r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5d9435c884bf4a0777fdf4b57079ae09
7f04b9db47ffeec90ac6397416b7553e5336a550
fe77420ec3a11f547cf5172b68d30faa4fe0c13165ae305f0013b02914e61084
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE77420EC3A11F547CF5172B68D30FAA4FE0C13165AE305F0013B02914E61084"
Last-Modified: Sat, 25 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14689
Expires: Sat, 25 Mar 2023 21:13:59 GMT
Date: Sat, 25 Mar 2023 17:09:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 13f90146df1d559743af6df15c29b77b
6dd24f60629c39f857e3c996084f4d515cf3f8d0
ea5975be17b9cd29c8770939eb5d63ce43c1c44ce9a3a4d04e1e79cd69b30d1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EA5975BE17B9CD29C8770939EB5D63CE43C1C44CE9A3A4D04E1E79CD69B30D1C"
Last-Modified: Fri, 24 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10103
Expires: Sat, 25 Mar 2023 19:57:33 GMT
Date: Sat, 25 Mar 2023 17:09:10 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Mar 2023 16:27:45 GMT
content-type: application/json
age: 2485
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
yts.myproxy.help/
188.114.96.1200 OK 112 kB IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (60411)
Size 112 kB (111626 bytes)
Hash 8c9d772ae762987aba27924f1d5707cd
85b64234bc8cf4432cfb7b8a06d7ada557fe77cd
86cd006339cc4637f4bfa94c21ba229c824d479a820cc707fa31fb6d75b07fd2
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
GET / HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:10 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:10 GMT; Max-Age=86400
PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WSn1mMsPggkm0ThBYcJJZkcT8K5g14lBB3YOWibODmfuAMO3YSDabCiPTwkhfbfcDX0%2B%2BQI7HNQfHymStsEVnrSAUVZv0SBend155GW5nc02dHJA0c6Rj4RJnNwYM4pD%2FNa1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ad8c2932c550afa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1313ee2f06606d09c45b06ff9e8e1001
285ca89d1d3ea45d35832bc6d9827f834b3bfe21
63463447d29550c3734f621be02ec85290fbdf4612f79f9fad7e94f7e066dcb0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63463447D29550C3734F621BE02EC85290FBDF4612F79F9FAD7E94F7E066DCB0"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4250
Expires: Sat, 25 Mar 2023 18:20:00 GMT
Date: Sat, 25 Mar 2023 17:09:10 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 96hzb1V4Nmv3dHHBIx8yFde1AmB4DfD2mM7iGQ7uykQFQkkimuGGZ9L9poj8R5Os+1CfAfUOZcg=
x-amz-request-id: PDTRJ3CBJCAANHRA
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Mar 2023 16:54:59 GMT
age: 851
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:10 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
yts.myproxy.help/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
188.114.96.1200 OK 3.9 kB URL HTTP/1.1 yts.myproxy.help/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (12331)
Hash 54c87b7a9007d256c837e382cab4170d
6c8f44204021f68596af9ae5a742c3ad1b76a6ec
3a09f98b09786cd8fbe71cc17d07660e767fc1c8d2ea467f912bc328766a54a1
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 21 Mar 2023 12:31:17 GMT
ETag: W/"6419a395-302c"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8NqeZ2Qw10WKKPD6fqu62AgzAGsm7vheaLEmA8Xm5rKAWDpnl3DN6qJSpNZ%2B1P7d9g1xSdDRnUW6nBFcyi2oYYDEXO3PeFid1d2%2BJaxvVyjvCWtmLeXyba%2Bkc9Qr0FYgf9q%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c295fcfab518-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Expires: Mon, 27 Mar 2023 17:09:10 GMT
Cache-Control: max-age=172800, public
Content-Encoding: gzip
glimtors.net/ntfc.php?p=2651991
139.45.197.251200 OK 5.9 kB URL HTTP/1.1 glimtors.net/ntfc.php?p=2651991
IP 139.45.197.251:0
File type C source, ASCII text, with very long lines (14391), with no line terminators
Hash ebd24c57e7c48956b7ba8ffcb4e45991
185644214f8d5f6dca4c203af2a1bd96274afbcb
ce1a5dc8201ecc8e77250f101e3f9c0d471bd865ec9a74487bced10e58e0a732
Analyzer Verdict Alert fortinet Malware
GET /ntfc.php?p=2651991 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 17:09:10 GMT
Content-Type: application/javascript
Last-Modified: Thu, 16 Mar 2023 15:32:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"641336a9-3837"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Content-Encoding: gzip
yts.myproxy.help/assets/fonts/fonts.css
188.114.96.1200 OK 1.1 kB URL HTTP/1.1 yts.myproxy.help/assets/fonts/fonts.css
IP 188.114.96.1:0
Hash 4d6865342cab4d9eddc47fed493ad12b
078ef82b27357fcd18f9547d042c8e0deff09fe8
bfeb9f11cde780768801d2a1e9e49ea169c307d7357678332603dad7fa6c3f88
GET /assets/fonts/fonts.css HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:10 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:10 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=afJO3sH9moMl2iZbEvV0mGTfK4m7yxY4ogdMKOW8EjTQfGS4YlhlV9ZTXvV8DZZ2i5eJyqezsDcSDG3OYdX2KmsFOE20Z1Z9lhBY4gaIZUK4R5jRQU%2FIrqXgVo8iZWLy%2BHhu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c295aec10afa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 63ca8c4e17e0b692d1829cd62b9af3af
d0bbecbe0b93ea21026898dbd13edee5fc071cb2
1208545ecf01edb7bcef0b3c288d9edd34d2034c7404ba68a64c2ef251cb42f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:09:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ibb.co/rmxjjht/1008928.png
162.19.58.158200 OK 11 kB URL HTTP/2 i.ibb.co/rmxjjht/1008928.png
IP 162.19.58.158:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash 28cbecb9bf9bbf7726fcaa25fab221bb
fc4f28d6f2a17457fadb94738e72a4df4aab4c53
44075fe0b86eff3ffb90248ac3091c3e9e758a0660162f7c43df0330645552fe
GET /rmxjjht/1008928.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:10 GMT
content-type: image/png
content-length: 10912
last-modified: Tue, 14 Mar 2023 06:12:46 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
yts.myproxy.help/app/apx19.js
188.114.96.1200 OK 2.6 kB URL HTTP/1.1 yts.myproxy.help/app/apx19.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (9183), with no line terminators
Hash 9ea8acd8d74e4f328d558b64219e02c5
156ce99860c738bee0a97dbe9c543a83f4fd5457
cc0dc5bf2c19d0830dd3962179d22ed40f200ecf8dc905a4e64bba0c1ccf9dff
Analyzer Verdict Alert fortinet Phishing
GET /app/apx19.js HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:10 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 15 Sep 2020 18:46:59 GMT
ETag: W/"5f610c23-23df"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hpam0RgfWJ0NKAgrs0%2BFD4fjTDun1C%2BNujnN%2FzHTSuAAyCS%2FQwr28qh7JQ2FfKyCdrnnpO6%2BHDE1p9VP5aDJAO9E%2BFvsZxCLC8BiCBgfCDeZwDlGNkRI0zdeAMQEcWsEHr2p"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c295fa441c0a-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
yts.myproxy.help/hy.js?q22q2q2
188.114.96.1200 OK 18 kB URL HTTP/1.1 yts.myproxy.help/hy.js?q22q2q2
IP 188.114.96.1:0
File type ASCII text, with very long lines (56131), with no line terminators
Hash f12634066d38736854588dc61b5ba109
623e90c430f1609e59e16407553e2d2ff8882d8e
7ca898a6218b8e61a9a999ffb0c76a9c60f86dfd4353b2496225e6473c72c0de
Analyzer Verdict Alert fortinet Phishing
GET /hy.js?q22q2q2 HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:10 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 02 Mar 2021 05:53:48 GMT
ETag: W/"603dd2ec-db43"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WDkOrzChsep0zQbfodyyF2BAoucpp1pRybDLxb28h9JJAmDzNpuWbPIuZIwSaN5NkqCoPM9nUGe%2B3biHyl%2FZ8ADnfCpAwwLQxZDzLQf1dqHXlM8EM%2FikOV07qcurUqikfS2R"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c295fa4c0b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
benumelan.com/5/2632704
139.45.197.239200 OK 23 kB IP 139.45.197.239:0
File type ASCII text, with very long lines (60900), with no line terminators
Hash c00a8ee056bfed51c3f55ec7a10e97da
02d9870de756766ee04b47414769af0c1a4354b7
142a5e9046e6a0586c4183787c9e87d5a0dad0af63276bd2cc2babe994e9986d
GET /5/2632704 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 17:09:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 88957e16fe505053c1dbf0fb3f6aeba7
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=5a17e9e95da34b3fbd91522ce6ecc291; expires=Sun, 24 Mar 2024 17:09:10 GMT; path=/
oaidts=1679764150; expires=Sun, 24 Mar 2024 17:09:10 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
metrica-yandex.com/metrika/tag.js?1001
188.114.96.1200 OK 51 kB URL HTTP/2 metrica-yandex.com/metrika/tag.js?1001
IP 188.114.96.1:0
File type ASCII text, with very long lines (60271), with no line terminators
Hash b35da26b39d49b05468dbb6163fed65e
dceabbe12f893905ae5ce54eab3c08cb1074e673
b55aedc7e3ddae4b83a19fd439c08f39ddd97f22eb6953ebbfad8e530436be87
GET /metrika/tag.js?1001 HTTP/1.1
Host: metrica-yandex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:09:10 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 30 Sep 2021 23:00:22 GMT
etag: W/"61564186-eb6f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 5657117
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Eb%2B82AW5oKJKUeR8C0fKvpMU8pnBsW2HOq0Iq1F%2BNwuCJK6p0iqNfw3TUNCdu9rYJ5AhpPmdiJqp8dVrAE58Mu2WfN6apb7IkD%2Bk4C658LZszmmDurUjYwstfVjpQCNUZcN9DCg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ad8c295dd93b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
yts.myproxy.help/app/apx14.js
188.114.96.1200 OK 2.2 kB URL HTTP/1.1 yts.myproxy.help/app/apx14.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (7663), with no line terminators
Hash 5fd0d992c153321728eef72725f9e2f1
11af100c190b0c91d3126ca0c792aa6cd3954897
f39352e9834fda1868dab410b72a2850f516686f140843e9f0eef835be503330
Analyzer Verdict Alert fortinet Phishing
GET /app/apx14.js HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:10 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 15 Sep 2020 18:26:19 GMT
ETag: W/"5f61074b-1def"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RPx7zbytK3XwK7xywFc7aBlLDzdLkqJcJSxX3ouxQkIIyMqj9KUlaH%2Fn3FAJN2x4TBFF%2FJUkAKQ3TA1vF3X5OJrFnzrGkYP1qvqxXa0sOQBK%2Feot33pQetw6qvz0ro362MPH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c2961d27b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
yts.myproxy.help/app/x12.js
188.114.96.1200 OK 3.0 kB URL HTTP/1.1 yts.myproxy.help/app/x12.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (11180), with no line terminators
Hash 7f0c811d15a31a93662cfa30df4ef5ea
3f5b8f499bc7f50d2315eadc7cf043d317b60b95
af3050874dc2886642989014b75a7b4734239520ee7d36ea06d4527e41d92beb
Analyzer Verdict Alert fortinet Phishing
GET /app/x12.js HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:10 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 15 Sep 2020 18:26:18 GMT
ETag: W/"5f61074a-2bac"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9zWvoVF3N%2FxRR9797a4kPmRFa3kgIrl%2BHSmjJE1hNZbQbDROPg7r7y0Yu8cw3kjSabM6VAXvMyWIGuBn9swHbE5%2FcpsSQZJ8ep8nXbWmDoKGSJCgyJWRXAAzXuhKMXwku%2F%2Be"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c2966f7a0afa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
yts.myproxy.help/zpp/zpp4.js?q22q2q2
188.114.96.1200 OK 14 kB URL HTTP/1.1 yts.myproxy.help/zpp/zpp4.js?q22q2q2
IP 188.114.96.1:0
File type ASCII text, with very long lines (38995), with no line terminators
Hash 3c741ddc90399bc2910b2cdc0a826716
163182c6b04f146fbf6de424ead05c91e59e3c51
e6753c7588e28e17f44aa00cbe8c314de3f2bbcb8e892a439eed11dd989b1d84
Analyzer Verdict Alert fortinet Phishing
GET /zpp/zpp4.js?q22q2q2 HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:10 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 02 Mar 2021 05:53:53 GMT
ETag: W/"603dd2f1-9853"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d%2BCRdN%2B8Qu63CdUeph%2Bc1DIPyRGoPeCBCZhBJDd5G37wDNHUVvD7Ymp4VVofzGVDWv73u73Uc0wHb%2BDueJDVTGlFbhLaC3yphTIcND2gsMg9fQEm1BptamliPrOXKpfn%2FZ45"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c295ffe20b3d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ab7ee5fee94b727e0a8e3104175f082d
e5f3c166a1afeb60925eb2d923ef533b880b93a9
9656353361014e5766bc657d2dd0fc59093109d349f2b30651c7eb6e2d1c1d7e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9656353361014E5766BC657D2DD0FC59093109D349F2B30651C7EB6E2D1C1D7E"
Last-Modified: Thu, 23 Mar 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12594
Expires: Sat, 25 Mar 2023 20:39:04 GMT
Date: Sat, 25 Mar 2023 17:09:10 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3a85d9c2de0b1015b62c81a1ab7fe625
389c7fe2d0d53ff607a3fd8e27283c8f1cb3a238
717fa1c4098bd6e282c24452a39aafc0b436941b2f398ef0086960effcc3f2ca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:09:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yts.myproxy.help/assets/minified/2bacb5de663bc55f0cbed2b4a7d1504dc.css?2
188.114.96.1200 OK 20 kB URL HTTP/1.1 yts.myproxy.help/assets/minified/2bacb5de663bc55f0cbed2b4a7d1504dc.css?2
IP 188.114.96.1:0
File type ASCII text, with very long lines (57580)
Hash f6baa5754564f3db32bfb36cc8c2b8ec
396282b4692ce4c36098ae784df2b1b8750910dd
e9b877d4cfe9778fcb107bbc5c1339b3c5e687f7213c94837dfa32566762e3ee
Analyzer Verdict Alert fortinet Phishing
GET /assets/minified/2bacb5de663bc55f0cbed2b4a7d1504dc.css?2 HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:10 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:10 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nxyqZazr4U%2FX5vDCakI4P27lUfnDXt8szunkl37FBwf8ddruXXbOziJH7L4NCNKO%2BwYh7D5gwV%2FPonyX7MsLUioRjQS6nd0PajFugLRYfwdYGyFNbhdhT0hwlDGWBDXOIikm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c295aa63b4f3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js
173.233.137.36200 OK 13 kB URL HTTP/1.1 heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js
IP 173.233.137.36:0
File type ASCII text, with very long lines (37123), with no line terminators
Hash 6bb657229ca7fa7c28633da601d3059d
8d724acb5ed70e35ed1c52a70dea49c3967e8411
69474849da29b19c1cea1447745375eea804ef761cfa0da958546923b51d3436
GET /a2/86/90/a286902791a7f4c98bcb1e812322cd78.js HTTP/1.1
Host: heartilyscales.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 25 Mar 2023 17:09:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0739063da0f4e3f17fe26c5886c6c9b3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 382095a5ffb2a07db8543622ca952147
9dff0ef959065566f5b2a90074de465724b55495
fd41486f0dbf9dd0480fb218b7cde5bae870eaccc60af17057c38fedebf84574
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD41486F0DBF9DD0480FB218B7CDE5BAE870EACCC60AF17057C38FEDEBF84574"
Last-Modified: Fri, 24 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21315
Expires: Sat, 25 Mar 2023 23:04:26 GMT
Date: Sat, 25 Mar 2023 17:09:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 61325f233265916040fa668318535e76
3b09163fc24dfacdd13b1c637631a06d96deee45
0318a4bb8e215c9e7de9595c81cc972a69cd6fef113a574bde4799a549536066
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0318A4BB8E215C9E7DE9595C81CC972A69CD6FEF113A574BDE4799A549536066"
Last-Modified: Sat, 25 Mar 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2208
Expires: Sat, 25 Mar 2023 17:45:59 GMT
Date: Sat, 25 Mar 2023 17:09:11 GMT
Connection: keep-alive
glimtors.net/zone?pub=0&zone_id=2651991&is_mobile=false&domain=yts.myproxy.help&var=&ymid=&var_3=
139.45.197.251200 OK 880 B URL HTTP/2 glimtors.net/zone?pub=0&zone_id=2651991&is_mobile=false&domain=yts.myproxy.help&var=&ymid=&var_3=
IP 139.45.197.251:0
File type JSON data\012- , ASCII text, with very long lines (879)
Hash 8488d36091fc56d07613281e69a7d2eb
253ad29c9ddb8875f81219a1a6b8916a1d6d6aae
29af55f35239601807a63eb61d2c48d3d87d5ac482f7661b7342164335b0f8cb
GET /zone?pub=0&zone_id=2651991&is_mobile=false&domain=yts.myproxy.help&var=&ymid=&var_3= HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.myproxy.help/
Origin: http://yts.myproxy.help
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:11 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: 03ab8c5948cb000ff0e0ef3122c1df8a
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
matomo.hellohi.me/matomo.js
188.114.97.1301 Moved Permanently 169 B URL HTTP/1.1 matomo.hellohi.me/matomo.js
IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f3099a531821c476589c3d2d00d53772
8e539d05a8355d6835a56f94b75f405c6e55f6f3
a5287e1cf9fe9dc106bd2172a5b175c7833427866b7819872b1b6fa34b66daef
GET /matomo.js HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://matomo.hellohi.me/matomo.js
Referrer-Policy: origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 169
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c4odFcXtOxMoThHqMyQDPlbCv98jVnf4cpAyfyAirBRsi1jbfUbptCMim1Lrm1f55%2B6yV7F5Gm1Mg5UGJdXwu6pOnGn%2BU9eZOUDaAQyl%2FT47lPVmX7oljh6HsQjF244d3JDVcg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c298fe8ab51d-OSL
alt-svc: h2=":443"; ma=60
yts.myproxy.help/assets/images/movies/pathaan_2023/medium-cover.jpg
188.114.96.1200 OK 44 kB URL HTTP/1.1 yts.myproxy.help/assets/images/movies/pathaan_2023/medium-cover.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash 4d9ab718b9aa8919346ddc84a0f224d0
51725a7c847afc8020bc837cf8c8f3a639379372
b27d2d0c429f32e2698266b6f75e42ac54e05956fb7653ec4d3d7fdb4f4d21bf
GET /assets/images/movies/pathaan_2023/medium-cover.jpg HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6CLyFR7gm9pghwtJl%2Ftq7i9SQtJqAKJSwP3vRhtQQQpa9CheXu%2BEXr0OVlS8Qi6mF5%2Bo%2F85fsQKNoiYTEuNzyxIdGi%2BKQLjlcvi70R1aT%2BOIocqRW7Xcy88jrlZJGQQ7DvcX"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c297cc6c0b55-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ce6948c57f579a85042a4388c45514d6
4b3002c036034ef0cb8d9eb73b7bf7f561862b99
85e655e198ac1724ffca7bf4efc4f98de8c436cebf41ed665cc397fbb02a243a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:09:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yts.myproxy.help/assets/images/movies/fraulein_2006/medium-cover.jpg
188.114.96.1200 OK 32 kB URL HTTP/1.1 yts.myproxy.help/assets/images/movies/fraulein_2006/medium-cover.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash 46e518ed1dcc1c9c263050fb5f6eea70
10af9dd2f1664b05cf89bdd1df23723a645415c9
7a51510a2a4719df02a0cd33e26b0355e3e5a3e198716212966147ad0d214559
GET /assets/images/movies/fraulein_2006/medium-cover.jpg HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nfxvtjlev7f9ZJQVDHQuSVvmp%2FYpacFhmC0q1WhCfJ8PPwA9R5H0MjOJCa3SffP4jAybF1MgmpsZPfeZ6Sx0IDhHIZ4gaOZ%2BEcGjrlQ7t5GWBcvEVXbUduMKPh%2BuHzOW68MN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c297ccec1c0a-OSL
alt-svc: h2=":443"; ma=60
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:41 GMT
expires: Sat, 23 Mar 2024 10:26:41 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 110550
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 55 kB IP 142.250.74.131:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 672af5b055ec02b85c288cc034c53fc9
f032285bb6dcb8bc43173b3d432d5388f2e4ced7
33a19deee279835f7dd998086d655473196a49ff52b3e76b6af094126b805dba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:09:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 25 Mar 2023 16:14:33 GMT
age: 3278
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
yts.myproxy.help/user.php
188.114.96.1200 OK 25 B URL HTTP/1.1 yts.myproxy.help/user.php
IP 188.114.96.1:0
Hash 363f411ba212d4d1ccf7856f856145e9
08331057577f273187dd15e7c6f57937835e0aff
c50b40612adfdbf2e228758746fc7927cf440cb9bb5a8280c00d7946632a1943
Analyzer Verdict Alert fortinet Phishing
POST /user.php HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Content-Length: 39
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=c13sglo66mi9ch9t86isom5h9n
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Byep5QSGvich3URwnE3iiD5SpwB%2BndsIusIVixGAPh9QzwiTE%2BBYKhq8cTN4gIjLji24ndtL5cW9VyYTkfskIe33ndLwbvVS5RpxMo6oitCJVy0isNFhrdNxESdPar%2FDSHOr"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ad8c2992dfe0b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
yts.myproxy.help/assets/images/movies/money_shot_the_pornhub_story_2023/medium-cover.jpg
188.114.96.1200 OK 35 kB URL HTTP/1.1 yts.myproxy.help/assets/images/movies/money_shot_the_pornhub_story_2023/medium-cover.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash 6b7290f6feb2dc356c3b515dab5d927f
0058d663d0e40a8d34baa46226d86fab8fef8dcb
f2997f8bce02f3f0baa8423d7496e0e9f489fc03eeb69c424a9ee685bed2c5da
GET /assets/images/movies/money_shot_the_pornhub_story_2023/medium-cover.jpg HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bTxBr46JnLeyn7v60n%2ByW9Y4ECE%2Bvul6Dd7rSa2OcpSShLiZoMFMQUsmbs%2FPXe7%2BiMTtb5VXnMHslhqfuCoVCTEx7uhjPJR0dsWYVexCT9P5M7FauM6W9esoWP7hVke2V1m7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c297cd87b4f3-OSL
alt-svc: h2=":443"; ma=60
yts.myproxy.help/images/twitter.svg
188.114.96.1200 OK 800 B URL HTTP/1.1 yts.myproxy.help/images/twitter.svg
IP 188.114.96.1:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (1334), with no line terminators
Hash 650d43cbfebb58c9319118689a5efd11
5c0c7041b42159a1b8df70140d3f4493bde62ab6
81a2de665da8c72a8b359e4abaa0cf0253bf8c722abb779c39bfc2c9f0842ba5
Analyzer Verdict Alert fortinet Phishing
GET /images/twitter.svg HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rJjoESEEQXOQqNONCLNevL5UQ5p5978LZXDykAhR8Qw403rPoC%2FxGCGVrkh8VwHy5haEZTkrBKt7jbsWz4HcsrbthQWuyTzY3yedtB8AZpX5BjAggNe3DulUS2pumSmeavQ8"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c297cfc8b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
yts.myproxy.help/assets/fonts/P5sMzZCDf9_T_10ZxCE.woff2
188.114.96.1200 OK 18 kB URL HTTP/1.1 yts.myproxy.help/assets/fonts/P5sMzZCDf9_T_10ZxCE.woff2
IP 188.114.96.1:0
File type Web Open Font Format (Version 2), TrueType, length 18364, version 1.0\012- data
Hash d3ee727b257658b2ec8ef91639815c2c
5a7721c4680c382bfd251f10123027e843079ebd
ad69e547e43620390c7d7e192a4d00959602042fecd2be1e131a0a9b3398a36d
Analyzer Verdict Alert fortinet Phishing
GET /assets/fonts/P5sMzZCDf9_T_10ZxCE.woff2 HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://yts.myproxy.help/assets/fonts/fonts.css
Cookie: view=1; view=1; PHPSESSID=c13sglo66mi9ch9t86isom5h9n
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lPMuV6MbCW0ynibkiemrcTPciChSBSSVMpzJaVEilYJbFTiexHZgZ84TVZD07dxoNyB%2BHqzTgDOZ4mBQx4FbsFvCoD6ZA6S60wcbvTakXb96vfT%2FSSweNnonDfJP7a%2FbzfIF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c2995f381c0a-OSL
alt-svc: h2=":443"; ma=60
yts.myproxy.help/assets/fonts/icomoon.woff?fmg7s2
188.114.96.1200 OK 3.6 kB URL HTTP/1.1 yts.myproxy.help/assets/fonts/icomoon.woff?fmg7s2
IP 188.114.96.1:0
File type Web Open Font Format, CFF, length 3560, version 0.0\012- data
Hash 4e54891305c71736de2da03f14b57434
fbf29db32b5514cad7a908167ce63c76a91a2f12
332ec1d337a38ad421deff49f3585da56563253756da3870b26b46bd025f96e4
Analyzer Verdict Alert fortinet Phishing
GET /assets/fonts/icomoon.woff?fmg7s2 HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://yts.myproxy.help/assets/fonts/fonts.css
Cookie: view=1; view=1; PHPSESSID=c13sglo66mi9ch9t86isom5h9n
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: application/font-woff
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N8SdW5Lv3PT7ojkNAAMZyERVSMd2%2FmjMFBC0ShGae15CBS9g8Fo8LNbd945qv1EzkfENuzavC08ccUmGncad81nV0ntRi6Bn8IMAYEZ%2BV3JwMI75UoZPMFXMuiV2gq9aJkYE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29a0f010b55-OSL
alt-svc: h2=":443"; ma=60
yts.myproxy.help/assets/images/movies/one_piece_film_red_2022/medium-cover.jpg
188.114.96.1200 OK 47 kB URL HTTP/1.1 yts.myproxy.help/assets/images/movies/one_piece_film_red_2022/medium-cover.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash b2272f577c719322f6b14c8ca451ec6f
2792e53a68ecaf847aa97cf6d45d7702ec03baee
4ad03e3f64d6547fc421c85e63585b27acf529b94da6fdb0000780b175073b68
GET /assets/images/movies/one_piece_film_red_2022/medium-cover.jpg HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nz9CBEneA%2FkICDKH2TBlHNJEYz2XYnuEYOzm7wpHw3iBlH%2FzkafMK%2F81EokdJv%2BXKFFgVsldjGPIDo8E%2BJjKoE4t%2FdrjdYSCGOCmWMLVDAHhy8PjrpsrhORH849gXq0W6qKw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c297c9470afa-OSL
alt-svc: h2=":443"; ma=60
yts.myproxy.help/assets/images/website/icon-search.svg
188.114.96.1200 OK 559 B URL HTTP/1.1 yts.myproxy.help/assets/images/website/icon-search.svg
IP 188.114.96.1:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 35fb1b1fd99b576d4ab009a9354b1752
35eead23367569788b3fcaaa741292a200d84c8e
a850256428026095f291a9b7d892113ad3c797f318b1bc7528f5dbd2c12619e5
Analyzer Verdict Alert fortinet Phishing
GET /assets/images/website/icon-search.svg HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/assets/minified/2bacb5de663bc55f0cbed2b4a7d1504dc.css?2
Cookie: view=1; PHPSESSID=c13sglo66mi9ch9t86isom5h9n
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ktsTR0As5Q1IbD4lX3FS5ZT7AQt5jhpGW9HtjKfdo%2BVXMHL9hS7uaYv9E3zqEZxoIi%2FsWmP0kc1I%2BMStp%2Bw68hbQTdRPKErKUrGuAuevbxA2Q%2Bv8E0BfGRb%2Bg5K1%2FU1GddHt"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29a58821c0a-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 70300b32357c46f3448d567189b64cb3
6ba66a5cf63cdbfeaec59b936151cc812bac56df
5a2b4f9fc5ebaa8062058bf68eae75fc28e06c6ef6a0e79c3c761c1d92f81cb9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5A2B4F9FC5EBAA8062058BF68EAE75FC28E06C6EF6A0E79C3C761C1D92F81CB9"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8076
Expires: Sat, 25 Mar 2023 19:23:47 GMT
Date: Sat, 25 Mar 2023 17:09:11 GMT
Connection: keep-alive
yts.myproxy.help/assets/images/movies/dragon_ball_super_super_hero_2022/medium-cover.jpg
188.114.96.1200 OK 43 kB URL HTTP/1.1 yts.myproxy.help/assets/images/movies/dragon_ball_super_super_hero_2022/medium-cover.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash 4fd33afe19febb8b960cc6a00b239f48
e1f2c5205fc9039035d51028f026d5c352038c49
bd8575861ce8544e77eec8129673ac1bbff2d1d584b33cf67f2d6fd31946a921
GET /assets/images/movies/dragon_ball_super_super_hero_2022/medium-cover.jpg HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AECASkLi38K6Tq%2BaO2Ylik9lv%2FQfd6KrZ7j3pdk6Jx70S4nSvzXD1Wyurdt4b%2F%2FcV76rDObyrTStBcr7y0LHf3Vi3VQLxBmjYUIIJdBy1rNrsvtbeDGR9jOjCota6y4QUCaB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c297ca1c0b3d-OSL
alt-svc: h2=":443"; ma=60
glimtors.net/ntfc.php?p=2651991
139.45.197.251304 Not Modified 0 B URL HTTP/1.1 glimtors.net/ntfc.php?p=2651991
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /ntfc.php?p=2651991 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
If-Modified-Since: Thu, 16 Mar 2023 15:32:57 GMT
If-None-Match: W/"641336a9-3837"
HTTP/1.1 304 Not Modified
Server: nginx
Date: Sat, 25 Mar 2023 17:09:11 GMT
Last-Modified: Thu, 16 Mar 2023 15:32:57 GMT
Connection: keep-alive
ETag: "641336a9-3837"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
yts.myproxy.help/helper-js/
188.114.96.1200 OK 1.0 kB URL HTTP/1.1 yts.myproxy.help/helper-js/
IP 188.114.96.1:0
File type ASCII text, with very long lines (2612), with CRLF line terminators
Hash 18fc4e70f71e89e8632c2ff514ed6ade
dcaa0db3409b9a8c364fbb2fd8ff29191cf60c65
6de52965333a5b9459ceb90de8c44c87e86f6e696e01681826d64175a19a076c
Analyzer Verdict Alert fortinet Phishing
GET /helper-js/ HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=c13sglo66mi9ch9t86isom5h9n
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: s-maxage=0, max-age=0 no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BuHTHDLhLwAw5IXEbSgJdHSwcp3%2BS1NVTtgSkDW60XhHkAyIs3p5g8TAuX8F6V5NSetG7SS%2FoPS0CbHgBs1q%2FVUn9YiXrQ06Wdyq9DXIS1N5WG638uqTPwNnZ%2F2zrpJwzZNF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ad8c29a8f6f0b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
yts.myproxy.help/assets/fonts/P5sCzZCDf9_T_10c9CNkiA.woff2
188.114.96.1200 OK 19 kB URL HTTP/1.1 yts.myproxy.help/assets/fonts/P5sCzZCDf9_T_10c9CNkiA.woff2
IP 188.114.96.1:0
File type Web Open Font Format (Version 2), TrueType, length 20204, version 1.0\012- data
Hash 381c6ea42b5bee5fc57f3bafeb2524d0
d9573f35c37a1532263109b71ffb65cfd9a5d236
069c9f5132e41fa80dd8995c80b7b40e1a6b17d7288ad343e4a4467823608fbf
Analyzer Verdict Alert fortinet Phishing
GET /assets/fonts/P5sCzZCDf9_T_10c9CNkiA.woff2 HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://yts.myproxy.help/assets/fonts/fonts.css
Cookie: view=1; view=1; PHPSESSID=c13sglo66mi9ch9t86isom5h9n
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O49lAsEfHxB8nLBHKWoHdXWNCndPgVhro3n%2F63WD%2BZ9%2BDiZCM2kruCJsqoSbLJs6M%2Fgpo7VZekopYbT8IS8XOUfbDqvnNB3ygFvnUiKbRE39yLJOdrpYRigLCs24bPulji%2BZ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29a5b8bb518-OSL
alt-svc: h2=":443"; ma=60
thaudray.com/5/2632704/?oo=1&aab=1
139.45.197.237200 OK 97 B URL HTTP/1.1 thaudray.com/5/2632704/?oo=1&aab=1
IP 139.45.197.237:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1e8c62dd42017761668b2a81aeb5e2cd
fbe4e4b5f62d7c666f67a62ab3eeaa7834fb2911
978bde27b11c7bc75c0b4e4f65326c9eb3c2801a0908115ee3bc249ddac932da
GET /5/2632704/?oo=1&aab=1 HTTP/1.1
Host: thaudray.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: application/json
Content-Length: 97
Connection: keep-alive
X-Trace-Id: e139e95256463c37bef8594f93b677c7
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: http://yts.myproxy.help
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=416bbea9efc8465789e7f80d6c147a6b; expires=Sun, 24 Mar 2024 17:09:11 GMT; path=/
oaidts=1679764151; expires=Sun, 24 Mar 2024 17:09:11 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
thaudray.com/tag.min.js
139.45.197.237200 OK 25 kB IP 139.45.197.237:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 65e2a1717d5f91468c30357da9df4716
71ce672d2d0be1cff51d257d8c2f4dd18ea366da
afd80dde11f49ffffd7b7b2e2e214e6b71bd40db266360684dc73c955bae453f
GET /tag.min.js HTTP/1.1
Host: thaudray.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 24941
Connection: keep-alive
Content-Encoding: gzip
X-Trace-Id: 84d45202a596b8c994201e218e3e4f82
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Accept-Ranges: bytes
Last-Modified: Thu, 23 Mar 2023 11:56:04 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
rndskittytor.com/400/4837723
139.45.197.238200 OK 31 kB URL HTTP/1.1 rndskittytor.com/400/4837723
IP 139.45.197.238:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash abf99e0093d1b6ab3320c11030e1bb37
563b90677aa4ae800a16abef7571eb83edd78e95
41e48868d46673ef60c9b91562660e5d3682843d3f4b53adfa8977748318e8a9
GET /400/4837723 HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: af4c2d66e10ee018cd2eeb2781f50513
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=2bc484f6762f43b4bccccdc4ba1af2cc; expires=Sun, 24 Mar 2024 17:09:11 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
friendshipmale.com/sfp.js
104.21.234.92200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 104.21.234.92:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 67c2114e17e4500a844baffad302d97d
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 25 Mar 2023 17:09:11 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lTaXX%2FHuBzkKqzGp5%2BW1uFcROmL6LQx7OEWgFTgHv0ad5b03bIr5DeC7nZyodSGb%2F5j9Of0SFjd12ghmUxGYGXCTjSil1LfGHKc%2F%2B5OON31WoQ0rg1hqi2NRViyt8EGI40EknFQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29b5dde386e-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 6214e0549d3b14d95cd87888e48051d3
cd85501c9ad1f9daef05290d254a3f34c80efbcc
1af23655407dd3fd30ccb0ae0ae9b83c69c8db6618af632105a68a0165579437
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=85991
Date: Sat, 25 Mar 2023 17:09:11 GMT
Etag: "641dd04e-1d7"
Expires: Sun, 26 Mar 2023 17:02:22 GMT
Last-Modified: Fri, 24 Mar 2023 16:31:10 GMT
Server: ECAcc (bsa/EACA)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 0mOBDetBm32sMZ-MBHsnDhk0RBCPS-BwA66_wivlCl-y7mVbEg3lQw==
Age: 1872
simplewebanalysis.com/stats
3.123.95.62200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.123.95.62:0
File type ASCII text, with no line terminators
Hash 58f9bbce5975a95a1d71503ec5e5dd09
0b0fb5979f4f182abd2958b5c0e870e4c8ffa8ff
5d37922c8331d1a451f6fb07a6c8e86b6c59c5809a98b0f140120100f8c884aa
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:09:11 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-credentials: true
set-cookie: uid_id2=e06848fe-ff61-4507-902b-9076907870b6:2:1; expires=Tue, 22 Mar 2033 17:09:11 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
theusualsuspectz.biz/j/m/qqqq.js
188.114.96.1200 OK 41 kB URL HTTP/2 theusualsuspectz.biz/j/m/qqqq.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (48351), with no line terminators
Hash e6e923ab85162c08e47b11660070df85
3cff9fecb740141e33b97fc1925f98a3cb3f23d2
5b53a31cfb59ba99b5c30ff79ca9588e669e9547a1e0d439d452513a964ed409
Analyzer Verdict Alert quad9 Sinkholed
GET /j/m/qqqq.js HTTP/1.1
Host: theusualsuspectz.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:09:10 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 02 Mar 2021 03:16:06 GMT
etag: W/"603dadf6-bcdf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 4976968
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7cWhaNrp1HZKL9VvLUGhclkoHl1I8oR5HRUudVX1VunXGPSUe1PjVzYxtOkK7BxstACcmE5sNWfc2eoh3loLIe17omdm84u%2BufZnXhy4G5p0v6fNf1XWgtakI1Hs7Qe1B0adIMLnMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ad8c2964c32b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
yts.myproxy.help/assets/images/website/banner1080p.png
188.114.96.1200 OK 1.6 kB URL HTTP/1.1 yts.myproxy.help/assets/images/website/banner1080p.png
IP 188.114.96.1:0
File type PNG image data, 118 x 91, 8-bit gray+alpha, non-interlaced\012- data
Hash 7028eef7ae02c71d2deaa8732b336b52
8868b6729d736341aa0f6ceef44c3c10912f8b96
285ed5a42f875509d424f98f667e4ff49581ddb68537aab4779f665d001ba128
GET /assets/images/website/banner1080p.png HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bOQZ8HmfVoKuZk4M0aOIKAiJUrQ%2FIcHYTLLzOkdlaX1A1x9oR5EjElJB%2Bod65KIHPOZ1tc5ni4suHnLJeP3Jlky1Es5525XP%2FmTuGkc0odC8t9dzjar8ZXSJX0%2BjSl3nvjOj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29b18070b55-OSL
alt-svc: h2=":443"; ma=60
yts.myproxy.help/assets/images/website/rss-icon.png
188.114.96.1200 OK 1.5 kB URL HTTP/1.1 yts.myproxy.help/assets/images/website/rss-icon.png
IP 188.114.96.1:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 2374708dade12394d7d0fa4bf0d01636
394287de1c090befdee97dd0b159885776c39180
5f2cd2a2b125f6c2150c3976c43a5e6059b7ab3d67960d745eaa488f83e46d90
GET /assets/images/website/rss-icon.png HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2LnXQWHskSelqfUIK0iDZ85u0a5Gfk%2B6aTzTlvLwUpqEHAKI1%2Ftx1ln2NeM9HrfRnIx4DsLTKdjr9hadyXLp6tnT%2FxgKlgCNqSP7PbMLaMp1WQhCDRmUfb2R0mdXZd0LvJ3A"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29ad8ea1c0a-OSL
alt-svc: h2=":443"; ma=60
yts.myproxy.help/
188.114.96.1200 OK 0 B IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
HEAD / HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=c13sglo66mi9ch9t86isom5h9n
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dICmwkZpceDSN%2F2Ezd9HkWGV6zgaxE2T3Yf0zZOyaxx8ZhWBh2JmxoFmiwF%2BTq7UyJK8IHHhDbWMNM5rKUIn8pS7Whg%2FQPp6WyrzsToxUF96tEt5Qoe%2FCAQdWSfsVqs1ULY9"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ad8c29b4cc4b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
yts.myproxy.help/assets/fonts/P5sMzZCDf9_T_10ZxCE.woff2
188.114.96.1200 OK 18 kB URL HTTP/1.1 yts.myproxy.help/assets/fonts/P5sMzZCDf9_T_10ZxCE.woff2
IP 188.114.96.1:0
File type Web Open Font Format (Version 2), TrueType, length 18364, version 1.0\012- data
Hash d3ee727b257658b2ec8ef91639815c2c
5a7721c4680c382bfd251f10123027e843079ebd
ad69e547e43620390c7d7e192a4d00959602042fecd2be1e131a0a9b3398a36d
Analyzer Verdict Alert fortinet Phishing
GET /assets/fonts/P5sMzZCDf9_T_10ZxCE.woff2 HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://yts.myproxy.help/assets/fonts/fonts.css
Cookie: view=1; view=1; PHPSESSID=c13sglo66mi9ch9t86isom5h9n
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tYj14d7GbcKT2G7D0zVjNYSrCZpvzgdRZeiip0Q%2Brn7%2F1xJDNc2GJiLuxr8kirjO6uGUbEnLYrBz9VOHSYE4ctGnBjYyAW35HtwKiC1Mzg9OcXew%2B4%2F6WxtQWgGj%2BpTiLwTc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29adc3b0afa-OSL
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
35.81.250.50101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.81.250.50:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 27lGUm0tZJIgE6KgCUJxiw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dyfr9gw3M7rSublEbqGfY5j978c=
overzubatan.com/5/2632704
139.45.197.239200 OK 23 kB URL HTTP/1.1 overzubatan.com/5/2632704
IP 139.45.197.239:0
File type ASCII text, with very long lines (60902), with no line terminators
Hash 3baa6f19d82075b9c597450d33085e9a
4df58419f4be88fb32544d258b93271627bee576
35cbcedad39bbae1f9c028ac0b7b4eae546c0550554f7cb5dfca4731a59f5222
GET /5/2632704 HTTP/1.1
Host: overzubatan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: edf15797eb85ce64d573b80de544fa49
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=3026957010a046c69d0e031aab85d8db; expires=Sun, 24 Mar 2024 17:09:11 GMT; path=/
oaidts=1679764151; expires=Sun, 24 Mar 2024 17:09:11 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
yts.myproxy.help/assets/images/movies/the_weight_of_chains_2010/medium-cover.jpg
188.114.96.1200 OK 38 kB URL HTTP/1.1 yts.myproxy.help/assets/images/movies/the_weight_of_chains_2010/medium-cover.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash 1659812b0119f81a910c31b9fb1dcf47
08e7a791a8c05fd70f72858c22d25c28518515b5
5ae947a40c6821e737dc1159a08d791aafb9d4951096673641a126191ed3a164
GET /assets/images/movies/the_weight_of_chains_2010/medium-cover.jpg HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bhp%2F6QM2nxWrE8t3ZC3EeYplhkift9TINP%2F1IXJnZZQG7v%2BOeb4HErm7uPud5riWMhKblHjmRPBkF51YeY%2BJMSCdBicwwO3L6lKZC7Me5llBUgiFFTpkODeSxBGd8k5tnudD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29b1dbd0b3d-OSL
alt-svc: h2=":443"; ma=60
yts.myproxy.help/assets/images/movies/bump_of_chicken_tour_2019_aurora_ark_tokyo_dome_2020/medium-cover.jpg
188.114.96.1200 OK 25 kB URL HTTP/1.1 yts.myproxy.help/assets/images/movies/bump_of_chicken_tour_2019_aurora_ark_tokyo_dome_2020/medium-cover.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash c97fc0b5829dd3077367ba8bd6e68231
ae2940c6af62dc22aa42b28f63a881e551b87d1e
685704cc40aff6926ad738dd988a629d8624b46cf3148efef7be881cd881160b
GET /assets/images/movies/bump_of_chicken_tour_2019_aurora_ark_tokyo_dome_2020/medium-cover.jpg HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dq7s2kZbE5sPEzyQapdlZba8ITmAnrO88V0%2FN1Pmb0Ow4hW0jH49oMxrGFt7Rl11nlN0OoSrlu9%2FVnehZ6CXiWZyfN5rYrykdG%2BsC2rWc1AcNGlLzSFLqutVY1gEy%2Brf2dWc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29caa971c0a-OSL
alt-svc: h2=":443"; ma=60
s7.addthis.com/js/300/addthis_widget.js
2.18.172.123308 Permanent Redirect 171 B URL HTTP/1.1 s7.addthis.com/js/300/addthis_widget.js
IP 2.18.172.123:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 3c417e9efbcaeb3bf7e7df75cf3b22fd
00465aec6b8ec302eae8abb99678fc5c09c3f343
21bd143d38dbbae427615a7266a86a18dc95c417f3e510632d7a9180d98d3571
GET /js/300/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 308 Permanent Redirect
Server: nginx/1.15.8
Content-Type: text/html
Content-Length: 171
Location: https://s7.addthis.com/js/300/addthis_widget.js
Date: Sat, 25 Mar 2023 17:09:11 GMT
Connection: keep-alive
X-Distribution: 99
X-Host: s7.addthis.com
platform.twitter.com/widgets.js
93.184.220.66200 OK 28 kB URL HTTP/1.1 platform.twitter.com/widgets.js
IP 93.184.220.66:0
File type Unicode text, UTF-8 text, with very long lines (38752)
Hash 8aa708f5eebf10bd82e942dabf1623a5
326a6d469222302a80ecf29039e7837d8870ee47
fcfdc2930fdd7f4b3c7f0c1308ce2e89fcc5082ae6a0a1e16ecf0f7e417f1368
GET /widgets.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Age: 31
Cache-Control: public, max-age=1800
Content-Type: application/javascript; charset=utf-8
Date: Sat, 25 Mar 2023 17:09:11 GMT
Etag: "9e99725b7a4cd730a934afba2a438bb5+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:51 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F708)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
x-amz-server-side-encryption: AES256
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 27630
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8340890729f43f2712657e7caade6df7
07240b82432cdf0467c8c858ca26d5b127e51f45
b9882d8a6df9f1e6a44793176a742fb3282e2a3ade0c78ada01b1c28790e9ec8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9882D8A6DF9F1E6A44793176A742FB3282E2A3ADE0C78ADA01B1C28790E9EC8"
Last-Modified: Fri, 24 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13672
Expires: Sat, 25 Mar 2023 20:57:03 GMT
Date: Sat, 25 Mar 2023 17:09:11 GMT
Connection: keep-alive
benumelan.com/5/2632704
139.45.197.239200 OK 23 kB IP 139.45.197.239:0
File type ASCII text, with very long lines (60900), with no line terminators
Hash c00a8ee056bfed51c3f55ec7a10e97da
02d9870de756766ee04b47414769af0c1a4354b7
142a5e9046e6a0586c4183787c9e87d5a0dad0af63276bd2cc2babe994e9986d
GET /5/2632704 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: b2d607ef38194dca1efcad3eb42b1a3c
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=0a1271800a9f4bfd9ba71fc99c660aa3; expires=Sun, 24 Mar 2024 17:09:11 GMT; path=/
oaidts=1679764151; expires=Sun, 24 Mar 2024 17:09:11 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
yts.myproxy.help/assets/images/website/banner720p.png
188.114.96.1200 OK 1.7 kB URL HTTP/1.1 yts.myproxy.help/assets/images/website/banner720p.png
IP 188.114.96.1:0
File type PNG image data, 118 x 91, 8-bit/color RGBA, non-interlaced\012- data
Hash 5d1af846e570e691dade89fb8ad1fb2f
49cef29b3c315193171011658add54ff05fb9899
db107528cd0668fa01488c838bd75e37d830e691f754df73ce0d604c3637b4d0
GET /assets/images/website/banner720p.png HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:11 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qzOdsw19y1ZFAoHq53u2fdY9IhmtWnM4WrC9X2L5AUaK6yT7lXuuqFak1XnSKYEhkI2pykNHTnN938Ppd81MNiccSsB0gwxurOF72NN61qPioXVuZ2KnGGZZ5Iw2pvAgq%2Fdw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29c99d60b55-OSL
alt-svc: h2=":443"; ma=60
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash ab6477247d3f918a817b8914bd9a4522
a27a7a9b139d1bbc3d1bae9883f2993a33fe317a
8467d513744258ec65d417a4828deef9a5115b864e7eb651c76c46f22f713672
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:11 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=e312381457f94801a62543c43f5fb02c; expires=Sun, 24 Mar 2024 17:09:11 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
yts.myproxy.help/assets/images/movies/pulp_1972/medium-cover.jpg
188.114.96.1200 OK 25 kB URL HTTP/1.1 yts.myproxy.help/assets/images/movies/pulp_1972/medium-cover.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash be7173ed3a610f46c44facb039c0b84b
951b1375af0aab3f0b4a57967418b284dd7e324b
fe0ee54e7be5118ec00513049991f3d34f71b3228030d15f6c2656119b24fd1e
GET /assets/images/movies/pulp_1972/medium-cover.jpg HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:12 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vjK4Vaz8zWQFyt91u2VmM7V0NxDuDtDLUgLdkvYextzU5Zq119JtJj6XfJaAFds1AQGeIvUO%2F90tpwpzAjq5Ml9oSgx3vC0hKIcNozoazkgMHHX6bZDFFsfvs7N3McSHfoVR"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29cfec50afa-OSL
alt-svc: h2=":443"; ma=60
yts.myproxy.help/assets/images/movies/the_2019/medium-cover.jpg
188.114.96.1200 OK 39 kB URL HTTP/1.1 yts.myproxy.help/assets/images/movies/the_2019/medium-cover.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash bf7ea233073fb986aff8679639efd2cb
3536d621a986f40a4c66d8c203b677875d000ea4
1c82b61e700ff736e666c79b452de0349ccc905fe586b77e445ab827e752d854
GET /assets/images/movies/the_2019/medium-cover.jpg HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:12 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8F6admPmKIgL7dc%2Bu4eK0waZE9obYWKLjI7Uv%2FkNSN5YMDi9oRrI7mADg8SbmeZtAq%2BLPGqhm1jm6fpWvgMljY12EyiJUz4K05%2Fb4yYZ76Z7YroX2lm%2FggYiljhh3bmZ%2Blp5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29d38880b3d-OSL
alt-svc: h2=":443"; ma=60
yts.myproxy.help/assets/images/movies/what_we_forgot_to_remember_2020/medium-cover.jpg
188.114.96.1200 OK 44 kB URL HTTP/1.1 yts.myproxy.help/assets/images/movies/what_we_forgot_to_remember_2020/medium-cover.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash c7cc65129f15c81ea79a99c2ce1fb5a9
c3a20e60691425184b8f9d5bb3a1e53f73992e31
a11af5534eee81f5f5aba523fa34f26f08c883ea26a7a7be13fa35c8fb2aaa3b
GET /assets/images/movies/what_we_forgot_to_remember_2020/medium-cover.jpg HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:12 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eqEMrGhn5Wg61UeUlmE4syKLvaLtgaYofwTHFualgWNMtvNDO2epQMqt%2Ftfa%2FAQoq3UsAaaqmDK43MFa8jdeBoWVrC7I23W16VlEnhzGHuQmPJsyoE%2Fki6m3H4Y8Oc5ws9Ca"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29c9e95b4f3-OSL
alt-svc: h2=":443"; ma=60
yts.myproxy.help/assets/images/movies/hey_sinamika_2022/medium-cover.jpg
188.114.96.1200 OK 29 kB URL HTTP/1.1 yts.myproxy.help/assets/images/movies/hey_sinamika_2022/medium-cover.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash 44453f2007514f5b7530ed7b66f18542
0b352055fd73072818a4a42594d24b9c2db24f98
924334ee7defb37ab65a3ef06c5477904a9541cc47483ed822f705df3db5cc20
GET /assets/images/movies/hey_sinamika_2022/medium-cover.jpg HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:12 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:12 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QwMOz7its0yY7h9beq8uYFuPLklJvzBZq2BgACotjTMWHq0AfU03KKYbbk0cVeDcC%2BEYf7dARrnFLkRsGmemod%2BdZ3MIgTx%2F%2F%2FuvQcheGRK9JJGam92IRDSVEZjusfj0NqJx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29dbb630b55-OSL
alt-svc: h2=":443"; ma=60
yts.myproxy.help/assets/minified/modded1.js?yify=4
188.114.96.1200 OK 45 kB URL HTTP/1.1 yts.myproxy.help/assets/minified/modded1.js?yify=4
IP 188.114.96.1:0
File type ASCII text, with very long lines (65452)
Hash 82bc117056e97588c7ba63716676f94f
d92200651622d395797b8841bb05facead4e36b2
ebeff371e1b6c69cea3284066d5c0a7b1e2ed8bcec0e6e4bf56337fac56aa4a5
Analyzer Verdict Alert fortinet Phishing
GET /assets/minified/modded1.js?yify=4 HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; view=1; PHPSESSID=c13sglo66mi9ch9t86isom5h9n
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:12 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:11 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZdFifuDsaSM7sKVIp39MtgwhasEs4EP%2FoyyJjH0CpdDmXk0mTVCl%2BOAabj9np9WPH4Zf5ZDXPtRhudZIw7I2%2FroQ4SLRNAXVoip9LB03lC4UvpYHhL3HyQj4M7VAthQD2w87"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29cff87b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
yts.myproxy.help/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1679760000
188.114.96.1200 OK 15 kB URL HTTP/1.1 yts.myproxy.help/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1679760000
IP 188.114.96.1:0
File type ASCII text, with very long lines (30752), with no line terminators
Hash c92cb252bf42ef40b782ce0e51947841
b1c2c5c2d5284ebb2e8a6e6b7f59cdf71f95a641
37cf4ea4b974913f8d72bae62a5d4633d27627946156d1f29a846ed8910faeff
GET /cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1679760000 HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: view=1; PHPSESSID=c13sglo66mi9ch9t86isom5h9n
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:12 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-control-type-options: nosniff
vary: accept-encoding
content-encoding: gzip
cache-control: max-age=14400, public
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GBi4dFQ4REtIKh1%2Bk5r2bkUG%2FSAFLaZOZPzts06wSRo2wxpemLUmU9fmPjDBbAV5D9F5QAhHYl1vmehFSMyS%2FB2%2BKVqgMluVZrIu9cR%2FB9eG1mRNtfG3DXa4SjM3C234PywC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ad8c29edc9c0b55-OSL
alt-svc: h2=":443"; ma=60
yts.myproxy.help/images/download.png
188.114.96.1200 OK 1.3 kB URL HTTP/1.1 yts.myproxy.help/images/download.png
IP 188.114.96.1:0
File type PNG image data, 20 x 21, 8-bit/color RGB, non-interlaced\012- data
Hash c0e74c1af39c0ec8d135af2363a14cf8
0e2fed8eff1137b12d53e466d5daa6c17ba3c594
32c96725715e90eb5659d4f4cea51b06d07afbdb666c360ee4c0a74a1b70c654
GET /images/download.png HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:12 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:12 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WxheCTvMgn0eDXyHxJKKuyv7xKVmtq62g6MbVSEvFWeJFONQmamlbJRpGPl4rsCGt15GRmgpRVdu4V9V8kmeGjx2UHNZ8BEghNxcq3gSqAkyM4WHBwKOF7eJ9FjT6WZ%2F2%2FSs"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29e7a68b4f3-OSL
alt-svc: h2=":443"; ma=60
yts.myproxy.help/images/noposter.svg
188.114.96.1200 OK 305 B URL HTTP/1.1 yts.myproxy.help/images/noposter.svg
IP 188.114.96.1:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390), with CRLF line terminators
Hash 9af499e0f7a596dea6a83b6c9c5048f8
9171f4f4fc43569399b3943e37da8cc476948cd2
0c2163536546084c0b9621109fe599c2149bbcdd979673b5cb2aebaf77944377
Analyzer Verdict Alert fortinet Phishing
GET /images/noposter.svg HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:12 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:12 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OzNZP0TP3hXUK8V%2BucpIzRuqJKDeKngvBrHwW2EvZBECu5vgneNip8%2BixTJwYEX0Pp3cWP9xWB1BymgC63F%2Be0cuN69%2ByMX1uTbjOuG%2BiVfMzhL93CiQ2lH022q0BzcMyhgO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29e69f70b3d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
yts.myproxy.help/assets/images/movies/the_invisible_dead_1970/medium-cover.jpg
188.114.96.1200 OK 44 kB URL HTTP/1.1 yts.myproxy.help/assets/images/movies/the_invisible_dead_1970/medium-cover.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash cfc04978b9ffca2dae3ea0aa43a24f6d
62ec4e918e45455965cb8be9f344aeeb7e15a8e6
f4ba3b3d1638afe27b26e79eeb9934e17270ff0f3f3678bcbf62391f09cf7bf1
GET /assets/images/movies/the_invisible_dead_1970/medium-cover.jpg HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:12 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:12 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=15M7L12c%2FelVF1YI6xqGhzpSw8iz9CcxYte1RukSaBPvMZjZq5LZzpzyBaWja3JEl%2BFGK%2FDpqysXu4xsHb1Oy9Wk3VbGLU9JYlkBTEAOAeI3%2BMtORq79SvUMxqcSwKFmxh22"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29d7b7f1c0a-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5c83df5e00e5b473a1252f35bf361a2f
adb2068af6561e6544509f631e15b7bf3faed17c
17715856bef73ec787b30b3a3f08d41b1f0a372d6882d0a055e321e98fbf1014
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17715856BEF73EC787B30B3A3F08D41B1F0A372D6882D0A055E321E98FBF1014"
Last-Modified: Fri, 24 Mar 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8812
Expires: Sat, 25 Mar 2023 19:36:04 GMT
Date: Sat, 25 Mar 2023 17:09:12 GMT
Connection: keep-alive
s7.addthis.com/js/300/addthis_widget.js
2.18.172.123200 OK 116 kB URL HTTP/2 s7.addthis.com/js/300/addthis_widget.js
IP 2.18.172.123:0
File type ASCII text, with very long lines (54602)
Size 116 kB (116423 bytes)
Hash d5b9b7a3accd3b7b7de639c072ae3ee2
9583b5c046d78af5c6379d844219f828aa2222d0
648dad6716bb917c7d981e7772fca499d9583717fd83ffef47b0534cb9132b60
GET /js/300/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.myproxy.help/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-5834c"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 116423
date: Sat, 25 Mar 2023 17:09:12 GMT
vary: Accept-Encoding
x-distribution: 99
x-host: s7.addthis.com
X-Firefox-Spdy: h2
yts.myproxy.help/assets/images/website/ajax-spinner.gif
188.114.96.1200 OK 38 kB URL HTTP/1.1 yts.myproxy.help/assets/images/website/ajax-spinner.gif
IP 188.114.96.1:0
File type GIF image data, version 89a, 84 x 84\012- data
Hash 6c25b2f7efe1457cbe08ab4452e81589
77029c58741ebead12614624d9765648d1bb82ff
04a309929e0e1d64d9aed3b63dbe88f613004a37de9e1ddc8bd7cd6091846ef4
GET /assets/images/website/ajax-spinner.gif HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:12 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:12 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yoxWA1tc9a3o%2Bq%2BSTbkdKKWXGGuiUajrhXtKRGiU%2BMONHvz6U0IXSjdRR1yo725wYIo2cCbL3Av30HolzHHwLqcYGbIT1Csp5ZLu6IlCQX%2F5aB%2FzezqYrtcE3bBJ88A0nNNA"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29eea6db518-OSL
alt-svc: h2=":443"; ma=60
yts.myproxy.help/assets/images/movies/loi_bao_2017/medium-cover.jpg
188.114.96.1200 OK 43 kB URL HTTP/1.1 yts.myproxy.help/assets/images/movies/loi_bao_2017/medium-cover.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash e174aa02ffd5c2b62523549f1720a5c6
d80b7a85348a894c58a77b2b370b1ea81d459b9c
db0c9c348fd66ca2fb5fc6e8ac18223489c0f202969ba281b68293fde8937e8d
GET /assets/images/movies/loi_bao_2017/medium-cover.jpg HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=kocfpcg8tngjvfp56qs1p9kutj
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:12 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:12 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TYkNSD4NzpZXe6uQfJqNiVSxbtUnlZhrhyMftUi43%2FRNNk3zECbj9RM6Gusr6vTqZ%2BhqnM2VaccxpLmoKV29EW0Mt4%2FkNm72HcGCvfjG0F62B49kVMgJD5YqjQGMAshBE3Nr"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c29e28220afa-OSL
alt-svc: h2=":443"; ma=60
matomo.hellohi.me/matomo.php?action_name=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&idsite=1&rec=1&r=159809&h=17&m=9&s=25&url=http%3A%2F%2Fyts.myproxy.help%2F&_id=e77aab261f16e6e2&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=22sB1J&pf_net=69&pf_srv=154&pf_tfr=134&pf_dm1=1283&uadata=%7B%7D
188.114.97.1301 Moved Permanently 169 B URL HTTP/1.1 matomo.hellohi.me/matomo.php?action_name=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&idsite=1&rec=1&r=159809&h=17&m=9&s=25&url=http%3A%2F%2Fyts.myproxy.help%2F&_id=e77aab261f16e6e2&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=22sB1J&pf_net=69&pf_srv=154&pf_tfr=134&pf_dm1=1283&uadata=%7B%7D
IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f3099a531821c476589c3d2d00d53772
8e539d05a8355d6835a56f94b75f405c6e55f6f3
a5287e1cf9fe9dc106bd2172a5b175c7833427866b7819872b1b6fa34b66daef
POST /matomo.php?action_name=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&idsite=1&rec=1&r=159809&h=17&m=9&s=25&url=http%3A%2F%2Fyts.myproxy.help%2F&_id=e77aab261f16e6e2&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=22sB1J&pf_net=69&pf_srv=154&pf_tfr=134&pf_dm1=1283&uadata=%7B%7D HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Mar 2023 17:09:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://matomo.hellohi.me/matomo.php?action_name=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&idsite=1&rec=1&r=159809&h=17&m=9&s=25&url=http%3A%2F%2Fyts.myproxy.help%2F&_id=e77aab261f16e6e2&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=22sB1J&pf_net=69&pf_srv=154&pf_tfr=134&pf_dm1=1283&uadata=%7B%7D
Referrer-Policy: origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3JyQwLSm34c93IUarzrpzaYUbmLoOrBtDatLAoHRNWl8vmjq2JrbRUWDBXaVJsJGmJtPAdG%2FRyp%2BTudr0IxB8OFMaEAf5IragdXafYv7yNxYuySbEyPfNOwo4zcJ77cTFEvwiw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ad8c2a09e53b51d-OSL
alt-svc: h2=":443"; ma=60
glimtors.net/pfe/current/universal.min.js?v=3.1.424
139.45.197.251304 Not Modified 0 B URL HTTP/2 glimtors.net/pfe/current/universal.min.js?v=3.1.424
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pfe/current/universal.min.js?v=3.1.424 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.myproxy.help/
Origin: http://yts.myproxy.help
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Thu, 16 Mar 2023 15:32:57 GMT
If-None-Match: W/"641336a9-190ac"
TE: trailers
HTTP/2 304 Not Modified
server: nginx
date: Sat, 25 Mar 2023 17:09:12 GMT
last-modified: Thu, 16 Mar 2023 15:32:57 GMT
etag: "641336a9-190ac"
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
glimtors.net/zone?pub=0&zone_id=2651991&is_mobile=false&domain=yts.myproxy.help&var=&ymid=&var_3=
139.45.197.251200 OK 880 B URL HTTP/2 glimtors.net/zone?pub=0&zone_id=2651991&is_mobile=false&domain=yts.myproxy.help&var=&ymid=&var_3=
IP 139.45.197.251:0
File type JSON data\012- , ASCII text, with very long lines (879)
Hash 8488d36091fc56d07613281e69a7d2eb
253ad29c9ddb8875f81219a1a6b8916a1d6d6aae
29af55f35239601807a63eb61d2c48d3d87d5ac482f7661b7342164335b0f8cb
GET /zone?pub=0&zone_id=2651991&is_mobile=false&domain=yts.myproxy.help&var=&ymid=&var_3= HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.myproxy.help/
Origin: http://yts.myproxy.help
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:12 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: c5a17e5517fb8451a94ba4089bcf0b70
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
cdn.itskiddien.club/apu.php?zoneid=3388548
139.45.197.236200 OK 25 kB URL HTTP/2 cdn.itskiddien.club/apu.php?zoneid=3388548
IP 139.45.197.236:0
Hash ebbb1bb3361a01308171a353ec6d052e
695dcbdebed0d59f02d576fa01be50b45efe539f
f4d910e889d4a553f625d3560c4894388b9732c67980e124d25f43b52a2a42b9
GET /apu.php?zoneid=3388548 HTTP/1.1
Host: cdn.itskiddien.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:12 GMT
content-type: application/javascript
x-trace-id: 4042d93ecfa68e63601937d0b7265dac
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=16461516eae0411d9054a69b7d7bac45; expires=Sun, 24 Mar 2024 17:09:12 GMT; path=/; secure; SameSite=None
oaidts=1679764152; expires=Sun, 24 Mar 2024 17:09:12 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash aa2c1fe8f6b7d276daccd46a89c29014
8b7d29728c2cc633daf199026a8f0a5fc04a60e3
10291ea5a5359ecdfee6a299ae87ef834b654155e192b88f96430dee3caef704
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:12 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 22 Mar 2023 15:49:41 GMT
Expires: Wed, 29 Mar 2023 15:49:40 GMT
Etag: "8b7d29728c2cc633daf199026a8f0a5fc04a60e3"
Cache-Control: max-age=340227,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ad8c2a1cbd4b512-OSL
glimtors.net/custom
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://yts.myproxy.help/
Origin: http://yts.myproxy.help
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:12 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=33030bcb3936411f93838a2eb3be2431&zoneId=2651991&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=33030bcb3936411f93838a2eb3be2431&zoneId=2651991&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash ab6477247d3f918a817b8914bd9a4522
a27a7a9b139d1bbc3d1bae9883f2993a33fe317a
8467d513744258ec65d417a4828deef9a5115b864e7eb651c76c46f22f713672
GET /gid.js?pub=0&userId=33030bcb3936411f93838a2eb3be2431&zoneId=2651991&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.myproxy.help/
Origin: http://yts.myproxy.help
Connection: keep-alive
Cookie: ID=e312381457f94801a62543c43f5fb02c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:12 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=e312381457f94801a62543c43f5fb02c; expires=Sun, 24 Mar 2024 17:09:12 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8e4764d2114b3b2cadfeadd780316c7c
2c3af3b1bacc99b463839b0e6c73da70dab6a3bb
80c3d7ada232181e4ee0a4e790dccce24912f9704b85f523627b06fa68ae1744
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "80C3D7ADA232181E4EE0A4E790DCCCE24912F9704B85F523627B06FA68AE1744"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4927
Expires: Sat, 25 Mar 2023 18:31:19 GMT
Date: Sat, 25 Mar 2023 17:09:12 GMT
Connection: keep-alive
cdn.itskiddien.club/?rb=fw4ZMNavlOg67jjKsn55mbt0Wn4QEgZp-a1mn1MPjv5qH2SZndqSovLMoOPKOYn0dkrjWMcpnOv8UAmU2ev3jLdy0RpRIAhuv54IzhxHpH1uHmPsvjfoYBdtKcfD-w91VLVC3d-SHZr9EAHvHS06PtBff2hnqQdVGhjichyY_xfxYyqiySun-dVyNgo9D6KLFTgZoziEB1ZIkYFyUQHefVG8mveYmhQx7B91qn7K2vY%3D&request_ab2=0&zoneid=3388548&js_build=iclick-v1.511.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wih=836&wiw=1152&wfc=2&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.511.0&bs=366995d8-9cab-480c-b175-9b814b9c8880&userId=e312381457f94801a62543c43f5fb02c&m=link
139.45.197.236200 OK 1.4 kB URL HTTP/1.1 cdn.itskiddien.club/?rb=fw4ZMNavlOg67jjKsn55mbt0Wn4QEgZp-a1mn1MPjv5qH2SZndqSovLMoOPKOYn0dkrjWMcpnOv8UAmU2ev3jLdy0RpRIAhuv54IzhxHpH1uHmPsvjfoYBdtKcfD-w91VLVC3d-SHZr9EAHvHS06PtBff2hnqQdVGhjichyY_xfxYyqiySun-dVyNgo9D6KLFTgZoziEB1ZIkYFyUQHefVG8mveYmhQx7B91qn7K2vY%3D&request_ab2=0&zoneid=3388548&js_build=iclick-v1.511.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wih=836&wiw=1152&wfc=2&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.511.0&bs=366995d8-9cab-480c-b175-9b814b9c8880&userId=e312381457f94801a62543c43f5fb02c&m=link
IP 139.45.197.236:0
File type JSON data\012- , ASCII text, with very long lines (1673), with no line terminators
Hash eaa79482c96ca043ad481d2de8eca1b6
efec8c32f3e9ae5ceb034192f49992c57965b0c5
ccc46035aed55b7dc922e88085dbccc652d092b96a12f9645602952466875377
GET /?rb=fw4ZMNavlOg67jjKsn55mbt0Wn4QEgZp-a1mn1MPjv5qH2SZndqSovLMoOPKOYn0dkrjWMcpnOv8UAmU2ev3jLdy0RpRIAhuv54IzhxHpH1uHmPsvjfoYBdtKcfD-w91VLVC3d-SHZr9EAHvHS06PtBff2hnqQdVGhjichyY_xfxYyqiySun-dVyNgo9D6KLFTgZoziEB1ZIkYFyUQHefVG8mveYmhQx7B91qn7K2vY%3D&request_ab2=0&zoneid=3388548&js_build=iclick-v1.511.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wih=836&wiw=1152&wfc=2&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.511.0&bs=366995d8-9cab-480c-b175-9b814b9c8880&userId=e312381457f94801a62543c43f5fb02c&m=link HTTP/1.1
Host: cdn.itskiddien.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://yts.myproxy.help/
Origin: http://yts.myproxy.help
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 17:09:12 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 75bce8e008b9c86e584873c97b7116cf
Access-Control-Allow-Origin: http://yts.myproxy.help
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=e312381457f94801a62543c43f5fb02c; expires=Sun, 24 Mar 2024 17:09:12 GMT; path=/
oaidts=1679764152; expires=Sun, 24 Mar 2024 17:09:12 GMT; path=/
syncedCookie=true; expires=Sat, 01 Apr 2023 17:09:12 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1158
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 25 Mar 2023 17:10:01 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: http://yts.myproxy.help
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
inpagepush.com/500/3064505?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/1.1 inpagepush.com/500/3064505?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/3064505?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: inpagepush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://yts.myproxy.help/
Origin: http://yts.myproxy.help
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 17:09:12 GMT
Content-Length: 0
Connection: keep-alive
Allow: GET, OPTIONS
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://yts.myproxy.help
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 600
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
benumelan.com/5/2632704/?abt_opts=1&js_build=iclick-v1.511.0&userId=e312381457f94801a62543c43f5fb02c
139.45.197.239200 OK 1.4 kB URL HTTP/2 benumelan.com/5/2632704/?abt_opts=1&js_build=iclick-v1.511.0&userId=e312381457f94801a62543c43f5fb02c
IP 139.45.197.239:0
Hash 2517fed0b14ab15e3e1a9affb643454d
cf1284a12926b01269088d7a910e304ef805fced
acbdd818f1c96eca6dad3d23d6d0991e1392376454567ec9b800c27e8eccf8ba
GET /5/2632704/?abt_opts=1&js_build=iclick-v1.511.0&userId=e312381457f94801a62543c43f5fb02c HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: scm=1; OAID=178c7ec38e5a41dda816d0f1b0bd5576; oaidts=1679764151
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:12 GMT
content-type: application/json
x-trace-id: 99c17b9d48144404cfc42cc8d0369591
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=e312381457f94801a62543c43f5fb02c; expires=Sun, 24 Mar 2024 17:09:12 GMT; path=/; secure; SameSite=None
oaidts=1679764152; expires=Sun, 24 Mar 2024 17:09:12 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 01 Apr 2023 17:09:12 GMT; path=/; secure; SameSite=None
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
inpagepush.com/500/3064505?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 997 B URL HTTP/1.1 inpagepush.com/500/3064505?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1226), with no line terminators
Hash 49cb30492c1d183d3d0cd98da11c4ec5
62aa6b9ae712221118d3c3a57398c4ae9ed503de
5da3902a14db8f761752616ca32b233c1827cff8cfeded9b74b9690ccb00ab38
GET /500/3064505?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: inpagepush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 17:09:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 493522e618ad4eb513ddaa6a90cde154
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: http://yts.myproxy.help
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=e312381457f94801a62543c43f5fb02c; expires=Sun, 24 Mar 2024 17:09:12 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 0f3b9f3d7a07c6598b4cdfd550d11b14
3be837efe878f188dc584e5b0512c8af0a81917d
954082ead19c77082de9f5fc261418d3c0f7d403cd16cafa843a61e5307d619b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "954082EAD19C77082DE9F5FC261418D3C0F7D403CD16CAFA843A61E5307D619B"
Last-Modified: Fri, 24 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16630
Expires: Sat, 25 Mar 2023 21:46:22 GMT
Date: Sat, 25 Mar 2023 17:09:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 971b6f43bfca70766bfe46c48e105aa7
ea9d0bd7205728ec9883b3c25283f0aaf2703c10
ef701347264e83ce720a7d358e2f7f7770ea0802b61a12c8113843207749c907
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF701347264E83CE720A7D358E2F7F7770EA0802B61A12C8113843207749C907"
Last-Modified: Thu, 23 Mar 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21573
Expires: Sat, 25 Mar 2023 23:08:45 GMT
Date: Sat, 25 Mar 2023 17:09:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d420cdfedd3ce09633b90cfc5ef96fa5
f0e15fc7452629b6cc84adcfe466c6485b6b0648
2ce341799df3eb124163fc324c474830d3fe6ec11efcdea1eb7f6cbfb0d68bd1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CE341799DF3EB124163FC324C474830D3FE6EC11EFCDEA1EB7F6CBFB0D68BD1"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8480
Expires: Sat, 25 Mar 2023 19:30:32 GMT
Date: Sat, 25 Mar 2023 17:09:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a24c92f7ea9fac9d1797caaa8bf81934
91cb0c101332a488a63dcbb415484ff6d498faee
a73cb561b0d7d06bff96a87559fcbbda6816fe77e2cf83204e6cd73c831890a5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A73CB561B0D7D06BFF96A87559FCBBDA6816FE77E2CF83204E6CD73C831890A5"
Last-Modified: Fri, 24 Mar 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8470
Expires: Sat, 25 Mar 2023 19:30:22 GMT
Date: Sat, 25 Mar 2023 17:09:12 GMT
Connection: keep-alive
offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg
172.67.22.216200 OK 11 kB URL HTTP/2 offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg
IP 172.67.22.216:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash c203639f459b6e675afc744dd5393fc6
c83a0142c1a7f6a07c2dd360243197a27f560932
64b4e386658d3f5764261f576a4673eb506fcad5e38e69ef085723f8dab72263
GET /www/images/c203639f459b6e675afc744dd5393fc6.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:09:12 GMT
content-type: image/jpeg
content-length: 10857
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6388849a-2a69"
expires: Sun, 26 Mar 2023 05:43:29 GMT
last-modified: Thu, 01 Dec 2022 10:40:26 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 41142
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ad8c2a38c71b515-OSL
X-Firefox-Spdy: h2
hoaxbasesalad.com/sbar.json?key=a286902791a7f4c98bcb1e812322cd78
173.233.137.44200 OK 4.2 kB URL HTTP/1.1 hoaxbasesalad.com/sbar.json?key=a286902791a7f4c98bcb1e812322cd78
IP 173.233.137.44:0
File type JSON data\012- , ASCII text, with very long lines (6019), with no line terminators
Hash 34c9f45a266db33eb1e4b5168af899f4
e688727eb8c41cd5c0c213bf80c57af379a4690e
360e1136e07a420b05c2dccc87c8698ffc6ad3fef8567701171f247730608b7c
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a286902791a7f4c98bcb1e812322cd78 HTTP/1.1
Host: hoaxbasesalad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 25 Mar 2023 17:09:13 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://yts.myproxy.help
Access-Control-Allow-Origin: http://yts.myproxy.help
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15816950; expires=Sun, 26 Mar 2023 17:09:12 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 26 Mar 2023 17:09:13 GMT; secure; SameSite=None
uncs=1; expires=Sun, 26 Mar 2023 17:09:13 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 26 Mar 2023 17:09:13 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 26 Mar 2023 17:09:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: de3a869aa1cb7834b2309e0aec5c7226
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
overzubatan.com/5/2632704/?abt_opts=1&js_build=iclick-v1.511.0&userId=e312381457f94801a62543c43f5fb02c
139.45.197.239200 OK 1.4 kB URL HTTP/2 overzubatan.com/5/2632704/?abt_opts=1&js_build=iclick-v1.511.0&userId=e312381457f94801a62543c43f5fb02c
IP 139.45.197.239:0
File type JSON data\012- , ASCII text, with very long lines (2814), with no line terminators
Hash e6783a49afdf6cd143ed5f70f490cbc8
2c9d30761509833e18f4ffdf6ff9135f959766f3
afe4122830a6c7291888ea219cbf7165cdd60d3b097febd13edd7111dae7bbeb
GET /5/2632704/?abt_opts=1&js_build=iclick-v1.511.0&userId=e312381457f94801a62543c43f5fb02c HTTP/1.1
Host: overzubatan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:12 GMT
content-type: application/json
x-trace-id: 6da4e05c5ee2919fec5bfac15f2fe71f
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=e312381457f94801a62543c43f5fb02c; expires=Sun, 24 Mar 2024 17:09:12 GMT; path=/; secure; SameSite=None
oaidts=1679764152; expires=Sun, 24 Mar 2024 17:09:12 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 01 Apr 2023 17:09:12 GMT; path=/; secure; SameSite=None
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash c44bdaff47ee5b4b756c303217962e4e
dc83d8babb70750920953b26627f7499c514316f
417afd35b98423a4e37d52e89cc34b3b44a57a089c434b90d3cbcf07c412c7a1
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:13 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Wed, 29 Mar 2023 14:40:15 GMT
ETag: "dc83d8babb70750920953b26627f7499c514316f"
Last-Modified: Sat, 25 Mar 2023 14:40:16 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1734
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c2a60f3f1bfa-OSL
yts.myproxy.help/assets/images/website/apple-touch-icon-180x180.png
188.114.96.1200 OK 7.0 kB URL HTTP/1.1 yts.myproxy.help/assets/images/website/apple-touch-icon-180x180.png
IP 188.114.96.1:0
File type PNG image data, 152 x 152, 8-bit/color RGB, non-interlaced\012- data
Hash f87afcf11d459620ff02da6112365db2
d09e6d4e7db706569474bfb7ec93f31ccbd6ed69
a70913fad67537f16d871e4c456c8f4484106f6d4ef3e12fa3c3b2eceefee508
GET /assets/images/website/apple-touch-icon-180x180.png HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; view=1; PHPSESSID=c13sglo66mi9ch9t86isom5h9n; _pk_id.1.33ac=e77aab261f16e6e2.1679764166.; _pk_ses.1.33ac=1; sb_main_a286902791a7f4c98bcb1e812322cd78=1; sb_count_a286902791a7f4c98bcb1e812322cd78=1; prefix_views_counter=1; prefetchAd_3388548=true
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:13 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:13 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=15YWdNm%2FGzI2PXOVH99LU4VftBwAOx%2B608bTmIXuGvUvuDlJ68qolT8d%2BAWBWEV70AvW7p2hKJ53%2FlPDoANpLzByKg4c136kjZvV2%2F%2BWyBLrz%2B4H%2FZxmEZBVL3tvbkJDlTe2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c2a58be6b518-OSL
alt-svc: h2=":443"; ma=60
yts.myproxy.help/assets/images/website/favicon-16x16.png
188.114.96.1200 OK 619 B URL HTTP/1.1 yts.myproxy.help/assets/images/website/favicon-16x16.png
IP 188.114.96.1:0
File type PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced\012- data
Hash ea830fdd4f9a6d19aa7455dabdac987a
b0d567d6b4d40959e1bd44032f6bc2331057b319
71148160c085a70d1af7708c1d52cfcf39f8ef6e4ce13f0f20c080b2e19195db
GET /assets/images/website/favicon-16x16.png HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; view=1; PHPSESSID=c13sglo66mi9ch9t86isom5h9n; _pk_id.1.33ac=e77aab261f16e6e2.1679764166.; _pk_ses.1.33ac=1; sb_main_a286902791a7f4c98bcb1e812322cd78=1; sb_count_a286902791a7f4c98bcb1e812322cd78=1; prefix_views_counter=1; prefetchAd_3388548=true
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:13 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 26-Mar-2023 17:09:13 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6jrJvGlrLDnkyw7sQHkVgbWfDzQirCz77jD6P10haTNT8mhcCFqHZtJwe8naC8LVGkoCTytpXFOo0DJLquPPtKFqBMNvgjD%2B8DaRgvYSMe3IHhw3PLLqElkhmHNe5pRAt5yx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c2a58ca30b55-OSL
alt-svc: h2=":443"; ma=60
mc.yandex.ru/metrika/tag.js
77.88.21.119200 OK 74 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 77.88.21.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash d25e62ce8ed279843870678fdc0cfcb1
15964da72c0123793ef56d6913b408f0392972d3
05a678b9e81dc748077b1648055ce694e38f499a6b470a9e1cded275d9a87737
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 74070
date: Sat, 25 Mar 2023 17:09:13 GMT
access-control-allow-origin: *
etag: "641c2476-12156"
expires: Sat, 25 Mar 2023 18:09:13 GMT
last-modified: Thu, 23 Mar 2023 13:05:42 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: application/javascript
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11200
Expires: Sat, 25 Mar 2023 20:15:53 GMT
Date: Sat, 25 Mar 2023 17:09:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11200
Expires: Sat, 25 Mar 2023 20:15:53 GMT
Date: Sat, 25 Mar 2023 17:09:13 GMT
Connection: keep-alive
benumelan.com/5/2632704/?abt_opts=1&js_build=iclick-v1.511.0&userId=e312381457f94801a62543c43f5fb02c
139.45.197.239200 OK 1.9 kB URL HTTP/2 benumelan.com/5/2632704/?abt_opts=1&js_build=iclick-v1.511.0&userId=e312381457f94801a62543c43f5fb02c
IP 139.45.197.239:0
Hash e1787bfbcd1f16efd2a5d3099c5b98f5
5ccc6ebaaa24799ff5e31ffe707135f06192f0e1
ea4a1efdc9c5724a158efed34f82ce651573806c0464c2cdc46cbe39ae093ef0
GET /5/2632704/?abt_opts=1&js_build=iclick-v1.511.0&userId=e312381457f94801a62543c43f5fb02c HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: scm=1; OAID=178c7ec38e5a41dda816d0f1b0bd5576; oaidts=1679764151
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:12 GMT
content-type: application/json
x-trace-id: e877f4241c17dc539e4047a626ada525
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=e312381457f94801a62543c43f5fb02c; expires=Sun, 24 Mar 2024 17:09:12 GMT; path=/; secure; SameSite=None
oaidts=1679764152; expires=Sun, 24 Mar 2024 17:09:12 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 01 Apr 2023 17:09:12 GMT; path=/; secure; SameSite=None
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11200
Expires: Sat, 25 Mar 2023 20:15:53 GMT
Date: Sat, 25 Mar 2023 17:09:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11200
Expires: Sat, 25 Mar 2023 20:15:53 GMT
Date: Sat, 25 Mar 2023 17:09:13 GMT
Connection: keep-alive
rndskittytor.com/401/4837723?oo=1&oaid=e312381457f94801a62543c43f5fb02c
139.45.197.238200 OK 6.1 kB URL HTTP/2 rndskittytor.com/401/4837723?oo=1&oaid=e312381457f94801a62543c43f5fb02c
IP 139.45.197.238:0
Hash 6c7be98a6fef814563421cc016927500
3844751b50fb999fad2a941abfb25e7a23226a5b
a4ca49f4620f0edade8d2630e4fc7663954185987e944b8e21985ffebd1bc233
GET /401/4837723?oo=1&oaid=e312381457f94801a62543c43f5fb02c HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:12 GMT
content-type: application/json
x-trace-id: 04090aa815a456241404f68e7a1ff623
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: http://yts.myproxy.help
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=e312381457f94801a62543c43f5fb02c; expires=Sun, 24 Mar 2024 17:09:12 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bda2583-e595-45ff-852f-d4b6bd713109.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bda2583-e595-45ff-852f-d4b6bd713109.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 73f9697594d173d623b331b5c35eab8d
6323f751f6b7517f062a0442480f672086ea02a1
116cb71658b31e87f19c390b242c684f6505cc8edf90b7fc934ac726fc7ddd18
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bda2583-e595-45ff-852f-d4b6bd713109.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8635
x-amzn-requestid: fc715b03-f48f-4300-b752-ab157a684f08
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTihcETyIAMFhYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e17a2-68f685ec0f50dae026ea3f64;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:35:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: i6dsVaC_gPijsRqh_EL5tZYZpjNEbQJvKIpPq501TIJZzcLUWeRz9w==
via: 1.1 ba490acb2ea716cd57876286ed686786.cloudfront.net (CloudFront), 1.1 34f8ef0e4c880df0650a814412a26ea6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:45:56 GMT
age: 69797
etag: "6323f751f6b7517f062a0442480f672086ea02a1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: I3GuoZ4ZxAtz0sKe3wrW67aitLlCAbaZkiPw23fl0F3FoumJDEnXiQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 05:56:24 GMT
age: 40369
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg
IP 34.120.237.76:0
Hash 073b09e6bf8e4f76ff65226aff8f5cf7
6121273192b90b25c64598708f9be3d6143c2d35
51d945404a2ffd1e954c6784a4c6757e250392c216ca9cbac9888d24c1174094
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7800
x-amzn-requestid: bad99b1e-3923-4de9-8bea-4dd04e96f7cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTigfFGcIAMFdBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e179c-0826b92d4c4af16553503600;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:35:24 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 9AGLmjvUSTKIsYIWECOR8QwdF4PP1tP1TweUm0VYvxQ0qskqj3YuLA==
via: 1.1 3698a5f586d9ecca74d570e41f4c8516.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:43:53 GMT
age: 69920
etag: "1b11316c952e2195da1646dd94671669e7e3bc2b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
glimtors.net/pfe/current/defaultSkin.min.js
139.45.197.251200 OK 57 kB URL HTTP/2 glimtors.net/pfe/current/defaultSkin.min.js
IP 139.45.197.251:0
Hash 412059371c20bbaeaa1647a08d5cce18
c35f1f200e1bdffcb76838db14c8d8e6dfbe0a9c
07ab3d750892f294ac7b99318177a5c3e382de079e8d060e2d0e56ae0d4c90b7
GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.myproxy.help/
Origin: http://yts.myproxy.help
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:12 GMT
content-type: application/javascript
last-modified: Thu, 16 Mar 2023 15:32:57 GMT
etag: W/"641336a9-df63"
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6f9abe8-74dc-41f6-984c-4a9e53a6198a.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6f9abe8-74dc-41f6-984c-4a9e53a6198a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dd191e3a122d6e31f81e6e9d434c58d6
aec88022970c93289434f8097e4a663da33e5271
1f00c901ef479637ec703d7924526a970cb13dd2635b2bbb68b285df9d98e011
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6f9abe8-74dc-41f6-984c-4a9e53a6198a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6185
x-amzn-requestid: 223de50b-9a7e-4ac7-9305-336658eec4ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTiwYHoLoAMFXtg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e1802-226bd8524ade75234053ff50;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:37:06 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Ye0ADORg1hFVLxcNVj-qS60tlfguOEtyTx_XFU4ooJOcDHqNsqV3kw==
via: 1.1 3698a5f586d9ecca74d570e41f4c8516.cloudfront.net (CloudFront), 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:57:14 GMT
age: 69119
etag: "aec88022970c93289434f8097e4a663da33e5271"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
betotodilea.com/500/4495524?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/500/4495524?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/4495524?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://yts.myproxy.help/
Origin: http://yts.myproxy.help
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:13 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
betotodilea.com/400/4495524
139.45.197.237200 OK 32 kB URL HTTP/2 betotodilea.com/400/4495524
IP 139.45.197.237:0
Hash 4c85891f2b3ad59cad1b5489bacbe5e4
963f706967f17c1fa6656c5c78902a1d84cd0005
ca0c885669c9fffd5e23dfd23f7c459ea31246cdf6461d81f428afa9e66dd917
GET /400/4495524 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:12 GMT
content-type: application/javascript
x-trace-id: 6b69b9d28785ceda9c6be6eab83edadb
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=f436e5052e3449778c87d34ae0a3ac3b; expires=Sun, 24 Mar 2024 17:09:12 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
celeritascdn.com/script/clock.js
104.16.91.6200 OK 34 kB URL HTTP/1.1 celeritascdn.com/script/clock.js
IP 104.16.91.6:0
File type Unicode text, UTF-8 text, with very long lines (37958), with NEL line terminators
Hash 992878d5ad5d4eba1fd122223ff194aa
566f9b8256f75c04fb0a3b9d5cdef2394357dba6
5634e5bbebe775041ea3824ee2ce898b28d916e9ef354dcfb4297c293ec208b4
GET /script/clock.js HTTP/1.1
Host: celeritascdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: ADPycdt5HOwFVOy4dzUX-nHInDTMPqZrBoBN8m4TLd0mef-6tAPYuWHe2aG6HzXKN9Kjh-zGthVABQpAA-5puPavKXAWYBoX72zC
x-goog-generation: 1679650457095713
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 102179
x-goog-hash: crc32c=Jg0kbw==, md5=hizmZ+0kHiRLNeUbgoMwtw==
x-goog-storage-class: MULTI_REGIONAL
Access-Control-Allow-Origin: *
Expires: Sat, 25 Mar 2023 21:09:13 GMT
Cache-Control: public, max-age=14400
Last-Modified: Fri, 24 Mar 2023 09:34:17 GMT
ETag: W/"862ce667ed241e244b35e51b828330b7"
CF-Cache-Status: HIT
Age: 474
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c2a98d920b65-OSL
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8f1bc8bd989c1c7ce4976d567e7da88e
66caa00fa7a0c349b1adf802dd2d42a1f98d7f85
0e1762bae095e1d575090c493a46317e422dd5d31e6666cb5934ae37ce1eaf6c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E1762BAE095E1D575090C493A46317E422DD5D31E6666CB5934AE37CE1EAF6C"
Last-Modified: Thu, 23 Mar 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8593
Expires: Sat, 25 Mar 2023 19:32:26 GMT
Date: Sat, 25 Mar 2023 17:09:13 GMT
Connection: keep-alive
simplewebanalysis.com/stats
3.123.95.62200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.123.95.62:0
File type ASCII text, with no line terminators
Hash 58f9bbce5975a95a1d71503ec5e5dd09
0b0fb5979f4f182abd2958b5c0e870e4c8ffa8ff
5d37922c8331d1a451f6fb07a6c8e86b6c59c5809a98b0f140120100f8c884aa
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: uid_id2=e06848fe-ff61-4507-902b-9076907870b6:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:09:13 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-credentials: true
X-Firefox-Spdy: h2
benumelan.com/11?rnd=697632549&z=3372123&b=17248824&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=Crk5-VEM1rdg7j5_G5tP-rC5fxxubLIRmm0KoOIDgsx3Ujlz4RUUJ63NzhQw9qJYfq91BpSQsgshndluAN044tyrYwXbq1QxHfj9WwsDjPhlthVjLlwRumNBQnsE5KgtOhTWXykqnhcOJq2xJrFhnhg2MtRj4xlyoRNSlZWw-EJrmfOaUxCPdg7ETlyWawK0_18gaeBsoGJI7bw96yy0N-tQBP9_8hYBztxJmU5V9N02U8oH9_l218cQXyDjWjRHsxt1otmeeS387A_yoBI98QO_FZVGzy9sS-Nb2BOtqA7d9jOCdq8gg4wD7d16CFDba6ezMVpO0jFJIno5NyQ-0J57wADeSeqIY2gZw2BrY1g-6deVxlbTfcMZYkt4H8oYQs3m7pt6jty1tGz0QhZVBrwoxakg5wN-xmvx-AJKZt1OX-O2g1OP542z6epgksuypHeROxvsinN3hk63QHS0Qvy77RL29KRFioFUm1Fg5v-asVHxqnRGrQINX9pXXkjXf8ukOGi0a_gN9NIKw-2OED3Psnp27WmfVOC-f0y27oCk9TVg8aUAT7OcKnPgkN_66rIdmBH3e-cLKwjGJ4LqW0SYfWA4m8_2_jHcHSv_Oh2QwU9iwb8C9gJcHHqLgsjqNT4Ox1SAxyDmLNTPqxX_HD2rzCeW2HNORLhEXbhElgtVHiEP&ruid=3a6ae6ed-f750-43eb-ad97-3a5a3bc95388&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.myproxy.help%2F&wy=0&wx=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&sah=1024&drf=&hil=1&ist=0&ot=470
139.45.197.239200 OK 0 B URL HTTP/2 benumelan.com/11?rnd=697632549&z=3372123&b=17248824&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=Crk5-VEM1rdg7j5_G5tP-rC5fxxubLIRmm0KoOIDgsx3Ujlz4RUUJ63NzhQw9qJYfq91BpSQsgshndluAN044tyrYwXbq1QxHfj9WwsDjPhlthVjLlwRumNBQnsE5KgtOhTWXykqnhcOJq2xJrFhnhg2MtRj4xlyoRNSlZWw-EJrmfOaUxCPdg7ETlyWawK0_18gaeBsoGJI7bw96yy0N-tQBP9_8hYBztxJmU5V9N02U8oH9_l218cQXyDjWjRHsxt1otmeeS387A_yoBI98QO_FZVGzy9sS-Nb2BOtqA7d9jOCdq8gg4wD7d16CFDba6ezMVpO0jFJIno5NyQ-0J57wADeSeqIY2gZw2BrY1g-6deVxlbTfcMZYkt4H8oYQs3m7pt6jty1tGz0QhZVBrwoxakg5wN-xmvx-AJKZt1OX-O2g1OP542z6epgksuypHeROxvsinN3hk63QHS0Qvy77RL29KRFioFUm1Fg5v-asVHxqnRGrQINX9pXXkjXf8ukOGi0a_gN9NIKw-2OED3Psnp27WmfVOC-f0y27oCk9TVg8aUAT7OcKnPgkN_66rIdmBH3e-cLKwjGJ4LqW0SYfWA4m8_2_jHcHSv_Oh2QwU9iwb8C9gJcHHqLgsjqNT4Ox1SAxyDmLNTPqxX_HD2rzCeW2HNORLhEXbhElgtVHiEP&ruid=3a6ae6ed-f750-43eb-ad97-3a5a3bc95388&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.myproxy.help%2F&wy=0&wx=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&sah=1024&drf=&hil=1&ist=0&ot=470
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /11?rnd=697632549&z=3372123&b=17248824&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=Crk5-VEM1rdg7j5_G5tP-rC5fxxubLIRmm0KoOIDgsx3Ujlz4RUUJ63NzhQw9qJYfq91BpSQsgshndluAN044tyrYwXbq1QxHfj9WwsDjPhlthVjLlwRumNBQnsE5KgtOhTWXykqnhcOJq2xJrFhnhg2MtRj4xlyoRNSlZWw-EJrmfOaUxCPdg7ETlyWawK0_18gaeBsoGJI7bw96yy0N-tQBP9_8hYBztxJmU5V9N02U8oH9_l218cQXyDjWjRHsxt1otmeeS387A_yoBI98QO_FZVGzy9sS-Nb2BOtqA7d9jOCdq8gg4wD7d16CFDba6ezMVpO0jFJIno5NyQ-0J57wADeSeqIY2gZw2BrY1g-6deVxlbTfcMZYkt4H8oYQs3m7pt6jty1tGz0QhZVBrwoxakg5wN-xmvx-AJKZt1OX-O2g1OP542z6epgksuypHeROxvsinN3hk63QHS0Qvy77RL29KRFioFUm1Fg5v-asVHxqnRGrQINX9pXXkjXf8ukOGi0a_gN9NIKw-2OED3Psnp27WmfVOC-f0y27oCk9TVg8aUAT7OcKnPgkN_66rIdmBH3e-cLKwjGJ4LqW0SYfWA4m8_2_jHcHSv_Oh2QwU9iwb8C9gJcHHqLgsjqNT4Ox1SAxyDmLNTPqxX_HD2rzCeW2HNORLhEXbhElgtVHiEP&ruid=3a6ae6ed-f750-43eb-ad97-3a5a3bc95388&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.myproxy.help%2F&wy=0&wx=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&sah=1024&drf=&hil=1&ist=0&ot=470 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: scm=1; OAID=e312381457f94801a62543c43f5fb02c; oaidts=1679764152; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:13 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: e44f3acb8cdb0ba31af01d572838c1a3
access-control-expose-headers: X-Sc
set-cookie: OAID=e312381457f94801a62543c43f5fb02c; expires=Sun, 24 Mar 2024 17:09:13 GMT; secure; SameSite=None
oaidts=1679764152; expires=Sun, 24 Mar 2024 17:09:13 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
hoaxbasesalad.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwjRRSevTsaqEA0FIBFBQg5u2v7bJPidOEICoQk3B0E0c3fOoPHO6uZXa8TUUSchK5B%2BCooN5%2BTi4AIcSUFEtrQoEhIMQWkIHSIFiGlRnYsGZ4089433yu%2B7735ZC87Jz4yerbxttlRWtOFRtWvvLipYmFyV1m7Wwn8qr9Y2VTx9fpiZTC5bP%2FVwG9U%2FZcqb0jeNQuhH%2Fh%2B4AeVZWVlZAYLUxYqOWoH1bZfrYfVoFHHwP4fu8yDox5E%2F5w8BSXGj2399AiKl4h7396Srpua5JXXe5mmqbHoi8N3425s8hi9eRlZD1F8OOuGcWNCvrgCEx%2FOHMD09ycOwNSYeL8GYPHhTCZY%2F%2BBSKdOQMZh4Anm%2FhNQlFC3BzT0ocUoALrC2jrj3cM3YnG5fsnTCjsm1i3%2Bg8jG59vvTiHvfLGk1qNwxOkuViR0GUQE1KKE6JZLsGOmOB5Ufg6cfQ4mfycLFKuLe%2FrrTBkoUU%2FdKlVBRCS2HoM5DNjnKQxZ5yBIPPXFWoY125PvNiEW1WqvOOa%2FVOG%2B0rouGqNVbkY%2BMT%2BQNkSZDcD0Et7tI7C666sFp403Y7Ae4rQJOeHDpmHjv7KIvCuSSIHcEOSXIFUGeEuT94kBoF7riodAuY8Esh7NcK0Ym7ezRA5N2ZEz2knPy5HQ0f79%2Fga48q9Cwdb3th812QJtRnbdbjLNAtoKwFoZcNFtwqoByV6ZudyZ7Ks6RqDEhn%2F0GRo%2Fh9DG4egE0exY0HzVDH3RrVG%2F52ImPsphpw7tSVJWAMAWS9BrSbW9Pn5Nnpjraf3qQ%2FOTG55%2Bu%2F7EoPgC3BRJb4EP1I0FH3x%2FdNjnZv21yRx6tJ6nqqR06Wd%2BdlKby6ldvye3cWLFyyw2%2FvMknxKQ8uitdukpjoeKOI18vKSGkXTaWS%2FL9ituUbCNzW0uZjbNkdeO15ZVeYqVzysQlqDp97yNwNSaP2%2B70Yz73100oW8JmBXrZCZkFlCnBk124ZK7eGQKr5z0s8ZBnxciGbP6oFYGWc0xZAfcfzOb1nruPjvVA03uIewX6tkBfF6B6CJddHaWJPbnxS20aYNobMW29faatfnA5WqfOKrIR%2BZH0Q8miNoua1BftqN5mtB3IJmvQAKkbi%2Bdf%2Fu5fAAAA%2F%2F8BAAD%2F%2F08Lsw9wBAAA
173.233.137.44200 OK 7 B URL HTTP/1.1 hoaxbasesalad.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwjRRSevTsaqEA0FIBFBQg5u2v7bJPidOEICoQk3B0E0c3fOoPHO6uZXa8TUUSchK5B%2BCooN5%2BTi4AIcSUFEtrQoEhIMQWkIHSIFiGlRnYsGZ4089433yu%2B7735ZC87Jz4yerbxttlRWtOFRtWvvLipYmFyV1m7Wwn8qr9Y2VTx9fpiZTC5bP%2FVwG9U%2FZcqb0jeNQuhH%2Fh%2B4AeVZWVlZAYLUxYqOWoH1bZfrYfVoFHHwP4fu8yDox5E%2F5w8BSXGj2399AiKl4h7396Srpua5JXXe5mmqbHoi8N3425s8hi9eRlZD1F8OOuGcWNCvrgCEx%2FOHMD09ycOwNSYeL8GYPHhTCZY%2F%2BBSKdOQMZh4Anm%2FhNQlFC3BzT0ocUoALrC2jrj3cM3YnG5fsnTCjsm1i3%2Bg8jG59vvTiHvfLGk1qNwxOkuViR0GUQE1KKE6JZLsGOmOB5Ufg6cfQ4mfycLFKuLe%2FrrTBkoUU%2FdKlVBRCS2HoM5DNjnKQxZ5yBIPPXFWoY125PvNiEW1WqvOOa%2FVOG%2B0rouGqNVbkY%2BMT%2BQNkSZDcD0Et7tI7C666sFp403Y7Ae4rQJOeHDpmHjv7KIvCuSSIHcEOSXIFUGeEuT94kBoF7riodAuY8Esh7NcK0Ym7ezRA5N2ZEz2knPy5HQ0f79%2Fga48q9Cwdb3th812QJtRnbdbjLNAtoKwFoZcNFtwqoByV6ZudyZ7Ks6RqDEhn%2F0GRo%2Fh9DG4egE0exY0HzVDH3RrVG%2F52ImPsphpw7tSVJWAMAWS9BrSbW9Pn5Nnpjraf3qQ%2FOTG55%2Bu%2F7EoPgC3BRJb4EP1I0FH3x%2FdNjnZv21yRx6tJ6nqqR06Wd%2BdlKby6ldvye3cWLFyyw2%2FvMknxKQ8uitdukpjoeKOI18vKSGkXTaWS%2FL9ituUbCNzW0uZjbNkdeO15ZVeYqVzysQlqDp97yNwNSaP2%2B70Yz73100oW8JmBXrZCZkFlCnBk124ZK7eGQKr5z0s8ZBnxciGbP6oFYGWc0xZAfcfzOb1nruPjvVA03uIewX6tkBfF6B6CJddHaWJPbnxS20aYNobMW29faatfnA5WqfOKrIR%2BZH0Q8miNoua1BftqN5mtB3IJmvQAKkbi%2Bdf%2Fu5fAAAA%2F%2F8BAAD%2F%2F08Lsw9wBAAA
IP 173.233.137.44:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwjRRSevTsaqEA0FIBFBQg5u2v7bJPidOEICoQk3B0E0c3fOoPHO6uZXa8TUUSchK5B%2BCooN5%2BTi4AIcSUFEtrQoEhIMQWkIHSIFiGlRnYsGZ4089433yu%2B7735ZC87Jz4yerbxttlRWtOFRtWvvLipYmFyV1m7Wwn8qr9Y2VTx9fpiZTC5bP%2FVwG9U%2FZcqb0jeNQuhH%2Fh%2B4AeVZWVlZAYLUxYqOWoH1bZfrYfVoFHHwP4fu8yDox5E%2F5w8BSXGj2399AiKl4h7396Srpua5JXXe5mmqbHoi8N3425s8hi9eRlZD1F8OOuGcWNCvrgCEx%2FOHMD09ycOwNSYeL8GYPHhTCZY%2F%2BBSKdOQMZh4Anm%2FhNQlFC3BzT0ocUoALrC2jrj3cM3YnG5fsnTCjsm1i3%2Bg8jG59vvTiHvfLGk1qNwxOkuViR0GUQE1KKE6JZLsGOmOB5Ufg6cfQ4mfycLFKuLe%2FrrTBkoUU%2FdKlVBRCS2HoM5DNjnKQxZ5yBIPPXFWoY125PvNiEW1WqvOOa%2FVOG%2B0rouGqNVbkY%2BMT%2BQNkSZDcD0Et7tI7C666sFp403Y7Ae4rQJOeHDpmHjv7KIvCuSSIHcEOSXIFUGeEuT94kBoF7riodAuY8Esh7NcK0Ym7ezRA5N2ZEz2knPy5HQ0f79%2Fga48q9Cwdb3th812QJtRnbdbjLNAtoKwFoZcNFtwqoByV6ZudyZ7Ks6RqDEhn%2F0GRo%2Fh9DG4egE0exY0HzVDH3RrVG%2F52ImPsphpw7tSVJWAMAWS9BrSbW9Pn5Nnpjraf3qQ%2FOTG55%2Bu%2F7EoPgC3BRJb4EP1I0FH3x%2FdNjnZv21yRx6tJ6nqqR06Wd%2BdlKby6ldvye3cWLFyyw2%2FvMknxKQ8uitdukpjoeKOI18vKSGkXTaWS%2FL9ituUbCNzW0uZjbNkdeO15ZVeYqVzysQlqDp97yNwNSaP2%2B70Yz73100oW8JmBXrZCZkFlCnBk124ZK7eGQKr5z0s8ZBnxciGbP6oFYGWc0xZAfcfzOb1nruPjvVA03uIewX6tkBfF6B6CJddHaWJPbnxS20aYNobMW29faatfnA5WqfOKrIR%2BZH0Q8miNoua1BftqN5mtB3IJmvQAKkbi%2Bdf%2Fu5fAAAA%2F%2F8BAAD%2F%2F08Lsw9wBAAA HTTP/1.1
Host: hoaxbasesalad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: u_pl=15816950; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 25 Mar 2023 17:09:13 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 660fd46cbbf0a0c50bc6f48655a06cc7
Strict-Transport-Security: max-age=0; includeSubdomains
glimtors.net/custom
139.45.197.251200 OK 39 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.myproxy.help/
Content-Type: application/json
Origin: http://yts.myproxy.help
Content-Length: 679
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:13 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 162f4dcae4be164aad2dd78c3e1e3390
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=http%3A%2F%2Fyts.myproxy.help
93.184.220.66200 OK 105 kB URL HTTP/1.1 platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=http%3A%2F%2Fyts.myproxy.help
IP 93.184.220.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (56166)
Size 105 kB (105435 bytes)
Hash 58f06e7d628e7e207cad8e48c9cc76be
9042f057d52be00c9535ce93b0ce4c03707e0c41
ea6c34f2e7acfea93ba722fe283f2704392dc518c9a0d1eeca0ba03a0b63d789
GET /widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=http%3A%2F%2Fyts.myproxy.help HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 850586
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sat, 25 Mar 2023 17:09:13 GMT
Etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F709)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
x-amz-server-side-encryption: AES256
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105435
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b489ebdbe4147c81bda92a95e0eb7a9c
91acf961ba6bee08a2bfb2e84112d9e9981245ca
b2d84bdac0ae3019080ec7605cb8edf8a0a5c752a7be15cd555e00eb996b064e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B2D84BDAC0AE3019080EC7605CB8EDF8A0A5C752A7BE15CD555E00EB996B064E"
Last-Modified: Fri, 24 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8648
Expires: Sat, 25 Mar 2023 19:33:21 GMT
Date: Sat, 25 Mar 2023 17:09:13 GMT
Connection: keep-alive
visitanalytics.userreport.com/hit?t=USRur-core-nomedia&accountId=8304d5a6-2fb4-4e26-bb15-eebf51293e6d&rnd=hxmlkwm4qp&dsu=1.883ae7e802564349.bfbecfcb-998b-422a-756e-b391984512b5.1.1544.be99867241cbadb7&med=http%3A%2F%2Fyts.myproxy.help%2F
18.173.5.32200 OK 43 B URL HTTP/2 visitanalytics.userreport.com/hit?t=USRur-core-nomedia&accountId=8304d5a6-2fb4-4e26-bb15-eebf51293e6d&rnd=hxmlkwm4qp&dsu=1.883ae7e802564349.bfbecfcb-998b-422a-756e-b391984512b5.1.1544.be99867241cbadb7&med=http%3A%2F%2Fyts.myproxy.help%2F
IP 18.173.5.32:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hit?t=USRur-core-nomedia&accountId=8304d5a6-2fb4-4e26-bb15-eebf51293e6d&rnd=hxmlkwm4qp&dsu=1.883ae7e802564349.bfbecfcb-998b-422a-756e-b391984512b5.1.1544.be99867241cbadb7&med=http%3A%2F%2Fyts.myproxy.help%2F HTTP/1.1
Host: visitanalytics.userreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 43
last-modified: Thu, 04 Jun 2020 12:03:06 GMT
x-amz-meta-cb-modifiedtime: Tue, 14 Apr 2015 11:43:27 GMT
x-amz-version-id: vrBc0EhGKa8dl_tujGhI9Fe7xKDJ.7QF
accept-ranges: bytes
server: AmazonS3
date: Sat, 25 Mar 2023 04:06:28 GMT
cache-control: no-cache, no-store, must-revalidate
expires: 0
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3ccf7f7aced0e7c558f0790a4da88a92.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-P1
x-amz-cf-id: 2L6QHAlmpBLiq9mhLsI59tXrDxBXYtCn0qNM3TuH9w96Q6eXmJZQhA==
age: 46966
X-Firefox-Spdy: h2
z.moatads.com/addthismoatframe568911941483/moatframe.js
2.18.173.140200 OK 948 B URL HTTP/2 z.moatads.com/addthismoatframe568911941483/moatframe.js
IP 2.18.173.140:0
File type ASCII text, with very long lines (523)
Hash f14b4e1f799b14f798a195f43cf58376
b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86
92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac
GET /addthismoatframe568911941483/moatframe.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TYrAmp44ddThNKrHeBmfOrJOox8ItZdAJeP4Uj7Uut6T7Jvp1PpX/XFzXT0gU1oJH/SwK8Irisw=
x-amz-request-id: 598E0BAF9E725A50
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-type: application/x-javascript
content-length: 948
server: AmazonS3
vary: Accept-Encoding
unused62: 8096267
cache-control: max-age=47184
date: Sat, 25 Mar 2023 17:09:14 GMT
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 25 Mar 2023 17:09:14 GMT
access-control-allow-origin: *
etag: "641c2476-2b"
expires: Sat, 25 Mar 2023 18:09:14 GMT
accept-ranges: bytes
last-modified: Thu, 23 Mar 2023 13:05:42 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
v1.addthisedge.com/live/boost/ra-56896aba6888ef3e/_ate.track.config_resp
2.18.172.123200 OK 987 B URL HTTP/2 v1.addthisedge.com/live/boost/ra-56896aba6888ef3e/_ate.track.config_resp
IP 2.18.172.123:0
File type ASCII text, with very long lines (4420), with no line terminators
Hash 08f5937c0aa37663624a784dd1c6b371
4171a4232311a7c92ee8593230551a7af91c38c4
440a94cc93e8a56d7365dc73a4afd939dda139a2dccc7df8b9265946ebe898dd
GET /live/boost/ra-56896aba6888ef3e/_ate.track.config_resp HTTP/1.1
Host: v1.addthisedge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 987
etag: -1264729973--gzip
content-disposition: attachment; filename=1.txt
content-encoding: gzip
cache-control: public, max-age=8, s-maxage=86400
date: Sat, 25 Mar 2023 17:09:14 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
2.18.172.123200 OK 26 kB URL HTTP/2 s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
IP 2.18.172.123:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63757)
Hash 707317ccaabe08d32d1bd781754e6871
bb82dcd3e044c960e0861c2ce878f5504e628f78
d0a164ece41c61aec26517fb645646f5ba91f72ea5448eff1ee6c393b7c53051
GET /static/sh.f48a1a04fe8dbf021b4cda1d.html HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Sat, 25 Mar 2023 17:09:14 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
yts.myproxy.help/cdn-cgi/rum?
188.114.96.1200 OK 0 B URL HTTP/1.1 yts.myproxy.help/cdn-cgi/rum?
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
POST /cdn-cgi/rum? HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
content-type: application/json
Content-Length: 28788
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=c13sglo66mi9ch9t86isom5h9n; _pk_id.1.33ac=e77aab261f16e6e2.1679764166.; _pk_ses.1.33ac=1; sb_main_a286902791a7f4c98bcb1e812322cd78=1; sb_count_a286902791a7f4c98bcb1e812322cd78=1; prefix_views_counter=1; prefetchAd_3388548=true; _ym_uid=1679764167751454614; _ym_d=1679764167; pbpr0tpuw4isk85t8yg3jb2lj5vqf=hoaxbasesalad.com; dom3ic8zudi28v8lr6fgphwffqoz0j6c=e06848fe-ff61-4507-902b-9076907870b6%3A2%3A1; __atuvc=1%7C12; __atuvs=641f2ac70ccc55c7000
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: cloudflare
CF-RAY: 7ad8c2ab1bf3b518-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
celeritascdn.com/script/ut.js?cb=1679764167587
104.16.91.6200 OK 24 kB URL HTTP/1.1 celeritascdn.com/script/ut.js?cb=1679764167587
IP 104.16.91.6:0
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash d418952a23babb29226151e9a1b7b1c6
de6d735bdd205775d41fb2894bb80402d80be66c
c842d0f85396cfd3945e09fffaa07fdf17daf0493ecf9e185aabcd1619c76df1
GET /script/ut.js?cb=1679764167587 HTTP/1.1
Host: celeritascdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: ADPycduGp8e7IZkYUeYCzUWhO1MGY0-Im4YR-u41hQNfUKvf4HrchLJ74aJvdZMyC_sOiqC2FwJ50SkAe2nzPSEPw1474tTmiw7T
x-goog-generation: 1674555186374348
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 72138
x-goog-hash: crc32c=WRmDUA==, md5=MsvAQARi18+r2IeVMZ4lmw==
x-goog-storage-class: MULTI_REGIONAL
Access-Control-Allow-Origin: *
Expires: Sat, 25 Mar 2023 21:09:14 GMT
Cache-Control: public, max-age=14400
Last-Modified: Tue, 24 Jan 2023 10:13:06 GMT
ETag: W/"32cbc0400462d7cfabd88795319e259b"
CF-Cache-Status: HIT
Age: 710
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8c2ab3f520b65-OSL
Content-Encoding: gzip
youradexchange.com/script/suurl4.php?r=5655310&cbur=0.6932528072504013&cbiframe=0&cbWidth=1152&cbHeight=836&cbtitle=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&cbpage=http%3A%2F%2Fyts.myproxy.help%2F&cbref=&cbdescription=The%20official%20YTS%20YIFY%20Movies%20Torrents%20website.%20Download%20free%20yify%20movies%20torrents%20in%20720p%2C%201080p%20and%203D%20quality.%20The%20fastest%20downloads%20at%20the%20smallest%20size.&cbkeywords=yts%2C%20yify%2C%20yify%20movies%2C%20yts%20movies%2C%20yts%20torrents%2C%20yify%20movies%2C%20yify%20torrents&cbcdn=celeritascdn.com&aggr=0&ts=1679764167592
172.64.109.25200 OK 755 B URL HTTP/1.1 youradexchange.com/script/suurl4.php?r=5655310&cbur=0.6932528072504013&cbiframe=0&cbWidth=1152&cbHeight=836&cbtitle=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&cbpage=http%3A%2F%2Fyts.myproxy.help%2F&cbref=&cbdescription=The%20official%20YTS%20YIFY%20Movies%20Torrents%20website.%20Download%20free%20yify%20movies%20torrents%20in%20720p%2C%201080p%20and%203D%20quality.%20The%20fastest%20downloads%20at%20the%20smallest%20size.&cbkeywords=yts%2C%20yify%2C%20yify%20movies%2C%20yts%20movies%2C%20yts%20torrents%2C%20yify%20movies%2C%20yify%20torrents&cbcdn=celeritascdn.com&aggr=0&ts=1679764167592
IP 172.64.109.25:0
File type JSON data\012- , ASCII text, with very long lines (962)
Hash a9d357d4e4fd51c4c577651b020a233b
3648fb63cfee3863dac9c6b98c7c73a8f3f10985
813488f2346f21c0fdebba4ae286992ba843b9c56a81762aa963226263c23d12
GET /script/suurl4.php?r=5655310&cbur=0.6932528072504013&cbiframe=0&cbWidth=1152&cbHeight=836&cbtitle=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&cbpage=http%3A%2F%2Fyts.myproxy.help%2F&cbref=&cbdescription=The%20official%20YTS%20YIFY%20Movies%20Torrents%20website.%20Download%20free%20yify%20movies%20torrents%20in%20720p%2C%201080p%20and%203D%20quality.%20The%20fastest%20downloads%20at%20the%20smallest%20size.&cbkeywords=yts%2C%20yify%2C%20yify%20movies%2C%20yts%20movies%2C%20yts%20torrents%2C%20yify%20movies%2C%20yify%20torrents&cbcdn=celeritascdn.com&aggr=0&ts=1679764167592 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://yts.myproxy.help/
Origin: http://yts.myproxy.help
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:14 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 google
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9vcfezALLTH07EQueIaL4nYi8kVE8O9iHHV8hrGPxe1ij6jB1cBhGr3H6tfwgL8dNutfGxFB64rnpEUGL1mAbKgRkAbidUyEs1JHDzVMBGK4Hgj7iDzGfZo%2BdtHxtvvERexWBbQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ad8c2ab998676b7-LHR
alt-svc: h2=":443"; ma=60
cdn.creative-bars1.com/sb/notifications/dating/default/us/universal/white/ssp/css/style.css
172.64.166.9200 OK 79 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/dating/default/us/universal/white/ssp/css/style.css
IP 172.64.166.9:0
Hash c805cfa4ef092b23100688eabdb5b6fe
1f97c47ac35f4d629323ed45efc6a9111455c110
62da6cbe859364251b15cac0d773dfd57ca020d30064a331978ed53d0205ac7d
GET /sb/notifications/dating/default/us/universal/white/ssp/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:09:14 GMT
content-type: text/css
last-modified: Fri, 27 Aug 2021 12:48:43 GMT
etag: W/"6128df2b-112c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Msw9VpGjHmY6aUY%2BU5K1p3yp49bo3wfNsyRSYRSKLNieN%2BQs7WYosD1jQwXbScxYWPS4xv9x7G%2BXaZqDUeVmLHVsD5vZ23tHHW6K77ZzI6tyATVdWbferBrdONIY1lsm061%2B%2B0QmZ6Az"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ad8c2abcc30413a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
m.addthis.com/live/red_lojson/300lo.json?si=641f2ac716338516&bkl=0&bl=1&pdt=1618&sid=641f2ac716338516&pub=ra-56896aba6888ef3e&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=yts.myproxy.help&fp=&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=yts%2Cyify%2Cyify%20movies%2Cyts%20movies%2Cyts%20torrents%2Cyify%20movies%2Cyify%20torrents&colc=1679764167482&jsl=8192&uvs=641f2ac70ccc55c7000&skipb=1&callback=addthis.cbs.jsonp__129367316555186850
2.18.172.123200 OK 90 B URL HTTP/2 m.addthis.com/live/red_lojson/300lo.json?si=641f2ac716338516&bkl=0&bl=1&pdt=1618&sid=641f2ac716338516&pub=ra-56896aba6888ef3e&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=yts.myproxy.help&fp=&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=yts%2Cyify%2Cyify%20movies%2Cyts%20movies%2Cyts%20torrents%2Cyify%20movies%2Cyify%20torrents&colc=1679764167482&jsl=8192&uvs=641f2ac70ccc55c7000&skipb=1&callback=addthis.cbs.jsonp__129367316555186850
IP 2.18.172.123:0
File type ASCII text, with no line terminators
Hash 12296d029e51c7816b659bf1b007d47b
9ef13b3b81cf43845dd82d5bceb50997b0bb92d0
ce25dc55067e23ec9a97b0c60a121c319a9ec97faf9c94621b545bd2a1a2d6f4
GET /live/red_lojson/300lo.json?si=641f2ac716338516&bkl=0&bl=1&pdt=1618&sid=641f2ac716338516&pub=ra-56896aba6888ef3e&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=yts.myproxy.help&fp=&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=yts%2Cyify%2Cyify%20movies%2Cyts%20movies%2Cyts%20torrents%2Cyify%20movies%2Cyify%20torrents&colc=1679764167482&jsl=8192&uvs=641f2ac70ccc55c7000&skipb=1&callback=addthis.cbs.jsonp__129367316555186850 HTTP/1.1
Host: m.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 90
cache-control: max-age=0, no-cache, no-store, no-transform
pragma: no-cache
content-disposition: attachment; filename=1.txt
date: Sat, 25 Mar 2023 17:09:14 GMT
X-Firefox-Spdy: h2
yts.myproxy.help/cdn-cgi/challenge-platform/h/b/cv/result/7ad77181987e016b
188.114.96.1200 OK 28 B URL HTTP/1.1 yts.myproxy.help/cdn-cgi/challenge-platform/h/b/cv/result/7ad77181987e016b
IP 188.114.96.1:0
File type ASCII text, with no line terminators
Hash 86de097d54457ad4fbf85150ea2dc2fb
194863f4b15ecf7eb4f38bf7ed46b688289be8a4
6301b31e8f84ba8a7465199ebf1c2341253198f21763ad7e7cf6fdebe3d832ec
Analyzer Verdict Alert fortinet Phishing
POST /cdn-cgi/challenge-platform/h/b/cv/result/7ad77181987e016b HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 11727
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=c13sglo66mi9ch9t86isom5h9n; _pk_id.1.33ac=e77aab261f16e6e2.1679764166.; _pk_ses.1.33ac=1; sb_main_a286902791a7f4c98bcb1e812322cd78=1; sb_count_a286902791a7f4c98bcb1e812322cd78=1; prefix_views_counter=1; prefetchAd_3388548=true; _ym_uid=1679764167751454614; _ym_d=1679764167; pbpr0tpuw4isk85t8yg3jb2lj5vqf=hoaxbasesalad.com; dom3ic8zudi28v8lr6fgphwffqoz0j6c=e06848fe-ff61-4507-902b-9076907870b6%3A2%3A1; __atuvc=1%7C12; __atuvs=641f2ac70ccc55c7000
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:14 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cf_bm=JbkkUyaC.EhPA8hUUOB.FEgt0MlJuUhNGsRn0BFeS9M-1679764154-0-AUDxuH3OO22AB7IniTA6Sn0jTFXn+C7GlIpGQrO4rejDRri4jO0Bi7iDKSQgQq7dtPO9GKlC2lX6IxxR1rwNQLk=; path=/; expires=Sat, 25-Mar-23 17:39:14 GMT; domain=.myproxy.help; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QHQPOVpSs5HEtJ1G48ikd1MMh%2BQfGBAX%2BW5KQeP5flOFMZwD7w2rf54m1hJtm%2FMZ6czsef4buX6eKJn56MqiBPU5efVDkezyTvEPu7rYHCeO%2BkcwFpgqC%2ByMbRLBcFDZVfry"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ad8c2add823b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
cdn.creative-bars1.com/sb/notifications/dating/default/us/universal/white/ssp/js/script.js
172.64.166.9200 OK 608 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/dating/default/us/universal/white/ssp/js/script.js
IP 172.64.166.9:0
Hash 348ce6276fa48831380c066b746747fc
e36249dd1c0e266de2df7b9b9ba5fb367075e016
ee6844c95ff87b43d008150177f077f4e6142b761e0d2ed450001ecfe01179e4
GET /sb/notifications/dating/default/us/universal/white/ssp/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:09:14 GMT
content-type: application/javascript
last-modified: Mon, 05 Oct 2020 09:08:48 GMT
etag: W/"5f7ae2a0-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ln182XoqWHa8TmU7GQtXw3WpSOcyZpI6lmQQofz7AT%2FYsWq2IZqzMLedsBRQsFkobfvQXQ%2FeDxASiMwm7m%2FcyoUmXpZfPrumDYqltiDJ1%2F6Jrs3tAZuwAaiuP0TyTBr42RistMhHAKKl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ad8c2abbc2b413a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/90922079?wmode=7&page-url=http%3A%2F%2Fyts.myproxy.help%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A999%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A990%3Acn%3A2%3Adp%3A0%3Als%3A1395394082270%3Ahid%3A119100699%3Az%3A0%3Ai%3A20230325170927%3Aet%3A1679764167%3Ac%3A1%3Arn%3A240902414%3Arqn%3A1%3Au%3A1679764167751454614%3Aw%3A1140x836%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A68%2C0%2C153%2C0%2C-6%2C0%2C%2C1332%2C12%2C%2C%2C%2C1961%3Aco%3A0%3Ans%3A1679764163644%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1679764167%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
77.88.21.119302 Found 407 B URL HTTP/2 mc.yandex.ru/watch/90922079?wmode=7&page-url=http%3A%2F%2Fyts.myproxy.help%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A999%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A990%3Acn%3A2%3Adp%3A0%3Als%3A1395394082270%3Ahid%3A119100699%3Az%3A0%3Ai%3A20230325170927%3Aet%3A1679764167%3Ac%3A1%3Arn%3A240902414%3Arqn%3A1%3Au%3A1679764167751454614%3Aw%3A1140x836%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A68%2C0%2C153%2C0%2C-6%2C0%2C%2C1332%2C12%2C%2C%2C%2C1961%3Aco%3A0%3Ans%3A1679764163644%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1679764167%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 77.88.21.119:0
File type JSON data\012- , ASCII text, with very long lines (407), with no line terminators
Hash d266800904bba83af48ab79e58bd4175
429bdaa3213f741fd0e107ffebc801a55c97bebe
ccc99e22798e736cf53dced7525d133b52d7154fa1be096f44bac4e76f8953ae
GET /watch/90922079?wmode=7&page-url=http%3A%2F%2Fyts.myproxy.help%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A999%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A990%3Acn%3A2%3Adp%3A0%3Als%3A1395394082270%3Ahid%3A119100699%3Az%3A0%3Ai%3A20230325170927%3Aet%3A1679764167%3Ac%3A1%3Arn%3A240902414%3Arqn%3A1%3Au%3A1679764167751454614%3Aw%3A1140x836%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A68%2C0%2C153%2C0%2C-6%2C0%2C%2C1332%2C12%2C%2C%2C%2C1961%3Aco%3A0%3Ans%3A1679764163644%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1679764167%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/90922079/1?wmode=7&page-url=http%3A%2F%2Fyts.myproxy.help%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A999%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A990%3Acn%3A2%3Adp%3A0%3Als%3A1395394082270%3Ahid%3A119100699%3Az%3A0%3Ai%3A20230325170927%3Aet%3A1679764167%3Ac%3A1%3Arn%3A240902414%3Arqn%3A1%3Au%3A1679764167751454614%3Aw%3A1140x836%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A68%2C0%2C153%2C0%2C-6%2C0%2C%2C1332%2C12%2C%2C%2C%2C1961%3Aco%3A0%3Ans%3A1679764163644%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1679764167%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Sat, 25 Mar 2023 17:09:14 GMT
access-control-allow-origin: http://yts.myproxy.help
set-cookie: yabs-sid=2130899661679764154; Path=/; SameSite=None; Secure
i=6C0GqDkJnsUXy+Qs+t0iWIFCC1rdyZ5sb8QsdWw7FrbdKGc/M2CCKStFpT2Y5YQ5FfXOg4fIUYQfLyDDUYqIGS5qdEs=; Expires=Tue, 22-Mar-2033 17:09:09 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=6159072171679764154; Expires=Tue, 22-Mar-2033 17:09:09 GMT; Domain=.yandex.ru; Path=/; Secure; SameSite=None
yuidss=6159072171679764154; Expires=Sun, 24-Mar-2024 17:09:14 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1711300154.yc.1679764154#1711300154.yrts.1679764154#1711300154.yrtsi.1679764154; Expires=Sun, 24-Mar-2024 17:09:14 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 25-Mar-2023 17:09:14 GMT
last-modified: Sat, 25-Mar-2023 17:09:14 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/57311164?wmode=7&page-url=http%3A%2F%2Fyts.myproxy.help%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A999%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A990%3Acn%3A1%3Adp%3A0%3Als%3A958402304189%3Ahid%3A119100699%3Az%3A0%3Ai%3A20230325170927%3Aet%3A1679764167%3Ac%3A1%3Arn%3A67222376%3Arqn%3A1%3Au%3A1679764167751454614%3Aw%3A1140x836%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A68%2C0%2C153%2C0%2C-6%2C0%2C%2C1332%2C12%2C%2C%2C%2C1961%3Aco%3A0%3Ans%3A1679764163644%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1679764167%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
77.88.21.119302 Found 39 B URL HTTP/2 mc.yandex.ru/watch/57311164?wmode=7&page-url=http%3A%2F%2Fyts.myproxy.help%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A999%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A990%3Acn%3A1%3Adp%3A0%3Als%3A958402304189%3Ahid%3A119100699%3Az%3A0%3Ai%3A20230325170927%3Aet%3A1679764167%3Ac%3A1%3Arn%3A67222376%3Arqn%3A1%3Au%3A1679764167751454614%3Aw%3A1140x836%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A68%2C0%2C153%2C0%2C-6%2C0%2C%2C1332%2C12%2C%2C%2C%2C1961%3Aco%3A0%3Ans%3A1679764163644%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1679764167%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 77.88.21.119:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
GET /watch/57311164?wmode=7&page-url=http%3A%2F%2Fyts.myproxy.help%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A999%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A990%3Acn%3A1%3Adp%3A0%3Als%3A958402304189%3Ahid%3A119100699%3Az%3A0%3Ai%3A20230325170927%3Aet%3A1679764167%3Ac%3A1%3Arn%3A67222376%3Arqn%3A1%3Au%3A1679764167751454614%3Aw%3A1140x836%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A68%2C0%2C153%2C0%2C-6%2C0%2C%2C1332%2C12%2C%2C%2C%2C1961%3Aco%3A0%3Ans%3A1679764163644%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1679764167%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/57311164/1?wmode=7&page-url=http%3A%2F%2Fyts.myproxy.help%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A999%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A990%3Acn%3A1%3Adp%3A0%3Als%3A958402304189%3Ahid%3A119100699%3Az%3A0%3Ai%3A20230325170927%3Aet%3A1679764167%3Ac%3A1%3Arn%3A67222376%3Arqn%3A1%3Au%3A1679764167751454614%3Aw%3A1140x836%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A68%2C0%2C153%2C0%2C-6%2C0%2C%2C1332%2C12%2C%2C%2C%2C1961%3Aco%3A0%3Ans%3A1679764163644%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1679764167%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Sat, 25 Mar 2023 17:09:14 GMT
access-control-allow-origin: http://yts.myproxy.help
set-cookie: yabs-sid=180879621679764154; Path=/; SameSite=None; Secure
i=yjcQvkRYD4YPnZI0kDval1aF+T/WZQwlaIMGiWeo+KYpveGdKraDtn83TVhfmvnm1dcdaWSic03/biNLTsdXjG5L71M=; Expires=Tue, 22-Mar-2033 17:09:10 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=9089430101679764154; Expires=Tue, 22-Mar-2033 17:09:10 GMT; Domain=.yandex.ru; Path=/; Secure; SameSite=None
yuidss=9089430101679764154; Expires=Sun, 24-Mar-2024 17:09:14 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1711300154.yc.1679764154#1711300154.yrts.1679764154#1711300154.yrtsi.1679764154; Expires=Sun, 24-Mar-2024 17:09:14 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 25-Mar-2023 17:09:14 GMT
last-modified: Sat, 25-Mar-2023 17:09:14 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/22/ad/c9/ea5795ef560f8d389248e030cf/0305753960206.jpeg
139.45.197.151200 OK 21 kB URL HTTP/2 interstitial-07.com/contents/s/22/ad/c9/ea5795ef560f8d389248e030cf/0305753960206.jpeg
IP 139.45.197.151:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Hash 22adc9ea5795ef560f8d389248e030cf
0ad28b6b561c56650ad3a9e5f4cce7600df548dd
4260ab929da6233410a80d6333d9c33007a23c65ecbb20f72aafbb72ee0ecd2e
GET /contents/s/22/ad/c9/ea5795ef560f8d389248e030cf/0305753960206.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=7vf2L3SbafIz8Hw&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D3749428813%26z%3D3372123%26b%3D17248824%26c%3D6778409%26var%3D%26d%3Dhttps%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D1071%2526key%253D87c00cfc7db85ee07fb048fcbdd60deb%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DCrk5-VEM1rdg7j5_G5tP-rC5fxxubLIRmm0KoOIDgsx3Ujlz4RUUJ63NzhQw9qJYfq91BpSQsgshndluAN044tyrYwXbq1QxHfj9WwsDjPhlthVjLlwRumNBQnsE5KgtOhTWXykqnhcOJq2xJrFhnhg2MtRj4xlyoRNSlZWw-EJrmfOaUxCPdg7ETlyWawK0_18gaeBsoGJI7bw96yy0N-tQBP9_8hYBztxJmU5V9N02U8oH9_l218cQXyDjWjRHsxt1otmeeS387A_yoBI98QO_FZVGzy9sS-Nb2BOtqA7d9jOCdq8gg4wD7d16CFDba6ezMVpO0jFJIno5NyQ-0J57wADeSeqIY2gZw2BrY1g-6deVxlbTfcMZYkt4H8oYQs3m7pt6jty1tGz0QhZVBrwoxakg5wN-xmvx-AJKZt1OX-O2g1OP542z6epgksuypHeROxvsinN3hk63QHS0Qvy77RL29KRFioFUm1Fg5v-asVHxqnRGrQINX9pXXkjXf8ukOGi0a_gN9NIKw-2OED3Psnp27WmfVOC-f0y27oCk9TVg8aUAT7OcKnPgkN_66rIdmBH3e-cLKwjGJ4LqW0SYfWA4m8_2_jHcHSv_Oh2QwU9iwb8C9gJcHHqLgsjqNT4Ox1SAxyDmLNTPqxX_HD2rzCeW2HNORLhEXbhElgtVHiEP%26bag%3Dfau4SF9FownNcHj8beUzeA%3D%3D%26ruid%3D3a6ae6ed-f750-43eb-ad97-3a5a3bc95388%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fyts.myproxy.help%252F%26wy%3D0%26wx%3D0%26ww%3D1152%26wh%3D921%26cw%3D1140%26wiw%3D1152%26wih%3D836%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:14 GMT
content-type: image/jpeg
content-length: 20759
last-modified: Wed, 14 Dec 2022 16:39:34 GMT
vary: Accept-Encoding
etag: "6399fc46-5117"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/dating/default/us/universal/white/ssp/css/animate.css
172.64.166.9200 OK 5.3 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/dating/default/us/universal/white/ssp/css/animate.css
IP 172.64.166.9:0
Hash ff6ad35cd12f741ee6e8f4f094020c27
6b6193daa91b8f798de02e4a6b4abcb6b1fdec40
57d0fe28a8fbe779e951f5bb0ad61cd139e38641491418e5e8441f693de51314
GET /sb/notifications/dating/default/us/universal/white/ssp/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:09:14 GMT
content-type: text/css
last-modified: Mon, 05 Oct 2020 09:08:43 GMT
etag: W/"5f7ae29b-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B8ONzPt%2F1oYxAXqYMXBLo1ndi1p1Al%2FYddPyC1WZQfkIp5WfRTtrmmXX7%2FkA67FQrk5DggYIAJXnN1hsSbvZCOJC9knF8jmbiFqoHkuI969wCc45Gela9pp5lHDu16fARtnDP2RfW9AB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ad8c2abbc1e413a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/4d/4d/44/8b8d067fbb8dd5bd371f76aa3f/0124434927299.jpeg
139.45.197.151200 OK 48 kB URL HTTP/2 interstitial-07.com/contents/s/4d/4d/44/8b8d067fbb8dd5bd371f76aa3f/0124434927299.jpeg
IP 139.45.197.151:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Hash 4d4d448b8d067fbb8dd5bd371f76aa3f
ac126e854681a30faeeec1b07871640015003743
2d544292185300921204a178010fef7d3a94d27e6f8358ef09be4cada4187a5e
GET /contents/s/4d/4d/44/8b8d067fbb8dd5bd371f76aa3f/0124434927299.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=7vf2L3SbafIz8Hw&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D3749428813%26z%3D3372123%26b%3D17248824%26c%3D6778409%26var%3D%26d%3Dhttps%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D1071%2526key%253D87c00cfc7db85ee07fb048fcbdd60deb%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DCrk5-VEM1rdg7j5_G5tP-rC5fxxubLIRmm0KoOIDgsx3Ujlz4RUUJ63NzhQw9qJYfq91BpSQsgshndluAN044tyrYwXbq1QxHfj9WwsDjPhlthVjLlwRumNBQnsE5KgtOhTWXykqnhcOJq2xJrFhnhg2MtRj4xlyoRNSlZWw-EJrmfOaUxCPdg7ETlyWawK0_18gaeBsoGJI7bw96yy0N-tQBP9_8hYBztxJmU5V9N02U8oH9_l218cQXyDjWjRHsxt1otmeeS387A_yoBI98QO_FZVGzy9sS-Nb2BOtqA7d9jOCdq8gg4wD7d16CFDba6ezMVpO0jFJIno5NyQ-0J57wADeSeqIY2gZw2BrY1g-6deVxlbTfcMZYkt4H8oYQs3m7pt6jty1tGz0QhZVBrwoxakg5wN-xmvx-AJKZt1OX-O2g1OP542z6epgksuypHeROxvsinN3hk63QHS0Qvy77RL29KRFioFUm1Fg5v-asVHxqnRGrQINX9pXXkjXf8ukOGi0a_gN9NIKw-2OED3Psnp27WmfVOC-f0y27oCk9TVg8aUAT7OcKnPgkN_66rIdmBH3e-cLKwjGJ4LqW0SYfWA4m8_2_jHcHSv_Oh2QwU9iwb8C9gJcHHqLgsjqNT4Ox1SAxyDmLNTPqxX_HD2rzCeW2HNORLhEXbhElgtVHiEP%26bag%3Dfau4SF9FownNcHj8beUzeA%3D%3D%26ruid%3D3a6ae6ed-f750-43eb-ad97-3a5a3bc95388%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fyts.myproxy.help%252F%26wy%3D0%26wx%3D0%26ww%3D1152%26wh%3D921%26cw%3D1140%26wiw%3D1152%26wih%3D836%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:14 GMT
content-type: image/jpeg
content-length: 48518
last-modified: Wed, 14 Dec 2022 16:39:29 GMT
vary: Accept-Encoding
etag: "6399fc41-bd86"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
youradexchange.com/ut/hb.php?cb=0.23251983690545552
172.64.109.25204 No Content 0 B URL HTTP/1.1 youradexchange.com/ut/hb.php?cb=0.23251983690545552
IP 172.64.109.25:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ut/hb.php?cb=0.23251983690545552 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain; charset=utf-8
Content-Length: 1095
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 204 No Content
Date: Sat, 25 Mar 2023 17:09:14 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Via: 1.1 google
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X1ZlgEzfLTo52sgfAOegL1%2B0pVXfK5ZoZ0ljRVtjoI%2B4iTMANZJl1Ry7WBwdBwwjMjCXaX8IQaRFKttoFyMCjBAkkTQtcqTcL1USiTL2sAcMCDw2TJ4HeCls0fA4udeML5LpSAM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ad8c2ae8cac4164-LHR
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
192.229.221.95200 OK 313 B IP 192.229.221.95:0
Hash 63c71ef58255d51418f1c08390edc3d9
254f9aed138b42cad651a6203483feadf2ddd7f8
26b6e61572b4cb3bcca8c0af3608523d0d8ec9f78ab86663d5c08c83d6e7bd49
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6213
Cache-Control: max-age=129922
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:09:14 GMT
Etag: "641e6af7-139"
Expires: Mon, 27 Mar 2023 05:14:36 GMT
Last-Modified: Sat, 25 Mar 2023 03:31:03 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 313
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.138200 OK 660 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.138:0
Hash 55130bf120bd75a4bba7d678be617cdf
77b172c0cc1d15e60ab95edccf3ac1e640d16812
262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sat, 25 Mar 2023 17:09:14 GMT
Date: Sat, 25 Mar 2023 17:09:14 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
unphionetor.com/vctx?t=72747
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=72747
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 25 Mar 2023 17:09:14 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: c6275b5fbf26ab77f8b2718cd7c24275
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a88005adde3bf831fd9e38a6f5d6a7d4
9301a269f46fa107948b4f7acd7fdaa4176405e4
fdbc475f054d08beba7aa1fb49422fa5491e8d68bac28064554d4df40ee90cd0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FDBC475F054D08BEBA7AA1FB49422FA5491E8D68BAC28064554D4DF40EE90CD0"
Last-Modified: Sat, 25 Mar 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2224
Expires: Sat, 25 Mar 2023 17:46:18 GMT
Date: Sat, 25 Mar 2023 17:09:14 GMT
Connection: keep-alive
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 25 Mar 2023 17:09:14 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: b1b9c5f0f28de0a0f0c05df44b24d98d
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/84/83/0e/84830eeb6afb1a25a871aa22c0042566/1667590271.png
45.133.44.10200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/si/84/83/0e/84830eeb6afb1a25a871aa22c0042566/1667590271.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 2cb2500acb00f247ef19403c3a0f89e1
7c57e8b84b2bb0003810ffae7a14e24869155464
7efcd5082673b787603d2a0b8d768fb26807cf2ab79771a69886a916d0cda3ce
GET /si/84/83/0e/84830eeb6afb1a25a871aa22c0042566/1667590271.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:09:14 GMT
content-type: image/png
content-length: 32763
server: nginx/1.17.6
last-modified: Fri, 04 Nov 2022 19:31:19 GMT
etag: "63656887-7ffb"
expires: Mon, 27 Mar 2023 17:09:14 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.twitter.com/settings?session_id=6f95cf0466391a178bf050299690448259ae2cd7
104.244.42.200200 OK 284 B URL HTTP/2 syndication.twitter.com/settings?session_id=6f95cf0466391a178bf050299690448259ae2cd7
IP 104.244.42.200:0
File type JSON data\012- , ASCII text, with very long lines (663), with no line terminators
Hash 8792f18dcb406af2be326e0dd816eed7
d1ad89d9036b3985071b394706514862f7c687ce
19640da1d34fa31a031d58d27be6408f6703dddc3c4495f72d55a60f518b7cba
GET /settings?session_id=6f95cf0466391a178bf050299690448259ae2cd7 HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://platform.twitter.com/
Origin: https://platform.twitter.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:09:14 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: application/json; charset=utf-8
cache-control: must-revalidate, max-age=600
last-modified: Sat, 25 Mar 2023 17:09:14 GMT
content-length: 284
content-encoding: gzip
x-transaction-id: 58c70b1a9cb1f61d
strict-transport-security: max-age=631138519
access-control-allow-origin: https://platform.twitter.com
access-control-allow-credentials: true
x-response-time: 104
x-connection-hash: 551286b9657c9333592b4fa73dd5c8c30271752c5cd6ec7f11b79c45313c9b94
X-Firefox-Spdy: h2
hoaxbasesalad.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSMWwjRRSdvTsaqEA0FIBFBQg5u2v7bJPidOEICoQk3B0E0c3OjJ3BszOrmV2vE1FEnISuQfgqKDfPyUVAhLiSAgltaFAkpJgCUhA6RIuQUiM7lgxfmvn%2FzfvFe%2F%2FPJ3vZOfGR0bONt82OVIouNKp%2B5cVNqbnJXWXtbiXwq%2F5iZVPq6%2FXFymBy2f6rgd%2Bo%2Bi9V3hCsZxZCP%2FD9wA8qy9KKjhksTFnI5KgdVNt%2BtR5Wg0YdA%2Ft%2F7DIPjnrg%2FXPyFCQfP7b10yNIVkLH394Srpea5JXX40zR1Fj0%2BeG7uqdNrhHPy4710NGHs24YNybkiysw%2BnDmAKa%2FP3GASI6J92uASB%2FOZCLqH1wqjRSERsSfQN4vIVQJSUswcw%2BSnxKAcaytQ8cP14zN6fYlSyfsmFy7%2BAcyH5Nrvz8NHX%2BzpOSgcseoLJVGOww6BeSghOyWSLJjpDseZH4Mln4MyX8mCxer0PH%2BulMGkhdT91KWkJ0SSgxBnYdscqSHrOMhSzzE%2FKxCG%2B2O7zc7UadWa9UZY7UaY43Wdd7gtXqr4yNjE3lDpMkQTA3B7C4Su4uefHDaeBM2%2BwFuq4DjHlw6Jt47u%2BjzArkgyB1BTglySZCnBHm%2FOODKha54yJXLomCWw1muFSOTdvfogUm7QpO95Jw8OR3N3%2B9foCfOKjRsXW%2F7YbMd0GanztqtiEWBaAVhLQwZb7bgZAHprkzd7kz2VJwjkWNCPvsNET2GU8dg8gXQ7FnQfNQMfdCtUb3lY0cfZTpShvUEr0oObgok6TWk296eOifPTHW0%2F%2FQg2MmNzz9d%2F2ORfwBmCyS2wIfyR4Kuuj%2B6bXKyf9vkjjxaT1IZyx06Wd%2BdlKbi6ldvie3cWL5yyw2%2FvMkmxKQ8uitcuko1l7rryNdLknNhl41lgny%2F4jZFtJG5raXM6ixZ3XhteSVOrHBOGl2CytP3PgKTY%2FK47U0%2F5nN%2F3YS0JWxWIM5OyCwgTQmW7MIlc%2FXOEFg174kSD3lWjGwYzR%2BVJFBijmlUwP0HR%2FN6z91H13qg6T3ouEDfFuirAlQN4bKrozSxJzd%2BqU0DkfJGkbLefqSsenA5WifPKo2gLlpRq8k4jwTjQTOstWq%2BH3Jeb7ZF0Ebqxvz5l7%2F7FwAA%2F%2F8BAAD%2F%2F1sDPelwBAAA
173.233.137.44200 OK 7 B URL HTTP/1.1 hoaxbasesalad.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSMWwjRRSdvTsaqEA0FIBFBQg5u2v7bJPidOEICoQk3B0E0c3OjJ3BszOrmV2vE1FEnISuQfgqKDfPyUVAhLiSAgltaFAkpJgCUhA6RIuQUiM7lgxfmvn%2FzfvFe%2F%2FPJ3vZOfGR0bONt82OVIouNKp%2B5cVNqbnJXWXtbiXwq%2F5iZVPq6%2FXFymBy2f6rgd%2Bo%2Bi9V3hCsZxZCP%2FD9wA8qy9KKjhksTFnI5KgdVNt%2BtR5Wg0YdA%2Ft%2F7DIPjnrg%2FXPyFCQfP7b10yNIVkLH394Srpea5JXX40zR1Fj0%2BeG7uqdNrhHPy4710NGHs24YNybkiysw%2BnDmAKa%2FP3GASI6J92uASB%2FOZCLqH1wqjRSERsSfQN4vIVQJSUswcw%2BSnxKAcaytQ8cP14zN6fYlSyfsmFy7%2BAcyH5Nrvz8NHX%2BzpOSgcseoLJVGOww6BeSghOyWSLJjpDseZH4Mln4MyX8mCxer0PH%2BulMGkhdT91KWkJ0SSgxBnYdscqSHrOMhSzzE%2FKxCG%2B2O7zc7UadWa9UZY7UaY43Wdd7gtXqr4yNjE3lDpMkQTA3B7C4Su4uefHDaeBM2%2BwFuq4DjHlw6Jt47u%2BjzArkgyB1BTglySZCnBHm%2FOODKha54yJXLomCWw1muFSOTdvfogUm7QpO95Jw8OR3N3%2B9foCfOKjRsXW%2F7YbMd0GanztqtiEWBaAVhLQwZb7bgZAHprkzd7kz2VJwjkWNCPvsNET2GU8dg8gXQ7FnQfNQMfdCtUb3lY0cfZTpShvUEr0oObgok6TWk296eOifPTHW0%2F%2FQg2MmNzz9d%2F2ORfwBmCyS2wIfyR4Kuuj%2B6bXKyf9vkjjxaT1IZyx06Wd%2BdlKbi6ldvie3cWL5yyw2%2FvMkmxKQ8uitcuko1l7rryNdLknNhl41lgny%2F4jZFtJG5raXM6ixZ3XhteSVOrHBOGl2CytP3PgKTY%2FK47U0%2F5nN%2F3YS0JWxWIM5OyCwgTQmW7MIlc%2FXOEFg174kSD3lWjGwYzR%2BVJFBijmlUwP0HR%2FN6z91H13qg6T3ouEDfFuirAlQN4bKrozSxJzd%2BqU0DkfJGkbLefqSsenA5WifPKo2gLlpRq8k4jwTjQTOstWq%2BH3Jeb7ZF0Ebqxvz5l7%2F7FwAA%2F%2F8BAAD%2F%2F1sDPelwBAAA
IP 173.233.137.44:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSMWwjRRSdvTsaqEA0FIBFBQg5u2v7bJPidOEICoQk3B0E0c3OjJ3BszOrmV2vE1FEnISuQfgqKDfPyUVAhLiSAgltaFAkpJgCUhA6RIuQUiM7lgxfmvn%2FzfvFe%2F%2FPJ3vZOfGR0bONt82OVIouNKp%2B5cVNqbnJXWXtbiXwq%2F5iZVPq6%2FXFymBy2f6rgd%2Bo%2Bi9V3hCsZxZCP%2FD9wA8qy9KKjhksTFnI5KgdVNt%2BtR5Wg0YdA%2Ft%2F7DIPjnrg%2FXPyFCQfP7b10yNIVkLH394Srpea5JXX40zR1Fj0%2BeG7uqdNrhHPy4710NGHs24YNybkiysw%2BnDmAKa%2FP3GASI6J92uASB%2FOZCLqH1wqjRSERsSfQN4vIVQJSUswcw%2BSnxKAcaytQ8cP14zN6fYlSyfsmFy7%2BAcyH5Nrvz8NHX%2BzpOSgcseoLJVGOww6BeSghOyWSLJjpDseZH4Mln4MyX8mCxer0PH%2BulMGkhdT91KWkJ0SSgxBnYdscqSHrOMhSzzE%2FKxCG%2B2O7zc7UadWa9UZY7UaY43Wdd7gtXqr4yNjE3lDpMkQTA3B7C4Su4uefHDaeBM2%2BwFuq4DjHlw6Jt47u%2BjzArkgyB1BTglySZCnBHm%2FOODKha54yJXLomCWw1muFSOTdvfogUm7QpO95Jw8OR3N3%2B9foCfOKjRsXW%2F7YbMd0GanztqtiEWBaAVhLQwZb7bgZAHprkzd7kz2VJwjkWNCPvsNET2GU8dg8gXQ7FnQfNQMfdCtUb3lY0cfZTpShvUEr0oObgok6TWk296eOifPTHW0%2F%2FQg2MmNzz9d%2F2ORfwBmCyS2wIfyR4Kuuj%2B6bXKyf9vkjjxaT1IZyx06Wd%2BdlKbi6ldvie3cWL5yyw2%2FvMkmxKQ8uitcuko1l7rryNdLknNhl41lgny%2F4jZFtJG5raXM6ixZ3XhteSVOrHBOGl2CytP3PgKTY%2FK47U0%2F5nN%2F3YS0JWxWIM5OyCwgTQmW7MIlc%2FXOEFg174kSD3lWjGwYzR%2BVJFBijmlUwP0HR%2FN6z91H13qg6T3ouEDfFuirAlQN4bKrozSxJzd%2BqU0DkfJGkbLefqSsenA5WifPKo2gLlpRq8k4jwTjQTOstWq%2BH3Jeb7ZF0Ebqxvz5l7%2F7FwAA%2F%2F8BAAD%2F%2F1sDPelwBAAA HTTP/1.1
Host: hoaxbasesalad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: u_pl=15816950; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 25 Mar 2023 17:09:14 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e16a5638694b0cd12e2303498e0006b5
Strict-Transport-Security: max-age=0; includeSubdomains
hoaxbasesalad.com/pixel/sbs?c=1
173.233.137.44200 OK 0 B URL HTTP/1.1 hoaxbasesalad.com/pixel/sbs?c=1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: hoaxbasesalad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: u_pl=15816950; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 25 Mar 2023 17:09:15 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
unseenreport.com/pxf.gif?uuid=e06848fe-ff61-4507-902b-9076907870b6&eb=10f387f87b313393a6d69bc0ef8596f8&te=8a361a1ceecdc6c0004ea425d91e176f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=a286902791a7f4c98bcb1e812322cd78&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=e06848fe-ff61-4507-902b-9076907870b6&eb=10f387f87b313393a6d69bc0ef8596f8&te=8a361a1ceecdc6c0004ea425d91e176f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=a286902791a7f4c98bcb1e812322cd78&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=e06848fe-ff61-4507-902b-9076907870b6&eb=10f387f87b313393a6d69bc0ef8596f8&te=8a361a1ceecdc6c0004ea425d91e176f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=a286902791a7f4c98bcb1e812322cd78&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 25 Mar 2023 17:09:15 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aabd52346e27d9a38a39727102279e42
Strict-Transport-Security: max-age=0; includeSubdomains
s7.addthis.com/static/27.b19236fc1114f3874e03.js
2.18.172.123200 OK 276 B URL HTTP/2 s7.addthis.com/static/27.b19236fc1114f3874e03.js
IP 2.18.172.123:0
File type ASCII text, with very long lines (1161), with no line terminators
Hash 1e264d57b109c7e67675dc8505679a65
6c21801fad194d373a62d9e8cf9dccfba33e8936
ab85fae69fa698b09666d95ff7faaacab286328a34b7c2e0d6970c7f24b8c41d
GET /static/27.b19236fc1114f3874e03.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-489"
timing-allow-origin: *
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 276
date: Sat, 25 Mar 2023 17:09:15 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
platform.twitter.com/js/button.e7f9415a2e000feaab02c86dd5802747.js
93.184.220.66200 OK 2.6 kB URL HTTP/1.1 platform.twitter.com/js/button.e7f9415a2e000feaab02c86dd5802747.js
IP 93.184.220.66:0
File type ASCII text, with very long lines (7891), with no line terminators
Hash 50af2557985d9ae5ef0bb111a4066237
b164d515f502d950df3ba208cc32bbe74e70d3d2
a3b6dbbc4e57c65eb23f84b312095c86a69ff47fc57fc745f464394158bda9af
GET /js/button.e7f9415a2e000feaab02c86dd5802747.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 850586
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sat, 25 Mar 2023 17:09:15 GMT
Etag: "506673dbdb9085e7201e137e893cc152+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:06 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F708)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
x-amz-server-side-encryption: AES256
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 2618
www.reddit.com/api/info.json?url=https%3A%2F%2Fyts.myproxy.help%2F&jsonp=_ate.cbs.rcb_c2x0
151.101.65.140301 Moved Permanently 0 B URL HTTP/1.1 www.reddit.com/api/info.json?url=https%3A%2F%2Fyts.myproxy.help%2F&jsonp=_ate.cbs.rcb_c2x0
IP 151.101.65.140:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/info.json?url=https%3A%2F%2Fyts.myproxy.help%2F&jsonp=_ate.cbs.rcb_c2x0 HTTP/1.1
Host: www.reddit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Retry-After: 0
Location: https://www.reddit.com/api/info.json?url=https%3A%2F%2Fyts.myproxy.help%2F&jsonp=_ate.cbs.rcb_c2x0
Accept-Ranges: bytes
Date: Sat, 25 Mar 2023 17:09:15 GMT
Via: 1.1 varnish
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Cache-Control: private, max-age=3600
Server: snooserv
Report-To: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
NEL: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
www.reddit.com/api/info.json?url=http%3A%2F%2Fyts.myproxy.help%2F&jsonp=_ate.cbs.rcb_8cq20
151.101.65.140301 Moved Permanently 0 B URL HTTP/1.1 www.reddit.com/api/info.json?url=http%3A%2F%2Fyts.myproxy.help%2F&jsonp=_ate.cbs.rcb_8cq20
IP 151.101.65.140:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/info.json?url=http%3A%2F%2Fyts.myproxy.help%2F&jsonp=_ate.cbs.rcb_8cq20 HTTP/1.1
Host: www.reddit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Retry-After: 0
Location: https://www.reddit.com/api/info.json?url=http%3A%2F%2Fyts.myproxy.help%2F&jsonp=_ate.cbs.rcb_8cq20
Accept-Ranges: bytes
Date: Sat, 25 Mar 2023 17:09:15 GMT
Via: 1.1 varnish
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Cache-Control: private, max-age=3600
Server: snooserv
Report-To: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
NEL: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
widgets.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fyts.myproxy.help%2F&callback=window._ate.cbs.rcb_b0d0
151.101.128.84200 OK 71 B URL HTTP/1.1 widgets.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fyts.myproxy.help%2F&callback=window._ate.cbs.rcb_b0d0
IP 151.101.128.84:0
File type ASCII text, with no line terminators
Hash fbc600807f8901ce2252aad38ec3a12f
bfe02283a1f7596ef33b0e450bc8b8c591fd0940
624ebc12de7b6dc781218598a6d3bea80a92d7cf8f086b4565cf9a605fb01ac1
GET /v1/urls/count.json?url=https%3A%2F%2Fyts.myproxy.help%2F&callback=window._ate.cbs.rcb_b0d0 HTTP/1.1
Host: widgets.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 200 OK
Connection: keep-alive
x-content-type-options: nosniff
access-control-allow-origin: *
content-type: application/javascript
cache-control: must-revalidate, max-age=887
expires: Sat, 25 Mar 2023 17:24:15 GMT
x-envoy-upstream-service-time: 2
x-pinterest-rid: 5446802052640823
Date: Sat, 25 Mar 2023 17:09:15 GMT
Age: 0
transfer-encoding: chunked
widgets.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fyts.myproxy.help%2F&callback=window._ate.cbs.rcb_fl8a0
151.101.128.84200 OK 71 B URL HTTP/1.1 widgets.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fyts.myproxy.help%2F&callback=window._ate.cbs.rcb_fl8a0
IP 151.101.128.84:0
File type ASCII text, with no line terminators
Hash f70b3d62c6b1e99e8d673058a0728d24
d84bfd9eb2bdb6316a7532a9e3743a97f529ed5d
0f00bbae85fae3156cf80d39bfa688f2f10d4b191adfe2275bfa14de3c1ef60c
GET /v1/urls/count.json?url=http%3A%2F%2Fyts.myproxy.help%2F&callback=window._ate.cbs.rcb_fl8a0 HTTP/1.1
Host: widgets.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 200 OK
Connection: keep-alive
x-content-type-options: nosniff
access-control-allow-origin: *
content-type: application/javascript
cache-control: must-revalidate, max-age=887
expires: Sat, 25 Mar 2023 17:24:15 GMT
x-envoy-upstream-service-time: 2
x-pinterest-rid: 2558719969082539
Date: Sat, 25 Mar 2023 17:09:15 GMT
Age: 0
transfer-encoding: chunked
www.reddit.com/api/info.json?url=http%3A%2F%2Fyts.myproxy.help%2F&jsonp=_ate.cbs.rcb_8cq20
151.101.65.140200 OK 144 B URL HTTP/2 www.reddit.com/api/info.json?url=http%3A%2F%2Fyts.myproxy.help%2F&jsonp=_ate.cbs.rcb_8cq20
IP 151.101.65.140:0
File type ASCII text, with no line terminators
Hash 245eba891f820b5ee9e17fa19d06f646
364e93171401366bd0556f877a7b42587f2820f0
66674a723b128830bc34f38a20dab47f3de1232510aeabf6b329989dbca6a231
GET /api/info.json?url=http%3A%2F%2Fyts.myproxy.help%2F&jsonp=_ate.cbs.rcb_8cq20 HTTP/1.1
Host: www.reddit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.myproxy.help/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
x-ua-compatible: IE=edge
expires: -1
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store
x-ratelimit-remaining: 299
x-ratelimit-used: 1
x-ratelimit-reset: 45
access-control-allow-origin: *
access-control-expose-headers: X-Moose
x-moose: majestic
accept-ranges: bytes
date: Sat, 25 Mar 2023 17:09:15 GMT
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: csv=2; Max-Age=63072000; Domain=.reddit.com; Path=/; Secure; SameSite=None
edgebucket=0pzRs81a6h3nyIktwh; Domain=reddit.com; Max-Age=63071999; Path=/; secure
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
content-length: 144
X-Firefox-Spdy: h2
www.reddit.com/api/info.json?url=https%3A%2F%2Fyts.myproxy.help%2F&jsonp=_ate.cbs.rcb_c2x0
151.101.65.140200 OK 143 B URL HTTP/2 www.reddit.com/api/info.json?url=https%3A%2F%2Fyts.myproxy.help%2F&jsonp=_ate.cbs.rcb_c2x0
IP 151.101.65.140:0
File type ASCII text, with no line terminators
Hash 392f86d4849057a12d33e93f755fe236
b3934c6f8e37b48fa4c06050a2d8d2ad0d48bd7a
53bad078f6010340a0ace4d8ba746dd2863381341899827945778e32a2628bec
GET /api/info.json?url=https%3A%2F%2Fyts.myproxy.help%2F&jsonp=_ate.cbs.rcb_c2x0 HTTP/1.1
Host: www.reddit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.myproxy.help/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
x-ua-compatible: IE=edge
expires: -1
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store
x-ratelimit-remaining: 298
x-ratelimit-used: 2
x-ratelimit-reset: 45
access-control-allow-origin: *
access-control-expose-headers: X-Moose
x-moose: majestic
accept-ranges: bytes
date: Sat, 25 Mar 2023 17:09:15 GMT
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: csv=2; Max-Age=63072000; Domain=.reddit.com; Path=/; Secure; SameSite=None
edgebucket=CFtEnzTfT9YQ1ihV2c; Domain=reddit.com; Max-Age=63071999; Path=/; secure
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
content-length: 143
X-Firefox-Spdy: h2
rndskittytor.com/500/4837723?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=9&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.238200 OK 0 B URL HTTP/2 rndskittytor.com/500/4837723?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=9&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/4837723?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=9&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://yts.myproxy.help/
Origin: http://yts.myproxy.help
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:17 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
rndskittytor.com/500/4837723?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=9&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.238200 OK 1.0 kB URL HTTP/2 rndskittytor.com/500/4837723?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=9&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.238:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1252), with no line terminators
Hash 064102dde21d7e4e3b0b7be69ade96f6
24ce175bf6043e55bae1a7c12e728c4a72357aa5
98b04f072d4dc4854688b37348461f5cd189253f09582ec37ca9814f1bf6b485
GET /500/4837723?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=9&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: OAID=e312381457f94801a62543c43f5fb02c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:17 GMT
content-type: application/javascript
x-trace-id: bf92edd590c1fc4ba97c0495a390edd2
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: http://yts.myproxy.help
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=e312381457f94801a62543c43f5fb02c; expires=Sun, 24 Mar 2024 17:09:17 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
youradexchange.com/ut/hb.php?cb=0.5618206673015642
172.64.109.25204 No Content 0 B URL HTTP/1.1 youradexchange.com/ut/hb.php?cb=0.5618206673015642
IP 172.64.109.25:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ut/hb.php?cb=0.5618206673015642 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain; charset=utf-8
Content-Length: 822
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
HTTP/1.1 204 No Content
Date: Sat, 25 Mar 2023 17:09:19 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Via: 1.1 google
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wGVKz9VdFcsTVsveNL7Nm2%2F3BOmVqF6m%2BCinxc5R%2FbJHHlDoDWGy8Mrc88n0ntTv8BMgpMTAI3Wy5sHkQMX6h2hojydAh7wPCbF%2FwFwfwSMPIJ7hJ4JyG55y2rsuuUmQiab%2Bsp4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ad8c2cbdf604164-LHR
alt-svc: h2=":443"; ma=60
yts.myproxy.help/cdn-cgi/rum?
188.114.96.1200 OK 0 B URL HTTP/1.1 yts.myproxy.help/cdn-cgi/rum?
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
POST /cdn-cgi/rum? HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 535
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: view=1; PHPSESSID=c13sglo66mi9ch9t86isom5h9n; _pk_id.1.33ac=e77aab261f16e6e2.1679764166.; _pk_ses.1.33ac=1; sb_main_a286902791a7f4c98bcb1e812322cd78=1; sb_count_a286902791a7f4c98bcb1e812322cd78=1; prefix_views_counter=1; prefetchAd_3388548=true; _ym_uid=1679764167751454614; _ym_d=1679764167; pbpr0tpuw4isk85t8yg3jb2lj5vqf=hoaxbasesalad.com; dom3ic8zudi28v8lr6fgphwffqoz0j6c=e06848fe-ff61-4507-902b-9076907870b6%3A2%3A1; __atuvc=1%7C12; __atuvs=641f2ac70ccc55c7000; _ym_isad=2
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:09:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: cloudflare
CF-RAY: 7ad8c2cccf86b518-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
benumelan.com/1?z=3372123
139.45.197.239200 OK 0 B URL HTTP/2 benumelan.com/1?z=3372123
IP 139.45.197.239:0
GET /1?z=3372123 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:11 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 24d99baa33fc355a0a95a6faab4cf935
access-control-expose-headers: X-Sc
x-sc: pRzZkWQRNu48y4F2JvYND36h_qKlbscCkVO7au_CASXNQYkn5TDguiwjxTM27BIyZekBL94i3tFkaiFiiADLrhh5NdU=
set-cookie: scm=1; expires=Sun, 24 Mar 2024 17:09:11 GMT; secure; SameSite=None
OAID=178c7ec38e5a41dda816d0f1b0bd5576; expires=Sun, 24 Mar 2024 17:09:11 GMT; secure; SameSite=None
oaidts=1679764151; expires=Sun, 24 Mar 2024 17:09:11 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
sak.userreport.com/51154825e7c34fdb8f52/launcher.js
54.230.111.38200 OK 0 B URL HTTP/2 sak.userreport.com/51154825e7c34fdb8f52/launcher.js
IP 54.230.111.38:0
GET /51154825e7c34fdb8f52/launcher.js HTTP/1.1
Host: sak.userreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 23 May 2022 09:01:02 GMT
x-amz-version-id: puv43SnL5INQghBXWZN4PYhRelo.cmF7
server: AmazonS3
content-encoding: br
date: Sat, 25 Mar 2023 17:09:13 GMT
cache-control: max-age=7200, s-maxage=60
etag: W/"84fd26909f77c7c141450fbdf990b3dc"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fD0T7SnXqknF3ZA_DGptvrtOFlYWEXex4-Sfh5NbWUom5_F0oilXmw==
X-Firefox-Spdy: h2
betotodilea.com/400/4495524
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/400/4495524
IP 139.45.197.237:0
GET /400/4495524 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:12 GMT
content-type: application/javascript
x-trace-id: e13396b36ed1e7f05e9346533d421e06
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=199e6fd74e1c4cdaa21a8340060fb8c5; expires=Sun, 24 Mar 2024 17:09:12 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
betotodilea.com/400/4495524
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/400/4495524
IP 139.45.197.237:0
GET /400/4495524 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:12 GMT
content-type: application/javascript
x-trace-id: 530cb1d1d768a0bd2271f88ae669962d
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=702684b9d88b4c1195d6c0d0ad5d34e5; expires=Sun, 24 Mar 2024 17:09:12 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap
142.250.74.138200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap
IP 142.250.74.138:0
GET /css2?family=Roboto:wght@400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Mar 2023 17:09:10 GMT
date: Sat, 25 Mar 2023 17:09:10 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
172.67.141.224200 OK 0 B IP 172.67.141.224:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:09:12 GMT
content-type: application/javascript
last-modified: Mon, 06 Mar 2023 09:50:04 GMT
etag: W/"6405b74c-4417"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 6118
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=puOIfASiPlotB1nqrcSz1U56fDOKCZmFMeiig4hQDztTgBxbKHAQ43SygIxxUU2Nj%2FAGUn7fqpY1Ee98pIaDBnPn%2FT3zFgBGSw08XS%2Fa8t1%2F3HmKR%2FML48zgy0mK9w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ad8c29f9d790b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
yts.myproxy.help/assets/images/website/logo-YTS.svg
188.114.96.1200 OK 0 B URL HTTP/2 yts.myproxy.help/assets/images/website/logo-YTS.svg
IP 188.114.96.1:0
Analyzer Verdict Alert fortinet Phishing
GET /assets/images/website/logo-YTS.svg HTTP/1.1
Host: yts.myproxy.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:09:10 GMT
content-type: image/svg+xml
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
set-cookie: view=1; expires=Sun, 26-Mar-2023 17:09:10 GMT; Max-Age=86400
PHPSESSID=c13sglo66mi9ch9t86isom5h9n; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9fRrGrHZekDd8QdvMHYvQ8NJyYmcCqEEyh5LovtZgZlCwxoy4m4SKsPi3iVYTEXBDORTh2qEFoTwi7IcW7cc8OUf3VVN2dZL9wZnDKGeQhKWicqAdxtzIGtG71tjOu7pskgR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ad8c295da1d1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thaudray.com/5/2632704/?abt_opts=1&oo=1&aab=1&js_build=iclick-v1.511.0&userId=e312381457f94801a62543c43f5fb02c
139.45.197.237200 OK 0 B URL HTTP/2 thaudray.com/5/2632704/?abt_opts=1&oo=1&aab=1&js_build=iclick-v1.511.0&userId=e312381457f94801a62543c43f5fb02c
IP 139.45.197.237:0
GET /5/2632704/?abt_opts=1&oo=1&aab=1&js_build=iclick-v1.511.0&userId=e312381457f94801a62543c43f5fb02c HTTP/1.1
Host: thaudray.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:12 GMT
content-type: application/json
x-trace-id: af6adba993a61761303aa47202397228
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=e312381457f94801a62543c43f5fb02c; expires=Sun, 24 Mar 2024 17:09:12 GMT; path=/; secure; SameSite=None
oaidts=1679764152; expires=Sun, 24 Mar 2024 17:09:12 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 01 Apr 2023 17:09:12 GMT; path=/; secure; SameSite=None
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
benumelan.com/27/260099e03ce94b601488fb1ee2d0c77e
139.45.197.239200 OK 0 B URL HTTP/2 benumelan.com/27/260099e03ce94b601488fb1ee2d0c77e
IP 139.45.197.239:0
GET /27/260099e03ce94b601488fb1ee2d0c77e HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: scm=1; OAID=e312381457f94801a62543c43f5fb02c; oaidts=1679764152; syncedCookie=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:12 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
cache-control: max-age:290304000, public
last-modified: Thu, 23 Mar 2023 08:41:31 GMT
expires: Thu, 22 Apr 2083 08:41:31 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
interstitial-07.com/?l=7vf2L3SbafIz8Hw&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D3749428813%26z%3D3372123%26b%3D17248824%26c%3D6778409%26var%3D%26d%3Dhttps%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D1071%2526key%253D87c00cfc7db85ee07fb048fcbdd60deb%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DCrk5-VEM1rdg7j5_G5tP-rC5fxxubLIRmm0KoOIDgsx3Ujlz4RUUJ63NzhQw9qJYfq91BpSQsgshndluAN044tyrYwXbq1QxHfj9WwsDjPhlthVjLlwRumNBQnsE5KgtOhTWXykqnhcOJq2xJrFhnhg2MtRj4xlyoRNSlZWw-EJrmfOaUxCPdg7ETlyWawK0_18gaeBsoGJI7bw96yy0N-tQBP9_8hYBztxJmU5V9N02U8oH9_l218cQXyDjWjRHsxt1otmeeS387A_yoBI98QO_FZVGzy9sS-Nb2BOtqA7d9jOCdq8gg4wD7d16CFDba6ezMVpO0jFJIno5NyQ-0J57wADeSeqIY2gZw2BrY1g-6deVxlbTfcMZYkt4H8oYQs3m7pt6jty1tGz0QhZVBrwoxakg5wN-xmvx-AJKZt1OX-O2g1OP542z6epgksuypHeROxvsinN3hk63QHS0Qvy77RL29KRFioFUm1Fg5v-asVHxqnRGrQINX9pXXkjXf8ukOGi0a_gN9NIKw-2OED3Psnp27WmfVOC-f0y27oCk9TVg8aUAT7OcKnPgkN_66rIdmBH3e-cLKwjGJ4LqW0SYfWA4m8_2_jHcHSv_Oh2QwU9iwb8C9gJcHHqLgsjqNT4Ox1SAxyDmLNTPqxX_HD2rzCeW2HNORLhEXbhElgtVHiEP%26bag%3Dfau4SF9FownNcHj8beUzeA%3D%3D%26ruid%3D3a6ae6ed-f750-43eb-ad97-3a5a3bc95388%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fyts.myproxy.help%252F%26wy%3D0%26wx%3D0%26ww%3D1152%26wh%3D921%26cw%3D1140%26wiw%3D1152%26wih%3D836%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
139.45.197.151200 OK 0 B URL HTTP/2 interstitial-07.com/?l=7vf2L3SbafIz8Hw&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D3749428813%26z%3D3372123%26b%3D17248824%26c%3D6778409%26var%3D%26d%3Dhttps%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D1071%2526key%253D87c00cfc7db85ee07fb048fcbdd60deb%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DCrk5-VEM1rdg7j5_G5tP-rC5fxxubLIRmm0KoOIDgsx3Ujlz4RUUJ63NzhQw9qJYfq91BpSQsgshndluAN044tyrYwXbq1QxHfj9WwsDjPhlthVjLlwRumNBQnsE5KgtOhTWXykqnhcOJq2xJrFhnhg2MtRj4xlyoRNSlZWw-EJrmfOaUxCPdg7ETlyWawK0_18gaeBsoGJI7bw96yy0N-tQBP9_8hYBztxJmU5V9N02U8oH9_l218cQXyDjWjRHsxt1otmeeS387A_yoBI98QO_FZVGzy9sS-Nb2BOtqA7d9jOCdq8gg4wD7d16CFDba6ezMVpO0jFJIno5NyQ-0J57wADeSeqIY2gZw2BrY1g-6deVxlbTfcMZYkt4H8oYQs3m7pt6jty1tGz0QhZVBrwoxakg5wN-xmvx-AJKZt1OX-O2g1OP542z6epgksuypHeROxvsinN3hk63QHS0Qvy77RL29KRFioFUm1Fg5v-asVHxqnRGrQINX9pXXkjXf8ukOGi0a_gN9NIKw-2OED3Psnp27WmfVOC-f0y27oCk9TVg8aUAT7OcKnPgkN_66rIdmBH3e-cLKwjGJ4LqW0SYfWA4m8_2_jHcHSv_Oh2QwU9iwb8C9gJcHHqLgsjqNT4Ox1SAxyDmLNTPqxX_HD2rzCeW2HNORLhEXbhElgtVHiEP%26bag%3Dfau4SF9FownNcHj8beUzeA%3D%3D%26ruid%3D3a6ae6ed-f750-43eb-ad97-3a5a3bc95388%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fyts.myproxy.help%252F%26wy%3D0%26wx%3D0%26ww%3D1152%26wh%3D921%26cw%3D1140%26wiw%3D1152%26wih%3D836%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
IP 139.45.197.151:0
GET /?l=7vf2L3SbafIz8Hw&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D3749428813%26z%3D3372123%26b%3D17248824%26c%3D6778409%26var%3D%26d%3Dhttps%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D1071%2526key%253D87c00cfc7db85ee07fb048fcbdd60deb%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DCrk5-VEM1rdg7j5_G5tP-rC5fxxubLIRmm0KoOIDgsx3Ujlz4RUUJ63NzhQw9qJYfq91BpSQsgshndluAN044tyrYwXbq1QxHfj9WwsDjPhlthVjLlwRumNBQnsE5KgtOhTWXykqnhcOJq2xJrFhnhg2MtRj4xlyoRNSlZWw-EJrmfOaUxCPdg7ETlyWawK0_18gaeBsoGJI7bw96yy0N-tQBP9_8hYBztxJmU5V9N02U8oH9_l218cQXyDjWjRHsxt1otmeeS387A_yoBI98QO_FZVGzy9sS-Nb2BOtqA7d9jOCdq8gg4wD7d16CFDba6ezMVpO0jFJIno5NyQ-0J57wADeSeqIY2gZw2BrY1g-6deVxlbTfcMZYkt4H8oYQs3m7pt6jty1tGz0QhZVBrwoxakg5wN-xmvx-AJKZt1OX-O2g1OP542z6epgksuypHeROxvsinN3hk63QHS0Qvy77RL29KRFioFUm1Fg5v-asVHxqnRGrQINX9pXXkjXf8ukOGi0a_gN9NIKw-2OED3Psnp27WmfVOC-f0y27oCk9TVg8aUAT7OcKnPgkN_66rIdmBH3e-cLKwjGJ4LqW0SYfWA4m8_2_jHcHSv_Oh2QwU9iwb8C9gJcHHqLgsjqNT4Ox1SAxyDmLNTPqxX_HD2rzCeW2HNORLhEXbhElgtVHiEP%26bag%3Dfau4SF9FownNcHj8beUzeA%3D%3D%26ruid%3D3a6ae6ed-f750-43eb-ad97-3a5a3bc95388%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fyts.myproxy.help%252F%26wy%3D0%26wx%3D0%26ww%3D1152%26wh%3D921%26cw%3D1140%26wiw%3D1152%26wih%3D836%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.myproxy.help/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
set-cookie: reverse=2tRsLTdZlyKtU5-nbbSt_tDMgmJrvFN12E2U9DQiBa4; expires=Sat, 25-Mar-2023 18:09:14 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2
glimtors.net/pfe/current/universal.min.js?v=3.1.424
139.45.197.251200 OK 0 B URL HTTP/2 glimtors.net/pfe/current/universal.min.js?v=3.1.424
IP 139.45.197.251:0
GET /pfe/current/universal.min.js?v=3.1.424 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.myproxy.help/
Origin: http://yts.myproxy.help
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:11 GMT
content-type: application/javascript
last-modified: Thu, 16 Mar 2023 15:32:57 GMT
etag: W/"641336a9-190ac"
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/df/bd/7a/dfbd7a33d1397e7e7063b1664658e57d/1601889852.html
45.133.44.3200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/df/bd/7a/dfbd7a33d1397e7e7063b1664658e57d/1601889852.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
GET /sb/au/df/bd/7a/dfbd7a33d1397e7e7063b1664658e57d/1601889852.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:09:13 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Mon, 16 Nov 2020 15:00:21 GMT
etag: W/"5fb29405-563"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 25 Mar 2023 18:09:13 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
benumelan.com/9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.myproxy.help%2F&wy=0&wx=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&sah=1024&drf=&hil=1&ist=0&oaid=e312381457f94801a62543c43f5fb02c
139.45.197.239200 OK 0 B URL HTTP/2 benumelan.com/9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.myproxy.help%2F&wy=0&wx=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&sah=1024&drf=&hil=1&ist=0&oaid=e312381457f94801a62543c43f5fb02c
IP 139.45.197.239:0
POST /9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.myproxy.help%2F&wy=0&wx=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&sah=1024&drf=&hil=1&ist=0&oaid=e312381457f94801a62543c43f5fb02c HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 330
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: scm=1; OAID=e312381457f94801a62543c43f5fb02c; oaidts=1679764152; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:13 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: http://yts.myproxy.help
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: abefc5687fbc135b81cb93f41ad9cfd2
access-control-expose-headers: X-Sc
set-cookie: OAID=e312381457f94801a62543c43f5fb02c; expires=Sun, 24 Mar 2024 17:09:13 GMT; secure; SameSite=None
oaidts=1679764152; expires=Sun, 24 Mar 2024 17:09:13 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
unphionetor.com/fv.js?t=72747&cb=1035967479
139.45.197.236200 OK 0 B URL HTTP/2 unphionetor.com/fv.js?t=72747&cb=1035967479
IP 139.45.197.236:0
GET /fv.js?t=72747&cb=1035967479 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:14 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 929a3004e49e7f6c9756c15413770d56
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/vb26e4fa9e5134444860be286fd8771851679335129114
104.16.56.101200 OK 0 B URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/vb26e4fa9e5134444860be286fd8771851679335129114
IP 104.16.56.101:0
GET /beacon.min.js/vb26e4fa9e5134444860be286fd8771851679335129114 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:09:10 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2023.3.0
last-modified: Mon, 20 Mar 2023 17:58:49 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ad8c2961dcbb517-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
betotodilea.com/500/4495524?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/500/4495524?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
GET /500/4495524?excludes=&oaid=e312381457f94801a62543c43f5fb02c&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=836&wfc=2&pl=http%3A%2F%2Fyts.myproxy.help%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://yts.myproxy.help
Connection: keep-alive
Referer: http://yts.myproxy.help/
Cookie: OAID=e312381457f94801a62543c43f5fb02c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:09:13 GMT
content-type: application/javascript
x-trace-id: 3ca0f7589604908ad5d9b2bd8b84fd93
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: http://yts.myproxy.help
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=e312381457f94801a62543c43f5fb02c; expires=Sun, 24 Mar 2024 17:09:13 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2