Overview

URL www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip
IP95.211.200.52
ASNLeaseWeb Netherlands B.V.
Location Netherlands
Report completed2022-09-28 18:33:06 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-28 2 henoticpipi.com/g9RbYoQO26rZA3R/55129 Malware
2022-09-28 2 forgivenessimpact.com/b6/6f/f7/b66ff7c1636b152673f970d2464db83f.js Malware
2022-09-28 2 henoticpipi.com/g9RbYoQO26rZA3R/55129 Malware
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-28 2 henoticpipi.com Sinkholed
2022-09-28 2 henoticpipi.com Sinkholed
2022-09-28 2 kazanwhoeveryowl.com Sinkholed
2022-09-28 2 banquetunarmedgrater.com Sinkholed
2022-09-28 2 unseenreport.com Sinkholed


Files

No files detected



Passive DNS (28)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 54.230.245.100
mnemonic passive DNS ssl.google-analytics.com (1) 275 2012-10-03 00:55:57 UTC 2022-09-28 04:49:49 UTC 216.58.211.8
mnemonic passive DNS www.filefactory.com (18) 509465 2012-05-21 18:23:06 UTC 2022-09-27 20:15:53 UTC 95.211.200.52
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-09-28 12:06:36 UTC 143.204.55.27
mnemonic passive DNS ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2022-09-28 16:15:39 UTC 93.184.220.29
mnemonic passive DNS fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-09-28 11:46:46 UTC 142.250.74.10
mnemonic passive DNS forgivenessimpact.com (1) 0 2021-09-29 23:03:04 UTC 2022-09-27 20:15:54 UTC 192.243.59.20 Unknown ranking
mnemonic passive DNS banquetunarmedgrater.com (1) 0 2022-08-04 15:12:50 UTC 2022-09-28 15:09:52 UTC 192.243.59.13 Unknown ranking
mnemonic passive DNS simplewebanalysis.com (1) 0 2022-02-25 04:06:25 UTC 2022-09-28 11:07:45 UTC 52.29.95.124 Unknown ranking
mnemonic passive DNS www.facebook.com (2) 99 2017-01-30 05:00:00 UTC 2022-09-28 04:43:36 UTC 31.13.72.36
mnemonic passive DNS filefactory.com (1) 160487 2012-06-25 13:00:13 UTC 2022-09-28 05:42:20 UTC 95.211.200.52
mnemonic passive DNS ajax.googleapis.com (2) 12905 2013-08-16 09:51:31 UTC 2022-09-28 16:18:43 UTC 142.250.74.138
mnemonic passive DNS unseenreport.com (1) 0 2022-03-30 14:33:17 UTC 2022-09-28 15:12:49 UTC 192.243.59.20 Unknown ranking
mnemonic passive DNS addresseepaper.com (1) 18169 2021-11-01 21:11:31 UTC 2022-09-28 15:43:42 UTC 172.64.100.4
mnemonic passive DNS r3.o.lencr.org (11) 344 2020-12-02 08:52:13 UTC 2022-09-28 04:36:09 UTC 23.36.76.226
mnemonic passive DNS ocsp2.globalsign.com (1) 1544 2012-05-21 07:12:19 UTC 2022-09-28 04:46:12 UTC 104.18.20.226
mnemonic passive DNS henoticpipi.com (2) 0 2022-08-16 11:00:44 UTC 2022-09-28 14:16:58 UTC 142.91.159.192 Unknown ranking
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-28 05:02:28 UTC 52.39.126.109
mnemonic passive DNS e1.o.lencr.org (2) 6159 2021-08-20 07:36:30 UTC 2022-09-28 05:22:53 UTC 23.36.76.226
mnemonic passive DNS engagecdn.filefactory.com (3) 0 2017-06-24 01:49:29 UTC 2022-09-27 20:15:55 UTC 89.149.201.75 Domain (filefactory.com) ranked at: 160487
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-28 04:36:06 UTC 34.117.237.239
mnemonic passive DNS ocsp.pki.goog (9) 175 2017-06-14 07:23:31 UTC 2022-09-28 04:36:20 UTC 142.250.74.3
mnemonic passive DNS connect.facebook.net (1) 139 2012-05-22 02:51:28 UTC 2022-09-28 04:37:32 UTC 31.13.72.12
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-28 08:06:38 UTC 34.120.237.76
mnemonic passive DNS engagesrvr.filefactory.com (1) 0 2017-06-24 01:49:29 UTC 2022-09-27 20:15:55 UTC 212.32.237.11 Domain (filefactory.com) ranked at: 160487
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-28 05:13:47 UTC 143.204.55.25
mnemonic passive DNS usingswhoring.com (1) 0 2022-08-10 23:59:06 UTC 2022-09-27 20:15:54 UTC 23.109.87.209 Unknown ranking
mnemonic passive DNS kazanwhoeveryowl.com (1) 0 2022-09-19 02:25:31 UTC 2022-09-28 15:43:42 UTC 173.233.137.60 Unknown ranking


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 95.211.200.52

Date UQ / IDS / BL URL IP
2022-12-04 12:44:06 +0000
0 - 0 - 4 www.filefactory.com/file/389fo57vizne/House.P (...) 95.211.200.52
2022-12-03 14:57:54 +0000
0 - 0 - 5 www.filefactory.com/file/2n2imsreqiti/The.Ore (...) 95.211.200.52
2022-12-02 22:56:59 +0000
0 - 0 - 5 filefactory.com/file/5nm1pw646224/Poland.zip 95.211.200.52
2022-12-02 22:56:49 +0000
0 - 0 - 5 www.filefactory.com/file/5nm1pw646224/Poland.zip 95.211.200.52
2022-12-02 17:12:28 +0000
0 - 0 - 5 www.filefactory.com/file/2pwgybl0nsmi/JoJos.B (...) 95.211.200.52

Last 5 reports on ASN: LeaseWeb Netherlands B.V.

Date UQ / IDS / BL URL IP
2022-12-04 15:05:01 +0000
0 - 0 - 1 ovfjo.wy5532.com/ 37.48.65.148
2022-12-04 15:04:19 +0000
0 - 0 - 1 jwyygfs.cn.wy5532.com/ 37.48.65.148
2022-12-04 14:59:40 +0000
0 - 0 - 1 hfgfgf.31ce9.uc.wy5532.com/ 37.48.65.148
2022-12-04 14:59:10 +0000
0 - 0 - 1 track.nomadsvertise.com/5f92b4b9c860ee0001fa99e9 85.17.54.17
2022-12-04 14:54:58 +0000
0 - 0 - 1 2tty.760c1.ow.wy5532.com/ 37.48.65.148

Last 5 reports on domain: filefactory.com

Date UQ / IDS / BL URL IP
2022-12-04 12:44:06 +0000
0 - 0 - 4 www.filefactory.com/file/389fo57vizne/House.P (...) 95.211.200.52
2022-12-03 14:57:54 +0000
0 - 0 - 5 www.filefactory.com/file/2n2imsreqiti/The.Ore (...) 95.211.200.52
2022-12-02 22:56:59 +0000
0 - 0 - 5 filefactory.com/file/5nm1pw646224/Poland.zip 95.211.200.52
2022-12-02 22:56:49 +0000
0 - 0 - 5 www.filefactory.com/file/5nm1pw646224/Poland.zip 95.211.200.52
2022-12-02 17:40:35 +0000
0 - 0 - 4 s202.filefactory.com/get/p/6v2avd3ubsj8/33931 (...) 95.211.200.202

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-26 08:48:44 +0000
0 - 0 - 6 www.filefactory.com/file/1st50idhpsjy/Aurelia (...) 95.211.200.52
2022-10-22 04:00:10 +0000
0 - 0 - 5 www.filefactory.com/file/1o8yzloj9por/Treasur (...) 95.211.200.52
2022-10-19 13:20:25 +0000
0 - 0 - 3 filefactory.com/file/2hbq1gkbbnj9/Qualcomm-US (...) 95.211.200.52
2022-10-19 13:20:20 +0000
0 - 0 - 1 filefactory.com/file/1l71wj0ezt3t/QPST.2.7.425.zip 95.211.200.52
2022-10-17 11:59:28 +0000
0 - 0 - 3 www.filefactory.com/file/1c2lxj4rmexd/h7y634- (...) 95.211.200.52


JavaScript

Executed Scripts (24)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (77)


Request Response
                                        
                                            GET /file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         95.211.200.52
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:13 GMT
Content-Length: 178
Connection: keep-alive
Location: https://filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   178
Md5:    cd2e0e43980a00fb6a2742d3afd803b8
Sha1:   81ffbd1712afe8cdf138b570c0fc9934742c33c1
Sha256: bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 18:15:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Qo08A8AkowoT1HAAR1IPOZozhD3vWm3QRSc7P04DUKrTK3mdflPvzg==
Age: 1036


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9FE6BEB1CB3851018168765A243B6DE69EC71D30770F8C2DCC57CAE7D9978CC1"
Last-Modified: Wed, 28 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6205
Expires: Wed, 28 Sep 2022 20:16:20 GMT
Date: Wed, 28 Sep 2022 18:32:55 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.25
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 28 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: K2icuOtDM19NI8OOO8TResJcQ0QscWAmbPlmqWK-fefyzrpjsByfSg==
age: 47069
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            POST /gsalphasha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 18:32:55 GMT
Content-Length: 1423
Connection: keep-alive
Expires: Sun, 02 Oct 2022 17:23:45 GMT
ETag: "c3fc024e65d5d11d438acacc90064450d264fccf"
Last-Modified: Wed, 28 Sep 2022 17:23:46 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1267
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 751e90828be7fab8-OSL


--- Additional Info ---
Magic:  data
Size:   1423
Md5:    79783d3b18178f6f08b5cb294f14a207
Sha1:   c3fc024e65d5d11d438acacc90064450d264fccf
Sha256: 422bf04f773f3cf527af91d778fde2f5ff3be4acfa56ee98ce2fd4c42cf148f4
                                        
                                            GET /file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip HTTP/1.1 
Host: filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         95.211.200.52
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:13 GMT
Content-Length: 178
Connection: keep-alive
Location: https://www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   178
Md5:    cd2e0e43980a00fb6a2742d3afd803b8
Sha1:   81ffbd1712afe8cdf138b570c0fc9934742c33c1
Sha256: bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 28 Sep 2022 18:32:55 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         95.211.200.52
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:13 GMT
Content-Length: 4860
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=blrsttq7un7anofsrod0hj6n71; path=/ locale=en_US.utf8; expires=Thu, 29-Sep-2022 18:32:55 GMT; path=/; domain=.filefactory.com LBPERSIST=persist_w2; path=/
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  data
Size:   4860
Md5:    09a1a1c839d65d522c13f914b92b0b70
Sha1:   16effd14225954ed630cfa3983e84baf18bc06eb
Sha256: c1efc2c21b771e65e901070b3ca652827416d0da2099826d5aeb133550ac3500
                                        
                                            GET /css/vendor/bootstrap.min.css?v=004000000024 HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip
Cookie: PHPSESSID=blrsttq7un7anofsrod0hj6n71; locale=en_US.utf8; LBPERSIST=persist_w2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         95.211.200.52
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:13 GMT
Content-Length: 18734
Connection: keep-alive
Last-Modified: Tue, 10 Nov 2015 22:36:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=2592000
Expires: Fri, 28 Oct 2022 18:32:55 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (65371)
Size:   18734
Md5:    d9c4e81d89198caf489562c850e6c515
Sha1:   e3da6be0dca0ea45d190dd5fe3ac3f7fda0219fb
Sha256: 8243a13ef5d4e10a2ff5b6f171137f74c77b1ccff30b1e7157779242196e04cd
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 18:32:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /js/vendor/bootstrap-dialog.js?v=004000000024 HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip
Cookie: PHPSESSID=blrsttq7un7anofsrod0hj6n71; locale=en_US.utf8; LBPERSIST=persist_w2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         95.211.200.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:13 GMT
Content-Length: 4188
Connection: keep-alive
Last-Modified: Tue, 10 Nov 2015 22:36:41 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=2592000
Expires: Fri, 28 Oct 2022 18:32:55 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (16771), with no line terminators
Size:   4188
Md5:    2e9e8a0844e9bb269412720e30ec518c
Sha1:   4e1ef0cfa65000b885a1d9512e030edb354eff44
Sha256: a94d3e76ce47a9501f02dbe231a9f7c4b1a8a9dae4a74497dd551a4aa349a58a
                                        
                                            GET /css/filefactory.wp.css?v=004000000024 HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip
Cookie: PHPSESSID=blrsttq7un7anofsrod0hj6n71; locale=en_US.utf8; LBPERSIST=persist_w2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         95.211.200.52
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:13 GMT
Content-Length: 2030
Connection: keep-alive
Last-Modified: Tue, 14 Aug 2018 04:54:41 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=2592000
Expires: Fri, 28 Oct 2022 18:32:55 GMT


--- Additional Info ---
Magic:  ASCII text
Size:   2030
Md5:    8abbab6476fafabcaf7f435f4c498f21
Sha1:   86fce7af2f73e7dc00689c46ed7a7aa6ca777ff8
Sha256: 953878b3e7c4fe71dea5a70200582d38ef6a178f7f83095b677aa3f50dd37d38
                                        
                                            GET /css/filefactory.wp.download.css?v=004000000024 HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip
Cookie: PHPSESSID=blrsttq7un7anofsrod0hj6n71; locale=en_US.utf8; LBPERSIST=persist_w2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         95.211.200.52
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:13 GMT
Content-Length: 651
Connection: keep-alive
Last-Modified: Sat, 17 Jun 2017 04:44:44 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=2592000
Expires: Fri, 28 Oct 2022 18:32:55 GMT


--- Additional Info ---
Magic:  assembler source, ASCII text
Size:   651
Md5:    67670bc7620a54bc2d4e7dec96399e77
Sha1:   3c84a45236e315a038a1598cc0a229c42d799c86
Sha256: 404089245c8aaa3a29cf57f852d664bbdb49f8aafd57708f3da51c18a35b5a43
                                        
                                            GET /css/vendor/bootstrap-dialog.css?v=004000000024 HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip
Cookie: PHPSESSID=blrsttq7un7anofsrod0hj6n71; locale=en_US.utf8; LBPERSIST=persist_w2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         95.211.200.52
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:13 GMT
Content-Length: 516
Connection: keep-alive
Last-Modified: Tue, 10 Nov 2015 22:36:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=2592000
Expires: Fri, 28 Oct 2022 18:32:55 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (2012), with no line terminators
Size:   516
Md5:    0369f3f2323383c427de48d1826d3f36
Sha1:   c4badfee0621c82fc0a10920d3228cea11111378
Sha256: 47910de5c7f0bb200606b508202690a36dc0055805dffe7b6972fc037430a3c4
                                        
                                            GET /js/filefactory.common.js?v=004000000024 HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip
Cookie: PHPSESSID=blrsttq7un7anofsrod0hj6n71; locale=en_US.utf8; LBPERSIST=persist_w2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         95.211.200.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:13 GMT
Content-Length: 1700
Connection: keep-alive
Last-Modified: Tue, 07 May 2019 08:33:04 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=2592000
Expires: Fri, 28 Oct 2022 18:32:55 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (2383), with CRLF line terminators
Size:   1700
Md5:    2c07a42028cdc50efce1586cc7175ba8
Sha1:   dc1a5da5eb06d466cc8860cd593bc7a0cf2b99ac
Sha256: 31f1cf190e5db84a4eebafd0bcbb48f80c2d3f0c9346f6e00406937fc5b8ba7e
                                        
                                            GET /js/vendor/bootstrap.min.js?v=004000000024 HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip
Cookie: PHPSESSID=blrsttq7un7anofsrod0hj6n71; locale=en_US.utf8; LBPERSIST=persist_w2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         95.211.200.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:13 GMT
Content-Length: 9691
Connection: keep-alive
Last-Modified: Tue, 10 Nov 2015 22:36:42 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=2592000
Expires: Fri, 28 Oct 2022 18:32:55 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (36622), with no line terminators
Size:   9691
Md5:    19ffde9db3c06677e3c134246a77dc4a
Sha1:   4787610b6ee20909c031e97e5045c18496c8e4b7
Sha256: 12fae54989d035cf72a58295e88ede408b1470096bfa620fd31523e3c742bf45
                                        
                                            GET /js/vendor/jquery.selectBoxIt.js?v=004000000024 HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip
Cookie: PHPSESSID=blrsttq7un7anofsrod0hj6n71; locale=en_US.utf8; LBPERSIST=persist_w2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         95.211.200.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:13 GMT
Content-Length: 7079
Connection: keep-alive
Last-Modified: Tue, 10 Nov 2015 22:36:55 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=2592000
Expires: Fri, 28 Oct 2022 18:32:55 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (25709), with no line terminators
Size:   7079
Md5:    3418e0d552b349825bcbba8c5446d4c5
Sha1:   ac15f8e5059dd7f535538dbafb51d3dbb1aad877
Sha256: 6ee9075e709af09965a6b769d7fc6ca5825039dacad075112033b0235171f043
                                        
                                            GET /js/vendor/countdown.js?v=004000000024 HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip
Cookie: PHPSESSID=blrsttq7un7anofsrod0hj6n71; locale=en_US.utf8; LBPERSIST=persist_w2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         95.211.200.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:13 GMT
Content-Length: 837
Connection: keep-alive
Last-Modified: Tue, 10 Nov 2015 22:36:45 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=2592000
Expires: Fri, 28 Oct 2022 18:32:55 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (3495), with no line terminators
Size:   837
Md5:    427a0fc92994a6b92d0f4b65d1bee5aa
Sha1:   4f59883fd8e3e861872e76095beaa05e59b9037a
Sha256: 39fda67bbaba8165bcb44293edde7410ff29e149866141fc25e9774d7bfd7327
                                        
                                            GET /js/vendor/jquery.zclip.js?v=004000000024 HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip
Cookie: PHPSESSID=blrsttq7un7anofsrod0hj6n71; locale=en_US.utf8; LBPERSIST=persist_w2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         95.211.200.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:13 GMT
Content-Length: 2603
Connection: keep-alive
Last-Modified: Tue, 10 Nov 2015 22:37:00 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=2592000
Expires: Fri, 28 Oct 2022 18:32:55 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (7482), with no line terminators
Size:   2603
Md5:    15514f102ce938370faf62a5935f98a4
Sha1:   9ab90f99b5113a7eacc89cf495e6d00bf7a97abf
Sha256: c8e2aebf568b1b0d4d96818f40020d0681a0ab5a7ff9ba2f61f546593559c9f1
                                        
                                            GET /js/filefactory.download.js?v=004000000024 HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip
Cookie: PHPSESSID=blrsttq7un7anofsrod0hj6n71; locale=en_US.utf8; LBPERSIST=persist_w2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         95.211.200.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:13 GMT
Content-Length: 3941
Connection: keep-alive
Last-Modified: Tue, 10 Nov 2015 22:36:35 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=2592000
Expires: Fri, 28 Oct 2022 18:32:55 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (12559), with no line terminators
Size:   3941
Md5:    0e8beb3e9e301026a8696b9b8ac607d5
Sha1:   b0e8de3dc6fd295f87bbb4495639811a5ac02eae
Sha256: d25eddf5332fcc8d069e66ec73a005e34d8d59d0d98d09780758af14fb310eff
                                        
                                            GET /js/vendor/countdown_plugins.js?v=004000000024 HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip
Cookie: PHPSESSID=blrsttq7un7anofsrod0hj6n71; locale=en_US.utf8; LBPERSIST=persist_w2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         95.211.200.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:13 GMT
Content-Length: 14997
Connection: keep-alive
Last-Modified: Tue, 10 Nov 2015 22:36:46 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=2592000
Expires: Fri, 28 Oct 2022 18:32:55 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (45450), with no line terminators
Size:   14997
Md5:    f34475e9958e420955c700820b870ded
Sha1:   ef50b2ea27da3fe99502e01c5320a8a0b80de17f
Sha256: 1205aa096ef6cdffe92d6705b7c0e1b1a963b1d3c5a86816c0a5362b6ab3d5b2
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 18:32:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 18:32:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AE49EE1181B95CA0034A4D04631278CDB795EBAF02B010BFF3B9B94848E095DA"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6469
Expires: Wed, 28 Sep 2022 20:20:44 GMT
Date: Wed, 28 Sep 2022 18:32:55 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "64FBA050B9C8F4D58535A9ADA2D3A44C5FF2F771B7AF9D87C850A6F58ED596E8"
Last-Modified: Tue, 27 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13039
Expires: Wed, 28 Sep 2022 22:10:14 GMT
Date: Wed, 28 Sep 2022 18:32:55 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 18:32:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 28 Sep 2022 18:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 28 Sep 2022 19:25:37 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jhbHVuU-adyshfgYum-cZ4AoiwK7Fe5aBqX1WogWa1CkFo3mtNeISw==
Age: 202


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /ajax/libs/jquery/1.11.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.138
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33434
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 25 Sep 2022 02:47:31 GMT
expires: Mon, 25 Sep 2023 02:47:31 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 315924
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32086)
Size:   33434
Md5:    430e927c980ad4079de727fa59dd93f2
Sha1:   891aaada9a55a91292999f6d50fd300439905982
Sha256: e8728df8617340bd8c10bc8d27d3a725a48871a269c850e8598689938ec6e2ed
                                        
                                            GET /r3ZwU3RRZQUni7/55128 HTTP/1.1 
Host: usingswhoring.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.109.87.209
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:32:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.filefactory.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Thu, 29-Sep-2022 18:32:55 GMT; Max-Age=86400; path=/; secure; SameSite=None GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Thu, 29-Sep-2022 18:32:55 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   25
Md5:    d488addc5df5fc9b9ff4135bb4e3a823
Sha1:   6ce56f48e851df4d562b43d3bc1269a504ae83fc
Sha256: d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
                                        
                                            GET /g9RbYoQO26rZA3R/55129 HTTP/1.1 
Host: henoticpipi.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.91.159.192
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:32:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.filefactory.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Thu, 29-Sep-2022 18:32:55 GMT; Max-Age=86400; path=/; secure; SameSite=None GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Thu, 29-Sep-2022 18:32:55 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   26
Md5:    4e5d65669f8dcd928dad06adf883f025
Sha1:   d771713d758c3348dd7e5b38bb40c7935399ae46
Sha256: 0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /ajax/libs/jqueryui/1.11.1/jquery-ui.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.138
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 63865
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 01:05:30 GMT
expires: Sun, 24 Sep 2023 01:05:30 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 408446
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32119)
Size:   63865
Md5:    5fff368bebfbbc83919d7ddd9afac949
Sha1:   8b89f7c5ab4700ef0289ff30142082bd108e0354
Sha256: a8969e8853f473ca839e9728872e08c1f0ac0851fe1431d29fa5ed7382910990
                                        
                                            GET /wp/img/filefactory-logo-white.svg HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip
Cookie: PHPSESSID=blrsttq7un7anofsrod0hj6n71; locale=en_US.utf8; LBPERSIST=persist_w2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         95.211.200.52
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:14 GMT
Content-Length: 6174
Connection: keep-alive
Last-Modified: Thu, 15 Jun 2017 23:34:39 GMT
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   6174
Md5:    249acd65dbe7bf8bdf2477d1a7a1bdee
Sha1:   f322b0d7e66ee18be95a820e463e957cc50e1238
Sha256: 8cd74251eda091402e01f67f217f5a466d87d0111cc9b5724a831cf21a938cd8
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6144
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 18:32:56 GMT
Last-Modified: Wed, 28 Sep 2022 16:50:32 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /wp/img/icon-check.svg HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip
Cookie: PHPSESSID=blrsttq7un7anofsrod0hj6n71; locale=en_US.utf8; LBPERSIST=persist_w2
Sec-Fetch-Dest: embed
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

                                         
                                         95.211.200.52
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:14 GMT
Content-Length: 22124
Connection: keep-alive
Last-Modified: Thu, 15 Jun 2017 23:34:39 GMT
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , Unicode text, UTF-8 text, with very long lines (19596)
Size:   22124
Md5:    579390788f26cffc187c3b213e7d6de8
Sha1:   e59bf4557c47f482b1b354957151e6497b0d7ded
Sha256: ba629a33ef0767607e2539945008431805ea1d2d2ebc4ffd877ab3c3b23991a7
                                        
                                            GET /wp/img/icon-cloud.svg HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip
Cookie: PHPSESSID=blrsttq7un7anofsrod0hj6n71; locale=en_US.utf8; LBPERSIST=persist_w2
Sec-Fetch-Dest: embed
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

                                         
                                         95.211.200.52
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:14 GMT
Content-Length: 17092
Connection: keep-alive
Last-Modified: Thu, 15 Jun 2017 23:34:39 GMT
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , Unicode text, UTF-8 text, with very long lines (14564)
Size:   17092
Md5:    1036571f93a23865267246ebf737a0c2
Sha1:   5a08d068303aecabf2fdc2d203101f8063a3cc42
Sha256: e751c9f7db67a14fa7e5c3a51a8c62a4e3a151a06cc2f0bcec8e11ca6c2c57fe
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 18:32:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 18:32:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css?family=Open+Sans:400,600,700,800 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 28 Sep 2022 18:32:55 GMT
date: Wed, 28 Sep 2022 18:32:55 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   45583
Md5:    36f776b9f5c840b44d4f8599fd4728f7
Sha1:   d04ce968a235ce2c7e91ee7f24aead74b32d3bc1
Sha256: 51a117830edd06e050c9f18dbce93e72bb9449c7e60683423698e190fd7fd910
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 18:32:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E2A181788A308AB15A16FAB51675749D547AA264B7E8A1BD191AD2CD18EA6E21"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4076
Expires: Wed, 28 Sep 2022 19:40:52 GMT
Date: Wed, 28 Sep 2022 18:32:56 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: W2+/EFxIrVH9RDRunutZ3g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.39.126.109
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 72VQVaBacCnXQXM5ziAI1jx3UdE=

                                        
                                            GET /b6/6f/f7/b66ff7c1636b152673f970d2464db83f.js HTTP/1.1 
Host: forgivenessimpact.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.9
Date: Wed, 28 Sep 2022 18:32:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1fde2402d2736de27613384a312b3300
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (59388), with no line terminators
Size:   20322
Md5:    91baf79344366af49ab011f22e6dd665
Sha1:   4e2a883f2088aa4a23dcf8fdd38cf8baebe5b828
Sha256: 76d9a4e26f3fa5d1335cf2d94a78e89cd95678e67cb53996a3c49663f5318409

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /g9RbYoQO26rZA3R/55129 HTTP/1.1 
Host: henoticpipi.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.91.159.192
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:32:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.filefactory.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   26
Md5:    4e5d65669f8dcd928dad06adf883f025
Sha1:   d771713d758c3348dd7e5b38bb40c7935399ae46
Sha256: 0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "6389A79FA621D32138DAB9C0FAB190C515288EF534B023CC909A156979FCEF39"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6579
Expires: Wed, 28 Sep 2022 20:22:35 GMT
Date: Wed, 28 Sep 2022 18:32:56 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.100
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 18:32:56 GMT
Last-Modified: Wed, 28 Sep 2022 17:05:58 GMT
Server: ECS (nyb/1D0C)
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 57jSR0gEElv5CKPVE8nzaGBBgNqFZVzjv2nx82e0Jqi1ZaHJglJOMg==
Age: 5218

                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.filefactory.com
Connection: keep-alive
Referer: https://www.filefactory.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         52.29.95.124
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Wed, 28 Sep 2022 18:32:56 GMT
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.filefactory.com
access-control-allow-credentials: true
set-cookie: uid_id2=aa719d6b-8f3a-490d-b10f-0e513da107b1:1:1; expires=Sat, 25 Sep 2032 18:32:56 GMT; secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    13c4af5c24753ecf3c42a920b79b3593
Sha1:   b44f4034863dd692adf9046d70bb23dbe1022c2f
Sha256: fc3abedf366cb2ed1b201eb04df99db04c073cc361235125cf6d9db81034e4c3
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "6389A79FA621D32138DAB9C0FAB190C515288EF534B023CC909A156979FCEF39"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6579
Expires: Wed, 28 Sep 2022 20:22:35 GMT
Date: Wed, 28 Sep 2022 18:32:56 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F6BAAF565CB836BD8637803211BD53841CF340A91EBD749AA5065595692039EF"
Last-Modified: Mon, 26 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10020
Expires: Wed, 28 Sep 2022 21:19:57 GMT
Date: Wed, 28 Sep 2022 18:32:57 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4786
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 18:32:57 GMT
Last-Modified: Wed, 28 Sep 2022 17:13:11 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 18:32:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /en_US/fbevents.js HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.12
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: +HFJS+cGaLlsT2J13dyLRzN/20H64U7nDz4Y7LGMgEr5qec5P2xUjUIw2aVPoCLpnBjweHXhp/4NQdaec530sA==
content-length: 26840
x-fb-trip-id: 1904183273
date: Wed, 28 Sep 2022 18:32:57 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (64348)
Size:   26840
Md5:    e1327a02d76346c7e23d114e4e508b30
Sha1:   195b8ad875ab8f7a7adf735f1f70aa02b3a2e1a3
Sha256: 331e67b451c6559915b12ab2df810ccdba73b3971c5301b2010b54dd6d391de2
                                        
                                            GET /ga.js HTTP/1.1 
Host: ssl.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.211.8
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 17168
date: Wed, 28 Sep 2022 18:29:20 GMT
expires: Wed, 28 Sep 2022 20:29:20 GMT
cache-control: public, max-age=7200
age: 217
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1305)
Size:   17168
Md5:    01d5892e6e243b52998310c2925b9f3a
Sha1:   58180151b6a6ee4af73583a214b68efb9e8844d4
Sha256: 7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4786
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 18:32:57 GMT
Last-Modified: Wed, 28 Sep 2022 17:13:11 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 18:32:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /pixel/purst?dl=0&th=0&sc=0&rs=1586&rd=1586&fd=903&bv=22.8.v.1&tmpl=70 HTTP/1.1 
Host: kazanwhoeveryowl.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         173.233.137.60
HTTP/1.1 200 OK
                                        
Server: nginx/1.19.5
Date: Wed, 28 Sep 2022 18:32:57 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/file/7gxxexpradoc/MetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip
Cookie: PHPSESSID=blrsttq7un7anofsrod0hj6n71; locale=en_US.utf8; LBPERSIST=persist_w2; dom3ic8zudi28v8lr6fgphwffqoz0j6c=aa719d6b-8f3a-490d-b10f-0e513da107b1%3A1%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         95.211.200.52
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx
Date: Wed, 28 Sep 2022 18:05:15 GMT
Content-Length: 99678
Connection: keep-alive
Last-Modified: Thu, 22 Oct 2015 02:35:05 GMT
Accept-Ranges: bytes


--- Additional Info ---
Magic:  MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size:   99678
Md5:    90e3dcc0cc6a5c4809b7dfd50e966015
Sha1:   17e2063b061ea56bc5bd7b65901765289b5b6824
Sha256: 3eacac1f0142be27236ddad54cf1450ffe8aa60175af254938e7f7c5f99532a9
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "912E644F506D721B61CF3C6B5F7C30297A93144B6216AFBC1A82EF3B86AFBC80"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4785
Expires: Wed, 28 Sep 2022 19:52:42 GMT
Date: Wed, 28 Sep 2022 18:32:57 GMT
Connection: keep-alive

                                        
                                            GET /t246f07e0/img/e3t46_c48dh5_281c55c4.jpg HTTP/1.1 
Host: engagecdn.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Cookie: locale=en_US.utf8; __utma=140252452.672698616.1664389975.1664389975.1664389975.1; __utmb=140252452.1.10.1664389975; __utmc=140252452; __utmz=140252452.1664389975.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

                                         
                                         89.149.201.75
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Wed, 28 Sep 2022 18:32:57 GMT
content-length: 14043
last-modified: Mon, 12 Apr 2021 00:50:42 GMT
expires: Thu, 28 Sep 2023 18:32:57 GMT
cache-control: max-age=31536000, public, no-transform
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1200, components 3\012- data
Size:   14043
Md5:    a5334cac2d8801281abfc1334f1f8e91
Sha1:   30c642fd9ec419a048727344e168b136ed557082
Sha256: 65a4214abfedbf1e3c3475b6692fef15dc47bdfa4c34f17ec1d6d042632d4bb5
                                        
                                            GET /t246f07e0/img/e3t46_huvsmw798b7sbtfd5wyk_bac6f6c2f517602ab8355add92356f9b.png HTTP/1.1 
Host: engagecdn.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Cookie: locale=en_US.utf8; __utma=140252452.672698616.1664389975.1664389975.1664389975.1; __utmb=140252452.1.10.1664389975; __utmc=140252452; __utmz=140252452.1664389975.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

                                         
                                         89.149.201.75
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 28 Sep 2022 18:32:57 GMT
content-length: 122137
last-modified: Thu, 01 Apr 2021 11:24:21 GMT
expires: Thu, 28 Sep 2023 18:32:57 GMT
cache-control: max-age=31536000, public, no-transform
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 580 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size:   122137
Md5:    bac6f6c2f517602ab8355add92356f9b
Sha1:   c8f5543e6256eea65c9711aeaeee099eca442718
Sha256: 88da400955be51edec77a77a57967be6716a7c223b7dda2064c9f7fa96f068b4
                                        
                                            GET /t246f07e0/img/e3t46_7nddx8_c5571da8.png HTTP/1.1 
Host: engagecdn.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Cookie: locale=en_US.utf8; __utma=140252452.672698616.1664389975.1664389975.1664389975.1; __utmb=140252452.1.10.1664389975; __utmc=140252452; __utmz=140252452.1664389975.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

                                         
                                         89.149.201.75
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 28 Sep 2022 18:32:57 GMT
content-length: 13449
last-modified: Thu, 01 Apr 2021 11:42:54 GMT
expires: Thu, 28 Sep 2023 18:32:57 GMT
cache-control: max-age=31536000, public, no-transform
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 800 x 800, 8-bit colormap, non-interlaced\012- data
Size:   13449
Md5:    c425762e171a0f79cf8024458a6f5175
Sha1:   248bbe79e349d660ba25a89dcc2ae1adef79e1f8
Sha256: 373ed1d7d4abc498eb0e695c9e01b934ffd1f3e24d754188d539e3cb6ea39ca6
                                        
                                            GET /advertisers.js HTTP/1.1 
Host: banquetunarmedgrater.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.13
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.6
Date: Wed, 28 Sep 2022 18:32:57 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b2a16624614c0748d5e0d1a8ee624901
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4550
Expires: Wed, 28 Sep 2022 19:48:47 GMT
Date: Wed, 28 Sep 2022 18:32:57 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4550
Expires: Wed, 28 Sep 2022 19:48:47 GMT
Date: Wed, 28 Sep 2022 18:32:57 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4550
Expires: Wed, 28 Sep 2022 19:48:47 GMT
Date: Wed, 28 Sep 2022 18:32:57 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4550
Expires: Wed, 28 Sep 2022 19:48:47 GMT
Date: Wed, 28 Sep 2022 18:32:57 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8500
x-amzn-requestid: 626c21ec-f29b-4b69-b275-c22c864c2409
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3VmENnIAMFeTQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c23-75eccc381fbd6e5d4ff59c06;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Eyy8qoYVCJbt6b6hTGJ-rOrYex9RuX1InyZbpHkeu9yQqPUEvowKcw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:58 GMT
etag: "9c4692ea64832895fbd107d91f879728b6a440c7"
age: 74639
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8500
Md5:    6139c878a7d2bd32c61fc8287996eb5b
Sha1:   9c4692ea64832895fbd107d91f879728b6a440c7
Sha256: 3839df92f0a10c1433d5b576df50c9f7953912ae4f425012262f08ee8a59ce2e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13299
x-amzn-requestid: 926df8b6-beec-470d-b0b3-33be326cd379
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF8YIAMF3Nw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-343e91e735af43d01fc83ddd;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: fcxclGRP3zfWwb6opjYU2bL9VAq_mCSNjFtfp9iMLq6tbZu57EDqpQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:50:04 GMT
etag: "651600f2ef18cecc2e38370069bbb5e1d86f68e0"
age: 74573
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13299
Md5:    ad84ed0c5b2090df7996007514cf1984
Sha1:   651600f2ef18cecc2e38370069bbb5e1d86f68e0
Sha256: a3d0729e1d43afeadd2dd8273c858b8839d9e476f773c8ec9d96b5969a9e0b4a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13213
x-amzn-requestid: 09f8fee2-6830-4bec-af40-f2fb6547bc63
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFkreH5poAMFdxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b16-0afbf5e01a013e6f0db53da1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:35:18 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CwkfEPDseHez7mArqwz8tmC3WHFwXAZF1OSColucaQ5vG2hvBIDWOg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:39:01 GMT
age: 75236
etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13213
Md5:    62e68c3cd08dd94d910507512a67e85f
Sha1:   3d4fa8701f17e8818c25584ef5f04bfbee8440cd
Sha256: 058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7455
x-amzn-requestid: e99c9f33-b72a-4070-80cf-06fb4a87d1df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZG4S6EcAoAMFX1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6332a0df-04122b4a345dbc3f3918af98;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 07:06:07 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yprErfM7s7P7jJPJT-HQZ2Z_AAN4946Tjwyn1g4r7yiA6IF0yLdQTQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 05:22:11 GMT
age: 47446
etag: "b383135e2ebc23fe80eb0d594b198cb8c89327a5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7455
Md5:    ea3890e460356d6ecc3ba4e405ac2e9e
Sha1:   b383135e2ebc23fe80eb0d594b198cb8c89327a5
Sha256: 8fcff053ce6e5750136bf876bad5b2916935f13ea039912d977928b086f0a48b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12016
x-amzn-requestid: ec1b3715-5d0f-4045-aa5b-b70a55c81d72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3EtyIAMFdZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-201dd1ef1426a09965c68dab;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pR4b1-lZZRMnWf-PdXFGXaHBCGAfOyp3AjeuCvtu5imWmf9N9l2wKQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:38 GMT
age: 74659
etag: "a54803cca7d3c509c195f65961e1110c8ec56f55"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12016
Md5:    4b794c6812cb546de0295e087ebe66a7
Sha1:   a54803cca7d3c509c195f65961e1110c8ec56f55
Sha256: 6a207f75eb3951f3dea5252bc8d185cd604d3d657f15b838774e8087e91f37f5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 14464
x-amzn-requestid: 5cbbafdb-3f69-4ee2-9e46-c1ff0ed4ef14
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPFiooAMFulA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-633a649700e040b91deadb64;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: cNryG5vkxZuFATZfcNW9Z1-0teUBWLRyWslX1onwYlDCQBUjU2xVdA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:03 GMT
age: 74814
etag: "bc214d60be395d4cf753216ff8f9691c33d25e75"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   14464
Md5:    aa5cad224dbddd71881bd07255beb4da
Sha1:   bc214d60be395d4cf753216ff8f9691c33d25e75
Sha256: 82935e52aa59929a448d17a5a2d58fda86bb5c25bf6628a05bd904f82517dada
                                        
                                            GET /tr/?id=559928301484091&ev=ff_member&dl=https%3A%2F%2Fwww.filefactory.com%2Ffile%2F7gxxexpradoc%2FMetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip&rl=&if=false&ts=1664389975136&cd[type]=free&cd[subends]=0&cd[subduration]=0&cd[files]=0&cd[filesdownloaded]=0&sw=1280&sh=1024&ud[country]=9390298f3fb0c5b160498935d79cb139aef28e1c47358b4bbba61862b9c26e59&ud[client_ip_address]=da9add592d7eb9cca7705cb4870d7fd4e9718ccd51486c4261a727a8d566960d&v=2.9.84&r=stable&ec=1&o=30&fbp=fb.1.1664389975132.50766651&it=1664389974669&coo=false&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.36
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Wed, 28 Sep 2022 18:32:57 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr/?id=559928301484091&ev=PageView&dl=https%3A%2F%2Fwww.filefactory.com%2Ffile%2F7gxxexpradoc%2FMetArt_2022-07-08_BEHIND-ME-MARY-ROCK-by-ERRO_8688e_high.zip&rl=&if=false&ts=1664389975133&sw=1280&sh=1024&ud[country]=9390298f3fb0c5b160498935d79cb139aef28e1c47358b4bbba61862b9c26e59&ud[client_ip_address]=da9add592d7eb9cca7705cb4870d7fd4e9718ccd51486c4261a727a8d566960d&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1664389975132.50766651&it=1664389974669&coo=false&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.36
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Wed, 28 Sep 2022 18:32:57 GMT
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "182334D41B2E7516C55DDC2B220CFF094121C12A120613B99642989C9627A2E7"
Last-Modified: Wed, 28 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4006
Expires: Wed, 28 Sep 2022 19:39:44 GMT
Date: Wed, 28 Sep 2022 18:32:58 GMT
Connection: keep-alive

                                        
                                            GET /pxf.gif?uuid=aa719d6b-8f3a-490d-b10f-0e513da107b1&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=b66ff7c1636b152673f970d2464db83f&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=18 HTTP/1.1 
Host: unseenreport.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.9
Date: Wed, 28 Sep 2022 18:32:58 GMT
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 015056980bcc8c1af46b006c85c70a49
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    93b885adfe0da089cdf634904fd59f71
Sha1:   5ba93c9db0cff93f52b521d7420e43f6eda2784f
Sha256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /sfp.js HTTP/1.1 
Host: addresseepaper.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.filefactory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.64.100.4
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Wed, 28 Sep 2022 18:32:56 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 7d79a1fbb167deb0b321d490defb2547
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 28 Sep 2022 18:32:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qv5P0JCafZypqI9o%2FxMe8mqFU8uMTT6Wj5hu%2F0IsorLxE9heSXX1ndSjjQQ0h%2BrKV9knHzLaNaVJrxfx4WoJxiuAGFP0fkwBIose84TSjsu8ME2FvhW%2BPK1pL%2FNkE7NVLV4l%2B88%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751e908a4b3c407e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /?938685878&keywords=guest HTTP/1.1 
Host: engagesrvr.filefactory.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.filefactory.com
Connection: keep-alive
Referer: https://www.filefactory.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

                                         
                                         212.32.237.11
HTTP/2 200 OK
content-type: application/json
                                        
date: Wed, 28 Sep 2022 18:32:57 GMT
cache-control: no-store, no-cache, no-transform, must-revalidate, proxy-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-store, no-cache
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://www.filefactory.com
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, Content-Type, CSRFToken, Authorization
link: <//engagecdn.filefactory.com>; rel=dns-prefetch
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---