Overview

URL ninjashare.to/download/3Psf6N6sgDM48kFG5cRxCq?t=26ec4f1b141761fe59627258cff56307
IP104.21.63.99
ASNCLOUDFLARENET
Location
Report completed2022-09-11 09:32:38 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-10 2 fleraprt.com Sinkholed


Files

No files detected



Passive DNS (26)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-11 04:40:13 UTC 143.204.55.49
mnemonic passive DNS offerimage.com (1) 304078 2019-06-10 11:11:53 UTC 2022-09-11 05:00:21 UTC 104.22.33.172
mnemonic passive DNS ocsp.sectigo.com (2) 487 2018-12-17 11:31:55 UTC 2022-09-11 05:07:45 UTC 172.64.155.188
mnemonic passive DNS my.rtmark.net (1) 9054 2017-08-22 14:11:49 UTC 2022-09-11 04:33:22 UTC 139.45.195.8
mnemonic passive DNS r3.o.lencr.org (8) 344 2020-12-02 08:52:13 UTC 2022-09-11 04:30:20 UTC 95.101.11.115
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-11 04:58:07 UTC 34.117.237.239
mnemonic passive DNS ajax.googleapis.com (1) 12905 2019-10-15 17:52:08 UTC 2022-09-11 07:18:17 UTC 142.250.74.42
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-10 04:57:55 UTC 142.250.74.72
mnemonic passive DNS www.google.com (1) 7 2016-08-04 12:36:31 UTC 2022-09-10 11:27:12 UTC 142.250.74.164
mnemonic passive DNS syndication.exdynsrv.com (2) 34243 2016-04-20 18:35:15 UTC 2022-09-10 22:54:15 UTC 95.211.229.247
mnemonic passive DNS fleraprt.com (1) 0 2022-01-14 22:55:14 UTC 2022-09-11 05:00:21 UTC 139.45.195.254 Unknown ranking
mnemonic passive DNS use.fontawesome.com (1) 942 2017-01-30 04:43:25 UTC 2022-09-11 06:02:14 UTC 172.67.169.247
mnemonic passive DNS ninjashare.to (2) 295250 2021-08-26 08:08:31 UTC 2022-09-10 17:32:28 UTC 172.67.145.34
mnemonic passive DNS ocsp.pki.goog (10) 175 2017-06-14 07:23:31 UTC 2022-09-10 04:46:29 UTC 142.250.74.3
mnemonic passive DNS fonts.gstatic.com (2) 0 2014-08-29 13:43:22 UTC 2022-09-11 04:58:03 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS maxcdn.bootstrapcdn.com (1) 724 2014-06-18 00:37:31 UTC 2022-09-11 04:57:12 UTC 188.114.99.202
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-11 04:57:20 UTC 34.120.237.76
mnemonic passive DNS tzegilo.com (1) 0 2022-01-14 15:27:15 UTC 2022-09-10 21:46:55 UTC 104.21.22.169 Unknown ranking
mnemonic passive DNS ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2022-09-11 05:39:15 UTC 93.184.220.29
mnemonic passive DNS betotodilea.com (3) 52465 2021-08-17 07:55:50 UTC 2022-09-09 09:07:06 UTC 139.45.197.237
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-11 05:15:46 UTC 143.204.55.27
mnemonic passive DNS a.exdynsrv.com (1) 40663 2019-05-21 05:34:42 UTC 2022-09-11 04:14:15 UTC 205.185.216.10
mnemonic passive DNS fonts.googleapis.com (1) 8877 2014-07-21 13:19:55 UTC 2022-09-11 00:21:41 UTC 142.250.74.42
mnemonic passive DNS cagothie.net (2) 198368 2021-07-06 02:00:26 UTC 2022-09-10 15:13:10 UTC 139.45.197.238
mnemonic passive DNS s3t3d2y8.afcdn.net (1) 0 2022-08-08 22:22:56 UTC 2022-09-11 04:14:15 UTC 185.76.9.19 Unknown ranking
mnemonic passive DNS www.gstatic.com (1) 0 2016-07-26 09:37:06 UTC 2022-09-11 04:58:03 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 104.21.63.99

Date UQ / IDS / BL URL IP
2022-11-26 11:37:58 +0000
0 - 0 - 6 ninjashare.to/download/96jM58qGk2Y9zfTMFi9v7Q (...) 104.21.63.99
2022-11-24 22:16:30 +0000
0 - 0 - 9 9goal.tv/ 104.21.63.99
2022-11-23 23:50:59 +0000
0 - 0 - 4 9goal.tv/ 104.21.63.99
2022-11-20 13:30:14 +0000
0 - 0 - 1 ninjashare.to/download/pGhh2t9FeNajErUfi9XpWP (...) 104.21.63.99
2022-11-05 15:28:58 +0000
0 - 0 - 5 ninjashare.to/download/8o15CfXLCW91hqD7JVqxza (...) 104.21.63.99

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-11-27 18:57:42 +0000
0 - 0 - 1 dust-post-building-operator.trycloudflare.com/ 104.17.123.55
2022-11-27 18:57:10 +0000
0 - 0 - 1 u.allactualspot.com/4/4311621/ 104.21.85.89
2022-11-27 18:56:19 +0000
0 - 0 - 2 malokom.com/camp5 172.67.4.184
2022-11-27 18:55:25 +0000
0 - 0 - 5 0a.sk/ 104.21.19.44
2022-11-27 18:55:04 +0000
0 - 0 - 2 verifyid818924.com/ 104.21.87.26

Last 5 reports on domain: ninjashare.to

Date UQ / IDS / BL URL IP
2022-11-26 11:37:58 +0000
0 - 0 - 6 ninjashare.to/download/96jM58qGk2Y9zfTMFi9v7Q (...) 104.21.63.99
2022-11-25 05:02:09 +0000
0 - 0 - 5 ninjashare.to/download/eDFK9YegEW1PhPHtkTNhVB (...) 172.67.145.34
2022-11-20 13:30:14 +0000
0 - 0 - 1 ninjashare.to/download/pGhh2t9FeNajErUfi9XpWP (...) 104.21.63.99
2022-11-18 15:19:59 +0000
0 - 0 - 6 ninjashare.to/download/khJW8GH4XbJeKqw3FpfDyA (...) 172.67.145.34
2022-11-14 22:48:38 +0000
0 - 0 - 5 ninjashare.to/download/9NnGeQayS9Z7uaJXh4Pa6a (...) 172.67.145.34

Last 1 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-15 18:58:16 +0000
0 - 0 - 6 ninjashare.to/download/dLbE3SNVxiKPD93x5ZqzfJ (...) 104.21.63.99


JavaScript

Executed Scripts (21)


Executed Evals (6)

#1 JavaScript::Eval (size: 9, repeated: 1) - SHA256: eb045d78d273107348b0300c01d29b7552d622abbc6faf81b3ec55359aa9950c

                                        undefined
                                    

#2 JavaScript::Eval (size: 15578, repeated: 1) - SHA256: 565edcc330272cec5df3bac995b8a30698bba7f49aa0f4998758ec223bccd9da

                                        /* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */
(function() {
    var w = function(z, f) {
            if ((f = (z = null, P.trustedTypes), !f) || !f.createPolicy) return z;
            try {
                z = f.createPolicy("bg", {
                    createHTML: m,
                    createScript: m,
                    createScriptURL: m
                })
            } catch (p) {
                P.console && P.console.error(p.message)
            }
            return z
        },
        P = this || self,
        m = function(z) {
            return z
        };
    (0, eval)(function(z, f) {
        return (f = w()) && 1 === z.eval(f.createScript("1")) ? function(p) {
            return f.createScript(p)
        } : function(p) {
            return "" + p
        }
    }(P)(Array(7824 * Math.random() | 0).join("\n") + '(function(){var u=function(z,f,p){p=this;try{fs(f,z,this)}catch(m){E(m,this),z(function(Y){Y(p.X)})}},ps=function(z,f,p,m,Y,P,w,B){return(Y=(w=(m=(P=f&7,[-11,-23,81,62,-66,47,m,17,63,-73]),i2),J[p.H](p.lJ)),Y)[p.H]=function(N){B=(P+=6+7*f,N),P&=7},Y.concat=function(N){return(N=(N=z%16+1,+(w()|0)*N+40*B*B- -920*z*B+4*z*z*N+P-N*B-160*z*z*B-1840*B)+m[P+35&7]*z*N,B=void 0,N=m[N],m)[(P+61&7)+(f&2)]=N,m[P+(f&2)]=-23,N},Y},fs=function(z,f,p,m,Y){for(m=(Y=(p.o9=(p.lJ=w8(p.H,(p.Jh=PW,p.K7=(p.n7=p[e],mb),{get:function(){return this.concat()}})),J)[p.H](p.lJ,{value:{value:{}}}),[]),0);128>m;m++)Y[m]=String.fromCharCode(m);S(true,p,(g(((G(195,p,(G(183,p,(G((G(399,(G(158,p,(G(315,p,(G(321,p,((G(101,p,(G(498,(G(503,(((G(389,(G(220,p,(G(487,(G(373,p,[160,(G(118,(G((G(316,(p.Eb=(p.th=(G(436,p,(G(138,(G(167,(G(505,p,(G(212,p,(G(380,(G(307,(G(460,(G(171,(G(368,p,(G((G(497,(G((G(222,p,((G(208,(G((G(342,(G(329,(G(285,(G(452,(p.Nv=(((p.O=0,p.yQ=(p.R=1,function(P){this.l=P}),p.Y=25,p.s=0,p.N=void 0,p.D=(p.V=false,(m=window.performance||{},p.K=(p.P=!(p.X=void 0,1),[]),p).l=p,p.j=[],p.S=(p.o=void 0,void 0),0),(p.C=(p.SY=false,p.B=void 0,p.A=(p.F=(p.rb=0,0),void 0),p.J=0,p.I9=[],0),p).v=void 0,p).I=[],p.U=[],p.g=null,p).G=(p.i=[],8001),m.timeOrigin||(m.timing||{}).navigationStart||0),p),0),p),0),p),781),p),function(P,w,B,N){G((B=O((N=(B=(N=a(P),a(P)),w=a(P),O(N,P)),B),P),w),P,+(N==B))}),130),p,function(P,w,B,N,h){for(N=(B=U((w=a(P),P)),h=0,[]);h<B;h++)N.push(c(P));G(w,P,N)}),p),function(P){Ny(4,P)}),p).k9=0,function(P,w,B){(B=(w=a(P),B=a(P),O(B,P)),0!=O(w,P))&&G(452,P,B)})),290),p,function(P){Ny(3,P)}),p),function(P,w,B,N,h){(w=a((B=a((N=a(P),P)),P)),P.l)==P&&(B=O(B,P),h=O(N,P),w=O(w,P),h[B]=w,462==N&&(P.o=void 0,2==B&&(P.N=X(32,false,P),P.o=void 0)))}),256),p,function(P,w,B,N){G((N=O((w=O((w=a((N=a(P),P)),B=a(P),w),P),N),P),B),P,N in w|0)}),[])),p),function(P,w,B,N,h,q,l,n,V,d,M,Z){function K(L,A){for(;V<L;)B|=c(P)<<V,V+=8;return B>>=(A=B&(1<<(V-=L,L))-1,L),A}for(h=(n=(N=((B=(d=a(P),V=0),K(3))|0)+1,K)(5),q=l=0,[]);l<n;l++)w=K(1),h.push(w),q+=w?0:1;for(M=(l=((q|0)-1).toString(2).length,q=0,[]);q<n;q++)h[q]||(M[q]=K(l));for(l=0;l<n;l++)h[l]&&(M[l]=a(P));for(Z=[];N--;)Z.push(O(a(P),P));G(d,P,function(L,A,b,I,zz){for(A=(I=(zz=[],[]),0);A<n;A++){if(b=M[A],!h[A]){for(;b>=I.length;)I.push(a(L));b=I[b]}zz.push(b)}L.A=(L.S=Y9(L,Z.slice()),Y9(L,zz))})}),p),H(4)),p),function(P,w,B,N){w=(B=O((N=a((B=(w=a(P),a(P)),P)),B),P),O(w,P)),G(N,P,w[B])}),p),function(P,w,B,N,h){(w=(h=(N=(B=(h=(w=a((B=(N=a(P),a(P)),P)),a)(P),O)(B,P),O(N,P.l)),O)(h,P),O(w,P)),0)!==N&&(w=hY(P,h,1,w,N,B),N.addEventListener(B,w,v),G(321,P,[N,B,w]))}),function(P,w,B,N){if(B=P.I9.pop()){for(N=c(P);0<N;N--)w=a(P),B[w]=P.j[w];B[B[368]=P.j[368],220]=P.j[220],P.j=B}else G(452,P,P.D)})),G(245,p,function(P,w){EB((w=O(a(P),P),w),P.l)}),function(P,w,B){(B=(w=a(P),a)(P),G)(B,P,""+O(w,P))})),p),[0,0,0]),p),function(P,w,B,N,h,q){x(P,false,true,w)||(N=u2(P.l),h=N.T,w=N.XR,B=N.u,q=B.length,N=N.jY,h=0==q?new N[h]:1==q?new N[h](B[0]):2==q?new N[h](B[0],B[1]):3==q?new N[h](B[0],B[1],B[2]):4==q?new N[h](B[0],B[1],B[2],B[3]):2(),G(w,P,h))}),T)),0),0),p),function(P){JY(1,P)}),227),p,function(P,w,B,N,h,q){if(!x(P,true,true,w)){if("object"==qy((P=O((B=O((w=O((B=(q=a((w=a((h=a(P),P)),P)),a(P)),w),P),B),P),q=O(q,P),h),P),P))){for(N in h=[],P)h.push(N);P=h}for(N=(h=0,P).length,q=0<q?q:1;h<N;h+=q)w(P.slice(h,(h|0)+(q|0)),B)}}),p),function(P,w,B){x(P,false,true,w)||(w=a(P),B=a(P),G(B,P,function(N){return eval(N)}(BW(O(w,P.l)))))}),0),0]),p),function(P,w,B,N){!x(P,false,true,w)&&(w=u2(P),B=w.T,N=w.jY,P.l==P||B==P.yQ&&N==P)&&(G(w.XR,P,B.apply(N,w.u)),P.J=P.h())}),2048)),p),{}),G)(26,p,function(P,w,B,N,h){G((h=O((w=O((B=(B=(w=a((h=(N=a(P),a)(P),P)),a(P)),O)(B,P),w),P),h),P),N),P,hY(P,w,B,h))}),G)(376,p,function(P,w,B){B=(w=a((B=a(P),P)),O(B,P)),B=qy(B),G(w,P,B)}),p),function(P,w,B,N){B=O((w=(N=a(P),a(P)),N=O(N,P),w),P),G(w,P,B+N)}),p),function(){}),function(P,w,B,N){w=(N=a(P),a(P)),B=a(P),G(B,P,O(N,P)||O(w,P))})),G)(94,p,[]),G(126,p,0),0)),p)),function(P){Q(P,4)})),p),function(P){JY(4,P)}),398),p,function(P,w,B,N,h,q,l){for(B=(N=O((l=(q=(w=a(P),U)(P),""),202),P),N).length,h=0;q--;)h=((h|0)+(U(P)|0))%B,l+=Y[N[h]];G(w,P,l)}),function(P,w){P=O((w=a(P),w),P.l),P[0].removeEventListener(P[1],P[2],v)})),function(P,w,B,N){(B=(N=c((w=a(P),P)),a)(P),G)(B,P,O(w,P)>>>N)})),g([l2],p),g)([D,z],p),[ns,f]),p),true))},VT=function(z,f,p,m){return(m=R[z.substring(0,3)+"_"])?m(z.substring(3),f,p):e_(f,z)},H=function(z,f){for(f=[];z--;)f.push(255*Math.random()|0);return f},Q=function(z,f,p,m){for(m=a(z),p=0;0<f;f--)p=p<<8|c(z);G(m,z,p)},x=function(z,f,p,m,Y,P,w,B,N){if(((N=(P=(w=(f=f?255:p?5:2,Y=(p||z.B++,0<z.O&&z.V)&&z.SY&&1>=z.F&&!z.S&&!z.g&&(!p||1<z.G-m)&&0==document.hidden,(B=4==z.B)||Y?z.h():z.J),w)-z.J,P)>>14,z.N&&(z.N^=N*(P<<2)),z).l=N||z.l,z.R+=N,B)||Y)z.J=w,z.B=0;if(!Y||w-z.C<z.O-f)return false;return z.g=((G(452,z,(f=O((z.G=m,p?285:452),z),z.D)),z).I.push([Gz,f,p?m+1:m]),r),true},R,EB=function(z,f){G(452,f,((f.I9.push(f.j.slice()),f).j[452]=void 0,z))},T=this||self,qy=function(z,f,p){if("object"==(f=typeof z,f))if(z){if(z instanceof Array)return"array";if(z instanceof Object)return f;if("[object Window]"==(p=Object.prototype.toString.call(z),p))return"object";if("[object Array]"==p||"number"==typeof z.length&&"undefined"!=typeof z.splice&&"undefined"!=typeof z.propertyIsEnumerable&&!z.propertyIsEnumerable("splice"))return"array";if("[object Function]"==p||"undefined"!=typeof z.call&&"undefined"!=typeof z.propertyIsEnumerable&&!z.propertyIsEnumerable("call"))return"function"}else return"null";else if("function"==f&&"undefined"==typeof z.call)return"object";return f},My=function(z,f,p,m,Y){if(p=z[0],p==C)f.Y=25,f.L(z);else if(p==e){Y=z[1];try{m=f.X||f.L(z)}catch(P){E(P,f),m=f.X}Y(m)}else if(p==Gz)f.L(z);else if(p==D)f.L(z);else if(p==ns){try{for(m=0;m<f.U.length;m++)try{Y=f.U[m],Y[0][Y[1]](Y[2])}catch(P){}}catch(P){}(0,z[1])((f.U=[],function(P,w){f.Z(P,true,w)}),function(P){(g((P=!f.I.length,[ae]),f),P)&&S(false,f,true)})}else{if(p==OB)return m=z[2],G(430,f,z[6]),G(389,f,m),f.L(z);p==ae?(f.K=[],f.i=[],f.j=null):p==l2&&"loading"===T.document.readyState&&(f.g=function(P,w){function B(){w||(w=true,P())}(w=false,T.document).addEventListener("DOMContentLoaded",B,v),T.addEventListener("load",B,v)})}},g=function(z,f){f.I.splice(0,0,z)},S=function(z,f,p,m,Y,P){if(f.I.length){((f.V&&0(),f).V=true,f).SY=p;try{Y=f.h(),f.J=Y,f.B=0,f.C=Y,P=ZN(f,p),m=f.h()-f.C,f.s+=m,m<(z?0:10)||0>=f.Y--||(m=Math.floor(m),f.i.push(254>=m?m:254))}finally{f.V=false}return P}},Ls=function(z){return z},d8=function(z,f){return(z=z.create().shift(),f).S.create().length||f.A.create().length||(f.S=void 0,f.A=void 0),z},e_=function(z,f){return z(function(p){p(f)}),[function(){return f}]},UB=function(z,f,p,m,Y,P){if(!f.X){f.F++;try{for(m=(P=(Y=f.D,0),void 0);--z;)try{if(p=void 0,f.S)m=d8(f.S,f);else{if((P=O(452,f),P)>=Y)break;m=O((p=(G(285,f,P),a)(f),p),f)}x(f,(m&&m.call?m(f,z):t(f,[y,21,p],0),false),false,z)}catch(w){O(329,f)?t(f,w,22):G(329,f,w)}if(!z){if(f.Dd){UB((f.F--,394935304743),f);return}t(f,[y,33],0)}}catch(w){try{t(f,w,22)}catch(B){E(B,f)}}f.F--}},G=function(z,f,p){if(452==z||285==z)f.j[z]?f.j[z].concat(p):f.j[z]=Y9(f,p);else{if(f.P&&462!=z)return;373==z||460==z||94==z||368==z||167==z?f.j[z]||(f.j[z]=ps(z,134,f,p)):f.j[z]=ps(z,17,f,p)}462==z&&(f.N=X(32,false,f),f.o=void 0)},t=function(z,f,p,m,Y,P){if(!z.P){if(f=O(((p=(P=O(368,((Y=void 0,f)&&f[0]===y&&(Y=f[2],p=f[1],f=void 0),z)),0==P.length&&(m=O(285,z)>>3,P.push(p,m>>8&255,m&255),void 0!=Y&&P.push(Y&255)),""),f)&&(f.message&&(p+=f.message),f.stack&&(p+=":"+f.stack)),220),z),3<f){z.l=(Y=(p=(p=p.slice(0,(f|0)-3),f-=(p.length|0)+3,AY)(p),z.l),z);try{F(460,W(p.length,2).concat(p),z,9)}finally{z.l=Y}}G(220,z,f)}},cW=function(z,f,p,m,Y){for(p=(Y=(m=0,p[3]|0),p[2]|0);15>m;m++)Y=Y>>>8|Y<<24,z=z>>>8|z<<24,z+=f|0,f=f<<3|f>>>29,z^=p+823,f^=z,Y+=p|0,Y^=m+823,p=p<<3|p>>>29,p^=Y;return[f>>>24&255,f>>>16&255,f>>>8&255,f>>>0&255,z>>>24&255,z>>>16&255,z>>>8&255,z>>>0&255]},QT=function(z,f,p){return z.Z(function(m){p=m},false,f),p},ZN=function(z,f,p,m){for(;z.I.length;){m=(z.g=null,z.I.pop());try{p=My(m,z)}catch(Y){E(Y,z)}if(f&&z.g){(f=z.g,f)(function(){S(true,z,true)});break}}return p},X=function(z,f,p,m,Y,P,w,B,N,h,q,l,n,V){if(V=O(452,p),V>=p.D)throw[y,31];for(B=(P=(m=(Y=V,z),0),p).n7.length;0<m;)w=Y%8,n=Y>>3,l=p.K[n],N=8-(w|0),N=N<m?N:m,f&&(q=p,q.o!=Y>>6&&(q.o=Y>>6,h=O(462,q),q.v=cW(q.o,q.N,[0,0,h[1],h[2]])),l^=p.v[n&B]),P|=(l>>8-(w|0)-(N|0)&(1<<N)-1)<<(m|0)-(N|0),m-=N,Y+=N;return G(452,(f=P,p),(V|0)+(z|0)),f},Xs=function(z,f){(f.push(z[0]<<24|z[1]<<16|z[2]<<8|z[3]),f.push(z[4]<<24|z[5]<<16|z[6]<<8|z[7]),f).push(z[8]<<24|z[9]<<16|z[10]<<8|z[11])},Ks=function(z,f,p){if(3==z.length){for(p=0;3>p;p++)f[p]+=z[p];for(p=[13,8,13,12,16,(z=0,5),3,10,15];9>z;z++)f[3](f,z%3,p[z])}},HW=function(z,f,p,m){try{m=z[((f|0)+2)%3],z[f]=(z[f]|0)-(z[((f|0)+1)%3]|0)-(m|0)^(1==f?m<<p:m>>>p)}catch(Y){throw Y;}},AY=function(z,f,p,m,Y){for(Y=(f=(z=z.replace(/\\r\\n/g,"\\n"),m=0),[]);f<z.length;f++)p=z.charCodeAt(f),128>p?Y[m++]=p:(2048>p?Y[m++]=p>>6|192:(55296==(p&64512)&&f+1<z.length&&56320==(z.charCodeAt(f+1)&64512)?(p=65536+((p&1023)<<10)+(z.charCodeAt(++f)&1023),Y[m++]=p>>18|240,Y[m++]=p>>12&63|128):Y[m++]=p>>12|224,Y[m++]=p>>6&63|128),Y[m++]=p&63|128);return Y},r=T.requestIdleCallback?function(z){requestIdleCallback(function(){z()},{timeout:4})}:T.setImmediate?function(z){setImmediate(z)}:function(z){setTimeout(z,0)},vW=function(z,f){if(!(f=(z=null,T.trustedTypes),f)||!f.createPolicy)return z;try{z=f.createPolicy("bg",{createHTML:Ls,createScript:Ls,createScriptURL:Ls})}catch(p){T.console&&T.console.error(p.message)}return z},U=function(z,f){return(f=c(z),f)&128&&(f=f&127|c(z)<<7),f},w8=function(z,f){return J[z](J.prototype,{call:f,parent:f,document:f,length:f,pop:f,console:f,propertyIsEnumerable:f,floor:f,replace:f,prototype:f,splice:f,stack:f})},c=function(z){return z.S?d8(z.A,z):X(8,true,z)},W=function(z,f,p,m){for(m=(f|(p=[],0))-1;0<=m;m--)p[(f|0)-1-(m|0)]=z>>8*m&255;return p},O=function(z,f){if((f=f.j[z],void 0)===f)throw[y,30,z];if(f.value)return f.create();return(f.create(4*z*z+-23*z+46),f).prototype},x9=function(z,f){return f[z]<<24|f[(z|0)+1]<<16|f[(z|0)+2]<<8|f[(z|0)+3]},Y9=function(z,f,p){return((p=J[z.H](z.o9),p)[z.H]=function(){return f},p).concat=function(m){f=m},p},a=function(z,f){if(z.S)return d8(z.A,z);return f=X(8,true,z),f&128&&(f^=128,z=X(2,true,z),f=(f<<2)+(z|0)),f},$9=function(z,f,p,m){return O(389,(G(452,f,(((m=O(452,f),f.K)&&m<f.D?(G(452,f,f.D),EB(z,f)):G(452,f,z),UB)(p,f),m)),f))},k,hY=function(z,f,p,m,Y,P){function w(){if(z.l==z){if(z.j){var B=[OB,m,f,void 0,Y,P,arguments];if(2==p)var N=(g(B,z),S(false,z,false));else if(1==p){var h=!z.I.length;(g(B,z),h)&&S(false,z,false)}else N=My(B,z);return N}Y&&P&&Y.removeEventListener(P,w,v)}}return w},v={passive:true,capture:true},Tz=function(z,f,p,m){function Y(){}return m=VT(z,(p=void 0,function(P){Y&&(f&&r(f),p=P,Y(),Y=void 0)}),!!f)[0],{invoke:function(P,w,B,N){function h(){p(function(q){r(function(){P(q)})},B)}if(!w)return w=m(B),P&&P(w),w;p?h():(N=Y,Y=function(){(N(),r)(h)})}}},E=function(z,f){f.X=((f.X?f.X+"~":"E:")+z.message+":"+z.stack).slice(0,2048)},u2=function(z,f,p,m,Y,P){for(p=(m=a((f=((P=a((Y=z[g8]||{},z)),Y).XR=a(z),Y.u=[],z.l==z?(c(z)|0)-1:1),z)),0);p<f;p++)Y.u.push(a(z));for(Y.T=O(P,z);f--;)Y.u[f]=O(Y.u[f],z);return Y.jY=O(m,z),Y},Ny=function(z,f,p,m,Y){F((((p=O((m=(p=(z&=(Y=z&4,3),a(f)),a(f)),p),f),Y)&&(p=AY(""+p)),z)&&F(m,W(p.length,2),f),m),p,f)},JY=function(z,f,p,m){p=(m=a(f),a)(f),F(p,W(O(m,f),z),f)},F=function(z,f,p,m,Y,P){if(p.l==p)for(P=O(z,p),460==z?(z=function(w,B,N,h,q){if(P.hh!=(B=P.length,N=(B|0)-4>>3,N)){h=(q=(P.hh=N,[0,0,Y[1],Y[2]]),(N<<3)-4);try{P.p7=cW(x9((h|0)+4,P),x9(h,P),q)}catch(l){throw l;}}P.push(P.p7[B&7]^w)},Y=O(167,p)):z=function(w){P.push(w)},m&&z(m&255),p=0,m=f.length;p<m;p++)z(f[p])},g8=String.fromCharCode(105,110,116,101,103,67,104,101,99,107,66,121,112,97,115,115),Gz=[],ae=[],y=((u.prototype.Dd=false,u.prototype.W="toString",u).prototype.FR=void 0,{}),OB=[],ns=(u.prototype.zg=void 0,[]),D=[],e=[],l2=[],C=[],J=(((Xs,function(){})(H),function(){})(HW),Ks,y).constructor,i2=(((((k=(u.prototype.H="create",u.prototype),k).Z=function(z,f,p,m,Y){if(p="array"===qy(p)?p:[p],this.X)z(this.X);else try{m=[],Y=!this.I.length,g([C,m,p],this),g([e,z,m],this),f&&!Y||S(true,this,f)}catch(P){E(P,this),z(this.X)}},k).h=(window.performance||{}).now?function(){return this.Nv+window.performance.now()}:function(){return+new Date},k).Ah=function(){return Math.floor(this.h())},k).C7=function(z,f,p,m,Y,P){for(P=[],Y=m=0;Y<z.length;Y++)for(m+=f,p=p<<f|z[Y];7<m;)m-=8,P.push(p>>m&255);return P},void 0),PW=((k.Mv=function(z,f,p){return z^((f=((f^=f<<13,f^=f>>17,f)^f<<5)&p)||(f=1),f)},k.L7=function(z,f,p,m,Y){for(Y=m=0;m<z.length;m++)Y+=z.charCodeAt(m),Y+=Y<<10,Y^=Y>>6;return m=new Number((Y+=Y<<3,Y^=Y>>11,z=Y+(Y<<15)>>>0,z&(1<<f)-1)),m[0]=(z>>>f)%p,m},k.uJ=function(){return Math.floor(this.s+(this.h()-this.C))},u).prototype.L=function(z,f){return i2=(z={},f={},function(){return z==f?46:99}),function(p,m,Y,P,w,B,N,h,q,l,n,V,d,M,Z){B=z,z=f;try{if(Z=p[0],Z==D){q=p[1];try{for(m=(n=(h=atob(q),0),[]),P=0;n<h.length;n++)N=h.charCodeAt(n),255<N&&(m[P++]=N&255,N>>=8),m[P++]=N;G(((this.K=m,this).D=this.K.length<<3,462),this,[0,0,0])}catch(K){t(this,K,17);return}UB(8001,this)}else if(Z==C)p[1].push(O(94,this).length,O(220,this),O(373,this).length,O(460,this).length),G(389,this,p[2]),this.j[231]&&$9(O(231,this),this,8001);else{if(Z==e){V=(l=W(((n=p[2],O)(373,this).length|0)+2,2),this).l,this.l=this;try{Y=O(368,this),0<Y.length&&F(373,W(Y.length,2).concat(Y),this,10),F(373,W(this.R,1),this,109),F(373,W(this[e].length,1),this),h=0,h-=(O(373,this).length|0)+5,h+=O(126,this)&2047,M=O(460,this),4<M.length&&(h-=(M.length|0)+3),0<h&&F(373,W(h,2).concat(H(h)),this,15),4<M.length&&F(373,W(M.length,2).concat(M),this,156)}finally{this.l=V}if(d=((P=H(2).concat(O(373,this)),P[1]=P[0]^6,P)[3]=P[1]^l[0],P[4]=P[1]^l[1],this.Hz(P)))d="!"+d;else for(h=0,d="";h<P.length;h++)w=P[h][this.W](16),1==w.length&&(w="0"+w),d+=w;return((G((O(94,(m=d,this)).length=n.shift(),220),this,n.shift()),O(373,this)).length=n.shift(),O)(460,this).length=n.shift(),m}if(Z==Gz)$9(p[1],this,p[2]);else if(Z==OB)return $9(p[1],this,8001)}}finally{z=B}}}(),u.prototype.VQ=0,/./);u.prototype.gb=0;var mb,DN=((u.prototype[ns]=[0,0,1,1,0,1,1],u.prototype).Hz=function(z,f,p,m){if(f=window.btoa){for(p=(m=0,"");m<z.length;m+=8192)p+=String.fromCharCode.apply(null,z.slice(m,m+8192));z=f(p).replace(/\\+/g,"-").replace(/\\//g,"_").replace(/=/g,"")}else z=void 0;return z},D.pop).bind(u.prototype[C]),BW=function(z,f){return(f=vW())&&1===z.eval(f.createScript("1"))?function(p){return f.createScript(p)}:function(p){return""+p}}(((mb=(PW[u.prototype.W]=DN,w8(u.prototype.H,{get:DN})),u).prototype.eY=void 0,T));40<(R=T.botguard||(T.botguard={}),R.m)||(R.m=41,R.bg=Tz,R.a=VT),R.DBK_=function(z,f,p){return p=new u(f,z),[function(m){return QT(p,m)}]};}).call(this);'));
}).call(this);
                                    

#3 JavaScript::Eval (size: 16023, repeated: 1) - SHA256: fe5eeb5b0bebaa9acaf627e952bc9047ac9f115d17226e6b98416c3ffded3456

                                        (function() {
    var u = function(z, f, p) {
            p = this;
            try {
                fs(f, z, this)
            } catch (m) {
                E(m, this), z(function(Y) {
                    Y(p.X)
                })
            }
        },
        ps = function(z, f, p, m, Y, P, w, B) {
            return (Y = (w = (m = (P = f & 7, [-11, -23, 81, 62, -66, 47, m, 17, 63, -73]), i2), J[p.H](p.lJ)), Y)[p.H] = function(N) {
                B = (P += 6 + 7 * f, N), P &= 7
            }, Y.concat = function(N) {
                return (N = (N = z % 16 + 1, +(w() | 0) * N + 40 * B * B - -920 * z * B + 4 * z * z * N + P - N * B - 160 * z * z * B - 1840 * B) + m[P + 35 & 7] * z * N, B = void 0, N = m[N], m)[(P + 61 & 7) + (f & 2)] = N, m[P + (f & 2)] = -23, N
            }, Y
        },
        fs = function(z, f, p, m, Y) {
            for (m = (Y = (p.o9 = (p.lJ = w8(p.H, (p.Jh = PW, p.K7 = (p.n7 = p[e], mb), {get: function() {
                        return this.concat()
                    }
                })), J)[p.H](p.lJ, {
                    value: {
                        value: {}
                    }
                }), []), 0); 128 > m; m++) Y[m] = String.fromCharCode(m);
            S(true, p, (g(((G(195, p, (G(183, p, (G((G(399, (G(158, p, (G(315, p, (G(321, p, ((G(101, p, (G(498, (G(503, (((G(389, (G(220, p, (G(487, (G(373, p, [160, (G(118, (G((G(316, (p.Eb = (p.th = (G(436, p, (G(138, (G(167, (G(505, p, (G(212, p, (G(380, (G(307, (G(460, (G(171, (G(368, p, (G((G(497, (G((G(222, p, ((G(208, (G((G(342, (G(329, (G(285, (G(452, (p.Nv = (((p.O = 0, p.yQ = (p.R = 1, function(P) {
                this.l = P
            }), p.Y = 25, p.s = 0, p.N = void 0, p.D = (p.V = false, (m = window.performance || {}, p.K = (p.P = !(p.X = void 0, 1), []), p).l = p, p.j = [], p.S = (p.o = void 0, void 0), 0), (p.C = (p.SY = false, p.B = void 0, p.A = (p.F = (p.rb = 0, 0), void 0), p.J = 0, p.I9 = [], 0), p).v = void 0, p).I = [], p.U = [], p.g = null, p).G = (p.i = [], 8001), m.timeOrigin || (m.timing || {}).navigationStart || 0), p), 0), p), 0), p), 781), p), function(P, w, B, N) {
                G((B = O((N = (B = (N = a(P), a(P)), w = a(P), O(N, P)), B), P), w), P, +(N == B))
            }), 130), p, function(P, w, B, N, h) {
                for (N = (B = U((w = a(P), P)), h = 0, []); h < B; h++) N.push(c(P));
                G(w, P, N)
            }), p), function(P) {
                Ny(4, P)
            }), p).k9 = 0, function(P, w, B) {
                (B = (w = a(P), B = a(P), O(B, P)), 0 != O(w, P)) && G(452, P, B)
            })), 290), p, function(P) {
                Ny(3, P)
            }), p), function(P, w, B, N, h) {
                (w = a((B = a((N = a(P), P)), P)), P.l) == P && (B = O(B, P), h = O(N, P), w = O(w, P), h[B] = w, 462 == N && (P.o = void 0, 2 == B && (P.N = X(32, false, P), P.o = void 0)))
            }), 256), p, function(P, w, B, N) {
                G((N = O((w = O((w = a((N = a(P), P)), B = a(P), w), P), N), P), B), P, N in w | 0)
            }), [])), p), function(P, w, B, N, h, q, l, n, V, d, M, Z) {
                function K(L, A) {
                    for (; V < L;) B |= c(P) << V, V += 8;
                    return B >>= (A = B & (1 << (V -= L, L)) - 1, L), A
                }
                for (h = (n = (N = ((B = (d = a(P), V = 0), K(3)) | 0) + 1, K)(5), q = l = 0, []); l < n; l++) w = K(1), h.push(w), q += w ? 0 : 1;
                for (M = (l = ((q | 0) - 1).toString(2).length, q = 0, []); q < n; q++) h[q] || (M[q] = K(l));
                for (l = 0; l < n; l++) h[l] && (M[l] = a(P));
                for (Z = []; N--;) Z.push(O(a(P), P));
                G(d, P, function(L, A, b, I, zz) {
                    for (A = (I = (zz = [], []), 0); A < n; A++) {
                        if (b = M[A], !h[A]) {
                            for (; b >= I.length;) I.push(a(L));
                            b = I[b]
                        }
                        zz.push(b)
                    }
                    L.A = (L.S = Y9(L, Z.slice()), Y9(L, zz))
                })
            }), p), H(4)), p), function(P, w, B, N) {
                w = (B = O((N = a((B = (w = a(P), a(P)), P)), B), P), O(w, P)), G(N, P, w[B])
            }), p), function(P, w, B, N, h) {
                (w = (h = (N = (B = (h = (w = a((B = (N = a(P), a(P)), P)), a)(P), O)(B, P), O(N, P.l)), O)(h, P), O(w, P)), 0) !== N && (w = hY(P, h, 1, w, N, B), N.addEventListener(B, w, v), G(321, P, [N, B, w]))
            }), function(P, w, B, N) {
                if (B = P.I9.pop()) {
                    for (N = c(P); 0 < N; N--) w = a(P), B[w] = P.j[w];
                    B[B[368] = P.j[368], 220] = P.j[220], P.j = B
                } else G(452, P, P.D)
            })), G(245, p, function(P, w) {
                EB((w = O(a(P), P), w), P.l)
            }), function(P, w, B) {
                (B = (w = a(P), a)(P), G)(B, P, "" + O(w, P))
            })), p), [0, 0, 0]), p), function(P, w, B, N, h, q) {
                x(P, false, true, w) || (N = u2(P.l), h = N.T, w = N.XR, B = N.u, q = B.length, N = N.jY, h = 0 == q ? new N[h] : 1 == q ? new N[h](B[0]) : 2 == q ? new N[h](B[0], B[1]) : 3 == q ? new N[h](B[0], B[1], B[2]) : 4 == q ? new N[h](B[0], B[1], B[2], B[3]) : 2(), G(w, P, h))
            }), T)), 0), 0), p), function(P) {
                JY(1, P)
            }), 227), p, function(P, w, B, N, h, q) {
                if (!x(P, true, true, w)) {
                    if ("object" == qy((P = O((B = O((w = O((B = (q = a((w = a((h = a(P), P)), P)), a(P)), w), P), B), P), q = O(q, P), h), P), P))) {
                        for (N in h = [], P) h.push(N);
                        P = h
                    }
                    for (N = (h = 0, P).length, q = 0 < q ? q : 1; h < N; h += q) w(P.slice(h, (h | 0) + (q | 0)), B)
                }
            }), p), function(P, w, B) {
                x(P, false, true, w) || (w = a(P), B = a(P), G(B, P, function(N) {
                    return eval(N)
                }(BW(O(w, P.l)))))
            }), 0), 0]), p), function(P, w, B, N) {
                !x(P, false, true, w) && (w = u2(P), B = w.T, N = w.jY, P.l == P || B == P.yQ && N == P) && (G(w.XR, P, B.apply(N, w.u)), P.J = P.h())
            }), 2048)), p), {}), G)(26, p, function(P, w, B, N, h) {
                G((h = O((w = O((B = (B = (w = a((h = (N = a(P), a)(P), P)), a(P)), O)(B, P), w), P), h), P), N), P, hY(P, w, B, h))
            }), G)(376, p, function(P, w, B) {
                B = (w = a((B = a(P), P)), O(B, P)), B = qy(B), G(w, P, B)
            }), p), function(P, w, B, N) {
                B = O((w = (N = a(P), a(P)), N = O(N, P), w), P), G(w, P, B + N)
            }), p), function() {}), function(P, w, B, N) {
                w = (N = a(P), a(P)), B = a(P), G(B, P, O(N, P) || O(w, P))
            })), G)(94, p, []), G(126, p, 0), 0)), p)), function(P) {
                Q(P, 4)
            })), p), function(P) {
                JY(4, P)
            }), 398), p, function(P, w, B, N, h, q, l) {
                for (B = (N = O((l = (q = (w = a(P), U)(P), ""), 202), P), N).length, h = 0; q--;) h = ((h | 0) + (U(P) | 0)) % B, l += Y[N[h]];
                G(w, P, l)
            }), function(P, w) {
                P = O((w = a(P), w), P.l), P[0].removeEventListener(P[1], P[2], v)
            })), function(P, w, B, N) {
                (B = (N = c((w = a(P), P)), a)(P), G)(B, P, O(w, P) >>> N)
            })), g([l2], p), g)([D, z], p), [ns, f]), p), true))
        },
        VT = function(z, f, p, m) {
            return (m = R[z.substring(0, 3) + "_"]) ? m(z.substring(3), f, p) : e_(f, z)
        },
        H = function(z, f) {
            for (f = []; z--;) f.push(255 * Math.random() | 0);
            return f
        },
        Q = function(z, f, p, m) {
            for (m = a(z), p = 0; 0 < f; f--) p = p << 8 | c(z);
            G(m, z, p)
        },
        x = function(z, f, p, m, Y, P, w, B, N) {
            if (((N = (P = (w = (f = f ? 255 : p ? 5 : 2, Y = (p || z.B++, 0 < z.O && z.V) && z.SY && 1 >= z.F && !z.S && !z.g && (!p || 1 < z.G - m) && 0 == document.hidden, (B = 4 == z.B) || Y ? z.h() : z.J), w) - z.J, P) >> 14, z.N && (z.N ^= N * (P << 2)), z).l = N || z.l, z.R += N, B) || Y) z.J = w, z.B = 0;
            if (!Y || w - z.C < z.O - f) return false;
            return z.g = ((G(452, z, (f = O((z.G = m, p ? 285 : 452), z), z.D)), z).I.push([Gz, f, p ? m + 1 : m]), r), true
        },
        R, EB = function(z, f) {
            G(452, f, ((f.I9.push(f.j.slice()), f).j[452] = void 0, z))
        },
        T = this || self,
        qy = function(z, f, p) {
            if ("object" == (f = typeof z, f))
                if (z) {
                    if (z instanceof Array) return "array";
                    if (z instanceof Object) return f;
                    if ("[object Window]" == (p = Object.prototype.toString.call(z), p)) return "object";
                    if ("[object Array]" == p || "number" == typeof z.length && "undefined" != typeof z.splice && "undefined" != typeof z.propertyIsEnumerable && !z.propertyIsEnumerable("splice")) return "array";
                    if ("[object Function]" == p || "undefined" != typeof z.call && "undefined" != typeof z.propertyIsEnumerable && !z.propertyIsEnumerable("call")) return "function"
                } else return "null";
            else if ("function" == f && "undefined" == typeof z.call) return "object";
            return f
        },
        My = function(z, f, p, m, Y) {
            if (p = z[0], p == C) f.Y = 25, f.L(z);
            else if (p == e) {
                Y = z[1];
                try {
                    m = f.X || f.L(z)
                } catch (P) {
                    E(P, f), m = f.X
                }
                Y(m)
            } else if (p == Gz) f.L(z);
            else if (p == D) f.L(z);
            else if (p == ns) {
                try {
                    for (m = 0; m < f.U.length; m++) try {
                        Y = f.U[m], Y[0][Y[1]](Y[2])
                    } catch (P) {}
                } catch (P) {}(0, z[1])((f.U = [], function(P, w) {
                    f.Z(P, true, w)
                }), function(P) {
                    (g((P = !f.I.length, [ae]), f), P) && S(false, f, true)
                })
            } else {
                if (p == OB) return m = z[2], G(430, f, z[6]), G(389, f, m), f.L(z);
                p == ae ? (f.K = [], f.i = [], f.j = null) : p == l2 && "loading" === T.document.readyState && (f.g = function(P, w) {
                    function B() {
                        w || (w = true, P())
                    }(w = false, T.document).addEventListener("DOMContentLoaded", B, v), T.addEventListener("load", B, v)
                })
            }
        },
        g = function(z, f) {
            f.I.splice(0, 0, z)
        },
        S = function(z, f, p, m, Y, P) {
            if (f.I.length) {
                ((f.V && 0(), f).V = true, f).SY = p;
                try {
                    Y = f.h(), f.J = Y, f.B = 0, f.C = Y, P = ZN(f, p), m = f.h() - f.C, f.s += m, m < (z ? 0 : 10) || 0 >= f.Y-- || (m = Math.floor(m), f.i.push(254 >= m ? m : 254))
                } finally {
                    f.V = false
                }
                return P
            }
        },
        Ls = function(z) {
            return z
        },
        d8 = function(z, f) {
            return (z = z.create().shift(), f).S.create().length || f.A.create().length || (f.S = void 0, f.A = void 0), z
        },
        e_ = function(z, f) {
            return z(function(p) {
                p(f)
            }), [function() {
                return f
            }]
        },
        UB = function(z, f, p, m, Y, P) {
            if (!f.X) {
                f.F++;
                try {
                    for (m = (P = (Y = f.D, 0), void 0); --z;) try {
                        if (p = void 0, f.S) m = d8(f.S, f);
                        else {
                            if ((P = O(452, f), P) >= Y) break;
                            m = O((p = (G(285, f, P), a)(f), p), f)
                        }
                        x(f, (m && m.call ? m(f, z) : t(f, [y, 21, p], 0), false), false, z)
                    } catch (w) {
                        O(329, f) ? t(f, w, 22) : G(329, f, w)
                    }
                    if (!z) {
                        if (f.Dd) {
                            UB((f.F--, 394935304743), f);
                            return
                        }
                        t(f, [y, 33], 0)
                    }
                } catch (w) {
                    try {
                        t(f, w, 22)
                    } catch (B) {
                        E(B, f)
                    }
                }
                f.F--
            }
        },
        G = function(z, f, p) {
            if (452 == z || 285 == z) f.j[z] ? f.j[z].concat(p) : f.j[z] = Y9(f, p);
            else {
                if (f.P && 462 != z) return;
                373 == z || 460 == z || 94 == z || 368 == z || 167 == z ? f.j[z] || (f.j[z] = ps(z, 134, f, p)) : f.j[z] = ps(z, 17, f, p)
            }
            462 == z && (f.N = X(32, false, f), f.o = void 0)
        },
        t = function(z, f, p, m, Y, P) {
            if (!z.P) {
                if (f = O(((p = (P = O(368, ((Y = void 0, f) && f[0] === y && (Y = f[2], p = f[1], f = void 0), z)), 0 == P.length && (m = O(285, z) >> 3, P.push(p, m >> 8 & 255, m & 255), void 0 != Y && P.push(Y & 255)), ""), f) && (f.message && (p += f.message), f.stack && (p += ":" + f.stack)), 220), z), 3 < f) {
                    z.l = (Y = (p = (p = p.slice(0, (f | 0) - 3), f -= (p.length | 0) + 3, AY)(p), z.l), z);
                    try {
                        F(460, W(p.length, 2).concat(p), z, 9)
                    } finally {
                        z.l = Y
                    }
                }
                G(220, z, f)
            }
        },
        cW = function(z, f, p, m, Y) {
            for (p = (Y = (m = 0, p[3] | 0), p[2] | 0); 15 > m; m++) Y = Y >>> 8 | Y << 24, z = z >>> 8 | z << 24, z += f | 0, f = f << 3 | f >>> 29, z ^= p + 823, f ^= z, Y += p | 0, Y ^= m + 823, p = p << 3 | p >>> 29, p ^= Y;
            return [f >>> 24 & 255, f >>> 16 & 255, f >>> 8 & 255, f >>> 0 & 255, z >>> 24 & 255, z >>> 16 & 255, z >>> 8 & 255, z >>> 0 & 255]
        },
        QT = function(z, f, p) {
            return z.Z(function(m) {
                p = m
            }, false, f), p
        },
        ZN = function(z, f, p, m) {
            for (; z.I.length;) {
                m = (z.g = null, z.I.pop());
                try {
                    p = My(m, z)
                } catch (Y) {
                    E(Y, z)
                }
                if (f && z.g) {
                    (f = z.g, f)(function() {
                        S(true, z, true)
                    });
                    break
                }
            }
            return p
        },
        X = function(z, f, p, m, Y, P, w, B, N, h, q, l, n, V) {
            if (V = O(452, p), V >= p.D) throw [y, 31];
            for (B = (P = (m = (Y = V, z), 0), p).n7.length; 0 < m;) w = Y % 8, n = Y >> 3, l = p.K[n], N = 8 - (w | 0), N = N < m ? N : m, f && (q = p, q.o != Y >> 6 && (q.o = Y >> 6, h = O(462, q), q.v = cW(q.o, q.N, [0, 0, h[1], h[2]])), l ^= p.v[n & B]), P |= (l >> 8 - (w | 0) - (N | 0) & (1 << N) - 1) << (m | 0) - (N | 0), m -= N, Y += N;
            return G(452, (f = P, p), (V | 0) + (z | 0)), f
        },
        Xs = function(z, f) {
            (f.push(z[0] << 24 | z[1] << 16 | z[2] << 8 | z[3]), f.push(z[4] << 24 | z[5] << 16 | z[6] << 8 | z[7]), f).push(z[8] << 24 | z[9] << 16 | z[10] << 8 | z[11])
        },
        Ks = function(z, f, p) {
            if (3 == z.length) {
                for (p = 0; 3 > p; p++) f[p] += z[p];
                for (p = [13, 8, 13, 12, 16, (z = 0, 5), 3, 10, 15]; 9 > z; z++) f[3](f, z % 3, p[z])
            }
        },
        HW = function(z, f, p, m) {
            try {
                m = z[((f | 0) + 2) % 3], z[f] = (z[f] | 0) - (z[((f | 0) + 1) % 3] | 0) - (m | 0) ^ (1 == f ? m << p : m >>> p)
            } catch (Y) {
                throw Y;
            }
        },
        AY = function(z, f, p, m, Y) {
            for (Y = (f = (z = z.replace(/\r\n/g, "\n"), m = 0), []); f < z.length; f++) p = z.charCodeAt(f), 128 > p ? Y[m++] = p : (2048 > p ? Y[m++] = p >> 6 | 192 : (55296 == (p & 64512) && f + 1 < z.length && 56320 == (z.charCodeAt(f + 1) & 64512) ? (p = 65536 + ((p & 1023) << 10) + (z.charCodeAt(++f) & 1023), Y[m++] = p >> 18 | 240, Y[m++] = p >> 12 & 63 | 128) : Y[m++] = p >> 12 | 224, Y[m++] = p >> 6 & 63 | 128), Y[m++] = p & 63 | 128);
            return Y
        },
        r = T.requestIdleCallback ? function(z) {
            requestIdleCallback(function() {
                z()
            }, {
                timeout: 4
            })
        } : T.setImmediate ? function(z) {
            setImmediate(z)
        } : function(z) {
            setTimeout(z, 0)
        },
        vW = function(z, f) {
            if (!(f = (z = null, T.trustedTypes), f) || !f.createPolicy) return z;
            try {
                z = f.createPolicy("bg", {
                    createHTML: Ls,
                    createScript: Ls,
                    createScriptURL: Ls
                })
            } catch (p) {
                T.console && T.console.error(p.message)
            }
            return z
        },
        U = function(z, f) {
            return (f = c(z), f) & 128 && (f = f & 127 | c(z) << 7), f
        },
        w8 = function(z, f) {
            return J[z](J.prototype, {
                call: f,
                parent: f,
                document: f,
                length: f,
                pop: f,
                console: f,
                propertyIsEnumerable: f,
                floor: f,
                replace: f,
                prototype: f,
                splice: f,
                stack: f
            })
        },
        c = function(z) {
            return z.S ? d8(z.A, z) : X(8, true, z)
        },
        W = function(z, f, p, m) {
            for (m = (f | (p = [], 0)) - 1; 0 <= m; m--) p[(f | 0) - 1 - (m | 0)] = z >> 8 * m & 255;
            return p
        },
        O = function(z, f) {
            if ((f = f.j[z], void 0) === f) throw [y, 30, z];
            if (f.value) return f.create();
            return (f.create(4 * z * z + -23 * z + 46), f).prototype
        },
        x9 = function(z, f) {
            return f[z] << 24 | f[(z | 0) + 1] << 16 | f[(z | 0) + 2] << 8 | f[(z | 0) + 3]
        },
        Y9 = function(z, f, p) {
            return ((p = J[z.H](z.o9), p)[z.H] = function() {
                return f
            }, p).concat = function(m) {
                f = m
            }, p
        },
        a = function(z, f) {
            if (z.S) return d8(z.A, z);
            return f = X(8, true, z), f & 128 && (f ^= 128, z = X(2, true, z), f = (f << 2) + (z | 0)), f
        },
        $9 = function(z, f, p, m) {
            return O(389, (G(452, f, (((m = O(452, f), f.K) && m < f.D ? (G(452, f, f.D), EB(z, f)) : G(452, f, z), UB)(p, f), m)), f))
        },
        k, hY = function(z, f, p, m, Y, P) {
            function w() {
                if (z.l == z) {
                    if (z.j) {
                        var B = [OB, m, f, void 0, Y, P, arguments];
                        if (2 == p) var N = (g(B, z), S(false, z, false));
                        else if (1 == p) {
                            var h = !z.I.length;
                            (g(B, z), h) && S(false, z, false)
                        } else N = My(B, z);
                        return N
                    }
                    Y && P && Y.removeEventListener(P, w, v)
                }
            }
            return w
        },
        v = {
            passive: true,
            capture: true
        },
        Tz = function(z, f, p, m) {
            function Y() {}
            return m = VT(z, (p = void 0, function(P) {
                Y && (f && r(f), p = P, Y(), Y = void 0)
            }), !!f)[0], {
                invoke: function(P, w, B, N) {
                    function h() {
                        p(function(q) {
                            r(function() {
                                P(q)
                            })
                        }, B)
                    }
                    if (!w) return w = m(B), P && P(w), w;
                    p ? h() : (N = Y, Y = function() {
                        (N(), r)(h)
                    })
                }
            }
        },
        E = function(z, f) {
            f.X = ((f.X ? f.X + "~" : "E:") + z.message + ":" + z.stack).slice(0, 2048)
        },
        u2 = function(z, f, p, m, Y, P) {
            for (p = (m = a((f = ((P = a((Y = z[g8] || {}, z)), Y).XR = a(z), Y.u = [], z.l == z ? (c(z) | 0) - 1 : 1), z)), 0); p < f; p++) Y.u.push(a(z));
            for (Y.T = O(P, z); f--;) Y.u[f] = O(Y.u[f], z);
            return Y.jY = O(m, z), Y
        },
        Ny = function(z, f, p, m, Y) {
            F((((p = O((m = (p = (z &= (Y = z & 4, 3), a(f)), a(f)), p), f), Y) && (p = AY("" + p)), z) && F(m, W(p.length, 2), f), m), p, f)
        },
        JY = function(z, f, p, m) {
            p = (m = a(f), a)(f), F(p, W(O(m, f), z), f)
        },
        F = function(z, f, p, m, Y, P) {
            if (p.l == p)
                for (P = O(z, p), 460 == z ? (z = function(w, B, N, h, q) {
                        if (P.hh != (B = P.length, N = (B | 0) - 4 >> 3, N)) {
                            h = (q = (P.hh = N, [0, 0, Y[1], Y[2]]), (N << 3) - 4);
                            try {
                                P.p7 = cW(x9((h | 0) + 4, P), x9(h, P), q)
                            } catch (l) {
                                throw l;
                            }
                        }
                        P.push(P.p7[B & 7] ^ w)
                    }, Y = O(167, p)) : z = function(w) {
                        P.push(w)
                    }, m && z(m & 255), p = 0, m = f.length; p < m; p++) z(f[p])
        },
        g8 = String.fromCharCode(105, 110, 116, 101, 103, 67, 104, 101, 99, 107, 66, 121, 112, 97, 115, 115),
        Gz = [],
        ae = [],
        y = ((u.prototype.Dd = false, u.prototype.W = "toString", u).prototype.FR = void 0, {}),
        OB = [],
        ns = (u.prototype.zg = void 0, []),
        D = [],
        e = [],
        l2 = [],
        C = [],
        J = (((Xs, function() {})(H), function() {})(HW), Ks, y).constructor,
        i2 = (((((k = (u.prototype.H = "create", u.prototype), k).Z = function(z, f, p, m, Y) {
            if (p = "array" === qy(p) ? p : [p], this.X) z(this.X);
            else try {
                m = [], Y = !this.I.length, g([C, m, p], this), g([e, z, m], this), f && !Y || S(true, this, f)
            } catch (P) {
                E(P, this), z(this.X)
            }
        }, k).h = (window.performance || {}).now ? function() {
            return this.Nv + window.performance.now()
        } : function() {
            return +new Date
        }, k).Ah = function() {
            return Math.floor(this.h())
        }, k).C7 = function(z, f, p, m, Y, P) {
            for (P = [], Y = m = 0; Y < z.length; Y++)
                for (m += f, p = p << f | z[Y]; 7 < m;) m -= 8, P.push(p >> m & 255);
            return P
        }, void 0),
        PW = ((k.Mv = function(z, f, p) {
            return z ^ ((f = ((f ^= f << 13, f ^= f >> 17, f) ^ f << 5) & p) || (f = 1), f)
        }, k.L7 = function(z, f, p, m, Y) {
            for (Y = m = 0; m < z.length; m++) Y += z.charCodeAt(m), Y += Y << 10, Y ^= Y >> 6;
            return m = new Number((Y += Y << 3, Y ^= Y >> 11, z = Y + (Y << 15) >>> 0, z & (1 << f) - 1)), m[0] = (z >>> f) % p, m
        }, k.uJ = function() {
            return Math.floor(this.s + (this.h() - this.C))
        }, u).prototype.L = function(z, f) {
            return i2 = (z = {}, f = {}, function() {
                    return z == f ? 46 : 99
                }),
                function(p, m, Y, P, w, B, N, h, q, l, n, V, d, M, Z) {
                    B = z, z = f;
                    try {
                        if (Z = p[0], Z == D) {
                            q = p[1];
                            try {
                                for (m = (n = (h = atob(q), 0), []), P = 0; n < h.length; n++) N = h.charCodeAt(n), 255 < N && (m[P++] = N & 255, N >>= 8), m[P++] = N;
                                G(((this.K = m, this).D = this.K.length << 3, 462), this, [0, 0, 0])
                            } catch (K) {
                                t(this, K, 17);
                                return
                            }
                            UB(8001, this)
                        } else if (Z == C) p[1].push(O(94, this).length, O(220, this), O(373, this).length, O(460, this).length), G(389, this, p[2]), this.j[231] && $9(O(231, this), this, 8001);
                        else {
                            if (Z == e) {
                                V = (l = W(((n = p[2], O)(373, this).length | 0) + 2, 2), this).l, this.l = this;
                                try {
                                    Y = O(368, this), 0 < Y.length && F(373, W(Y.length, 2).concat(Y), this, 10), F(373, W(this.R, 1), this, 109), F(373, W(this[e].length, 1), this), h = 0, h -= (O(373, this).length | 0) + 5, h += O(126, this) & 2047, M = O(460, this), 4 < M.length && (h -= (M.length | 0) + 3), 0 < h && F(373, W(h, 2).concat(H(h)), this, 15), 4 < M.length && F(373, W(M.length, 2).concat(M), this, 156)
                                } finally {
                                    this.l = V
                                }
                                if (d = ((P = H(2).concat(O(373, this)), P[1] = P[0] ^ 6, P)[3] = P[1] ^ l[0], P[4] = P[1] ^ l[1], this.Hz(P))) d = "!" + d;
                                else
                                    for (h = 0, d = ""; h < P.length; h++) w = P[h][this.W](16), 1 == w.length && (w = "0" + w), d += w;
                                return ((G((O(94, (m = d, this)).length = n.shift(), 220), this, n.shift()), O(373, this)).length = n.shift(), O)(460, this).length = n.shift(), m
                            }
                            if (Z == Gz) $9(p[1], this, p[2]);
                            else if (Z == OB) return $9(p[1], this, 8001)
                        }
                    } finally {
                        z = B
                    }
                }
        }(), u.prototype.VQ = 0, /./);
    u.prototype.gb = 0;
    var mb, DN = ((u.prototype[ns] = [0, 0, 1, 1, 0, 1, 1], u.prototype).Hz = function(z, f, p, m) {
            if (f = window.btoa) {
                for (p = (m = 0, ""); m < z.length; m += 8192) p += String.fromCharCode.apply(null, z.slice(m, m + 8192));
                z = f(p).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "")
            } else z = void 0;
            return z
        }, D.pop).bind(u.prototype[C]),
        BW = function(z, f) {
            return (f = vW()) && 1 === z.eval(f.createScript("1")) ? function(p) {
                return f.createScript(p)
            } : function(p) {
                return "" + p
            }
        }(((mb = (PW[u.prototype.W] = DN, w8(u.prototype.H, {get: DN
        })), u).prototype.eY = void 0, T));
    40 < (R = T.botguard || (T.botguard = {}), R.m) || (R.m = 41, R.bg = Tz, R.a = VT), R.DBK_ = function(z, f, p) {
        return p = new u(f, z), [function(m) {
            return QT(p, m)
        }]
    };
}).call(this);
                                    

#4 JavaScript::Eval (size: 21, repeated: 1) - SHA256: 445323dd5f39d58811e77b5b6d8c03d670c8f61bde6d48283102f6117a65e549

                                        0,
function(P) {
    Q(P, 1)
}
                                    

#5 JavaScript::Eval (size: 62, repeated: 1) - SHA256: 590c5dabe51f76a51d9b560b89f8d69041f864dcbd66b39e887e7fc40232cac2

                                        0,
function(P, w, B) {
    B = (w = a((B = a(P), P)), P.j[B] && O(B, P)), G(w, P, B)
}
                                    

#6 JavaScript::Eval (size: 21, repeated: 1) - SHA256: bc362f3a7054831d269d9849e90d702e61640cf4dedaec38a16ff90eb052aa95

                                        0,
function(P) {
    Q(P, 2)
}
                                    

Executed Writes (0)



HTTP Transactions (56)


Request Response
                                        
                                            GET /download/3Psf6N6sgDM48kFG5cRxCq?t=26ec4f1b141761fe59627258cff56307 HTTP/1.1 
Host: ninjashare.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         172.67.145.34
HTTP/1.1 301 Moved Permanently
                                        
Date: Sun, 11 Sep 2022 09:32:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 11 Sep 2022 10:32:26 GMT
Location: https://ninjashare.to/download/3Psf6N6sgDM48kFG5cRxCq?t=26ec4f1b141761fe59627258cff56307
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9e3AbkYPIt4%2BkYQtlGtqgbsCymPAhY0lIWqZyB%2FDcwZNB4Y5w9VwcJJRzDZM9dcgtwzr4SIhjLQx7IV4XFuunupnYg0FM98re9o1mWVFSzlSkRQpora9rzuoxRx3mtQf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 748f656bfff01c0e-OSL
alt-svc: h2=":443"; ma=60

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5300
Expires: Sun, 11 Sep 2022 11:00:47 GMT
Date: Sun, 11 Sep 2022 09:32:27 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 11 Sep 2022 09:08:14 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: pBdgTQ26BYgE9VWL0xLKFgBg3VM5TfjslNg3j_yqAiAwizwXP9p-DA==
Age: 1453


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    b593eb39329cfe060d55be5e4a5405e2
Sha1:   78e46c1028e9f94f8569303ad2d90d7df13a059a
Sha256: 08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 11 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4mAyQ_AWV120bZmFq0NfjW8TOtunnsst-bTrXK-tm4rqrMBe3aaIuw==
age: 8115
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 11 Sep 2022 09:32:27 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /ad-provider.js HTTP/1.1 
Host: a.exdynsrv.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjashare.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         205.185.216.10
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 11 Sep 2022 09:32:27 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 23727
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"d944899a6eb421496e94cbddc42"
X-HW: 1662888747.dop026.sk1.t,1662888747.cds231.sk1.shn,1662888747.dop026.sk1.t,1662888747.cds246.sk1.c
Access-Control-Allow-Origin: *, *


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   23727
Md5:    81ef2e5397caa335947731e7e737f5c3
Sha1:   6a05a4b2d22c13ad2692170510bc8685b16002bf
Sha256: cec22380c4f1438b29077d202d0396a6ad32b41761ed51d968f1bfbdf2423378
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 09:32:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 09:32:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 09:32:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjashare.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.42
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 11 Sep 2022 02:36:40 GMT
expires: Mon, 11 Sep 2023 02:36:40 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
age: 24947
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30399
Md5:    0f83cadc148d2ad7e53c91f6c4ee05bb
Sha1:   90035c5fffedf4b0f099465f6b929a030b46c92b
Sha256: 3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
                                        
                                            GET /gtag/js?id=UA-204328282-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjashare.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 11 Sep 2022 09:32:27 GMT
expires: Sun, 11 Sep 2022 09:32:27 GMT
cache-control: private, max-age=900
last-modified: Sun, 11 Sep 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41969
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1615)
Size:   41969
Md5:    a95066696f16e3c86ea38dbcda32895c
Sha1:   0f16e2c6ac4b1943657e052054accf516c0919bb
Sha256: 6fc61a17758aca72d557adadf53f455eb92940d56efa8963a96b49fcf2545e8c
                                        
                                            GET /recaptcha/api.js?render=6LciF9kbAAAAAFP445L2HdlD2yTB2ltfXFq5XoYo HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjashare.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.164
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
expires: Sun, 11 Sep 2022 09:32:27 GMT
date: Sun, 11 Sep 2022 09:32:27 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 588
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (884), with no line terminators
Size:   588
Md5:    16f5021c09c7cdd9adfa83ca7850d735
Sha1:   7bc3a391e82c4b275301d34da30b65d2463035e8
Sha256: 5ff779cb75cdf021dff8fc65eb66c98ff1eeb8e66a7cc795118c7e7f75c52ac3
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 09:32:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 09:32:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 09:32:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 09:32:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 09:32:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   58720
Md5:    b89f172ab2354a0c192bac69a3b4d992
Sha1:   506fa16c99c3e746cc0288e58fce4d114be61700
Sha256: a506ef5799bd564398180d8d209e8dd75115b87bdea7333f0d9f6fd42a98d319
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 09:32:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ninjashare.to
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:30:59 GMT
expires: Thu, 07 Sep 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 309688
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 8000, version 1.0\012- data
Size:   8000
Md5:    72993dddf88a63e8f226656f7de88e57
Sha1:   179f97ec0275f09603a8db94d4380eb584d81cd5
Sha256: f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
                                        
                                            GET /css2?family=Poppins:wght@300;400;500;600&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjashare.to/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.42
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 11 Sep 2022 09:32:27 GMT
date: Sun, 11 Sep 2022 09:32:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   8254
Md5:    59c02438cfcffd48f2395a2f67a5f39e
Sha1:   aeffcae25ea966fdf38dec495fe4561000602584
Sha256: ca1ddc9a7a9eb419f759c19ce4b86b5addc7c65267a7f492aa632889ee3e8805
                                        
                                            GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ninjashare.to
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:32:09 GMT
expires: Thu, 07 Sep 2023 19:32:09 GMT
cache-control: public, max-age=31536000
age: 309618
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Size:   7884
Md5:    9212f6f9860f9fc6c69b02fedf6db8c3
Sha1:   ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
Sha256: 7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
                                        
                                            POST /v1/api.php HTTP/1.1 
Host: syndication.exdynsrv.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 304
Origin: https://ninjashare.to
Connection: keep-alive
Referer: https://ninjashare.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         95.211.229.247
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Server: nginx
Date: Sun, 11 Sep 2022 09:32:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://ninjashare.to
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip


--- Additional Info ---
Magic:  data
Size:   1134
Md5:    2dc566c8d3a3eff558f50ed17e28c4b0
Sha1:   62c0624a5c68d4499336a99b9db5b425942aec9e
Sha256: db46e4e2e25ec5534f69e0b2ec70151380fa69cbf74ded65de6f51b7ae83c3a1
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 09:32:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "ABBC7EAFE6555F06281DA65923C7572EF5E05E8AF0ACDB891F2F59F2D8245D4A"
Last-Modified: Fri, 09 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4477
Expires: Sun, 11 Sep 2022 10:47:04 GMT
Date: Sun, 11 Sep 2022 09:32:27 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "ABBC7EAFE6555F06281DA65923C7572EF5E05E8AF0ACDB891F2F59F2D8245D4A"
Last-Modified: Fri, 09 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4477
Expires: Sun, 11 Sep 2022 10:47:04 GMT
Date: Sun, 11 Sep 2022 09:32:27 GMT
Connection: keep-alive

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sun, 11 Sep 2022 08:56:07 GMT
Cache-Control: max-age=3600
Expires: Sun, 11 Sep 2022 09:23:03 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: J_pmaRykuKbBw7a90Qhc28ZejObEQWEkHnqMmxtWeEurEgrBQkwMeQ==
Age: 2180


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F15E30D8516F509104B1F7C506C3B978050C131A0CBA586362DF2CBC42C67AF0"
Last-Modified: Sat, 10 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1135
Expires: Sun, 11 Sep 2022 09:51:23 GMT
Date: Sun, 11 Sep 2022 09:32:28 GMT
Connection: keep-alive

                                        
                                            GET /cimp.php?t=api&data=H4sIAAAAAAAAA11Oy07EMAz8FX6gkT2xnXrPnEEC8QF9pAIORdrlsEj+eNIs2gMZRbbH9nhAwEA+MD+QnjJOKOGcnJIgsUo8Pb+EcOwf++d0eZ/ONX1/hQFj8ShaslA4jBghuQioRR9b7o48hoJErZGskYMaoFnkyBIRh1O8vT72zw2IgvHaSO53gw+5VtD1WN1mQtVtLcsmVm2r61RIzHwkUJbpGPxnlG5IzZ91/T8iMkuGIAa+FxLtUfT2dPnZl4j7+A3aBZpRkSOsXmdVW1eSxWq1hWe12XSpmlGK/ALo2sSJXAEAAA== HTTP/1.1 
Host: syndication.exdynsrv.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ninjashare.to
Connection: keep-alive
Referer: https://ninjashare.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         95.211.229.247
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sun, 11 Sep 2022 09:32:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://ninjashare.to
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22631dab2c0a8598.305585101853555006%22%3B%7D; expires=Tue, 10 Sep 2024 09:32:28 GMT; path=; domain=.exdynsrv.com; Secure; SameSite=none __upt=%7B%22v%22%3A1%2C%22id%22%3A%22631dab2c0a8598.305585101853555006%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22498.0199%22%7D; expires=Tue, 10 Sep 2024 09:32:28 GMT; path=/; domain=.exdynsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

                                        
                                            GET /tag.min.js HTTP/1.1 
Host: cagothie.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjashare.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.238
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
server: nginx
date: Sun, 11 Sep 2022 09:32:28 GMT
content-length: 22987
content-encoding: br
x-trace-id: 4a26c6911a9fc5e3342a37946b109119
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Thu, 08 Sep 2022 14:32:55 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   22987
Md5:    6ab05fcba561130fa8b1e1804849562c
Sha1:   4e3a0f1ae58bdaa2e439f99fb0b295ea9b2439d0
Sha256: befd4129d45f26ce3155b5aab8248420d5863dc69ec8207f1e0691ca62d9d469
                                        
                                            GET /library/622879/9b25ab5b2d7b450fe4e2c8346523c534966f03d4.gif HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjashare.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.76.9.19
HTTP/2 200 OK
content-type: image/gif
                                        
date: Sun, 11 Sep 2022 09:32:28 GMT
content-length: 41496
last-modified: Wed, 28 Apr 2021 12:39:58 GMT
etag: "6089579e-a218"
expires: Mon, 11 Sep 2023 04:32:10 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1694407987
server: CDN77-Turbo
x-77-nzt: AblMCQ36s5T/eUEAAA
x-77-nzt-ray: 2iV1Jf9+bD4
x-cache: HIT
x-age: 16761
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 728 x 90\012- data
Size:   41496
Md5:    d426af32470c9ca1b1293d6834ee9f5a
Sha1:   9b25ab5b2d7b450fe4e2c8346523c534966f03d4
Sha256: ac4b4d49b087abfb4d5dfe7b54caf3d22c37b48d932834b111cf30ef59dccaff
                                        
                                            GET /recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ninjashare.to
Connection: keep-alive
Referer: https://ninjashare.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 157166
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:23:20 GMT
expires: Wed, 06 Sep 2023 17:23:20 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 06 Sep 2022 00:04:24 GMT
age: 403748
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (539)
Size:   157166
Md5:    026df0dfed2314af108e700900288961
Sha1:   51c2a55bca7d65c549ef138d1294cac2aa98dd96
Sha256: 24eefc59f5d298ce40bdd33c8157ad14631984159fca8e5980037366c44c2b34
                                        
                                            GET /5/4425184/?oo=1&aab=1 HTTP/1.1 
Host: cagothie.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ninjashare.to
Connection: keep-alive
Referer: https://ninjashare.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.238
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 11 Sep 2022 09:32:28 GMT
x-trace-id: b582c20525e4478705717fe4ea1245c6
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://ninjashare.to
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=84dcd85220f04e26988e3b6706c46f85; expires=Mon, 11 Sep 2023 09:32:28 GMT; path=/; secure; SameSite=None oaidts=1662888748; expires=Mon, 11 Sep 2023 09:32:28 GMT; path=/; secure; SameSite=None syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (2705)
Size:   21300
Md5:    12d0147345707d369276f1482c1fa01d
Sha1:   ebe3f3567efbc44132d9d1c94a11c8476e55c4b4
Sha256: 8e7285b834ecfc8f9fac875c1a3e34ba25d9b99e4a1220d9b788ad72a46da97d
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5865
Cache-Control: 'max-age=158059'
Date: Sun, 11 Sep 2022 09:32:28 GMT
Last-Modified: Sun, 11 Sep 2022 07:54:43 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 09:32:28 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=376971,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748f6575afb0b50c-OSL

                                        
                                            GET /bootstrap/4.1.3/js/bootstrap.bundle.min.js HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjashare.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         188.114.99.202
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sun, 11 Sep 2022 09:32:27 GMT
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 12/14/2021 00:43:37
cdn-edgestorageid: 723
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-proxyver: 1.02
cdn-requestid: 10851a198d2b209cdb5f9281210daec7
cdn-cache: HIT
cf-cache-status: HIT
age: 8337962
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 748f65700dbeb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65297)
Size:   21139
Md5:    71f395a71482fc9a6076caee2f27ed55
Sha1:   c6c695e7a60883f8e35bd00575c1bcccf0439640
Sha256: 48ee86100310780d50784e7b5ad6bf5bdb7f8f8cb42ba296dd57aa4f6e8cdf18
                                        
                                            GET /gid.js?userId=84dcd85220f04e26988e3b6706c46f85 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ninjashare.to
Connection: keep-alive
Referer: https://ninjashare.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sun, 11 Sep 2022 09:32:28 GMT
content-length: 65
access-control-allow-origin: https://ninjashare.to
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=84dcd85220f04e26988e3b6706c46f85; expires=Mon, 11 Sep 2023 09:32:28 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   65
Md5:    905e385a8f7b2ef2da8e3f343b984719
Sha1:   ccf9fa9670c664aef1cd88f6bf7b7e6a4dd17f09
Sha256: 69ef1845e3f754f0f85f0eed967d65c76428fcd19bfe96620a59cca77150e5d2
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 09:32:28 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 12:52:23 GMT
Expires: Thu, 15 Sep 2022 12:52:22 GMT
Etag: "e4b0ac57e7c2d6d00e508cd99231b0f8d58942af"
Cache-Control: max-age=356993,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748f65765883b50c-OSL

                                        
                                            POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1 
Host: fleraprt.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninjashare.to/
Content-Type: text/plain;charset=UTF-8
Origin: https://ninjashare.to
Content-Length: 1575
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.254
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Server: nginx/1.19.10
Date: Sun, 11 Sep 2022 09:32:40 GMT
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://ninjashare.to
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    adb4650bfc9d2a73d4dd69583b0ceb14
Sha1:   1ce399d6e936232aaf2192cd7903a279c5015f22
Sha256: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            OPTIONS /500/4435918?excludes=&oaid=84dcd85220f04e26988e3b6706c46f85&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fninjashare.to%2Fdownload%2F3Psf6N6sgDM48kFG5cRxCq%3Ft%3D26ec4f1b141761fe59627258cff56307&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: betotodilea.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://ninjashare.to/
Origin: https://ninjashare.to
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.237
HTTP/2 200 OK
                                        
server: nginx
date: Sun, 11 Sep 2022 09:32:28 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://ninjashare.to
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5342
Cache-Control: 'max-age=158059'
Date: Sun, 11 Sep 2022 09:32:29 GMT
Last-Modified: Sun, 11 Sep 2022 08:03:27 GMT
Server: ECS (amb/6B72)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /www/images/3d08aacb36c7474e0d13b60f8f4adc14.png HTTP/1.1 
Host: offerimage.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjashare.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.22.33.172
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 11 Sep 2022 09:32:29 GMT
content-length: 66121
last-modified: Mon, 12 Oct 2020 05:50:58 GMT
etag: "5f83eec2-10249"
expires: Sun, 11 Sep 2022 12:30:54 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 75695
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 748f65799f220d36-ARN
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   66121
Md5:    3d08aacb36c7474e0d13b60f8f4adc14
Sha1:   e4af2de372b5e3a2211579a5973ef7ed160e7be4
Sha256: 54b0569cf052e12dd373e86031009d0a54a893275a21c2ef863277a9a978ab1c
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11454
Expires: Sun, 11 Sep 2022 12:43:23 GMT
Date: Sun, 11 Sep 2022 09:32:29 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11454
Expires: Sun, 11 Sep 2022 12:43:23 GMT
Date: Sun, 11 Sep 2022 09:32:29 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11454
Expires: Sun, 11 Sep 2022 12:43:23 GMT
Date: Sun, 11 Sep 2022 09:32:29 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11454
Expires: Sun, 11 Sep 2022 12:43:23 GMT
Date: Sun, 11 Sep 2022 09:32:29 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9ba7347-38d8-40e3-9b29-41a380f99ed5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6109
x-amzn-requestid: 271b006e-9d17-46ba-9eed-22fd638c4e9e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ2AhHZgIAMFlSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d039c-444e7d6b22f2a08f7215a986;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:37:32 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rnkjEbkwVPPR1stEuMkkuFcQ4WZMDjsuYKA46ZcxejvotwfCG6huhQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:43:03 GMT
age: 42566
etag: "c5b82c9d77851820b8d206573d5c03cd36d27a20"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6109
Md5:    8c35b7f5f8e1b0b24570a41b7d18533a
Sha1:   c5b82c9d77851820b8d206573d5c03cd36d27a20
Sha256: bb2456b31c48e6ebc9595c2bb9972b74531e93dd02ec4571d5af614f2d116ec7
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mfmj40aUc8l5RPk56M-pbqTwhde_HzYcmN5MDrfv-WFPhbpoShWYNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:57:28 GMT
age: 41701
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8485
Md5:    e407da4d97d497925b1ab523fd416787
Sha1:   166741631fb93d109b18dde6d316b3fa3276aa8f
Sha256: 707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79f019c6-c6f0-4468-b319-ffe5379d4a42.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10611
x-amzn-requestid: f034fbd9-c83e-4a29-84ff-674629759818
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3yN3E8PoAMFwfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312fd8b-63dd86ec10dbc2fb7dc0e5de;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 07:08:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -Fht5R4_rLcLWqglaPldh1846mPs_JS6_L3G_mi5G2iQbmkCPopvuQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 14:09:00 GMT
age: 69809
etag: "22e386713ccb95ca1cf9aa367a5ad02bd1664954"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10611
Md5:    b290c3f75a769f5cb0f36b5c84436c9b
Sha1:   22e386713ccb95ca1cf9aa367a5ad02bd1664954
Sha256: e311757ae3bc5b821a9c1d4d654250b1ac936228eb4a600aa1e5b391d25adaaf
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F234d0658-5bd0-4cc9-a828-3300a0005951.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9319
x-amzn-requestid: 44d731e9-1da0-4ad0-9fbb-1b170fac3bf0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XnTxaFtpIAMFWAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630c666f-2e155359546dae806f6dbfe2;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 07:10:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: cZslQ5Qc4PPIlpAtmGVbfr3NaPybUWZMJBz_pCrXkCSSq6hUztXVjA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:41:01 GMT
age: 42688
etag: "84e4a39c92ab111cc1072f898990cea6b05da6cf"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9319
Md5:    de6622cfd812509b317913e1a5e9cfc8
Sha1:   84e4a39c92ab111cc1072f898990cea6b05da6cf
Sha256: 6d41b564c2e15215d05ba74ba2ae08abf74f6aef9e58e808d31afc6d1ba123af
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8171
x-amzn-requestid: 39c8c044-5287-47bb-8731-5706c27a73e3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X0feFFtkIAMF9NA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6311ac59-246e1b7e019965f74db95df0;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 07:10:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FVraudPaXgrkcCLGkaxntfC3h4XtbSfnRgzyp72Wgwb-WgWkDwjYPw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 11:24:10 GMT
age: 79699
etag: "6c728c56797ba921e8001919df4d36e56dd37e54"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8171
Md5:    eee5b4d617dab6f10d7053f5c4f4e98e
Sha1:   6c728c56797ba921e8001919df4d36e56dd37e54
Sha256: 76a53e2c81ec8da2bc469760b2c57098d587c6a36fa70e5b7c743a224a47d362
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7d1d7d9-dc6d-4841-a150-2f22abc6729a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9990
x-amzn-requestid: 852e5710-d962-4b43-ad48-9530797ab548
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YBsisHAioAMFqsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6316f477-7de59a7d3553767c45e06ed2;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 07:19:19 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: edjwyX-124C71X-bNNnD2tP70Y4XuhX7G5LKmkKjU4IclvCekOOtgQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 15:33:37 GMT
age: 64732
etag: "c5fcae1c388ff8f44b9e47734b6b65fd4e0fd856"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9990
Md5:    cd709702d50113aec782e45bb5ecb2a8
Sha1:   c5fcae1c388ff8f44b9e47734b6b65fd4e0fd856
Sha256: 0ec10618a7f2f77cd339e9d1b4e58d29c1c9ad1575f434c813c1d3014c90bf76
                                        
                                            GET /download/3Psf6N6sgDM48kFG5cRxCq?t=26ec4f1b141761fe59627258cff56307 HTTP/1.1 
Host: ninjashare.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         172.67.145.34
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Sun, 11 Sep 2022 09:32:27 GMT
x-dns-prefetch-control: on
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-xss-protection: 0
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fJPTIlBzS%2FGHLa4zb0BW9WRK4L9Y4tBn3UjbGlb9qI8eNPNQBs8P%2BOzL9PIB%2BCteOijy3gL9y%2FX767RzcstklQpIjoXkrXs8UK%2FE7R6aeWOdzleNnfCfXGi4BpAM8k0L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 748f656e1d9e0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /releases/v5.3.1/css/all.css HTTP/1.1 
Host: use.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjashare.to/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.169.247
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 11 Sep 2022 09:32:27 GMT
x-amz-id-2: K7pN5p1xePgi09FPuUkB5eXhPU8vew5hNLE8IBBtvRvzLy+/myv6Tr1d42TiE/GG5X3H6JWpgrU=
x-amz-request-id: 6F64J6XKT306E04N
last-modified: Wed, 30 Jun 2021 15:42:14 GMT
etag: W/"10519cfd3206802f58315b877a9beab5"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 101230
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9w41w19i%2F3MJoQzcQh8IGp3wIkdebKHKPu6mrASwZvD9Yso%2FGXDZVcq6DqEsnJW46Zz6fK0Dfqm8rDkmVv2lZMRFh5lvV7qI4y2sJX8vR4BNcShIoKXBGJWIForvOfUW9xIJ6Lta"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748f656fef5bfac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /500/4435918?excludes=&oaid=84dcd85220f04e26988e3b6706c46f85&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fninjashare.to%2Fdownload%2F3Psf6N6sgDM48kFG5cRxCq%3Ft%3D26ec4f1b141761fe59627258cff56307&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: betotodilea.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://ninjashare.to
Connection: keep-alive
Referer: https://ninjashare.to/
Cookie: OAID=976875af0ceb41d18dfc321e403ee2b9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.237
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sun, 11 Sep 2022 09:32:28 GMT
x-trace-id: 388897a1bb37a8f360468648a797aecf
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://ninjashare.to
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=84dcd85220f04e26988e3b6706c46f85; expires=Mon, 11 Sep 2023 09:32:28 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /stattag.js HTTP/1.1 
Host: tzegilo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjashare.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.22.169
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 11 Sep 2022 09:32:28 GMT
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2633
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3P5RDX3p4F25zvviqPE1hU3r2cwd7NulC04QP7lsxdc1VbiS%2BnLXU8PrlpdPkctseP3LbZSbSiF7OnDiWZGbAqJ%2FYoIFEBCFOr2w3Joog41U8o%2BO0DMu3DOvee0zcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748f6574ba90b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /400/4435918 HTTP/1.1 
Host: betotodilea.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjashare.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.237
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sun, 11 Sep 2022 09:32:28 GMT
x-trace-id: a1d96ca9beb44778d10d9a0987e2a8d9
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=976875af0ceb41d18dfc321e403ee2b9; expires=Mon, 11 Sep 2023 09:32:28 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---