firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 22:03:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: QhdDWkn5plqcqvo839qN-Ez9LWx9c5hUXqtKquPLEEqVWIN5KJWNTw==
Age: 1481
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3013
Expires: Tue, 27 Sep 2022 23:18:33 GMT
Date: Tue, 27 Sep 2022 22:28:20 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wX6giD5N6qsymrnlO8Ri-ADf6e7nz8SKdnSSJcsoFPE5L7XRTZ2RIA==
age: 47047
X-Firefox-Spdy: h2
1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
104.21.28.218200 OK 350 kB URL HTTP/1.1 1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
IP 104.21.28.218:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (60411), with CRLF, LF line terminators
Size 350 kB (350190 bytes)
Hash 52cfdebfe56e05dea309452306e104ee
c28ec6ac98e29d5eb48260b7ee40e544decffbe6
76ee45dffee39e0c31323fb826d764fb174491f0a341412e6e9eacff0ecac2f3
Analyzer Verdict Alert fortinet Malware
GET /torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/ HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8C06KuIOa1hUky0QN7elgjH6AUwrHDfxqo3VU81NdnPL7V5zSRZOSD3Qng36Wuv77HE4YVmhASIg9H7oxOxYBbXRgpcDSsVuFvdq%2BBgTtEy4xFmDubLEcH4Umnd6KUpQamRItQYh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7517abfd6c5eb509-OSL
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:21 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
glimtors.net/ntfc.php?p=2651991
139.45.197.251200 OK 5.9 kB URL HTTP/1.1 glimtors.net/ntfc.php?p=2651991
IP 139.45.197.251:0
File type C source, ASCII text, with very long lines (14504), with no line terminators
Hash 1609bee48bdf1fd65d6538c2bd4305b8
dfdbfe7c83015676985e72a1a9cbc4590e32c816
3a4ab584d97816bb567424b5fb673c67a5d8ac7ececf1cb4dd4a07fb0b3cf2fb
Analyzer Verdict Alert fortinet Malware
GET /ntfc.php?p=2651991 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 22:28:21 GMT
Content-Type: application/javascript
Last-Modified: Tue, 27 Sep 2022 13:19:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6332f869-38a8"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Content-Encoding: gzip
1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
104.21.28.218200 OK 350 kB URL HTTP/1.1 1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
IP 104.21.28.218:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (60411), with CRLF, LF line terminators
Size 350 kB (350190 bytes)
Hash 52cfdebfe56e05dea309452306e104ee
c28ec6ac98e29d5eb48260b7ee40e544decffbe6
76ee45dffee39e0c31323fb826d764fb174491f0a341412e6e9eacff0ecac2f3
Analyzer Verdict Alert fortinet Malware
GET /torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/ HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=upLs1HGnw%2BFXFA2NJ594Vp%2FDYsikrB745dgqZbdXb0ulB7Qsz%2Fv09uUqDkSJDB4r4AE0jAtjv8%2FDVwwtHa5rD82dYy9nZiqnkmqil8se3ABBN0I1vy6mxd0btJJUmImChX%2FAbsUl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7517ac00ded8b509-OSL
alt-svc: h2=":443"; ma=60
glimtors.net/ntfc.php?p=2651991
139.45.197.251304 Not Modified 0 B URL HTTP/1.1 glimtors.net/ntfc.php?p=2651991
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /ntfc.php?p=2651991 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
If-Modified-Since: Tue, 27 Sep 2022 13:19:37 GMT
If-None-Match: W/"6332f869-38a8"
HTTP/1.1 304 Not Modified
Server: nginx
Date: Tue, 27 Sep 2022 22:28:21 GMT
Last-Modified: Tue, 27 Sep 2022 13:19:37 GMT
Connection: keep-alive
ETag: "6332f869-38a8"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
i.imgur.com/TH5z5DM.png
151.101.84.193200 OK 1.5 kB IP 151.101.84.193:0
File type PNG image data, 94 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash 063ed504acc2ee96cec413d248379761
c2ba3db79e0b25c801ff431539a63d17014533ca
5718709bc4408d9d06689ad12333e3e79299dd44abcf447ca6a5718aedc8a517
GET /TH5z5DM.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 25 Jul 2021 13:23:59 GMT
etag: "063ed504acc2ee96cec413d248379761"
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 27 Sep 2022 22:28:21 GMT
age: 3077991
x-served-by: cache-iad-kcgs7200177-IAD, cache-bma1633-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 2
x-timer: S1664317702.591813,VS0,VE0
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 1476
X-Firefox-Spdy: h2
1337x.theproxy.best/sw.js
104.21.28.218200 OK 2.4 kB URL HTTP/1.1 1337x.theproxy.best/sw.js
IP 104.21.28.218:0
File type ASCII text, with very long lines (5237)
Hash 22c2983078661daa049e0ef56f648252
aa14933a8986c5e447cae783efce1b4c5b473f41
24b37aa018792653d2d6d8fff5a03ff9d6966e132e2a10b9301400cf89781784
Analyzer Verdict Alert fortinet Malware
GET /sw.js HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:21 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 01 Feb 2022 00:10:55 GMT
ETag: W/"61f87a8f-1476"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IBBNWsCgDjjxw1k64kTwMu0KzsIZvMrY4EDFdW8tmXbELriC2fxahIGe6B7Z9fqtDEJvmg%2FPghc18qtB3IXVFSzAjlPyzQ6t7Kr0n7ydxtUnpjcb8Fgv3up4toCMxZZRxfc2mPd3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac027857b509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/css/icons.css
104.21.28.218200 OK 1.8 kB URL HTTP/1.1 1337x.theproxy.best/css/icons.css
IP 104.21.28.218:0
File type ASCII text, with CRLF line terminators
Hash d66f4f633c7543803b1e3a6c487576d6
4f988d8fea026908ba2ad751e97656e8aac0728f
7bad6c5da1cb217b8cd33857ae4f1a4b8dd4a328ac8565ff35a4b14ff99ca965
GET /css/icons.css HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:21 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Mon, 26 Sep 2022 17:06:08 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pIgq0JN32T5dSOKAOROlQniy1bZswJvOeoY3SWXNdKBig53i%2BW%2FLvm7fVOmnGfYaJ6eNCp04G5YeyTFqtDUpefJusYkR5VimsudMpAI2M5IzIXpkAqHWhMHmewt4tCIecpHsDYEn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac02394bb51d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 11b1f146fa6fa4a88b1efc65b548fb73
f3f12e14f8f66a2e7c43015c394af199e4a94e06
74441efb7e39672af50ce0b6190b20d20bc3ae744b415a17f8b96a0f89aa0491
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 22:28:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
inpagepush.com/400/3064505
139.45.197.237200 OK 31 kB URL HTTP/1.1 inpagepush.com/400/3064505
IP 139.45.197.237:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 6a97575155f111e6c731384f57578229
89571bf0db79161c005657b199fc39513984a200
11635752a329d619d5830ee4174aeccf1c95d7bd8181ae703193cc6ac0ad70c1
Analyzer Verdict Alert fortinet Malware
GET /400/3064505 HTTP/1.1
Host: inpagepush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 22:28:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 79b019332b38f7c50504131dcb9da19c
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=b205c3dcef4849f7b83f50ae52014122; expires=Wed, 27 Sep 2023 22:28:21 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
benumelan.com/5/2632704
139.45.197.239200 OK 23 kB IP 139.45.197.239:0
File type ASCII text, with very long lines (62332), with no line terminators
Hash 829ce52e96e283b1f6d3d746f5b36c20
69cc6873288fa47a75086245bb7511c22891ff78
ee9cfe8fd430d14b7870003a4d35e4632b597dbf748ad725292e47a07783003f
Analyzer Verdict Alert quad9 Sinkholed
GET /5/2632704 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 22:28:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: badf524619cdfd6f550db736ea13b209
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=5b260b75c93c426ca1fa085d4a6d6aca; expires=Wed, 27 Sep 2023 22:28:21 GMT; path=/
oaidts=1664317701; expires=Wed, 27 Sep 2023 22:28:21 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
1337x.theproxy.best/css/modal.css
104.21.28.218200 OK 1.1 kB URL HTTP/1.1 1337x.theproxy.best/css/modal.css
IP 104.21.28.218:0
File type ASCII text, with CRLF line terminators
Hash c6d764bdcaaf9260d076364e90add22a
7a1322ae6153d37a97ec7f28ff6bddf79c0060ca
72451558efe2878f55c108f003621a9096f511875c80572ba6898b8eda98c3a9
GET /css/modal.css HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:21 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:21 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VpuDj2S3IjVI9%2F3R9oBz1oXaCJSHdFQs8MdLhOYgMBrpDe69FkWYO255kQRef7d5YHscQCj1jWuZZrMt%2FMJkVXFp8rbMiTdNfSU3Cf3smdfYf1LDTia7aVRbkvmJYEouHdSj%2BTjq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac023c1c1c0e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/css/scrollbar.css
104.21.28.218200 OK 4.1 kB URL HTTP/1.1 1337x.theproxy.best/css/scrollbar.css
IP 104.21.28.218:0
File type ASCII text, with very long lines (550)
Hash 0539ab1028ec5185d305d6ffffb35983
903c34a56e117c2fc8c24207623b876214dadf44
60692edceafd9a5f4f2ec6f0ec01cfeb35f23accee5a564ebc42ad92807288a7
GET /css/scrollbar.css HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:21 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:21 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WYxI3EN9e0CwUB1vv2XW7IQrXX%2FMFHAUi%2BH9WyP8VIh6pIBwZp1%2F9m6FnG8BfHQcRZpXi0qkwIPDg8yHoPYBY6p8DVspKqppfHchzBHVG3Ff5pbvm%2F%2F0%2FYuzgBVkV8fr3R%2Fn%2FKHv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac023bf4fab4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
d2ers4gi7coxau.cloudfront.net/?gsred=949060
143.204.42.65200 OK 159 kB URL HTTP/1.1 d2ers4gi7coxau.cloudfront.net/?gsred=949060
IP 143.204.42.65:0
File type Unicode text, UTF-8 text, with very long lines (15945)
Size 159 kB (159102 bytes)
Hash c392ae93802f9200f6c4031a3ac52ba0
f09b402d99c6521f5695feff8b71e696f02ebccc
9af55ebf9ff5ae3d3c91ce7da2249256d5a9c15d13e4ea4fd8c1d63a3712fe3b
GET /?gsred=949060 HTTP/1.1
Host: d2ers4gi7coxau.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Content-Length: 159102
Connection: keep-alive
Date: Tue, 27 Sep 2022 22:28:21 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 57GeCHrN0EJ1EFUVFNQI6Ap_sYKbkfklXvhQzT1hYz2WG03EjTiEPA==
1337x.theproxy.best/css/jquery-ui.css
104.21.28.218200 OK 8.1 kB URL HTTP/1.1 1337x.theproxy.best/css/jquery-ui.css
IP 104.21.28.218:0
File type ASCII text, with very long lines (2363), with CRLF line terminators
Hash 6a44ae12794af1e90e2560b83c37364a
435eac4849f4a46d0ba588dc302dcaf8f46525c4
581d5ea4f984edea296a9f9384cfdc99bf17c7c1efe4388b8d8b576c73f08ae8
GET /css/jquery-ui.css HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:21 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:21 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=erGzCbRjoSy5fzP4tRlRHb4MQPZz8QfHNEwAl6szs47GaAjQLiXjcDaPB5QefFkAbyZkd%2FXpwtFo5S08QykUEtH3VmPiqhkZ7lu%2BqAihc1V0xUEPUU6O59jKWxEYqJkIn%2BrQeP8Q"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac023942b512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6bb87391074b2b93df5053d8577a71bd
9128df6413ed3cced97c3d9fef635cc6990b9d8c
6eec030808d16df7d0955fd8b1de63139b3ff5cdb2514b0ad2aa8cb4423650f8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6EEC030808D16DF7D0955FD8B1DE63139B3FF5CDB2514B0AD2AA8CB4423650F8"
Last-Modified: Sun, 25 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3727
Expires: Tue, 27 Sep 2022 23:30:28 GMT
Date: Tue, 27 Sep 2022 22:28:21 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0606ac45be7f15da7dca56f7681702d7
9426174dd9e1ee20bd63bab4f449a29bb161b15d
9b75749c5214838a89d2ad56e9621cf079d19a41dd6a4de7010bd27008499a68
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9B75749C5214838A89D2AD56E9621CF079D19A41DD6A4DE7010BD27008499A68"
Last-Modified: Mon, 26 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5085
Expires: Tue, 27 Sep 2022 23:53:06 GMT
Date: Tue, 27 Sep 2022 22:28:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 753c4d96db1defcd271b4ea71cf22d71
e17dca8db419e264f57928f044a2101043d954a7
52c2d69faf208d562efe5f266ebe31a1ae8f173e0378fe37508da511bf68b833
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52C2D69FAF208D562EFE5F266EBE31A1AE8F173E0378FE37508DA511BF68B833"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6434
Expires: Wed, 28 Sep 2022 00:15:35 GMT
Date: Tue, 27 Sep 2022 22:28:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 753c4d96db1defcd271b4ea71cf22d71
e17dca8db419e264f57928f044a2101043d954a7
52c2d69faf208d562efe5f266ebe31a1ae8f173e0378fe37508da511bf68b833
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52C2D69FAF208D562EFE5F266EBE31A1AE8F173E0378FE37508DA511BF68B833"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6434
Expires: Wed, 28 Sep 2022 00:15:35 GMT
Date: Tue, 27 Sep 2022 22:28:21 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 11b1f146fa6fa4a88b1efc65b548fb73
f3f12e14f8f66a2e7c43015c394af199e4a94e06
74441efb7e39672af50ce0b6190b20d20bc3ae744b415a17f8b96a0f89aa0491
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 22:28:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 27 Sep 2022 22:10:46 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 27 Sep 2022 23:08:53 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: JGTzjWp-OWfVvDJY0YjrTmcJ_hLl3zsjA6CTKukyGaa_3msnOyubtw==
Age: 1055
glimtors.net/zone?pub=0&zone_id=2651991&is_mobile=false&domain=1337x.theproxy.best&var=&ymid=&var_3=
139.45.197.251200 OK 705 B URL HTTP/2 glimtors.net/zone?pub=0&zone_id=2651991&is_mobile=false&domain=1337x.theproxy.best&var=&ymid=&var_3=
IP 139.45.197.251:0
File type JSON data\012- , ASCII text, with very long lines (704)
Hash f59afb1c13afa3cad586606ab117e8ea
d70df5755956671c2d38da1b6ddf2576916b0362
a57a393cfd93ec626b4c72c793ca3bdd452b98beb4613a4d7707aaf307de8949
GET /zone?pub=0&zone_id=2651991&is_mobile=false&domain=1337x.theproxy.best&var=&ymid=&var_3= HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1337x.theproxy.best/
Origin: http://1337x.theproxy.best
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:21 GMT
content-type: application/json; charset=utf-8
content-length: 705
x-trace-id: a2b4a1789015477dc3ec984928e3371d
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0606ac45be7f15da7dca56f7681702d7
9426174dd9e1ee20bd63bab4f449a29bb161b15d
9b75749c5214838a89d2ad56e9621cf079d19a41dd6a4de7010bd27008499a68
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9B75749C5214838A89D2AD56E9621CF079D19A41DD6A4DE7010BD27008499A68"
Last-Modified: Mon, 26 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5085
Expires: Tue, 27 Sep 2022 23:53:06 GMT
Date: Tue, 27 Sep 2022 22:28:21 GMT
Connection: keep-alive
1337x.theproxy.best/js/auto-searchv2.js
104.21.28.218200 OK 543 B URL HTTP/1.1 1337x.theproxy.best/js/auto-searchv2.js
IP 104.21.28.218:0
File type ASCII text, with CRLF line terminators
Hash fc0da7bef37efa0232a5c754529b9f57
845a70ee1e73017c193a2b460df4363bdf563eff
0671e8cfbe56566015b56c1304a41cb57cae29902e6e0a964d147a7154a8f9a1
Analyzer Verdict Alert fortinet Malware
GET /js/auto-searchv2.js HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:21 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Mon, 26 Sep 2022 17:06:09 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u7s8QL5TlujG6NCM4jds86Vh%2FxVk029PTW7oX%2BcH6Ct5Opq2J4T1HfI%2BRbBhjexmSf8iN6akdEdi2aHzQ3EZwv4qAxrN5gn6ddfiLsAoWARIVsRl24KP8wAUVoaIwu0s6eSQIAkG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac03cd811c0e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/js/equalheight.js
104.21.28.218200 OK 217 B URL HTTP/1.1 1337x.theproxy.best/js/equalheight.js
IP 104.21.28.218:0
File type ASCII text, with CRLF line terminators
Hash 693f482ceee034e84c02df3ed0fd1710
cd80e4af11b0d8d9c6c2df2687ff6c42c839e018
f6a555ac47395bb4b66ca61a75c61091d6473b5a2b52872da4eaab2edabde74e
Analyzer Verdict Alert fortinet Malware
GET /js/equalheight.js HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:21 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:21 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EOUtBmVB%2FuL9Kw9wlQwnyrbRh39ShmPyOWsuqsi9rAsIvWTTOlRBU%2F%2F1Dui0MKTc5sATkyEy03tYuc5Kqy9W8WoaL185X8vZeP1WTb707QDmyKdaXt8%2BfXw7O2L1Vu51L%2FEg5cEP"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac03ccc8fab4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/js/jquery-1.11.0.min.js
104.21.28.218200 OK 28 kB URL HTTP/1.1 1337x.theproxy.best/js/jquery-1.11.0.min.js
IP 104.21.28.218:0
File type ASCII text, with very long lines (32341), with CRLF line terminators
Hash e6c909bf6d13ac8149b23f946c800f07
f68587fca528d3ac6712e732dc9e5c099604621e
bcad06379d2359223287b1941f44b5ac4eb9ee21bb2977ce96b973de4e31442b
Analyzer Verdict Alert fortinet Malware
GET /js/jquery-1.11.0.min.js HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:21 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:21 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RKCtYNim5CMERbTawcFPB9UUMbe40y%2BqN7GPHlQUY8ghPtLnOt8K%2FX3Hx6XKfGX%2B1AOIiFSxC2b2sbUBnziPMZTFRQds1eF1A6%2F6DrnrvSTAYsbc%2Bvgptm6EeOC0OurWP0jUHShT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac0318b7b509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/css/style10.2022-09-27-14.css
104.21.28.218200 OK 31 kB URL HTTP/1.1 1337x.theproxy.best/css/style10.2022-09-27-14.css
IP 104.21.28.218:0
File type ASCII text, with CRLF, CR line terminators
Hash c4d619d642eb308626f53ce07fc13413
1b7ffa15fd1b1d37c8e90970ea21be72dc06445c
c47e18aeb0a5e2683e56430c02a67f8fde0f85e769b0331ee902c6952684b158
GET /css/style10.2022-09-27-14.css HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:21 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:21 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c5t5KDtkhZmFTaYH4%2FWZU%2BCOR68AiufX%2FcjJYlQLD9g4osnMRCKkJtE8x1X8BXBtGLUORU8IbVQr%2BgvjbErSSP9brXeN0aPIhIt4PWpSU4%2BHXwUcc12liyHeSHJXA3IDyGXsaIcf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac023fe1b4fd-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3177
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 22:28:21 GMT
Last-Modified: Tue, 27 Sep 2022 21:35:24 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
1337x.theproxy.best/js/tab.js
104.21.28.218200 OK 802 B URL HTTP/1.1 1337x.theproxy.best/js/tab.js
IP 104.21.28.218:0
File type ASCII text, with very long lines (1820), with no line terminators
Hash b707ac50311c714a9d194a00b2205551
d4c431e8f089bbd6e48fa7bcfa2094ac310ea3f2
2aebea2d31865a8efbe2fcdc47d7310a5707937cb404cc8314b730507ed1e212
Analyzer Verdict Alert fortinet Malware
GET /js/tab.js HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:21 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:21 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R1eKJOkhTIu0iYZgQxZASKEhzyfllIyXmmqWXAxZQcDlpGNZC21WdrKrkrMeOQcm259v7V7YlS%2BsQqLHYmiuzaF8u7n1YxBQBja51mdlbHNcVtRVkf2%2BddKeC6P91kfe3biMPfj9"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac047e011c0e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/js/scrollbar.js
104.21.28.218200 OK 14 kB URL HTTP/1.1 1337x.theproxy.best/js/scrollbar.js
IP 104.21.28.218:0
File type ASCII text, with very long lines (1329)
Hash 7f2682a3ebddfbb024979cda2878399a
6069ebce7c336cc110d457eddf5fe3349dc1094f
261a8d821751f76ee5c9812d2078e1fc0c094344f3b649b6a5d067fd3b6b6121
Analyzer Verdict Alert fortinet Malware
GET /js/scrollbar.js HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:21 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:21 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qfqxJCIvuQQ64TAfA8efHNz8NthPLO82lotlbJyw7tyrSuBnRlil8z9cUUwAHn7hziTP2NLOH0QHmMYlgcHKjMNiVQTQAP4lWaTh9K7JJpzXR49wb2yIAQYaEW2AGOYyxU58D5Gp"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac03da3ab512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/js/lazyload.min.js
104.21.28.218200 OK 1.3 kB URL HTTP/1.1 1337x.theproxy.best/js/lazyload.min.js
IP 104.21.28.218:0
File type ASCII text, with very long lines (3309)
Hash 5d4bfd7bf9d24155ce9de97594f04baa
70f15df262adef9cbec76bff3fe82adb22069037
60d10300a8ecd424c636f40e978972bb291eef4a83b9c0ec3bd8f838ccaaca73
Analyzer Verdict Alert fortinet Malware
GET /js/lazyload.min.js HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:22 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YG%2FZcLIHr9IX5OCKAD206M1lfXvseEHb1tq%2Ff2SOvft%2Bh1VIU03xpKEu9%2BrGnr3ppHA4xnZ8lQApai5n8gt16JvCDUYK5X2YwjOMtiSn%2Fj%2FsypRqAHq4g890K3YYcpd115pYigzg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac04cd37fab4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/js/pagination.js
104.21.28.218200 OK 1.0 kB URL HTTP/1.1 1337x.theproxy.best/js/pagination.js
IP 104.21.28.218:0
File type ASCII text, with very long lines (395)
Hash 41049cc11d77d3cc4a9d3a9f49757e0b
00eab2a93a6536ed46f578fe82bfd766fb786d52
8fc4bb84b02582786c9976bc8cabf35c6adbbce9884a3423cd30deae85245143
Analyzer Verdict Alert fortinet Malware
GET /js/pagination.js HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:22 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w9qewu8GkL3mJhKt5H5TP1B3IDfIpA7jU%2FaKtHSWQYvKhyEIDJXvuNs0%2BlmAJgG6iWi%2BnUPLQJdXJK%2BkLtFVmyyKDJHyailiIgX%2ByKP4Q5o%2F3K4NP7fdZkV9RR2vYibmiM6RZnP9"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac054a2db4fd-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/js/modal.js
104.21.28.218200 OK 2.7 kB URL HTTP/1.1 1337x.theproxy.best/js/modal.js
IP 104.21.28.218:0
File type ASCII text, with CRLF line terminators
Hash 1fb83510515a474f47b83d5e9fd0769b
f4f774a2c45a824b1ba4af5e3aa1b7224c6537a5
38d0349d2308d60fa884f39bcbdccc1b4fbb68b54bfa6b512edd41c92eb7a0c7
Analyzer Verdict Alert fortinet Malware
GET /js/modal.js HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:22 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XikvDIBe2KeEmKUKa6%2BISIgQkfgidhcqsblXZYjmSVXY2tET3EwCKBPWjwxyAbkMDUT7GYV7L0g29evs8vdFYzi95v16cD5CrnpKy8J8zQ0Jl0eoISpSyN%2FnGBS%2FlsUAYYsJn%2BvG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac056eec1c0e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
reswsentativ.xyz/popunder.gif
104.21.94.209200 OK 58 B URL HTTP/1.1 reswsentativ.xyz/popunder.gif
IP 104.21.94.209:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 79c15b369d32d2f0f17c116f541b6df3
3039289d4d1f5bc7385a81621deb2614423b769b
e3a3c6b90f511e80a77636fdd4c6047336d4ed5b2c86adf74318a08142649e08
GET /popunder.gif HTTP/1.1
Host: reswsentativ.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: image/gif
Content-Length: 58
Connection: keep-alive
access-control-allow-origin: *
Pragma: public
cache-control: public, max-age=604800, immutable
content-encoding: gzip
CF-Cache-Status: HIT
Age: 100672
Last-Modified: Mon, 26 Sep 2022 18:30:30 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cylTh4SOc9NYMYO0WuRf7fBDJe4kMKOW3NghPlauBpSnldlG%2FJeE77G4%2BRAb2xBQ5iXWJbFWYNpBkHKwZ8JGERlHLQkawO%2FXiOGh2rwSTZ%2FBgb1ak3Jg%2BsCfDYKJrCOl7M5R"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac05fe68b51b-OSL
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d6f2c43e659d39525512f4c54eb7ca53
2d7e5b943cdc8450caa8b5095e5da4dec9ff4f64
813d7d8a58566a30965f10ce59d9598d593983dc87d3f9a35e97f4f9b103ce8e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "813D7D8A58566A30965F10CE59D9598D593983DC87D3F9A35E97F4F9B103CE8E"
Last-Modified: Mon, 26 Sep 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18586
Expires: Wed, 28 Sep 2022 03:38:08 GMT
Date: Tue, 27 Sep 2022 22:28:22 GMT
Connection: keep-alive
1337x.theproxy.best/js/comment.js
104.21.28.218200 OK 803 B URL HTTP/1.1 1337x.theproxy.best/js/comment.js
IP 104.21.28.218:0
File type HTML document, ASCII text, with very long lines (579), with CRLF line terminators
Hash 66817f7e9026f81da3ad9685a198dbcd
662bff47032912e582792e339cb54c7347196dbd
5e46b71539a300785f9cf7cc62095d213254eac30d66510bbcd4d83ece71f09c
Analyzer Verdict Alert fortinet Malware
GET /js/comment.js HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:22 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DvEledHNVBTBH7XjOhlaFYo7JvV3wsSl%2FzG2LjrjbxAmY3QDj3D8JbEKModtakQBp5R6Mck1Wx3bnuMjt%2FI08oGVkE3wiqlDDcXymoNx8RfRFrpOdUDSu6xs9H00YIPMXQ96qA0m"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac052a85b509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d6f2c43e659d39525512f4c54eb7ca53
2d7e5b943cdc8450caa8b5095e5da4dec9ff4f64
813d7d8a58566a30965f10ce59d9598d593983dc87d3f9a35e97f4f9b103ce8e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "813D7D8A58566A30965F10CE59D9598D593983DC87D3F9A35E97F4F9B103CE8E"
Last-Modified: Mon, 26 Sep 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18586
Expires: Wed, 28 Sep 2022 03:38:08 GMT
Date: Tue, 27 Sep 2022 22:28:22 GMT
Connection: keep-alive
1337x.theproxy.best/js/main9.d75f68f599f4db5a9ed621a398f35232.js
104.21.28.218200 OK 696 B URL HTTP/1.1 1337x.theproxy.best/js/main9.d75f68f599f4db5a9ed621a398f35232.js
IP 104.21.28.218:0
File type ASCII text, with CRLF line terminators
Hash 9284ea48b9cfcc3f2c2fbd0ddca049a6
5910acdb5df8ae454d33300a9f6a0b6909d5218e
04e5aca515103445c305555c4cb102c617be4adf0cfbfe1ce4be3d32372e0a4f
Analyzer Verdict Alert fortinet Malware
GET /js/main9.d75f68f599f4db5a9ed621a398f35232.js HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:22 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vIqnv0QTggx%2FduTEmBV%2BqYBIunsu20zvWGowtHGW2RcD65shQUuRn8togNeYKXzUgE9vQdnzt8si%2FY4%2BIorqfDaAAs5yWB%2FfKJvcWkWjS8cX5eiHUwbe%2BEjk%2FcyrfMQ6I%2BB4sNkX"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac057b77b512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/app/apx14.js
104.21.28.218200 OK 2.2 kB URL HTTP/1.1 1337x.theproxy.best/app/apx14.js
IP 104.21.28.218:0
File type ASCII text, with very long lines (7663), with no line terminators
Hash 5fd0d992c153321728eef72725f9e2f1
11af100c190b0c91d3126ca0c792aa6cd3954897
f39352e9834fda1868dab410b72a2850f516686f140843e9f0eef835be503330
Analyzer Verdict Alert fortinet Malware
GET /app/apx14.js HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 15 Sep 2020 18:26:19 GMT
ETag: W/"5f61074b-1def"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y9hXKPLy1P6xI1pZxojxRNvvSHUDn0R44VhSV%2Fpsbgqcn%2F4QJvPK%2FtI%2Fm9Cw0H7FMT1t%2FnJyNd5acQ0N%2BU8BeT4niKmuccwumm6bZ%2FpC7m9FHgj%2Bc1Bi87ulHJ8YkAWKSxQp5t3u"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac061babb509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
borrowdefeat.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 borrowdefeat.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37107), with no line terminators
Hash bf62580391d4c1786346ed9918cf43a4
729c850b3231bab41a2f31c6469d6d92c5e18228
5895121c2b1c0d0ac804955953068c8eac82d184f4ebb4f66d4942abdeca7fb5
Analyzer Verdict Alert quad9 Sinkholed
GET /a2/86/90/a286902791a7f4c98bcb1e812322cd78.js HTTP/1.1
Host: borrowdefeat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 27 Sep 2022 22:28:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 623fb12906a2a5ebd93c836935e9f9c7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
1337x.theproxy.best/app/apx19.js
104.21.28.218200 OK 2.6 kB URL HTTP/1.1 1337x.theproxy.best/app/apx19.js
IP 104.21.28.218:0
File type ASCII text, with very long lines (9183), with no line terminators
Hash 9ea8acd8d74e4f328d558b64219e02c5
156ce99860c738bee0a97dbe9c543a83f4fd5457
cc0dc5bf2c19d0830dd3962179d22ed40f200ecf8dc905a4e64bba0c1ccf9dff
Analyzer Verdict Alert fortinet Malware
GET /app/apx19.js HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 15 Sep 2020 18:46:59 GMT
ETag: W/"5f610c23-23df"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r5T8VOWApsOT4ZCsC2%2BXZCx47gKYysWw1CBHx1GIlsd1D2i6sHoFPp0A%2Bz4hgJ9OCRjFM7LAQx5GTKPQT2pvwORKmb6f5oDifReQV6idnSJgVLHa3U9cNMkturPOCjqyJqEeFiUD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac05bd9efab4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/hy.js?q22q2q2
104.21.28.218200 OK 18 kB URL HTTP/1.1 1337x.theproxy.best/hy.js?q22q2q2
IP 104.21.28.218:0
File type ASCII text, with very long lines (56131), with no line terminators
Hash f12634066d38736854588dc61b5ba109
623e90c430f1609e59e16407553e2d2ff8882d8e
7ca898a6218b8e61a9a999ffb0c76a9c60f86dfd4353b2496225e6473c72c0de
Analyzer Verdict Alert fortinet Malware
GET /hy.js?q22q2q2 HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 02 Mar 2021 05:53:48 GMT
ETag: W/"603dd2ec-db43"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OiV%2BFx%2Be3uoLLetVlQcg%2BNcvZWxNoA4Jfz4Pvn6wRuMXd%2BhpLCK6VZgL%2BcuqZPvHJ%2F0zR0wmtSu4fR9yevBR5%2Bw%2Fi897eJqAjWvLsQKdv4hO%2F4caXCV7bxgnuR3uuiFU7fB7S8NY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac05ea96b4fd-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/app/x12.js
104.21.28.218200 OK 3.0 kB URL HTTP/1.1 1337x.theproxy.best/app/x12.js
IP 104.21.28.218:0
File type ASCII text, with very long lines (11180), with no line terminators
Hash 7f0c811d15a31a93662cfa30df4ef5ea
3f5b8f499bc7f50d2315eadc7cf043d317b60b95
af3050874dc2886642989014b75a7b4734239520ee7d36ea06d4527e41d92beb
Analyzer Verdict Alert fortinet Malware
GET /app/x12.js HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 15 Sep 2020 18:26:18 GMT
ETag: W/"5f61074a-2bac"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ShMa5filn%2B4rvl8dcuo7x6CxUs0u107VmPX6G2fWrS7Ggz%2BbiqIV0W1uwwOKUEGl1jGeP5FNYcivAEHC4KeLlkpQ%2BpKNsy9syVff%2FQklPABQt5glXOJTRE331y%2BWkKVKzjO3W5s9"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac064c11b512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/zpp/zpp4.js?q22q2q2
104.21.28.218200 OK 14 kB URL HTTP/1.1 1337x.theproxy.best/zpp/zpp4.js?q22q2q2
IP 104.21.28.218:0
File type ASCII text, with very long lines (38995), with no line terminators
Hash 3c741ddc90399bc2910b2cdc0a826716
163182c6b04f146fbf6de424ead05c91e59e3c51
e6753c7588e28e17f44aa00cbe8c314de3f2bbcb8e892a439eed11dd989b1d84
Analyzer Verdict Alert fortinet Malware
GET /zpp/zpp4.js?q22q2q2 HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 02 Mar 2021 05:53:53 GMT
ETag: W/"603dd2f1-9853"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fhVr15SV0Hr9PU3w4lcvdfyrSseNN%2BdDahPlp1xa3X%2FB8RvO5JJ9yrnehMTBGNgwJasYT%2BrrCtIel90TVqdG3OU7zQSxQjp5BUP9O4wuDD%2FBQgQdUIoCmJKHOMjtlnFEWiPLzZFY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac060f621c0e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
reswsentativ.xyz/UDlHRWp/BiQ2VwZ/FnAOPWMsJztpfBICKCN9Egc8CgsOCzgGdGExAzQEfnFTYA93Yxo5XXp0TCNNJjEfIwR2YwM+Xyh4TCYEdmtZZBd1fURhHzJ4W3ZNNyQNbQhhNR4kVXp0XGYNdHRdZgB+cllh
104.21.94.209204 No Content 0 B URL HTTP/2 reswsentativ.xyz/UDlHRWp/BiQ2VwZ/FnAOPWMsJztpfBICKCN9Egc8CgsOCzgGdGExAzQEfnFTYA93Yxo5XXp0TCNNJjEfIwR2YwM+Xyh4TCYEdmtZZBd1fURhHzJ4W3ZNNyQNbQhhNR4kVXp0XGYNdHRdZgB+cllh
IP 104.21.94.209:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /UDlHRWp/BiQ2VwZ/FnAOPWMsJztpfBICKCN9Egc8CgsOCzgGdGExAzQEfnFTYA93Yxo5XXp0TCNNJjEfIwR2YwM+Xyh4TCYEdmtZZBd1fURhHzJ4W3ZNNyQNbQhhNR4kVXp0XGYNdHRdZgB+cllh HTTP/1.1
Host: reswsentativ.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 27 Sep 2022 22:28:22 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VGpDI9mYzm7rGSCtcwcbI6Adhj%2Fso8kFIsyqJOIh2X1zYGhGEZsToLF0z04Z7%2BjQjy5Vk27GSoscyBJlokZA118JrEJZhyFmk635E25fAuIAXzqfLE1aj3YdfFDPpGf%2BxE58"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7517ac064f911c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 22:28:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
reswsentativ.xyz/NDl4ZjIbBhsVD1BtFDRmc1E8JXViASAzUXVgFh5gYHgAAVRYSl4SW1AEQVILAA9OQEJdXUVXFEdNGRJHRwRJQFtaXxdbFEIESUgBABdKXhwFHw1bAxJNCAdVCQheFkZAVUVXBAINS1cFAgBBUQYB
104.21.94.209204 No Content 0 B URL HTTP/2 reswsentativ.xyz/NDl4ZjIbBhsVD1BtFDRmc1E8JXViASAzUXVgFh5gYHgAAVRYSl4SW1AEQVILAA9OQEJdXUVXFEdNGRJHRwRJQFtaXxdbFEIESUgBABdKXhwFHw1bAxJNCAdVCQheFkZAVUVXBAINS1cFAgBBUQYB
IP 104.21.94.209:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /NDl4ZjIbBhsVD1BtFDRmc1E8JXViASAzUXVgFh5gYHgAAVRYSl4SW1AEQVILAA9OQEJdXUVXFEdNGRJHRwRJQFtaXxdbFEIESUgBABdKXhwFHw1bAxJNCAdVCQheFkZAVUVXBAINS1cFAgBBUQYB HTTP/1.1
Host: reswsentativ.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 27 Sep 2022 22:28:22 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UhJ5aLj1JXZkfxsgkH0O8vtFu9yJr0eRIDg859ucm26MhrrxEic7tavwTrK0ZW0jPK%2BijDUHIaW4lZb46n8W3kXPKuqy0ZE6r881T%2BMP1hRZ2RVExiZ0R3T2I0wmX0BX%2BH9E"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7517ac064f9a1c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reswsentativ.xyz/NERkM2obewdAV1UuDFo5bAYCcDxufTVlWnYSLFsrbAVVYAxxI0JHA1B5XQVaAX1VFRpdIFkAWBI3EFIeQTdZAkxdKgJcVxIyWQNEDGpdHVsSMVkCTEA0BVRXBWIURx5YeVUFXAB3VQRcDX1TB1M
104.21.94.209204 No Content 0 B URL HTTP/2 reswsentativ.xyz/NERkM2obewdAV1UuDFo5bAYCcDxufTVlWnYSLFsrbAVVYAxxI0JHA1B5XQVaAX1VFRpdIFkAWBI3EFIeQTdZAkxdKgJcVxIyWQNEDGpdHVsSMVkCTEA0BVRXBWIURx5YeVUFXAB3VQRcDX1TB1M
IP 104.21.94.209:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /NERkM2obewdAV1UuDFo5bAYCcDxufTVlWnYSLFsrbAVVYAxxI0JHA1B5XQVaAX1VFRpdIFkAWBI3EFIeQTdZAkxdKgJcVxIyWQNEDGpdHVsSMVkCTEA0BVRXBWIURx5YeVUFXAB3VQRcDX1TB1M HTTP/1.1
Host: reswsentativ.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 27 Sep 2022 22:28:22 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QQm5sFvuAVJAi6A6LFYWH2zOkfAW3h%2F6ghPZ5oZ%2Bplt55uOC8xIpgs4vIY2%2FC1WAogjfAI2L%2BDBJI2g%2FNJbWCLVIsWl0lzmuJX9q3z580Bjz31qii2d0UyIniCo120VtJtvu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7517ac064f9c1c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reswsentativ.xyz/WEJnVlN3fQQlbjwUKQYJaxAmDz0sFjUDGSknMQwWCXA9c2EeFwwhdSwrA2tqbnJSb2J+Mg4ybmtwQSUnOTYSJW5qcldhdTEsATluamQRa2N2eklvfWlkEmtifjYXNzRlc0EmJywuWmdlbnZUZ2Rue15hZmk
104.21.94.209204 No Content 0 B URL HTTP/2 reswsentativ.xyz/WEJnVlN3fQQlbjwUKQYJaxAmDz0sFjUDGSknMQwWCXA9c2EeFwwhdSwrA2tqbnJSb2J+Mg4ybmtwQSUnOTYSJW5qcldhdTEsATluamQRa2N2eklvfWlkEmtifjYXNzRlc0EmJywuWmdlbnZUZ2Rue15hZmk
IP 104.21.94.209:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WEJnVlN3fQQlbjwUKQYJaxAmDz0sFjUDGSknMQwWCXA9c2EeFwwhdSwrA2tqbnJSb2J+Mg4ybmtwQSUnOTYSJW5qcldhdTEsATluamQRa2N2eklvfWlkEmtifjYXNzRlc0EmJywuWmdlbnZUZ2Rue15hZmk HTTP/1.1
Host: reswsentativ.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 27 Sep 2022 22:28:22 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FVRssaomyCA70SoJHdWjQ0CjHBulrkBhIE5sBVCBv08CCb2Dczl0W0%2B56rPWjyOm6kxB2W1NLqY3IOlGINwMEJfdvQs8V%2FnmuVcnXlBCDJ9puHsO%2FHWjTZHQEV6Ccb6r%2FOJg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7517ac065f9f1c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reswsentativ.xyz/clhVT2FdZzY8XCciAz07GRY4DjdDADEiODUAOStSKz9kKzQcCXM7CBZlbHtYRm5gaREbPGh+WVQrIS4VBytofkcbNjMgXFQuaH5PQnZkYVJULWh+RwYoNChcQ34lOxUeZWR5V0ZrZHhXS2FifFk
104.21.94.209204 No Content 0 B URL HTTP/2 reswsentativ.xyz/clhVT2FdZzY8XCciAz07GRY4DjdDADEiODUAOStSKz9kKzQcCXM7CBZlbHtYRm5gaREbPGh+WVQrIS4VBytofkcbNjMgXFQuaH5PQnZkYVJULWh+RwYoNChcQ34lOxUeZWR5V0ZrZHhXS2FifFk
IP 104.21.94.209:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /clhVT2FdZzY8XCciAz07GRY4DjdDADEiODUAOStSKz9kKzQcCXM7CBZlbHtYRm5gaREbPGh+WVQrIS4VBytofkcbNjMgXFQuaH5PQnZkYVJULWh+RwYoNChcQ34lOxUeZWR5V0ZrZHhXS2FifFk HTTP/1.1
Host: reswsentativ.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 27 Sep 2022 22:28:22 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P8oycZWEcaouATD3qEnj75TRbJaUUddtKUI6x%2FLja6%2F6cgu0RbYcPWqw8Yo9D3BzNwfwellpdGSTKYTw948auRG7k%2BykkacMt16%2FsNwRAL65286gD5mwXqlNF48u38leqQx%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7517ac065fa41c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 528854
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d6f2c43e659d39525512f4c54eb7ca53
2d7e5b943cdc8450caa8b5095e5da4dec9ff4f64
813d7d8a58566a30965f10ce59d9598d593983dc87d3f9a35e97f4f9b103ce8e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "813D7D8A58566A30965F10CE59D9598D593983DC87D3F9A35E97F4F9B103CE8E"
Last-Modified: Mon, 26 Sep 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18586
Expires: Wed, 28 Sep 2022 03:38:08 GMT
Date: Tue, 27 Sep 2022 22:28:22 GMT
Connection: keep-alive
push.services.mozilla.com/
54.148.17.90101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.17.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jxxBnt6h3IItQMh4liF4Xg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: WwOeBPsIsMzvO7Jdkb1N5iMxPXQ=
reswsentativ.xyz/aG1oSFpHUgs7ZzwBAAANLSNfKQImHgsmNgAOPyQgDSpZezgwHk48MwxQUX5qXVRZbioBCVV7aE4eHCkuHR5VempYWk4hNA4CVXp8HlBYZmJGVEZ5fB1QWW4uGAwPdWtOHRw8NlVcXn5uW1xffmNRVFh4
104.21.94.209204 No Content 0 B URL HTTP/2 reswsentativ.xyz/aG1oSFpHUgs7ZzwBAAANLSNfKQImHgsmNgAOPyQgDSpZezgwHk48MwxQUX5qXVRZbioBCVV7aE4eHCkuHR5VempYWk4hNA4CVXp8HlBYZmJGVEZ5fB1QWW4uGAwPdWtOHRw8NlVcXn5uW1xffmNRVFh4
IP 104.21.94.209:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /aG1oSFpHUgs7ZzwBAAANLSNfKQImHgsmNgAOPyQgDSpZezgwHk48MwxQUX5qXVRZbioBCVV7aE4eHCkuHR5VempYWk4hNA4CVXp8HlBYZmJGVEZ5fB1QWW4uGAwPdWtOHRw8NlVcXn5uW1xffmNRVFh4 HTTP/1.1
Host: reswsentativ.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
date: Tue, 27 Sep 2022 22:28:22 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9pI9ZuNOQuNqOgWyehmr5VTGpLK3N0OPVzQOJ0ON6aVnR7XJrPWbdE1KJQ4lOb747k9CY5kNkZ9yLEvLgdzueJR7OjFimjboB%2F0gteiKc6MqDubjGqnicRjAwJh1lZ%2BVYoPQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7517ac06bfdd1c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 22:28:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1337x.theproxy.best/css/webfonts/opensans-bold.woff
104.21.28.218200 OK 22 kB URL HTTP/1.1 1337x.theproxy.best/css/webfonts/opensans-bold.woff
IP 104.21.28.218:0
File type Web Open Font Format, TrueType, length 22432, version 1.0\012- data
Hash 2e90d5152ce92858b62ba053c7b9d2cb
8cf65f42a2a8c349ccd6ab63b6cbd17c96fd665c
a0357cb694b5284870c77c0dbcaf33f238004800419288afde313317b0dbd0b7
Analyzer Verdict Alert fortinet Malware
GET /css/webfonts/opensans-bold.woff HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://1337x.theproxy.best/css/style10.2022-09-27-14.css
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:22 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WU1tyjyqpJLrBHTKjC%2Bnz72x2JvffjsT%2F4Et6W3jg3M%2BiXJWBK6N5b8XMxAFXtHwbzZwC3WKz57dvR%2BFDWa0BVh2zPElnL4oN7GTC%2BwOxCYdIv1My%2FGOt9t%2Bdn8cNn5bBlbvIpUR"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac06dc71b512-OSL
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/css/webfonts/oswald-regular.woff
104.21.28.218200 OK 25 kB URL HTTP/1.1 1337x.theproxy.best/css/webfonts/oswald-regular.woff
IP 104.21.28.218:0
File type Web Open Font Format, TrueType, length 25248, version 1.0\012- data
Hash 77f9ec053e5256b45207e37effb5a1b1
b881bffa5a7dd80494d621ec6f72c3f5545448f3
c5bccac5053a0089da4fb1a1693579ed4893a75b8fdc1c4f43a9151a2a9fb754
Analyzer Verdict Alert fortinet Malware
GET /css/webfonts/oswald-regular.woff HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://1337x.theproxy.best/css/style10.2022-09-27-14.css
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:22 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2Bwnl35WSWj%2FzOL%2BulOR9GMznq86vvAL6eXPPwsw0c%2FIdJDxBJ4zUpgcptPh%2BPFkYMO1cyZXSkhVkUFjmBbqOVB%2FNBVl%2BjeYRmRG4L6LgKY9YatAYimRh8Mv%2B7Fdbeuiv7m0ziyj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac069debfab4-OSL
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/css/webfonts/Flaticon.woff
104.21.28.218200 OK 27 kB URL HTTP/1.1 1337x.theproxy.best/css/webfonts/Flaticon.woff
IP 104.21.28.218:0
File type Web Open Font Format, TrueType, length 27404, version 0.0\012- data
Hash 1dbab8d47aa2e11c55216ab3286d6f69
c7a7f3ddf37063ac02273eb4fe7ebc98e9cf97bf
ef35a8d776774a5fba83f188738af52b85e278c4bf7c5695700161febdc36b05
Analyzer Verdict Alert fortinet Malware
GET /css/webfonts/Flaticon.woff HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://1337x.theproxy.best/css/icons.css
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:22 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2FkmgzLj9ThP6V%2FQ22GY%2FlSQzTw8ggrkVraI%2FtBdax1LDxEQ1mfTfPSKyP7OTDWzMQKJJOwGKhaqd5Tzs4FskdDJLFvPk7TrAr6FpWisSu5YXKyfw%2FUayVVxwb7MvhD%2BGdu9T5zT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac06cb5fb4fd-OSL
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/css/webfonts/oswald-bold.woff
104.21.28.218200 OK 22 kB URL HTTP/1.1 1337x.theproxy.best/css/webfonts/oswald-bold.woff
IP 104.21.28.218:0
File type Web Open Font Format, TrueType, length 22548, version 1.0\012- data
Hash 5737d9a70b478e869c68cd1dc1b67cbc
f8095e94a0765bf23b164e9c06cf5112b3d50f3c
a9ef49b82729c7b1961f04aa67ea4a305cf7d0e8391981a8164997001c5918e9
Analyzer Verdict Alert fortinet Malware
GET /css/webfonts/oswald-bold.woff HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://1337x.theproxy.best/css/style10.2022-09-27-14.css
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:22 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kf2gJHDqdP8Yr5W3yTBpGgsQWpjAM25C%2FQxUfuNx%2B2axh2%2Biqs5qnGVaR11no%2F38aNFCGNkFNFHzXAvmYovc4HSTsXztm5pHrmCP4Y6FW8amFZRz4PXLq5JWmwCJsk45EfJ8RMNR"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac06e8021c0e-OSL
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/css/webfonts/opensans-regular.woff
104.21.28.218200 OK 23 kB URL HTTP/1.1 1337x.theproxy.best/css/webfonts/opensans-regular.woff
IP 104.21.28.218:0
File type Web Open Font Format, TrueType, length 22660, version 1.0\012- data
Hash 79515ad0788973c533405f7012dfeccd
5092881fad2caffdc6bf71bdab1ea547b73d3564
22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40
Analyzer Verdict Alert fortinet Malware
GET /css/webfonts/opensans-regular.woff HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://1337x.theproxy.best/css/style10.2022-09-27-14.css
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:22 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LSs2qP4dOPVE6vIMFwVeGpLumT401IkTqn4g3l2l6XaWmUlDVA%2FXO%2BnBIgpTHAJNL%2FpVkWPGfe4g6vPDSQvV8XXDvzdI6DAvLD0PLjPltEBwf%2Bkv8L%2Byc%2Fd51KAsCvNHDfidbpXl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac067be8b509-OSL
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/js/jquery-ui.js
104.21.28.218200 OK 85 kB URL HTTP/1.1 1337x.theproxy.best/js/jquery-ui.js
IP 104.21.28.218:0
File type ASCII text, with very long lines (4566)
Hash cfffc4c4d0fbfed91a46cbdd4ac33773
38f5dfdac017c03c8e62e28d2b3ef9c01df9e1e4
78f48c49e0469bde503f0326106b52488c9850d92e31a111fdaeda385bc2d59d
Analyzer Verdict Alert fortinet Malware
GET /js/jquery-ui.js HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Mon, 26 Sep 2022 17:06:08 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WBNCNhR2S4vdV2CYzjVQvFHTqw29W75KCbzKLy3zQB1mZ5eNXaizxpzdoV68V59OBs%2BUidc0xD%2FCD3q%2FtCOTmnvF30XZP4RDUEzLY4ZMrWRvkjoMudeMM1jicwbuQLHHC9KgHgd%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac0319e4b51d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/css/images/body-bg.jpg
104.21.28.218200 OK 2.5 kB URL HTTP/1.1 1337x.theproxy.best/css/images/body-bg.jpg
IP 104.21.28.218:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 100x100, components 3\012- data
Hash 57176455b267a90c419d442f311cab4a
8ce7305a8e73bf2cea887b1b011c349e41b426d3
44411fdbd6a244c923866126c233c854cae07718591506d315a86e34e159f20b
GET /css/images/body-bg.jpg HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/css/style10.2022-09-27-14.css
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Mon, 26 Sep 2022 17:06:10 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JiAJ42%2BrVVAbVqbXjRsUbHGTACJEHUc7C4NMF6T4CQ2%2Bc8iDClHRrmd0OtwKt9j2YKNbZqOAE%2BoPT6%2FUIOEAkd79FFUkRpTWXj%2FiouIrEmV5n%2BeigdQl7VP6qRpo4yEfGY2mfCHl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac078e53fab4-OSL
alt-svc: h2=":443"; ma=60
matomo.hellohi.me/matomo.js
104.21.94.42301 Moved Permanently 169 B URL HTTP/1.1 matomo.hellohi.me/matomo.js
IP 104.21.94.42:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f3099a531821c476589c3d2d00d53772
8e539d05a8355d6835a56f94b75f405c6e55f6f3
a5287e1cf9fe9dc106bd2172a5b175c7833427866b7819872b1b6fa34b66daef
GET /matomo.js HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 301 Moved Permanently
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://matomo.hellohi.me/matomo.js
Referrer-Policy: origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 827
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNA81an4jYjae9gHCmhw%2BMw2L6YlD7Q4TYai7OI0ISaUF4nszxMoHBu7nf51TMwGZlOLOq%2FKmhQwR3XZMd7NVIGb6nTd1%2FU%2Fv3pi0uivC%2FqUMSWV5pnwPZHuFQ0UHqKJWv1Xmg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac08da67b518-OSL
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/css/images/sep.png
104.21.28.218200 OK 979 B URL HTTP/1.1 1337x.theproxy.best/css/images/sep.png
IP 104.21.28.218:0
File type PNG image data, 4 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash f5ad1e8afade5211d93125e993a936ba
cfda5224a37a1c391afc574ac33e7e9bde1e98ed
fde5dfff31f2e819031fe7cf8a2729fe1c81ab96576167b5f4cebb3ca4c160d5
GET /css/images/sep.png HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/css/style10.2022-09-27-14.css
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:22 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DdMa43lqarDK3cuTnYr3eSVGSlUbADoZKTYMqrmUNHp0MaHEKHy0Io6edCa41sTrPcN9Imo1w5pejNwkJs817LtGAkiUVHV6ZdbMpDJSNwIy1OaAS97gZC%2FXzfmz5IsgPDdowjC7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac07ac8fb509-OSL
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/css/images/nav-bg.png
104.21.28.218200 OK 616 B URL HTTP/1.1 1337x.theproxy.best/css/images/nav-bg.png
IP 104.21.28.218:0
File type PNG image data, 224 x 38, 8-bit/color RGBA, non-interlaced\012- data
Hash ad83550eff315bb6a02e2cfd2cfde3ad
055c467e7c93ee76a9653e8b898f6823197dae8e
3794019a41c0284bee7a232dc11d922b847c614bc439cdac17de2c0175199752
GET /css/images/nav-bg.png HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/css/style10.2022-09-27-14.css
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Mon, 26 Sep 2022 17:06:13 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UZDOU%2F49GrwN3ouw9QsGxaoimBQdw8AgLXzf4f7%2FyCbZyIH41F3w0JLEybYna28G%2BxGs6imuGbLsPcl5awQdjgBFK9xup9SO1mayxV0dn5NnGDDz1shb9JGt4ZxsrMo2OmtOqSIP"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac0798711c0e-OSL
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/css/webfonts/oswald-light.woff
104.21.28.218200 OK 23 kB URL HTTP/1.1 1337x.theproxy.best/css/webfonts/oswald-light.woff
IP 104.21.28.218:0
File type Web Open Font Format, TrueType, length 22568, version 1.0\012- data
Hash a4d5b8f448ec86ddb2e57a2912a3fcd6
579df89a925a4e5e46d63fe5ad84492a810ed3be
dc1e478c0ada70ebba3817df17ad49d0b288351d777cf6582dba4a5390be73e3
Analyzer Verdict Alert fortinet Malware
GET /css/webfonts/oswald-light.woff HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://1337x.theproxy.best/css/style10.2022-09-27-14.css
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:22 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2mn92dD%2BODv30%2B%2B0UT9PboC1lNa5PVcAclkL201D6kB5lovrleXn1nm99F7o8Vo5fA6bwowtNN9mliNSHOSWHdczl%2Fw3%2BHPh3Cow7xRZJzS70jqAKIwbWp9j9QCWpjTf4JpWzNf6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac078d0bb512-OSL
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/css/images/main-bg.png
104.21.28.218200 OK 130 kB URL HTTP/1.1 1337x.theproxy.best/css/images/main-bg.png
IP 104.21.28.218:0
File type PNG image data, 935 x 788, 8-bit/color RGBA, non-interlaced\012- data
Size 130 kB (129988 bytes)
Hash 8fc059a7e1758ad0c0e17be4b0575b93
df3d910563829c3b2e6fb0767038f75af4d4fcbd
6be2d61547095ffeb30a1fd03fd7d6aba9009edc719144812c5610bd2e27fb97
GET /css/images/main-bg.png HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/css/style10.2022-09-27-14.css
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Mon, 26 Sep 2022 17:06:10 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K2pdmtQ1c%2BCiEMP99GsPWQQD0YGsNmFE7H1xdO0jCTrj03t1K%2BqxcxItfoSapiG96At5uXVOIOFI3aH3KBnGkUdJZ1PN4nSNpfNDwh6BlYAFQ7qh5TdAg1%2BPHkIWKsmpTTNLdhlW"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac078c08b4fd-OSL
alt-svc: h2=":443"; ma=60
glimtors.net/ntfc.php?p=2651991
139.45.197.251304 Not Modified 0 B URL HTTP/1.1 glimtors.net/ntfc.php?p=2651991
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /ntfc.php?p=2651991 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
If-Modified-Since: Tue, 27 Sep 2022 13:19:37 GMT
If-None-Match: W/"6332f869-38a8"
HTTP/1.1 304 Not Modified
Server: nginx
Date: Tue, 27 Sep 2022 22:28:22 GMT
Last-Modified: Tue, 27 Sep 2022 13:19:37 GMT
Connection: keep-alive
ETag: "6332f869-38a8"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
1337x.theproxy.best/css/images/nav-hover.jpg
104.21.28.218200 OK 1.2 kB URL HTTP/1.1 1337x.theproxy.best/css/images/nav-hover.jpg
IP 104.21.28.218:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 20x20, components 3\012- data
Hash 248a62fead4580264aee0ab8fdbf5d1b
46be6ecdbf1f20fbc3d007d70b69383857a8a2b7
48c3b716c25fb706acee3f768b06eec4722ca83174ae484b031b8447d126f8de
GET /css/images/nav-hover.jpg HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/css/style10.2022-09-27-14.css
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Mon, 26 Sep 2022 17:06:13 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aT0vMstQaQ5YuU2s5lsLVb%2Br8Fi1YyvRBCLr1UB84BcFZa5lu%2FmGIJQlCwWbqhSUlCOpRKjX0780YWJN2BamG4gi6Pl9JBA6B5WqJFsbKZSdomOJgYcFE1QZ8Zzh8dZBy9FTo3%2BO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac083d97b51d-OSL
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/css/images/tabs-nav-bg.jpg
104.21.28.218200 OK 946 B URL HTTP/1.1 1337x.theproxy.best/css/images/tabs-nav-bg.jpg
IP 104.21.28.218:0
File type PNG image data, 10 x 46, 8-bit/color RGB, non-interlaced\012- data
Hash 74484aff30458cf3eef0104c2b48d070
7cf67e90bafd3519f360d4640c2ee0e029b500f8
879de89af5f1ff7a9174f0fc861a5d1bbd509584ea760b9c5c3168c97a10feb8
GET /css/images/tabs-nav-bg.jpg HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/css/style10.2022-09-27-14.css
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:22 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vUcjaN7rUa9o%2BCb5e0q1WVdDJM%2FQ87n66RIN6zvpIhJQW3gVVbLQtY6kv7tT9Si4K4qXGwuwSsuad8aPMrRnlPLK9XDJ%2B91V3FEoNcluihTMjXBdOs63%2FD8lCqD%2Fh1%2BhEGdnu5LG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac0919371c0e-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a66a43cce4ff043aa4b440a15e2736a0
f6ee756428e77e770a30f7770d90a1c8af5d6a9b
4a34e79291d9c7008a7cf60ceb5376598fb8773f5c4c882edb06a7fbc9d67bb5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6256
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 22:28:22 GMT
Last-Modified: Tue, 27 Sep 2022 20:44:06 GMT
Server: ECS (amb/6B89)
X-Cache: HIT
Content-Length: 279
1337x.theproxy.best/images/profile-load.svg
104.21.28.218200 OK 413 B URL HTTP/1.1 1337x.theproxy.best/images/profile-load.svg
IP 104.21.28.218:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1999), with no line terminators
Hash 80ca6e02640f946fec020eda0a0bbdf8
b899cc4e84c599f206ee3d846ed48d427fec88e7
81000e1cbff3e6628888f4e681b7adae303d94de6a6203f9807bc531a3a15a32
Analyzer Verdict Alert fortinet Malware
GET /images/profile-load.svg HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:22 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qC40UTLz4dhj%2B4be%2F6zMWNen7862gBrhabYIqNeP%2FOE9ysopTz9th73oaFOJNEMIocitNXsb5yFgweD3oUKukZChL7HpNd354b2FNEqiREZIqBm%2FwYLq2a3pLNHIn9ZYJsNBs8Ul"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac092e3cb512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
rndskittytor.com/400/4837723
139.45.197.238200 OK 30 kB URL HTTP/1.1 rndskittytor.com/400/4837723
IP 139.45.197.238:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash e078b3d2c596dd31fe12196c548753e4
97691ad3f5b6eb56b311a0adcb98f778dc904bda
cc9b13046a0843cd452a55408a736840370b19872af0d40112a2028e22ee54d0
Analyzer Verdict Alert quad9 Sinkholed
GET /400/4837723 HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 4c1b320d993149542b203ae90598f4e3
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=b8855658b4cf4cd9aede863312396c84; expires=Wed, 27 Sep 2023 22:28:22 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
1337x.theproxy.best/helper-js/
104.21.28.218200 OK 1.0 kB URL HTTP/1.1 1337x.theproxy.best/helper-js/
IP 104.21.28.218:0
File type ASCII text, with very long lines (2612), with CRLF line terminators
Hash 7f47b89ff0d9e1295b5e6973db5a3b38
bf81f4c905f8f25a89e0b5f41a4f30f36523cfb0
88b18dd3e9a9c1502ae8a37e29b633e2ff30de7cf96536fd1f337e6d49720c0f
Analyzer Verdict Alert fortinet Malware
GET /helper-js/ HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: s-maxage=0, max-age=0 no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=42jx9gTzoAIq94ib5PS8wyOGgfJ%2BbAZTudvWi%2FjtEwi2EUQ0kVnLjF2fvkFDDSlD6paKY45%2FAXLFi20mBziLU6V7g3mQE5KR%2BWw8Vm9bI379RvIrfHnE1lA4r5zviLRmw6UUMWvZ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7517ac0a2efab51d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
1337x.theproxy.best/images/logo.svg
104.21.28.218200 OK 2.0 kB URL HTTP/1.1 1337x.theproxy.best/images/logo.svg
IP 104.21.28.218:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash cceb9991e6922ddd1631beaa3b5f098e
8d89b4e0e3b4d417102de7a0f2059ec99ad880ee
ecd7393c2d9605ddab449ed27418beba329535157a13b5c4585b78596fb0313d
Analyzer Verdict Alert fortinet Malware
GET /images/logo.svg HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:22 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uoekvHSLpzc9lBYSCvFHFm0Ox4MAq2mJu3ovngpa4WgHWhTACs%2FZ%2Bx9H4K7T0hVvIdEX9s%2FbhKSjfHC%2Bm8AB6C3kCEfRTWdLROAh9in4LMqdXKU%2BvAVI4MISy6AfGVHCk62B3lbG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac098db5b4fd-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
creepingbrings.com/sfp.js
172.64.198.30200 OK 28 kB URL HTTP/1.1 creepingbrings.com/sfp.js
IP 172.64.198.30:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: ba093f9d502d9fa34990f69a3e99ccab
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Tue, 27 Sep 2022 22:28:22 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ggwqXcOAP7djZUPka%2FJ7D7xdHHv0KjbwiKUs8TKN1vj0pOwj9FNb4JNabN%2Fz5DZPDBQVnWHYfvJjaECE%2FQUTquLNwrGG2oOm%2FT59oe5lE42droGwXwSQkK%2B7dmeEajiBxMIT9P8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac0a1bc2405d-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a66a43cce4ff043aa4b440a15e2736a0
f6ee756428e77e770a30f7770d90a1c8af5d6a9b
4a34e79291d9c7008a7cf60ceb5376598fb8773f5c4c882edb06a7fbc9d67bb5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6256
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 22:28:22 GMT
Last-Modified: Tue, 27 Sep 2022 20:44:06 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash b3d6b07e3998c6d4341acb2b263e609e
12e3561297d635de3fbd5212e2ae66a6e91ac673
534a36edebee87dbf492d6b5895e47385e65849b261348ab3623a8e17dc323cc
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 22:28:22 GMT
Last-Modified: Tue, 27 Sep 2022 21:24:03 GMT
Server: ECS (nyb/1D24)
X-Cache: Miss from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: kQ1ugiyyvjoZcqHmPSGkjJTGPR8jgarlZ4IPFP8sD4mJiffhdifBuQ==
Age: 3859
simplewebanalysis.com/stats
3.66.118.16200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.66.118.16:0
File type ASCII text, with no line terminators
Hash a363924262ccdf01c76c9b2fb9f89cfb
cf42bd27516375b567c2eed9039b8061ea6a5d0c
762b0eb07db628221cafc296e829ca3c214f3397f8589bf7f2fc098428505b39
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 22:28:22 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-credentials: true
set-cookie: uid_id2=97a88c90-7868-4e5c-a67d-0fadde2921cf:3:1; expires=Fri, 24 Sep 2032 22:28:22 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
benumelan.com/5/2632704
139.45.197.239200 OK 23 kB IP 139.45.197.239:0
File type ASCII text, with very long lines (62332), with no line terminators
Hash 3b5be43ff12b439953262c96c58dc063
0364f41376bc213393e024bf4fc45106f9419cf5
afb32353bd927586635d70aae327feba0eef4255eec3fe8b4608fcc80c7844b8
Analyzer Verdict Alert quad9 Sinkholed
GET /5/2632704 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 22:28:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 67fb28ab48994b7d4c62a817c84f05d8
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=1b876655efcd4244aa1e113e02056d7c; expires=Wed, 27 Sep 2023 22:28:22 GMT; path=/
oaidts=1664317702; expires=Wed, 27 Sep 2023 22:28:22 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
ecma.sidebyz.com/j/m/w2.js.php
172.67.167.53200 OK 24 kB URL HTTP/2 ecma.sidebyz.com/j/m/w2.js.php
IP 172.67.167.53:0
File type HTML document, ASCII text, with very long lines (492)
Hash 8aaea7f1ab2fb18417bacc0f6372c982
d427b7b84dc91cb04e7d1bb7ec5683c200b67e62
c572ef03221597124be08d897bed5ca591dcffb2914763113316c88263167571
GET /j/m/w2.js.php HTTP/1.1
Host: ecma.sidebyz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 22:28:22 GMT
content-type: application/javascript; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y4IT2RxEwG3%2FbRokA%2BSj0Qmvrs9q8kI1t%2FzQ8Av1NiL%2BgLmBwXbAONT3J9tfMCn1gMPPm5SuIZw59AgqXOdFsdlRwjZMM26hUXgz%2FXWfUOESfYN5CyUupYmHWDlY4M%2BMu7Wh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7517ac0a4e4eb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
benumelan.com/42/38?z=3372123
139.45.197.239200 OK 0 B URL HTTP/2 benumelan.com/42/38?z=3372123
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /42/38?z=3372123 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Cookie: scm=1; OAID=1fad92768ac24dcd8ad4cf8d74383c69; oaidts=1664317701
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:22 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: d79f9501769a5c387e9e696cddeffb82
access-control-expose-headers: X-Sc
set-cookie: OAID=1fad92768ac24dcd8ad4cf8d74383c69; expires=Wed, 27 Sep 2023 22:28:22 GMT; secure; SameSite=None
oaidts=1664317701; expires=Wed, 27 Sep 2023 22:28:22 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
1337x.theproxy.best/css/images/black-gradient-bg.jpg
104.21.28.218200 OK 1.2 kB URL HTTP/1.1 1337x.theproxy.best/css/images/black-gradient-bg.jpg
IP 104.21.28.218:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 10x163, components 3\012- data
Hash cb17ba9d17b5dc975e48c45b4e257d65
1708d0bf5fd0bf4c5f4ca9f3ec54b9e56c2e8b1f
320b0fb44f87a3c51be6bbf2ea264f231667131016616d32918d31b31bb45a6f
GET /css/images/black-gradient-bg.jpg HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/css/style10.2022-09-27-14.css
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:23 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:23 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xrMhZvsYl5Dg9XnWhfr5emwE4WWmHElWgpadA0BrJZSn4wugV3vgqdxidj1HFPswZ%2FYeQ1naWr0pJW1yC%2BSypobEOZmFC3Nqo6nUffDmcCqJUUpki6TXDrhV82cMX6JJq7xs7VkH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac08aeaefab4-OSL
alt-svc: h2=":443"; ma=60
benumelan.com/27/b7bd02994a2771796f8a835cfb750d4b
139.45.197.239200 OK 145 kB URL HTTP/2 benumelan.com/27/b7bd02994a2771796f8a835cfb750d4b
IP 139.45.197.239:0
File type ASCII text, with very long lines (65523)
Size 145 kB (145077 bytes)
Hash 87a84d3dda688be5f61bf169a48c4e5b
b213b88effd646fb68403079d5970fc817a62be6
1b18356c12cbc59a068262de98560df84863e41b98b2f52c1143d12472ba9b33
Analyzer Verdict Alert quad9 Sinkholed
GET /27/b7bd02994a2771796f8a835cfb750d4b HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Cookie: scm=1; OAID=1fad92768ac24dcd8ad4cf8d74383c69; oaidts=1664317701
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:22 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Thu, 22 Sep 2022 08:42:06 GMT
expires: Thu, 22 Oct 2082 08:42:06 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
1337x.theproxy.best/css/images/notfication-bg.png
104.21.28.218200 OK 121 B URL HTTP/1.1 1337x.theproxy.best/css/images/notfication-bg.png
IP 104.21.28.218:0
File type PNG image data, 4 x 4, 8-bit/color RGBA, non-interlaced\012- data
Hash 831c43c31346a124b70b6475490313f7
6bf7b325c7e207f9da08188af23723195ee5d3a3
19af91163505935886535f7b68b1528f99eb97d003fc03972e140da02c11d242
GET /css/images/notfication-bg.png HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/css/style10.2022-09-27-14.css
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:23 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:23 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2U%2BAtSbKD0Hn%2FhMfiP%2FC0bNCGivfrfQYcoVK6A4wBKR4msysusz1p%2B3NVOR2VsC6zNbNquCJ2yHMnLAn8Um2cAkuGOu%2F4uTyjxwp3NlyPyBvF3yaUSngROCMGeJ1Zywo3LgGb9Nn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac090d60b509-OSL
alt-svc: h2=":443"; ma=60
dozubatan.com/400/4495524
139.45.197.237200 OK 30 kB URL HTTP/1.1 dozubatan.com/400/4495524
IP 139.45.197.237:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash df8ef9797e4f021bbf4a22c6960d45f9
c4190edc0ea69720dbd93420197b0f670a27f768
d859438a9a45696d6a11b45cf3468b6c216737d86a36b7326b7da07dfe68bffa
GET /400/4495524 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 22:28:23 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: edfa6c2606a69b03789bb73ce7967e17
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=f42e6470f7c44d48a02e2769e9b0b96b; expires=Wed, 27 Sep 2023 22:28:23 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
glimtors.net/pfe/current/universal.min.js?v=3.1.396
139.45.197.251304 Not Modified 0 B URL HTTP/2 glimtors.net/pfe/current/universal.min.js?v=3.1.396
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pfe/current/universal.min.js?v=3.1.396 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1337x.theproxy.best/
Origin: http://1337x.theproxy.best
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 27 Sep 2022 13:19:37 GMT
If-None-Match: W/"6332f869-1fafa"
TE: trailers
HTTP/2 304 Not Modified
server: nginx
date: Tue, 27 Sep 2022 22:28:23 GMT
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: "6332f869-1fafa"
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 0869109d63ef5270595fb34384023a90
f2ec69fdaca2a0327cd3599ac05d0051df3dee41
c4a67afda7094519228049f837e2e0c1674148bd2e564ae2dccc3458bbdb9ed4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 06:25:19 GMT
Expires: Mon, 03 Oct 2022 06:25:18 GMT
Etag: "f2ec69fdaca2a0327cd3599ac05d0051df3dee41"
Cache-Control: max-age=460014,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7517ac0cecba0b55-OSL
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1dad09ab7301550773ca75f3c2a09f65
ee5b96672d6d2e14a1dae01fd3de090919e7ab0f
a11c80ea60e52711b0e35aef25066d4f01bee5bad6ca51f424ad2d1f91e8b839
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5801
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 22:28:23 GMT
Last-Modified: Tue, 27 Sep 2022 20:51:42 GMT
Server: ECS (amb/6B89)
X-Cache: HIT
Content-Length: 279
my.rtmark.net/gid.js?userId=5b260b75c93c426ca1fa085d4a6d6aca
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=5b260b75c93c426ca1fa085d4a6d6aca
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash e7a149ce5dffa7cd9a7df6d0349c3e70
7be8224ef87a8dfdcc2108623b4aaafae28f4c63
0d44e08e18f7a6099321e40f22d4b5918905c2fc32f5ab9ff9aec6486cc4dacc
GET /gid.js?userId=5b260b75c93c426ca1fa085d4a6d6aca HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=5b260b75c93c426ca1fa085d4a6d6aca; expires=Wed, 27 Sep 2023 22:28:23 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1dad09ab7301550773ca75f3c2a09f65
ee5b96672d6d2e14a1dae01fd3de090919e7ab0f
a11c80ea60e52711b0e35aef25066d4f01bee5bad6ca51f424ad2d1f91e8b839
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5801
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 22:28:23 GMT
Last-Modified: Tue, 27 Sep 2022 20:51:42 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
dozubatan.com/400/4495524
139.45.197.237200 OK 30 kB URL HTTP/1.1 dozubatan.com/400/4495524
IP 139.45.197.237:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash df8ef9797e4f021bbf4a22c6960d45f9
c4190edc0ea69720dbd93420197b0f670a27f768
d859438a9a45696d6a11b45cf3468b6c216737d86a36b7326b7da07dfe68bffa
GET /400/4495524 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 22:28:23 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 5e56ae1ab752ea11f7fe081d0d0d12f6
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=ac14e2532505427d892577ffdc527338; expires=Wed, 27 Sep 2023 22:28:23 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
dozubatan.com/400/4495524
139.45.197.237200 OK 30 kB URL HTTP/1.1 dozubatan.com/400/4495524
IP 139.45.197.237:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash df8ef9797e4f021bbf4a22c6960d45f9
c4190edc0ea69720dbd93420197b0f670a27f768
d859438a9a45696d6a11b45cf3468b6c216737d86a36b7326b7da07dfe68bffa
GET /400/4495524 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 22:28:23 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 90428feb6557e0f08d36df0a14e08046
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=bfed050e6188490eb4bc42f519a0b0e0; expires=Wed, 27 Sep 2023 22:28:23 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18380
Expires: Wed, 28 Sep 2022 03:34:43 GMT
Date: Tue, 27 Sep 2022 22:28:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18380
Expires: Wed, 28 Sep 2022 03:34:43 GMT
Date: Tue, 27 Sep 2022 22:28:23 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash f64200d008a3670048876ed9a4915ae8
02745fc47df86f86aeb0f8c25bbd67cff0bdbab7
cf758ae548390747028b3e68c89a557fec9286168cdf5f16bf56cae2203d7a6f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:23 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 15:02:18 GMT
Expires: Mon, 03 Oct 2022 15:02:17 GMT
Etag: "02745fc47df86f86aeb0f8c25bbd67cff0bdbab7"
Cache-Control: max-age=491033,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7517ac0d6d0e0b55-OSL
tzegilo.com/stattag.js
104.21.84.149200 OK 19 kB IP 104.21.84.149:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (32771), with no line terminators
Hash 729f376c59d0822c230e6513dd79b89a
ab9738727c310c5eb66cd40e13cb06104e27789d
dd7894c1f4e548125ddbd1c6171e475ffdad85f293d331f6319511f8c2ff4a9d
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2295
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=shnx7j7w6xZB%2FsCTtVG2WeGEZZinreJ0i1gRng96Y7qX7GOz0CzohBIVHKjU14cBJVT14stR%2Ftt54gBz5wbZhrugzNbR32d58i5UNr178MCGB1qFQzFjcOsKgBs3Lw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7517ac0cea000b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ee83d08d024d127fad5918e1ffacb78b
8ad289a77705358ab660b6123e9d90de991b6c13
aaab3590ef3777ce8b7a9a34f18866fa20ecaa554cbcdcdb3f1fa3c34c88ceb4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11314
x-amzn-requestid: 9f410158-cd1a-45a9-9e86-4005b25577e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e4Hw7oAMFpAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5f-70683c681f22a3b6103fcb4a;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: l9IinQYCcQV_iymSArIEnOWgbmLlmVqz94402zcsmga5Bp3Sty7QRg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:40:49 GMT
age: 2854
etag: "8ad289a77705358ab660b6123e9d90de991b6c13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9646ccba-7fc2-470a-b04e-5cef02e234cd.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9646ccba-7fc2-470a-b04e-5cef02e234cd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e49757d877a437a57f39d458862e8369
7d8b30445dadc44a17e5a26301212fced3aaa2af
e8b481bd5fe7ce92aa614cb77c9318ef8b763e71a178126805a4c363e6f91a9b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9646ccba-7fc2-470a-b04e-5cef02e234cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13058
x-amzn-requestid: 2ce70ac3-0451-41f4-bd82-596a92582a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3EiiIAMFQLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-25deabef6235856b6d9bb19f;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: oGmQtgwLy_unp2_L3WP10HsyeCSgao4_37Kf6K8JeeVgz8YXbDvDWQ==
via: 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:47 GMT
age: 2496
etag: "7d8b30445dadc44a17e5a26301212fced3aaa2af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52d10f53-5e95-4bc8-aa34-09983b7221cd.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52d10f53-5e95-4bc8-aa34-09983b7221cd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c4a66beda24621e812a929933c52025d
e951f6b11e473b68d2fdd95b822cef120d37b1eb
28efb1495fdb363cea9ccc6c38f84b2731dbd44dd4dbbe42996fa6fab74e1ce6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52d10f53-5e95-4bc8-aa34-09983b7221cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6721
x-amzn-requestid: ea4416a4-ffbe-4006-bb09-aa0a70763ab2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3xTGNOoAMFXeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336cd4-6634cd372bd677227f755769;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TlEcmqE03c_aVOwGbXRCTsU5MOTiUF4C93U3zcIVqzg6NCGJJGup7A==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:09:10 GMT
age: 1153
etag: "e951f6b11e473b68d2fdd95b822cef120d37b1eb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a264fec-4624-4025-b0d1-044fc33e338f.webp
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a264fec-4624-4025-b0d1-044fc33e338f.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43d7c0db2af42ad4d0095324b2691f6c
1a1139cff14aff6755b9e43ff4ef8c9ece1102c1
42073c84e0c215109b54ab55a53cce9e6cce44f4619f5988fa4e2776ff70b362
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a264fec-4624-4025-b0d1-044fc33e338f.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9780
x-amzn-requestid: 9938422e-12cd-4aab-9e58-c26b8fee53b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UOH3DoAMFZRw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-37105d923f19437025abec71;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Halsx09hxT_sMRc2jy-fJA0tE85F6Bgz9P9Trx02Z9aMfIZVLkLW4g==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:11:14 GMT
age: 1029
etag: "1a1139cff14aff6755b9e43ff4ef8c9ece1102c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa5cad224dbddd71881bd07255beb4da
bc214d60be395d4cf753216ff8f9691c33d25e75
82935e52aa59929a448d17a5a2d58fda86bb5c25bf6628a05bd904f82517dada
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14464
x-amzn-requestid: 6627e07e-034b-432e-ab9e-afe035fa0b9a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e9HgIoAMFxUA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5f-7f34c3f6454379724a7ac413;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: J27vcANRhkMUuGwTZjXkO0EF0-UjN-MODVQRKgsc7hJI2S-UPF8Ctw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:40:53 GMT
age: 2850
etag: "bc214d60be395d4cf753216ff8f9691c33d25e75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hatsheisaco.xyz/utx?cb=4vrV3Br1UQBv&top=1337x.theproxy.best&tid=949060
143.204.55.30204 No Content 0 B URL HTTP/2 hatsheisaco.xyz/utx?cb=4vrV3Br1UQBv&top=1337x.theproxy.best&tid=949060
IP 143.204.55.30:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=4vrV3Br1UQBv&top=1337x.theproxy.best&tid=949060 HTTP/1.1
Host: hatsheisaco.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 27 Sep 2022 22:28:23 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://1337x.theproxy.best
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 27 Sep 2022 22:29:23 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: mJPY1Yapantj03A6HwoyzU1O0YG7tKSbcKahJyshFm9voSSemKH5Lg==
X-Firefox-Spdy: h2
benumelan.com/9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=5b260b75c93c426ca1fa085d4a6d6aca
139.45.197.239204 No Content 0 B URL HTTP/2 benumelan.com/9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=5b260b75c93c426ca1fa085d4a6d6aca
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=5b260b75c93c426ca1fa085d4a6d6aca HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://1337x.theproxy.best/
Origin: http://1337x.theproxy.best
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 27 Sep 2022 22:28:23 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
d2ers4gi7coxau.cloudfront.net/vNWQzRW1WC10jUkENV3hUAV0Dc10TDkAqA0VZQR8gTBZqdAVnEWkQWlFCRz8JCFQVKQxbAw5jCFsHDnRLVABReF0TEEMqBggSUiQeRBNDNQdeQkYkUFgLSSwBWQUWdysASgNgXwVMS3RcEFdxYF8FCForGE1BAXUVDVJsc1kQV3FgXwUWRWBedF0Fa10cQQ-F1ClAHWCpIByIBdVwFVAJ1XBBWAyMERwFVKhUQVnV8WxtUFTBQBA
143.204.42.65200 OK 584 B URL HTTP/1.1 d2ers4gi7coxau.cloudfront.net/vNWQzRW1WC10jUkENV3hUAV0Dc10TDkAqA0VZQR8gTBZqdAVnEWkQWlFCRz8JCFQVKQxbAw5jCFsHDnRLVABReF0TEEMqBggSUiQeRBNDNQdeQkYkUFgLSSwBWQUWdysASgNgXwVMS3RcEFdxYF8FCForGE1BAXUVDVJsc1kQV3FgXwUWRWBedF0Fa10cQQ-F1ClAHWCpIByIBdVwFVAJ1XBBWAyMERwFVKhUQVnV8WxtUFTBQBA
IP 143.204.42.65:0
File type ASCII text, with very long lines (810), with no line terminators
Hash c34cf2e64ab0267356a252324e149b08
30ff5526dcf86e6f1b9e0710aca1e5b5d54aa7a9
0343aa4cd22b7b69ff9e05fe8511284069624379d9c3fa46af32a58613faeab9
GET /vNWQzRW1WC10jUkENV3hUAV0Dc10TDkAqA0VZQR8gTBZqdAVnEWkQWlFCRz8JCFQVKQxbAw5jCFsHDnRLVABReF0TEEMqBggSUiQeRBNDNQdeQkYkUFgLSSwBWQUWdysASgNgXwVMS3RcEFdxYF8FCForGE1BAXUVDVJsc1kQV3FgXwUWRWBedF0Fa10cQQ-F1ClAHWCpIByIBdVwFVAJ1XBBWAyMERwFVKhUQVnV8WxtUFTBQBA HTTP/1.1
Host: d2ers4gi7coxau.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Content-Length: 584
Connection: keep-alive
Date: Tue, 27 Sep 2022 22:28:23 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8hZS5HFYzwo3MuUUhu4GQr2TFhVhIJLmZRs5FF-sVw0PjK0hV37mFw==
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 173fcd5342ac62d5ae47a58bd4efec45
43e7bee3ae2630f431eb71277b0cda738068e2b6
e61014e02aa1c046c3a0f552e0fd2aade3d31714a63cfcd8d08eda3fb40c59cc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 22:28:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d2ers4gi7coxau.cloudfront.net/3WEk0bkc7JloIeCwgUFN+bnkBV3Z+I0cBKSh0fVkpbxxhLDEwAgRfYSwzUFN3fiVVACBlb1EAJGV4Eg8jOnQESDMoJl9TMjYtUQguNixQSDI5dFkBPTElWA9iag8BQHd9ewRGP2l4EV0FfXsEAi42PExLdWgxDFgYbn0RXQV9ewQcMX16dVdxdnkdS3VoLl-ENLDdsBih1aHgEXnZoeBFcdz4gRgshNzERXAFhfxpeYS10BQ
143.204.42.65200 OK 335 B URL HTTP/1.1 d2ers4gi7coxau.cloudfront.net/3WEk0bkc7JloIeCwgUFN+bnkBV3Z+I0cBKSh0fVkpbxxhLDEwAgRfYSwzUFN3fiVVACBlb1EAJGV4Eg8jOnQESDMoJl9TMjYtUQguNixQSDI5dFkBPTElWA9iag8BQHd9ewRGP2l4EV0FfXsEAi42PExLdWgxDFgYbn0RXQV9ewQcMX16dVdxdnkdS3VoLl-ENLDdsBih1aHgEXnZoeBFcdz4gRgshNzERXAFhfxpeYS10BQ
IP 143.204.42.65:0
File type ASCII text, with very long lines (416), with no line terminators
Hash 06b9480fbff7c344a762028829b30f2f
6b799bd19a12a71b542801381f0ce4486f41bee7
0b8b7c5c4999ae047a777a142c6811d356690076b7d0bd80df71e2a992beb215
GET /3WEk0bkc7JloIeCwgUFN+bnkBV3Z+I0cBKSh0fVkpbxxhLDEwAgRfYSwzUFN3fiVVACBlb1EAJGV4Eg8jOnQESDMoJl9TMjYtUQguNixQSDI5dFkBPTElWA9iag8BQHd9ewRGP2l4EV0FfXsEAi42PExLdWgxDFgYbn0RXQV9ewQcMX16dVdxdnkdS3VoLl-ENLDdsBih1aHgEXnZoeBFcdz4gRgshNzERXAFhfxpeYS10BQ HTTP/1.1
Host: d2ers4gi7coxau.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Content-Length: 335
Connection: keep-alive
Date: Tue, 27 Sep 2022 22:28:23 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: xLdhO7QhrqjJ-5PibW0vcJOi6Mo7GhN8fOF1ln25gooMY18e56TCEQ==
glimtors.net/custom
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
OPTIONS /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://1337x.theproxy.best/
Origin: http://1337x.theproxy.best
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 173fcd5342ac62d5ae47a58bd4efec45
43e7bee3ae2630f431eb71277b0cda738068e2b6
e61014e02aa1c046c3a0f552e0fd2aade3d31714a63cfcd8d08eda3fb40c59cc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 22:28:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d2ers4gi7coxau.cloudfront.net/?gsred=949060
143.204.42.65200 OK 159 kB URL HTTP/1.1 d2ers4gi7coxau.cloudfront.net/?gsred=949060
IP 143.204.42.65:0
File type Unicode text, UTF-8 text, with very long lines (15945)
Size 159 kB (159102 bytes)
Hash 17c3fa00d1c5c387b8c302c549cf8ae2
cd3629c3fb3721d6686937ff4fbc2a46fcbd0af7
0c47dc224478ed3fdf8b7c6af7f5dd70d345dc0e858cb1ff7a2772dccd21e1a5
GET /?gsred=949060 HTTP/1.1
Host: d2ers4gi7coxau.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://1337x.theproxy.best/
Origin: http://1337x.theproxy.best
Connection: keep-alive
HTTP/1.1 200 OK
Content-Length: 159102
Connection: keep-alive
Date: Tue, 27 Sep 2022 22:28:23 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://1337x.theproxy.best
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nrQnOdKqIv3vVPphxgZc3oDaTljV6wMpfOa_9J2FtN81Zt0BCeSSYg==
my.rtmark.net/gid.js?pub=0&userId=764ab9ae662d434c8b6932dd20db898d&zoneId=2651991&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=764ab9ae662d434c8b6932dd20db898d&zoneId=2651991&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash e7a149ce5dffa7cd9a7df6d0349c3e70
7be8224ef87a8dfdcc2108623b4aaafae28f4c63
0d44e08e18f7a6099321e40f22d4b5918905c2fc32f5ab9ff9aec6486cc4dacc
GET /gid.js?pub=0&userId=764ab9ae662d434c8b6932dd20db898d&zoneId=2651991&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1337x.theproxy.best/
Origin: http://1337x.theproxy.best
Connection: keep-alive
Cookie: ID=5b260b75c93c426ca1fa085d4a6d6aca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=5b260b75c93c426ca1fa085d4a6d6aca; expires=Wed, 27 Sep 2023 22:28:23 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd9c95c1c24789f4041887b11468ab7e
bf202eeda47e79ac15d77325a02a1206bec63dcb
86f005e634685a4eb89dd87735b4cc0d91163be2912c470a529f0eb223531dbf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3926
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 22:28:23 GMT
Last-Modified: Tue, 27 Sep 2022 21:22:57 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Hash 3b1e3361ab1470acf95f6a3b54db5e0c
2cf32bb7450057c25c719c20e08615c17cb5a3b1
3d0c51391d1c1cae10c5844b7d1e5363eaab42e38de0c7497499770a08c2a611
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 27 Sep 2022 22:28:23 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1743953535%3A1664317703715074&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWooc5vcUlO6RV_p_N6LYAPKFWEWS8-594FUcqmWV7iKpKsPpM3yp72fUAAlL679KhtA7YlvHw
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-z8O5aExuhm_9NLTXFliZaw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:o1K0zMn4kh25-R6N0ybCZTUi1Mr_mQ:EImj6ocEw3MkWFkQ;Path=/;Expires=Thu, 26-Sep-2024 22:28:23 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cf4d1ef827b71ee69d1e8be3bd11881f
76d609cab8d3f56ed9a86c20ab36205dae82cac2
432faa36d729ed00fc79bc1c33da908b86df850fee389570476dc27390b557ac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "432FAA36D729ED00FC79BC1C33DA908B86DF850FEE389570476DC27390B557AC"
Last-Modified: Tue, 27 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6692
Expires: Wed, 28 Sep 2022 00:19:55 GMT
Date: Tue, 27 Sep 2022 22:28:23 GMT
Connection: keep-alive
glimtors.net/custom
139.45.197.251200 OK 39 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1337x.theproxy.best/
Content-Type: application/json
Origin: http://1337x.theproxy.best
Content-Length: 444
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 0edc8501fcd4905022320496a8917340
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
d2ers4gi7coxau.cloudfront.net/dS3hQTVooFz4rZT8RNHBjf0Fke2xtEiMiNDtFKAEKGz4RDhA7GiAdfD8CNHBqbRQxIz12XjUjOXZJdiw+KUVgay47FztwLCoZIzwtOwg6Jnw+GW0gNTERPCE7bkoWeHR7XWJ9cjNJYWhpCV1ifTYiFiU1f3lIKHVsFE5kaGkJXWJ9KD1dYwxjfVZgZH95SD-coOSAXdX8ceUhhfWp6SGFoaHseOT8/LRcoaGgNQWZjam0NbXw
143.204.42.65200 OK 474 B URL HTTP/1.1 d2ers4gi7coxau.cloudfront.net/dS3hQTVooFz4rZT8RNHBjf0Fke2xtEiMiNDtFKAEKGz4RDhA7GiAdfD8CNHBqbRQxIz12XjUjOXZJdiw+KUVgay47FztwLCoZIzwtOwg6Jnw+GW0gNTERPCE7bkoWeHR7XWJ9cjNJYWhpCV1ifTYiFiU1f3lIKHVsFE5kaGkJXWJ9KD1dYwxjfVZgZH95SD-coOSAXdX8ceUhhfWp6SGFoaHseOT8/LRcoaGgNQWZjam0NbXw
IP 143.204.42.65:0
File type ASCII text, with very long lines (664), with no line terminators
Hash 85eca5c54fb79ce4a1643765a812a73b
891b2426c61963039dacc3d251c958dcd25fb2fc
1aa37d8e6ed5b152310938b7fd6b3506dabc3227bf1005a3c505fe0fc7af9555
GET /dS3hQTVooFz4rZT8RNHBjf0Fke2xtEiMiNDtFKAEKGz4RDhA7GiAdfD8CNHBqbRQxIz12XjUjOXZJdiw+KUVgay47FztwLCoZIzwtOwg6Jnw+GW0gNTERPCE7bkoWeHR7XWJ9cjNJYWhpCV1ifTYiFiU1f3lIKHVsFE5kaGkJXWJ9KD1dYwxjfVZgZH95SD-coOSAXdX8ceUhhfWp6SGFoaHseOT8/LRcoaGgNQWZjam0NbXw HTTP/1.1
Host: d2ers4gi7coxau.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Content-Length: 474
Connection: keep-alive
Date: Tue, 27 Sep 2022 22:28:23 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: irg6TWW6diNkJY6dYlapu8D99B1VtmZxldUckpG0IFp3dIdM0Nm8qg==
d2ers4gi7coxau.cloudfront.net/Rcm1CZnURAiwASgYEJltMRlR2UEBUBzEJGwJQFAAXQhcLEhcYDmQSDxZQckAZEwMlW1MXAyFbRFQMJgRIQks3B0gfAjgPGR4MZ1QzR0NyQ0dCRTpXRFdeAENHQgErCAAKSHBWDUpbHVBBV14AQ0dCHzRDRjNUdEhFW0hwVhIXDikJUEArcFZEQl1zVkRXX3-IAHAAIJAkNV18EX0NcXWQTSEM
143.204.42.65200 OK 185 B URL HTTP/1.1 d2ers4gi7coxau.cloudfront.net/Rcm1CZnURAiwASgYEJltMRlR2UEBUBzEJGwJQFAAXQhcLEhcYDmQSDxZQckAZEwMlW1MXAyFbRFQMJgRIQks3B0gfAjgPGR4MZ1QzR0NyQ0dCRTpXRFdeAENHQgErCAAKSHBWDUpbHVBBV14AQ0dCHzRDRjNUdEhFW0hwVhIXDikJUEArcFZEQl1zVkRXX3-IAHAAIJAkNV18EX0NcXWQTSEM
IP 143.204.42.65:0
File type ASCII text, with no line terminators
Hash 553be9e6b3a1f7660fe8e9e5590d8c50
513188274d1caf6938f31312deba48c9a96ff35f
39d78fc2af4c1673e0c403ce12bbb2364e28a95ae683ceb09b89a38a990517ab
GET /Rcm1CZnURAiwASgYEJltMRlR2UEBUBzEJGwJQFAAXQhcLEhcYDmQSDxZQckAZEwMlW1MXAyFbRFQMJgRIQks3B0gfAjgPGR4MZ1QzR0NyQ0dCRTpXRFdeAENHQgErCAAKSHBWDUpbHVBBV14AQ0dCHzRDRjNUdEhFW0hwVhIXDikJUEArcFZEQl1zVkRXX3-IAHAAIJAkNV18EX0NcXWQTSEM HTTP/1.1
Host: d2ers4gi7coxau.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Content-Length: 185
Connection: keep-alive
Date: Tue, 27 Sep 2022 22:28:23 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ev-6fm0bNMjRNmgDlvMz2Iz2ggSK-hmu0e44x9Z9a6RUNG4JvMYNgQ==
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cf4d1ef827b71ee69d1e8be3bd11881f
76d609cab8d3f56ed9a86c20ab36205dae82cac2
432faa36d729ed00fc79bc1c33da908b86df850fee389570476dc27390b557ac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "432FAA36D729ED00FC79BC1C33DA908B86DF850FEE389570476DC27390B557AC"
Last-Modified: Tue, 27 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6692
Expires: Wed, 28 Sep 2022 00:19:55 GMT
Date: Tue, 27 Sep 2022 22:28:23 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cf4d1ef827b71ee69d1e8be3bd11881f
76d609cab8d3f56ed9a86c20ab36205dae82cac2
432faa36d729ed00fc79bc1c33da908b86df850fee389570476dc27390b557ac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "432FAA36D729ED00FC79BC1C33DA908B86DF850FEE389570476DC27390B557AC"
Last-Modified: Tue, 27 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6692
Expires: Wed, 28 Sep 2022 00:19:55 GMT
Date: Tue, 27 Sep 2022 22:28:23 GMT
Connection: keep-alive
cdn.itskiddoan.club/?rb=HY7BDekgn9NeoiI1krpQz2b66Acg7G5FL2pj4zAX7X9rC9QGa3F_OVM9oynn4FJYTJ21txiLsep3Vp26Ucuz7VsVADitkSD7c9H6kEB3lOJ6hwzz-fulcfD_bysLYvpY-gkgfLF3uLy48C0Ufwmm-0BoP8q-JK1dM6Q0O0w8vBGp_kC7c7yeFvaLVvQt_HYC6uhiA3a3aiEqa_2DK8q9sgujrG7Wq1SL&request_ab2=0&zoneid=3388548&js_build=iclick-v1.430.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.430.0&bs=60be4180-c7b4-44a4-8a61-daa38425d60f&userId=5b260b75c93c426ca1fa085d4a6d6aca&m=link
139.45.197.236200 OK 1.8 kB URL HTTP/1.1 cdn.itskiddoan.club/?rb=HY7BDekgn9NeoiI1krpQz2b66Acg7G5FL2pj4zAX7X9rC9QGa3F_OVM9oynn4FJYTJ21txiLsep3Vp26Ucuz7VsVADitkSD7c9H6kEB3lOJ6hwzz-fulcfD_bysLYvpY-gkgfLF3uLy48C0Ufwmm-0BoP8q-JK1dM6Q0O0w8vBGp_kC7c7yeFvaLVvQt_HYC6uhiA3a3aiEqa_2DK8q9sgujrG7Wq1SL&request_ab2=0&zoneid=3388548&js_build=iclick-v1.430.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.430.0&bs=60be4180-c7b4-44a4-8a61-daa38425d60f&userId=5b260b75c93c426ca1fa085d4a6d6aca&m=link
IP 139.45.197.236:0
File type JSON data\012- , ASCII text, with very long lines (2362), with no line terminators
Hash dc68b6aa0070c9e1fd0a28050d93e6a6
5cccd3d5c672bea04ae341a8d63d05e87269140d
1b779a5ccfc0e2a38e1c7eadf782809df99c6c5ccde0e4f9bd9436101e716f21
GET /?rb=HY7BDekgn9NeoiI1krpQz2b66Acg7G5FL2pj4zAX7X9rC9QGa3F_OVM9oynn4FJYTJ21txiLsep3Vp26Ucuz7VsVADitkSD7c9H6kEB3lOJ6hwzz-fulcfD_bysLYvpY-gkgfLF3uLy48C0Ufwmm-0BoP8q-JK1dM6Q0O0w8vBGp_kC7c7yeFvaLVvQt_HYC6uhiA3a3aiEqa_2DK8q9sgujrG7Wq1SL&request_ab2=0&zoneid=3388548&js_build=iclick-v1.430.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.430.0&bs=60be4180-c7b4-44a4-8a61-daa38425d60f&userId=5b260b75c93c426ca1fa085d4a6d6aca&m=link HTTP/1.1
Host: cdn.itskiddoan.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://1337x.theproxy.best/
Origin: http://1337x.theproxy.best
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 22:28:23 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: abd40b03efa610b899bbd17d73dca952
Access-Control-Allow-Origin: http://1337x.theproxy.best
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=5b260b75c93c426ca1fa085d4a6d6aca; expires=Wed, 27 Sep 2023 22:28:23 GMT; path=/
oaidts=1664317703; expires=Wed, 27 Sep 2023 22:28:23 GMT; path=/
syncedCookie=true; expires=Tue, 04 Oct 2022 22:28:23 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
hatsheisaco.xyz/utx?cb=ABaNN1IKIrOQ&top=1337x.theproxy.best&tid=949466
143.204.55.30204 No Content 0 B URL HTTP/2 hatsheisaco.xyz/utx?cb=ABaNN1IKIrOQ&top=1337x.theproxy.best&tid=949466
IP 143.204.55.30:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=ABaNN1IKIrOQ&top=1337x.theproxy.best&tid=949466 HTTP/1.1
Host: hatsheisaco.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 27 Sep 2022 22:28:23 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://1337x.theproxy.best
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 27 Sep 2022 22:29:23 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zrXo6C_X4MnezalRQN6Jgx833H4SOn7nKY71CYqYm2w_wtwvygQj4A==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cf4d1ef827b71ee69d1e8be3bd11881f
76d609cab8d3f56ed9a86c20ab36205dae82cac2
432faa36d729ed00fc79bc1c33da908b86df850fee389570476dc27390b557ac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "432FAA36D729ED00FC79BC1C33DA908B86DF850FEE389570476DC27390B557AC"
Last-Modified: Tue, 27 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6692
Expires: Wed, 28 Sep 2022 00:19:55 GMT
Date: Tue, 27 Sep 2022 22:28:23 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 389 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash 6b63008a2e2774487a5c4932423ea4cd
b459af673d4e958eb26cc770f0eb59a58b269485
c25f8cf8fa4d1135d540de0ec4382bcf64d18a3571b170aecf28bebd6299854f
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 27 Sep 2022 22:28:23 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S957121861%3A1664317703777259&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWpbWkHWDE3mot3S11T6tnAhNT68knTacYnmIrSgkIT0AEk6nKKFwGstaQQ2eiaz-45Bww4cbA
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-SnMsniySC-dW5axA6Su_qQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 389
server: GSE
set-cookie: __Host-GAPS=1:rHukY0G3KumFNsu8tJx_CBFT8aQGYA:yQPiqa8cPpspWVYt;Path=/;Expires=Thu, 26-Sep-2024 22:28:23 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
hatsheisaco.xyz/utx?cb=vHeVmBrGUOXr&top=1337x.theproxy.best&tid=960591
143.204.55.30204 No Content 0 B URL HTTP/2 hatsheisaco.xyz/utx?cb=vHeVmBrGUOXr&top=1337x.theproxy.best&tid=960591
IP 143.204.55.30:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=vHeVmBrGUOXr&top=1337x.theproxy.best&tid=960591 HTTP/1.1
Host: hatsheisaco.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 27 Sep 2022 22:28:23 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://1337x.theproxy.best
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 27 Sep 2022 22:29:23 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: IMBtglRKB0JlUeImjVFRYSb4feNFubuQtfrGqXz-p25rtNc_5f95hA==
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 940 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 13545c613effa84e1f446292769576b3
95e2cfa0bc8c74729ab615e273bc9eb52d08e4de
3f622468377dcf802468c93233f3ef036014695bd4641456edf789603394e125
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:23 GMT
Content-Type: application/ocsp-response
Content-Length: 940
Connection: keep-alive
Expires: Sat, 01 Oct 2022 19:00:19 GMT
ETag: "95e2cfa0bc8c74729ab615e273bc9eb52d08e4de"
Last-Modified: Tue, 27 Sep 2022 19:00:20 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1471
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac10b964b518-OSL
inpagepush.com/500/3064505?excludes=&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/1.1 inpagepush.com/500/3064505?excludes=&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/3064505?excludes=&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: inpagepush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://1337x.theproxy.best/
Origin: http://1337x.theproxy.best
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 22:28:23 GMT
Content-Length: 0
Connection: keep-alive
Allow: GET, OPTIONS
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://1337x.theproxy.best
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 600
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
benumelan.com/9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=5b260b75c93c426ca1fa085d4a6d6aca
139.45.197.239200 OK 3.2 kB URL HTTP/2 benumelan.com/9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=5b260b75c93c426ca1fa085d4a6d6aca
IP 139.45.197.239:0
Hash ff88f8fcc23e76986fed488bacb28c59
6b25401ccb72ef0b741746ec34c59987423668d7
4561c198d4ba57026878c27895cd1e523e2222da4e3c2893b3af6327a2a8b28e
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=5b260b75c93c426ca1fa085d4a6d6aca HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 123
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Cookie: scm=1; OAID=1fad92768ac24dcd8ad4cf8d74383c69; oaidts=1664317701
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 2b8d15f57ded6e6b06de0a122e032311
access-control-expose-headers: X-Sc
set-cookie: OAID=5b260b75c93c426ca1fa085d4a6d6aca; expires=Wed, 27 Sep 2023 22:28:23 GMT; secure; SameSite=None
oaidts=1664317701; expires=Wed, 27 Sep 2023 22:28:23 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 27e98fe1cd3e7042342c4107565b2176
d643a703ff771e88cedf6626d4d6537c3951d8bd
fb817eeb13578a3daa360dc6769fbac02ae3dc903449efee995f7570ab76465b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FB817EEB13578A3DAA360DC6769FBAC02AE3DC903449EFEE995F7570AB76465B"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9150
Expires: Wed, 28 Sep 2022 01:00:53 GMT
Date: Tue, 27 Sep 2022 22:28:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 27e98fe1cd3e7042342c4107565b2176
d643a703ff771e88cedf6626d4d6537c3951d8bd
fb817eeb13578a3daa360dc6769fbac02ae3dc903449efee995f7570ab76465b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FB817EEB13578A3DAA360DC6769FBAC02AE3DC903449EFEE995F7570AB76465B"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9150
Expires: Wed, 28 Sep 2022 01:00:53 GMT
Date: Tue, 27 Sep 2022 22:28:23 GMT
Connection: keep-alive
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://1337x.theproxy.best/
Content-Type: text/plain;charset=UTF-8
Origin: http://1337x.theproxy.best
Content-Length: 1571
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Tue, 27 Sep 2022 22:28:42 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: http://1337x.theproxy.best
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 071ba0f0d9a0aba5795152a17232f18f
b1ec6f503a4a3595c40e001f9d95000c207f1e8e
21c996c4b52728098b5fd1ef9b93b135bb13fbfe6d6c1874d80ac41bed0ac3ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "21C996C4B52728098B5FD1EF9B93B135BB13FBFE6D6C1874D80AC41BED0AC3AD"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3595
Expires: Tue, 27 Sep 2022 23:28:18 GMT
Date: Tue, 27 Sep 2022 22:28:23 GMT
Connection: keep-alive
matomo.hellohi.me/matomo.php?action_name=Download%20The%20Walking%20Dead%20S04%20Complete%20BDRip%20x264%20ENG-ITA%20(2013)%20Torrent%20%7C%201337x&idsite=1&rec=1&r=165409&h=22&m=28&s=21&url=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&_id=01d8d0da4853d365&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=6JtUCR&pf_net=0&pf_srv=185&pf_tfr=77&pf_dm1=1416
104.21.94.42301 Moved Permanently 169 B URL HTTP/1.1 matomo.hellohi.me/matomo.php?action_name=Download%20The%20Walking%20Dead%20S04%20Complete%20BDRip%20x264%20ENG-ITA%20(2013)%20Torrent%20%7C%201337x&idsite=1&rec=1&r=165409&h=22&m=28&s=21&url=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&_id=01d8d0da4853d365&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=6JtUCR&pf_net=0&pf_srv=185&pf_tfr=77&pf_dm1=1416
IP 104.21.94.42:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f3099a531821c476589c3d2d00d53772
8e539d05a8355d6835a56f94b75f405c6e55f6f3
a5287e1cf9fe9dc106bd2172a5b175c7833427866b7819872b1b6fa34b66daef
POST /matomo.php?action_name=Download%20The%20Walking%20Dead%20S04%20Complete%20BDRip%20x264%20ENG-ITA%20(2013)%20Torrent%20%7C%201337x&idsite=1&rec=1&r=165409&h=22&m=28&s=21&url=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&_id=01d8d0da4853d365&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=6JtUCR&pf_net=0&pf_srv=185&pf_tfr=77&pf_dm1=1416 HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 301 Moved Permanently
Date: Tue, 27 Sep 2022 22:28:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://matomo.hellohi.me/matomo.php?action_name=Download%20The%20Walking%20Dead%20S04%20Complete%20BDRip%20x264%20ENG-ITA%20(2013)%20Torrent%20%7C%201337x&idsite=1&rec=1&r=165409&h=22&m=28&s=21&url=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&_id=01d8d0da4853d365&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=6JtUCR&pf_net=0&pf_srv=185&pf_tfr=77&pf_dm1=1416
Referrer-Policy: origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=riAXiinFrXX4k8Ul0qfz5obmcUtrUAfVIANgcGWaIigtgUjKpDhO948LCji77pRQwQcqe5D%2BJcoBWDkZax7g6w7KEMwXZaQ04sr6YWA%2FsOl%2FJLiZW0aQmGjxvUsJL2SNnV4zHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7517ac0eeffcb518-OSL
alt-svc: h2=":443"; ma=60
benumelan.com/11?rnd=4165859760&z=3372123&b=14812988&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=Uiw5pPoa3X3q_0aOlYNdFxCLhcGpnr9NVLAMVpAWSZ1u6jA_J_uJyBnCSdYu1TWXYeobBaTXUb9gZwnfaB102SQ6WsXko39QobyaaHLRN_GiwCy5VsuCcGhnqj5Y3Sl1pKjV51JzjP0ZeohpX8y-ouApH-SYz9nwKweW2zQIV8Wvz51ix28_0UOs2m9KS10WKui76pF5_vekvcykthzBhU9ZnzeyKju-xjwyJd6ysJkHeq9vp_610nTKL2Bf4YRaprphGAQodJtdlvjMVB6REWYu-6rA1CNCPQLCiu82riAVOgxOjLZSOv07o9VulM6W6bxMXkdlfBBc4CqVa3Sy7J0-KBdK4Fylbw2tQPGywdb-ioN_YfGETl6oQez33VwpjWXgO93-UEV5KAwXvcJvCDaUwkh3e9yhsIC5zQWH-C0KrupHaGeYHc31VkR49i7MwPKC1xfzKZS-2QXXr0U3nS89A2z4OIqs6sKtL5qn3SCiHcdMYH_X9SBYp_pE448-JdomVsW797f4Y7V1A9GojpGPkP_m1Oz1zlLQ56Hv_pNHZA4sePe9zKW-PCovmXe1VqjiaHLQn1Z2OTE5MBvROXVTt6se80r1RmNAxogeyaS4oUpFx_ZnVQb-uQIuJFofIJD7-YfZsdin0LwL0vdKwbAeFPwwsYcZ&ruid=f5a9febe-d6f0-4a99-ae71-1d207b4ad5fb&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=246
139.45.197.239200 OK 0 B URL HTTP/2 benumelan.com/11?rnd=4165859760&z=3372123&b=14812988&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=Uiw5pPoa3X3q_0aOlYNdFxCLhcGpnr9NVLAMVpAWSZ1u6jA_J_uJyBnCSdYu1TWXYeobBaTXUb9gZwnfaB102SQ6WsXko39QobyaaHLRN_GiwCy5VsuCcGhnqj5Y3Sl1pKjV51JzjP0ZeohpX8y-ouApH-SYz9nwKweW2zQIV8Wvz51ix28_0UOs2m9KS10WKui76pF5_vekvcykthzBhU9ZnzeyKju-xjwyJd6ysJkHeq9vp_610nTKL2Bf4YRaprphGAQodJtdlvjMVB6REWYu-6rA1CNCPQLCiu82riAVOgxOjLZSOv07o9VulM6W6bxMXkdlfBBc4CqVa3Sy7J0-KBdK4Fylbw2tQPGywdb-ioN_YfGETl6oQez33VwpjWXgO93-UEV5KAwXvcJvCDaUwkh3e9yhsIC5zQWH-C0KrupHaGeYHc31VkR49i7MwPKC1xfzKZS-2QXXr0U3nS89A2z4OIqs6sKtL5qn3SCiHcdMYH_X9SBYp_pE448-JdomVsW797f4Y7V1A9GojpGPkP_m1Oz1zlLQ56Hv_pNHZA4sePe9zKW-PCovmXe1VqjiaHLQn1Z2OTE5MBvROXVTt6se80r1RmNAxogeyaS4oUpFx_ZnVQb-uQIuJFofIJD7-YfZsdin0LwL0vdKwbAeFPwwsYcZ&ruid=f5a9febe-d6f0-4a99-ae71-1d207b4ad5fb&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=246
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=4165859760&z=3372123&b=14812988&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=Uiw5pPoa3X3q_0aOlYNdFxCLhcGpnr9NVLAMVpAWSZ1u6jA_J_uJyBnCSdYu1TWXYeobBaTXUb9gZwnfaB102SQ6WsXko39QobyaaHLRN_GiwCy5VsuCcGhnqj5Y3Sl1pKjV51JzjP0ZeohpX8y-ouApH-SYz9nwKweW2zQIV8Wvz51ix28_0UOs2m9KS10WKui76pF5_vekvcykthzBhU9ZnzeyKju-xjwyJd6ysJkHeq9vp_610nTKL2Bf4YRaprphGAQodJtdlvjMVB6REWYu-6rA1CNCPQLCiu82riAVOgxOjLZSOv07o9VulM6W6bxMXkdlfBBc4CqVa3Sy7J0-KBdK4Fylbw2tQPGywdb-ioN_YfGETl6oQez33VwpjWXgO93-UEV5KAwXvcJvCDaUwkh3e9yhsIC5zQWH-C0KrupHaGeYHc31VkR49i7MwPKC1xfzKZS-2QXXr0U3nS89A2z4OIqs6sKtL5qn3SCiHcdMYH_X9SBYp_pE448-JdomVsW797f4Y7V1A9GojpGPkP_m1Oz1zlLQ56Hv_pNHZA4sePe9zKW-PCovmXe1VqjiaHLQn1Z2OTE5MBvROXVTt6se80r1RmNAxogeyaS4oUpFx_ZnVQb-uQIuJFofIJD7-YfZsdin0LwL0vdKwbAeFPwwsYcZ&ruid=f5a9febe-d6f0-4a99-ae71-1d207b4ad5fb&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=246 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Cookie: scm=1; OAID=5b260b75c93c426ca1fa085d4a6d6aca; oaidts=1664317701
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: d766fc4d2a0de85b59c028f953bc1996
access-control-expose-headers: X-Sc
set-cookie: OAID=5b260b75c93c426ca1fa085d4a6d6aca; expires=Wed, 27 Sep 2023 22:28:23 GMT; secure; SameSite=None
oaidts=1664317701; expires=Wed, 27 Sep 2023 22:28:23 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
inpagepush.com/500/3064505?excludes=&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 1.2 kB URL HTTP/1.1 inpagepush.com/500/3064505?excludes=&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1469), with no line terminators
Hash 31ff876794166d278ef2bd02fbc14aee
d947755aff624ad278db5a0bc0ca16118d48c817
f27d1781eb4d3acddadd4baf661ddfeee498f6f36c46b7436c29a10948c8ce6b
GET /500/3064505?excludes=&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: inpagepush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 22:28:23 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 68be6ddea4183a278bec6e15351f9b78
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: http://1337x.theproxy.best
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=5b260b75c93c426ca1fa085d4a6d6aca; expires=Wed, 27 Sep 2023 22:28:23 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
1337x.theproxy.best/favicon.ico
104.21.28.218200 OK 1.2 kB URL HTTP/1.1 1337x.theproxy.best/favicon.ico
IP 104.21.28.218:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 769362362d52b0cfc3271ecb6dec43fb
9df2439bce4e08d28c14c37cd2f74fc678465b23
7d524db2f0ca2d20b89f7f197110cb9a5bbaea45b19939dc6e30dc366d20eb61
GET /favicon.ico HTTP/1.1
Host: 1337x.theproxy.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/torrent/1116615/The-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013/
Cookie: _pk_id.1.ad30=01d8d0da4853d365.1664317701.; _pk_ses.1.ad30=1
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 22:28:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 27 Sep 2022 22:28:23 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k3XiF147RHGl7u2tMiK%2FkzExxUUGiOvHKzioEJvSHBk0bdrkeVOQranE%2BxyI3%2FCvgHqD9XDC3bm1%2BgJ8vWX5Qjn2NTnfu3cUWDnLOaIgMRLxbVuAA8SCEbNRvZpuB6oMyB%2Fp07ey"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7517ac0f2a83b4fd-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash be52dbe2d47697a7f007d69c486b77b4
fe445ea87749e97423e7865bc559ad78f672a62d
65d16df2b3095c658d2bdf39b06d57486967bba7b43c43108e5025d7af5b7ab6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 22:28:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd9c95c1c24789f4041887b11468ab7e
bf202eeda47e79ac15d77325a02a1206bec63dcb
86f005e634685a4eb89dd87735b4cc0d91163be2912c470a529f0eb223531dbf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3926
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 22:28:23 GMT
Last-Modified: Tue, 27 Sep 2022 21:22:57 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d5e41047464169794ef5adbb3b72a686
f758bd6475f218b2e9c8177e124e873e5ba82e1a
418d7041cef79064c8a712b184b7251ba94428dac6de40e5abc5152cb8d07b09
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "418D7041CEF79064C8A712B184B7251BA94428DAC6DE40E5ABC5152CB8D07B09"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10245
Expires: Wed, 28 Sep 2022 01:19:08 GMT
Date: Tue, 27 Sep 2022 22:28:23 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cf4d1ef827b71ee69d1e8be3bd11881f
76d609cab8d3f56ed9a86c20ab36205dae82cac2
432faa36d729ed00fc79bc1c33da908b86df850fee389570476dc27390b557ac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "432FAA36D729ED00FC79BC1C33DA908B86DF850FEE389570476DC27390B557AC"
Last-Modified: Tue, 27 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6692
Expires: Wed, 28 Sep 2022 00:19:55 GMT
Date: Tue, 27 Sep 2022 22:28:23 GMT
Connection: keep-alive
mc.yandex.ru/metrika/tag.js
77.88.21.119200 OK 72 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 77.88.21.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (593)
Hash 7a68c8644032413981e4ba5bc0d66c4a
2d46ca8055e8577ae7138140e34a6e633434973c
e0573e9a9cbfc3f00a921fa64c50270f5941a1ebb253ab70af2cc0dac45cb0d5
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 72341
date: Tue, 27 Sep 2022 22:28:23 GMT
access-control-allow-origin: *
etag: "632d6d03-11a95"
expires: Tue, 27 Sep 2022 23:28:23 GMT
last-modified: Fri, 23 Sep 2022 11:23:31 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
offerimage.com/www/images/3ef316842349308dfa69b2337a1f2f26.png
172.67.22.216200 OK 97 kB URL HTTP/2 offerimage.com/www/images/3ef316842349308dfa69b2337a1f2f26.png
IP 172.67.22.216:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 3ef316842349308dfa69b2337a1f2f26
cfb295c74af7d2432c8f0dde1819e1aa35b2ab89
88d7d3964d36d102797d185fb23dab82ac6142c12a5119497b95d2dc018c5bcd
GET /www/images/3ef316842349308dfa69b2337a1f2f26.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: image/png
content-length: 96644
last-modified: Thu, 10 Dec 2020 16:09:13 GMT
etag: "5fd24829-17984"
expires: Wed, 28 Sep 2022 18:03:48 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 15875
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7517ac11e9a00b3d-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d7cb3481dd46647d06e18548fdcd12d7
07cda6cbf944285364b3960d830020edfd5f4e3f
50550ef7f7740af0116453d289f44b37199df7fa2cefec6dbe1af49b1ec77fed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50550EF7F7740AF0116453D289F44B37199DF7FA2CEFEC6DBE1AF49B1EC77FED"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19070
Expires: Wed, 28 Sep 2022 03:46:14 GMT
Date: Tue, 27 Sep 2022 22:28:24 GMT
Connection: keep-alive
hatsheisaco.xyz/floater?cs=T1Vocmp6ZFxGW3hsXkNaeWBYR1I&abt=0&red=1&sm=83&k=&v=0.8.9.1&sts=0&prn=0&emb=0&tid=960591&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_Ol9y=1664317699901&crc=1
143.204.55.30200 OK 6.3 kB URL HTTP/2 hatsheisaco.xyz/floater?cs=T1Vocmp6ZFxGW3hsXkNaeWBYR1I&abt=0&red=1&sm=83&k=&v=0.8.9.1&sts=0&prn=0&emb=0&tid=960591&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_Ol9y=1664317699901&crc=1
IP 143.204.55.30:0
File type ASCII text, with very long lines (9259), with no line terminators
Hash 452ddb08fb038b074f3096641d3f55e4
50ad6ba8ef9399e80e6a4cf1f2f6c981bdefbb08
05b3e729bd38af196bd2ead88b95ec1dcea64ec1637a3d7a9a4e14c7ff9882c8
GET /floater?cs=T1Vocmp6ZFxGW3hsXkNaeWBYR1I&abt=0&red=1&sm=83&k=&v=0.8.9.1&sts=0&prn=0&emb=0&tid=960591&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_Ol9y=1664317699901&crc=1 HTTP/1.1
Host: hatsheisaco.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
content-length: 6302
date: Tue, 27 Sep 2022 22:28:24 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://1337x.theproxy.best
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=78716ed3-c9b4-45fe-abdd-8f4a5caac501
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8Ci4VpwQJgmwLGOP75xUWNXlhiFjLu7p7jRlSZa6leklR4lSUZVfcw==
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/5b/f4/e6/f22046109fdc23a5aac1620be3/0829937400067.jpeg
139.45.197.153200 OK 25 kB URL HTTP/2 interstitial-07.com/contents/s/5b/f4/e6/f22046109fdc23a5aac1620be3/0829937400067.jpeg
IP 139.45.197.153:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Hash 5bf4e6f22046109fdc23a5aac1620be3
2b5d2dce336d86c63f6dfde19cd130166d29b221
11753e6268755b305837fe7e6f8c740862b68bc32ff79a2e86e18c6b5ebb60cc
GET /contents/s/5b/f4/e6/f22046109fdc23a5aac1620be3/0829937400067.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=BsffwaFC63kXM5A&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D3748117961%26z%3D3372123%26b%3D14812988%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DUiw5pPoa3X3q_0aOlYNdFxCLhcGpnr9NVLAMVpAWSZ1u6jA_J_uJyBnCSdYu1TWXYeobBaTXUb9gZwnfaB102SQ6WsXko39QobyaaHLRN_GiwCy5VsuCcGhnqj5Y3Sl1pKjV51JzjP0ZeohpX8y-ouApH-SYz9nwKweW2zQIV8Wvz51ix28_0UOs2m9KS10WKui76pF5_vekvcykthzBhU9ZnzeyKju-xjwyJd6ysJkHeq9vp_610nTKL2Bf4YRaprphGAQodJtdlvjMVB6REWYu-6rA1CNCPQLCiu82riAVOgxOjLZSOv07o9VulM6W6bxMXkdlfBBc4CqVa3Sy7J0-KBdK4Fylbw2tQPGywdb-ioN_YfGETl6oQez33VwpjWXgO93-UEV5KAwXvcJvCDaUwkh3e9yhsIC5zQWH-C0KrupHaGeYHc31VkR49i7MwPKC1xfzKZS-2QXXr0U3nS89A2z4OIqs6sKtL5qn3SCiHcdMYH_X9SBYp_pE448-JdomVsW797f4Y7V1A9GojpGPkP_m1Oz1zlLQ56Hv_pNHZA4sePe9zKW-PCovmXe1VqjiaHLQn1Z2OTE5MBvROXVTt6se80r1RmNAxogeyaS4oUpFx_ZnVQb-uQIuJFofIJD7-YfZsdin0LwL0vdKwbAeFPwwsYcZ%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3Df5a9febe-d6f0-4a99-ae71-1d207b4ad5fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252F1337x.theproxy.best%252Ftorrent%252F1116615%252FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:24 GMT
content-type: image/jpeg
content-length: 24846
last-modified: Wed, 01 Jun 2022 16:33:28 GMT
etag: "629794d8-610e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/66/34/46/8ca9a7d12267b3b43e9d23c04f/0681892114441.jpeg
139.45.197.153200 OK 57 kB URL HTTP/2 interstitial-07.com/contents/s/66/34/46/8ca9a7d12267b3b43e9d23c04f/0681892114441.jpeg
IP 139.45.197.153:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Hash 6634468ca9a7d12267b3b43e9d23c04f
dd438f13b2aaa9ecb6ac4a8f994c40c8b77cb1e8
7cfee30b3d910ccb67ae55cb502459d27a75d4a0df2f6806a90ae8c6bcec7008
GET /contents/s/66/34/46/8ca9a7d12267b3b43e9d23c04f/0681892114441.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=BsffwaFC63kXM5A&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D3748117961%26z%3D3372123%26b%3D14812988%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DUiw5pPoa3X3q_0aOlYNdFxCLhcGpnr9NVLAMVpAWSZ1u6jA_J_uJyBnCSdYu1TWXYeobBaTXUb9gZwnfaB102SQ6WsXko39QobyaaHLRN_GiwCy5VsuCcGhnqj5Y3Sl1pKjV51JzjP0ZeohpX8y-ouApH-SYz9nwKweW2zQIV8Wvz51ix28_0UOs2m9KS10WKui76pF5_vekvcykthzBhU9ZnzeyKju-xjwyJd6ysJkHeq9vp_610nTKL2Bf4YRaprphGAQodJtdlvjMVB6REWYu-6rA1CNCPQLCiu82riAVOgxOjLZSOv07o9VulM6W6bxMXkdlfBBc4CqVa3Sy7J0-KBdK4Fylbw2tQPGywdb-ioN_YfGETl6oQez33VwpjWXgO93-UEV5KAwXvcJvCDaUwkh3e9yhsIC5zQWH-C0KrupHaGeYHc31VkR49i7MwPKC1xfzKZS-2QXXr0U3nS89A2z4OIqs6sKtL5qn3SCiHcdMYH_X9SBYp_pE448-JdomVsW797f4Y7V1A9GojpGPkP_m1Oz1zlLQ56Hv_pNHZA4sePe9zKW-PCovmXe1VqjiaHLQn1Z2OTE5MBvROXVTt6se80r1RmNAxogeyaS4oUpFx_ZnVQb-uQIuJFofIJD7-YfZsdin0LwL0vdKwbAeFPwwsYcZ%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3Df5a9febe-d6f0-4a99-ae71-1d207b4ad5fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252F1337x.theproxy.best%252Ftorrent%252F1116615%252FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:24 GMT
content-type: image/jpeg
content-length: 56557
last-modified: Wed, 01 Jun 2022 14:55:35 GMT
etag: "62977de7-dced"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
dozubatan.com/400/4495524?oo=1&oaid=5b260b75c93c426ca1fa085d4a6d6aca
139.45.197.237200 OK 1.3 kB URL HTTP/2 dozubatan.com/400/4495524?oo=1&oaid=5b260b75c93c426ca1fa085d4a6d6aca
IP 139.45.197.237:0
Hash 422fde4b48928b40e01638847b6e588e
9fcfef30d4b59cad766d3e910cb226f8e01a5424
ece81d88793c99f7bdefec1e3b3d30df454b6d74834523442a160722101391fe
GET /400/4495524?oo=1&oaid=5b260b75c93c426ca1fa085d4a6d6aca HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: application/json
x-trace-id: 7632801d13f94b4179e4006846fb8268
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: http://1337x.theproxy.best
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=5b260b75c93c426ca1fa085d4a6d6aca; expires=Wed, 27 Sep 2023 22:28:23 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 27 Sep 2022 22:28:24 GMT
access-control-allow-origin: *
etag: "632d6d03-2b"
expires: Tue, 27 Sep 2022 23:28:24 GMT
accept-ranges: bytes
last-modified: Fri, 23 Sep 2022 11:23:31 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
glimtors.net/pfe/current/defaultSkin.min.js
139.45.197.251200 OK 20 kB URL HTTP/2 glimtors.net/pfe/current/defaultSkin.min.js
IP 139.45.197.251:0
Hash cebe9c9e8c0af766683bbc2b8a123bbb
db81ae38dff343e72bc93b8320eca89807d2b1b3
0910dada7e47902b6f99b891bcac0a7382cd4c27c20a9b6139de446a1ffa023d
Analyzer Verdict Alert fortinet Malware
GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1337x.theproxy.best/
Origin: http://1337x.theproxy.best
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-df63"
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
matomo.hellohi.me/matomo.php?action_name=Download%20The%20Walking%20Dead%20S04%20Complete%20BDRip%20x264%20ENG-ITA%20(2013)%20Torrent%20%7C%201337x&idsite=1&rec=1&r=321482&h=22&m=28&s=21&url=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&_id=01d8d0da4853d365&_idn=0&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=DSXAys&pf_net=0&pf_srv=185&pf_tfr=77&pf_dm1=1416
104.21.94.42301 Moved Permanently 169 B URL HTTP/1.1 matomo.hellohi.me/matomo.php?action_name=Download%20The%20Walking%20Dead%20S04%20Complete%20BDRip%20x264%20ENG-ITA%20(2013)%20Torrent%20%7C%201337x&idsite=1&rec=1&r=321482&h=22&m=28&s=21&url=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&_id=01d8d0da4853d365&_idn=0&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=DSXAys&pf_net=0&pf_srv=185&pf_tfr=77&pf_dm1=1416
IP 104.21.94.42:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f3099a531821c476589c3d2d00d53772
8e539d05a8355d6835a56f94b75f405c6e55f6f3
a5287e1cf9fe9dc106bd2172a5b175c7833427866b7819872b1b6fa34b66daef
POST /matomo.php?action_name=Download%20The%20Walking%20Dead%20S04%20Complete%20BDRip%20x264%20ENG-ITA%20(2013)%20Torrent%20%7C%201337x&idsite=1&rec=1&r=321482&h=22&m=28&s=21&url=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&_id=01d8d0da4853d365&_idn=0&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=DSXAys&pf_net=0&pf_srv=185&pf_tfr=77&pf_dm1=1416 HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 301 Moved Permanently
Date: Tue, 27 Sep 2022 22:28:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://matomo.hellohi.me/matomo.php?action_name=Download%20The%20Walking%20Dead%20S04%20Complete%20BDRip%20x264%20ENG-ITA%20(2013)%20Torrent%20%7C%201337x&idsite=1&rec=1&r=321482&h=22&m=28&s=21&url=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&_id=01d8d0da4853d365&_idn=0&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=DSXAys&pf_net=0&pf_srv=185&pf_tfr=77&pf_dm1=1416
Referrer-Policy: origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ynmGgmJ3sgeYxcCEKoksK%2FlvygeqWCuIJR2KSOI0NPIGby2UaqCAeyxj1pn9NGTEgWANdEOzrrFc9GBF645ER%2FrTv7Ailz4EiddL%2BN0z3LfLiSytmTfC5u1g6CXTXjvDHkbBwg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7517ac13dc0db518-OSL
alt-svc: h2=":443"; ma=60
unphionetor.com/fv.js?t=72747&cb=27446648
139.45.197.236200 OK 2.2 kB URL HTTP/2 unphionetor.com/fv.js?t=72747&cb=27446648
IP 139.45.197.236:0
File type ASCII text, with very long lines (5213), with no line terminators
Hash 0254fb1dad74628b7ad0f97d304fac92
35f7af13a08eb87023ec7df4d3c35c21b2cde79d
47fb6ce428ca80ea69b772e4f66e4e5c622a4005db601746033d04511bd27536
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=72747&cb=27446648 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:24 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 9719a45f35a3e67c46adbb8e26080f08
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
glimtors.net/custom
139.45.197.251200 OK 846 B IP 139.45.197.251:0
File type gzip compressed data, max compression\012- data
Hash 74f02c5dfc9a37974ffb82c7e527832b
2a8866b6780c0948058a0d46cac9cab251307078
ee1a68b331ab08dfd881eddd980a91fdc84d61f7758498b507080562048045ac
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1337x.theproxy.best/
Content-Type: application/json
Origin: http://1337x.theproxy.best
Content-Length: 813
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:24 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 8381c2d6c13735969af94a6221d761fd
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
reapinject.com/sbar.json?key=a286902791a7f4c98bcb1e812322cd78
192.243.59.12200 OK 3.9 kB URL HTTP/1.1 reapinject.com/sbar.json?key=a286902791a7f4c98bcb1e812322cd78
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5629), with no line terminators
Hash 833674c934a6aa39b8a783eddde2c3f1
9c16cb047f0af39ea3319c7aab63bcfad599bd89
450f19363a16d2c50d0781076d23d0605c64f914b52266bd51fff96c36a7713e
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a286902791a7f4c98bcb1e812322cd78 HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 27 Sep 2022 22:28:24 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://1337x.theproxy.best
Access-Control-Allow-Origin: http://1337x.theproxy.best
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15816950; expires=Wed, 28 Sep 2022 22:28:24 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 28 Sep 2022 22:28:24 GMT; secure; SameSite=None
uncs=1; expires=Wed, 28 Sep 2022 22:28:24 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 28 Sep 2022 22:28:24 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 28 Sep 2022 22:28:24 GMT; secure; SameSite=None
sleca286902791a7f4c98bcb1e812322cd78=[3396716]; expires=Tue, 27 Sep 2022 22:28:29 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1a1d171e4aa52fe08d4e185906b227f5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
interstitial-07.com/?l=BsffwaFC63kXM5A&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D3748117961%26z%3D3372123%26b%3D14812988%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DUiw5pPoa3X3q_0aOlYNdFxCLhcGpnr9NVLAMVpAWSZ1u6jA_J_uJyBnCSdYu1TWXYeobBaTXUb9gZwnfaB102SQ6WsXko39QobyaaHLRN_GiwCy5VsuCcGhnqj5Y3Sl1pKjV51JzjP0ZeohpX8y-ouApH-SYz9nwKweW2zQIV8Wvz51ix28_0UOs2m9KS10WKui76pF5_vekvcykthzBhU9ZnzeyKju-xjwyJd6ysJkHeq9vp_610nTKL2Bf4YRaprphGAQodJtdlvjMVB6REWYu-6rA1CNCPQLCiu82riAVOgxOjLZSOv07o9VulM6W6bxMXkdlfBBc4CqVa3Sy7J0-KBdK4Fylbw2tQPGywdb-ioN_YfGETl6oQez33VwpjWXgO93-UEV5KAwXvcJvCDaUwkh3e9yhsIC5zQWH-C0KrupHaGeYHc31VkR49i7MwPKC1xfzKZS-2QXXr0U3nS89A2z4OIqs6sKtL5qn3SCiHcdMYH_X9SBYp_pE448-JdomVsW797f4Y7V1A9GojpGPkP_m1Oz1zlLQ56Hv_pNHZA4sePe9zKW-PCovmXe1VqjiaHLQn1Z2OTE5MBvROXVTt6se80r1RmNAxogeyaS4oUpFx_ZnVQb-uQIuJFofIJD7-YfZsdin0LwL0vdKwbAeFPwwsYcZ%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3Df5a9febe-d6f0-4a99-ae71-1d207b4ad5fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252F1337x.theproxy.best%252Ftorrent%252F1116615%252FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
139.45.197.153200 OK 3.8 kB URL HTTP/2 interstitial-07.com/?l=BsffwaFC63kXM5A&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D3748117961%26z%3D3372123%26b%3D14812988%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DUiw5pPoa3X3q_0aOlYNdFxCLhcGpnr9NVLAMVpAWSZ1u6jA_J_uJyBnCSdYu1TWXYeobBaTXUb9gZwnfaB102SQ6WsXko39QobyaaHLRN_GiwCy5VsuCcGhnqj5Y3Sl1pKjV51JzjP0ZeohpX8y-ouApH-SYz9nwKweW2zQIV8Wvz51ix28_0UOs2m9KS10WKui76pF5_vekvcykthzBhU9ZnzeyKju-xjwyJd6ysJkHeq9vp_610nTKL2Bf4YRaprphGAQodJtdlvjMVB6REWYu-6rA1CNCPQLCiu82riAVOgxOjLZSOv07o9VulM6W6bxMXkdlfBBc4CqVa3Sy7J0-KBdK4Fylbw2tQPGywdb-ioN_YfGETl6oQez33VwpjWXgO93-UEV5KAwXvcJvCDaUwkh3e9yhsIC5zQWH-C0KrupHaGeYHc31VkR49i7MwPKC1xfzKZS-2QXXr0U3nS89A2z4OIqs6sKtL5qn3SCiHcdMYH_X9SBYp_pE448-JdomVsW797f4Y7V1A9GojpGPkP_m1Oz1zlLQ56Hv_pNHZA4sePe9zKW-PCovmXe1VqjiaHLQn1Z2OTE5MBvROXVTt6se80r1RmNAxogeyaS4oUpFx_ZnVQb-uQIuJFofIJD7-YfZsdin0LwL0vdKwbAeFPwwsYcZ%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3Df5a9febe-d6f0-4a99-ae71-1d207b4ad5fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252F1337x.theproxy.best%252Ftorrent%252F1116615%252FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP 139.45.197.153:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1644)
Hash b209962555349b72bcef963ce3fb2ada
2f9d1c64a21d498573120ac3719e7a58fc81de9c
0af5b073b2027272448011f8b177991073731774e1caefa0c5c7c82387d0a55f
GET /?l=BsffwaFC63kXM5A&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D3748117961%26z%3D3372123%26b%3D14812988%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DUiw5pPoa3X3q_0aOlYNdFxCLhcGpnr9NVLAMVpAWSZ1u6jA_J_uJyBnCSdYu1TWXYeobBaTXUb9gZwnfaB102SQ6WsXko39QobyaaHLRN_GiwCy5VsuCcGhnqj5Y3Sl1pKjV51JzjP0ZeohpX8y-ouApH-SYz9nwKweW2zQIV8Wvz51ix28_0UOs2m9KS10WKui76pF5_vekvcykthzBhU9ZnzeyKju-xjwyJd6ysJkHeq9vp_610nTKL2Bf4YRaprphGAQodJtdlvjMVB6REWYu-6rA1CNCPQLCiu82riAVOgxOjLZSOv07o9VulM6W6bxMXkdlfBBc4CqVa3Sy7J0-KBdK4Fylbw2tQPGywdb-ioN_YfGETl6oQez33VwpjWXgO93-UEV5KAwXvcJvCDaUwkh3e9yhsIC5zQWH-C0KrupHaGeYHc31VkR49i7MwPKC1xfzKZS-2QXXr0U3nS89A2z4OIqs6sKtL5qn3SCiHcdMYH_X9SBYp_pE448-JdomVsW797f4Y7V1A9GojpGPkP_m1Oz1zlLQ56Hv_pNHZA4sePe9zKW-PCovmXe1VqjiaHLQn1Z2OTE5MBvROXVTt6se80r1RmNAxogeyaS4oUpFx_ZnVQb-uQIuJFofIJD7-YfZsdin0LwL0vdKwbAeFPwwsYcZ%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3Df5a9febe-d6f0-4a99-ae71-1d207b4ad5fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252F1337x.theproxy.best%252Ftorrent%252F1116615%252FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:24 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.25
set-cookie: reverse=91rOgLPGAPzz-OTDpHRgbP4ENZ6XEIcWoDqLXBCMwyg; expires=Tue, 27-Sep-2022 23:28:23 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 82ea99c6d2aef60f6d0973b8f505b278
8f52225a6b20d6d998736137e29ca7f9f708645e
61312290e3105f98ca9abd38198183f5b0f21665760c41da5fdc1b95591ef7a1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5369
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 22:28:24 GMT
Last-Modified: Tue, 27 Sep 2022 20:58:55 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 27 Sep 2022 22:28:24 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: f444bc47948002e48170cfdb4e83b7c6
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
reapinject.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSwWskRRTGqzc5LHhS9qKgDJ4UZNLdM%2BmZcQ%2BLMUaC2c26q7g3ra6qmZRT3dVUdU1PcgouyN6c%2FQ863yQbVoOsIN5cZLKwh4CQ0YMBzf%2BwCDl5kJkdHPdB897r7x1%2B33v19Z47Jz4cPVu9rnekUnRpuepX3roTBFcrGzJ1%2FUq%2FGX0e1a9WTO%2FdVlT13658KFhXL4V%2B4PuBH1TWpBFt3V%2BaiJDZUSuotvxqPawGy3X0zYu9dR4s9cB75%2BQVSD5efOJdgWQjpMmjVWG7uc7e%2BSBxiubaoMcPP027qS5SJPOybTy008PZNLQ9XXsMnR5McaF7%2Fw3Gcky8p48Rp4czSMS9%2FSlnrCBSxPwlFL0RhBpB0hGYvgvJTwnAOG5sIk0e3NCmoNvPVTpRx2Tx4m%2FIYkwW%2F7qCNPl%2BRcl%2B5bZWLpc6tei3S8j%2BCLIzQuaOke9cgiyOwfKvIPmvZOliA2myv2mVhuTl1LuUI8j2CEoMQK0HN%2FmkB9f24DIPCT%2BrsCAIGj5n1G%2B2GKvxhogj7ge00Q5o4EdNODbBGyDPBmBqAGZ2kZlddOX90%2BpPMO4X2K0Slnuw%2BZh4H%2B%2Bix0sUgqCwBAUlKCRBkRMUvfKAKxva8gFX1sXBLIezXCuHOu%2Fs0QOdd0RK9rJz8vJ0Nc%2FuXKArzio0bEYtP2y0Jnx11mrGLA5EMwhrYch4owkrS0h7aep2Z3Km8hyZHBPyzR%2BI6TGsOgaTb4K610GLYSP0QbeG9aaPnfTIpbHSrCt4VXJwXSLLF5Fve3vqnLw65aj9riDYybUv4uvjZw%2F%2FATMlMlPiS%2FmEoKPuDW%2Fpguzf0oUlP2xmuUzkDp2c73ZOc7Hw7Udiu9CGr6%2FawcP32ESYlEefCJtv0JTLtGPJdyuSc2HWtGGC%2FLxuPxPxTWe3VpxJXbZx8%2F219SQzwlqp0xHoxNrTEzA5Jpd%2FPJu%2BzNf%2BfARpRjCuROJOyCwg9TFYtgubzfmtXoBR85k481C4cmjCeP5TSQIl5j2NS9j%2F9fG83rP30DFvgOZ3kSYleqZET5WgagDrFoZ5Zk6u%2FVabBmLlDWNlvP1YGXX%2F%2BXKtPKs0ajWfRq3loNGgohHXw2Y7CjilYT0Ko4jWkNsxq21f%2FhcAAP%2F%2FAQAA%2F%2F8%2B%2FM%2F7ZAQAAA%3D%3D
192.243.59.12200 OK 7 B URL HTTP/1.1 reapinject.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSwWskRRTGqzc5LHhS9qKgDJ4UZNLdM%2BmZcQ%2BLMUaC2c26q7g3ra6qmZRT3dVUdU1PcgouyN6c%2FQ863yQbVoOsIN5cZLKwh4CQ0YMBzf%2BwCDl5kJkdHPdB897r7x1%2B33v19Z47Jz4cPVu9rnekUnRpuepX3roTBFcrGzJ1%2FUq%2FGX0e1a9WTO%2FdVlT13658KFhXL4V%2B4PuBH1TWpBFt3V%2BaiJDZUSuotvxqPawGy3X0zYu9dR4s9cB75%2BQVSD5efOJdgWQjpMmjVWG7uc7e%2BSBxiubaoMcPP027qS5SJPOybTy008PZNLQ9XXsMnR5McaF7%2Fw3Gcky8p48Rp4czSMS9%2FSlnrCBSxPwlFL0RhBpB0hGYvgvJTwnAOG5sIk0e3NCmoNvPVTpRx2Tx4m%2FIYkwW%2F7qCNPl%2BRcl%2B5bZWLpc6tei3S8j%2BCLIzQuaOke9cgiyOwfKvIPmvZOliA2myv2mVhuTl1LuUI8j2CEoMQK0HN%2FmkB9f24DIPCT%2BrsCAIGj5n1G%2B2GKvxhogj7ge00Q5o4EdNODbBGyDPBmBqAGZ2kZlddOX90%2BpPMO4X2K0Slnuw%2BZh4H%2B%2Bix0sUgqCwBAUlKCRBkRMUvfKAKxva8gFX1sXBLIezXCuHOu%2Fs0QOdd0RK9rJz8vJ0Nc%2FuXKArzio0bEYtP2y0Jnx11mrGLA5EMwhrYch4owkrS0h7aep2Z3Km8hyZHBPyzR%2BI6TGsOgaTb4K610GLYSP0QbeG9aaPnfTIpbHSrCt4VXJwXSLLF5Fve3vqnLw65aj9riDYybUv4uvjZw%2F%2FATMlMlPiS%2FmEoKPuDW%2Fpguzf0oUlP2xmuUzkDp2c73ZOc7Hw7Udiu9CGr6%2FawcP32ESYlEefCJtv0JTLtGPJdyuSc2HWtGGC%2FLxuPxPxTWe3VpxJXbZx8%2F219SQzwlqp0xHoxNrTEzA5Jpd%2FPJu%2BzNf%2BfARpRjCuROJOyCwg9TFYtgubzfmtXoBR85k481C4cmjCeP5TSQIl5j2NS9j%2F9fG83rP30DFvgOZ3kSYleqZET5WgagDrFoZ5Zk6u%2FVabBmLlDWNlvP1YGXX%2F%2BXKtPKs0ajWfRq3loNGgohHXw2Y7CjilYT0Ko4jWkNsxq21f%2FhcAAP%2F%2FAQAA%2F%2F8%2B%2FM%2F7ZAQAAA%3D%3D
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSwWskRRTGqzc5LHhS9qKgDJ4UZNLdM%2BmZcQ%2BLMUaC2c26q7g3ra6qmZRT3dVUdU1PcgouyN6c%2FQ863yQbVoOsIN5cZLKwh4CQ0YMBzf%2BwCDl5kJkdHPdB897r7x1%2B33v19Z47Jz4cPVu9rnekUnRpuepX3roTBFcrGzJ1%2FUq%2FGX0e1a9WTO%2FdVlT13658KFhXL4V%2B4PuBH1TWpBFt3V%2BaiJDZUSuotvxqPawGy3X0zYu9dR4s9cB75%2BQVSD5efOJdgWQjpMmjVWG7uc7e%2BSBxiubaoMcPP027qS5SJPOybTy008PZNLQ9XXsMnR5McaF7%2Fw3Gcky8p48Rp4czSMS9%2FSlnrCBSxPwlFL0RhBpB0hGYvgvJTwnAOG5sIk0e3NCmoNvPVTpRx2Tx4m%2FIYkwW%2F7qCNPl%2BRcl%2B5bZWLpc6tei3S8j%2BCLIzQuaOke9cgiyOwfKvIPmvZOliA2myv2mVhuTl1LuUI8j2CEoMQK0HN%2FmkB9f24DIPCT%2BrsCAIGj5n1G%2B2GKvxhogj7ge00Q5o4EdNODbBGyDPBmBqAGZ2kZlddOX90%2BpPMO4X2K0Slnuw%2BZh4H%2B%2Bix0sUgqCwBAUlKCRBkRMUvfKAKxva8gFX1sXBLIezXCuHOu%2Fs0QOdd0RK9rJz8vJ0Nc%2FuXKArzio0bEYtP2y0Jnx11mrGLA5EMwhrYch4owkrS0h7aep2Z3Km8hyZHBPyzR%2BI6TGsOgaTb4K610GLYSP0QbeG9aaPnfTIpbHSrCt4VXJwXSLLF5Fve3vqnLw65aj9riDYybUv4uvjZw%2F%2FATMlMlPiS%2FmEoKPuDW%2Fpguzf0oUlP2xmuUzkDp2c73ZOc7Hw7Udiu9CGr6%2FawcP32ESYlEefCJtv0JTLtGPJdyuSc2HWtGGC%2FLxuPxPxTWe3VpxJXbZx8%2F219SQzwlqp0xHoxNrTEzA5Jpd%2FPJu%2BzNf%2BfARpRjCuROJOyCwg9TFYtgubzfmtXoBR85k481C4cmjCeP5TSQIl5j2NS9j%2F9fG83rP30DFvgOZ3kSYleqZET5WgagDrFoZ5Zk6u%2FVabBmLlDWNlvP1YGXX%2F%2BXKtPKs0ajWfRq3loNGgohHXw2Y7CjilYT0Ko4jWkNsxq21f%2FhcAAP%2F%2FAQAA%2F%2F8%2B%2FM%2F7ZAQAAA%3D%3D HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Cookie: u_pl=15816950; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca286902791a7f4c98bcb1e812322cd78=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 27 Sep 2022 22:28:24 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bb20108618283479f53e60cb210d47b7
Strict-Transport-Security: max-age=0; includeSubdomains
glimtors.net/custom
139.45.197.251200 OK 39 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1337x.theproxy.best/
Content-Type: application/json
Origin: http://1337x.theproxy.best
Content-Length: 441
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:24 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 7bbd2e841d37b7c9407e968f906ca0a9
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
rndskittytor.com/500/4837723?excludes=&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.238200 OK 0 B URL HTTP/2 rndskittytor.com/500/4837723?excludes=&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/4837723?excludes=&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://1337x.theproxy.best/
Origin: http://1337x.theproxy.best
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:24 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
offerimage.com/www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg
172.67.22.216200 OK 13 kB URL HTTP/2 offerimage.com/www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg
IP 172.67.22.216:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 375d4eace3e9692bfe2fc21648f4c59a
57ef9b8278b63d567eab92b8607b68cee29071b8
46005b3961515220591e6df79d2713774deb57a082dda8162c3d182bcad3aa1b
GET /www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 22:28:24 GMT
content-type: image/jpeg
content-length: 13449
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6231b193-3489"
expires: Wed, 28 Sep 2022 13:34:12 GMT
last-modified: Wed, 16 Mar 2022 09:44:51 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 32052
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7517ac169ccb0b3d-OSL
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a8efccf4c61af35f8011cfb61e7f66ca
90987edc2453bcd66d8c89ed47c9882a846b22d6
973f1eaa5748b6c10ab41032e3a0dfd1f370ac6c25e819e54e81b8c3c4bd78a0
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "973F1EAA5748B6C10AB41032E3A0DFD1F370AC6C25E819E54E81B8C3C4BD78A0"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2662
Expires: Tue, 27 Sep 2022 23:12:47 GMT
Date: Tue, 27 Sep 2022 22:28:25 GMT
Connection: keep-alive
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg
172.64.200.2200 OK 22 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg
IP 172.64.200.2:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x292, components 3\012- data
Hash e1f754e6014f2a7636aa19acdf37eaa7
72ded7fb65560b2702630d5208386654f294e8e9
8b9e400d61eb3c28929db8209c3136b14e2112d6eb8b4f504b74f6cca67b50fe
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 22:28:25 GMT
content-type: image/jpeg
content-length: 21845
last-modified: Wed, 03 Aug 2022 08:33:45 GMT
etag: "62ea32e9-5555"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4796636
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1TXrpm9RN53pKl6DGl1FKYD5HGqQX3xd3KMhq9fKlfVRbDnhW9RYLL9Ug9o3nboyav%2FHlsatztQQH6X1rRyUl8FJaKWCPN7AbRmP8k0NO0Ug2wTzLvEvN12GaiZ%2ByILEMAY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7517ac19bbe075cf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/index.html
104.26.7.19200 OK 1.1 kB URL HTTP/2 cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/index.html
IP 104.26.7.19:0
File type HTML document text\012- HTML document, ASCII text
Hash 22b91c6c5fe960eb70da89b2d26b8d1e
f2793b7f46b50089f5f9b477be7f67033108430c
76fd2767cce1ea2749187d5ea7947cfa51bea4b0780e886b2943cafb18c5bfd8
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 22:28:25 GMT
content-type: text/html
last-modified: Tue, 01 Feb 2022 10:33:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0sdngLWWnY%2FtBHvydTayV4vgKkHYfp0vjeO5klU06RFzP%2FrLnsckTJaJVhqo5%2FvFZ5sDN54Kbx%2BcPkqiFO4rEVcEhHcA82GmW92orTLP65KQaG5AwIQK%2Fng59kUOnsP7%2FHrrCdE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7517ac154f23b4f9-OSL
content-encoding: br
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a8efccf4c61af35f8011cfb61e7f66ca
90987edc2453bcd66d8c89ed47c9882a846b22d6
973f1eaa5748b6c10ab41032e3a0dfd1f370ac6c25e819e54e81b8c3c4bd78a0
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "973F1EAA5748B6C10AB41032E3A0DFD1F370AC6C25E819E54E81B8C3C4BD78A0"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2662
Expires: Tue, 27 Sep 2022 23:12:47 GMT
Date: Tue, 27 Sep 2022 22:28:25 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=97a88c90-7868-4e5c-a67d-0fadde2921cf&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.29&b_frame=0&pk=a286902791a7f4c98bcb1e812322cd78&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=97a88c90-7868-4e5c-a67d-0fadde2921cf&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.29&b_frame=0&pk=a286902791a7f4c98bcb1e812322cd78&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=97a88c90-7868-4e5c-a67d-0fadde2921cf&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.29&b_frame=0&pk=a286902791a7f4c98bcb1e812322cd78&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 27 Sep 2022 22:28:25 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a3f3dccf8c85aa0057a0d76afe32dcf4
Strict-Transport-Security: max-age=0; includeSubdomains
dozubatan.com/500/4495524?excludes=&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 1.2 kB URL HTTP/2 dozubatan.com/500/4495524?excludes=&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1481), with no line terminators
Hash 258cba8b394cc2b9ff42dd9b5c334ad5
04d7d8cbd527e5a3abf59d0f234c2e3a091ab072
0ea8a4647fe8b29d9dc247ecea4b85b7cc1f59d00e28fe9f182fe3983de4594e
GET /500/4495524?excludes=&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Cookie: OAID=5b260b75c93c426ca1fa085d4a6d6aca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:24 GMT
content-type: application/javascript
x-trace-id: dd42a4c8a9b93b970fb4e602bf9be84b
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: http://1337x.theproxy.best
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=5b260b75c93c426ca1fa085d4a6d6aca; expires=Wed, 27 Sep 2023 22:28:24 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
reapinject.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fcss%2Fstyle.css&l=3637&fd=323
192.243.59.12200 OK 0 B URL HTTP/1.1 reapinject.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fcss%2Fstyle.css&l=3637&fd=323
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fcss%2Fstyle.css&l=3637&fd=323 HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 27 Sep 2022 22:28:25 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.itskiddoan.club/apu.php?zoneid=3388548
139.45.197.236200 OK 23 kB URL HTTP/2 cdn.itskiddoan.club/apu.php?zoneid=3388548
IP 139.45.197.236:0
File type ASCII text, with very long lines (62295), with no line terminators
Hash 17495dec608735f214ce821c845877ef
9229dcdb4e93c44a64283399924b9ca9c436aa66
11c4fec07f9dd6e2054ae26fd5a62c70e06f53d1457398432d9588948de2adcc
GET /apu.php?zoneid=3388548 HTTP/1.1
Host: cdn.itskiddoan.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: application/javascript
x-trace-id: eb5d7c228c710aead216568dae37e08e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=bf770d5ccac44d3fad79293dde241ae5; expires=Wed, 27 Sep 2023 22:28:23 GMT; path=/; secure; SameSite=None
oaidts=1664317703; expires=Wed, 27 Sep 2023 22:28:23 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.198.35200 OK 102 kB IP 172.64.198.35:0
Size 102 kB (102400 bytes)
Hash 4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1337x.theproxy.best/
Origin: http://1337x.theproxy.best
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 27 Sep 2022 22:28:23 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=65eMJpEnCk5rQCA2edC9kWlkxZ8VlswF%2Fk0sQByjj0G133bdLT4jRuzTGqbPUF4o8idxVfSMjojTEF1aXccqiOFTUyorQDGcCu63vBCwRgq8mh16B8jkjxQm%2Bxfd347O"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7517ac10a8a174fd-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css
172.64.200.2200 OK 1.1 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css
IP 172.64.200.2:0
Hash 951e64e6f18acd36db48bc1fb84b2c14
f6546713ac75c58550b9e04fb11ef39b55a1d7a7
46b118a25e2482a8f108de0492ee7e7adfcd49fede218559cf80b02b40bf7d5f
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 22:28:25 GMT
content-type: text/css
last-modified: Mon, 31 Jan 2022 15:54:46 GMT
etag: W/"61f80646-e35"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2FtL0hooyPBwfp7gF7XOxCt6Wf6s2WCleQcgsq%2F7KVQHvQqwurjkwPnd8v4jHC6bEVv%2FsijKCfUO4BDbOwNGsphPO1Xw7mtScQ8Gliv9OMjcxa%2FqDQ4yJIcKE5KJxCQngk8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7517ac199bb475cf-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reapinject.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fcss%2Fanimate.css&l=79245&fd=329
192.243.59.12200 OK 0 B URL HTTP/1.1 reapinject.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fcss%2Fanimate.css&l=79245&fd=329
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fcss%2Fanimate.css&l=79245&fd=329 HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 27 Sep 2022 22:28:25 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
reapinject.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fjs%2Fscript.js&l=386&fd=323
192.243.59.12200 OK 0 B URL HTTP/1.1 reapinject.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fjs%2Fscript.js&l=386&fd=323
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fjs%2Fscript.js&l=386&fd=323 HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1337x.theproxy.best/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 27 Sep 2022 22:28:25 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/animate.css
172.64.200.2200 OK 21 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/animate.css
IP 172.64.200.2:0
Hash 1d44bf59d7b1db14b3667331a65396ce
caac43ef644c7b4063647192bd0368c80eb2c67d
6e77e7e133f308d36f5dc1b99216c3bcb62041658f629b71c6eb966292260951
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 22:28:25 GMT
content-type: text/css
last-modified: Tue, 17 Aug 2021 13:04:04 GMT
etag: W/"611bb3c4-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=snx06DVcL7Sz%2Br3TIVjDvVK2a7EmYbYDsRrV2XEOHfBHgbMBILnz8uGBQaBjUJ0QREbZpcxll4hUxOc%2BRlvHhgr34PrxJIYNyb9SYupBNGXVdVvRAZqkss3ivZg8%2BK6eKsU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7517ac198baf75cf-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 21 Sep 2022 20:15:52 GMT
Expires: Thu, 21 Sep 2023 20:15:52 GMT
Cache-Control: public, max-age=31536000
Age: 526353
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2
cdn.pncloudfl.com/pn/514/b34/fc1/514b34fc18d3f446e094227228e3b1595fe3abf9.jpg
104.22.59.221200 OK 22 kB URL HTTP/2 cdn.pncloudfl.com/pn/514/b34/fc1/514b34fc18d3f446e094227228e3b1595fe3abf9.jpg
IP 104.22.59.221:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash fd339d0abd644dfc62b8dcd2cd15bd2b
0af5c8cec4712fb169744df0ecc88faf9125e9df
385adfface9b1e607e43242a9d9877fbdf7c71278940709ecad3d2e53e0e931a
GET /pn/514/b34/fc1/514b34fc18d3f446e094227228e3b1595fe3abf9.jpg HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 22:28:25 GMT
content-type: image/webp
content-length: 22450
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=40774
content-disposition: inline; filename="514b34fc18d3f446e094227228e3b1595fe3abf9.webp"
etag: 19e0f2a507ac755f9419ea98d0121544
expires: Wed, 28 Sep 2022 22:52:58 GMT
last-modified: Thu, 22 Sep 2022 09:48:57 GMT
vary: Accept
x-openstack-request-id: tx7c030a591e2a48f1aae4d-00632c2fcb
x-proxy-cache: HIT
x-timestamp: 1663840136.02468
x-trans-id: tx7c030a591e2a48f1aae4d-00632c2fcb
cf-cache-status: HIT
age: 84927
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 7517ac1cde86b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reapinject.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2tc1RvGz22zKHxXX%2BlGQRlcKcjk3juT%2BWEXxRgjwbSprWJ3en7N5Djn3nM55565k6yCBenO6X9w80zSUA1SQdxZZFLoIiBkdGFA8z8UISsXMtPg6AuX933v8y4%2Bz%2FueL3f9GQnh6enKDbOttKaLS9Ww8sbdKLpWWVepH1QGrcanjfq1iu2%2F3W5Uwzcr70veM4txGIVhFEaVVWVlxwwWpyJUdtiOqu2wWo%2Br0VIdA%2Fvf3vkAjgYQ%2FTPyEpSYLDwNrkLxMdLk8Yp0vdxkb72XeE1zY9EXBx%2BnvdQUKZJ52bEBOunBxTSMO1l9ApPuz3Bh%2Bv8MMjUhwbMnYOnBBSRYf2%2FGyTRkCib%2Bh6I%2FhtRjKDoGN%2FegxAkBuMDNDaTJw5vGFnTrhUqn6oQsnP8JVUzIwh9XkSbfLms1qNwx2ufKpA6DTgk1GEN1x8j8EfLtS1DFEXj%2BBZT4mSyeryNN9jacNlCinHlXagzVGUPLIagL4KefCuA7AXwWIBGnFR5FUTMUnIatNuc10ZSsIcKINjsRjcJGC55P8YbIsyG4HoLbHWR2Bz314KT6A6z%2FCW6zhBMBXD4hwYc76IsShSQoHEFBCQpFUOQERb%2FcF9rFrnwotPMsusjxRa6VI5N3d%2Bm%2BybsyJbvZGfn%2FbDXP756jJ08rNG412mHcbE%2F56rzdYpxFshXFtTjmotmCUyWUuzRzuz09U3mGTE0I%2Beo3MHoEp4%2FA1eug%2FlXQYtSMQ9DNUb0VYjs99CnThvekqCoBYUpk%2BQLyrWBXn5GXZxy1XzUkP77%2BGbsxef7oL3BbIrMlPldPCbr6%2Fui2KcjebVM48t1GlqtEbdPp%2Be7kNJeXv%2F5AbhXGirUVN3z0Dp8K0%2FLwI%2BnydZoKlXYd%2BWZZCSHtqrFckh%2FX3CeS3fJuc9nb1Gfrt95dXUsyK51TJh2DTq09OwZXE3Ll%2B9PZy3zl98dQdgzrSyT%2BmFwElDkCz3bgsjm%2FM5dh9XyGZQEKX45szOY%2FtSLQct5TVsL9q2fzetfdR9e%2BBprfQ5qU6NsSfV2C6iGcvzzKM3t8%2FZfaLMB0MGLaBntMW%2F3gxXKdOq3UQtFksiObTNaX6h3JBVtaYiHvcFYTrRZH7ia8tnXlbwAAAP%2F%2FAQAA%2F%2F%2B%2BKBoTZAQAAA%3D%3D
192.243.59.12200 OK 7 B URL HTTP/1.1 reapinject.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2tc1RvGz22zKHxXX%2BlGQRlcKcjk3juT%2BWEXxRgjwbSprWJ3en7N5Djn3nM55565k6yCBenO6X9w80zSUA1SQdxZZFLoIiBkdGFA8z8UISsXMtPg6AuX933v8y4%2Bz%2FueL3f9GQnh6enKDbOttKaLS9Ww8sbdKLpWWVepH1QGrcanjfq1iu2%2F3W5Uwzcr70veM4txGIVhFEaVVWVlxwwWpyJUdtiOqu2wWo%2Br0VIdA%2Fvf3vkAjgYQ%2FTPyEpSYLDwNrkLxMdLk8Yp0vdxkb72XeE1zY9EXBx%2BnvdQUKZJ52bEBOunBxTSMO1l9ApPuz3Bh%2Bv8MMjUhwbMnYOnBBSRYf2%2FGyTRkCib%2Bh6I%2FhtRjKDoGN%2FegxAkBuMDNDaTJw5vGFnTrhUqn6oQsnP8JVUzIwh9XkSbfLms1qNwx2ufKpA6DTgk1GEN1x8j8EfLtS1DFEXj%2BBZT4mSyeryNN9jacNlCinHlXagzVGUPLIagL4KefCuA7AXwWIBGnFR5FUTMUnIatNuc10ZSsIcKINjsRjcJGC55P8YbIsyG4HoLbHWR2Bz314KT6A6z%2FCW6zhBMBXD4hwYc76IsShSQoHEFBCQpFUOQERb%2FcF9rFrnwotPMsusjxRa6VI5N3d%2Bm%2BybsyJbvZGfn%2FbDXP756jJ08rNG412mHcbE%2F56rzdYpxFshXFtTjmotmCUyWUuzRzuz09U3mGTE0I%2Beo3MHoEp4%2FA1eug%2FlXQYtSMQ9DNUb0VYjs99CnThvekqCoBYUpk%2BQLyrWBXn5GXZxy1XzUkP77%2BGbsxef7oL3BbIrMlPldPCbr6%2Fui2KcjebVM48t1GlqtEbdPp%2Be7kNJeXv%2F5AbhXGirUVN3z0Dp8K0%2FLwI%2BnydZoKlXYd%2BWZZCSHtqrFckh%2FX3CeS3fJuc9nb1Gfrt95dXUsyK51TJh2DTq09OwZXE3Ll%2B9PZy3zl98dQdgzrSyT%2BmFwElDkCz3bgsjm%2FM5dh9XyGZQEKX45szOY%2FtSLQct5TVsL9q2fzetfdR9e%2BBprfQ5qU6NsSfV2C6iGcvzzKM3t8%2FZfaLMB0MGLaBntMW%2F3gxXKdOq3UQtFksiObTNaX6h3JBVtaYiHvcFYTrRZH7ia8tnXlbwAAAP%2F%2FAQAA%2F%2F%2B%2BKBoTZAQAAA%3D%3D
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz2tc1RvGz22zKHxXX%2BlGQRlcKcjk3juT%2BWEXxRgjwbSprWJ3en7N5Djn3nM55565k6yCBenO6X9w80zSUA1SQdxZZFLoIiBkdGFA8z8UISsXMtPg6AuX933v8y4%2Bz%2FueL3f9GQnh6enKDbOttKaLS9Ww8sbdKLpWWVepH1QGrcanjfq1iu2%2F3W5Uwzcr70veM4txGIVhFEaVVWVlxwwWpyJUdtiOqu2wWo%2Br0VIdA%2Fvf3vkAjgYQ%2FTPyEpSYLDwNrkLxMdLk8Yp0vdxkb72XeE1zY9EXBx%2BnvdQUKZJ52bEBOunBxTSMO1l9ApPuz3Bh%2Bv8MMjUhwbMnYOnBBSRYf2%2FGyTRkCib%2Bh6I%2FhtRjKDoGN%2FegxAkBuMDNDaTJw5vGFnTrhUqn6oQsnP8JVUzIwh9XkSbfLms1qNwx2ufKpA6DTgk1GEN1x8j8EfLtS1DFEXj%2BBZT4mSyeryNN9jacNlCinHlXagzVGUPLIagL4KefCuA7AXwWIBGnFR5FUTMUnIatNuc10ZSsIcKINjsRjcJGC55P8YbIsyG4HoLbHWR2Bz314KT6A6z%2FCW6zhBMBXD4hwYc76IsShSQoHEFBCQpFUOQERb%2FcF9rFrnwotPMsusjxRa6VI5N3d%2Bm%2BybsyJbvZGfn%2FbDXP756jJ08rNG412mHcbE%2F56rzdYpxFshXFtTjmotmCUyWUuzRzuz09U3mGTE0I%2Beo3MHoEp4%2FA1eug%2FlXQYtSMQ9DNUb0VYjs99CnThvekqCoBYUpk%2BQLyrWBXn5GXZxy1XzUkP77%2BGbsxef7oL3BbIrMlPldPCbr6%2Fui2KcjebVM48t1GlqtEbdPp%2Be7kNJeXv%2F5AbhXGirUVN3z0Dp8K0%2FLwI%2BnydZoKlXYd%2BWZZCSHtqrFckh%2FX3CeS3fJuc9nb1Gfrt95dXUsyK51TJh2DTq09OwZXE3Ll%2B9PZy3zl98dQdgzrSyT%2BmFwElDkCz3bgsjm%2FM5dh9XyGZQEKX45szOY%2FtSLQct5TVsL9q2fzetfdR9e%2BBprfQ5qU6NsSfV2C6iGcvzzKM3t8%2FZfaLMB0MGLaBntMW%2F3gxXKdOq3UQtFksiObTNaX6h3JBVtaYiHvcFYTrRZH7ia8tnXlbwAAAP%2F%2FAQAA%2F%2F%2B%2BKBoTZAQAAA%3D%3D HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Cookie: u_pl=15816950; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca286902791a7f4c98bcb1e812322cd78=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 27 Sep 2022 22:28:25 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f0ba36acb5dc79a1d86c53a1087cf4ab
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2fada546bba08340485db10cd5461d81
614cb72241c85b4453c65846b0908bb7d82ba39d
953e09f374abe33b073dc05709461e3c335ff467a1344a4f82750588627acb69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "953E09F374ABE33B073DC05709461E3C335FF467A1344A4F82750588627ACB69"
Last-Modified: Tue, 27 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=677
Expires: Tue, 27 Sep 2022 22:39:42 GMT
Date: Tue, 27 Sep 2022 22:28:25 GMT
Connection: keep-alive
rndskittytor.com/401/4837723?oo=1&oaid=5b260b75c93c426ca1fa085d4a6d6aca
139.45.197.238200 OK 784 B URL HTTP/2 rndskittytor.com/401/4837723?oo=1&oaid=5b260b75c93c426ca1fa085d4a6d6aca
IP 139.45.197.238:0
File type JSON data\012- , ASCII text, with very long lines (2052), with no line terminators
Hash 08cadd27da964e0f12ffdd89a2986e20
5a3b65cc33bf71a4cc8638ed569d89a9b3221663
814e5fa2ce16c3bffcafbebcf72c0c4f9900ff1bbe208baf866b8452e2a10c43
Analyzer Verdict Alert quad9 Sinkholed
GET /401/4837723?oo=1&oaid=5b260b75c93c426ca1fa085d4a6d6aca HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: application/json
x-trace-id: e6ddd072f0bc6c06c3b47e0670d95f16
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: http://1337x.theproxy.best
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=5b260b75c93c426ca1fa085d4a6d6aca; expires=Wed, 27 Sep 2023 22:28:23 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
stunningruin.com/winnotice?sid=H4sIAAAAAAAC%2F1RTTYgcRRSu0VyCJyUehBxG8KAgs90zk95pgwRjshJcsyFR9KRUV%2FXMPrenqqnqmp7d06Ige5IRD%2F6car%2F9Q40SDx6N0hvwsCDs3FZ0L548%2BQfBo8y47uiD5v187%2FD1%2B756Z9MdswCOH115Sa9RlvG5C42g%2FuRrYXixvkjKDevDTvRG1L5YN4Nn4qgRPFV%2FIRUreq4ZhEEQBmF9gUza1cO5CQjKb8dhIw4a7WYjvNDG0HhYV4PlNcjBMXsEJMdn7tXOgUQF1b9zJbUrhc6fvtp3GS%2B0wUDuvaJWlC4V%2BrOya2roqr2TbWh7uHAXWu1MKUIPThcTGrPad3eRqL0TYkgG21NuSYZUIZEPoRxUSLMKxCsI%2FTZIHjJASFxfgurvXtem5Kv%2FoHyCjtmZ%2B3%2BCyjE789M5qP4XlzMa1m%2FpzBWklcWw60HDCtSrkLt9FGsMVO5DFG%2BB5Pds7v4iVH97yWYaJP3034kqULdClo7ALYObfMTgujW4vIa%2BPKqLMAznAyl40ImFaMn5NIlkEPL5bsjDIOrAiQm9EYp8BJGNIMw6crOOFRrBuHdBtoLjHpR75HY3joILcYhUHFz65aNJfAxOR3Uh41YzjMKEyzCO5mPORSdqBWkz6bZiGbSR0MGlJ%2F76auPn5d%2BREUPKD775jU0DVnko57eUIQ%2BTHrCT2DKyOLh0urXsYSWDLRgG0qNMGUrLUHKGkhjKgqEc%2BB2Z2ab1uzKzLglPcvMkt%2FyWLnp%2BRxe9VLHN%2FJg9PNXmD%2FE6VtKjejcQzU43breanXYcJx3Znm9FnUiKUHbSdkfC0r8XIPsAuK1hjcbs0R9%2FRT5xjXwfCd%2BHzfYh6HFwdx689ODLHmvKQ%2Bo7tnBKkeoZR6ohdB95cRbFam0zO2aPTblEH27877zCeOTG4026x9DLNrZu6pJt39SlZV8u5QX1aY1PPHSr4EX64KcvpqulNvLaFTv65DkxASbl7ZdTWyxyJUn1LPvsMkmZmgVtRMq%2BvmZfTZMbzi5fdka5fPHG8wvX%2BrlJrSWtKnA6vPoBBI3Z2fd%2BmD6O858%2FCzIVjPPou1O5QLqCyNdh89nMagaTzfokZyid3zLNZDacGCKb6Q6eeNj%2F9Mms3rTfwpJHYdnfAAAA%2F%2F8BAAD%2F%2F2eC2KJ5BAAA&ap=${AUCTION_PRICE}&l=3577992&sub3=1664317703&pid=91283&sub2=icon&auid=cd932161bad19679aac8630e2bf39d04&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
213.174.151.100307 Temporary Redirect 0 B URL HTTP/1.1 stunningruin.com/winnotice?sid=H4sIAAAAAAAC%2F1RTTYgcRRSu0VyCJyUehBxG8KAgs90zk95pgwRjshJcsyFR9KRUV%2FXMPrenqqnqmp7d06Ige5IRD%2F6car%2F9Q40SDx6N0hvwsCDs3FZ0L548%2BQfBo8y47uiD5v187%2FD1%2B756Z9MdswCOH115Sa9RlvG5C42g%2FuRrYXixvkjKDevDTvRG1L5YN4Nn4qgRPFV%2FIRUreq4ZhEEQBmF9gUza1cO5CQjKb8dhIw4a7WYjvNDG0HhYV4PlNcjBMXsEJMdn7tXOgUQF1b9zJbUrhc6fvtp3GS%2B0wUDuvaJWlC4V%2BrOya2roqr2TbWh7uHAXWu1MKUIPThcTGrPad3eRqL0TYkgG21NuSYZUIZEPoRxUSLMKxCsI%2FTZIHjJASFxfgurvXtem5Kv%2FoHyCjtmZ%2B3%2BCyjE789M5qP4XlzMa1m%2FpzBWklcWw60HDCtSrkLt9FGsMVO5DFG%2BB5Pds7v4iVH97yWYaJP3034kqULdClo7ALYObfMTgujW4vIa%2BPKqLMAznAyl40ImFaMn5NIlkEPL5bsjDIOrAiQm9EYp8BJGNIMw6crOOFRrBuHdBtoLjHpR75HY3joILcYhUHFz65aNJfAxOR3Uh41YzjMKEyzCO5mPORSdqBWkz6bZiGbSR0MGlJ%2F76auPn5d%2BREUPKD775jU0DVnko57eUIQ%2BTHrCT2DKyOLh0urXsYSWDLRgG0qNMGUrLUHKGkhjKgqEc%2BB2Z2ab1uzKzLglPcvMkt%2FyWLnp%2BRxe9VLHN%2FJg9PNXmD%2FE6VtKjejcQzU43breanXYcJx3Znm9FnUiKUHbSdkfC0r8XIPsAuK1hjcbs0R9%2FRT5xjXwfCd%2BHzfYh6HFwdx689ODLHmvKQ%2Bo7tnBKkeoZR6ohdB95cRbFam0zO2aPTblEH27877zCeOTG4026x9DLNrZu6pJt39SlZV8u5QX1aY1PPHSr4EX64KcvpqulNvLaFTv65DkxASbl7ZdTWyxyJUn1LPvsMkmZmgVtRMq%2BvmZfTZMbzi5fdka5fPHG8wvX%2BrlJrSWtKnA6vPoBBI3Z2fd%2BmD6O858%2FCzIVjPPou1O5QLqCyNdh89nMagaTzfokZyid3zLNZDacGCKb6Q6eeNj%2F9Mms3rTfwpJHYdnfAAAA%2F%2F8BAAD%2F%2F2eC2KJ5BAAA&ap=${AUCTION_PRICE}&l=3577992&sub3=1664317703&pid=91283&sub2=icon&auid=cd932161bad19679aac8630e2bf39d04&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
IP 213.174.151.100:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /winnotice?sid=H4sIAAAAAAAC%2F1RTTYgcRRSu0VyCJyUehBxG8KAgs90zk95pgwRjshJcsyFR9KRUV%2FXMPrenqqnqmp7d06Ige5IRD%2F6car%2F9Q40SDx6N0hvwsCDs3FZ0L548%2BQfBo8y47uiD5v187%2FD1%2B756Z9MdswCOH115Sa9RlvG5C42g%2FuRrYXixvkjKDevDTvRG1L5YN4Nn4qgRPFV%2FIRUreq4ZhEEQBmF9gUza1cO5CQjKb8dhIw4a7WYjvNDG0HhYV4PlNcjBMXsEJMdn7tXOgUQF1b9zJbUrhc6fvtp3GS%2B0wUDuvaJWlC4V%2BrOya2roqr2TbWh7uHAXWu1MKUIPThcTGrPad3eRqL0TYkgG21NuSYZUIZEPoRxUSLMKxCsI%2FTZIHjJASFxfgurvXtem5Kv%2FoHyCjtmZ%2B3%2BCyjE789M5qP4XlzMa1m%2FpzBWklcWw60HDCtSrkLt9FGsMVO5DFG%2BB5Pds7v4iVH97yWYaJP3034kqULdClo7ALYObfMTgujW4vIa%2BPKqLMAznAyl40ImFaMn5NIlkEPL5bsjDIOrAiQm9EYp8BJGNIMw6crOOFRrBuHdBtoLjHpR75HY3joILcYhUHFz65aNJfAxOR3Uh41YzjMKEyzCO5mPORSdqBWkz6bZiGbSR0MGlJ%2F76auPn5d%2BREUPKD775jU0DVnko57eUIQ%2BTHrCT2DKyOLh0urXsYSWDLRgG0qNMGUrLUHKGkhjKgqEc%2BB2Z2ab1uzKzLglPcvMkt%2FyWLnp%2BRxe9VLHN%2FJg9PNXmD%2FE6VtKjejcQzU43breanXYcJx3Znm9FnUiKUHbSdkfC0r8XIPsAuK1hjcbs0R9%2FRT5xjXwfCd%2BHzfYh6HFwdx689ODLHmvKQ%2Bo7tnBKkeoZR6ohdB95cRbFam0zO2aPTblEH27877zCeOTG4026x9DLNrZu6pJt39SlZV8u5QX1aY1PPHSr4EX64KcvpqulNvLaFTv65DkxASbl7ZdTWyxyJUn1LPvsMkmZmgVtRMq%2BvmZfTZMbzi5fdka5fPHG8wvX%2BrlJrSWtKnA6vPoBBI3Z2fd%2BmD6O858%2FCzIVjPPou1O5QLqCyNdh89nMagaTzfokZyid3zLNZDacGCKb6Q6eeNj%2F9Mms3rTfwpJHYdnfAAAA%2F%2F8BAAD%2F%2F2eC2KJ5BAAA&ap=${AUCTION_PRICE}&l=3577992&sub3=1664317703&pid=91283&sub2=icon&auid=cd932161bad19679aac8630e2bf39d04&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1
Host: stunningruin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.9
Date: Tue, 27 Sep 2022 22:28:25 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5f61760999ade6bd5f6740fb71203e5f
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash eed381093f60d265bf0cc2970650014c
634000599092742388caef6f1a2c6d5378e6c1bb
2501f62b10b278c0e95705040a281c9dd8df9ee336c30995c85f5329fd8be7c0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2501F62B10B278C0E95705040A281C9DD8DF9EE336C30995C85F5329FD8BE7C0"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13665
Expires: Wed, 28 Sep 2022 02:16:11 GMT
Date: Tue, 27 Sep 2022 22:28:26 GMT
Connection: keep-alive
cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
45.133.44.10200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2020:05:18 19:19:17], baseline, precision 8, 200x200, components 3\012- data
Hash 70cf8250da1a25a7b445231428af7828
a849d338423d2919949340838c768bba90b9081c
b7060bc46dc459a00d4124523a26f0cbf31fba31d41fccae9f82bedaf22c1186
GET /cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 22:28:26 GMT
content-type: image/jpeg
content-length: 33103
server: nginx/1.17.6
last-modified: Tue, 09 Jun 2020 11:44:50 GMT
etag: "5edf7632-814f"
expires: Thu, 29 Sep 2022 22:28:26 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
dozubatan.com/impression/FHJht8a-qdDtSETYErKHZgCmrDIT0y38t_erLim7iF6MquXdZ7KmQSGwpSuFYadq3csVQeptB2HGZLYrsRaJk7i-nXimjZYrkqB88tPM0y-6e_smyPb5pS-zow47PvJmY545npuv7pXz_3EzxQCX5p67jmU-XX-lPDjW2swUR2fVxpRC6PLW-8t4GfVv25uja8PZkH8Xea5MYvO68vouppfUkIdWOibsPpY0sjVAqv7gXTQdWl62WvihSIACnDbXLEH5VLEGFet5dZtJ2yv4-Fjk2vF_yLTFuZyTfxjtslqHL8La3iSneR9CKnV5ydFkR1hlCvUh9tor-WpcTuknbCeJnKBU91a-n5mODNOkeuJ8OW1eh6vnjQ55H1qQl5Hgd8Cnd0ukQpHcuYhckjuLfCiav1QJkDGP9kOd6dz599N22v0rWgn8MpzZqZvOY7sHvD01FGJd_nTPS1M36ihHjV-uDztp2ltIjY5NgtcoJHCiiPqEQSkYtHLdcYb83aikD6Y3NoibHliTQWYj-chMpxgl2xa0hwcpKs1GAiA0ytWFCrmeYjsAG7lFDWNxVLvgKNC94ezHlQx1ykoLz5O50pp_wadhaVskmO0N9wCGqL0=?_z=4495524&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 dozubatan.com/impression/FHJht8a-qdDtSETYErKHZgCmrDIT0y38t_erLim7iF6MquXdZ7KmQSGwpSuFYadq3csVQeptB2HGZLYrsRaJk7i-nXimjZYrkqB88tPM0y-6e_smyPb5pS-zow47PvJmY545npuv7pXz_3EzxQCX5p67jmU-XX-lPDjW2swUR2fVxpRC6PLW-8t4GfVv25uja8PZkH8Xea5MYvO68vouppfUkIdWOibsPpY0sjVAqv7gXTQdWl62WvihSIACnDbXLEH5VLEGFet5dZtJ2yv4-Fjk2vF_yLTFuZyTfxjtslqHL8La3iSneR9CKnV5ydFkR1hlCvUh9tor-WpcTuknbCeJnKBU91a-n5mODNOkeuJ8OW1eh6vnjQ55H1qQl5Hgd8Cnd0ukQpHcuYhckjuLfCiav1QJkDGP9kOd6dz599N22v0rWgn8MpzZqZvOY7sHvD01FGJd_nTPS1M36ihHjV-uDztp2ltIjY5NgtcoJHCiiPqEQSkYtHLdcYb83aikD6Y3NoibHliTQWYj-chMpxgl2xa0hwcpKs1GAiA0ytWFCrmeYjsAG7lFDWNxVLvgKNC94ezHlQx1ykoLz5O50pp_wadhaVskmO0N9wCGqL0=?_z=4495524&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /impression/FHJht8a-qdDtSETYErKHZgCmrDIT0y38t_erLim7iF6MquXdZ7KmQSGwpSuFYadq3csVQeptB2HGZLYrsRaJk7i-nXimjZYrkqB88tPM0y-6e_smyPb5pS-zow47PvJmY545npuv7pXz_3EzxQCX5p67jmU-XX-lPDjW2swUR2fVxpRC6PLW-8t4GfVv25uja8PZkH8Xea5MYvO68vouppfUkIdWOibsPpY0sjVAqv7gXTQdWl62WvihSIACnDbXLEH5VLEGFet5dZtJ2yv4-Fjk2vF_yLTFuZyTfxjtslqHL8La3iSneR9CKnV5ydFkR1hlCvUh9tor-WpcTuknbCeJnKBU91a-n5mODNOkeuJ8OW1eh6vnjQ55H1qQl5Hgd8Cnd0ukQpHcuYhckjuLfCiav1QJkDGP9kOd6dz599N22v0rWgn8MpzZqZvOY7sHvD01FGJd_nTPS1M36ihHjV-uDztp2ltIjY5NgtcoJHCiiPqEQSkYtHLdcYb83aikD6Y3NoibHliTQWYj-chMpxgl2xa0hwcpKs1GAiA0ytWFCrmeYjsAG7lFDWNxVLvgKNC94ezHlQx1ykoLz5O50pp_wadhaVskmO0N9wCGqL0=?_z=4495524&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Cookie: OAID=5b260b75c93c426ca1fa085d4a6d6aca
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:28 GMT
content-type: image/gif
content-length: 43
x-trace-id: 791df129c8c74cae3029a924698a9fce
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
dozubatan.com/500/4495524?excludes=10242833&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4495524?excludes=10242833&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/4495524?excludes=10242833&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://1337x.theproxy.best/
Origin: http://1337x.theproxy.best
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:28 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.198.35200 OK 0 B IP 172.64.198.35:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1337x.theproxy.best/
Origin: http://1337x.theproxy.best
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
last-modified: Tue, 27 Sep 2022 22:28:23 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0jW2vcwwNC4fui%2BZRRiaOaerTtxhngZEZOdVIEilBWMzcMJwlW4X4tDMmZQWO8swXod8JH%2FYUPy3B%2BeRXmntig%2BoPZ5GO%2FBBI6WrQo4lVwQ02%2Ffb7RCxDwR7F%2B0V9V8H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7517ac10c8c074fd-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rndskittytor.com/500/4837723?excludes=&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.238200 OK 0 B URL HTTP/2 rndskittytor.com/500/4837723?excludes=&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.238:0
Analyzer Verdict Alert quad9 Sinkholed
GET /500/4837723?excludes=&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Cookie: OAID=5b260b75c93c426ca1fa085d4a6d6aca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:24 GMT
content-type: application/javascript
x-trace-id: cd448575a0ae1f1104c740816dbe4a12
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: http://1337x.theproxy.best
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=5b260b75c93c426ca1fa085d4a6d6aca; expires=Wed, 27 Sep 2023 22:28:24 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.198.35200 OK 0 B IP 172.64.198.35:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1337x.theproxy.best/
Origin: http://1337x.theproxy.best
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: text/plain
set-cookie: csu=1224783561307767@1@1664317703; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iGhkgOj9Leb1EWN9G8YKIuX0G3ANP4h5SJOshVzdOz9go5K6c4WDG63DPqNjbu2qVr5L1eGXqZff1gFP0Pb%2BXt9nm5VuMeH%2F2X2rmKRkpemF%2Br2q78WZsrVeJAeVqopo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7517ac10a89e74fd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
metrica-yandex.com/metrika/tag.js?1001
172.67.193.32200 OK 0 B URL HTTP/2 metrica-yandex.com/metrika/tag.js?1001
IP 172.67.193.32:0
GET /metrika/tag.js?1001 HTTP/1.1
Host: metrica-yandex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 22:28:21 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 30 Sep 2021 23:00:22 GMT
etag: W/"61564186-eb6f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 31273676
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qDSnIrDVVzwTlNmOT4Lj62JgaAzhL9hh%2BH%2FqmLEL7zVpJ5PEcUtCPwk9TUgqT5Eu8Yv9hzzhsk6%2B6ltC3Ug7lljeRKeCqu6aXG%2FpcEcEFWw6zJxZRrGjAI9GYG6TjBSrO6%2BaqgM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7517ac005b221c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap
IP 142.250.74.10:0
GET /css2?family=Roboto:wght@400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 27 Sep 2022 22:28:21 GMT
date: Tue, 27 Sep 2022 22:28:21 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dozubatan.com/500/4495524?excludes=10242833&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4495524?excludes=10242833&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
GET /500/4495524?excludes=10242833&oaid=5b260b75c93c426ca1fa085d4a6d6aca&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=8&pl=http%3A%2F%2F1337x.theproxy.best%2Ftorrent%2F1116615%2FThe-Walking-Dead-S04-Complete-BDRip-x264-ENG-ITA-2013%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Cookie: OAID=5b260b75c93c426ca1fa085d4a6d6aca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:28 GMT
content-type: application/javascript
x-trace-id: 362ab57d42b4af2aa58ae9fb7ba1f02d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: http://1337x.theproxy.best
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=5b260b75c93c426ca1fa085d4a6d6aca; expires=Wed, 27 Sep 2023 22:28:28 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/400/4495524?oo=1&oaid=5b260b75c93c426ca1fa085d4a6d6aca
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/400/4495524?oo=1&oaid=5b260b75c93c426ca1fa085d4a6d6aca
IP 139.45.197.237:0
GET /400/4495524?oo=1&oaid=5b260b75c93c426ca1fa085d4a6d6aca HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: application/json
x-trace-id: 7210ca9da664a941fba72598fc61a924
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: http://1337x.theproxy.best
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=5b260b75c93c426ca1fa085d4a6d6aca; expires=Wed, 27 Sep 2023 22:28:23 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
benumelan.com/1?z=3372123
139.45.197.239200 OK 0 B URL HTTP/2 benumelan.com/1?z=3372123
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=3372123 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:21 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 6cc8dc2961d5e5c1d81a513487276a90
access-control-expose-headers: X-Sc
x-sc: DX7J8ABbl-XACH8fM9tmWuzac_kYfygNm5sNclKty9OFTZEVhCZz2FRDNX9pUL7y6VYSbIjiohuPzeahBNliKoCR84c=
set-cookie: scm=1; expires=Wed, 27 Sep 2023 22:28:21 GMT; secure; SameSite=None
OAID=1fad92768ac24dcd8ad4cf8d74383c69; expires=Wed, 27 Sep 2023 22:28:21 GMT; secure; SameSite=None
oaidts=1664317701; expires=Wed, 27 Sep 2023 22:28:21 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.200.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: MI+5ET0pwCzP8uiKmFRLZXWKDAxB9/6qcP6iKePG7QCZKzuCfgcZsjWg4Wca/zGna0Lq9DWdV87MWfs90kgBzQ==
date: Tue, 27 Sep 2022 22:28:23 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
glimtors.net/pfe/current/universal.min.js?v=3.1.396
139.45.197.251200 OK 0 B URL HTTP/2 glimtors.net/pfe/current/universal.min.js?v=3.1.396
IP 139.45.197.251:0
GET /pfe/current/universal.min.js?v=3.1.396 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1337x.theproxy.best/
Origin: http://1337x.theproxy.best
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:21 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-1fafa"
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
matomo.hellohi.me/matomo.js
104.21.94.42200 OK 0 B URL HTTP/2 matomo.hellohi.me/matomo.js
IP 104.21.94.42:0
GET /matomo.js HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1337x.theproxy.best/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 19 Aug 2022 17:37:06 GMT
etag: W/"62ffca42-fbde"
expires: Tue, 27 Sep 2022 23:05:00 GMT
cache-control: public, max-age=14400
pragma: public
cf-cache-status: HIT
age: 1403
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tRN%2BBdo33QmUkWBdfZhCEbXc79McDUismkkw5F%2FZ%2BqN5ssnxjjQ29shnAARtBHfMJ26CrZ9pJO%2FAGNro0kS31doj%2FYxwqPm%2B78wwHHxkMwtkLFk6G4Ppz%2BzfWJ7A7UQnTsmOUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7517ac0d7b27b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dozubatan.com/400/4495524?oo=1&oaid=5b260b75c93c426ca1fa085d4a6d6aca
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/400/4495524?oo=1&oaid=5b260b75c93c426ca1fa085d4a6d6aca
IP 139.45.197.237:0
GET /400/4495524?oo=1&oaid=5b260b75c93c426ca1fa085d4a6d6aca HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1337x.theproxy.best
Connection: keep-alive
Referer: http://1337x.theproxy.best/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: application/json
x-trace-id: 748c423408bde730d7eb6c068e37eb4c
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: http://1337x.theproxy.best
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=5b260b75c93c426ca1fa085d4a6d6aca; expires=Wed, 27 Sep 2023 22:28:23 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.198.35200 OK 0 B IP 172.64.198.35:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1337x.theproxy.best/
Origin: http://1337x.theproxy.best
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 27 Sep 2022 22:28:23 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://1337x.theproxy.best
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
last-modified: Tue, 27 Sep 2022 22:28:23 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aH0yal9klpmG9U13sQwVKzEN0zZaNQNARRZZ%2FSl%2F%2Bwt1fjf%2FDPNiCUFaEBc%2B2SWLdgWwqP2nW1d8ZjJ7vg4FroREoEORsi%2BHVEll1q4QN7AVaL3EuM6epn9%2FSNHEVKM%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7517ac10d8cc74fd-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2