH10KGHoCAwF8Bg0keCB7AQwNGS4WDQ0cLAEfDRsaGCYadHIEDQIdCABcKwo8GQAsDhIDJHk8exYzCQETBBYGHSAjKAMNezUkIwEsDycnAQMfEXodexovKg0BEDcdeCwPDQEPHz0KHh4NZj0YHh0SPRkkfh8OEgUIMBYeHg1mKgEKfhYyGjR9NAkGKggDIA8dIDAuCzQdEj0dP25lIw4ZHiQmACcNACN4HSkWSAILCDsSORszOywLO3MUNyQ7ATI0DgsTFR1/DQkWIBs1MwAiGhkoMlYSBBMGHSYNDRY8CgQscQ87IyUnWC4bMhYkPAQjHT0cNC8
54.192.99.102200 OK 1.2 kB URL HTTP/1.1 racterdeet.com/SExLV2UpLig6WilxKXEQOiB2clcOaXkRAXp6KjMXMHUoZAt4ITp5BiQjPjMDOiMlI0smKT9yVw4jBAIOPygmZgQCIH8GMCN8LAEgPBoKH10KGHoCAwF8Bg0keCB7AQwNGS4WDQ0cLAEfDRsaGCYadHIEDQIdCABcKwo8GQAsDhIDJHk8exYzCQETBBYGHSAjKAMNezUkIwEsDycnAQMfEXodexovKg0BEDcdeCwPDQEPHz0KHh4NZj0YHh0SPRkkfh8OEgUIMBYeHg1mKgEKfhYyGjR9NAkGKggDIA8dIDAuCzQdEj0dP25lIw4ZHiQmACcNACN4HSkWSAILCDsSORszOywLO3MUNyQ7ATI0DgsTFR1/DQkWIBs1MwAiGhkoMlYSBBMGHSYNDRY8CgQscQ87IyUnWC4bMhYkPAQjHT0cNC8
IP 54.192.99.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3023), with no line terminators
Hash 0fb92afbca7346c44c0099f1cd90e454
2a7f83aa919e249ad74c0a3235d21d9689f09828
41b4058e196440a80edeb84ad7b4afa0d892c1b1b2f6e8ef098379b91440d7cf
GET /SExLV2UpLig6WilxKXEQOiB2clcOaXkRAXp6KjMXMHUoZAt4ITp5BiQjPjMDOiMlI0smKT9yVw4jBAIOPygmZgQCIH8GMCN8LAEgPBoKH10KGHoCAwF8Bg0keCB7AQwNGS4WDQ0cLAEfDRsaGCYadHIEDQIdCABcKwo8GQAsDhIDJHk8exYzCQETBBYGHSAjKAMNezUkIwEsDycnAQMfEXodexovKg0BEDcdeCwPDQEPHz0KHh4NZj0YHh0SPRkkfh8OEgUIMBYeHg1mKgEKfhYyGjR9NAkGKggDIA8dIDAuCzQdEj0dP25lIw4ZHiQmACcNACN4HSkWSAILCDsSORszOywLO3MUNyQ7ATI0DgsTFR1/DQkWIBs1MwAiGhkoMlYSBBMGHSYNDRY8CgQscQ87IyUnWC4bMhYkPAQjHT0cNC8 HTTP/1.1
Host: racterdeet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1174
Connection: keep-alive
Date: Thu, 02 Feb 2023 16:46:33 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 c908cbeaf223c80632fd467b8ff1278a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN1-C1
X-Amz-Cf-Id: ctWkobQaXXk5PDYPNpmIgv4dY9l4_yoMe72GM2ou7WGJxgCfABL9WA==
racterdeet.com/bHYxQlYNFFIvaQ1LU2QjHhoMZ2QqUwMEMl5AUCYkFE9ScThcG0BsNQAZRCYwHhlfNngCE0VnZCofUBU+Oy9pLR0uDFYKBD5Gcw86FDVkFBQAIXQMBi0fZA0QLhpnDQQIMmE4JgQgWXojKBxkJQ4uRmIPOhQ9ZTUHXzJJcwM4HHwSETokayEXLRNycwAFJEZ2DC4MACESGxV8DyEPInM1ZhUkRnofOiJCDRctN3QNMS4QZjtjBiIBMhs7G2sIEj03dg8xWDh2KWcHI2MTMjghYxAFXRp2GD0+PHpyZwcjYHIXLhtzFA5dGUAhZyI9dBRjBSR0KSQ4IRwQBC80CAwMPzR9FQBdQmQUGCEhXBsRJAFeBhk5JHgOZxwbZAcmNiFmGAc0R0UbGy0ReAYXWEN2FG8OOlwmBDhGVRs1LiR5FRdKHEItOBxLXjRvOiQGdTMrEFID
54.192.99.102200 OK 1.2 kB URL HTTP/1.1 racterdeet.com/bHYxQlYNFFIvaQ1LU2QjHhoMZ2QqUwMEMl5AUCYkFE9ScThcG0BsNQAZRCYwHhlfNngCE0VnZCofUBU+Oy9pLR0uDFYKBD5Gcw86FDVkFBQAIXQMBi0fZA0QLhpnDQQIMmE4JgQgWXojKBxkJQ4uRmIPOhQ9ZTUHXzJJcwM4HHwSETokayEXLRNycwAFJEZ2DC4MACESGxV8DyEPInM1ZhUkRnofOiJCDRctN3QNMS4QZjtjBiIBMhs7G2sIEj03dg8xWDh2KWcHI2MTMjghYxAFXRp2GD0+PHpyZwcjYHIXLhtzFA5dGUAhZyI9dBRjBSR0KSQ4IRwQBC80CAwMPzR9FQBdQmQUGCEhXBsRJAFeBhk5JHgOZxwbZAcmNiFmGAc0R0UbGy0ReAYXWEN2FG8OOlwmBDhGVRs1LiR5FRdKHEItOBxLXjRvOiQGdTMrEFID
IP 54.192.99.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3041), with no line terminators
Hash c98264b3c6578860455b1be7111cf76b
5fe8f6f7832ca337bb6c9c9c37fac15bdfba0d1e
5903c347a3ea4dcb0dfc6f2d987897a72c3eca2c9b4a318b1ddfd293536b4a93
GET /bHYxQlYNFFIvaQ1LU2QjHhoMZ2QqUwMEMl5AUCYkFE9ScThcG0BsNQAZRCYwHhlfNngCE0VnZCofUBU+Oy9pLR0uDFYKBD5Gcw86FDVkFBQAIXQMBi0fZA0QLhpnDQQIMmE4JgQgWXojKBxkJQ4uRmIPOhQ9ZTUHXzJJcwM4HHwSETokayEXLRNycwAFJEZ2DC4MACESGxV8DyEPInM1ZhUkRnofOiJCDRctN3QNMS4QZjtjBiIBMhs7G2sIEj03dg8xWDh2KWcHI2MTMjghYxAFXRp2GD0+PHpyZwcjYHIXLhtzFA5dGUAhZyI9dBRjBSR0KSQ4IRwQBC80CAwMPzR9FQBdQmQUGCEhXBsRJAFeBhk5JHgOZxwbZAcmNiFmGAc0R0UbGy0ReAYXWEN2FG8OOlwmBDhGVRs1LiR5FRdKHEItOBxLXjRvOiQGdTMrEFID HTTP/1.1
Host: racterdeet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1191
Connection: keep-alive
Date: Thu, 02 Feb 2023 16:46:33 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 10ba4f180c8b00c38f956300d7b2f4c8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN1-C1
X-Amz-Cf-Id: wrJ5B0vIPHWPij69Q_F6DexNlUir_RTqJsioA-CnjDQjEMcJLMektA==
pyoungstersofto.xyz/VHJnQXZ7TQQySzZAAwYkOjgwFD4wQDQtEgcWCXg+DENSchBkEUE1HzBPX3lOZ0teZwY9FlpyRHIBEyACIQFac0ZkRUEoGDIdWnNQIk9Xb096Q0lxUCFPVmcCJBMAfEdyAhM1GmlDUXZDZ0dRdURkQlFz
172.67.207.205204 No Content 0 B URL HTTP/2 pyoungstersofto.xyz/VHJnQXZ7TQQySzZAAwYkOjgwFD4wQDQtEgcWCXg+DENSchBkEUE1HzBPX3lOZ0teZwY9FlpyRHIBEyACIQFac0ZkRUEoGDIdWnNQIk9Xb096Q0lxUCFPVmcCJBMAfEdyAhM1GmlDUXZDZ0dRdURkQlFz
IP 172.67.207.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VHJnQXZ7TQQySzZAAwYkOjgwFD4wQDQtEgcWCXg+DENSchBkEUE1HzBPX3lOZ0teZwY9FlpyRHIBEyACIQFac0ZkRUEoGDIdWnNQIk9Xb096Q0lxUCFPVmcCJBMAfEdyAhM1GmlDUXZDZ0dRdURkQlFz HTTP/1.1
Host: pyoungstersofto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 02 Feb 2023 16:46:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WjrVTydd0vdGYoR60i8wbimci6hNaNP6KiZLnmXf4o9q7hobbB%2FNr3xpucz47yv%2BkFFWIATMUkj6UgKbUJx3wFYa3jBGR78PvkIwCKonvbzxk2puZ9XB%2BGa3bOv928FqOTS815nC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793467513fb21bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d26adrx9c3n0mq.cloudfront.net/JdmdxbWkVCB8LVgIOFVBRTl9CVFFQDQICBwZaJCsTNyA8FA4/IkBLHQwDTF1PGgYfClRQAh8OVEdBEAkLS1NXGRkZDEwBGgIKAh0IBgYDSxwXWhwCEx8LHQxMRCFEQ1lTVUFFHh8JFQIeBUJDXQcCQkNdWEZJQUhaNEJDXR4fCUdZTEUlVF9ZDlFFSFo0Qk-NdGwBCQixYRlJfXUBTVUEKDBUMHkhbMFVBXFlGVkFcTERXFwQbEwEeFUxEIUBdXFhXVxhURw
54.230.245.178200 OK 605 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/JdmdxbWkVCB8LVgIOFVBRTl9CVFFQDQICBwZaJCsTNyA8FA4/IkBLHQwDTF1PGgYfClRQAh8OVEdBEAkLS1NXGRkZDEwBGgIKAh0IBgYDSxwXWhwCEx8LHQxMRCFEQ1lTVUFFHh8JFQIeBUJDXQcCQkNdWEZJQUhaNEJDXR4fCUdZTEUlVF9ZDlFFSFo0Qk-NdGwBCQixYRlJfXUBTVUEKDBUMHkhbMFVBXFlGVkFcTERXFwQbEwEeFUxEIUBdXFhXVxhURw
IP 54.230.245.178:0
File type ASCII text, with very long lines (847), with no line terminators
Hash 27abd886937eb5e709c63cb00a6284d2
77dc723187dc8ad8be88aa06d0581aeeb5057d13
f7681caa3c5b7fce9409f612302d2619457cfbb119d4f20c26f09d3858db6f10
GET /JdmdxbWkVCB8LVgIOFVBRTl9CVFFQDQICBwZaJCsTNyA8FA4/IkBLHQwDTF1PGgYfClRQAh8OVEdBEAkLS1NXGRkZDEwBGgIKAh0IBgYDSxwXWhwCEx8LHQxMRCFEQ1lTVUFFHh8JFQIeBUJDXQcCQkNdWEZJQUhaNEJDXR4fCUdZTEUlVF9ZDlFFSFo0Qk-NdGwBCQixYRlJfXUBTVUEKDBUMHkhbMFVBXFlGVkFcTERXFwQbEwEeFUxEIUBdXFhXVxhURw HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://racterdeet.com/
HTTP/1.1 200 OK
Content-Length: 605
Connection: keep-alive
Date: Thu, 02 Feb 2023 16:46:33 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: duquVsGZ-XYoSdEF5aS7F6Vd0wY7xpJ0QUeKNNSyX6eRJhgOOhheBA==
d26adrx9c3n0mq.cloudfront.net/kZHJHYlUHHSkEahAbI19sVkB1V2ZCGDQNOxRPBlo7AksMKC8cJBUTcxAII19lQh4mDDJZVCIMNllDYQMxBk9zRCEUHSxfORcGKhElBQImEHMRE3oPOh4bKw40QUABV3tUV3VSfRMbKQY6EwFiUGUKBmJQZVVCaVJwVzBiUGUTGylUYUFBBUdnVApxVnBXMG-JQZRYEYlEUVUJyTGVNV3VSMgERLA1wVjR1UmRUQnZSZEFAdwQ8FhchDS1BQAFTZVFcd0QgWUM
54.230.245.178200 OK 456 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/kZHJHYlUHHSkEahAbI19sVkB1V2ZCGDQNOxRPBlo7AksMKC8cJBUTcxAII19lQh4mDDJZVCIMNllDYQMxBk9zRCEUHSxfORcGKhElBQImEHMRE3oPOh4bKw40QUABV3tUV3VSfRMbKQY6EwFiUGUKBmJQZVVCaVJwVzBiUGUTGylUYUFBBUdnVApxVnBXMG-JQZRYEYlEUVUJyTGVNV3VSMgERLA1wVjR1UmRUQnZSZEFAdwQ8FhchDS1BQAFTZVFcd0QgWUM
IP 54.230.245.178:0
File type ASCII text, with very long lines (648), with no line terminators
Hash 0d6dceee85aa811e475ef0599406574a
1e92c29bd321b4f24e43428c9caa7c72c6eb9111
d3588e4e3dee9d395cb6ebc208f57983d2be5bc904d19222dded57f27e136fcc
GET /kZHJHYlUHHSkEahAbI19sVkB1V2ZCGDQNOxRPBlo7AksMKC8cJBUTcxAII19lQh4mDDJZVCIMNllDYQMxBk9zRCEUHSxfORcGKhElBQImEHMRE3oPOh4bKw40QUABV3tUV3VSfRMbKQY6EwFiUGUKBmJQZVVCaVJwVzBiUGUTGylUYUFBBUdnVApxVnBXMG-JQZRYEYlEUVUJyTGVNV3VSMgERLA1wVjR1UmRUQnZSZEFAdwQ8FhchDS1BQAFTZVFcd0QgWUM HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://racterdeet.com/
HTTP/1.1 200 OK
Content-Length: 456
Connection: keep-alive
Date: Thu, 02 Feb 2023 16:46:33 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NceQVBP1_CoQtmx-gwD_d8MEalUirvoiRSXTvd9jsvWUjl-Dyj1xLA==
d26adrx9c3n0mq.cloudfront.net/ZWTJYVUs6XTYzdC1bPGhzYQtvY31/WCs6JSkPGWAEOmMAZj09RjlzPyNWZWVtNVM2MnZ/VzY2dmgUOTEpZAZ+ITs2WWU5OC1fKyUqKVMqcz44DzU6MTBeNDRua3Rte3t8AGh9PDBcPDo8KhdqZSUtF2plemkcaHB4GxdqZTwwXG5hbmpwfWd7IQRscHgbF2-plOS8XaxR6aQd2ZWJ8AGgyLjpZN3B5HwBoZHtpA2hkbmsCPjw5PFQ3LW5rdGllfncCfiB2aA
54.230.245.178200 OK 612 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/ZWTJYVUs6XTYzdC1bPGhzYQtvY31/WCs6JSkPGWAEOmMAZj09RjlzPyNWZWVtNVM2MnZ/VzY2dmgUOTEpZAZ+ITs2WWU5OC1fKyUqKVMqcz44DzU6MTBeNDRua3Rte3t8AGh9PDBcPDo8KhdqZSUtF2plemkcaHB4GxdqZTwwXG5hbmpwfWd7IQRscHgbF2-plOS8XaxR6aQd2ZWJ8AGgyLjpZN3B5HwBoZHtpA2hkbmsCPjw5PFQ3LW5rdGllfncCfiB2aA
IP 54.230.245.178:0
File type ASCII text, with very long lines (851), with no line terminators
Hash 98ac7e50010fca9d382d6290e2e70e2f
9352ff32f2ae9bea5fdd76655612ea0e872246aa
0a2e683d1346565269ad3a9647394af708b03ec5c88b3fea8f26eedd4d97fc62
GET /ZWTJYVUs6XTYzdC1bPGhzYQtvY31/WCs6JSkPGWAEOmMAZj09RjlzPyNWZWVtNVM2MnZ/VzY2dmgUOTEpZAZ+ITs2WWU5OC1fKyUqKVMqcz44DzU6MTBeNDRua3Rte3t8AGh9PDBcPDo8KhdqZSUtF2plemkcaHB4GxdqZTwwXG5hbmpwfWd7IQRscHgbF2-plOS8XaxR6aQd2ZWJ8AGgyLjpZN3B5HwBoZHtpA2hkbmsCPjw5PFQ3LW5rdGllfncCfiB2aA HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://racterdeet.com/
HTTP/1.1 200 OK
Content-Length: 612
Connection: keep-alive
Date: Thu, 02 Feb 2023 16:46:33 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: dmTJ6asuUcpKR99vA_AonbF3MMqECnIuFL5vhGb_1y0hjiYu4E8plg==
outbursttones.com/01/10/5f/01105f188a1c32226733edcb09dd3870.js
173.233.137.60200 OK 21 kB URL HTTP/1.1 outbursttones.com/01/10/5f/01105f188a1c32226733edcb09dd3870.js
IP 173.233.137.60:0
File type HTML document, ASCII text, with very long lines (60174), with no line terminators
Hash 22abc9a4ccdeb832d9189b09b18ee093
5d6f819547075d04370b9a5ecc880a80a0a444ce
fa74cd8bcf2b06036f970181079fe8841076d16837b13f18dd9b21c0eb7e95c4
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /01/10/5f/01105f188a1c32226733edcb09dd3870.js HTTP/1.1
Host: outbursttones.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 16:46:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7e85ad523800ff710795fb01d05ba911
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
d26adrx9c3n0mq.cloudfront.net/oOUkwdm1aJl4QUk0gVEtVAH8BT1UfI0MZA0l0ViEUeAhEPgVzEWQOCR89ShJQCW9cFwNedBYTA1p0AVAMXSsNQktMKA0bAkMgXBoMHHt2Q0MJbAJGRU4gXhICTjoVRF1XPRVEXQh5HkZICgsVRF1OIF5AWRx6clNfCTEGQkgKCxVEXUs/FUUsCHkFWF0QbA-JGClwqWxlICw8CRlwJeQFGXBx7ABAESyxWGRUce3ZHXQxnAFAYBHg
54.230.245.178200 OK 184 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/oOUkwdm1aJl4QUk0gVEtVAH8BT1UfI0MZA0l0ViEUeAhEPgVzEWQOCR89ShJQCW9cFwNedBYTA1p0AVAMXSsNQktMKA0bAkMgXBoMHHt2Q0MJbAJGRU4gXhICTjoVRF1XPRVEXQh5HkZICgsVRF1OIF5AWRx6clNfCTEGQkgKCxVEXUs/FUUsCHkFWF0QbA-JGClwqWxlICw8CRlwJeQFGXBx7ABAESyxWGRUce3ZHXQxnAFAYBHg
IP 54.230.245.178:0
File type ASCII text, with no line terminators
Hash e75f6ae225dc4bbdd926fc4c50a31ad3
a23d1d1d8f32d3969e54204a3b32aed46050d97d
f1facfb4794b4787059be3d81c7bb0c6c8ea29172079a36cd2242473c0308f30
GET /oOUkwdm1aJl4QUk0gVEtVAH8BT1UfI0MZA0l0ViEUeAhEPgVzEWQOCR89ShJQCW9cFwNedBYTA1p0AVAMXSsNQktMKA0bAkMgXBoMHHt2Q0MJbAJGRU4gXhICTjoVRF1XPRVEXQh5HkZICgsVRF1OIF5AWRx6clNfCTEGQkgKCxVEXUs/FUUsCHkFWF0QbA-JGClwqWxlICw8CRlwJeQFGXBx7ABAESyxWGRUce3ZHXQxnAFAYBHg HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://racterdeet.com/
HTTP/1.1 200 OK
Content-Length: 184
Connection: keep-alive
Date: Thu, 02 Feb 2023 16:46:33 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: WiMMeX_7-FT79X6NlBa0oSUuhkQ1XA7ONsXB_0WT6BjmzT97GHYEOA==
d26adrx9c3n0mq.cloudfront.net/iaWhWYXoKBzgHRR0BMlxCUVBlWENPAiUOFBlVORdDPzphVh8uDjUgXB0SMlxKTwQ3Dx1UTjMPGVRZcAAeC1ViRw4ZBz1cDwcMMwcTBw0yRw8IVTsOAAAEOgBfWy5jT0pMWmZJDQAGMg4NGk1kURQdTWRRS1lGZkRJK01kUQ0ABmBVX1oqc1NKEV5iREkrTW-RRCB9NZSBLWV14UVNMWmYGHwoDOURIL1pmUEpZWWZQX1tYMAgIDA45GV9bLmdRT0dYcBRHWA
54.230.245.178200 OK 358 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/iaWhWYXoKBzgHRR0BMlxCUVBlWENPAiUOFBlVORdDPzphVh8uDjUgXB0SMlxKTwQ3Dx1UTjMPGVRZcAAeC1ViRw4ZBz1cDwcMMwcTBw0yRw8IVTsOAAAEOgBfWy5jT0pMWmZJDQAGMg4NGk1kURQdTWRRS1lGZkRJK01kUQ0ABmBVX1oqc1NKEV5iREkrTW-RRCB9NZSBLWV14UVNMWmYGHwoDOURIL1pmUEpZWWZQX1tYMAgIDA45GV9bLmdRT0dYcBRHWA
IP 54.230.245.178:0
File type ASCII text, with very long lines (456), with no line terminators
Hash b8342644e331b5dbc26a291e03eadd8d
b5eb831e88d1454f87bddb490c2bde247f51241e
877194b68445ef64dc5737015abd16641e8a056e4374400fa5aad8ce8626aa26
GET /iaWhWYXoKBzgHRR0BMlxCUVBlWENPAiUOFBlVORdDPzphVh8uDjUgXB0SMlxKTwQ3Dx1UTjMPGVRZcAAeC1ViRw4ZBz1cDwcMMwcTBw0yRw8IVTsOAAAEOgBfWy5jT0pMWmZJDQAGMg4NGk1kURQdTWRRS1lGZkRJK01kUQ0ABmBVX1oqc1NKEV5iREkrTW-RRCB9NZSBLWV14UVNMWmYGHwoDOURIL1pmUEpZWWZQX1tYMAgIDA45GV9bLmdRT0dYcBRHWA HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://racterdeet.com/
HTTP/1.1 200 OK
Content-Length: 358
Connection: keep-alive
Date: Thu, 02 Feb 2023 16:46:33 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: E-or3J9otpv9miJlilSZtwshRg-8CVY9AMOWL6GJp-pFJLcY6a4gQA==
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfac8e75ce3a7274894c1f4215714ec1
3af98f892a055dc1e76d603cd0be26791cec7a5a
d71a3ab89665ed999c87ef950fa828e0621fc0c80e20e2596a30ec5e26f53733
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D71A3AB89665ED999C87EF950FA828E0621FC0C80E20E2596A30EC5E26F53733"
Last-Modified: Tue, 31 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20469
Expires: Thu, 02 Feb 2023 22:27:42 GMT
Date: Thu, 02 Feb 2023 16:46:33 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bae868356becb6470806e213f97e8aa6
1a3c7ffdce0f4e9c1f59aa0cd7715f22bade5117
c9930f2471f9a8a87fddfe3989391d65e1c41b3457a3f0fbf2e2357566f81a1b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2088
Cache-Control: max-age=90769
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 16:46:33 GMT
Etag: "63daa052-1d7"
Expires: Fri, 03 Feb 2023 17:59:22 GMT
Last-Modified: Wed, 01 Feb 2023 17:24:34 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d5aa8840f812da83fc823da528a74c1a
9e7bad3462506164bd4bdb87a761352ef8131ba9
abaa07021a967e89f7786ac14efa3ce48f24e4c032376a36421cca12f5ecaeeb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 16:46:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8d777e9406316814b36e3c580cccd4c8
7653df86c61ff7c801e35da9eeca3ecc70c7d7e8
2c4bb952aa3359712306a7c20b845627ee26689aacdb2560a61fc175e7c0c731
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 16:46:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 56f7cfc033002fb9997a8758ae80bfe1
b35d14e03627f0c5a16e1f18f66b9a6529d3e91b
b47910cc7607ee84c515b7156e156dd2e612d5cd3b96a89ed16557bd81ca6033
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Feb 2023 16:46:33 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1695466654%3A1675356393571475&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHf0HDi6-lsuMpGs-JjbOVX9Nt6CBZ69Qs2tcg5NWFIT5gs4a1qDGS0QEJ3oXajUD8KBOfJLcA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-ZHKi8e3PqFgd-gUBFW3Tww' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:AUi1x7_JveuT3GFvoOSfnUco9E9wtg:0rYhWL08OU9HZZ-l;Path=/;Expires=Sat, 01-Feb-2025 16:46:33 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
racterdeet.com/utx?cb=YB1nCDJlWnMW&top=www.file-upload.com&tid=922253
54.192.99.102204 No Content 0 B URL HTTP/2 racterdeet.com/utx?cb=YB1nCDJlWnMW&top=www.file-upload.com&tid=922253
IP 54.192.99.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=YB1nCDJlWnMW&top=www.file-upload.com&tid=922253 HTTP/1.1
Host: racterdeet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 02 Feb 2023 16:46:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 02 Feb 2023 16:47:33 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 10ba4f180c8b00c38f956300d7b2f4c8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: o3MzKMHVJw8kUZFZsey2IXUqBLkHoobN-7jJ1uH0Eb0_D_AHtKaAQA==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfac8e75ce3a7274894c1f4215714ec1
3af98f892a055dc1e76d603cd0be26791cec7a5a
d71a3ab89665ed999c87ef950fa828e0621fc0c80e20e2596a30ec5e26f53733
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D71A3AB89665ED999C87EF950FA828E0621FC0C80E20E2596A30EC5E26F53733"
Last-Modified: Tue, 31 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20469
Expires: Thu, 02 Feb 2023 22:27:42 GMT
Date: Thu, 02 Feb 2023 16:46:33 GMT
Connection: keep-alive
racterdeet.com/utx?cb=2ovst0v65FLX&top=www.file-upload.com&tid=889766
54.192.99.102204 No Content 0 B URL HTTP/2 racterdeet.com/utx?cb=2ovst0v65FLX&top=www.file-upload.com&tid=889766
IP 54.192.99.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=2ovst0v65FLX&top=www.file-upload.com&tid=889766 HTTP/1.1
Host: racterdeet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 02 Feb 2023 16:46:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 02 Feb 2023 16:47:33 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 10ba4f180c8b00c38f956300d7b2f4c8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: kb18HNbQBrRcyVzVSBy1d1rF2-X030tKW0n5VPRpCuSmReh9vrdD3A==
X-Firefox-Spdy: h2
racterdeet.com/utx?cb=J7xCORr9XUxP&top=www.file-upload.com&tid=888399
54.192.99.102204 No Content 0 B URL HTTP/2 racterdeet.com/utx?cb=J7xCORr9XUxP&top=www.file-upload.com&tid=888399
IP 54.192.99.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=J7xCORr9XUxP&top=www.file-upload.com&tid=888399 HTTP/1.1
Host: racterdeet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 02 Feb 2023 16:46:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 02 Feb 2023 16:47:33 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 10ba4f180c8b00c38f956300d7b2f4c8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: U9RarniR5DbdHOak5cv8dlI4AyrHS8pGDqKN0ltOuJm6SGGkuTXJyw==
X-Firefox-Spdy: h2
racterdeet.com/utx?cb=EKp1hrbmcGw7&top=www.file-upload.com&tid=888398
54.192.99.102204 No Content 0 B URL HTTP/2 racterdeet.com/utx?cb=EKp1hrbmcGw7&top=www.file-upload.com&tid=888398
IP 54.192.99.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=EKp1hrbmcGw7&top=www.file-upload.com&tid=888398 HTTP/1.1
Host: racterdeet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 02 Feb 2023 16:46:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 02 Feb 2023 16:47:33 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 10ba4f180c8b00c38f956300d7b2f4c8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: q_M9EKuJ4BhNgaOXifZPtsN6CNPVvpXZv-pf7bANyV_zSD0CivWKGQ==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 400 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Hash 4fe47a7b36651efe998382041ffd8249
b5fefb1f42e662503aa5a50c995aa7ea2e9aa420
3e4c560db3418ee130fc2a3e895abf2744beb2591288032c3d47a623d2a5799c
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Feb 2023 16:46:33 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1660279496%3A1675356393619128&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHec7OvKwu7RpmxYNU-Xfg0ctuq6Fj_1UuZLs8m4qYPUqdsnszYTqQ2HlncODkVXlB8qImLYeg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-x2D41Bw8x5ABZkjeW96xNg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 400
server: GSE
set-cookie: __Host-GAPS=1:cPDIrt4izTHb3X-ri9yQINSxhLoNIg:vWvJX6WiDdPYMQ7z;Path=/;Expires=Sat, 01-Feb-2025 16:46:33 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1695466654%3A1675356393571475&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHf0HDi6-lsuMpGs-JjbOVX9Nt6CBZ69Qs2tcg5NWFIT5gs4a1qDGS0QEJ3oXajUD8KBOfJLcA
142.250.74.109403 Forbidden 1.3 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1695466654%3A1675356393571475&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHf0HDi6-lsuMpGs-JjbOVX9Nt6CBZ69Qs2tcg5NWFIT5gs4a1qDGS0QEJ3oXajUD8KBOfJLcA
IP 142.250.74.109:0
Hash 628c8d8a7c0d13851b0ca6caed9b6e69
b68793ba4e65db900e784b5842ccff26fbbd73ea
f3cc169be0be1eb09412098e3a37b836ec5558089ceee05765b4680a49196eff
GET /v3/signin/identifier?dsh=S1695466654%3A1675356393571475&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHf0HDi6-lsuMpGs-JjbOVX9Nt6CBZ69Qs2tcg5NWFIT5gs4a1qDGS0QEJ3oXajUD8KBOfJLcA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Feb 2023 16:46:33 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin
content-security-policy: script-src 'nonce-ncS3oMGfvFulG7tHitwLTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 1.3 kB IP 93.184.220.29:0
File type gzip compressed data, max compression\012- data
Hash 3e6d5cc527ce40647178e1f3fa03b577
cb6f110ba39de8c9fd10cd2dc6c3a03a79063403
cf8a6d7e470ad29fe405e09dd367b3681fd7eec1b668b592df9e141faaf9e1ca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2088
Cache-Control: max-age=90769
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 16:46:33 GMT
Etag: "63daa052-1d7"
Expires: Fri, 03 Feb 2023 17:59:22 GMT
Last-Modified: Wed, 01 Feb 2023 17:24:34 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
pyoungstersofto.xyz/popunder.gif
172.67.207.205301 Moved Permanently 0 B URL HTTP/1.1 pyoungstersofto.xyz/popunder.gif
IP 172.67.207.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder.gif HTTP/1.1
Host: pyoungstersofto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 16:46:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 02 Feb 2023 17:46:33 GMT
Location: https://pyoungstersofto.xyz/popunder.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FeAVa24UyYETLFWh3%2Bf1TS7WKr78yokWNB8nPTD%2FD1%2BKu5%2Bv0JjMO534SstdnaiLUNFTF%2FqfhX4DlI7PZ%2B6EjWiPzXOXpYatzdqV1Ks1MdiUoMfkpTD7N5itnPwihdM5OSFn8j8O"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79346755ec6a1bfa-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10630
Expires: Thu, 02 Feb 2023 19:43:43 GMT
Date: Thu, 02 Feb 2023 16:46:33 GMT
Connection: keep-alive
pogothere.xyz/asd100.bin
172.64.133.29200 OK 185 kB IP 172.64.133.29:0
Size 185 kB (184581 bytes)
Hash 9319371c5d42750aa827c6d86eb992c0
7da306378a4d2e0d06e989661d2bad2c2d93e50e
1ebc7b2ab5998898e2c1f1e81d8c9e59b183e3cef0c2c07b29144b75793657f8
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:33 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 73
last-modified: Thu, 02 Feb 2023 16:45:20 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3DDc5T5IAgI1rWZGjSotHtXfktRKnZXKJdq76O%2BYydfPlBmsH14L03Vbtb9tzE4%2ByqE7laDVOJpgOZwKcj8pou8eCAyOsTqf0%2B2FfxXoW56tP9HapJ0lffT%2BMqCGwH4e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79346753bce17192-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10630
Expires: Thu, 02 Feb 2023 19:43:43 GMT
Date: Thu, 02 Feb 2023 16:46:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10630
Expires: Thu, 02 Feb 2023 19:43:43 GMT
Date: Thu, 02 Feb 2023 16:46:33 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ff2ba7c-95eb-402b-8e98-e95f8ac322aa.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ff2ba7c-95eb-402b-8e98-e95f8ac322aa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0f85742f336de59ca88f7f964a8b33f4
0fc7177f8cb06421a8807e93989f651bda743567
fbd5fd39c39c218b0fa956f8cb8050cbdbfcb109a92303f6175d73cc8c339526
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ff2ba7c-95eb-402b-8e98-e95f8ac322aa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8642
x-amzn-requestid: f47f7616-41aa-4983-8ada-20f6f0b6856b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frfXtHkUoAMFr1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadf64-083a903959cdab540bd38265;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:53:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UqoeSWse0jZAC3IEIWk5fj9q_4xsAoZRkn67U4m2L5NkayHxsAYmlA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:00:35 GMT
age: 67558
etag: "0fc7177f8cb06421a8807e93989f651bda743567"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3cca56-2e75-4efc-8090-c33c65a99f80.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3cca56-2e75-4efc-8090-c33c65a99f80.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b9af1fd56c0de8f128ddce88d49c1b4d
e3bb3d4950f7c0267f4476eef21872da332831aa
908153182f76362ff329803d9c11c06c66181e85e8e51dabd927f1f1ac630d5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3cca56-2e75-4efc-8090-c33c65a99f80.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8944
x-amzn-requestid: 07495184-ede8-485c-94e8-5302ec348ea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: freiLHRPoAMFYbw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dade0d-275437a54eceb40e302a7f55;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:47:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: e0zaXjoBKOmsY4fPEbl1SWCBxetMssmszZug0-epLq-X5rGb5zKHZw==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:59:36 GMT
age: 67617
etag: "e3bb3d4950f7c0267f4476eef21872da332831aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.205.35200 OK 11 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.205.35:0
Hash 9f78a212e4af341b1e20539d891fce82
d9f338b73464582bd163595dde24a2f454a4679e
9616c6e25be10f8a1e35de7cc43908176a9087e4268777ce0e39ebffd2bbefde
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: ZxTOnQ1g/JnQqQPBKN4KaxWA8DN3nPXbkADxOUjchkdw8RG6inunI65oGkHWy4whBvhsg/MKKnX01XPKiak+uA==
date: Thu, 02 Feb 2023 16:46:33 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4bb3a6fba496d54cdbbccaf2b9600386
8e30002699e9fbf2047f9ac11a36d2175fc9c591
927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15857
x-amzn-requestid: cfe36b9d-34f6-4f3f-896e-e70ec45c4a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGGWoAMFSLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-0dd68dd778b9aba268a129b0;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: C1kqthy0eZop0UZfG3_op5xeBOVGiPLYfia4uS1l4-kchEzV6ccE9w==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 07:16:08 GMT
age: 34225
etag: "8e30002699e9fbf2047f9ac11a36d2175fc9c591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 395bb0f71f9eba82f5ca23548d08900f
b1fada280c7ea3eb775a6fa46ce173a51eb045f5
7443babb69532e1ee3ee779e05ad4f62de2c5bf62548bcb5702f8290a527664c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11367
x-amzn-requestid: 67702c15-9a68-46ec-95e5-efb57f08e2f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5OGfBoAMF3Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6e-033182ba55fdd0230ad5a270;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Ybz4mmNUwsKOkpz6GFm4nLz7iGX5gJ--EiUjqrs8G92GBLn6qaF7IQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:57:51 GMT
age: 67722
etag: "b1fada280c7ea3eb775a6fa46ce173a51eb045f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F04301881-7728-4218-a61a-642cd5ffae53.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F04301881-7728-4218-a61a-642cd5ffae53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0224e848c34cb32cf932ed99dfd8468a
31c1abac8979bca5a998a6649ca3e6f59c0fb2f5
f93d5a69758e57d4d2b0d307ce98ad5ea8d86b825108873e8ea5bc36567dc5c0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F04301881-7728-4218-a61a-642cd5ffae53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5061
x-amzn-requestid: e8e96b85-5b24-48b4-bea3-6c1b93c55ca1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdKVGf3oAMFj1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadbdb-558cb5ec6f31497d284518be;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:38:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AeFT9dVmzOw8800DKN7VouWS3HGHRYp64On9sF62J-aOK_OGtvAa7w==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:12:52 GMT
age: 66821
etag: "31c1abac8979bca5a998a6649ca3e6f59c0fb2f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.133.29200 OK 102 kB IP 172.64.133.29:0
Size 102 kB (102400 bytes)
Hash 4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:33 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 73
last-modified: Thu, 02 Feb 2023 16:45:20 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G0Nfv89LND3s8J8vQmJULD%2F8CCbXM1rCm3yhRTWXvQzFVMgb4uMm5BcIND3BAdoynTzvuNCfNde2nJPC33dieLiMEPARFrZjH6oERq%2BoB7Q5nGI3vhvLzUSNpRmY1lCZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79346753ccef7192-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.133.29200 OK 103 kB IP 172.64.133.29:0
Size 103 kB (102871 bytes)
Hash 3bab1d3a28a4c8115f612753bc04dbad
65600650ab5d36da2e08097cfe29c3830253baeb
3db0e5db07519fef3f7d140f1ea548d2981ca26272e282a2bbe121191df8fcc5
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:33 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 73
last-modified: Thu, 02 Feb 2023 16:45:20 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l8HdCqqVl7Z%2FFmuAbY4zNyGLPRphjixy1rF2Dn%2B1oWY11NmqqP9vsOdutSVIHJNV%2FopI1XDj1EiYt8nN4W77iJIh%2BRSrppg5Hpiu0Kd2efsGahRG19OG2LmJcgfzzMcc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79346753ccfc7192-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash a3b9e44d8e7b041b3016ab27e5af58bf
6c6c52de9c47d1e7f2dded294e69bdf94fad7f69
8977430f41e19ab313f69fe86c3642bab2d948f9427e85167cd8e6441f65e1dc
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:34 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
set-cookie: uid_id2=1addccd9-cef0-45f7-a0c3-fbfbc74b86d5:2:1; expires=Sun, 30 Jan 2033 16:46:34 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
choreinevitable.com/38/f0/0a/38f00a36b3d7705a00e14d2d7baaa601.js
192.243.61.227200 OK 13 kB URL HTTP/1.1 choreinevitable.com/38/f0/0a/38f00a36b3d7705a00e14d2d7baaa601.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37157), with no line terminators
Hash b81e42303f62808da0454ae73877166c
5de389732c6135889bb878991636cb26f76d2cf5
36997e4a54893402ab466c366d595462879c41cd52f9c5db0b958cee3d178ce5
GET /38/f0/0a/38f00a36b3d7705a00e14d2d7baaa601.js HTTP/1.1
Host: choreinevitable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 16:46:34 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1d1d7fb5ce133789d3c95262380d57ac
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.google-analytics.com/ga.js
142.250.74.110200 OK 17 kB URL HTTP/1.1 www.google-analytics.com/ga.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1305)
Hash 01d5892e6e243b52998310c2925b9f3a
58180151b6a6ee4af73583a214b68efb9e8844d4
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
GET /ga.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Thu, 02 Feb 2023 15:07:57 GMT
Expires: Thu, 02 Feb 2023 17:07:57 GMT
Cache-Control: public, max-age=7200
Age: 5917
Last-Modified: Tue, 10 Jan 2023 21:29:14 GMT
Content-Type: text/javascript
connect.facebook.net/en_US/sdk.js
157.240.205.11301 Moved Permanently 0 B URL HTTP/1.1 connect.facebook.net/en_US/sdk.js
IP 157.240.205.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 301 Moved Permanently
Location: https://connect.facebook.net/en_US/sdk.js
Content-Type: text/plain
Server: proxygen-bolt
Date: Thu, 02 Feb 2023 16:46:34 GMT
Connection: keep-alive
Content-Length: 0
friendshipmale.com/sfp.js
172.64.203.23200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 172.64.203.23:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 16:46:34 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 6ef1aa4d00d431ad0d41be4310f0c845
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Thu, 02 Feb 2023 16:46:34 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VUqHieCL72BQAqtHztf%2BO%2B12iWC6nVJpuJeIqCt%2BVK9kAqoj2VHKPFKBBbpnLkBP56fE%2FoRvfdljK1hCsindKLTSB3bP1GTOXSay%2BFMxSP8XLQLR4%2BNZnDKSce7iXs7vX0Svhig%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793467583862755e-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=372313541&utmhn=www.file-upload.com&utmcs=UTF-8&utmsr=1280x1024&utmvp=1268x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20Sexy%20Boobs%20zip&utmhid=950478297&utmr=-&utmp=%2Fvuukzxu4tds5&utmht=1675356421210&utmac=UA-42931250-7&utmcc=__utma%3D184767038.584772777.1675356421.1675356421.1675356421.1%3B%2B__utmz%3D184767038.1675356421.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1684098249&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
142.250.74.110302 Found 369 B URL HTTP/1.1 www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=372313541&utmhn=www.file-upload.com&utmcs=UTF-8&utmsr=1280x1024&utmvp=1268x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20Sexy%20Boobs%20zip&utmhid=950478297&utmr=-&utmp=%2Fvuukzxu4tds5&utmht=1675356421210&utmac=UA-42931250-7&utmcc=__utma%3D184767038.584772777.1675356421.1675356421.1675356421.1%3B%2B__utmz%3D184767038.1675356421.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1684098249&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
IP 142.250.74.110:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 4c90f52d283a278e83a65fc57659d608
291aa8c590dc8c9c2d87ecef9c45550598f15831
b33c051f0898cd04482b122b561d1f1cfeb367ea8dd1457626eb080057e53d9d
GET /r/__utm.gif?utmwv=5.7.2&utms=1&utmn=372313541&utmhn=www.file-upload.com&utmcs=UTF-8&utmsr=1280x1024&utmvp=1268x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20Sexy%20Boobs%20zip&utmhid=950478297&utmr=-&utmp=%2Fvuukzxu4tds5&utmht=1675356421210&utmac=UA-42931250-7&utmcc=__utma%3D184767038.584772777.1675356421.1675356421.1675356421.1%3B%2B__utmz%3D184767038.1675356421.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1684098249&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 302 Found
Location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-42931250-7&cid=584772777.1675356421&jid=1684098249&_v=5.7.2&z=372313541
Access-Control-Allow-Origin: *
Date: Thu, 02 Feb 2023 16:46:34 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
Server: Golfe2
Content-Length: 369
connect.facebook.net/en_US/sdk.js
157.240.205.11200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js
IP 157.240.205.11:0
File type ASCII text, with very long lines (1957)
Hash 31f16c2d1d5d3e8abf2a569ad228a277
8623952850f13b24e4351b509cb84d16766d28b0
ef24fc930493d82e9c3a2369ce956905c538ec74a9904ec94f30ce66a195a151
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 4e505c2920cdbceebed70b70fbbcbd9d
etag: "fc84678f2cb8f57c76fb2783b7a65c64"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Thu, 02 Feb 2023 17:00:55 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
x-frame-options: DENY
origin-agent-cluster: ?0
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: MfFsLR1dPoq/Klaa0iiidw==
x-fb-debug: JGSMPl7ZOplJBOrma/xFr40wPvT09BoK+nCA04OpoH2TbciFZI9dG3PXuBFjiFU8juU1U2g1ApnMkf54afXKlA==
priority: u=3,i
content-length: 1688
x-fb-trip-id: 1679558926
date: Thu, 02 Feb 2023 16:46:34 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dc2e297877f6332a114de88eeeaca61
cc91e58f3dd132b078223d21cd3177f0819e40e7
94f1191402d63bc2757d7ec854bc418dd6929b5aa9efb815d9bd35f8dab98fef
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 16:46:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-42931250-7&cid=584772777.1675356421&jid=1684098249&_v=5.7.2&z=372313541
64.233.164.155302 Found 367 B URL HTTP/2 stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-42931250-7&cid=584772777.1675356421&jid=1684098249&_v=5.7.2&z=372313541
IP 64.233.164.155:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash e75a20ba6a74906151faf94129f60bfb
d7c84b92683cf7671d90445348891246cdc20e70
20ff57790b6a22fba13ad8198d3b42ed623f682e3cdeff3e0b426d77b5b23c88
GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-42931250-7&cid=584772777.1675356421&jid=1684098249&_v=5.7.2&z=372313541 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=584772777.1675356421&jid=1684098249&_v=5.7.2&z=372313541
access-control-allow-origin: *
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 02 Feb 2023 16:46:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: Golfe2
content-length: 367
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
connect.facebook.net/en_US/sdk.js?hash=6752170c39001fa696962cbfa37764b3
157.240.205.11200 OK 87 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=6752170c39001fa696962cbfa37764b3
IP 157.240.205.11:0
File type ASCII text, with very long lines (13192)
Hash 82d6644cc6b8aac3413489e9c8fd22c4
05cf83d03ff6ad342d7ae130cb8d85f47736f8f7
ce6b4e73ab029cfff14c92143d4bab4115e5bc8836c140a1bcf02cf3fb7cb510
GET /en_US/sdk.js?hash=6752170c39001fa696962cbfa37764b3 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 16a8fc44e6575d26c2236b30bb07085a
etag: "e1d06f306b7b72602283fa12bb14ab14"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 02 Feb 2024 14:31:24 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
x-frame-options: DENY
origin-agent-cluster: ?0
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: gtZkTMa4qsNBNInpyP0ixA==
x-fb-debug: OgjN1g85lBr3F+EwX/3Ww+F0G1hicXq1LODkhOnU+oaUXxVVK0MdBFzbNAPVe7q8aEv0oF7h+ylPl0tGDXxHOQ==
priority: u=3,i
content-length: 86979
x-fb-trip-id: 1679558926
date: Thu, 02 Feb 2023 16:46:34 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dc2e297877f6332a114de88eeeaca61
cc91e58f3dd132b078223d21cd3177f0819e40e7
94f1191402d63bc2757d7ec854bc418dd6929b5aa9efb815d9bd35f8dab98fef
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 16:46:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=584772777.1675356421&jid=1684098249&_v=5.7.2&z=372313541
142.250.74.164302 Found 0 B URL HTTP/2 www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=584772777.1675356421&jid=1684098249&_v=5.7.2&z=372313541
IP 142.250.74.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=584772777.1675356421&jid=1684098249&_v=5.7.2&z=372313541 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 16:46:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=584772777.1675356421&jid=1684098249&_v=5.7.2&z=372313541&slf_rd=1&random=2109312711
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a4253e662d539c01b8656dbb6d73aab1
08f71eead367b6fa76b99f7f590680a5f5650b62
f05b99f6b0c8fb5c38221d02c0c9ed96389fbd5105d6329cdc733d1fae411df2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 16:46:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
racterdeet.com/floater?cs=NjFuMFgPBl8AYA4EXgltBghfCW0&abt=0&red=1&sm=83&k=download%20sexy%20boobs&v=0.9.1.0&sts=0&prn=0&emb=0&tid=888399&rxy=1280_1024&u=265924828962861&agec=1675356393&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=157.48031496062993&ref=http%3A%2F%2Fwww.file-upload.com%2Fvuukzxu4tds5&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi1_&_mr5W=1675356420896&crc=1
54.192.99.102200 OK 1.3 kB URL HTTP/2 racterdeet.com/floater?cs=NjFuMFgPBl8AYA4EXgltBghfCW0&abt=0&red=1&sm=83&k=download%20sexy%20boobs&v=0.9.1.0&sts=0&prn=0&emb=0&tid=888399&rxy=1280_1024&u=265924828962861&agec=1675356393&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=157.48031496062993&ref=http%3A%2F%2Fwww.file-upload.com%2Fvuukzxu4tds5&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi1_&_mr5W=1675356420896&crc=1
IP 54.192.99.102:0
File type ASCII text, with very long lines (2027), with no line terminators
Hash df1efb8d93922eb30a40a47b719237e8
0f11f2ca5d16667efb36a37ee474de577078234f
2b134ce9cd050f70cc38794683a512dc9f48dbfa6a1305eb823f4a4eb1350785
GET /floater?cs=NjFuMFgPBl8AYA4EXgltBghfCW0&abt=0&red=1&sm=83&k=download%20sexy%20boobs&v=0.9.1.0&sts=0&prn=0&emb=0&tid=888399&rxy=1280_1024&u=265924828962861&agec=1675356393&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=157.48031496062993&ref=http%3A%2F%2Fwww.file-upload.com%2Fvuukzxu4tds5&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi1_&_mr5W=1675356420896&crc=1 HTTP/1.1
Host: racterdeet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1270
date: Thu, 02 Feb 2023 16:46:34 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=4b09ee63-4957-49fd-8485-5958d9799688
csu=265924828962861
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 10ba4f180c8b00c38f956300d7b2f4c8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: mY3PAjNuQ17A7g5AEeo3MUhGknWVZIZURTzHhWiJnZgWy3b_281aLQ==
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=584772777.1675356421&jid=1684098249&_v=5.7.2&z=372313541&slf_rd=1&random=2109312711
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=584772777.1675356421&jid=1684098249&_v=5.7.2&z=372313541&slf_rd=1&random=2109312711
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=584772777.1675356421&jid=1684098249&_v=5.7.2&z=372313541&slf_rd=1&random=2109312711 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 16:46:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a4253e662d539c01b8656dbb6d73aab1
08f71eead367b6fa76b99f7f590680a5f5650b62
f05b99f6b0c8fb5c38221d02c0c9ed96389fbd5105d6329cdc733d1fae411df2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 16:46:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de6325424b40307b4855f6daf3a7e7f1
d14d016a2c49881108a3b5cbaa31fecc36a1be51
8ab91d0545f3a631d6c98dad704c8b3baeec8a3b39cd19efb6af9d426184a8b4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8AB91D0545F3A631D6C98DAD704C8B3BAEEC8A3B39CD19EFB6AF9D426184A8B4"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10211
Expires: Thu, 02 Feb 2023 19:36:46 GMT
Date: Thu, 02 Feb 2023 16:46:35 GMT
Connection: keep-alive
xml.serve-servee.com/thumbnail?i=nUZUYhNCVSw_1&p=1675356394.220815&imgt=icon
172.64.163.38302 Found 0 B URL HTTP/2 xml.serve-servee.com/thumbnail?i=nUZUYhNCVSw_1&p=1675356394.220815&imgt=icon
IP 172.64.163.38:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=nUZUYhNCVSw_1&p=1675356394.220815&imgt=icon HTTP/1.1
Host: xml.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 02 Feb 2023 16:46:35 GMT
content-length: 0
location: https://static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qwEq9nmpdqZGHJXuZ7leXnJ7lwR7T4P1UAehFj2OiHVAvIU9GMKxT%2BMGKPOQ1MsmjG2qyxk%2Beg4UeQGMVJj1bpgf2ArvaQCNV6Wkdyuvt0W6Uw3R3buXsR%2FPQDvZUKIwI%2Bv4TSeUHA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79346761ed527798-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de6325424b40307b4855f6daf3a7e7f1
d14d016a2c49881108a3b5cbaa31fecc36a1be51
8ab91d0545f3a631d6c98dad704c8b3baeec8a3b39cd19efb6af9d426184a8b4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8AB91D0545F3A631D6C98DAD704C8B3BAEEC8A3B39CD19EFB6AF9D426184A8B4"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10210
Expires: Thu, 02 Feb 2023 19:36:46 GMT
Date: Thu, 02 Feb 2023 16:46:36 GMT
Connection: keep-alive
static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
172.64.163.38200 OK 1.1 kB URL HTTP/2 static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
IP 172.64.163.38:0
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash 4fa2beaeca8f598401f3ec6300cb860b
45634806ea1fa936c0e600b8b22f835600529b36
ef897a0bab353d84bf69ae3570347dea36236575a7b1bbd5992b8f256f856577
GET /n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png HTTP/1.1
Host: static.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:36 GMT
content-type: image/png
content-length: 1112
last-modified: Fri, 24 Apr 2020 13:59:43 GMT
accept-ranges: bytes
etag: "5ea2f0cf-458"
cache-control: max-age=86400
x-sp-metadata: HS256.CPvt754GEksKJDQ1MTA1ZmI3LTFkZjYtNGI1YS04Y2ZhLTI3NzJjZDZlZDEzYhDA0sGB2rP8AhoGCOvR754GIgwxNzIuNzAuODUuNzYo4PwBMAIaKwgBEiQyMDlhY2VhMS1iZmU4LTQ0MzAtOWFjYS1kMmI2MjNlMzEwMjcY2AgiGAgCEhRjZHMyMTYubG80Lmh3Y2RuLm5ldA==.xhKgoMsGzKxvnzfqQ352lGHwB9MIdhO3TYVILWcqfqo=
x-hw: 1675356395.cds222.lo4.h2,1675356395.cds216.lo4.c
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ealMnCZOV20f14iuCMd%2FTNgPIkCUXR1%2BzxlCDlZGQqFmjgSCz8BdZRsGIQnXrcenw56s8UGQe%2F7aqqpfW4LrSipVz6q4x7EUAAX%2FfcJ%2FiO81izwFr9UhnxyzAn0XpQHiGEUcdKausdSSTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79346762eec57798-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 17d522a5b7c2b24cd93810965903adf5
ad44826216cd0e9608b8432d60f6dbeb0a26e65f
43f742fd6faaae0b3806235dd5867366b71a72fabd6690eb1af2232e42569364
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "43F742FD6FAAAE0B3806235DD5867366B71A72FABD6690EB1AF2232E42569364"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4815
Expires: Thu, 02 Feb 2023 18:06:53 GMT
Date: Thu, 02 Feb 2023 16:46:38 GMT
Connection: keep-alive
intimateexhibitedcontempt.com/sbar.json?key=38f00a36b3d7705a00e14d2d7baaa601&uuid=1addccd9-cef0-45f7-a0c3-fbfbc74b86d5%3A2%3A1
173.233.137.36200 OK 4.5 kB URL HTTP/1.1 intimateexhibitedcontempt.com/sbar.json?key=38f00a36b3d7705a00e14d2d7baaa601&uuid=1addccd9-cef0-45f7-a0c3-fbfbc74b86d5%3A2%3A1
IP 173.233.137.36:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6324), with no line terminators
Hash d501bbace1c156118136124bfa5fdd5b
433f39493b8bbe25a2a1d5c71a8a7b01df1be03d
0c543638a23c95e77d4110028fff196a608c522621568990c0008220f350f8b4
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=38f00a36b3d7705a00e14d2d7baaa601&uuid=1addccd9-cef0-45f7-a0c3-fbfbc74b86d5%3A2%3A1 HTTP/1.1
Host: intimateexhibitedcontempt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 16:46:38 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://www.file-upload.com
Access-Control-Allow-Origin: http://www.file-upload.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16537667; expires=Fri, 03 Feb 2023 16:46:38 GMT; secure; SameSite=None
uid_id2=1addccd9-cef0-45f7-a0c3-fbfbc74b86d5:2:1; expires=Thu, 09 Feb 2023 16:46:38 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 03 Feb 2023 16:46:38 GMT; secure; SameSite=None
uncs=1; expires=Fri, 03 Feb 2023 16:46:38 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 03 Feb 2023 16:46:38 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 03 Feb 2023 16:46:38 GMT; secure; SameSite=None
slec38f00a36b3d7705a00e14d2d7baaa601=[3952979]; expires=Thu, 02 Feb 2023 16:46:43 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ac08c0784c60882f085ea57629d5fe73
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d62d6b1aa5d380b6cdbfae5d3dca5421
f715b643ffd374ace9695098eb3ed3a70de0fde1
04f32494a66d0cd2ed4b1a8078b86edcfca40190fedcf0334d9cd62ca2ca6d19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04F32494A66D0CD2ED4B1A8078B86EDCFCA40190FEDCF0334D9CD62CA2CA6D19"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14519
Expires: Thu, 02 Feb 2023 20:48:37 GMT
Date: Thu, 02 Feb 2023 16:46:38 GMT
Connection: keep-alive
cdn.barscreative1.com/sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html
45.133.44.3200 OK 955 B URL HTTP/2 cdn.barscreative1.com/sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text
Hash 3311b451b6e90781dab5ae61a1e4f65d
940e4700d9c5fbf74f8c15dcf10c28661e34cf2c
3def788280ca0f9ba09e050e3f3bfba82e5268fe2104f1c02a8f265c12774023
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:38 GMT
content-type: text/html; charset=utf-8
content-length: 955
server: nginx/1.17.6
last-modified: Wed, 18 May 2022 11:09:59 GMT
etag: "6284d407-3bb"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Thu, 02 Feb 2023 17:46:38 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
intimateexhibitedcontempt.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYsc1Rd9lV%2By%2BJGVwY0LoQguFJzOq%2F6YnjbC4ORDgjGJmciIq7yv6nnO63rFe1VdPY2L0YBkI3RWunBRc3omgxrU%2FAGC9LgJszEtKE1wxIXgyo3oyoV0T%2BPgXdS5t87lce6594Pt%2FJBQ5Gxy43Xb18awc40KDZ9f04m0hQ%2Bv3QojWqHnwzWdLNbPh73px3VfimijQl8IX1Viw56r0ojSiEbhZe1UbHvnZix0%2BqAVVVq0Uq9WokYdPfff2ucBPAsgu4fkDLQcn1p%2F9BBajJB0vrqo%2FEZm0xcvdXLDMuvQlXtvJhuJLRJ0jtPYBYiTvXk3rB8T8vEJ2GRvPgFsd2c6Abgek%2BDHCDzZm8sE7%2B4eKeUGKgGXp1F0R1BmBM1GEPYOtHxMACFx7TqSzv1r1hVs84hlU3ZMTv71B3QxJid%2FehpJ54sVo3vhqjV5pm3i0YtL6N4Iuj1Cmu8j6wfQxT5E9j60JEg6JbScPBcxKYWQrQWhYrpQb8TNBUZFbSHmMRfNOl9alI2ZNVqPoOMRjBqA%2BRPIfYBcB8jjAHkaoCMnIWu0YkqbMY9rtaW6EKJWE6IxfULW6ksxRS6m2gfI0gGEGUC4LaRuCxv63uPGGbj8G%2Fj1El4G8BlBV5YoFEHhCQpGUGiCIiMouuWuNL7qy%2FvS%2BJxHc6zOsVYObdbeZrs2a6uEbKeH5KmZZ3%2B%2FdQEbahLWlmJKWW2R12SzSRuMUhXVZVU2OWNskUbwuoT2J8B8gP50gT%2FcRjrFS7%2BAs314sw%2Bhz4Llz4IVw2aVgq0P60sU%2FeTLWBu1kKfGMlkRtgNpS6TZSWSbwbY5JM%2FMpLz8xiqUOFiefNL%2FU%2B%2F8H8KVSF2Jd%2FS3BG1zd3jTFmTnpi08eXg9zXRH99l0tasZy9Spz15Tm4V18spFP%2Fj0FTElpumDW8pnV1kiddL25PMVLaVyl60Tinx9xa8pfiP36yu5S%2FL06o0Ll690Uqe81zYZgekxIe%2B9C6HH5HSQzM427B1CuxFcXqKTH5B5QNt9iHQLPj1Y%2FujD6z%2Bfl2%2FDWwJnjnt4GqDIy6Gr8uOfRhMYdVwzXsKrg%2BVHT85%2B9%2BvtFXD1ryHb%2Fi7aLgDL7syOtetKdE0JZgbw%2Bf%2BGWeoOlr%2BvzQLcBENuXLDDjTP3jsz1ehKqRkxjRauKxy0eNxmVrbje4qwVqSZvsAiZH4snv%2F3%2BDwAAAP%2F%2FAQAA%2F%2F9vghZEjgQAAA%3D%3D
173.233.137.36200 OK 7 B URL HTTP/1.1 intimateexhibitedcontempt.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYsc1Rd9lV%2By%2BJGVwY0LoQguFJzOq%2F6YnjbC4ORDgjGJmciIq7yv6nnO63rFe1VdPY2L0YBkI3RWunBRc3omgxrU%2FAGC9LgJszEtKE1wxIXgyo3oyoV0T%2BPgXdS5t87lce6594Pt%2FJBQ5Gxy43Xb18awc40KDZ9f04m0hQ%2Bv3QojWqHnwzWdLNbPh73px3VfimijQl8IX1Viw56r0ojSiEbhZe1UbHvnZix0%2BqAVVVq0Uq9WokYdPfff2ucBPAsgu4fkDLQcn1p%2F9BBajJB0vrqo%2FEZm0xcvdXLDMuvQlXtvJhuJLRJ0jtPYBYiTvXk3rB8T8vEJ2GRvPgFsd2c6Abgek%2BDHCDzZm8sE7%2B4eKeUGKgGXp1F0R1BmBM1GEPYOtHxMACFx7TqSzv1r1hVs84hlU3ZMTv71B3QxJid%2FehpJ54sVo3vhqjV5pm3i0YtL6N4Iuj1Cmu8j6wfQxT5E9j60JEg6JbScPBcxKYWQrQWhYrpQb8TNBUZFbSHmMRfNOl9alI2ZNVqPoOMRjBqA%2BRPIfYBcB8jjAHkaoCMnIWu0YkqbMY9rtaW6EKJWE6IxfULW6ksxRS6m2gfI0gGEGUC4LaRuCxv63uPGGbj8G%2Fj1El4G8BlBV5YoFEHhCQpGUGiCIiMouuWuNL7qy%2FvS%2BJxHc6zOsVYObdbeZrs2a6uEbKeH5KmZZ3%2B%2FdQEbahLWlmJKWW2R12SzSRuMUhXVZVU2OWNskUbwuoT2J8B8gP50gT%2FcRjrFS7%2BAs314sw%2Bhz4Llz4IVw2aVgq0P60sU%2FeTLWBu1kKfGMlkRtgNpS6TZSWSbwbY5JM%2FMpLz8xiqUOFiefNL%2FU%2B%2F8H8KVSF2Jd%2FS3BG1zd3jTFmTnpi08eXg9zXRH99l0tasZy9Spz15Tm4V18spFP%2Fj0FTElpumDW8pnV1kiddL25PMVLaVyl60Tinx9xa8pfiP36yu5S%2FL06o0Ll690Uqe81zYZgekxIe%2B9C6HH5HSQzM427B1CuxFcXqKTH5B5QNt9iHQLPj1Y%2FujD6z%2Bfl2%2FDWwJnjnt4GqDIy6Gr8uOfRhMYdVwzXsKrg%2BVHT85%2B9%2BvtFXD1ryHb%2Fi7aLgDL7syOtetKdE0JZgbw%2Bf%2BGWeoOlr%2BvzQLcBENuXLDDjTP3jsz1ehKqRkxjRauKxy0eNxmVrbje4qwVqSZvsAiZH4snv%2F3%2BDwAAAP%2F%2FAQAA%2F%2F9vghZEjgQAAA%3D%3D
IP 173.233.137.36:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYsc1Rd9lV%2By%2BJGVwY0LoQguFJzOq%2F6YnjbC4ORDgjGJmciIq7yv6nnO63rFe1VdPY2L0YBkI3RWunBRc3omgxrU%2FAGC9LgJszEtKE1wxIXgyo3oyoV0T%2BPgXdS5t87lce6594Pt%2FJBQ5Gxy43Xb18awc40KDZ9f04m0hQ%2Bv3QojWqHnwzWdLNbPh73px3VfimijQl8IX1Viw56r0ojSiEbhZe1UbHvnZix0%2BqAVVVq0Uq9WokYdPfff2ucBPAsgu4fkDLQcn1p%2F9BBajJB0vrqo%2FEZm0xcvdXLDMuvQlXtvJhuJLRJ0jtPYBYiTvXk3rB8T8vEJ2GRvPgFsd2c6Abgek%2BDHCDzZm8sE7%2B4eKeUGKgGXp1F0R1BmBM1GEPYOtHxMACFx7TqSzv1r1hVs84hlU3ZMTv71B3QxJid%2FehpJ54sVo3vhqjV5pm3i0YtL6N4Iuj1Cmu8j6wfQxT5E9j60JEg6JbScPBcxKYWQrQWhYrpQb8TNBUZFbSHmMRfNOl9alI2ZNVqPoOMRjBqA%2BRPIfYBcB8jjAHkaoCMnIWu0YkqbMY9rtaW6EKJWE6IxfULW6ksxRS6m2gfI0gGEGUC4LaRuCxv63uPGGbj8G%2Fj1El4G8BlBV5YoFEHhCQpGUGiCIiMouuWuNL7qy%2FvS%2BJxHc6zOsVYObdbeZrs2a6uEbKeH5KmZZ3%2B%2FdQEbahLWlmJKWW2R12SzSRuMUhXVZVU2OWNskUbwuoT2J8B8gP50gT%2FcRjrFS7%2BAs314sw%2Bhz4Llz4IVw2aVgq0P60sU%2FeTLWBu1kKfGMlkRtgNpS6TZSWSbwbY5JM%2FMpLz8xiqUOFiefNL%2FU%2B%2F8H8KVSF2Jd%2FS3BG1zd3jTFmTnpi08eXg9zXRH99l0tasZy9Spz15Tm4V18spFP%2Fj0FTElpumDW8pnV1kiddL25PMVLaVyl60Tinx9xa8pfiP36yu5S%2FL06o0Ll690Uqe81zYZgekxIe%2B9C6HH5HSQzM427B1CuxFcXqKTH5B5QNt9iHQLPj1Y%2FujD6z%2Bfl2%2FDWwJnjnt4GqDIy6Gr8uOfRhMYdVwzXsKrg%2BVHT85%2B9%2BvtFXD1ryHb%2Fi7aLgDL7syOtetKdE0JZgbw%2Bf%2BGWeoOlr%2BvzQLcBENuXLDDjTP3jsz1ehKqRkxjRauKxy0eNxmVrbje4qwVqSZvsAiZH4snv%2F3%2BDwAAAP%2F%2FAQAA%2F%2F9vghZEjgQAAA%3D%3D HTTP/1.1
Host: intimateexhibitedcontempt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: u_pl=16537667; uid_id2=1addccd9-cef0-45f7-a0c3-fbfbc74b86d5:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 16:46:38 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: abbca8580b86b7f559cc338ab01d008c
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e1326b1d0b68cc5f9b8efc40c36f9231
d3578c1a32fbc184b8169373299d315ca68b2f12
25c07b57c23f9ecc3499e3f95c6f44c74a532a1ac521562c689d665a29fc9614
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "25C07B57C23F9ECC3499E3F95C6F44C74A532A1AC521562C689D665A29FC9614"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3657
Expires: Thu, 02 Feb 2023 17:47:36 GMT
Date: Thu, 02 Feb 2023 16:46:39 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e1326b1d0b68cc5f9b8efc40c36f9231
d3578c1a32fbc184b8169373299d315ca68b2f12
25c07b57c23f9ecc3499e3f95c6f44c74a532a1ac521562c689d665a29fc9614
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "25C07B57C23F9ECC3499E3F95C6F44C74A532A1AC521562C689D665A29FC9614"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3657
Expires: Thu, 02 Feb 2023 17:47:36 GMT
Date: Thu, 02 Feb 2023 16:46:39 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e1326b1d0b68cc5f9b8efc40c36f9231
d3578c1a32fbc184b8169373299d315ca68b2f12
25c07b57c23f9ecc3499e3f95c6f44c74a532a1ac521562c689d665a29fc9614
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "25C07B57C23F9ECC3499E3F95C6F44C74A532A1AC521562C689D665A29FC9614"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3657
Expires: Thu, 02 Feb 2023 17:47:36 GMT
Date: Thu, 02 Feb 2023 16:46:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d1ede23ab1ddbc0d7fa930fd3810e49e
879f79b820606c514ae97d5a3c2be12533440a51
7ec120a673fc6ae1a147829269069666ef47b0258b832030906da7dc97ab2a14
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7EC120A673FC6AE1A147829269069666EF47B0258B832030906DA7DC97AB2A14"
Last-Modified: Tue, 31 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11269
Expires: Thu, 02 Feb 2023 19:54:28 GMT
Date: Thu, 02 Feb 2023 16:46:39 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png
45.133.44.9200 OK 12 kB URL HTTP/2 cdn.cloudimagesb.com/si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash c07f1baac701b672939b359081f813c7
d38ffbae259aae1e8ad3b38959339bb29da9b69f
85bc8e3de3651f6f03dc381ea4bbaff350d8973c37f598582838677817bf1826
GET /si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:39 GMT
content-type: image/png
content-length: 12186
server: nginx/1.17.6
last-modified: Sun, 22 Jan 2023 04:25:10 GMT
etag: "63ccbaa6-2f9a"
expires: Sat, 04 Feb 2023 16:46:39 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff
172.64.166.9200 OK 73 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff
IP 172.64.166.9:0
File type Web Open Font Format, TrueType, length 72696, version 11.0\012- data
Hash 53d97caea7ef8a12beab745fcc5744e1
b8c70e4f67957e4f2cb809a58d84c773a3bde6d0
542772868e28df6d786b6f00f9dec929cba214d928cb013b32588485b46f8715
GET /sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:39 GMT
content-type: application/font-woff
content-length: 72696
last-modified: Wed, 17 Feb 2021 11:42:38 GMT
etag: "602d012e-11bf8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 72
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fchzJTaX70z2q5a4JRKtzAPukvaSYh6k5nK1ct%2Fbb3LTwweKe4rWT3TUlM3x5sb4MOZnYI%2F3%2BznfdbjvYDOAAOvgdtlfhTmOdjzQVvFx3VbeFz3DCgezmicWPOZ1RMyNW7U0kGzOY4%2F%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79346778dfb0756e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
intimateexhibitedcontempt.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scxRevzjc5fMnJ4MWD0AQPCu6kenpmZ8YIi5sfEozZNRtZ8ZTqqurZcmu6mqru6dnBw2pAchEmJz146P3MbhY1qPkDBJn1EvZiRlCG4IoHwZMX0ZMHmdnBxXfoz3v9eRSf93nvg538iFDkbLL6uukrrdmFeoX6z6%2BrRJjC%2BTdu%2BQGt0Iv%2BukoWaxf93vRjuy8FtF6hL%2FivSr5pLlRpQGlAA%2F%2BqsjI2vQszFip90AoqLVqpVStBvYae%2FW%2Ftcg%2BOeRDdI3IOSozPbDx6CMVHSDpfXZZuMzPpi1c6uWaZseiK%2FTeTzcQUCTonaWw9xMn%2BvBvGjQn5%2BBRMsj%2BfAKa7O50AkRoT78cAUbI%2Fl4mou3esNNKQCSJxFkV3BKlHUGwEbu5AiccE4AI3VpB07t8wtmBbxyybsmNy%2Bq8%2FoIoxOf3T00g6Xyxr1fPXjM4zZRKHXlxC9UZQ7RHS%2FABZ34MqDsCz96EEQdIpocTkuYAJwbloLXAZ04VaPW4sMMrDhTiKI96oRc1FUZ9Zo9QIKh5BywGYO4XceciVhzz2kKceOmLis3orprQRR3EYNmuc8zDkvD59QoS1ZkyR86n2AbJ0AK4H4HYbqd3Gprr3uH4ONv8GbqOEEx5cRtAVJQpJUDiCghEUiqDICIpuuSe0q7ryvtAuj4I5VucYlkOTtXfYnsnaMiE76RF5aubZ329dwqac%2BGEzppSFi1EoGg1aZ5TKoCaqohExxhZpAKdKKHcKzHnoTxf4w22kU7zyCyJ2AKcPwNV5sPxZsGLYqFKwjWGtSdFPvoyVlgt5qg0TFW46EKZEmp1GtuXt6CPyzEzKy2%2BsQfLDpckn%2FT%2FV7v%2FBbYnUlnhHfUvQ1neHN01Bdm%2BawpGHK2mmOqrPpqtdy1gmz3z2mtwqjBXXLrvBp6%2FwKTFNH9ySLrvOEqGStiOfLyshpL1qLJfk62tuXUarudtYzm2Sp9dXL1291kmtdE6ZZASmxoS89y64GpOzXjI7W793BGVHsHmJTn5I5gFlDsDTbbj0cOmjD1d%2BvijehjMEVp%2F0RKmHIi%2BHthqd%2FNSKQMuTmkUlnDxcevTk%2FHe%2F3l5GJP81ZMfdRdt6YNmd2bF2bYmuLsH0AC7%2F3zBL7eHS9%2BEsEGlvGGnr7Uba6nvH5jo18etBTTajZoMLEUkugkY1bIaUVoWoNVoyaCFzY%2F7kt9%2F%2FAQAA%2F%2F8BAAD%2F%2F3uKmKKOBAAA
173.233.137.36200 OK 7 B URL HTTP/1.1 intimateexhibitedcontempt.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scxRevzjc5fMnJ4MWD0AQPCu6kenpmZ8YIi5sfEozZNRtZ8ZTqqurZcmu6mqru6dnBw2pAchEmJz146P3MbhY1qPkDBJn1EvZiRlCG4IoHwZMX0ZMHmdnBxXfoz3v9eRSf93nvg538iFDkbLL6uukrrdmFeoX6z6%2BrRJjC%2BTdu%2BQGt0Iv%2BukoWaxf93vRjuy8FtF6hL%2FivSr5pLlRpQGlAA%2F%2BqsjI2vQszFip90AoqLVqpVStBvYae%2FW%2Ftcg%2BOeRDdI3IOSozPbDx6CMVHSDpfXZZuMzPpi1c6uWaZseiK%2FTeTzcQUCTonaWw9xMn%2BvBvGjQn5%2BBRMsj%2BfAKa7O50AkRoT78cAUbI%2Fl4mou3esNNKQCSJxFkV3BKlHUGwEbu5AiccE4AI3VpB07t8wtmBbxyybsmNy%2Bq8%2FoIoxOf3T00g6Xyxr1fPXjM4zZRKHXlxC9UZQ7RHS%2FABZ34MqDsCz96EEQdIpocTkuYAJwbloLXAZ04VaPW4sMMrDhTiKI96oRc1FUZ9Zo9QIKh5BywGYO4XceciVhzz2kKceOmLis3orprQRR3EYNmuc8zDkvD59QoS1ZkyR86n2AbJ0AK4H4HYbqd3Gprr3uH4ONv8GbqOEEx5cRtAVJQpJUDiCghEUiqDICIpuuSe0q7ryvtAuj4I5VucYlkOTtXfYnsnaMiE76RF5aubZ329dwqac%2BGEzppSFi1EoGg1aZ5TKoCaqohExxhZpAKdKKHcKzHnoTxf4w22kU7zyCyJ2AKcPwNV5sPxZsGLYqFKwjWGtSdFPvoyVlgt5qg0TFW46EKZEmp1GtuXt6CPyzEzKy2%2BsQfLDpckn%2FT%2FV7v%2FBbYnUlnhHfUvQ1neHN01Bdm%2BawpGHK2mmOqrPpqtdy1gmz3z2mtwqjBXXLrvBp6%2FwKTFNH9ySLrvOEqGStiOfLyshpL1qLJfk62tuXUarudtYzm2Sp9dXL1291kmtdE6ZZASmxoS89y64GpOzXjI7W793BGVHsHmJTn5I5gFlDsDTbbj0cOmjD1d%2BvijehjMEVp%2F0RKmHIi%2BHthqd%2FNSKQMuTmkUlnDxcevTk%2FHe%2F3l5GJP81ZMfdRdt6YNmd2bF2bYmuLsH0AC7%2F3zBL7eHS9%2BEsEGlvGGnr7Uba6nvH5jo18etBTTajZoMLEUkugkY1bIaUVoWoNVoyaCFzY%2F7kt9%2F%2FAQAA%2F%2F8BAAD%2F%2F3uKmKKOBAAA
IP 173.233.137.36:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scxRevzjc5fMnJ4MWD0AQPCu6kenpmZ8YIi5sfEozZNRtZ8ZTqqurZcmu6mqru6dnBw2pAchEmJz146P3MbhY1qPkDBJn1EvZiRlCG4IoHwZMX0ZMHmdnBxXfoz3v9eRSf93nvg538iFDkbLL6uukrrdmFeoX6z6%2BrRJjC%2BTdu%2BQGt0Iv%2BukoWaxf93vRjuy8FtF6hL%2FivSr5pLlRpQGlAA%2F%2BqsjI2vQszFip90AoqLVqpVStBvYae%2FW%2Ftcg%2BOeRDdI3IOSozPbDx6CMVHSDpfXZZuMzPpi1c6uWaZseiK%2FTeTzcQUCTonaWw9xMn%2BvBvGjQn5%2BBRMsj%2BfAKa7O50AkRoT78cAUbI%2Fl4mou3esNNKQCSJxFkV3BKlHUGwEbu5AiccE4AI3VpB07t8wtmBbxyybsmNy%2Bq8%2FoIoxOf3T00g6Xyxr1fPXjM4zZRKHXlxC9UZQ7RHS%2FABZ34MqDsCz96EEQdIpocTkuYAJwbloLXAZ04VaPW4sMMrDhTiKI96oRc1FUZ9Zo9QIKh5BywGYO4XceciVhzz2kKceOmLis3orprQRR3EYNmuc8zDkvD59QoS1ZkyR86n2AbJ0AK4H4HYbqd3Gprr3uH4ONv8GbqOEEx5cRtAVJQpJUDiCghEUiqDICIpuuSe0q7ryvtAuj4I5VucYlkOTtXfYnsnaMiE76RF5aubZ329dwqac%2BGEzppSFi1EoGg1aZ5TKoCaqohExxhZpAKdKKHcKzHnoTxf4w22kU7zyCyJ2AKcPwNV5sPxZsGLYqFKwjWGtSdFPvoyVlgt5qg0TFW46EKZEmp1GtuXt6CPyzEzKy2%2BsQfLDpckn%2FT%2FV7v%2FBbYnUlnhHfUvQ1neHN01Bdm%2BawpGHK2mmOqrPpqtdy1gmz3z2mtwqjBXXLrvBp6%2FwKTFNH9ySLrvOEqGStiOfLyshpL1qLJfk62tuXUarudtYzm2Sp9dXL1291kmtdE6ZZASmxoS89y64GpOzXjI7W793BGVHsHmJTn5I5gFlDsDTbbj0cOmjD1d%2BvijehjMEVp%2F0RKmHIi%2BHthqd%2FNSKQMuTmkUlnDxcevTk%2FHe%2F3l5GJP81ZMfdRdt6YNmd2bF2bYmuLsH0AC7%2F3zBL7eHS9%2BEsEGlvGGnr7Uba6nvH5jo18etBTTajZoMLEUkugkY1bIaUVoWoNVoyaCFzY%2F7kt9%2F%2FAQAA%2F%2F8BAAD%2F%2F3uKmKKOBAAA HTTP/1.1
Host: intimateexhibitedcontempt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: u_pl=16537667; uid_id2=1addccd9-cef0-45f7-a0c3-fbfbc74b86d5:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 16:46:39 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cd542e7c0844bf680e0df23c82dd36f1
Strict-Transport-Security: max-age=0; includeSubdomains
intimateexhibitedcontempt.com/pixel/sbs?c=1
173.233.137.36200 OK 0 B URL HTTP/1.1 intimateexhibitedcontempt.com/pixel/sbs?c=1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: intimateexhibitedcontempt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: u_pl=16537667; uid_id2=1addccd9-cef0-45f7-a0c3-fbfbc74b86d5:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 16:46:39 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/animate.css
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/animate.css
IP 172.64.166.9:0
GET /sb/notifications/software/us/ios/desk-new-big/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:39 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:44:02 GMT
etag: W/"602d0182-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 72
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hbw4BUQ88uz8d9ukC7IVNnh24n3QGayq0SDxhLtXcV6bH%2FNkU%2Bhk4MrsV10l2jCVeIAS1cO%2BwlkKlL1mTWRVTl%2BwNqTqtyeRA2I3xsoiKKSs4ck9peUniy8UE7Im2w%2BXVg7Hxge68g6C"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793467761c07756e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/style.css
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/style.css
IP 172.64.166.9:0
GET /sb/notifications/software/us/ios/desk-new-big/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:39 GMT
content-type: text/css
last-modified: Thu, 23 Sep 2021 12:16:53 GMT
etag: W/"614c7035-145e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 72
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XKtlLe4GZSa4pb8OwY2gCSfcxeGosOi1Ssh6J%2FoPQsNY9Z1HzUBh7359UJ%2BgKVJMq7RIxFUGZ%2BchouxynUy7lcMu6tx467OTm7mN7lb5mMmnfH8A3zecrNO9jK5cSEdwJD8nfFLv3M3S"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793467763c46756e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.133.29200 OK 0 B IP 172.64.133.29:0
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:33 GMT
content-type: text/plain
set-cookie: csu=80723678853049@1@1675356393; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZAJGWn2jhgseF904DnffX9GmrW46f8EuesP%2FL6MGEK%2F2p8VLjI3pYZqgBBQ3MXwKl4TT%2FofrUaRGZHox55a2eZ5JcE%2F1hi45jUwNkt3Ubv6z8yfn9eVPrmlBjwNoGxZk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793467539c867192-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.file-upload.com/mngez/images/anti1.png
188.114.96.1200 OK 0 B URL HTTP/2 www.file-upload.com/mngez/images/anti1.png
IP 188.114.96.1:0
GET /mngez/images/anti1.png HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:32 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Fri, 28 Dec 2018 22:57:30 GMT
etag: W/"4aae-57e1cfcdbca80"
cache-control: public, max-age=31536000
expires: Mon, 13 Jun 2022 22:59:53 GMT
x-cache: HIT from Backend
cf-cache-status: HIT
age: 20799999
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6f8KJltumPHfM%2BZay7iA7GgXxm%2F%2Fm%2BtW2BGQY%2FKkjAWTcl3fDANGV%2FT0LLFjeJjtErB4p5BkpAyFfw%2Bne4dtHCOFtpCuW6VdYDgpLYIrdw%2BeeMaqq9P%2F%2FQfbbyUEt9UXWk32z4zD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7934674fda120b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.file-upload.com/assets/images/logo_new.png
188.114.96.1200 OK 0 B URL HTTP/2 www.file-upload.com/assets/images/logo_new.png
IP 188.114.96.1:0
GET /assets/images/logo_new.png HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:32 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Fri, 09 Nov 2018 12:00:31 GMT
etag: W/"c8f-57a3a191435c0"
cache-control: public, max-age=31536000
expires: Mon, 13 Jun 2022 22:20:06 GMT
x-cache: HIT from Backend
cf-cache-status: HIT
age: 20802386
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9o9%2B%2Fc%2FqdahiLmkZvrS47Ok%2BFS%2FOXq1nCKmDjw3ifc33A1fp7urY%2FgwGlAx4PhBU%2BiDbBPRtKnLJ1BwaCDIxZBtgT%2FEmBs09caUkOlk%2B9RLewk3ZLO9K%2FgojeBaj2Sp1e0SVIMfG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7934674fda140b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.file-upload.com/mngez/css/app.css?v=1
188.114.96.1200 OK 0 B URL HTTP/2 www.file-upload.com/mngez/css/app.css?v=1
IP 188.114.96.1:0
GET /mngez/css/app.css?v=1 HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:32 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=253169
etag: W/"5cd288a6-3dcf1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 08 May 2019 07:43:34 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 55109443
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1WL4DD84mzttm7hjF9vmMS8kRf8fOSym4bwRK1rZHmxhHquXwAobrO79aGsV5l5NdstUrd2wZdOK%2F%2FIwnuaQW%2BFzd6K4AbLMDe9iUYrcD0qPq%2BvpHyF3oFnwAs8luWvwGKTFtDik"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7934674fda180b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.133.29200 OK 0 B IP 172.64.133.29:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:33 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 73
last-modified: Thu, 02 Feb 2023 16:45:20 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aYb1RBgrxJ2RHYUFuq%2BbdLQVKX%2FmlGSGZWkq41y50tNdjp9GZC3rLrjm%2BDLCJ5tZOB1lDVLMkRJZ%2BIKzYSXbwJdy5uHzJOVeGL7zsvwCcRYjbi%2FcPKCGaONkXWup9oGr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79346753acac7192-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.file-upload.com/assets/images/norton.png
188.114.96.1200 OK 0 B URL HTTP/2 www.file-upload.com/assets/images/norton.png
IP 188.114.96.1:0
GET /assets/images/norton.png HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:32 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Fri, 09 Nov 2018 12:00:31 GMT
etag: W/"1363-57a3a191435c0"
cache-control: public, max-age=31536000
expires: Thu, 26 Jan 2023 04:56:15 GMT
x-cache: HIT from Backend
cf-cache-status: HIT
age: 1252217
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XDfObL7vzBhVLjtD0Lfk%2FkBdtdrLUG153ZA7lJVibxwNLiaReY3xO7RLp6z8ra9InEtIGTGrJChUoZG8VI%2BZrs4q1UVcf%2FpWywxGgWRAfgSUioHvYZaP7bk1%2BX4YtkgNzl3MkgMg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7934674fda0d0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d26adrx9c3n0mq.cloudfront.net/?xrdad=888398
54.230.245.178200 OK 0 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/?xrdad=888398
IP 54.230.245.178:0
GET /?xrdad=888398 HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Content-Length: 163379
Connection: keep-alive
Date: Thu, 02 Feb 2023 16:45:19 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Hit from cloudfront
Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 98AGlw7xARYXkCVOfGHrKEeeIdo5yT8pBt4OmEn6ZqAZOuUW70qUvA==
Age: 73
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/js/script.js
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/js/script.js
IP 172.64.166.9:0
GET /sb/notifications/software/us/ios/desk-new-big/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 16:46:39 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:44:05 GMT
etag: W/"602d0185-183"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 72
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6lkRyxa0TdjHDP6t4i1H6%2BPOB9HdvDqAzZNypcBMIDHUY%2BXr%2FiqD1La7Yzjr6EdVJD2J9LwkVrumWKbiWIxALGxhg1CW38UPABpNc5yHI8Bk7oUZIQcB7JUdwxAU8txRoq%2FVmBe81HpW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793467761c10756e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2