surl.li/css/app.css
172.67.69.76200 OK 167 kB IP 172.67.69.76:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type Unicode text, UTF-8 text, with very long lines (65305)
Size 167 kB (166864 bytes)
Hash 35d7f9d315121fd599e1846b3f885fca
3bf5b710c6dd300b25ef7943490e716cae8e38a7
c20eff650c669edbdae775787c8c9fa6acf6e7f640bc3ff7fd6582c4cbf6fe75
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /css/app.css HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: text/css
last-modified: Tue, 30 Apr 2024 07:35:00 GMT
etag: W/"66309f24-27979"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6830
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DP%2FIAbWCs9fi3AAUAsK98Br0oQ3x%2F7MxnakZypFGy7Iq4VoF%2FODRefsLHB6hpCD1Jnnegt%2BIuujVzDXHri5H84c9XOgG%2B9hSfhoL%2Byl3tu9wgaL7nzfdMwA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7667bb67130-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/img/surli-logo.svg
172.67.69.76200 OK 133 kB URL GET HTTP/2 surl.li/img/surli-logo.svg
IP 172.67.69.76:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type SVG Scalable Vector Graphics image
Size 133 kB (133364 bytes)
Hash 482601fd25a8410e0868ce1e178cbaea
79a25cfa623613a31fc7d3813cfa9a223b54b2a8
f389fb51afbd8077d4e8e260bf820115f7111c246e02cc4aab081c5317c56db6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/surli-logo.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: W/"6634dc3d-233d"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6830
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=owjgB9bidhGtInTiDEFXSb5W%2FsMXWXvxUyEHt%2BzrS2iSNmzfo0x%2BlcJEVtyNfBQ6zoNut5%2FtVgpgHR%2BFR%2BDNpFpHydSSf8I4QgllfA9FTlqSI2kKjNcEEME%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7668bd27130-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/fonts/rubik/Rubik-Medium.ttf
172.67.69.76200 OK 116 kB URL GET HTTP/2 surl.li/fonts/rubik/Rubik-Medium.ttf
IP 172.67.69.76:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409
Size 116 kB (116056 bytes)
Hash 4dd3023b03ba2b68d4b9da9176b7285a
d734c149587c12d9083c03bc90009c84b52aec78
ce40d27c6c90b990229510c46115ec852237276e1aa09cdebffc6ae085b1d1e2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /fonts/rubik/Rubik-Medium.ttf HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: application/octet-stream
content-length: 116056
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: "6634dc3d-1c558"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5674
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2BvOisZ1dBhOWSXr%2FHRQOzL0gKFwUrxdke3%2B3nqZ5JRiUpmTzAshOE%2Bqn1hUoBn47bjrHqipNUaJ2V49cczG5H1aqX2a1FeINNJT6nmFOMF3d4jn3EAPwj8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf767ce6c7130-OSL
X-Firefox-Spdy: h2
surl.li/js/preview.js
172.67.69.76200 OK 46 kB IP 172.67.69.76:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (65469)
Hash d6cc50ebd8325127ffa10f492624d26c
6ad43cb17ca53d08d360e0bcfe9e909f694f2c86
9d6dfd360ccbae2e81dc8f69b9c561e99e7034b0417b2a0bcbc85c2ff629ab6d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/preview.js HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 17 Jan 2024 14:23:01 GMT
etag: W/"65a7e2c5-160f5"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6830
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z%2FruXyCS2cUjJsIteUBLDypN10ZrvxOPIwOKnIbEFm2jWWoOsCbd9%2FGYtidcSID7PdNfXXvSvMPkGzgTP7I9tp7ISfZFeHCtk3k4lWWGBO027XdnnOhxtbs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7668bf47130-OSL
content-encoding: br
X-Firefox-Spdy: h2
web-screen.com/storage/screenshots/2024/03/acc08714-ba87-40c1-8eab-c43f64cb6db9.png
104.21.20.132200 OK 385 kB URL GET HTTP/3 web-screen.com/storage/screenshots/2024/03/acc08714-ba87-40c1-8eab-c43f64cb6db9.png
IP 104.21.20.132:443
Certificate IssuerCloudflare, Inc.
Subjectweb-screen.com
FingerprintA2:90:6A:2E:A9:56:79:71:CC:53:5D:F0:D7:0A:ED:BB:54:19:F9:A9
ValidityMon, 22 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File type PNG image data, 800 x 800, 8-bit/color RGBA, non-interlaced
Size 385 kB (385289 bytes)
Hash 46514ea7a5f7c1560caedee2fbf173f5
a1ac2ba4f9f9dc8abe01cb129cca5d75090c37f7
6619a587a97b9854431f0000d932cdeace7a7f0b16c6cc45a448b53914d8358a
GET /storage/screenshots/2024/03/acc08714-ba87-40c1-8eab-c43f64cb6db9.png HTTP/1.1
Host: web-screen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: image/png
content-length: 385289
last-modified: Thu, 28 Mar 2024 14:17:55 GMT
etag: "66057c13-5e109"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ivrhmXy3nykRSEmstQrhDIwfVDQSDgzWv3ho12Yj4kUJZyE3NqT3Y5w9b3YBaykrchLcAxW1YLvmIRxkJZ70CPUWfp5wIZH4i6dAUfo2cfjN6Sb0F2m4C5SzjmxOVbQOmA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf769d8e956cb-OSL
alt-svc: h3=":443"; ma=86400
www.google.com/s2/favicons?domain=https://t.me/LR_game_queen_0106
142.250.74.100301 Moved Permanently 344 B URL GET HTTP/2 www.google.com/s2/favicons?domain=https://t.me/LR_game_queen_0106
IP 142.250.74.100:443
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99
ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT
File type HTML document, ASCII text, with CRLF, LF line terminators
Hash f6df57d29a74f0a145c4516553d736bd
04aa51fdba878f38c8771ce969f7262edc0d61f4
3edfa2a29e0cebada2aa6bf906cb71e92dfb50f98a24df8a9780323c3db433e4
GET /s2/favicons?domain=https://t.me/LR_game_queen_0106 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://t.me/LR_game_queen_0106&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 08 May 2024 19:48:17 GMT
expires: Wed, 08 May 2024 20:18:17 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 344
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://t.me/LR_game_queen_0106&size=16
142.250.74.100200 OK 325 B URL GET HTTP/3 t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://t.me/LR_game_queen_0106&size=16
IP 142.250.74.100:443
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Hash 7d9da589fc799850f6d70bc4164098b8
503630487f4d3aef60fedd4f6fa10a6f6932701c
7dd8012f6e461c3da9ded542f7542fe98aa9e52c41b00f176d51de4cac47d140
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://t.me/LR_game_queen_0106&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://surl.li/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://telegram.org/img/website_icon.svg?4
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 325
date: Wed, 08 May 2024 19:48:17 GMT
expires: Wed, 15 May 2024 19:48:17 GMT
cache-control: public, max-age=604800
last-modified: Thu, 07 Sep 2023 19:46:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
surl.li/getMetaInfo
172.67.69.76200 OK 568 B IP 172.67.69.76:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
Hash a0c0b380c4c538bc206eac42b7d81081
2222d43b9c7c4cb7750f0cc244f1a5f84b5af901
12d94d53ce4c40bd530a1212c16d00f3c44010e47fa1966115a053d2e3513e3e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /getMetaInfo HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-CSRF-TOKEN: 481ZdYety5UiZjXI5oBDVmT5XHWGVg9SxB5mBtkF
X-Requested-With: XMLHttpRequest
Content-Length: 43
Origin: https://surl.li
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: application/json
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjVhTGZraFhtNmZXTzdWN1p6em9FU3c9PSIsInZhbHVlIjoiZWVtQm1iVWpQU0JkWHc0NW1jcFlmTVg1NjJuSVNtb2lraXl4bXpWWWt1MDBjY2d6V05TbXQzSTFDd0RjNklwQ0ZtdFg0clcwV2p3aWF4WmtNTzBkZVduays1d3ZxUk9jTkxHWktzTnZ1VVhva3VqL3VTaHJaM1hpU2FDZVhmZVMiLCJtYWMiOiJjZTkwMWVjMzBmZDhjYTJiZmNlNTYwNGU1M2ZiYThmNzJlZDE2MjUyZmNjMTFmMmY5ZWM4NTQ3MDNhMWZhMDBkIiwidGFnIjoiIn0%3D; expires=Wed, 08 May 2024 21:48:17 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6IlFXcXphRGQvWHB1bmdaYXNqcStEM0E9PSIsInZhbHVlIjoib3dBOS9jaWs3NUU5bDlFbEpSaWYyN3BNVDZkSTBsUFI4aG1IMVR2L1lNeTNkSkM3UExYZ0MwYThyNDZSQTNoVE5rZTBSWnVmczAyaHpvTGNlOXY4dHl0S0ZLNXpaMG1uTzJRSXR6OWJMK1dlc2IrV1R6T1hxT0c4VDlqaUg3UTUiLCJtYWMiOiIxMmU5OGQ0MGIyNjE2M2M2MmNmMzVkZmIxNzc3M2QyOGUyOTg2ZTM0MTRhYzc4YjI0YzE0NzQxM2M2YmZiOGM3IiwidGFnIjoiIn0%3D; expires=Wed, 08 May 2024 21:48:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PGAvqsleckGLuQ88WKfyNILYOSd6KV8BT4KK2H4QUIBE6A1uy6dne%2Fcl7cUN2nzZt9CCDGtw8WHsFleAHNsltq722YPjVtbdou7i27XLJ2tCI35Mp1Aj7m0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bf7683f3a7130-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/img/pc-rouded-icon.svg
172.67.69.76200 OK 23 kB URL GET HTTP/2 surl.li/img/pc-rouded-icon.svg
IP 172.67.69.76:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type SVG Scalable Vector Graphics image
Hash 7005e41f692583c19abac0a7fd5b7c5f
bda49cd99401420d490a32f2f547e4ddd43b7300
2f9e711abfb70ec1515ded7f4c18c9208b1325f53b551698b90fa4664542ceed
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/pc-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: W/"6634dc3d-4f3e"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6830
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TtwSrdjwjo6Vkv9txv2x9uoignaNUMt2Ww3lIIEOfxCAajSne%2Bub%2BxrNCNVgmbPUH22Y8pQznzuTVylMeaDwUOzuopa3Upnco5hR4PPC5AguovbgtznoS%2Bo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7668be87130-OSL
content-encoding: br
X-Firefox-Spdy: h2
web-screen.com/img/plug.jpg
104.21.20.132200 OK 14 kB URL GET HTTP/2 web-screen.com/img/plug.jpg
IP 104.21.20.132:443
Certificate IssuerCloudflare, Inc.
Subjectweb-screen.com
FingerprintA2:90:6A:2E:A9:56:79:71:CC:53:5D:F0:D7:0A:ED:BB:54:19:F9:A9
ValidityMon, 22 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File type PNG image data, 1280 x 720, 8-bit/color RGB, non-interlaced
Hash 6448aca5739995f3b9c1b3c5e50ce7a0
f50fa07327f55f864a42698fd8fa86270f35da9b
856f999ea580bfa2f03ce5872b848246a66492f17675693e2f429938250d231a
GET /img/plug.jpg HTTP/1.1
Host: web-screen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: image/jpeg
content-length: 13510
last-modified: Mon, 29 Aug 2022 13:27:44 GMT
etag: "630cbed0-34c6"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6651
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=798o%2Br9JkSdukQSiubyVAZlr%2BGGmCt%2Fe6F1et6Y9jHXoZCPsMZrpuV%2FnDRAj9XIzX1zFbhBePcvg%2Fkz1H3Hi9rszzDauwntfRcpxVEt2chvgt2iS9eXkvbthm2B8Qe2F3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7685f09b524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
surl.li/fonts/roboto/Roboto-Regular.ttf
172.67.69.76200 OK 130 kB URL GET HTTP/2 surl.li/fonts/roboto/Roboto-Regular.ttf
IP 172.67.69.76:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularhtt
Size 130 kB (129584 bytes)
Hash afe8eacfc0903cc0612dc696881f0480
ba879317acdc045b8fa78cb8f948650627d0477c
7277cfb805def6410f317129b8e1f78bdd47d1a4e24c233077d06e88a36e57ae
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /fonts/roboto/Roboto-Regular.ttf HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: application/octet-stream
content-length: 129584
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: "6634dc3d-1fa30"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5674
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s99OCYFNcl0L5S6fNCwe9WtBniFYfWMvOfNWz8SwSPoJ77nk16YqjmiTnAWiILvgJjq4m9J1tHXNt0TLx5n8NEG456LcayzNa3cDSPgqMHiipzGo0LcMaFU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7673cfe7130-OSL
X-Firefox-Spdy: h2
surl.li/img/planet-rouded-icon.svg
172.67.69.76200 OK 5.5 kB URL GET HTTP/2 surl.li/img/planet-rouded-icon.svg
IP 172.67.69.76:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type SVG Scalable Vector Graphics image
Hash cf00d275a5654cc07016460a38be539b
cd9c598412e8458b0a281d8990934c8c6cc1e7f2
020cb7186e35ea89767786c09150f598251b2215a0308dbf6469e30d2ecca2bf
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/planet-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: W/"6634dc3d-1574"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6830
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OKS7eFgdiheogFB7bXaHGgeooPcKyc7Gs5B0OvbURTX%2BrCYS82Q7ju9DhxnKf3lziaGRLK2QZ2041AqGcsh53V9rk8cTOTsRV1eteiDoTLLqo9EZgWL6QK0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7668bf17130-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/getPreview
172.67.69.76200 OK 100 B IP 172.67.69.76:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 3995eab67fa199fcd8a28d87e87f3f3e
32766e8fbc44ac8e255c3ffe800134ef1b618cde
73f1e648661c36325fe14af68b7eb209c30942fd92544dfab3b6a0b65ab25bba
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /getPreview HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-CSRF-TOKEN: 481ZdYety5UiZjXI5oBDVmT5XHWGVg9SxB5mBtkF
X-Requested-With: XMLHttpRequest
Content-Length: 43
Origin: https://surl.li
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: application/json
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IndSZUliRkxMSFhWK1NTVlBIVjZVS2c9PSIsInZhbHVlIjoiak43NkJ0RmFSRitWZE44elBMYkpxVVJQdjNpck9oTFgwRGJlL1BkNFN5N3BBR3pkeDF5MURuMTJrMmJWWnpVN3A4aFhrYmlHYUV2cVFUVVNyUFZYMkp5bVhnSFR1L3haNFRHeXBwVUExTTlGMjJDQnk0WFpxS2UzalNJbGl6VUsiLCJtYWMiOiJlYmViYzllYTdmMzU4MzkxNGY4NGEwZjI1Njc2MjI5MjZmNzAyZTdhZTcxN2JlN2YwNDU4NWE5MWIwZmM2NTM3IiwidGFnIjoiIn0%3D; expires=Wed, 08 May 2024 21:48:17 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6IlpvSE5HemlTTkpyQkRLM3hSY2Y5UlE9PSIsInZhbHVlIjoiS0RBandWQmo5bWE2OG1yT0MvUkdBMmF0VVNPb1dMdFIzR3JiUXU5MXRtSzBLdFN5QVdEUkRXV1VJL1RsR2ZJUXVRdWErYlFtVG5FU2NHbDEwcTcvaWZwYnpxTGl6SGMyVFp0eThVc3lKZGpzQXY4MTErSFNiaUxOVTVVNzZ6b1AiLCJtYWMiOiJiMTFjYmM3YmQ1YmY3NTI2M2Y1YzM2NGE2Nzk4MzViNTc5ZWFlZGVkMDFhNjhhODU4ODYzM2FlZjgyZDZkNWJiIiwidGFnIjoiIn0%3D; expires=Wed, 08 May 2024 21:48:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sA1VFsNfwHcs8TH1ThyvMbdUjPHWYhk2AN8LxBOxXJ%2Bs8FQnpX%2B7RT356w8AhQkrGMFfDR7omSbXLXAfBweLq7%2FGIbaE5rH4jOkiKd1ubpKgssvvK8IL0Ww%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bf7683f2d7130-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/img/favicon.ico
172.67.69.76200 OK 15 kB IP 172.67.69.76:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Hash ec9741289f19f212fd2ffb2dda1df05c
9b97a75a795b848f086f75db50903dd15954a573
13c9447a56e92641eff376880ff848e6e8e25719f721421f9b276a9b152753d4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/favicon.ico HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IndSZUliRkxMSFhWK1NTVlBIVjZVS2c9PSIsInZhbHVlIjoiak43NkJ0RmFSRitWZE44elBMYkpxVVJQdjNpck9oTFgwRGJlL1BkNFN5N3BBR3pkeDF5MURuMTJrMmJWWnpVN3A4aFhrYmlHYUV2cVFUVVNyUFZYMkp5bVhnSFR1L3haNFRHeXBwVUExTTlGMjJDQnk0WFpxS2UzalNJbGl6VUsiLCJtYWMiOiJlYmViYzllYTdmMzU4MzkxNGY4NGEwZjI1Njc2MjI5MjZmNzAyZTdhZTcxN2JlN2YwNDU4NWE5MWIwZmM2NTM3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpvSE5HemlTTkpyQkRLM3hSY2Y5UlE9PSIsInZhbHVlIjoiS0RBandWQmo5bWE2OG1yT0MvUkdBMmF0VVNPb1dMdFIzR3JiUXU5MXRtSzBLdFN5QVdEUkRXV1VJL1RsR2ZJUXVRdWErYlFtVG5FU2NHbDEwcTcvaWZwYnpxTGl6SGMyVFp0eThVc3lKZGpzQXY4MTErSFNiaUxOVTVVNzZ6b1AiLCJtYWMiOiJiMTFjYmM3YmQ1YmY3NTI2M2Y1YzM2NGE2Nzk4MzViNTc5ZWFlZGVkMDFhNjhhODU4ODYzM2FlZjgyZDZkNWJiIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: image/x-icon
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: W/"6634dc3d-3aee"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1842
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I%2B8E0slOT7yEjPoSn7H1S8NQZjsrDcfk3dXbY6BqSC56zYorjfaot%2BrPFaf2MxPZ5nhV%2BqaYlRaXQ%2BvQ7CyEvas4u6ts7PLRZDcJfOuWw927QWjkXsKGj9s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf76b1c5b7130-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/img/gears-rouded-icon.svg
172.67.69.76200 OK 3.6 kB URL GET HTTP/2 surl.li/img/gears-rouded-icon.svg
IP 172.67.69.76:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type SVG Scalable Vector Graphics image
Hash 885433deecd92aadc9f592c46910e45e
99d2add61faead1d839e483908ffef51ad3841b6
310d329ed1bf4b78504ec8186a7dd107440303f4abee0335c729ebc7d77a2649
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/gears-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: W/"6634dc3d-e1f"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6830
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4zbimmqNkZamHu721Kz1aPr4ADYF4DwoLYfpF2YY1CX31XqvU%2Bm4PUOoFcrjfgil4%2B%2FLZNhyGvueq55KtMpB%2BnPCuOn7Wuy1xolMCdp6%2FfEwFndg118tnNE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7668bec7130-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/js/app.js
172.67.69.76200 OK 191 kB IP 172.67.69.76:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
Size 191 kB (190893 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/app.js HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 17 Jan 2024 14:23:01 GMT
etag: W/"65a7e2c5-2e9ad"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6830
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7PHJqmr9vD02BNHJPrcG%2Bt8t3PffNCjk1JdsH83%2Fks2kokDNdzwfTtGlIPKTIuQEYHt23I8dSLP6FoD9LGHP2Sfe5sMXMhuYR7p0ddedxUq3qh4JU1vBoTs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7668bf27130-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea
172.67.69.76200 OK 139 kB URL GET HTTP/2 surl.li/fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea
IP 172.67.69.76:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type TrueType Font data, 17 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2016 The Nunito Sans Project Authors (https://github.com/Fonthausen/NunitoSans)Nunito
Size 139 kB (139168 bytes)
Hash 4dac705158fb1ca226d583b3829f82a0
771b9299e1d5d4239c032c7d4243a6f9343f89c4
7acb3e456d98d55be401bb07a32c9cb04e074de37bd58932b11bcf0fe9f59ab0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: application/octet-stream
content-length: 139168
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: "6634dc3d-21fa0"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5673
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kbEHB5Y8JxLlCGa1spHJYf5vx8luVk9q%2F4cjdXtIFjnqf%2FzZI5A9eBL7EHTgidgp8ab7URDmOEdFvURDQ0iRZGyUeEw3WfhGqP7oG5xNCFXggzanHd0Odhk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7672cef7130-OSL
X-Firefox-Spdy: h2
172.67.69.76200 OK 13 kB URL User Request GET HTTP/2 IP 172.67.69.76:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /safau HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:16 GMT
content-type: text/html; charset=utf-8
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; expires=Wed, 08 May 2024 21:48:16 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D; expires=Wed, 08 May 2024 21:48:16 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ZIcltf5a4E02ifCaPDePm1VNCD%2BDxgc7uegQ%2BsyrckXp1aXqR%2FIQwQQ7aXFvN%2BFvj23TUf2718QcpW0LBfsnfgIaIqbcOme7nWCKnUsHPm7ZPGJpwM2aX0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bf7632d577130-OSL
content-encoding: br
X-Firefox-Spdy: h2