Overview

URL yts.yts2.net/
IP104.21.3.99
ASNCLOUDFLARENET
Location
Report completed2022-09-24 11:37:09 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-24 2 glimtors.net/ntfc.php?p=2651991 Malware
2022-09-24 2 yts.yts2.net/ Phishing
2022-09-24 2 yts.yts2.net/app/apx19.js Phishing
2022-09-24 2 yts.yts2.net/app/apx14.js Phishing
2022-09-24 2 yts.yts2.net/hy.js?q22q2q2 Phishing
2022-09-24 2 yts.yts2.net/zpp/zpp4.js?q22q2q2 Phishing
2022-09-24 2 yts.yts2.net/app/x12.js Phishing
2022-09-24 2 inpagepush.com/400/3064505 Malware
2022-09-24 2 yts.yts2.net/assets/minified/2bacb5de663bc55f0cbed2b4a7d1504dc.css?2 Phishing
2022-09-24 2 yts.yts2.net/assets/fonts/P5sMzZCDf9_T_10ZxCE.woff2 Phishing
2022-09-24 2 yts.yts2.net/assets/fonts/glyphicons-halflings-regular.woff Phishing
2022-09-24 2 yts.yts2.net/assets/minified/modded1.js?yify=4 Phishing
2022-09-24 2 yts.yts2.net/assets/fonts/P5sCzZCDf9_T_10c9CNkiA.woff2 Phishing
2022-09-24 2 yts.yts2.net/assets/images/website/icon-search.svg Phishing
2022-09-24 2 glimtors.net/ntfc.php?p=2651991 Malware
2022-09-24 2 yts.yts2.net/helper-js/ Phishing
2022-09-24 2 yts.yts2.net/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1 (...) Phishing
2022-09-24 2 glimtors.net/custom Malware
2022-09-24 2 glimtors.net/custom Malware
2022-09-24 2 yts.yts2.net/cdn-cgi/challenge-platform/h/b/cv/result/74ba9c653e53d69a Phishing
2022-09-24 2 glimtors.net/custom Malware
2022-09-24 2 yts.yts2.net/cdn-cgi/rum? Phishing
2022-09-24 2 glimtors.net/custom Malware
2022-09-24 2 yts.yts2.net/assets/images/website/logo-YTS.svg Phishing
2022-09-24 2 glimtors.net/pfe/current/defaultSkin.min.js Malware
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-24 2 glimtors.net Sinkholed
2022-09-24 2 glimtors.net Sinkholed
2022-09-24 2 borrowdefeat.com Sinkholed
2022-09-24 2 glimtors.net Sinkholed
2022-09-24 2 glimtors.net Sinkholed
2022-09-24 2 glimtors.net Sinkholed
2022-09-24 2 rndskittytor.com Sinkholed
2022-09-24 2 glimtors.net Sinkholed
2022-09-24 2 glimtors.net Sinkholed
2022-09-24 2 fleraprt.com Sinkholed
2022-09-24 2 glimtors.net Sinkholed
2022-09-24 2 rndskittytor.com Sinkholed
2022-09-24 2 glimtors.net Sinkholed
2022-09-24 2 quarrelaimless.com Sinkholed
2022-09-24 2 unseenreport.com Sinkholed
2022-09-24 2 quarrelaimless.com Sinkholed
2022-09-24 2 unphionetor.com Sinkholed
2022-09-24 2 unphionetor.com Sinkholed
2022-09-24 2 quarrelaimless.com Sinkholed
2022-09-24 2 quarrelaimless.com Sinkholed
2022-09-24 2 quarrelaimless.com Sinkholed
2022-09-24 2 quarrelaimless.com Sinkholed
2022-09-24 2 rndskittytor.com Sinkholed
2022-09-24 2 rndskittytor.com Sinkholed
2022-09-24 2 glimtors.net Sinkholed
2022-09-24 2 glimtors.net Sinkholed


Files

No files detected



Passive DNS (52)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS e1.o.lencr.org (6) 6159 2021-08-20 07:36:30 UTC 2022-09-24 06:20:21 UTC 23.36.76.226
mnemonic passive DNS borrowdefeat.com (1) 0 2022-09-12 08:11:50 UTC 2022-09-23 22:32:28 UTC 192.243.59.20 Unknown ranking
mnemonic passive DNS ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 108.138.212.162
mnemonic passive DNS s7.addthis.com (5) 1504 2012-05-21 03:34:04 UTC 2022-09-24 07:11:24 UTC 23.38.200.123
mnemonic passive DNS mc.yandex.ru (4) 2672 2017-01-29 05:34:36 UTC 2022-09-24 04:23:23 UTC 77.88.21.119
mnemonic passive DNS cdn.yourwebbars.com (1) 62037 2021-01-29 17:47:27 UTC 2022-09-24 04:59:56 UTC 172.67.74.218
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-24 04:26:56 UTC 108.156.28.95
mnemonic passive DNS youradexchange.com (2) 273384 2013-02-04 16:25:46 UTC 2022-09-24 11:04:52 UTC 35.190.41.116
mnemonic passive DNS cdnquality.com (2) 0 2017-11-13 07:28:25 UTC 2022-09-23 20:40:01 UTC 104.17.72.30 Unknown ranking
mnemonic passive DNS quarrelaimless.com (6) 0 2022-09-13 02:03:41 UTC 2022-09-24 08:20:02 UTC 192.243.59.20 Unknown ranking
mnemonic passive DNS glimtors.net (11) 168336 2021-04-05 07:54:50 UTC 2022-09-24 00:52:36 UTC 139.45.197.251
mnemonic passive DNS r3.o.lencr.org (14) 344 2020-12-02 08:52:13 UTC 2022-09-24 04:21:50 UTC 23.36.76.226
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-24 04:22:23 UTC 34.117.237.239
mnemonic passive DNS fonts.gstatic.com (3) 0 2014-08-29 13:43:22 UTC 2022-09-24 04:21:47 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS sak.userreport.com (1) 21444 2018-09-14 04:10:21 UTC 2022-09-24 06:11:17 UTC 108.138.233.48
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-24 05:36:42 UTC 54.186.209.73
mnemonic passive DNS rndskittytor.com (4) 31865 2021-08-10 13:00:55 UTC 2022-09-24 10:06:56 UTC 139.45.197.238
mnemonic passive DNS overzubatan.com (1) 0 2022-09-20 16:36:17 UTC 2022-09-24 08:50:19 UTC 139.45.197.239 Unknown ranking
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-24 05:30:17 UTC 18.164.68.15
mnemonic passive DNS fleraprt.com (1) 0 2022-01-14 22:55:14 UTC 2022-09-24 04:01:06 UTC 139.45.195.254 Unknown ranking
mnemonic passive DNS offerimage.com (1) 304078 2019-06-10 11:11:53 UTC 2022-09-24 09:09:45 UTC 104.22.32.172
mnemonic passive DNS cdn.sb4you1.com (8) 22321 2021-09-16 11:26:58 UTC 2022-09-24 04:00:55 UTC 172.64.201.2
mnemonic passive DNS cdn.itskiddoan.club (1) 24539 2021-09-23 10:55:49 UTC 2022-09-24 09:09:43 UTC 139.45.197.236
mnemonic passive DNS static.cloudflareinsights.com (1) 1294 2019-09-24 14:34:56 UTC 2022-09-24 07:11:24 UTC 172.64.156.26
mnemonic passive DNS ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2022-09-24 04:22:42 UTC 104.18.21.226
mnemonic passive DNS ecma.sidebyz.com (1) 775739 2021-06-12 20:50:40 UTC 2022-09-23 22:32:14 UTC 172.67.167.53
mnemonic passive DNS simplewebanalysis.com (2) 0 2022-02-25 04:06:25 UTC 2022-09-24 08:13:20 UTC 52.29.95.124 Unknown ranking
mnemonic passive DNS v1.addthisedge.com (1) 1721 2019-05-22 18:56:22 UTC 2022-09-24 07:11:24 UTC 23.38.200.123
mnemonic passive DNS interstitial-07.com (1) 36198 2017-03-09 00:00:07 UTC 2022-09-23 23:11:35 UTC 139.45.197.155
mnemonic passive DNS www.reddit.com (4) 2161 2012-05-22 18:03:18 UTC 2022-09-24 04:13:58 UTC 151.101.85.140
mnemonic passive DNS img-yts.yts2.net (1) 0 No data No data 104.21.3.99 Unknown ranking
mnemonic passive DNS ocsp.pki.goog (4) 175 2017-06-14 07:23:31 UTC 2022-09-24 04:23:20 UTC 142.250.74.3
mnemonic passive DNS fonts.googleapis.com (2) 8877 2013-06-10 20:14:26 UTC 2022-09-24 07:25:21 UTC 142.250.74.10
mnemonic passive DNS metrica-yandex.com (1) 783336 2021-09-19 04:17:37 UTC 2022-09-23 22:32:28 UTC 104.21.11.244
mnemonic passive DNS ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2022-09-24 10:17:28 UTC 93.184.220.29
mnemonic passive DNS dozubatan.com (8) 33479 2021-05-18 14:02:27 UTC 2022-09-24 08:02:14 UTC 139.45.197.237
mnemonic passive DNS creepingbrings.com (1) 0 2022-05-27 14:56:26 UTC 2022-09-24 08:19:42 UTC 172.64.163.10 Unknown ranking
mnemonic passive DNS z.moatads.com (1) 374 2014-02-11 16:19:47 UTC 2022-09-24 04:28:23 UTC 23.38.201.146
mnemonic passive DNS unphionetor.com (2) 54035 2022-02-11 12:53:49 UTC 2022-09-24 08:38:46 UTC 139.45.197.236
mnemonic passive DNS yts.yts2.net (37) 0 2022-07-03 10:28:58 UTC 2022-09-08 11:39:38 UTC 104.21.3.99 Unknown ranking
mnemonic passive DNS inpagepush.com (2) 78279 2019-12-03 20:32:41 UTC 2022-09-24 00:50:49 UTC 139.45.197.237
mnemonic passive DNS matomo.hellohi.me (4) 545402 2019-07-03 20:13:04 UTC 2022-09-23 22:32:14 UTC 172.67.219.82
mnemonic passive DNS my.rtmark.net (5) 9054 2017-08-22 14:11:49 UTC 2022-09-24 08:04:49 UTC 139.45.195.8
mnemonic passive DNS m.addthis.com (1) 1448 2013-11-06 20:12:22 UTC 2022-09-24 04:28:23 UTC 23.38.200.123
mnemonic passive DNS unseenreport.com (1) 0 2022-03-30 14:33:17 UTC 2022-09-24 08:13:24 UTC 192.243.59.13 Unknown ranking
mnemonic passive DNS c.palama2.com (1) 0 2022-09-23 22:32:14 UTC 2022-09-23 22:32:14 UTC 172.67.150.228 Unknown ranking
mnemonic passive DNS i.imgur.com (1) 5110 2012-05-21 08:09:36 UTC 2022-09-24 06:46:28 UTC 151.101.84.193
mnemonic passive DNS visitanalytics.userreport.com (1) 15395 2014-05-07 18:38:48 UTC 2022-09-24 04:15:42 UTC 108.138.217.52
mnemonic passive DNS ocsp.sectigo.com (2) 487 2018-12-17 11:31:55 UTC 2022-09-24 08:08:14 UTC 172.64.155.188
mnemonic passive DNS img-getpocket.cdn.mozilla.net (5) 1631 2017-09-01 03:40:57 UTC 2022-09-24 04:22:29 UTC 34.120.237.76
mnemonic passive DNS tzegilo.com (1) 0 2022-01-14 15:27:15 UTC 2022-09-24 04:01:06 UTC 172.67.194.45 Unknown ranking
mnemonic passive DNS benumelan.com (11) 0 2022-09-20 16:35:46 UTC 2022-09-24 08:46:03 UTC 139.45.197.239 Unknown ranking


Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 104.21.3.99

Date UQ / IDS / BL URL IP
2022-09-24 11:37:09 +0000
0 - 0 - 51 yts.yts2.net/ 104.21.3.99

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-12-09 19:51:18 +0000
2 - 0 - 0 iossecure.com/en/imitatenobr/en/?brand=Deskto (...) 104.21.23.80
2022-12-09 19:47:34 +0000
0 - 0 - 7 www.pdfdrive.com/abbadons-gate-d195171719.html 104.26.7.150
2022-12-09 19:46:47 +0000
0 - 0 - 0 www.is.gd/s7al7x 104.25.233.53
2022-12-09 19:46:28 +0000
0 - 0 - 2 autumn-block-50de.caitlyn70.workers.dev/ 104.21.31.100
2022-12-09 19:45:48 +0000
0 - 0 - 1 girlsandtheir.webcam/&_=1670615114981 104.21.59.68

Last 1 reports on domain: yts2.net

Date UQ / IDS / BL URL IP
2022-09-24 11:37:09 +0000
0 - 0 - 51 yts.yts2.net/ 104.21.3.99

Last 1 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-09-23 22:32:25 +0000
0 - 0 - 33 bt4g.youhydra.com/ 104.21.23.221


JavaScript

Executed Scripts (66)


Executed Evals (2)

#1 JavaScript::Eval (size: 8, repeated: 1) - SHA256: 3c4b9b06fe520e9d07b2150eebd412a59c91d789706d99a2b2dc9bf217604d1f

                                        _ate.cbs
                                    

#2 JavaScript::Eval (size: 11, repeated: 1) - SHA256: 8ee784d797ce97ed9716bb42682346deb0c7ae8ff75d7ad8ae60508907054c16

                                        addthis.cbs
                                    

Executed Writes (5)

#1 JavaScript::Write (size: 2, repeated: 1) - SHA256: b17ef6d19c7a5b1ee83b907c595526dcb1eb06db8227d650d5dda0a9f4ce8cd9

                                        16
                                    

#2 JavaScript::Write (size: 51159, repeated: 1) - SHA256: 9fe86495463d6dbb135b99593ff8bb7eded911237e7288877cc5142f391f6386

                                        < meta charset = "UTF-8" > < meta name = "viewport"
content = "width=device-width, initial-scale=1" > < html class = "desktop left " > < html lang = "en" > < head > < meta charset = "UTF-8" > < meta name = "robots"
content = "noindex" > < meta name = "viewport"
content = "width=device-width, initial-scale=1.0" > < meta http - equiv = "X-UA-Compatible"
content = "ie=edge" > < /head><body><main class="sc"><div class="sc__wrp"><div class="sc__sw"><div class="sc__sw__close"></div > < div class = "sc__sw__icon" > < /div><div class="sc__sw__heading">yts.yts2.net wants to</div > < div class = "sc__sw__text sc__sw__text-desktop" > Show notifications < /div><div class="sc__sw__text sc__sw__text-mobile">yts.yts2.net wants to send you notifications.</div > < div class = "sc__sw__btn-c" > < button id = "B2"
class = "sc__sw__btn sc__sw__btn--allow" > Allow < /button><button id="B1" class="sc__sw__btn sc__sw__btn--block">Block</button > < /div></div > < /div></main > < style > html {
    line - height: 1.15; - webkit - text - size - adjust: 100 %
}
body {
    margin: 0
}
main {
    display: block
}
h1 {
    font - size: 2e m;
    margin: .67e m 0
}
hr {
    box - sizing: content - box;
    height: 0;
    overflow: visible
}
pre {
    font - family: monospace, monospace;
    font - size: 1e m
}
a {
    background - color: transparent
}
abbr[title] {
    border - bottom: none;
    text - decoration: underline;
    text - decoration: underline dotted
}
b, strong {
    font - weight: bolder
}
code, kbd, samp {
    font - family: monospace, monospace;
    font - size: 1e m
}
small {
    font - size: 80 %
}
sub, sup {
    font - size: 75 % ;
    line - height: 0;
    position: relative;
    vertical - align: baseline
}
sub {
    bottom: -.25e m
}
sup {
    top: -.5e m
}
img {
    border - style: none
}
button, input, optgroup, select, textarea {
    font - family: inherit;
    font - size: 100 % ;
    line - height: 1.15;
    margin: 0
}
button, input {
    overflow: visible
}
button, select {
    text - transform: none
}[type = button], [type = reset], [type = submit], button {
    -webkit - appearance: button
}[type = button]::-moz - focus - inner, [type = reset]::-moz - focus - inner, [type = submit]::-moz - focus - inner, button::-moz - focus - inner {
    border - style: none;
    padding: 0
}[type = button]: -moz - focusring, [type = reset]: -moz - focusring, [type = submit]: -moz - focusring, button: -moz - focusring {
    outline: 1 px dotted ButtonText
}
fieldset {
    padding: .35e m.75e m.625e m
}
legend {
    box - sizing: border - box;
    color: inherit;
    display: table;
    max - width: 100 % ;
    padding: 0;
    white - space: normal
}
progress {
    vertical - align: baseline
}
textarea {
    overflow: auto
}[type = checkbox], [type = radio] {
    box - sizing: border - box;
    padding: 0
}[type = number]::-webkit - inner - spin - button, [type = number]::-webkit - outer - spin - button {
    height: auto
}[type = search] {
    -webkit - appearance: textfield;
    outline - offset: -2 px
}[type = search]::-webkit - search - decoration {
    -webkit - appearance: none
}::-webkit - file - upload - button {
    -webkit - appearance: button;
    font: inherit
}
details {
    display: block
}
summary {
    display: list - item
}[hidden], template {
    display: none
}@
keyframes fadeIn {
    0 % {
        opacity: 0;transform: scale(.9)
    }
    to {
        opacity: 1;transform: scale(1)
    }
}.sc {
    -webkit - touch - callout: none; - webkit - user - select: none; - khtml - user - select: none; - moz - user - select: none; - ms - user - select: none;
    user - select: none;
    display: flex;
    justify - content: center;
    align - items: center
}.sc.rtl {
        direction: rtl
    }.sc__sw {
        width: 100 % ;max - width: 30 rem;font - family: Roboto,
        Segoe UI,
        Helvetica,
        sans - serif;background - color: # fff;border - radius: .3 rem;margin: 1 rem;padding: 1 rem 1.5 rem 4.5 rem;position: relative;box - shadow: 0.5 rem.5 rem rgba(0, 0, 0, .1);animation: fadeIn.4 s ease - in -out
    }.sc__sw__icon {
        height: 1.6 rem;width: 1.6 rem;float: left;background - size: contain;background - image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCI+PHBhdGggZD0iTTEyIDIyYzEuMSAwIDItLjkgMi0yaC00YTIgMiAwIDAgMCAyIDJ6bTYtNnYtNWMwLTMuMDctMS42NC01LjY0LTQuNS02LjMyVjRjMC0uODMtLjY3LTEuNS0xLjUtMS41cy0xLjUuNjctMS41IDEuNXYuNjhDNy42MyA1LjM2IDYgNy45MiA2IDExdjVsLTIgMnYxaDE2di0xbC0yLTJ6IiBmaWxsPSIjNDI4NWY2Ii8+PC9zdmc+")
    }.sc__sw__heading {
        display: none
    }.sc__sw__text {
        color: #666;margin-left:2.3rem;margin-top:.2rem}.sc__sw__text-desktop,.sc__sw__text-mobile{display:none}.sc__sw__btn-c{position:absolute;bottom:.2rem;right:.5rem;display:flex;flex-flow:row-reverse}.sc__sw__btn{border:none;padding:1rem;background-color:transparent;color:# 4283e f;font - weight: 400
    }.sc.sc--mobile {
        width: 100 % ;height: 100 %
    }.sc.sc--mobile__sw__text - mobile {
        display: block
    }.sc.sc--mobile.sc--android - browser, .sc.sc--mobile.sc--chrome, .sc.sc--mobile.sc--firefox {
        background - color: rgba(0, 0, 0, .3);
        position: absolute;
        top: 0;
        bottom: 0;
        left: 0;
        right: 0;
    }.sc.sc--mobile.sc--android - browser, .sc.sc--mobile.sc--chrome {
        width: 100 % ;height: 100 %
    }.sc.sc--mobile.sc--android - browser.sc__sw, .sc.sc--mobile.sc--chrome.sc__sw {
        position: absolute;margin: 0;left: 50 % ;top: 50 % ;width: 92 % ;max - width: 520 px;height: auto;padding - left: 3.8 rem;transform: translate(-50 % , -50 % )
    }.sc.sc--mobile.sc--android - browser.sc__sw__text - mobile, .sc.sc--mobile.sc--chrome.sc__sw__text - mobile {
        display: inline;color: #666;margin-left:0;margin-top:.2rem}.sc.sc--mobile.sc--android-browser .sc__sw__icon,.sc.sc--mobile.sc--chrome .sc__sw__icon{position:absolute;float:none;left:1.5rem;top:1rem}.sc.sc--mobile.sc--android-browser .sc__wrp,.sc.sc--mobile.sc--chrome .sc__wrp{position:relative;width:100%;height:100%;box-sizing:border-box}.sc.sc--mobile.sc--android-browser .sc__wrp *,.sc.sc--mobile.sc--chrome .sc__wrp *{box-sizing:border-box}.sc.sc--mobile.sc--firefox{background-color:rgba(0,0,0,.6);align-items:flex-start;margin-top:-16px}.sc.sc--mobile.sc--firefox .sc__sw{font-family:Fira Sans,Roboto,Segoe UI,Helvetica,sans-serif;background-color:# e6e6e6;font - weight: 400;padding - bottom: 4.5 rem;overflow: hidden;max - width: 66.6 % ;margin: 0 auto
    }.sc.sc--mobile.sc--firefox.sc__sw__icon {
        width: 2.5 rem;height: 2.5 rem;margin - top: .5 rem;background - repeat: no - repeat;background - position: 50 % ;background - image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCI+PHBhdGggZD0iTTMuMjU0IDIuMDk0Yy0xLjE0NyAwLTIuMDcuOTIyLTIuMDcgMi4wNjh2MTEuMzVjMCAxLjE0Ni45MjMgMi4wNjggMi4wNyAyLjA2OGg5LjUzbDMuNzYyIDMuNzYycy41ODguNTY0IDEuMjA3LjU2NGMuNjE4IDAgLjg2Mi0uMzQ2Ljg2Mi0uNTY0VjE3LjU4aDIuMTMxYzEuMTQ3IDAgMi4wNy0uOTIyIDIuMDctMi4wNjlWNC4xNjJhMi4wNjUgMi4wNjUgMCAwIDAtMi4wNy0yLjA2OHptOC43NzcgMi4wNDhBMS40MDggMS40MDggMCAwIDEgMTMuNDQgNS41NWExLjQwOCAxLjQwOCAwIDAgMS0xLjQwOCAxLjQwNyAxLjQwOCAxLjQwOCAwIDAgMS0xLjQwOC0xLjQwNyAxLjQwOCAxLjQwOCAwIDAgMSAxLjQwOC0xLjQwOHptLS4yMTYgNC4yNzhoLjQzMmMuNjYgMCAxLjE5Mi41MzIgMS4xOTIgMS4xOTJ2NC44NjVjMCAuNjYtLjUzMiAxLjE5Mi0xLjE5MiAxLjE5MmgtLjQzMmMtLjY2IDAtMS4xOTItLjUzMi0xLjE5Mi0xLjE5MlY5LjYxMmMwLS42Ni41MzItMS4xOTIgMS4xOTItMS4xOTJ6IiBmaWxsPSIjYTVhNWE1Ii8+PC9zdmc+")
    }.sc.sc--mobile.sc--firefox.sc__sw__text - mobile {
        font - weight: 300;
        display: block;
        margin - left: 3.5 rem;
        margin - top: .5 rem;
        margin - bottom: 1 rem
    }.sc.sc--mobile.sc--firefox.sc__sw__btn - c {
        bottom: 0;left: 0;right: 0
    }.sc.sc--mobile.sc--firefox.sc__sw__btn {
        width: 50 % ;color: #000;font-weight:400}.sc.sc--mobile.sc--firefox .sc__sw__btn--allow{background-color:# 008 bcc;color: # fff
    }.sc.sc--mobile.sc--firefox.sc__sw__btn--block {
        background - color: # d1d0d5
    }.sc.sc--mobile.sc--uc - browser {
        align - items: flex - end;
        height: 100 %
    }.sc.sc--mobile.sc--uc - browser.sc__wrp {
        position: absolute;left: 0;right: 0;top: auto;bottom: 0;width: auto;padding: 0 5 px 5 px
    }.sc.sc--mobile.sc--uc - browser.sc__sw {
        box - shadow: 0 0 4 px rgba(0, 0, 0, .2);
        border - radius: 1.5 rem;
        padding - right: 2.5 rem;
        width: auto;
        margin: auto
    }.sc.sc--mobile.sc--uc - browser.sc__sw: after, .sc.sc--mobile.sc--uc - browser.sc__sw: before {
        position: absolute;right: 1.5 rem;top: 1 rem;content: " ";height: .8 rem;width: 1 px;background - color: # aaa
    }.sc.sc--mobile.sc--uc - browser.sc__sw: before {
        transform: rotate(45 deg)
    }.sc.sc--mobile.sc--uc - browser.sc__sw: after {
        transform: rotate(-45 deg)
    }.sc.sc--mobile.sc--uc - browser.sc__sw__text - mobile {
        display: block;font - weight: 700;margin - bottom: .5 rem;margin - left: 3 rem;color: #444;margin-top:.25rem}.sc.sc--mobile.sc--uc-browser .sc__sw__btn-c{flex-flow:row}.sc.sc--mobile.sc--uc-browser .sc__sw__btn--allow{color:# fdb83f
    }.sc.sc--mobile.sc--uc - browser.sc__sw__btn--block {
        font - weight: 400;
        color: # aaa
    }.sc.sc--mobile.sc--uc - browser.sc__sw__icon {
        width: 2.5 rem;height: 2.5 rem;background - repeat: no - repeat;background - image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADwAAABQCAIAAADKqIEEAAALgUlEQVRo3u1az49k11X+vnPuq/4xM5mZWHYUOfYgga1IKAtiZUVkTCw2WbJFQmIFSxQhIbDgH4jwigVZEH5vAkIgggAhISuIADFxHGPZMxM7djyezNie6Z81XVXvvXs+Fve9qurq6Z7udpkE1Fet1z1Tr+777nfPPec75zxKwv+1YT9qAGegf5zHGegz0GegTzoCWHYk+OhBG6Al407Lxpjzi3/ir/9jvX3bIL/8KJ/+NT3+DJf6DC43jOtfn+fLfxNNhGDR0Eh3PP3L+uyvLhH3Ms2jfec/+MrXI8Moc6FKYd5K+Lc/5+2XlsjNEkGHfeuPkDMJkEYAMMJgTRDf/EMqfhSgjz5P+W6++0PBQQEhCQopRLg7tt7F8C6wHNwnZ/ow3MMdSxEpwwULIGhiglVgxfCMZhuIpeCe9x4CGkACQymTBCzCCCIAAglHnKZ7N3x1ImYiEKBCAEgYaRmDGqNbiiu0JRjkPGgCRARASjBrqbDMGKeoU0vkc9QANLqUyOlX997Te/+kH7xgazVSICRJhARCRAiTFrl66y/IXVx+Cmuf+JCg97s8ARDE7k9kWmRYwMsnqDPqiafWrcb4+/jeV/MHb3regwOiYApRkoQI5EAEBYAymlHjPawAqw/HE79kT/4KcUo3eMBPq78qgAxCtEwvh5BoE0bMd7H1XVz967x1kwCZwQBASAABgd36I5AzcrFjRoTCHIJlPvQkfuZ3cenTS2F6em1AACYxK6Cgy20Pu9/fuf733L221m5YWwuyzq0cckIFKNi2ylnFzOVhYIQ58PjP47O/A6x/SKYFAQghAwQdYCg7atgob3739tW/Wx1+bz32VhgsjBLoZ+E89nnaJUSwbrobScgkI4yPXMHnfx+4dHxjWQAdxSoENUiAkTDAkIlmdPvFzdf+8ny6sdYMmTNVTm6HbX6rDpDdrYiR2WY1rbr1mSxZ5Vxdw8/9KapHjgl6vwNSYTqHGGSQAoggEFtv169/7WG8vd5MUmvszFZHYZ0xQ5Ck4K5BUuWEEAJEZWXUu/f0778OtCcHLUBEMKLKqkJWlmDtOG59c/zfz6/HG6aGOUfntgnw+IpC3a6S1QCDiiwEBaNJUmzfaF79cj4N0wBoQRdJApBFi/ru+MY3NLzlEcjF1jUFvW/JD3waKRAkUgVPnTUqA5nB6tpf+a1/OI7oXABd9hGGMMkjku5h/HY9GlUMhIAMTeGdyssSAERiUHXRsbjX3NYY4JXf0zFmtYMzAoLEiIEmxHa981au73iXNgnU8Qz50KHCuBGDAQl1mxRJhtEdu/PtB85+HyWgEoaVoR1M3t/ZuL4Sdy0aKaQO9+x6KrIFioQ7zLtJJFANVvHqlyPH0dto83N1XlowydXC6uHdN3TnzbW8K1PRaKJkIS4hX5VRaSZ+aDIkbFzV1stHf3Ef02IUz0AYk8HavZvXV+odZ6tCLaWO4MCHxy3QHWad6BFMyC3tg385AehCtwE0UgRG2Li5YnWY+u0yyRBGEcc5Mg8cJYkEwOJBIyJ0+z+P/tK+bJzFHxkgITImt1a5y85+BbhknmlTy6ZOK9R6hgC4o21R7FIyM2zcODHTBMgAW9SbxJhFsbFju+NYi376dEMAOsc3JSKhmUDNCUD3bgGIhLaJPHVwUymn2T1LGWRv1iraVmyxfXu6qKNBa+4PQVQUfTAf/rR42xJAF3HSL6ColPp94NCgfj+mu5ERtSWyCNBpNnO0ej7FEIpm6B/OgOArRzC9UBYLoZdvBHLbiU92jGjptcQe9pR0AE7BB0dUCuY/YEhdim8AqWg5y/j7lSzh+M09slzniYZCROQjNnNRMPXHjgCVA3CBxWPMMr8PE8MXOZ5dO1+t4nl1BDf7QBuTsQIdANDQxpZIOOSQ9Ywsp+Cyn+/+zKj/h+L4TGO6YyVW0wrHBtgsBM4O5XKG9s9nAGjHZXphKrK334+4q7uATsBJmcacrHZFdEb2UY7+fExt+jRMl4iYwa62tfyuyQJJ07RC6FTDSZOAfgRJLjNeHzr2eQ/AHpTOHWEegpmSzftQLTcWzj+P0yCG6P7r0PzlMPMQaGoU0UASe/En9pFgmXauWcyFBEMG1roizP3GvjCegVA4whQA23t7TYwGgguisa8TlWBOLC009sW0rjIRgvlgFiePYLoPTkWNCu24He6KEWylTEWXInS5zdJo7rROEaWgUfIKozcQh4Ywm/suDHC4wRA57l5v29318+dpIU1Ck+AEVgdalXLCchVIL30JhJ9vXv9jcHIsm6bggkdgsnnvg1dzvekRZhQlZjALGYxShzs9voVRgneX2kLGJFW3Xsa1rxzm+/bX8soXY5x3XhvuXuN4S8ORB9yS0dCX+05YxFtA+IDPSvbSplVc/Rpyvu8yFzKXAFrk94cbL1l7c6Cx2kZZhBOOaR47K0RNoxlP9dPPQuuPXZkzHAZM+O7fakGXLIImQSKadvN6vXN1xXZgrTJVJ7WOnJQNmRKnBfQuOTIj7/vD/trdOP8npsKGZDK4TYUOBZky1/TKH3B8e6FUf4DpyJi8N7z9LY3eTxQdZi5fD78gv0BbJ1fENGsGAXCXJXiCO0rlxUxzV5jBXG4wF0100EQnnebdBltiSuLUgwkIC+XxFq4+rwNnYaGPOMpb32h3XktqTZUl+MUVqy5FWiNB1Iq6qYe8t50jC0wXHmM6RyvlWkISwZBoAEnrNrAPRSxiZkpbtMxDjrcRtdxgnLaUIAlhNPzgBT7xDs4/Pt9x2N9H5Hux8Z21essTosnwAS9doF92rAoWCFiYPlAeMsu9svOPYeU8cgsY6GCXVU8ruP2DNFeBYL/bGTA0I9VX0Y4FwhOiQXT1CUoBa+TprT/DZ57jnCDZn9iO9jjaqyyMUG7RBoZAcoRTcmRgF/VmSEgEGmxcw/pDSKvdwWLJOPoMWHlGx/zJmZ6fXGt4i+12lHs8MSS1QFdEpcEtcfPbsXeP67MO2D7zUAxSw4xgDjPlaFVv5lHOeV2U+YQYCnv0MBJkbjZsZwusVARl7wdL9jBfGsBc92C60REZalVaRuzqnmDX5VC3K0S9Zc270E/2eeAC09W57JdGk7Q2qOVmCaG9SKOwCsZsomc0YQHASdAICWo6r6f+zJTfmhcomqaqpfEy530AGSQhd+30/ghAbJtx5Z/C6idBuy/ToH1s78Lj9+7c8mZzZWVEZBgVUmrNjaSCWRaUi6SrbUqzx/Yd7gOutXcKLJVAkGZMzmL/XbsxWPK7UiITwIg8SlzLP/0lX/nYPpxzfUQJ4/Hov7D1DnfeysOb1uxWCrQWDWnJBiHfU7PbtFg5d9HTp3Tz1VxPLELITJQREmOfTTAg6+VxIECjcUBcfhjVWrQTUwMfgCtABRnMEBMQWLmMj38On/gC1h+Zs6lF0FAINqEUmuTRdohuTgwQJM2cSDU0RjsCDRjiha/i5isA0GS1gZDYJdOdnC+9lWIqBiSXmZHxyc/407+B6uPII+QJvIKvwSswAQQyIqs8Gn4wj1kwDwIrAMxW7dzF2fmZNeoJEFW/5U9+UTdep6AshcorNchd9UzldghS6cSxgiWnuz/xi1h7FEhI8/s+TVUqWHB6bg+oj/vVPTgvD6yXFgdLPsRPfJFXnopJLVkfqI3o+gR9sDbSDeZwa8k28OhTuPIMUB2Y0OY0iR0h24/xnkt5NOdn7JdvwDPPmae2bQgDnPROj5A2o8pgCfQaDjP8wm/D7UjB94B64Qlfzjn4oMHFePZLFZIil+jd9dfLQGmVkW5IUVUZX/gtpIuzZZ9qnOBlwulLDwcXwtEW/vk5vf2SGkQgSiykjHSIKaESfupZPPub+434owd9dDUiQ37zO3jz6/UbL6a7PywNR1rKDz3GK5+zJz+PR38WvpzXAJf82ub/zjh7f/oM9BnoH4NxBvoM9P830P8DWBywwp+xTnsAAAAASUVORK5CYII=")
    }.sc.sc--mobile.sc--samsung - internet -
    for -android {
        height: 100 % ;align - items: flex - end
    }.sc.sc--mobile.sc--samsung - internet -
    for -android.sc__wrp {
        position: absolute;left: 0;right: 0;top: auto;bottom: 0;width: auto;padding: 0 5 px
    }.sc.sc--mobile.sc--samsung - internet -
    for -android.sc__sw {
        width: auto;margin: 1 rem auto;box - shadow: 0 0 3 px rgba(0, 0, 0, .4);border - radius: 2 rem;padding - bottom: 4.5 rem;padding - top: 1.333 rem
    }.sc.sc--mobile.sc--samsung - internet -
    for -android.sc__sw: after, .sc.sc--mobile.sc--samsung - internet -
    for -android.sc__sw: before {
        position: absolute;right: 1.75 rem;top: 1.333 rem;content: " ";height: 1 rem;width: 1 px;background - color: #777}.sc.sc--mobile.sc--samsung-internet-for-android .sc__sw:before{transform:rotate(45deg)}.sc.sc--mobile.sc--samsung-internet-for-android .sc__sw:after{transform:rotate(-45deg)}.sc.sc--mobile.sc--samsung-internet-for-android .sc__sw__text-mobile{display:block;font-weight:700;color:# 444;margin - left: 3 rem;margin - right: 1.5 rem
    }.sc.sc--mobile.sc--samsung - internet -
    for -android.sc__sw__btn - c {
        flex - flow: row;
        display: flex;
        left: .5 rem
    }.sc.sc--mobile.sc--samsung - internet -
    for -android.sc__sw__btn {
        flex: 1;padding: .25 rem;margin - bottom: 1 rem;color: #4285f6}.sc.sc--mobile.sc--samsung-internet-for-android .sc__sw__btn--allow{border-right:1px solid # ddd
    }.sc.sc--mobile.sc--samsung - internet -
    for -android.sc__sw__icon {
        width: 2 rem;position: relative;top: .33 rem;height: 2 rem;background - repeat: no - repeat
    }.sc.sc--mobile.sc--yandex - browser {
        align - items: flex - end
    }.sc.sc--mobile.sc--yandex - browser.sc__wrp {
        position: absolute;left: 0;right: 0;top: auto;bottom: 0;width: auto;padding: 0 5 px
    }.sc.sc--mobile.sc--yandex - browser.sc__sw {
        width: auto;border: 1 px solid # ededed;border - radius: 1 rem;margin: .5 rem;box - shadow: 0 0 10 px 10 px # f0f0f0,
        0 50 px 20 px 40 px # f0f0f0
    }.sc.sc--mobile.sc--yandex - browser.sc__sw__text - mobile {
        display: block;margin - left: 0;margin - right: 1 rem
    }.sc.sc--mobile.sc--yandex - browser.sc__sw__icon {
        position: absolute;right: .5 rem;top: .5 rem;background - image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI2NCIgaGVpZ2h0PSI2NCIgdmlld0JveD0iMCAwIDE2LjkzMyAxNi45MzMiPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKDAgLTI4MC4wNjcpIj48Y2lyY2xlIGN4PSI4LjQ2NyIgY3k9IjI4OC41MzMiIHI9IjcuNTYiIGZpbGw9IiNkOWQ5ZDkiLz48cGF0aCBkPSJNNS42MzggMjg1LjQzM2EuMjYzLjI2MyAwIDAgMC0uMTk1LjA3Ny4yNzkuMjc5IDAgMCAwIC4wMTEuMzk0bDIuNjMgMi42My0yLjYzIDIuNjI4YS4yNzkuMjc5IDAgMCAwLS4wMTEuMzk1LjI3OS4yNzkgMCAwIDAgLjM5NS0uMDExbDIuNjI5LTIuNjMgMi42MjkgMi42M2EuMjc5LjI3OSAwIDAgMCAuMzk0LjAxLjI3OS4yNzkgMCAwIDAtLjAxLS4zOTRsLTIuNjMtMi42MjkgMi42My0yLjYyOWEuMjc5LjI3OSAwIDAgMCAuMDEtLjM5NC4yNzkuMjc5IDAgMCAwLS4zOTQuMDFsLTIuNjMgMi42My0yLjYyOC0yLjYzYS4yOTQuMjk0IDAgMCAwLS4yLS4wODd6IiBmaWxsPSIjZmZmIi8+PC9nPjwvc3ZnPg==")
    }.sc.sc--mobile.sc--yandex - browser.sc__sw__btn - c {
        bottom: 0;right: 0;left: 0;display: flex;border - top: 1 px solid # cbcbcb
    }.sc.sc--mobile.sc--yandex - browser.sc__sw__btn {
        flex: 1;color: #2488e0;font-weight:400}.sc.sc--mobile.sc--yandex-browser .sc__sw__btn--allow{color:# 2488e0;font - weight: 600;border - left: 1 px solid # cbcbcb
    }.sc.sc--mobile.sc--yandex - browser.sc__sw__btn--block {
        color: #2488e0}.sc.sc--desktop{margin-left:21px;margin-top:-3px;width:326px;height:136px;display:flex;justify-content:center;align-items:center}.sc.sc--desktop.rtl{margin-left:0;margin-right:106px}.sc.sc--desktop .sc__sw{box-sizing:border-box;width:320px;height:130px;border-radius:2px;box-shadow:0 -1px 3px rgba(0,0,0,.3),0 2px 3px 1px rgba(0,0,0,.3);padding:16px;margin:0;font-family:Segoe UI,Helvetica,sans-serif}.sc.sc--desktop .sc__sw__close{position:absolute;display:block;height:24px;width:24px;right:5px;top:5px;border-radius:100%;background-color:transparent;transition:background-color .5s}.sc.sc--desktop .sc__sw__close:hover{background-color:rgba(0,0,0,.08)}.sc.sc--desktop .sc__sw__close:after,.sc.sc--desktop .sc__sw__close:before{content:" ";position:absolute;height:13px;width:2px;left:11px;top:5px;background-color:# 666;pointer - events: none
    }.sc.sc--desktop.sc__sw__close: before {
        transform: rotate(45 deg)
    }.sc.sc--desktop.sc__sw__close: after {
        transform: rotate(-45 deg)
    }.sc.sc--desktop.sc__sw__heading {
        display: block;position: absolute;top: 19 px;left: 16 px;right: 30 px;font - size: 15 px;white - space: nowrap;text - overflow: ellipsis;overflow: hidden
    }.sc.sc--desktop.sc__sw__icon {
        background - image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCI+PHBhdGggZD0iTTEyIDIyYzEuMSAwIDItLjkgMi0yaC00YTIgMiAwIDAgMCAyIDJ6bTYtNnYtNWMwLTMuMDctMS42NC01LjY0LTQuNS02LjMyVjRjMC0uODMtLjY3LTEuNS0xLjUtMS41cy0xLjUuNjctMS41IDEuNXYuNjhDNy42MyA1LjM2IDYgNy45MiA2IDExdjVsLTIgMnYxaDE2di0xbC0yLTJ6IiBmaWxsPSIjNWY2MzY4Ii8+PC9zdmc+");
        height: 18 px;
        width: 18 px;
        position: absolute;
        top: 47 px;
        left: 16 px
    }.sc.sc--desktop.sc__sw__text {
        font - size: 12 px;
        position: absolute;
        top: 49 px;
        left: 46 px;
        color: #000;margin:0}.sc.sc--desktop .sc__sw__text-desktop{display:block}.sc.sc--desktop .sc__sw__btn-c{bottom:16px;right:16px;flex-flow:row}.sc.sc--desktop .sc__sw__btn{font-size:12px;font-weight:400;border:1px solid # ddd;
        border - radius: 2 px;
        padding: 0 16 px;
        height: 32 px;
        margin - left: 8 px;
        min - width: 64 px;
        font - weight: 500
    }.sc.sc--desktop.sc__sw__btn: hover {
        background - color: # fafafa
    }.sc.sc--desktop.sc--firefox {
        width: 380 px;height: 120 px;margin - left: 0;margin - top: 0
    }.sc.sc--desktop.sc--firefox.rtl {
        margin - left: 0;
        margin - right: 0
    }.sc.sc--desktop.sc--firefox.rtl.sc__sw: after, .sc.sc--desktop.sc--firefox.rtl.sc__sw: before {
        left: auto;right: 7 px
    }.sc.sc--desktop.sc--firefox.rtl.sc__sw: before {
        right: 6 px
    }.sc.sc--desktop.sc--firefox.rtl.sc__sw__btn--block: after {
        left: 0;right: auto
    }.sc.sc--desktop.sc--firefox.sc__sw {
        width: 360 px;height: 102 px;border: 1 px solid # d0d1d1;box - shadow: 0 0 1 rem # d0d1d1;padding: 12 px 10 px;position: relative
    }.sc.sc--desktop.sc--firefox.sc__sw: after, .sc.sc--desktop.sc--firefox.sc__sw: before {
        display: none;background - color: transparent;position: absolute;left: 7 px;top: -8 px;transform: none;content: " ";display: block;width: 0;height: 0;border - color: transparent transparent # fff;border - style: solid;border - width: 0 8 px 8 px
    }.sc.sc--desktop.sc--firefox.sc__sw: before {
        top: -9 px;left: 6 px;border - width: 0 9 px 9 px;border - color: transparent transparent # d0d1d1
    }.sc.sc--desktop.sc--firefox.sc__sw * {
        position: unset
    }.sc.sc--desktop.sc--firefox.sc__sw__close {
        display: none
    }.sc.sc--desktop.sc--firefox.sc__sw__heading {
        font - family: Segoe UI, Helvetica, sans - serif;
        font - size: 12 px;
        white - space: wrap;
        margin - bottom: .5e m;
        overflow: visible;
        margin - left: 48 px
    }.sc.sc--desktop.sc--firefox.sc__sw__text {
        overflow: visible;margin - left: 48 px;line - height: .95
    }.sc.sc--desktop.sc--firefox.sc__sw__icon {
        background - image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAeCAYAAABNChwpAAABj0lEQVRIie2Wv4oyMRTFf7pWsdQyBCzUVwgznXkFwc6xthNLERbU0gew1E7wFbQbmHewG9IJgoW22WJB0PUP6IzKx3e6ZO7NOUluztyMc84BRFHEcrkkjmPShFIKYwxaawAyzjk3m80IwzBV4nP4vk+z2SQXRdHLyQHCMKRSqfBVKpW+d7vdywUAbLdbcud33u/3kVKmQmitZTAYHMdxHJM9D0qL/NrafwS8Gm8XkLsXMBqNHvYGpRS9Xu9mzOefwL0dPIvPP4H/NfDP18DnCbDWpkZ2ae3McDh0SXRBvu9Tr9cRQgCwXq+ZTqdsNpurOUopssaYp8nht8FYLBbH8T1yAGMMWa01nuclJmK1WgHcJfc8D6317zMMgoBqtZpIUzqfzykUCle/X2xKnyG01jIejzkcDse5fD7Pfr8/iZtMJhfzn36GUkra7fbJ3Dn5LSTiA+VymUaj8VBuYkZUq9UeKuZEnTAIApRS7xMA0Ol0jmb0FgFCCLrd7omIW4JS+RlJKWm1WhSLRYQQNwv0BySZkZGaX+NiAAAAAElFTkSuQmCC");
        width: 32 px;
        margin - right: 16 px;
        height: 30 px
    }.sc.sc--desktop.sc--firefox.sc__sw__btn - c {
        position: absolute;left: 0;right: 0;bottom: 0
    }.sc.sc--desktop.sc--firefox.sc__sw__btn {
        margin: 0;border: none;display: flex;flex: 1;text - align: center;justify - content: center;align - items: center;height: 39 px;color: #000;border-radius:0;box-shadow:inset 0 0 1px 1px rgba(0,0,0,.1);background-color:# ededed;position: relative
    }.sc.sc--desktop.sc--firefox.sc__sw__btn--allow {
        background - color: #0060df;color:# fff
    }.sc.sc--desktop.sc--firefox.sc__sw__btn--allow: hover {
        background - color: #003eaa}.sc.sc--desktop.sc--firefox .sc__sw__btn--block{padding-right:55px}.sc.sc--desktop.sc--firefox .sc__sw__btn--block:before{display:block;content:"";position:absolute;left:0;top:0;bottom:0;right:0;z-index:1}.sc.sc--desktop.sc--firefox .sc__sw__btn--block:hover:before{background-color:rgba(0,0,0,.045)}.sc.sc--desktop.sc--firefox .sc__sw__btn--block:after{content:"";display:block;position:absolute;right:0;background-image:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAHCAYAAAA4R3wZAAAAhUlEQVQYlXXQyw2EMAyE4Z9tAMpwSkn6BUoJt3QwUioYDitWLA8fPf4s2YMkl1LovbMsC+M48lS9d0opTNPEPM98jqDWyrHgDdVasf1tSnJrzRFhwCklt9YsyUeWUjLgiPhlnAeu+A39wSf8hiR5kOTrPTlntm0DICJY1/X2tBs8Y+ARAezFmqaAOZvAjAAAAABJRU5ErkJggg= = ");background-repeat:no-repeat;background-position:12px 11px;border-left:1px solid #cecece;height:26px;width:39px}.sc.sc--desktop.sc--firefox.sc--macos .sc__sw{border-radius:4px}.sc.sc--desktop.sc--firefox.sc--macos .sc__sw__btn-c{overflow:hidden;border-radius:0 0 4px 4px}.sc.sc--desktop.sc--firefox.sc--macos .sc__sw__btn{box-shadow:none}.sc.sc--desktop.sc--firefox.sc--macos .sc__sw__btn--allow{background-color:#0896f8;border-top:1px solid #0c84d8}.sc.sc--desktop.sc--firefox.sc--macos .sc__sw__btn--allow:hover{background-color:#0c84d8}.sc.sc--desktop.sc--firefox.sc--macos .sc__sw__btn--block{border-top:1px solid #ccc}.sc.sc--desktop.sc--yandex-browser{width:460px;height:180px;overflow:hidden;align-items:flex-start;position:absolute;right:17px;margin:0}.sc.sc--desktop.sc--yandex-browser *{position:unset}.sc.sc--desktop.sc--yandex-browser.rtl{right:auto;left:17px}.sc.sc--desktop.sc--yandex-browser.rtl .sc__sw__btn-c:before{left:auto;right:0}.sc.sc--desktop.sc--yandex-browser .sc__sw{width:435px;height:150px;border-radius:3px;border:1px solid #d1d1d1;box-shadow:0 10px 20px rgba(0,0,0,.1);margin-top:13px;overflow:visible;padding:20px 25px;position:relative}.sc.sc--desktop.sc--yandex-browser .sc__sw:after,.sc.sc--desktop.sc--yandex-browser .sc__sw:before{width:1px;background-color:#d1d1d1}.sc.sc--desktop.sc--yandex-browser .sc__sw__close{content:"
        ";display:block;width:16px;height:16px;background-image:url("
        data: image / png;
        base64, iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8 / 9 hAAABj0lEQVQ4ja2TzYrqQBCFv5b8qdABI26MUSGLvIRrn1XwNeYRBNGsTMgiYCDZxG4XfRcSb2bUCwP3LLvrVJ06VSWMMYYe2rbler3SNA1aawAcx0FKSRAEDIfDfjiiS2CMIc9zqqpiNpvh + z6u6wKglKKua8qyZDKZEIYhQoi / CYwxpGkKQBRFT + JPKKW4XC4AxHGMEIIBQJ7nz8dPZADXdYnjmD7HatuWqqpIkuQpC + B0OnE4HBBCkCQJSZI8JAtBFEUcj0em0ylkWWaKojB9FEVhdrud0VobrbXZ7 / cmy7KXmCzLzKBpGnzf / yZVSsl2u8W2bWzbRkr5nEgH3 / dpmgZLa / 3 S93g8ppvM19cXnuexXq9f / NBaP0z8hPP5zP1 + Z7PZfPOnD8txHJRSjEajl8 / lcslqtXpLVErhOA4DKSV1XX9U0O3HT9R1jZSSQRAElGWJUupVnmVhWdbb6mVZEgTBYxOzLON2uz2361 / ottbzPBaLxcPE + XwOQJqmb5X0K3cthWEI / K9j6lf57Tn / Aa0MA10JheTaAAAAAElFTkSuQmCC ");background-size:contain;background-repeat:no-repeat;background-color:red;position:absolute;left:25px;bottom:25px;top:auto}.sc.sc--desktop.sc--yandex-browser .sc__sw__close:after,.sc.sc--desktop.sc--yandex-browser .sc__sw__close:before{display:none}.sc.sc--desktop.sc--yandex-browser .sc__sw__icon{background-image:url("
        data: image / png;
        base64, iVBORw0KGgoAAAANSUhEUgAAABwAAAAaCAYAAACkVDyJAAABP0lEQVRIie3VMW6DMBTG8T8oYyaba4SNOdnJARhYmMlx8BoWJDhAjpGJXAMzsb8Olau0TVKUGKlDvvHpwU / Y5jkQEbHWUtc1fd8zjiM + o5QijmOKokBrTTAMg5RlyTRNXqGfWa / XGGNYHY9HpmkiSRLKsiSKIq / QMAxUVcX5fKaua8LL5QKwCAYQRRGHwwGAvu8J3Z4tgV2jAOM4Ei6m3MkbfINv8B + ASingc + YtFfdupRThZrMBwBiDtdY7Zq2lqioA4jh + 7 XrK85wsy77V9vv9zV53PYVaa4wxbLdb3PLOTdM0dF33sEcpxW63wxiD1hrkybRtK2maSpqm0rbtV93V7uXpU5plGXmez / 5 Sl9WzoEMd2DTNrGcCEZFXUICu636Bp9PpZq + XH / 96e f + Kt0kzF / U62uagLx2ae + ijfAAz9t9V2rINEgAAAABJRU5ErkJggg == ");width:28px;height:26px}.sc.sc--desktop.sc--yandex-browser .sc__sw__icon:after,.sc.sc--desktop.sc--yandex-browser .sc__sw__icon:before{display:none;background-color:transparent;position:absolute;left:295px;top:-12px;transform:none;content:"
        ";display:block;width:0;height:0;border-color:transparent transparent #fff;border-style:solid;border-width:0 12px 12px}.sc.sc--desktop.sc--yandex-browser .sc__sw__icon:before{top:-13px;left:294px;z-index:-1;border-width:0 13px 13px;border-color:transparent transparent #d0d1d1}.sc.sc--desktop.sc--yandex-browser .sc__sw__heading,.sc.sc--desktop.sc--yandex-browser .sc__sw__text{margin-left:45px}.sc.sc--desktop.sc--yandex-browser .sc__sw__heading{font-weight:700;font-size:16px;margin-top:-3px;width:330px;white-space:normal;margin-bottom:8px;direction:auto}.sc.sc--desktop.sc--yandex-browser .sc__sw__text{font-size:13px;line-height:1.333}.sc.sc--desktop.sc--yandex-browser .sc__sw__btn-c{position:absolute;right:25px;bottom:20px;justify-content:flex-end}.sc.sc--desktop.sc--yandex-browser .sc__sw__btn{color:#000;font-weight:400;border:none;background-color:#e6e6e6}.sc.sc--desktop.sc--yandex-browser .sc__sw__btn:hover{background-color:#ccc}.sc.sc--desktop.sc--macos .sc__sw{border-top:0;border-right:1px solid #ccc;border-bottom:1px solid #c1c1c1;border-left:1px solid #ccc;box-shadow:0 0 15px 0 #c6c6c6;border-radius:4px}.sc.sc--desktop.sc--macos .sc__sw__text-desktop{top:50px}.sc.sc--desktop.sc--macos .sc__sw__close{transform:scale(.9)}.sc.sc--desktop.sc--macos .sc__sw__btn{border-color:#eee;border-radius:3px}.sc.sc--desktop.sc--macos .sc__sw__btn-c{display:flex;flex-flow:row-reverse}.sc.sc--tablet .sc__sw__text-mobile{display:block}</style><script>parcelRequire=function(e,r,t,n){var i,o="
        function "==typeof parcelRequire&&parcelRequire,u="
        function "==typeof require&&require;function f(t,n){if(!r[t]){if(!e[t]){var i="
        function "==typeof parcelRequire&&parcelRequire;if(!n&&i)return i(t,!0);if(o)return o(t,!0);if(u&&"
        string "==typeof t)return u(t);var c=new Error("
        Cannot find module ");throw c.code="
        MODULE_NOT_FOUND ",c}p.resolve=function(r){return e[t][1][r]||r},p.cache={};var l=r[t]=new f.Module(t);e[t][0].call(l.exports,p,l,l.exports,this)}return r[t].exports;function p(e){return f(p.resolve(e))}}f.isParcelRequire=!0,f.Module=function(e){this.id=e,this.bundle=f,this.exports={}},f.modules=e,f.cache=r,f.parent=o,f.register=function(r,t){e[r]=[function(e,r){r.exports=t},{}]};for(var c=0;c<t.length;c++)try{f(t[c])}catch(e){i||(i=e)}if(t.length){var l=f(t[t.length-1]);"
        object "==typeof exports&&"
        undefined "!=typeof module?module.exports=l:"
        function "==typeof define&&define.amd?define(function(){return l}):n&&(this[n]=l)}if(parcelRequire=f,i)throw i;return f}({"
        9 KIJ ":[function(require,module,exports) {},{}],"
        JSid ":[function(require,module,exports) {var define;var e;!function(t,r){"
        object "==typeof exports&&"
        object "==typeof module?module.exports=r():"
        function "==typeof e&&e.amd?e([],r):"
        object "==typeof exports?exports.bowser=r():t.bowser=r()}(this,function(){return function(e){var t={};function r(n){if(t[n])return t[n].exports;var i=t[n]={i:n,l:!1,exports:{}};return e[n].call(i.exports,i,i.exports,r),i.l=!0,i.exports}return r.m=e,r.c=t,r.d=function(e,t,n){r.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:n})},r.r=function(e){"
        undefined "!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"
        Module "}),Object.defineProperty(e,"
        __esModule ",{value:!0})},r.t=function(e,t){if(1&t&&(e=r(e)),8&t)return e;if(4&t&&"
        object "==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(r.r(n),Object.defineProperty(n,"
        default ",{enumerable:!0,value:e}),2&t&&"
        string "!=typeof e)for(var i in e)r.d(n,i,function(t){return e[t]}.bind(null,i));return n},r.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return r.d(t,"
        a ",t),t},r.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},r.p="
        ",r(r.s=86)}({17:function(e,t,r){var n,i,s;i=[t,r(89)],void 0===(s="
        function "==typeof(n=function(r,n){"
        use strict ";function i(e,t){for(var r=0;r<t.length;r++){var n=t[r];n.enumerable=n.enumerable||!1,n.configurable=!0,"
        value "in n&&(n.writable=!0),Object.defineProperty(e,n.key,n)}}Object.defineProperty(r,"
        __esModule ",{value:!0}),r.default=void 0;var s=function(){function e(){!function(e,t){if(!(e instanceof t))throw new TypeError("
        Cannot call a class as a
        function ")}(this,e)}return t=e,r=[{key:"
        getFirstMatch ",value:function(e,t){var r=t.match(e);return r&&r.length>0&&r[1]||"
        "}},{key:"
        getSecondMatch ",value:function(e,t){var r=t.match(e);return r&&r.length>1&&r[2]||"
        "}},{key:"
        matchAndReturnConst ",value:function(e,t,r){if(e.test(t))return r}},{key:"
        getWindowsVersionName ",value:function(e){switch(e){case"
        NT ":return"
        NT ";case"
        XP ":return"
        XP ";case"
        NT 5.0 ":return"
        2000 ";case"
        NT 5.1 ":return"
        XP ";case"
        NT 5.2 ":return"
        2003 ";case"
        NT 6.0 ":return"
        Vista ";case"
        NT 6.1 ":return"
        7 ";case"
        NT 6.2 ":return"
        8 ";case"
        NT 6.3 ":return"
        8.1 ";case"
        NT 10.0 ":return"
        10 ";default:return}}},{key:"
        getAndroidVersionName ",value:function(e){var t=e.split(".
        ").splice(0,2).map(function(e){return parseInt(e,10)||0});if(t.push(0),!(1===t[0]&&t[1]<5))return 1===t[0]&&t[1]<6?"
        Cupcake ":1===t[0]&&t[1]>=6?"
        Donut ":2===t[0]&&t[1]<2?"
        Eclair ":2===t[0]&&2===t[1]?"
        Froyo ":2===t[0]&&t[1]>2?"
        Gingerbread ":3===t[0]?"
        Honeycomb ":4===t[0]&&t[1]<1?"
        Ice Cream Sandwich ":4===t[0]&&t[1]<4?"
        Jelly Bean ":4===t[0]&&t[1]>=4?"
        KitKat ":5===t[0]?"
        Lollipop ":6===t[0]?"
        Marshmallow ":7===t[0]?"
        Nougat ":8===t[0]?"
        Oreo ":void 0}},{key:"
        getVersionPrecision ",value:function(e){return e.split(".
        ").length}},{key:"
        compareVersions ",value:function(t,r){var n=arguments.length>2&&void 0!==arguments[2]&&arguments[2],i=e.getVersionPrecision(t),s=e.getVersionPrecision(r),a=Math.max(i,s),o=0,u=e.map([t,r],function(t){var r=a-e.getVersionPrecision(t),n=t+new Array(r+1).join(".0 ");return e.map(n.split(".
        "),function(e){return new Array(20-e.length).join("
        0 ")+e}).reverse()});for(n&&(o=a-Math.min(i,s)),a-=1;a>=o;){if(u[0][a]>u[1][a])return 1;if(u[0][a]===u[1][a]){if(a===o)return 0;a-=1}else if(u[0][a]<u[1][a])return-1}}},{key:"
        map ",value:function(e,t){var r,n=[];if(Array.prototype.map)return Array.prototype.map.call(e,t);for(r=0;r<e.length;r+=1)n.push(t(e[r]));return n}},{key:"
        getBrowserAlias ",value:function(e){return n.BROWSER_ALIASES_MAP[e]}}],null&&i(t.prototype,null),r&&i(t,r),e;var t,r}();r.default=s,e.exports=t.default})?n.apply(t,i):n)||(e.exports=s)},86:function(e,t,r){var n,i,s;i=[t,r(87)],void 0===(s="
        function "==typeof(n=function(r,n){"
        use strict ";function i(e,t){for(var r=0;r<t.length;r++){var n=t[r];n.enumerable=n.enumerable||!1,n.configurable=!0,"
        value "in n&&(n.writable=!0),Object.defineProperty(e,n.key,n)}}var s;Object.defineProperty(r,"
        __esModule ",{value:!0}),r.default=void 0,n=(s=n)&&s.__esModule?s:{default:s};var a=function(){function e(){!function(e,t){if(!(e instanceof t))throw new TypeError("
        Cannot call a class as a
        function ")}(this,e)}return t=e,r=[{key:"
        getParser ",value:function(e){var t=arguments.length>1&&void 0!==arguments[1]&&arguments[1];if("
        string "!=typeof e)throw new Error("
        UserAgent should be a string ");return new n.default(e,t)}},{key:"
        parse ",value:function(e){return new n.default(e).getResult()}}],null&&i(t.prototype,null),r&&i(t,r),e;var t,r}();r.default=a,e.exports=t.default})?n.apply(t,i):n)||(e.exports=s)},87:function(e,t,r){var n,i,s;i=[t,r(88),r(90),r(91),r(92),r(17)],void 0===(s="
        function "==typeof(n=function(r,n,i,s,a,o){"
        use strict ";function u(e){return e&&e.__esModule?e:{default:e}}function c(e){return(c="
        function "==typeof Symbol&&"
        symbol "==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"
        function "==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"
        symbol ":typeof e})(e)}function d(e,t){for(var r=0;r<t.length;r++){var n=t[r];n.enumerable=n.enumerable||!1,n.configurable=!0,"
        value "in n&&(n.writable=!0),Object.defineProperty(e,n.key,n)}}Object.defineProperty(r,"
        __esModule ",{value:!0}),r.default=void 0,n=u(n),i=u(i),s=u(s),a=u(a),o=u(o);var f=function(){function e(t){var r=arguments.length>1&&void 0!==arguments[1]&&arguments[1];if(function(e,t){if(!(e instanceof t))throw new TypeError("
        Cannot call a class as a
        function ")}(this,e),null==t||"
        "===t)throw new Error("
        UserAgent parameter cant be empty ");this._ua=t,this.parsedResult={},!0!==r&&this.parse()}return t=e,(r=[{key:"
        getUA ",value:function(){return this._ua}},{key:"
        test ",value:function(e){return e.test(this._ua)}},{key:"
        parseBrowser ",value:function(){var e=this;this.parsedResult.browser={};var t=n.default.find(function(t){if("
        function "==typeof t.test)return t.test(e);if(t.test instanceof Array)return t.test.some(function(t){return e.test(t)});throw new Error("
        Browsers test
        function is not valid ")});return t&&(this.parsedResult.browser=t.describe(this.getUA())),this.parsedResult.browser}},{key:"
        getBrowser ",value:function(){return this.parsedResult.browser?this.parsedResult.browser:this.parseBrowser()}},{key:"
        getBrowserName ",value:function(e){return e?String(this.getBrowser().name).toLowerCase()||"
        ":this.getBrowser().name||"
        "}},{key:"
        getBrowserVersion ",value:function(){return this.getBrowser().version}},{key:"
        getOS ",value:function(){return this.parsedResult.os?this.parsedResult.os:this.parseOS()}},{key:"
        parseOS ",value:function(){var e=this;this.parsedResult.os={};var t=i.default.find(function(t){if("
        function "==typeof t.test)return t.test(e);if(t.test instanceof Array)return t.test.some(function(t){return e.test(t)});throw new Error("
        Browsers test
        function is not valid ")});return t&&(this.parsedResult.os=t.describe(this.getUA())),this.parsedResult.os}},{key:"
        getOSName ",value:function(e){var t=this.getOS().name;return e?String(t).toLowerCase()||"
        ":t||"
        "}},{key:"
        getOSVersion ",value:function(){return this.getOS().version}},{key:"
        getPlatform ",value:function(){return this.parsedResult.platform?this.parsedResult.platform:this.parsePlatform()}},{key:"
        getPlatformType ",value:function(){var e=arguments.length>0&&void 0!==arguments[0]&&arguments[0],t=this.getPlatform().type;return e?String(t).toLowerCase()||"
        ":t||"
        "}},{key:"
        parsePlatform ",value:function(){var e=this;this.parsedResult.platform={};var t=s.default.find(function(t){if("
        function "==typeof t.test)return t.test(e);if(t.test instanceof Array)return t.test.some(function(t){return e.test(t)});throw new Error("
        Browsers test
        function is not valid ")});return t&&(this.parsedResult.platform=t.describe(this.getUA())),this.parsedResult.platform}},{key:"
        getEngine ",value:function(){return this.parsedResult.engine?this.parsedResult.engine:this.parseEngine()}},{key:"
        getEngineName ",value:function(e){return e?String(this.getEngine().name).toLowerCase()||"
        ":this.getEngine().name||"
        "}},{key:"
        parseEngine ",value:function(){var e=this;this.parsedResult.engine={};var t=a.default.find(function(t){if("
        function "==typeof t.test)return t.test(e);if(t.test instanceof Array)return t.test.some(function(t){return e.test(t)});throw new Error("
        Browsers test
        function is not valid ")});return t&&(this.parsedResult.engine=t.describe(this.getUA())),this.parsedResult.engine}},{key:"
        parse ",value:function(){return this.parseBrowser(),this.parseOS(),this.parsePlatform(),this.parseEngine(),this}},{key:"
        getResult ",value:function(){return Object.assign({},this.parsedResult)}},{key:"
        satisfies ",value:function(e){var t=this,r={},n=0,i={},s=0;if(Object.keys(e).forEach(function(t){var a=e[t];"
        string "==typeof a?(i[t]=a,s+=1):"
        object "===c(a)&&(r[t]=a,n+=1)}),n>0){var a=Object.keys(r),o=a.find(function(e){return t.isOS(e)});if(o){var u=this.satisfies(r[o]);if(void 0!==u)return u}var d=a.find(function(e){return t.isPlatform(e)});if(d){var f=this.satisfies(r[d]);if(void 0!==f)return f}}if(s>0){var l=Object.keys(i).find(function(e){return t.isBrowser(e,!0)});if(void 0!==l)return this.compareVersion(i[l])}}},{key:"
        isBrowser ",value:function(e){var t=arguments.length>1&&void 0!==arguments[1]&&arguments[1],r=this.getBrowserName(),n=[r.toLowerCase()],i=o.default.getBrowserAlias(r);return t&&void 0!==i&&n.push(i.toLowerCase()),-1!==n.indexOf(e.toLowerCase())}},{key:"
        compareVersion ",value:function(e){var t=[0],r=e,n=!1,i=this.getBrowserVersion();if("
        string "==typeof i)return" > "===e[0]||" < "===e[0]?(r=e.substr(1)," = "===e[1]?(n=!0,r=e.substr(2)):t=[]," > "===e[0]?t.push(1):t.push(-1)):" = "===e[0]?r=e.substr(1):"~"===e[0]&&(n=!0,r=e.substr(1)),t.indexOf(o.default.compareVersions(i,r,n))>-1}},{key:"
        isOS ",value:function(e){return this.getOSName(!0)===String(e).toLowerCase()}},{key:"
        isPlatform ",value:function(e){return this.getPlatformType(!0)===String(e).toLowerCase()}},{key:"
        isEngine ",value:function(e){return this.getEngineName(!0)===String(e).toLowerCase()}},{key:"
        is ",value:function(e){return this.isBrowser(e)||this.isOS(e)||this.isPlatform(e)}},{key:"
        some ",value:function(){var e=this;return(arguments.length>0&&void 0!==arguments[0]?arguments[0]:[]).some(function(t){return e.is(t)})}}])&&d(t.prototype,r),e;var t,r}();r.default=f,e.exports=t.default})?n.apply(t,i):n)||(e.exports=s)},88:function(e,t,r){var n,i,s;i=[t,r(17)],void 0===(s="
        function "==typeof(n=function(r,n){"
        use strict ";var i;Object.defineProperty(r,"
        __esModule ",{value:!0}),r.default=void 0,n=(i=n)&&i.__esModule?i:{default:i};var s=/version\/(\d+(\.?_?\d+)+)/i,a=[{test:[/googlebot/i],describe:function(e){var t={name:"
        Googlebot "},r=n.default.getFirstMatch(/googlebot\/(\d+(\.\d+))/i,e)||n.default.getFirstMatch(s,e);return r&&(t.version=r),t}},{test:[/opera/i],describe:function(e){var t={name:"
        Opera "},r=n.default.getFirstMatch(s,e)||n.default.getFirstMatch(/(?:opera)[\s\/](\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/opr\/|opios/i],describe:function(e){var t={name:"
        Opera "},r=n.default.getFirstMatch(/(?:opr|opios)[\s\/](\S+)/i,e)||n.default.getFirstMatch(s,e);return r&&(t.version=r),t}},{test:[/SamsungBrowser/i],describe:function(e){var t={name:"
        Samsung Internet
        for Android "},r=n.default.getFirstMatch(s,e)||n.default.getFirstMatch(/(?:SamsungBrowser)[\s\/](\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/Whale/i],describe:function(e){var t={name:"
        NAVER Whale Browser "},r=n.default.getFirstMatch(s,e)||n.default.getFirstMatch(/(?:whale)[\s\/](\d+(?:\.\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/MZBrowser/i],describe:function(e){var t={name:"
        MZ Browser "},r=n.default.getFirstMatch(/(?:MZBrowser)[\s\/](\d+(?:\.\d+)+)/i,e)||n.default.getFirstMatch(s,e);return r&&(t.version=r),t}},{test:[/focus/i],describe:function(e){var t={name:"
        Focus "},r=n.default.getFirstMatch(/(?:focus)[\s\/](\d+(?:\.\d+)+)/i,e)||n.default.getFirstMatch(s,e);return r&&(t.version=r),t}},{test:[/swing/i],describe:function(e){var t={name:"
        Swing "},r=n.default.getFirstMatch(/(?:swing)[\s\/](\d+(?:\.\d+)+)/i,e)||n.default.getFirstMatch(s,e);return r&&(t.version=r),t}},{test:[/coast/i],describe:function(e){var t={name:"
        Opera Coast "},r=n.default.getFirstMatch(s,e)||n.default.getFirstMatch(/(?:coast)[\s\/](\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/yabrowser/i],describe:function(e){var t={name:"
        Yandex Browser "},r=n.default.getFirstMatch(/(?:yabrowser)[\s\/](\d+(\.?_?\d+)+)/i,e)||n.default.getFirstMatch(s,e);return r&&(t.version=r),t}},{test:[/ucbrowser/i],describe:function(e){var t={name:"
        UC Browser "},r=n.default.getFirstMatch(s,e)||n.default.getFirstMatch(/(?:ucbrowser)[\s\/](\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/Maxthon|mxios/i],describe:function(e){var t={name:"
        Maxthon "},r=n.default.getFirstMatch(s,e)||n.default.getFirstMatch(/(?:Maxthon|mxios)[\s\/](\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/epiphany/i],describe:function(e){var t={name:"
        Epiphany "},r=n.default.getFirstMatch(s,e)||n.default.getFirstMatch(/(?:epiphany)[\s\/](\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/puffin/i],describe:function(e){var t={name:"
        Puffin "},r=n.default.getFirstMatch(s,e)||n.default.getFirstMatch(/(?:puffin)[\s\/](\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/sleipnir/i],describe:function(e){var t={name:"
        Sleipnir "},r=n.default.getFirstMatch(s,e)||n.default.getFirstMatch(/(?:sleipnir)[\s\/](\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/k-meleon/i],describe:function(e){var t={name:"
        K - Meleon "},r=n.default.getFirstMatch(s,e)||n.default.getFirstMatch(/(?:k-meleon)[\s\/](\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/micromessenger/i],describe:function(e){var t={name:"
        WeChat "},r=n.default.getFirstMatch(/(?:micromessenger)[\s\/](\d+(\.?_?\d+)+)/i,e)||n.default.getFirstMatch(s,e);return r&&(t.version=r),t}},{test:[/msie|trident/i],describe:function(e){var t={name:"
        Internet Explorer "},r=n.default.getFirstMatch(/(?:msie |rv:)(\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/\sedg\//i],describe:function(e){var t={name:"
        Microsoft Edge "},r=n.default.getFirstMatch(/\sedg\/(\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/edg([ea]|ios)/i],describe:function(e){var t={name:"
        Microsoft Edge "},r=n.default.getSecondMatch(/edg([ea]|ios)\/(\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/vivaldi/i],describe:function(e){var t={name:"
        Vivaldi "},r=n.default.getFirstMatch(/vivaldi\/(\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/seamonkey/i],describe:function(e){var t={name:"
        SeaMonkey "},r=n.default.getFirstMatch(/seamonkey\/(\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/sailfish/i],describe:function(e){var t={name:"
        Sailfish "},r=n.default.getFirstMatch(/sailfish\s?browser\/(\d+(\.\d+)?)/i,e);return r&&(t.version=r),t}},{test:[/silk/i],describe:function(e){var t={name:"
        Amazon Silk "},r=n.default.getFirstMatch(/silk\/(\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/phantom/i],describe:function(e){var t={name:"
        PhantomJS "},r=n.default.getFirstMatch(/phantomjs\/(\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/slimerjs/i],describe:function(e){var t={name:"
        SlimerJS "},r=n.default.getFirstMatch(/slimerjs\/(\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/blackberry|\bbb\d+/i,/rim\stablet/i],describe:function(e){var t={name:"
        BlackBerry "},r=n.default.getFirstMatch(s,e)||n.default.getFirstMatch(/blackberry[\d]+\/(\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/(web|hpw)[o0]s/i],describe:function(e){var t={name:"
        WebOS Browser "},r=n.default.getFirstMatch(s,e)||n.default.getFirstMatch(/w(?:eb)?[o0]sbrowser\/(\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/bada/i],describe:function(e){var t={name:"
        Bada "},r=n.default.getFirstMatch(/dolfin\/(\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/tizen/i],describe:function(e){var t={name:"
        Tizen "},r=n.default.getFirstMatch(/(?:tizen\s?)?browser\/(\d+(\.?_?\d+)+)/i,e)||n.default.getFirstMatch(s,e);return r&&(t.version=r),t}},{test:[/qupzilla/i],describe:function(e){var t={name:"
        QupZilla "},r=n.default.getFirstMatch(/(?:qupzilla)[\s\/](\d+(\.?_?\d+)+)/i,e)||n.default.getFirstMatch(s,e);return r&&(t.version=r),t}},{test:[/firefox|iceweasel|fxios/i],describe:function(e){var t={name:"
        Firefox "},r=n.default.getFirstMatch(/(?:firefox|iceweasel|fxios)[\s\/](\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/chromium/i],describe:function(e){var t={name:"
        Chromium "},r=n.default.getFirstMatch(/(?:chromium)[\s\/](\d+(\.?_?\d+)+)/i,e)||n.default.getFirstMatch(s,e);return r&&(t.version=r),t}},{test:[/chrome|crios|crmo/i],describe:function(e){var t={name:"
        Chrome "},r=n.default.getFirstMatch(/(?:chrome|crios|crmo)\/(\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:function(e){var t=!e.test(/like android/i),r=e.test(/android/i);return t&&r},describe:function(e){var t={name:"
        Android Browser "},r=n.default.getFirstMatch(s,e);return r&&(t.version=r),t}},{test:[/playstation 4/i],describe:function(e){var t={name:"
        PlayStation 4 "},r=n.default.getFirstMatch(s,e);return r&&(t.version=r),t}},{test:[/safari|applewebkit/i],describe:function(e){var t={name:"
        Safari "},r=n.default.getFirstMatch(s,e);return r&&(t.version=r),t}},{test:[/.*/i],describe:function(e){var t=-1!==e.search("\\ (")?/^(.*)\/(.*)[ \t]\((.*)/:/^(.*)\/(.*) /;return{name:n.default.getFirstMatch(t,e),version:n.default.getSecondMatch(t,e)}}}];r.default=a,e.exports=t.default})?n.apply(t,i):n)||(e.exports=s)},89:function(e,t,r){var n,i;void 0===(i="function "==typeof(n=function(e){"
                use strict ";Object.defineProperty(e,"
                __esModule ",{value:!0}),e.BROWSER_ALIASES_MAP=void 0,e.BROWSER_ALIASES_MAP={"
                Amazon Silk ":"
                amazon_silk ","
                Android Browser ":"
                android ",Bada:"
                bada ",BlackBerry:"
                blackberry ",Chrome:"
                chrome ",Chromium:"
                chromium ",Epiphany:"
                epiphany ",Firefox:"
                firefox ",Focus:"
                focus ",Generic:"
                generic ",Googlebot:"
                googlebot ","
                Internet Explorer ":"
                ie ","
                K - Meleon ":"
                k_meleon ",Maxthon:"
                maxthon ","
                Microsoft Edge ":"
                edge ","
                MZ Browser ":"
                mz ","
                NAVER Whale Browser ":"
                naver ",Opera:"
                opera ","
                Opera Coast ":"
                opera_coast ",PhantomJS:"
                phantomjs ",Puffin:"
                puffin ",QupZilla:"
                qupzilla ",Safari:"
                safari ",Sailfish:"
                sailfish ","
                Samsung Internet
                for Android ":"
                samsung_internet ",SeaMonkey:"
                seamonkey ",Sleipnir:"
                sleipnir ",Swing:"
                swing ",Tizen:"
                tizen ","
                UC Browser ":"
                uc ",Vivaldi:"
                vivaldi ","
                WebOS Browser ":"
                webos ",WeChat:"
                wechat ","
                Yandex Browser ":"
                yandex "}})?n.apply(t,[t]):n)||(e.exports=i)},90:function(e,t,r){var n,i,s;i=[t,r(17)],void 0===(s="
                function "==typeof(n=function(r,n){"
                use strict ";var i;Object.defineProperty(r,"
                __esModule ",{value:!0}),r.default=void 0,n=(i=n)&&i.__esModule?i:{default:i};var s=[{test:[/windows phone/i],describe:function(e){return{name:"
                Windows Phone ",version:n.default.getFirstMatch(/windows phone (?:os)?\s?(\d+(\.\d+)*)/i,e)}}},{test:[/windows/i],describe:function(e){var t=n.default.getFirstMatch(/Windows ((NT|XP)( \d\d?.\d)?)/i,e);return{name:"
                Windows ",version:t,versionName:n.default.getWindowsVersionName(t)}}},{test:[/macintosh/i],describe:function(e){return{name:"
                macOS ",version:n.default.getFirstMatch(/mac os x (\d+(\.?_?\d+)+)/i,e).replace(/[_\s]/g,".
                ")}}},{test:[/(ipod|iphone|ipad)/i],describe:function(e){return{name:"
                iOS ",version:n.default.getFirstMatch(/os (\d+([_\s]\d+)*) like mac os x/i,e).replace(/[_\s]/g,".
                ")}}},{test:function(e){var t=!e.test(/like android/i),r=e.test(/android/i);return t&&r},describe:function(e){var t=n.default.getFirstMatch(/android[\s\/-](\d+(\.\d+)*)/i,e),r=n.default.getAndroidVersionName(t),i={name:"
                Android ",version:t};return r&&(i.versionName=r),i}},{test:[/(web|hpw)[o0]s/i],describe:function(e){var t=n.default.getFirstMatch(/(?:web|hpw)[o0]s\/(\d+(\.\d+)*)/i,e),r={name:"
                WebOS "};return t&&t.length&&(r.version=t),r}},{test:[/blackberry|\bbb\d+/i,/rim\stablet/i],describe:function(e){return{name:"
                BlackBerry ",version:n.default.getFirstMatch(/rim\stablet\sos\s(\d+(\.\d+)*)/i,e)||n.default.getFirstMatch(/blackberry\d+\/(\d+([_\s]\d+)*)/i,e)||n.default.getFirstMatch(/\bbb(\d+)/i,e)}}},{test:[/bada/i],describe:function(e){return{name:"
                Bada ",version:n.default.getFirstMatch(/bada\/(\d+(\.\d+)*)/i,e)}}},{test:[/tizen/i],describe:function(e){return{name:"
                Tizen ",version:n.default.getFirstMatch(/tizen[\/\s](\d+(\.\d+)*)/i,e)}}},{test:[/linux/i],describe:function(){return{name:"
                Linux "}}},{test:[/CrOS/],describe:function(){return{name:"
                Chrome OS "}}},{test:[/PlayStation 4/],describe:function(e){return{name:"
                PlayStation 4 ",version:n.default.getFirstMatch(/PlayStation 4[\/\s](\d+(\.\d+)*)/i,e)}}}];r.default=s,e.exports=t.default})?n.apply(t,i):n)||(e.exports=s)},91:function(e,t,r){var n,i,s;i=[t,r(17)],void 0===(s="
                function "==typeof(n=function(r,n){"
                use strict ";var i;Object.defineProperty(r,"
                __esModule ",{value:!0}),r.default=void 0,n=(i=n)&&i.__esModule?i:{default:i};var s="
                tablet ",a="
                mobile ",o="
                desktop ",u="
                tv ",c=[{test:[/googlebot/i],describe:function(){return{type:"
                bot ",vendor:"
                Google "}}},{test:[/huawei/i],describe:function(e){var t=n.default.getFirstMatch(/(can-l01)/i,e)&&"
                Nova ",r={type:a,vendor:"
                Huawei "};return t&&(r.model=t),r}},{test:[/nexus\s*(?:7|8|9|10).*/i],describe:function(){return{type:s,vendor:"
                Nexus "}}},{test:[/ipad/i],describe:function(){return{type:s,vendor:"
                Apple ",model:"
                iPad "}}},{test:[/kftt build/i],describe:function(){return{type:s,vendor:"
                Amazon ",model:"
                Kindle Fire HD 7 "}}},{test:[/silk/i],describe:function(){return{type:s,vendor:"
                Amazon "}}},{test:[/tablet/i],describe:function(){return{type:s}}},{test:function(e){var t=e.test(/ipod|iphone/i),r=e.test(/like (ipod|iphone)/i);return t&&!r},describe:function(e){var t=n.default.getFirstMatch(/(ipod|iphone)/i,e);return{type:a,vendor:"
                Apple ",model:t}}},{test:[/nexus\s*[0-6].*/i,/galaxy nexus/i],describe:function(){return{type:a,vendor:"
                Nexus "}}},{test:[/[^-]mobi/i],describe:function(){return{type:a}}},{test:function(e){return"
                blackberry "===e.getBrowserName(!0)},describe:function(){return{type:a,vendor:"
                BlackBerry "}}},{test:function(e){return"
                bada "===e.getBrowserName(!0)},describe:function(){return{type:a}}},{test:function(e){return"
                windows phone "===e.getBrowserName()},describe:function(){return{type:a,vendor:"
                Microsoft "}}},{test:function(e){var t=Number(String(e.getOSVersion()).split(".
                ")[0]);return"
                android "===e.getOSName(!0)&&t>=3},describe:function(){return{type:s}}},{test:function(e){return"
                android "===e.getOSName(!0)},describe:function(){return{type:a}}},{test:function(e){return"
                macos "===e.getOSName(!0)},describe:function(){return{type:o,vendor:"
                Apple "}}},{test:function(e){return"
                windows "===e.getOSName(!0)},describe:function(){return{type:o}}},{test:function(e){return"
                linux "===e.getOSName(!0)},describe:function(){return{type:o}}},{test:function(e){return"
                playstation 4 "===e.getOSName(!0)},describe:function(){return{type:u}}}];r.default=c,e.exports=t.default})?n.apply(t,i):n)||(e.exports=s)},92:function(e,t,r){var n,i,s;i=[t,r(17)],void 0===(s="
                function "==typeof(n=function(r,n){"
                use strict ";var i;Object.defineProperty(r,"
                __esModule ",{value:!0}),r.default=void 0,n=(i=n)&&i.__esModule?i:{default:i};var s=[{test:function(e){return"
                microsoft edge "===e.getBrowserName(!0)},describe:function(e){return/\sedg\//i.test(e)?{name:"
                Blink "}:{name:"
                EdgeHTML ",version:n.default.getFirstMatch(/edge\/(\d+(\.?_?\d+)+)/i,e)}}},{test:[/trident/i],describe:function(e){var t={name:"
                Trident "},r=n.default.getFirstMatch(/trident\/(\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:function(e){return e.test(/presto/i)},describe:function(e){var t={name:"
                Presto "},r=n.default.getFirstMatch(/presto\/(\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:function(e){var t=e.test(/gecko/i),r=e.test(/like gecko/i);return t&&!r},describe:function(e){var t={name:"
                Gecko "},r=n.default.getFirstMatch(/gecko\/(\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/(apple)?webkit\/537\.36/i],describe:function(){return{name:"
                Blink "}}},{test:[/(apple)?webkit/i],describe:function(e){var t={name:"
                WebKit "},r=n.default.getFirstMatch(/webkit\/(\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}}];r.default=s,e.exports=t.default})?n.apply(t,i):n)||(e.exports=s)}})});},{}],"
                H99C ":[function(require,module,exports) {"
                use strict ";require("
                normalize.css "),require(". / style.scss ");var e=t(require("
                bowser "));function t(e){return e&&e.__esModule?e:{default:e}}var s=e.default.parse(window.navigator.userAgent),a="
                firefox "==s.browser.name.toLowerCase().replace(/\s/g," - "),r="
                yandex - browser "==s.browser.name.toLowerCase().replace(/\s/g," - "),o=document.querySelector(".sc "),i=(window.navigator.language||window.navigator.languages[0]).slice(0,2),n=-1!=["
                ar ","
                dv ","
                he ","
                ku ","
                fa ","
                ur "].indexOf(i)?"
                rtl ":"
                ltr ";o.classList.add(i),o.classList.add(n),o.classList.add("
                sc--".concat(s.platform.type)),o.classList.add("
                sc--".concat(s.os.name.toLowerCase())),o.classList.add("
                sc--".concat(s.browser.name.toLowerCase().replace(/\s/g," - ")));var l={};"
                desktop "==s.platform.type?("
                macos "==s.os.name.toLowerCase()&&(l.height=150),"
                rtl "==n?(l.left="
                auto ",l.right=0,a?l.right=262:r&&(l.left=17,l.right="
                auto ")):(l.left=85,l.right="
                auto ",a?l.left=262:r&&(l.left="
                auto ",l.right=17))):l.left=0,void 0===window.setStyle&&(console.error("
                window.setStyle is not a
                function "),window.setStyle=function(){}),window.setStyle(l);},{"
                normalize.css ":"
                9 KIJ ",". / style.scss ":"
                9 KIJ ","
                bowser ":"
                JSid "}]},{},["
                H99C "], null)</script></body></html></html>
                                    

#3 JavaScript::Write (size: 12, repeated: 1) - SHA256: fb8b743680f0871d49341b682e278f61aa714e0bf4a645f8f5949ded56df1326

                                        Firefox 96.0
                                    

#4 JavaScript::Write (size: 5, repeated: 1) - SHA256: 4828e60247c1636f57b7446a314e7f599c12b53d40061cc851a1442004354fed

                                        Linux
                                    

#5 JavaScript::Write (size: 9, repeated: 1) - SHA256: aca276292c8ef7d9b8e0bba21a05e9da944723bd88bf21f86d3baf03a761fd4f

                                        1280 x1024
                                    


HTTP Transactions (184)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.15
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 24 Sep 2022 11:05:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 af877631d7eceee4a5878c04d25f5986.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: iJHLoYNNWOFgm4Ww_RDX9zVjo-cJWygxEfMkWozmki5SPwgpgcN17Q==
Age: 1879


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9404
Expires: Sat, 24 Sep 2022 14:13:42 GMT
Date: Sat, 24 Sep 2022 11:36:58 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         108.156.28.95
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Sep 2022 04:13:03 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 7309328e91f012108061822748228b68.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: hEh5aHFwy3w8NFTS3Ufh1WaiC7XUvRx8doMKmvxb8kRKs_bfM02aCg==
age: 26635
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 24 Sep 2022 11:36:58 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /ntfc.php?p=2651991 HTTP/1.1 
Host: glimtors.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         139.45.197.251
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 24 Sep 2022 11:36:58 GMT
Last-Modified: Tue, 20 Sep 2022 07:25:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63296afd-38a8"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Content-Encoding: gzip


--- Additional Info ---
Magic:  C source, ASCII text, with very long lines (14504), with no line terminators
Size:   5936
Md5:    2dc56cbe6ace5b8e04ea88157f3a3fad
Sha1:   a2682aab8a9a39ada36c5a0755a952efd03e265f
Sha256: aae4015874fe9eec20704ad59c71840604a641df7beb0c617bf6d52712dda633

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET / HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Date: Sat, 24 Sep 2022 11:36:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=saRI4Rh8z44%2BePkSo9Uvv7Q%2FFvUnKJQYW5lYavlL9AKWVUUSvmoSy2uMpr1e6QhWRd7Rzp3ytBTG0ZcbePwjmQKKtgh8G9QG96gunrZIpHxB8rMvg0C4oWIkpJ8eh74%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74fb39b37b2f1c0a-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (60411)
Size:   92342
Md5:    31dd862a41846f54573d1801c1bc2c90
Sha1:   562cea28983d07e68db90a8ad418353cbf05247d
Sha256: b567fe03e3791e510fb757620e2a98bb3c8c36c6430333e84dccce5d5e70f45e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /TH5z5DM.png HTTP/1.1 
Host: i.imgur.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.84.193
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Sun, 25 Jul 2021 13:23:59 GMT
etag: "063ed504acc2ee96cec413d248379761"
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 24 Sep 2022 11:36:58 GMT
age: 2779708
x-served-by: cache-iad-kcgs7200177-IAD, cache-bma1633-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 12
x-timer: S1664019419.655047,VS0,VE0
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 1476
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 94 x 89, 8-bit/color RGBA, non-interlaced\012- data
Size:   1476
Md5:    063ed504acc2ee96cec413d248379761
Sha1:   c2ba3db79e0b25c801ff431539a63d17014533ca
Sha256: 5718709bc4408d9d06689ad12333e3e79299dd44abcf447ca6a5718aedc8a517
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 11:36:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "FE43AB8011CA3508C2B811EB55482976C239542E2A0E8DE35167F5469E15EDDC"
Last-Modified: Thu, 22 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13835
Expires: Sat, 24 Sep 2022 15:27:33 GMT
Date: Sat, 24 Sep 2022 11:36:58 GMT
Connection: keep-alive

                                        
                                            GET /assets/fonts/fonts.css HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: text/css;charset=UTF-8
                                        
Date: Sat, 24 Sep 2022 11:36:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jhPgzVee0RQmdciJ6%2FhRHwGf1Kc9EsGQ%2FVOeVtpzDBb61syjOHMKiCdKaiDfeMgsxUlfzGvCBZdcRHZXyzQwxivFM%2BSaprNOzuie9boQ3jD2fIi8mo%2F9gqe7sXvWv30%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b61862b512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text
Size:   1121
Md5:    4d6865342cab4d9eddc47fed493ad12b
Sha1:   078ef82b27357fcd18f9547d042c8e0deff09fe8
Sha256: bfeb9f11cde780768801d2a1e9e49ea169c307d7357678332603dad7fa6c3f88
                                        
                                            GET /script/bootstrap.js HTTP/1.1 
Host: cdnquality.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.17.72.30
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 24 Sep 2022 11:36:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: ADPycduJU3UZq3J3GHnUNLomDykgpXFt1yVIPgVO4zed_-if5tEsgiThQRwPh1weMF45bOwWWrqIHVYpY7dvKhyhoUT9yw
x-goog-generation: 1662626315119008
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 100523
x-goog-hash: crc32c=PsCFGQ==, md5=kKQG58EUy5y9vRcdgoLiJA==
x-goog-storage-class: MULTI_REGIONAL
Access-Control-Allow-Origin: *
Expires: Sat, 24 Sep 2022 15:36:58 GMT
Cache-Control: public, max-age=14400
Last-Modified: Thu, 08 Sep 2022 08:38:35 GMT
ETag: W/"90a406e7c114cb9cbdbd171d8282e224"
CF-Cache-Status: HIT
Age: 2118
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b76a45b503-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (37814), with NEL line terminators
Size:   33307
Md5:    4bdbadd335465a68d3520ef6fea6ef42
Sha1:   655e8482b039c691190fd080c076e68e5f57708b
Sha256: c4f697ac4a0251edbb81e87b450635576554df336cc95199afef7103570a2033
                                        
                                            GET /app/apx19.js HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
Date: Sat, 24 Sep 2022 11:36:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 03 Nov 2021 22:39:34 GMT
ETag: W/"61830fa6-23df"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DrNyTPzy5z9%2B0QSCmjStudHFs0o7aodIuETwEGjr8erR3ULOF0b6ojb%2FLxhIyb7Y3jwEoFW%2BSvY7kpY9593ZFuthsF7FTzah8l3BAyS8MmHc0n%2B%2Bbj4os91WpPYlSsw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b76ede1c0a-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (9183), with no line terminators
Size:   2613
Md5:    9ea8acd8d74e4f328d558b64219e02c5
Sha1:   156ce99860c738bee0a97dbe9c543a83f4fd5457
Sha256: cc0dc5bf2c19d0830dd3962179d22ed40f200ecf8dc905a4e64bba0c1ccf9dff

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "9753C62C5C23CD8DCF2676D85DDA25D6DE710DA174BAB19D10F451681D066B58"
Last-Modified: Fri, 23 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7998
Expires: Sat, 24 Sep 2022 13:50:16 GMT
Date: Sat, 24 Sep 2022 11:36:58 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 11:36:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /app/apx14.js HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
Date: Sat, 24 Sep 2022 11:36:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 03 Nov 2021 22:39:34 GMT
ETag: W/"61830fa6-1def"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cEpUsscsWk8Hf6dh%2BQsPim%2BTLTHOLfTG%2Bh6pu6tlRJzz97b4iCuL7xy%2Fe7JYJek421NRqQMl%2FdDn00iQoutsMpFiVwvW2AGy94alGCi9scEvYvmQ3q0OgnQyJJClWLI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b76f2bb4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (7663), with no line terminators
Size:   2220
Md5:    5fd0d992c153321728eef72725f9e2f1
Sha1:   11af100c190b0c91d3126ca0c792aa6cd3954897
Sha256: f39352e9834fda1868dab410b72a2850f516686f140843e9f0eef835be503330

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "596796BA37B19822F4AF2C25F963646DC57392F389B5AB9E2FD260EF911AA750"
Last-Modified: Fri, 23 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2361
Expires: Sat, 24 Sep 2022 12:16:19 GMT
Date: Sat, 24 Sep 2022 11:36:58 GMT
Connection: keep-alive

                                        
                                            GET /hy.js?q22q2q2 HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
Date: Sat, 24 Sep 2022 11:36:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 03 Nov 2021 22:39:31 GMT
ETag: W/"61830fa3-db43"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OOQ1PkuXzwMcxDu0QQB%2FZbvPTsqzRo9dZGddCGCgBxyLx0eN4Y0BTFGgIl1lFXbsubmXD8XaJ2qQ5Kjfq2GsT7tiYqdMj8J7yLCJEr6AQQsuroiiqIKwD7m0tXIEVWg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b76954b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (56131), with no line terminators
Size:   17517
Md5:    f12634066d38736854588dc61b5ba109
Sha1:   623e90c430f1609e59e16407553e2d2ff8882d8e
Sha256: 7ca898a6218b8e61a9a999ffb0c76a9c60f86dfd4353b2496225e6473c72c0de

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zpp/zpp4.js?q22q2q2 HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
Date: Sat, 24 Sep 2022 11:36:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 03 Nov 2021 22:40:10 GMT
ETag: W/"61830fca-9853"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Tx3b4LI1djp8zb9BvMsxvj9vdn0nWy6zkP3IuQAb%2F6aitygYuqHYpyxEzjNft98jQpm5lEDOB1SE67i%2BQ58MG5KI1ukzWfBiTyTw8cuipqqCjh3JLiVMWFNjkxmNi4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b76c25b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (38995), with no line terminators
Size:   14287
Md5:    3c741ddc90399bc2910b2cdc0a826716
Sha1:   163182c6b04f146fbf6de424ead05c91e59e3c51
Sha256: e6753c7588e28e17f44aa00cbe8c314de3f2bbcb8e892a439eed11dd989b1d84

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "9753C62C5C23CD8DCF2676D85DDA25D6DE710DA174BAB19D10F451681D066B58"
Last-Modified: Fri, 23 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7998
Expires: Sat, 24 Sep 2022 13:50:16 GMT
Date: Sat, 24 Sep 2022 11:36:58 GMT
Connection: keep-alive

                                        
                                            GET /5/2632704 HTTP/1.1 
Host: benumelan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         139.45.197.239
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 24 Sep 2022 11:36:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: ef493012f2e95c2b442ab58d89b1fc76
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=579046efdd454324862e084be28182c3; expires=Sun, 24 Sep 2023 11:36:58 GMT; path=/ oaidts=1664019418; expires=Sun, 24 Sep 2023 11:36:58 GMT; path=/ syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (62318), with no line terminators
Size:   23217
Md5:    9443018804a3154814fa5227507a2cb8
Sha1:   a2938babbc03e349f9fdd2dd40e357a5bc3081c8
Sha256: e61b9c285ee4e74f5a88463c27c4b853ab1f0794d8782dd7b0b8446ecb84f9a8
                                        
                                            GET /app/x12.js HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
Date: Sat, 24 Sep 2022 11:36:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 03 Nov 2021 22:39:34 GMT
ETag: W/"61830fa6-2bac"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nr8GbA6lLzuj1isZBi%2BkoI2oYuu8vzQm8D%2F2Nj5LKddYzqU0Tth3NOkgDekAzvwdWpk%2F9%2FbovZuLRJRe4I8382Z8qx80N4zmdofQ0Yh%2FUu%2Ba%2FLAtWGmm0Gvlv3r6BqE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b7cf511c0a-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (11180), with no line terminators
Size:   3024
Md5:    7f0c811d15a31a93662cfa30df4ef5ea
Sha1:   3f5b8f499bc7f50d2315eadc7cf043d317b60b95
Sha256: af3050874dc2886642989014b75a7b4734239520ee7d36ea06d4527e41d92beb

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /400/3064505 HTTP/1.1 
Host: inpagepush.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         139.45.197.237
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 24 Sep 2022 11:36:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 3741884ec5d675f6b8dd6903cad6db95
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=a72b1d57ba37407b9229727c9c70ee91; expires=Sun, 24 Sep 2023 11:36:58 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   31030
Md5:    6ceaf0cb63cfd0e0546ea3b1dba09a2b
Sha1:   a357eaf50a642a70be55751a7bbbd646c2dabcfb
Sha256: ff5a0a215fe8886f4edfa558756486752fca627814b77a0304cccce449854d8b

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4EBF7B29337DC4098A4C2EEE2ACCB6093CF870CAB3D77690CF539B9F289894A1"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3484
Expires: Sat, 24 Sep 2022 12:35:02 GMT
Date: Sat, 24 Sep 2022 11:36:58 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4EBF7B29337DC4098A4C2EEE2ACCB6093CF870CAB3D77690CF539B9F289894A1"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3484
Expires: Sat, 24 Sep 2022 12:35:02 GMT
Date: Sat, 24 Sep 2022 11:36:58 GMT
Connection: keep-alive

                                        
                                            GET /assets/minified/2bacb5de663bc55f0cbed2b4a7d1504dc.css?2 HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: text/css;charset=UTF-8
                                        
Date: Sat, 24 Sep 2022 11:36:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B2dvJMUCDh8IgfM80Mx35RRlt6Yv4Gf5NnbxhWbGWOjCktpWMu2zc8mAEyNGf1yHaUUcE8Ei%2Bs2NwaXM0l%2B9grubGLAajieCa0PYN3VVeqqcnSu5yPB4yPgN82hpcEU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b62f61b506-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (57580)
Size:   20227
Md5:    f6baa5754564f3db32bfb36cc8c2b8ec
Sha1:   396282b4692ce4c36098ae784df2b1b8750910dd
Sha256: e9b877d4cfe9778fcb107bbc5c1339b3c5e687f7213c94837dfa32566762e3ee

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zone?pub=0&zone_id=2651991&is_mobile=false&domain=yts.yts2.net&var=&ymid=&var_3= HTTP/1.1 
Host: glimtors.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Origin: http://yts.yts2.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.251
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sat, 24 Sep 2022 11:36:58 GMT
content-length: 705
x-trace-id: f87c278258b0c27d95a7115fbbf2b5c0
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (704)
Size:   705
Md5:    b18d5b02acbe521fa98c14f41a146878
Sha1:   b41fb97c36ff991a2f7472d1a3f6f6155f07baaa
Sha256: f5d46eb65adae4c5657a5f10f8636ec0f886e1f93770b4e1974de5f198e30266

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "FE43AB8011CA3508C2B811EB55482976C239542E2A0E8DE35167F5469E15EDDC"
Last-Modified: Thu, 22 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13834
Expires: Sat, 24 Sep 2022 15:27:33 GMT
Date: Sat, 24 Sep 2022 11:36:59 GMT
Connection: keep-alive

                                        
                                            GET /hit?t=USRur-core-nomedia&accountId=8304d5a6-2fb4-4e26-bb15-eebf51293e6d&rnd=4uphk2vr1c&dsu=1.c386fb1104692a5d.71a8695d-4d39-4d0f-afe0-230d0a232786.1.1362.86df7ee4169b67f3&med=http%3A%2F%2Fyts.yts2.net%2F HTTP/1.1 
Host: visitanalytics.userreport.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         108.138.217.52
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
last-modified: Thu, 04 Jun 2020 12:03:06 GMT
x-amz-meta-cb-modifiedtime: Tue, 14 Apr 2015 11:43:27 GMT
x-amz-version-id: vrBc0EhGKa8dl_tujGhI9Fe7xKDJ.7QF
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Sep 2022 09:40:48 GMT
cache-control: no-cache, no-store, must-revalidate
expires: 0
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a3ffeedc8ed545612c2465ea4fb13fbe.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: LziGDxJwsdzBak-G7Bf8FE33z3buMZhpCTTVTuhTOT5oMTSWmlyVPQ==
age: 17510
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /assets/images/website/banner1080p.png HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A3mM35P91GuduGl5aprF2dOHxUHhquL5Mq8RgyxV6yE%2FHIgo1MjkMC4ei27s3OWzVjPSPgGCtVeJoV475RMyo8UnY7WCiLaYpF%2BUG3LICtWILZhP7yj%2Fxq4c13ES%2Fr4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b8681ab4f9-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 118 x 91, 8-bit gray+alpha, non-interlaced\012- data
Size:   1606
Md5:    7028eef7ae02c71d2deaa8732b336b52
Sha1:   8868b6729d736341aa0f6ceef44c3c10912f8b96
Sha256: 285ed5a42f875509d424f98f667e4ff49581ddb68537aab4779f665d001ba128
                                        
                                            GET /assets/images/movies/a_haunting_on_dice_road_2_town_of_the_dead_2017/medium-cover.jpg HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XbBa3OANl%2BiJ9DHUgj1G1w8iEuXKyfP3SFLwRj8OgUU9euu%2FBfTpIABn7RHYOatcIqM%2FP0nyBL9VxyEgDKc%2B6TexEAH%2BvK9wpISjXlUHwytboSeXi86ALsdg%2B7FY1DA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b86d7db51b-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Size:   25132
Md5:    2ef18015c48e265bd8e0ea6b046a4251
Sha1:   e6441283a6100115256083f485ddc4f8817e6c13
Sha256: dcde09c38ed7be9391af88998f9ffe8dd212af91aed1fbb42a08c6dec231c5af
                                        
                                            GET /css2?family=Roboto:wght@400&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 24 Sep 2022 11:36:58 GMT
date: Sat, 24 Sep 2022 11:36:58 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   39847
Md5:    5874f3c36acf38baa9810e70b386537b
Sha1:   c3c7460f45d0ae790430e2cbfd9fd3f20dd5565b
Sha256: 435f14459c043f9cc62b4d2c51c307b312b5d7e2f34e41db8a774633fe8a1393
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /metrika/tag.js?1001 HTTP/1.1 
Host: metrica-yandex.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.11.244
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Sat, 24 Sep 2022 11:36:58 GMT
last-modified: Thu, 30 Sep 2021 23:00:22 GMT
etag: W/"61564186-eb6f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 30975393
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r3jnnm6Idazae3Pg4meNQJ6sxlkHgIDz0Z6LJbY35mDtdDRc3k8m9tQdjPUSoh%2FhmHht9SvsEO01Bmc5xgkwIlOTUMc91BIXNeVh49aRAfswDyAjPKKShlO7bk%2FyuYp32wPzbRM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39b63d6eb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (60271), with no line terminators
Size:   32585
Md5:    0909ab343acc7a2c283c1d277f600917
Sha1:   a1bf7eb8b647e92271ee311a2228f85c41924a0f
Sha256: d54fb00db64ef62ec2846e4f7131384ab68b9ec8f4eb1ac14410ee554d29651e
                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 230571
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            GET /assets/fonts/icomoon.woff?fmg7s2 HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://yts.yts2.net/assets/fonts/fonts.css

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: application/font-woff
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Wed, 21 Sep 2022 14:25:31 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2BaUvMME2cqi9I2wjlnkeLI5dQ%2FTMqNdy9c8uirIBynilEFuSDHkS2fUGoKeCU25gQYvW2XunyaITGsN7XcfuR3BceHGd8%2B%2FW1WA6KQKthcMVySOQXmUbfkMb8bFpf0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b93e92b51b-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  Web Open Font Format, CFF, length 3560, version 0.0\012- data
Size:   3560
Md5:    4e54891305c71736de2da03f14b57434
Sha1:   fbf29db32b5514cad7a908167ce63c76a91a2f12
Sha256: 332ec1d337a38ad421deff49f3585da56563253756da3870b26b46bd025f96e4
                                        
                                            GET /assets/fonts/P5sMzZCDf9_T_10ZxCE.woff2 HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://yts.yts2.net/assets/fonts/fonts.css

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Sat, 24 Sep 2022 11:36:59 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5LA4QWkkIrR%2Byn1gNriA9gbgADkC6PlLtgAP64ayh0JBwHhQ5xypAg940fpNPNzEK6M5IXBcEYlJablXUCeiTFMpIyVJQl3oMg4AubTm47dNNZYZM%2B5SAxQz7p3K9Fo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b8d876b4f9-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 18364, version 1.0\012- data
Size:   18364
Md5:    d3ee727b257658b2ec8ef91639815c2c
Sha1:   5a7721c4680c382bfd251f10123027e843079ebd
Sha256: ad69e547e43620390c7d7e192a4d00959602042fecd2be1e131a0a9b3398a36d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /assets/fonts/glyphicons-halflings-regular.woff HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://yts.yts2.net/assets/minified/2bacb5de663bc55f0cbed2b4a7d1504dc.css?2

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: application/font-woff
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Sat, 24 Sep 2022 11:36:59 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zG%2BY%2F%2BzHUdoXScu6t6oXCJsShct8vBS5X59cx2uy0mEOqENwOQ6%2BLk6YYSKPRpSiviraNv0d%2BFM17bC20806ckQggdCNamN8T2S6PcSzAq9A0SZ3aCPD0WNI4xK%2FwgQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b95b7ab511-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 23320, version 1.0\012- data
Size:   23320
Md5:    68ed1dac06bf0409c18ae7bc62889170
Sha1:   22037a3455914e5662fa51a596677bdb329e2c5c
Sha256: fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /assets/minified/modded1.js?yify=4 HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=UTF-8
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jaX7Tz4HPw%2F%2BWLT4PBcd43%2FS5YQXl9lyQzOqx7v%2FeDPrVDtFgM2GPoywgdWcw%2BQdDaFnY7x9umuS9%2FZpDUyqhOv4xtg2nnzizEAk80e7ZnIHd0HcbnHEzK7yZpGJhzU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b759c0b512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (65452)
Size:   44737
Md5:    82bc117056e97588c7ba63716676f94f
Sha1:   d92200651622d395797b8841bb05facead4e36b2
Sha256: ebeff371e1b6c69cea3284066d5c0a7b1e2ed8bcec0e6e4bf56337fac56aa4a5

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.15
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sat, 24 Sep 2022 11:20:46 GMT
Expires: Sat, 24 Sep 2022 11:42:22 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 46b5aeb0e7bcc8895e9b923ffd4a3896.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: v9XQN4SEXWWP8Uhen-zOY-udtZ3HMrDH93PfxAd1nI2xVGYHQ75JJA==
Age: 973


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /assets/fonts/P5sCzZCDf9_T_10c9CNkiA.woff2 HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://yts.yts2.net/assets/fonts/fonts.css

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Sat, 24 Sep 2022 11:36:59 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JMiopgQiXDsI6C9kZa6sz7uoBy8aIX3mWJ1O5KAWJJ7w5HAPk45oWnGTygx49QZamRb36I6QcrDoYcdjJGSM1RX%2FJthJV3qbfamxfGXO7mlotfuc%2F2lSwpDjxtJsvzg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b999a01c0a-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 20204, version 1.0\012- data
Size:   18659
Md5:    381c6ea42b5bee5fc57f3bafeb2524d0
Sha1:   d9573f35c37a1532263109b71ffb65cfd9a5d236
Sha256: 069c9f5132e41fa80dd8995c80b7b40e1a6b17d7288ad343e4a4467823608fbf

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /assets/images/movies/snowy_road_2015/medium-cover.jpg HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3fY8%2F%2BRaojXfhAKATZXN5ZvHiUXS9mAwuQzvRLR41GDD0UwrcyHHDg2IwkoougMEcUMopBd2XbNdpOxPc%2FBgfy6sffDiA0%2BURQm%2FQNQJUTiaO9NJUDVL%2FyZ8PxsiY5U%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b8697bb506-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Size:   26616
Md5:    f97b8f59da1305316400ba1a280fecfa
Sha1:   842e927ef5163f827758fc2276ee1fc6e096f599
Sha256: d40543d868810424a15e4d2940e3545f0f25ca5cf8f9625c9d5593be0472e63b
                                        
                                            GET /assets/images/website/icon-search.svg HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/assets/minified/2bacb5de663bc55f0cbed2b4a7d1504dc.css?2

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:59 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WLF4lX0rRYB0fbf9i0WFTWkUjk0LO1NUATI7upcEo8lKPnnrrwLZqPX2hkdT6v8JKl%2Bz2RnipvfFyoF9JIRJVS8QNLlQQAmkMvX9Hlhxg3oAWEaq6xkecxe5UqHj8U8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b9ef78b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size:   559
Md5:    35fb1b1fd99b576d4ab009a9354b1752
Sha1:   35eead23367569788b3fcaaa741292a200d84c8e
Sha256: a850256428026095f291a9b7d892113ad3c797f318b1bc7528f5dbd2c12619e5

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /assets/images/website/rss-icon.png HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vmzIi081uqYvVPwA2CgAtJFJI0G2ZJhAPO%2Fajz4Z0zGhyYJaYZAqJ5XiYYUlQwTzAoUZhLoWA1IT%2BL6OEuBZEcv56ud6TP89%2BEhtpsucTVGmJRsnIEqR3wLH7D6HN%2F0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b9e991b4f9-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   1460
Md5:    2374708dade12394d7d0fa4bf0d01636
Sha1:   394287de1c090befdee97dd0b159885776c39180
Sha256: 5f2cd2a2b125f6c2150c3976c43a5e6059b7ab3d67960d745eaa488f83e46d90
                                        
                                            GET /a2/86/90/a286902791a7f4c98bcb1e812322cd78.js HTTP/1.1 
Host: borrowdefeat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.9
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 532aa052ef9f8d09d15dd0c4b116b9ec
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (37119), with no line terminators
Size:   13406
Md5:    a674a5bf02a3e6e1cf123e2aeabf371e
Sha1:   478362f595edb7bc43142e7bd374dec8cabc9811
Sha256: 74d07325f212b451e2f75f181ff46f0d471918c47a166fa4f2c5fede020ad710

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /assets/images/website/banner720p.png HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=St8G9XxEs904jgDEUkQ2RzOEaUTlD3YOn7asj%2FOLb7yIBsK11fjYrZHWX1dtDi5oUufqMfo4l7yV9BzZ%2FKn0qDTQvW7ARLiywx%2BJcobCjoa6zx2HiiS0zFuhI6TUSCA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39ba7bfab506-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 118 x 91, 8-bit/color RGBA, non-interlaced\012- data
Size:   1716
Md5:    5d1af846e570e691dade89fb8ad1fb2f
Sha1:   49cef29b3c315193171011658add54ff05fb9899
Sha256: db107528cd0668fa01488c838bd75e37d830e691f754df73ce0d604c3637b4d0
                                        
                                            GET /script/ut.js?cb=1664019418258 HTTP/1.1 
Host: cdnquality.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.17.72.30
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: ADPycduQc_-Q_yReIjFJgwVVT0zrYteLdYonr0bTqZ1yhOWtytGGRamRauYRrQSHeWt_hzZMc_u8V8APdTAv9p7CZxlNrfpK24t0
x-goog-generation: 1661773552581597
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 71356
x-goog-hash: crc32c=PTRdbg==, md5=xzBO68tQafaL0/qedCGKNg==
x-goog-storage-class: MULTI_REGIONAL
Access-Control-Allow-Origin: *
Expires: Sat, 24 Sep 2022 15:36:59 GMT
Cache-Control: public, max-age=14400
Last-Modified: Mon, 29 Aug 2022 11:45:52 GMT
ETag: W/"c7304eebcb5069f68bd3fa9e74218a36"
CF-Cache-Status: HIT
Age: 898
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bb0e6ab503-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size:   24411
Md5:    247b9ea3eb310459e21f78029267717c
Sha1:   1d7ea226aaf8046de5af9ef7975ad30398f517ad
Sha256: dd787f72c85d7d6b736c0563371ea98a66542289101d8001a186d5a595ac05dc
                                        
                                            GET /assets/images/movies/the_invitation_2022/medium-cover.jpg HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tIf%2B7O58sIgsEqTgwlDZPc26zdORuZdljn7SJu%2FXGO%2Fc1t6JOez%2FFHhnRCww4Kk2RG6LWQgkgBCOzDTnpyQkEQOjrMeNrZlzozpYrDmfxRtRqYeSb%2BqbDj%2Bvmlb%2B4Ew%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39ba4c7ab512-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Size:   24242
Md5:    18e09bb4aa4350a009527d705786d4df
Sha1:   0fea7cd959be6f6f3b26bd66053460988fe194dc
Sha256: 8c562f783fab6f09bfe0f8fa7e8f3b0d75b8a271655ab0b1e39d8610743a747f
                                        
                                            GET /matomo.js HTTP/1.1 
Host: matomo.hellohi.me
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         172.67.219.82
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://matomo.hellohi.me/matomo.js
Referrer-Policy: origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1194
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xyCst8iIHi%2Ftc%2FhQa2eo0%2FVsJM1exwCvHdtr65Gx66Rpp99nm%2FVW1Up%2Fm6RFvwYQrhKclneBrVWhlZOzmTnnHeTs2f%2BYO4UxsOws3qmYQQ7u3yM4fQIwS9YHYPq5bf6na4ODvg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bb283cb4f4-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   169
Md5:    f3099a531821c476589c3d2d00d53772
Sha1:   8e539d05a8355d6835a56f94b75f405c6e55f6f3
Sha256: a5287e1cf9fe9dc106bd2172a5b175c7833427866b7819872b1b6fa34b66daef
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2332
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 11:36:59 GMT
Last-Modified: Sat, 24 Sep 2022 10:58:07 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /assets/images/movies/bad_girls_go_to_hell_1965/medium-cover.jpg HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=54c37OJVbCB8H7Hw%2Fz0pff9PGAQjKDWMentNt2LzLGI6F2VTYdkzqpcCrh3uWxUVyiu7o7djxBmmgnIgrAdvp694CWqPieGXvas1jSr3biJ7tFsTCKrfP4Ikis6lIM0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39ba987bb51b-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Size:   28819
Md5:    727a9c1bfe824880fc2fd98dcf7ab0d5
Sha1:   30c3cf3283ee05245e48df1b890ea991aca41250
Sha256: c1ba6836b6f658ffab0dd0e5b43780ea0ff5b4f28e4132f6315a78cde262856a
                                        
                                            GET /51154825e7c34fdb8f52/launcher.js HTTP/1.1 
Host: sak.userreport.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         108.138.233.48
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 23 May 2022 09:01:02 GMT
x-amz-version-id: puv43SnL5INQghBXWZN4PYhRelo.cmF7
server: AmazonS3
content-encoding: br
date: Sat, 24 Sep 2022 11:36:10 GMT
cache-control: max-age=7200, s-maxage=60
etag: W/"84fd26909f77c7c141450fbdf990b3dc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 07f0ece9786fde9fe26b41b49e10daca.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P4
x-amz-cf-id: piEL8eeYXclmX_gFWIo6lXBW77JLFmSSSd0MiTkvG21V-2uI7xblSA==
age: 56
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (28463), with no line terminators
Size:   35462
Md5:    151bb45db89aacf723a7af214f7b97b3
Sha1:   110bb7d7f2c3040d9135ed265932cad54af70ad1
Sha256: c71bd775818f48b8e87878eb3827052150323510753d98ca6ce5dddcf39dc0fd
                                        
                                            GET /assets/images/movies/heathers_the_musical_2022/medium-cover.jpg HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wPG5Zne9QBF%2BmC3eVjLcvsUQpD%2F30xXxNd5m8SI6ViOg6iBjlgaViEkLN9qIpCEkFk4RtGMwGtlYrrN%2BhbTDArc2dMdGNZPbfujNlp6zUgTnQtHEf6dNHXk9KXnei%2BQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39baea98b4f9-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Size:   35940
Md5:    7d629d6c3d7244ddb87ba4fe6fa85c08
Sha1:   88c9c310c243da8a56da4be2e5722371cc12e34d
Sha256: 72b0a21064174757d452f6e7799fb5659a8a2cea38ae2c771cd8e34c234b0011
                                        
                                            GET /assets/images/movies/1314_the_challenge_of_helping_2022/medium-cover.jpg HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gUVW%2BuRhdOhH6Q6%2By4yneu3t3L7GpdhafeS2hCatDs4kwBAeEAcgXiQ%2BD3NM9ilySXpo%2B%2F7Mj0ITbMvjr4nMdfrN8cD0ilwssOprWYfEn4wZNjASHCLmAMzJ%2FyUCxlQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bb3d75b512-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Size:   39236
Md5:    c1950913896b0f9bf72e8c6dc98c894d
Sha1:   35d1c7c8334b584ed99278181ccf92cc0680fcd8
Sha256: e4df84eadd74220ac31b0077d0a5095565bd56246dc893a7c2f53e3577043f86
                                        
                                            GET /assets/images/movies/hope_lives_2022/medium-cover.jpg HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TFMPiEzCxaQVO9jn8MBhVFbvGUVtqJMeZuBwmX8zLiFx4YmI%2FsQ5bmmcvQ%2F%2FOayl8HHzxxZv8cBgRVkJUBXszmOjXsEL8vEBp%2Fb6IvFf1SLT9WWFMGwjXZGK%2BTfFBnI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bb1cb4b506-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Size:   42535
Md5:    8eec816565276575792f01c9a876ab4b
Sha1:   843c9f63505435795f0ff87002501d96b1780dea
Sha256: 0f1abd1f7470fecb8869e5ba6c009496a993d934e5167761148d238f576b4eb6
                                        
                                            GET /script/suurl4.php?r=5655310&cbur=0.5902997597050416&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&cbpage=http%3A%2F%2Fyts.yts2.net%2F&cbref=&cbdescription=The%20official%20YTS%20YIFY%20Movies%20Torrents%20website.%20Download%20free%20yify%20movies%20torrents%20in%20720p%2C%201080p%20and%203D%20quality.%20The%20fastest%20downloads%20at%20the%20smallest%20size.&cbkeywords=yts%2C%20yify%2C%20yify%20movies%2C%20yts%20movies%2C%20yts%20torrents%2C%20yify%20movies%2C%20yify%20torrents&cbcdn=cdnquality.com&aggr=0 HTTP/1.1 
Host: youradexchange.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://yts.yts2.net/
Origin: http://yts.yts2.net
Connection: keep-alive

                                         
                                         35.190.41.116
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Server: openresty
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 google


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (884)
Size:   697
Md5:    c2ce830a0cc3a4ae465371a472b00166
Sha1:   0584b5d91078e3337d323207be8815adf9574b31
Sha256: f733d2baa17bde26993d09b80cae6e827640562126ab4b98ac4690b63c0ba3dc
                                        
                                            GET /ntfc.php?p=2651991 HTTP/1.1 
Host: glimtors.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
If-Modified-Since: Tue, 20 Sep 2022 07:25:49 GMT
If-None-Match: W/"63296afd-38a8"

                                         
                                         139.45.197.251
HTTP/1.1 304 Not Modified
                                        
Server: nginx
Date: Sat, 24 Sep 2022 11:36:59 GMT
Last-Modified: Tue, 20 Sep 2022 07:25:49 GMT
Connection: keep-alive
ETag: "63296afd-38a8"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /assets/images/movies/a_haunting_on_dice_road_the_hell_house_2016/medium-cover.jpg HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PYBdn29YXKnh62%2BuTGLjbUWyeb7lZqo6xObx7vFX61GIs6xawpVuIjYUZtJZ%2Bd8CQG3WMdcMKmThZUaotxpsJn5ygDacLUMmN1e6Mn7jBqcFDoCJHQBDBGEZCZaqDkI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bb7b461c0a-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Size:   32943
Md5:    0f68f07cc95fc3103678fe722fdadeb2
Sha1:   33041a3f1c8f1e8ea176ea879cf399039ce15773
Sha256: 15e394bfdf856919cddd704b17e7cc2bc1c53cfa79d23707fead54c6d6412da9
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2360
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 11:36:59 GMT
Last-Modified: Sat, 24 Sep 2022 10:57:39 GMT
Server: ECS (amb/6BA7)
X-Cache: HIT
Content-Length: 278

                                        
                                            GET /assets/images/movies/bad_reputation_2018/medium-cover.jpg HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vmzmNR1qf4XYlFYMQ78leIBUpyskHfNsJ4OsVYJ1uAtu7ALWeYq1wazFW8%2BffW335M426ZvO8tmbz2MqsKtQAL6nCbnBCHhDS4IGlKDgBAs37Yhc0liY%2FLOmSQJC%2Fzo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bb79a5b51b-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Size:   20985
Md5:    f2b4f69088a9dabc86e91c6380162d97
Sha1:   ac78371819e67fa57d129ea48d7a34c2f0461306
Sha256: 4ddc5dec52a0de94e8b214740a5ba9ad9696b02d2091c3aa15dfb48849119d61
                                        
                                            GET /assets/images/movies/Doom_UNRATED_2005/medium-cover.jpg HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:59 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aoY1691lQJtbQh76NTcsBZF1xwUW1ds1Ocp6K7Xy%2BuD066BFoMsipKNhkQuWuDa7ube1V9iYWOc4BdRzwzhWCpxeQ3FFk98XeQxtQRgPT52MKJEW7Y9LaB7CEEtZ0EY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bb8b53b4f9-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Size:   23134
Md5:    1a09c38b1dbbeeb61c39000d36b3c584
Sha1:   0a74e755804a6232ef012600d3ae74f53bde04b3
Sha256: 0d27b740dc737de53ed74cc60784ce26092d04fb8ad8718dc19b55080885020e
                                        
                                            GET /images/download.png HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wIzsqg0RBWtmaW9RuRNYM2CdDDSyPhe4H096OJmYXN%2FEIUY9uJblPN5QcruWCLDkRBANG8od6J2RZD8Fxs5ZnW21p%2FGDFcWuPqHFI0bRsjiUU9rt%2F1hxuJPn7wx04R4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bc0edeb512-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 20 x 21, 8-bit/color RGB, non-interlaced\012- data
Size:   1273
Md5:    c0e74c1af39c0ec8d135af2363a14cf8
Sha1:   0e2fed8eff1137b12d53e466d5daa6c17ba3c594
Sha256: 32c96725715e90eb5659d4f4cea51b06d07afbdb666c360ee4c0a74a1b70c654
                                        
                                            GET /helper-js/ HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: s-maxage=0, max-age=0 no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RChcO4blHNWYGdeZ0Ju2SehHuLoHHh6iFr%2B%2Fupm1Z61M4%2FkUB3CPcNupw1vL1vEqCzj%2B0n0hSpaHd%2Fhfb01kJB2v%2BJKKsZl1seJvnCifT4%2BqzYIGjTZPFA9VRyIVN34%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74fb39bc1d84b506-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (2612), with CRLF line terminators
Size:   1026
Md5:    bb2bb3eefccd5534669fa8f38ff8240f
Sha1:   ff299df2c6c4ca647e7da57f977c43c6b1d0c8d3
Sha256: c13d95fd2b36e7379bb026c16804a9c8a141037542177cd80c87326b101f5a14

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /assets/images/movies/emily_the_criminal_2022/medium-cover.jpg HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GZJrT0gPf%2FVlz%2Bjkqdm0gSlHH%2BF2%2B34ZA6MTFcRP%2BRxKoaUBakQdv0jXGMglPNDkbQy8o8YOzW8VuuUXQKf7j5jhTz85nOsCotE%2BRtsP8Q7nAsUr29g%2Brh9cNhgfkl4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39ba1c40b511-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Size:   33139
Md5:    fef02df24f27d9358d3695041362c08f
Sha1:   914a3051db0f22bf9f8d7d2419f4fa48426c061e
Sha256: d0ace16d9a276c19f42a3bf756be6d2c7dfa02f82221f972905166dcce27f11c
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dzAo8CYpQ1Ya8Fqar18krQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.186.209.73
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zlxEM59+IT3P5qEhN/IwKSVWct4=

                                        
                                            GET /42/38?z=3372123 HTTP/1.1 
Host: benumelan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: scm=1; OAID=79331847b038482d90c144d0d3cdd4ab; oaidts=1664019418
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
                                        
server: nginx
date: Sat, 24 Sep 2022 11:36:59 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 47f513eec896535b17fb9ca9e795bc9d
access-control-expose-headers: X-Sc
set-cookie: OAID=79331847b038482d90c144d0d3cdd4ab; expires=Sun, 24 Sep 2023 11:36:59 GMT; secure; SameSite=None oaidts=1664019418; expires=Sun, 24 Sep 2023 11:36:59 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /j/m/w2.js.php HTTP/1.1 
Host: ecma.sidebyz.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.167.53
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Sat, 24 Sep 2022 11:36:59 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=csMFOyWx3kzHcU6wPYeYx16M%2BQtarolriye3KcvYWYj%2Buf%2BAra1ShPE9k9NP96k%2FEimZyKF1w4yWCU%2BHcpgIy00YM4J4vgnrpD3o2EuiUYRm3IrJH%2BjfYcuNH%2Fv5M8sUxpEq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fb39bc9df8b506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (492)
Size:   528
Md5:    0449105353cf3fc02147c612886ff1bc
Sha1:   4dd8512753ebc618ddb7fb0b335435681af22944
Sha256: 415db3a23d21d921eddfff8d01e8556d6879fc9156d5882d02e8249baf38d82d
                                        
                                            GET /assets/images/website/ajax-spinner.gif HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ON80mLPUzxL1DTd6k3LfFWVrVsmz6Sn%2Bqr7DeSbOG8NaRA4IAnewDtw2STPQ0%2BRPKDiublIzuHajaD0LBASV77J%2BShqMugJiDALyX1qEU3TkHxRUHJyjCa1%2BOaLwnrk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bc7c501c0a-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  GIF image data, version 89a, 84 x 84\012- data
Size:   37942
Md5:    6c25b2f7efe1457cbe08ab4452e81589
Sha1:   77029c58741ebead12614624d9765648d1bb82ff
Sha256: 04a309929e0e1d64d9aed3b63dbe88f613004a37de9e1ddc8bd7cd6091846ef4
                                        
                                            GET /pfe/current/universal.min.js?v=3.1.395 HTTP/1.1 
Host: glimtors.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Origin: http://yts.yts2.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 20 Sep 2022 07:25:49 GMT
If-None-Match: W/"63296afd-1fafa"
TE: trailers

                                         
                                         139.45.197.251
HTTP/2 304 Not Modified
                                        
server: nginx
date: Sat, 24 Sep 2022 11:36:59 GMT
last-modified: Tue, 20 Sep 2022 07:25:49 GMT
etag: "63296afd-1fafa"
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /zone?pub=0&zone_id=2651991&is_mobile=false&domain=yts.yts2.net&var=&ymid=&var_3= HTTP/1.1 
Host: glimtors.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Origin: http://yts.yts2.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.251
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sat, 24 Sep 2022 11:36:59 GMT
content-length: 705
x-trace-id: 3a4f734ee554c1d218513706bb04c824
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (704)
Size:   705
Md5:    b18d5b02acbe521fa98c14f41a146878
Sha1:   b41fb97c36ff991a2f7472d1a3f6f6155f07baaa
Sha256: f5d46eb65adae4c5657a5f10f8636ec0f886e1f93770b4e1974de5f198e30266

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /400/4495524 HTTP/1.1 
Host: dozubatan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         139.45.197.237
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 4df6ff695acb6aca8de04fb1ddee907d
Pragma: no-cache
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=ae38f88a937746fdacf657d003c603fa; expires=Sun, 24 Sep 2023 11:36:59 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   30247
Md5:    df8ef9797e4f021bbf4a22c6960d45f9
Sha1:   c4190edc0ea69720dbd93420197b0f670a27f768
Sha256: d859438a9a45696d6a11b45cf3468b6c216737d86a36b7326b7da07dfe68bffa
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 03:02:15 GMT
Expires: Fri, 30 Sep 2022 03:02:14 GMT
Etag: "b2673f83983c7590c1898a953c55e41b100dfea5"
Cache-Control: max-age=486914,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74fb39beafcd0b65-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         108.138.212.162
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 11:36:59 GMT
Last-Modified: Sat, 24 Sep 2022 10:21:01 GMT
Server: ECS (nyb/1D34)
X-Cache: Miss from cloudfront
Via: 1.1 ce3edb24525b5cd14ad82bbb2327e8a4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P3
X-Amz-Cf-Id: mpj0Mp4iz03xZzhgu0X2yziAR4xBAhTOxMnc1selKnUZKgTXfrXQHA==
Age: 4559

                                        
                                            GET /400/4837723 HTTP/1.1 
Host: rndskittytor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         139.45.197.238
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 24 Sep 2022 11:36:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 31468e36a83104693a09f9833090dbb1
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=2ba4ab8eeb58438aa0ad19fd57e94183; expires=Sun, 24 Sep 2023 11:36:59 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   30100
Md5:    e078b3d2c596dd31fe12196c548753e4
Sha1:   97691ad3f5b6eb56b311a0adcb98f778dc904bda
Sha256: cc9b13046a0843cd452a55408a736840370b19872af0d40112a2028e22ee54d0

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         52.29.95.124
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Sat, 24 Sep 2022 11:37:00 GMT
content-length: 40
server: fasthttp
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
set-cookie: uid_id2=cfbeeb80-9b61-4632-9e0e-e1fd72bf5138:2:1; expires=Tue, 21 Sep 2032 11:37:00 GMT; secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    7a3a793f2734adeb0ee02032fa354993
Sha1:   86d8799ab065460fe389ce282c7695532ac9148f
Sha256: 5ac1da0f5241c2b6b389dc521004845242937e1582ecbb73602db8acaf21f29e
                                        
                                            GET /sfp.js HTTP/1.1 
Host: creepingbrings.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         172.64.163.10
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Sat, 24 Sep 2022 11:37:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 7f5ea6f8c9bda3eccfe703bfb85abfa4
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 24 Sep 2022 11:36:59 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wk6QA36q3Q0khiW23wXjmKIz5tdaXzxOGBqKs2iS1QBkYSk6Nv8QBtdOMSTtYpAfK5kz%2Bvhzxbr5roV8%2Fq3ixQmpnz58yxUkMURBXPu%2BiJBG6uI8gUXAiibx2MovQ2aT%2FLdrVuc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bdfac20686-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size:   22840
Md5:    487ad2b48cd98e36abf708a3b60f4a36
Sha1:   ccf7b110523d50bb619becd48c3f013cc5fdce87
Sha256: 768eff747f795e1232d182eb859170e32d4f06ed29da872c09af5363c459668f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 11:37:00 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 22 Sep 2022 18:25:22 GMT
Expires: Thu, 29 Sep 2022 18:25:21 GMT
Etag: "235a3579a72192a6a1fc0366d6d8671e2630b9f5"
Cache-Control: max-age=455900,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74fb39be6d08b51b-OSL

                                        
                                            GET /gid.js?userId=579046efdd454324862e084be28182c3 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
content-length: 65
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=579046efdd454324862e084be28182c3; expires=Sun, 24 Sep 2023 11:37:00 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   65
Md5:    e18981255b7bf0cd0485b95cbd4574a0
Sha1:   e5d43cffa1d8212a238be3b51f9ce9338a94bfa4
Sha256: d34deadd58212c70bbc7b2f5fdeec429c2efe018d64996bc8efcfbba7a6f0ff0
                                        
                                            GET /5/2632704 HTTP/1.1 
Host: benumelan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         139.45.197.239
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 24 Sep 2022 11:37:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 386bd13356e0869bc68dfd5c3b909fe0
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=012133489509478f8689775ef6017c10; expires=Sun, 24 Sep 2023 11:37:00 GMT; path=/ oaidts=1664019420; expires=Sun, 24 Sep 2023 11:37:00 GMT; path=/ syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (62297), with no line terminators
Size:   23199
Md5:    5e63c2d796a4dacb396867d0de311781
Sha1:   b59f305cdc4a7ba2813e336aa8e3d607214e4aa3
Sha256: 36e4753b888cd7c77ba901893f3a7f6f889d2419ea81af512ce47f0fcf74f9ac
                                        
                                            GET /5/2632704 HTTP/1.1 
Host: overzubatan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         139.45.197.239
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 24 Sep 2022 11:37:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 7eae686e6ce42752cfe193ad0b5d1fca
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=1d7d82b29718490d951f3424c5644248; expires=Sun, 24 Sep 2023 11:37:00 GMT; path=/ oaidts=1664019420; expires=Sun, 24 Sep 2023 11:37:00 GMT; path=/ syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (62342), with no line terminators
Size:   23226
Md5:    bcfc5930847388b5ebedb25bdcb9217b
Sha1:   b57fe9c3e57a6ad59cce6023ae8a14f5b2cbd15b
Sha256: 83f99174d1228421416475c98306e5434c5a82733f58943553013b2674453cac
                                        
                                            GET /js/300/addthis_widget.js HTTP/1.1 
Host: s7.addthis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         23.38.200.123
HTTP/1.1 308 Permanent Redirect
Content-Type: text/html
                                        
Server: nginx/1.15.8
Content-Length: 171
Location: https://s7.addthis.com/js/300/addthis_widget.js
Date: Sat, 24 Sep 2022 11:37:00 GMT
Connection: keep-alive
X-Distribution: 99
X-Host: s7.addthis.com


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   171
Md5:    3c417e9efbcaeb3bf7e7df75cf3b22fd
Sha1:   00465aec6b8ec302eae8abb99678fc5c09c3f343
Sha256: 21bd143d38dbbae427615a7266a86a18dc95c417f3e510632d7a9180d98d3571
                                        
                                            GET /cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1664006400 HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
Date: Sat, 24 Sep 2022 11:37:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: max-age=14400, public
x-control-type-options: nosniff
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fz0yTqYNGFIXlMoSCRJLYuuBAVr%2BW9tAHx3MBDUV6OZdzXxfswnAelGOUHptBXzTspBA5nL91gDp6sTp30cuDwIR4DbN1ZWrzIeF7rHK9qQD%2FdH8WoS%2B6K5C5J6HYYc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74fb39c0ac5fb511-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (36481), with no line terminators
Size:   14871
Md5:    85a12ab7012eeaac2423e78290049735
Sha1:   e12ecb6b4452c7b241df2d39363936093e896bc7
Sha256: 863e562544bdfbc55d50066025aa2c71fc6d63853fe37bfff7ef469552cab411

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            OPTIONS /custom HTTP/1.1 
Host: glimtors.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://yts.yts2.net/
Origin: http://yts.yts2.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.251
HTTP/2 200 OK
content-type: text/plain; charset=utf-8
                                        
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
content-length: 0
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /gid.js?pub=0&userId=459129ff17f649f389ebce8fb69cdd6a&zoneId=2651991&checkDuplicate=true&ymid=&var= HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Origin: http://yts.yts2.net
Connection: keep-alive
Cookie: ID=579046efdd454324862e084be28182c3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
content-length: 65
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=579046efdd454324862e084be28182c3; expires=Sun, 24 Sep 2023 11:37:00 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   65
Md5:    e18981255b7bf0cd0485b95cbd4574a0
Sha1:   e5d43cffa1d8212a238be3b51f9ce9338a94bfa4
Sha256: d34deadd58212c70bbc7b2f5fdeec429c2efe018d64996bc8efcfbba7a6f0ff0
                                        
                                            POST /custom HTTP/1.1 
Host: glimtors.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Content-Type: application/json
Origin: http://yts.yts2.net
Content-Length: 360
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.251
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
content-length: 39
x-trace-id: ffba983520a68677d48cb94243e3c29e
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   39
Md5:    058b158c2be925f556454ef762d93538
Sha1:   cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
Sha256: ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /400/4495524 HTTP/1.1 
Host: dozubatan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         139.45.197.237
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 24 Sep 2022 11:37:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 49ee3a59789c71db9089cff118b1021a
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=8125f35db4ff4ed4a0c0a54a5fa85e50; expires=Sun, 24 Sep 2023 11:37:00 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   30247
Md5:    df8ef9797e4f021bbf4a22c6960d45f9
Sha1:   c4190edc0ea69720dbd93420197b0f670a27f768
Sha256: d859438a9a45696d6a11b45cf3468b6c216737d86a36b7326b7da07dfe68bffa
                                        
                                            POST /gseccovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 11:37:00 GMT
Content-Length: 938
Connection: keep-alive
Expires: Wed, 28 Sep 2022 09:17:42 GMT
ETag: "2061d26094c24893ca931f12d593ea0a2040b5ec"
Last-Modified: Sat, 24 Sep 2022 09:17:43 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2484
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39c19c52b523-OSL

                                        
                                            GET /assets/images/website/apple-touch-icon-180x180.png HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 24 Sep 2022 11:37:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Sat, 24 Sep 2022 11:37:00 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e6%2BVCNsvkHO7fjR0qkSt3otIdWxK221PSQdT9D18C1kkyGooLJS5qxjluP6zPyAeLLGivBS%2FVR5pO%2FFxImskXPSdbl5%2FOzbxdcyotXYreXa7GtpnXHhoNvc1LJ0fK3Q%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39c0ab4bb512-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 152 x 152, 8-bit/color RGB, non-interlaced\012- data
Size:   6973
Md5:    f87afcf11d459620ff02da6112365db2
Sha1:   d09e6d4e7db706569474bfb7ec93f31ccbd6ed69
Sha256: a70913fad67537f16d871e4c456c8f4484106f6d4ef3e12fa3c3b2eceefee508
                                        
                                            GET /400/4495524 HTTP/1.1 
Host: dozubatan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         139.45.197.237
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 24 Sep 2022 11:37:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: ad7db8c1e1591cacbfd5e8079570918a
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=8150c463b531494a99710db098614a7d; expires=Sun, 24 Sep 2023 11:37:00 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   30247
Md5:    df8ef9797e4f021bbf4a22c6960d45f9
Sha1:   c4190edc0ea69720dbd93420197b0f670a27f768
Sha256: d859438a9a45696d6a11b45cf3468b6c216737d86a36b7326b7da07dfe68bffa
                                        
                                            GET /assets/images/website/favicon-16x16.png HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 24 Sep 2022 11:37:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Sat, 24 Sep 2022 11:37:00 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TvgRLbteidTmPNyrOEw0Q%2Ba%2Bkp8HxfVNP0DgjlGnkSGEeprUXlOLrT99KChqmnX1Ocmp9jtVUzO57TjL9rwxDs7rm8BEcCEtWlGm5Azf%2F4sgr4jn5jWL8Xq%2BQiDqxUk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39c0aab9b506-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced\012- data
Size:   619
Md5:    ea830fdd4f9a6d19aa7455dabdac987a
Sha1:   b0d567d6b4d40959e1bd44032f6bc2331057b319
Sha256: 71148160c085a70d1af7708c1d52cfcf39f8ef6e4ce13f0f20c080b2e19195db
                                        
                                            GET /js/300/addthis_widget.js HTTP/1.1 
Host: s7.addthis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.38.200.123
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx/1.15.8
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-5834c"
cache-control: public, max-age=600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 116423
date: Sat, 24 Sep 2022 11:37:00 GMT
vary: Accept-Encoding
x-distribution: 99
x-host: s7.addthis.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (54602)
Size:   116423
Md5:    d5b9b7a3accd3b7b7de639c072ae3ee2
Sha1:   9583b5c046d78af5c6379d844219f828aa2222d0
Sha256: 648dad6716bb917c7d981e7772fca499d9583717fd83ffef47b0534cb9132b60
                                        
                                            POST /matomo.php?action_name=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&idsite=1&rec=1&r=237153&h=11&m=36&s=59&url=http%3A%2F%2Fyts.yts2.net%2F&_id=2a8ef1efd733a398&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=G56nLa&pf_net=4&pf_srv=329&pf_tfr=174&pf_dm1=1588 HTTP/1.1 
Host: matomo.hellohi.me
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         172.67.219.82
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Date: Sat, 24 Sep 2022 11:37:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://matomo.hellohi.me/matomo.php?action_name=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&idsite=1&rec=1&r=237153&h=11&m=36&s=59&url=http%3A%2F%2Fyts.yts2.net%2F&_id=2a8ef1efd733a398&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=G56nLa&pf_net=4&pf_srv=329&pf_tfr=174&pf_dm1=1588
Referrer-Policy: origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TD8z47YQnEGq2cufcIJyaqxQL3n4eNGZ9q1o2soTB9g4ZENUUgGBxMHzCIH3WvVtTRbySb6pYTDmTPkYVtFOE7XPVpvWi5I%2BTsVWBWzO0P03w0i5HAlZZMGjk%2BasGmb7edSLSA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74fb39c17e02b4f4-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   169
Md5:    f3099a531821c476589c3d2d00d53772
Sha1:   8e539d05a8355d6835a56f94b75f405c6e55f6f3
Sha256: a5287e1cf9fe9dc106bd2172a5b175c7833427866b7819872b1b6fa34b66daef
                                        
                                            GET /metrika/tag.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         77.88.21.119
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 72341
date: Sat, 24 Sep 2022 11:37:00 GMT
access-control-allow-origin: *
etag: "632d6d03-11a95"
expires: Sat, 24 Sep 2022 12:37:00 GMT
last-modified: Fri, 23 Sep 2022 11:23:31 GMT
cache-control: max-age=3600
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (593)
Size:   72341
Md5:    7a68c8644032413981e4ba5bc0d66c4a
Sha1:   2d46ca8055e8577ae7138140e34a6e633434973c
Sha256: e0573e9a9cbfc3f00a921fa64c50270f5941a1ebb253ab70af2cc0dac45cb0d5
                                        
                                            POST /cdn-cgi/challenge-platform/h/b/cv/result/74ba9c653e53d69a HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 11743
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: _pk_id.1.a8e0=2a8ef1efd733a398.1664019419.; _pk_ses.1.a8e0=1

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
Content-Type: text/plain; charset=UTF-8
                                        
Date: Sat, 24 Sep 2022 11:37:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cf_bm=ZfovDt1LCse5Bc1LudmXEUNUM8RsL74EOtbNRBDie78-1664019420-0-ATxd/7gRbDrOYy4+hs39yb6DamE3lrK5aCT37chwEz9bBO6aLFkkJIR09WTDfEl+Ig==; path=/; expires=Sat, 24-Sep-22 12:07:00 GMT; domain=.yts2.net; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zk5vXgKxi%2B6EI8u2%2Bseite22kvK8Std3QKIDsk7zFCnuYSyVwhSmg79xQiOE6c%2Flo1dTqKog1T67Ptsfb4P8LOl7kO84YoGh5uwm8qZYHpe%2FTteLTiXI%2BEgFBCcEDoE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74fb39c3ef4cb512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   28
Md5:    86de097d54457ad4fbf85150ea2dc2fb
Sha1:   194863f4b15ecf7eb4f38bf7ed46b688289be8a4
Sha256: 6301b31e8f84ba8a7465199ebf1c2341253198f21763ad7e7cf6fdebe3d832ec

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            OPTIONS /9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.yts2.net%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=d6nc548331sq568285528e1y5cngy431 HTTP/1.1 
Host: benumelan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://yts.yts2.net/
Origin: http://yts.yts2.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 204 No Content
                                        
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /gid.js?userId=d6nc548331sq568285528e1y5cngy431 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: ID=579046efdd454324862e084be28182c3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
content-length: 65
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=579046efdd454324862e084be28182c3; expires=Sun, 24 Sep 2023 11:37:00 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   65
Md5:    e18981255b7bf0cd0485b95cbd4574a0
Sha1:   e5d43cffa1d8212a238be3b51f9ce9338a94bfa4
Sha256: d34deadd58212c70bbc7b2f5fdeec429c2efe018d64996bc8efcfbba7a6f0ff0
                                        
                                            GET /gid.js?userId=d6nc548331sq568285528e1y5cngy431 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: ID=579046efdd454324862e084be28182c3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
content-length: 65
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=579046efdd454324862e084be28182c3; expires=Sun, 24 Sep 2023 11:37:00 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   65
Md5:    e18981255b7bf0cd0485b95cbd4574a0
Sha1:   e5d43cffa1d8212a238be3b51f9ce9338a94bfa4
Sha256: d34deadd58212c70bbc7b2f5fdeec429c2efe018d64996bc8efcfbba7a6f0ff0
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DB67BD24AF8E50A7AF38451C2FEBE20EC4C1EAF713E6E6BCC5ED4B1D55D24098"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6858
Expires: Sat, 24 Sep 2022 13:31:18 GMT
Date: Sat, 24 Sep 2022 11:37:00 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "570A7924C3E4E7F81CD293BD1469601C5FDD1154F0EE5BE56A76191A989CE8E7"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13939
Expires: Sat, 24 Sep 2022 15:29:19 GMT
Date: Sat, 24 Sep 2022 11:37:00 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7961
Expires: Sat, 24 Sep 2022 13:49:41 GMT
Date: Sat, 24 Sep 2022 11:37:00 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7961
Expires: Sat, 24 Sep 2022 13:49:41 GMT
Date: Sat, 24 Sep 2022 11:37:00 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7960
Expires: Sat, 24 Sep 2022 13:49:41 GMT
Date: Sat, 24 Sep 2022 11:37:01 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7960
Expires: Sat, 24 Sep 2022 13:49:41 GMT
Date: Sat, 24 Sep 2022 11:37:01 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7960
Expires: Sat, 24 Sep 2022 13:49:41 GMT
Date: Sat, 24 Sep 2022 11:37:01 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d78fe23-176d-4858-a42b-1f7944845b79.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4866
x-amzn-requestid: d96de29c-d64e-415e-9cf7-85a0fad34967
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7tCNGjuoAMFpeA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2874-548fc71f4a4a9ad74298ee7a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:43:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: SBMDqLaDDc-YOHE3gTp-QZSOxwzpsjHi8tLMpoQUmm8XqNdr3HFYmg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:51:18 GMT
age: 49543
etag: "7d480011939a32baf53926a144eac807ac397bcb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4866
Md5:    2255aa8ee173094449d814a20238a8ac
Sha1:   7d480011939a32baf53926a144eac807ac397bcb
Sha256: 1db716c4c69c851100e788f78bd7c04282d6878068361e06a29fe44dd6ffee32
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9935
x-amzn-requestid: 9eb8463d-172a-40a2-8eed-3c97b1260afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sQ5FARoAMFXQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2738-3709a2f22ecc033532223b26;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:38:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: e5eETCL5yFnoG4HPx0Qv8hjGnlXx5vOL4syMx9uato8nuIHkSvMezg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:53:50 GMT
age: 49391
etag: "a30f9044330824e70dde0dcc785890d981e6fdf5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9935
Md5:    55d224ac83a417772c98bc5080fb6689
Sha1:   a30f9044330824e70dde0dcc785890d981e6fdf5
Sha256: b2ea4dea200109019a65834b98e31e8fac718a199513810a2819858be2b4470a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10032
x-amzn-requestid: 521c4012-9834-4100-a7ed-30093502f1a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPBHGYoAMFh-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-77b03c321240d76a572d603a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lAQOV9_fZ2RFvhRKMtDOeRTWJc-Jo1u-DrtJshcQuCSOUXVbNMjhaw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:56:56 GMT
age: 49205
etag: "ed04f74fbb4c77b21e2babc51a82857f5e23d169"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10032
Md5:    aa150280eb113504d61a25935c0f0127
Sha1:   ed04f74fbb4c77b21e2babc51a82857f5e23d169
Sha256: 07df17fffb391aa82efb09e30d97e88fa4dbe6df00e37bb90304f69179f4848e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6386
x-amzn-requestid: 4380489e-d0ba-4f67-ac4f-67619ba34422
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7shGHryIAMF6zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e27a0-005f9c783c7722f16c178026;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:39:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: RuUOjTDRTkcaGFf_hTWrHZ89edOajgGUdl5PjbaUV7CUppat6IYsRg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:52:36 GMT
age: 49465
etag: "f6f926be6e265a597aaede424f05fcd7c76fcc20"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6386
Md5:    d8d9af95acfc8b9b431eb1e020157f6d
Sha1:   f6f926be6e265a597aaede424f05fcd7c76fcc20
Sha256: 0b61d6cb0e0908cb8d303b9e951e2854166bd232e0291b5d698a6b757c064e88
                                        
                                            POST /9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.yts2.net%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=d6nc548331sq568285528e1y5cngy431 HTTP/1.1 
Host: benumelan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 330
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: scm=1; OAID=79331847b038482d90c144d0d3cdd4ab; oaidts=1664019418
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: c12d7168a643f4f83046fe5018763983
access-control-expose-headers: X-Sc
set-cookie: OAID=d6nc548331sq568285528e1y5cngy431; expires=Sun, 24 Sep 2023 11:37:00 GMT; secure; SameSite=None oaidts=1664019418; expires=Sun, 24 Sep 2023 11:37:00 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   10691
Md5:    c8eec2a891448b2fc89accae7bc0383c
Sha1:   2e62fc2c745a9acb606af6970cbd2c304b3d8fcf
Sha256: 4e56b6583fdc4b29264d0ed90386ce687c9f5c8cf6451dda07dcefb0de831f5d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9444e811-e2d5-4901-a86d-9e9269a6f846.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10927
x-amzn-requestid: a4c6c1b1-3777-4410-bef1-5dd2518af86a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCjSEqfIAMF1kA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e14-4cdfc5ea1c42120d4a085752;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:08 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 2E3NtoZf88ePzaJgYpYqQhdCwUvRUcxFeqi3UAmx3INau5OGS6dHPQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 22:08:59 GMT
age: 48482
etag: "5a69190a9a778a6979e11fafedd43e1031caf8e2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10927
Md5:    3b6b51846ec2b7d856b7dc12e4d720f4
Sha1:   5a69190a9a778a6979e11fafedd43e1031caf8e2
Sha256: a497c04d1c9d0be88aa9c288423346e83c6a7b296295387b3b7b855c550492a2
                                        
                                            GET /addthismoatframe568911941483/moatframe.js HTTP/1.1 
Host: z.moatads.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.38.201.146
HTTP/2 200 OK
content-type: application/x-javascript
                                        
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
x-amz-request-id: 61EC92F13BB22DD4
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-length: 948
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=20209
date: Sat, 24 Sep 2022 11:37:01 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (523)
Size:   948
Md5:    f14b4e1f799b14f798a195f43cf58376
Sha1:   b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86
Sha256: 92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac
                                        
                                            GET /static/sh.f48a1a04fe8dbf021b4cda1d.html HTTP/1.1 
Host: s7.addthis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.38.200.123
HTTP/2 200 OK
content-type: text/html
                                        
server: nginx/1.15.8
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Sat, 24 Sep 2022 11:37:01 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63757)
Size:   26421
Md5:    707317ccaabe08d32d1bd781754e6871
Sha1:   bb82dcd3e044c960e0861c2ce878f5504e628f78
Sha256: d0a164ece41c61aec26517fb645646f5ba91f72ea5448eff1ee6c393b7c53051
                                        
                                            GET /live/boost/ra-56896aba6888ef3e/_ate.track.config_resp HTTP/1.1 
Host: v1.addthisedge.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.38.200.123
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
                                        
content-length: 781
etag: 96635934--gzip
content-disposition: attachment; filename=1.txt
content-encoding: gzip
cache-control: public, max-age=60, s-maxage=86400
date: Sat, 24 Sep 2022 11:37:01 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2972), with no line terminators
Size:   781
Md5:    4ca13a8818d6714a20008f71d15429f9
Sha1:   57f62401730efea6a41352b30d82eee59a6c8483
Sha256: a424f95ab7529ef369593d41a0b3a07aef3ebccd9af91f67188d1acbf32ea4fd
                                        
                                            GET /watch/86221166?wmode=7&page-url=http%3A%2F%2Fyts.yts2.net%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A961%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A917127036897%3Ahid%3A685356246%3Az%3A0%3Ai%3A20220924113659%3Aet%3A1664019420%3Ac%3A1%3Arn%3A37948402%3Arqn%3A1%3Au%3A166401942084189488%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C1%2C329%2C0%2C-6%2C0%2C%2C1611%2C5%2C%2C%2C%2C2184%3Ans%3A1664019416985%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664019420%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         77.88.21.119
HTTP/2 302 Found
                                        
location: /watch/86221166/1?wmode=7&page-url=http%3A%2F%2Fyts.yts2.net%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A961%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A917127036897%3Ahid%3A685356246%3Az%3A0%3Ai%3A20220924113659%3Aet%3A1664019420%3Ac%3A1%3Arn%3A37948402%3Arqn%3A1%3Au%3A166401942084189488%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C1%2C329%2C0%2C-6%2C0%2C%2C1611%2C5%2C%2C%2C%2C2184%3Ans%3A1664019416985%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664019420%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Sat, 24 Sep 2022 11:37:01 GMT
access-control-allow-origin: http://yts.yts2.net
set-cookie: yandexuid=17212501664019421; Expires=Sun, 24-Sep-2023 11:37:01 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure yuidss=17212501664019421; Expires=Sun, 24-Sep-2023 11:37:01 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure yabs-sid=1131898891664019421; Path=/; SameSite=None; Secure i=mv1t9osAq5chsG/Qb5ROLTGAZKd6bcWPCscIMFeXhK0lUOkLobdG87ac4vhi7ZqzF1nK+VjJRe4oQoKg8jKsBKWS5iE=; Expires=Tue, 21-Sep-2032 11:36:59 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None ymex=1695555421.yrts.1664019421#1695555421.yrtsi.1664019421; Expires=Sun, 24-Sep-2023 11:37:01 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 24-Sep-2022 11:37:01 GMT
last-modified: Sat, 24-Sep-2022 11:37:01 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   33307
Md5:    4bdbadd335465a68d3520ef6fea6ef42
Sha1:   655e8482b039c691190fd080c076e68e5f57708b
Sha256: c4f697ac4a0251edbb81e87b450635576554df336cc95199afef7103570a2033
                                        
                                            GET /live/red_lojson/300lo.json?si=632eebdbec0c58ba&bkl=0&bl=1&pdt=666&sid=632eebdbec0c58ba&pub=ra-56896aba6888ef3e&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=yts.yts2.net&fp=&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=yts%2Cyify%2Cyify%20movies%2Cyts%20movies%2Cyts%20torrents%2Cyify%20movies%2Cyify%20torrents&colc=1664019419954&jsl=0&uvs=632eebdb38bcda4e000&skipb=1&callback=addthis.cbs.jsonp__42865913423868830 HTTP/1.1 
Host: m.addthis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.38.200.123
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
                                        
content-length: 89
cache-control: max-age=0, no-cache, no-store, no-transform
pragma: no-cache
content-disposition: attachment; filename=1.txt
date: Sat, 24 Sep 2022 11:37:01 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   89
Md5:    e9cbbb0c1cfab9fc84f1e9876af5b598
Sha1:   70556950979ae01d0446b368a55a2ffce888d62c
Sha256: fb806ea185f9bf374a7090e67cb286abb547233d203d7b0ab578f24d3a8b6bd8
                                        
                                            POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1 
Host: fleraprt.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://yts.yts2.net/
Content-Type: text/plain;charset=UTF-8
Origin: http://yts.yts2.net
Content-Length: 1696
Connection: keep-alive

                                         
                                         139.45.195.254
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Server: nginx/1.19.10
Date: Sat, 24 Sep 2022 11:37:18 GMT
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: http://yts.yts2.net
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    adb4650bfc9d2a73d4dd69583b0ceb14
Sha1:   1ce399d6e936232aaf2192cd7903a279c5015f22
Sha256: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /matomo.php?action_name=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&idsite=1&rec=1&r=892453&h=11&m=36&s=59&url=http%3A%2F%2Fyts.yts2.net%2F&_id=2a8ef1efd733a398&_idn=0&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=8zK1on&pf_net=4&pf_srv=329&pf_tfr=174&pf_dm1=1588 HTTP/1.1 
Host: matomo.hellohi.me
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         172.67.219.82
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Date: Sat, 24 Sep 2022 11:37:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://matomo.hellohi.me/matomo.php?action_name=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&idsite=1&rec=1&r=892453&h=11&m=36&s=59&url=http%3A%2F%2Fyts.yts2.net%2F&_id=2a8ef1efd733a398&_idn=0&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=8zK1on&pf_net=4&pf_srv=329&pf_tfr=174&pf_dm1=1588
Referrer-Policy: origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kTSsDgn23tl%2BhOa1mLfOQx2OX2noGrUuzPyZA90cka%2Fvz6KKDsSOnjPQkXQGYTh08mjE176h5lOngRJ6QfLxG1NZPxpWdX8CBoyEWfdikEbBzHFPHTF25%2FtMN52PQTU5OA71lg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74fb39c69b94b4f4-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   169
Md5:    f3099a531821c476589c3d2d00d53772
Sha1:   8e539d05a8355d6835a56f94b75f405c6e55f6f3
Sha256: a5287e1cf9fe9dc106bd2172a5b175c7833427866b7819872b1b6fa34b66daef
                                        
                                            GET /static/layers.fa6cd1947ce26e890d3d.js HTTP/1.1 
Host: s7.addthis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.38.200.123
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx/1.15.8
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-41cf5"
timing-allow-origin: *
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 77672
date: Sat, 24 Sep 2022 11:37:01 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size:   77672
Md5:    9a77dff666eebb6cf4bbc4c67c7b563b
Sha1:   9e98d7824a7b4e34665c2690d6f52caddad1fe4b
Sha256: 6cdf8e597f3cbe759531153fd926d51aeaebd836a1c9bc1436e079645bfd3ad7
                                        
                                            GET /metrika/advert.gif HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Sat, 24 Sep 2022 11:37:01 GMT
access-control-allow-origin: *
etag: "632d6d03-2b"
expires: Sat, 24 Sep 2022 12:37:01 GMT
accept-ranges: bytes
last-modified: Fri, 23 Sep 2022 11:23:31 GMT
cache-control: max-age=3600
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /watch/86221166/1?wmode=7&page-url=http%3A%2F%2Fyts.yts2.net%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A961%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A917127036897%3Ahid%3A685356246%3Az%3A0%3Ai%3A20220924113659%3Aet%3A1664019420%3Ac%3A1%3Arn%3A37948402%3Arqn%3A1%3Au%3A166401942084189488%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C1%2C329%2C0%2C-6%2C0%2C%2C1611%2C5%2C%2C%2C%2C2184%3Ans%3A1664019416985%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664019420%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Referer: http://yts.yts2.net/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         77.88.21.119
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
content-length: 407
date: Sat, 24 Sep 2022 11:37:01 GMT
x-content-type-options: nosniff
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 24-Sep-2022 11:37:01 GMT
last-modified: Sat, 24-Sep-2022 11:37:01 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (407), with no line terminators
Size:   407
Md5:    d2cd413b2bb40f0c19c52bec6c366178
Sha1:   233d99e939b2a58f59a66a48363fc65f221f219f
Sha256: 8e404adcc6fdf57ad8780caae053b7526d8d81b4afbc33606c853e79e339ffe0
                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: uid_id2=cfbeeb80-9b61-4632-9e0e-e1fd72bf5138:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         52.29.95.124
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Sat, 24 Sep 2022 11:37:01 GMT
content-length: 40
server: fasthttp
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    7a3a793f2734adeb0ee02032fa354993
Sha1:   86d8799ab065460fe389ce282c7695532ac9148f
Sha256: 5ac1da0f5241c2b6b389dc521004845242937e1582ecbb73602db8acaf21f29e
                                        
                                            POST /custom HTTP/1.1 
Host: glimtors.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Content-Type: application/json
Origin: http://yts.yts2.net
Content-Length: 611
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.251
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sat, 24 Sep 2022 11:37:01 GMT
content-length: 39
x-trace-id: 77a4c50ce856eddbb29fce63d53fdf44
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   39
Md5:    058b158c2be925f556454ef762d93538
Sha1:   cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
Sha256: ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /gid.js?userId=d6nc548331sq568285528e1y5cngy431 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: ID=579046efdd454324862e084be28182c3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sat, 24 Sep 2022 11:37:01 GMT
content-length: 65
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=579046efdd454324862e084be28182c3; expires=Sun, 24 Sep 2023 11:37:01 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   65
Md5:    e18981255b7bf0cd0485b95cbd4574a0
Sha1:   e5d43cffa1d8212a238be3b51f9ce9338a94bfa4
Sha256: d34deadd58212c70bbc7b2f5fdeec429c2efe018d64996bc8efcfbba7a6f0ff0
                                        
                                            GET /11?rnd=1581370871&z=3372123&b=14566424&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=y4GSB4qRsyMnz93ODZdij7vquhCC4el221BtTxjgDP1lKzbsDg0upZ9Wtm6irZ1oxuVI7fUvKJF_EA-E9x0irqzeOq9I17tyaHRppZZeGYpu7m4-yzTHHk0Mh-pNPGQNW7Z6g9O4Z75iNE-JD9HM7vyxKFTtQ0zcn3zEnplcyX7IRTda5ioQnsfyEq_rdkG1F7OEQ9QmlvzDgGKLzb3ptwnQhBUv3kpM1Jc4cfEmdj6UDHGfRgMm6iJC6xzfX74Si6Xk_-NUwUe7V0lgfCE_QUsfViWrh67etwZWaCcJuaydhTnxCZ4j94lV6nB4Q_NL8z5KpfQjQFU2U5mej7z-wFsmN6SlT2y6iuLetY5j70KU8Xwv0zjXmSQrpwxHF6rSnf5nheh_G9ShU1P6beDoux0CdkuwaECLUUovkFv8wO7ZaHdY7p8r7l_kFJ6-1JuJsGEMOjlmdpuqS-QUJpC5aRTekG3JwuF9pP67G0IP5PcS4L_epYTzStg1O8vcp9qNYNwkonOrUxB1tUO27_mTq0n1xGb6O4BAcsvVNvkH3u9olefZnktri91MC7cE1-dKbub4UjN3O4XEFQTBs9JA7esgL0OTvgbBbxv4GbsDa7pKtFYxtt9KZyWdmtz4smi_rTrcg7aCcHpfcyesEtybdGa7M-yQQUaM&ruid=7a866e3b-673a-470e-932f-a317c23ed629&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.yts2.net%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=661 HTTP/1.1 
Host: benumelan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: scm=1; OAID=d6nc548331sq568285528e1y5cngy431; oaidts=1664019418
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Sat, 24 Sep 2022 11:37:01 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 2ed72eb8090291e2d6845e9c4f042a6f
access-control-expose-headers: X-Sc
set-cookie: OAID=d6nc548331sq568285528e1y5cngy431; expires=Sun, 24 Sep 2023 11:37:01 GMT; secure; SameSite=None oaidts=1664019418; expires=Sun, 24 Sep 2023 11:37:01 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /401/4837723?oo=1&oaid=d6nc548331sq568285528e1y5cngy431 HTTP/1.1 
Host: rndskittytor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.238
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 24 Sep 2022 11:37:01 GMT
x-trace-id: b26745142d64ad65da13bf992496f9fe
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: http://yts.yts2.net
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=d6nc548331sq568285528e1y5cngy431; expires=Sun, 24 Sep 2023 11:37:00 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (2051), with no line terminators
Size:   784
Md5:    e4424dc6aa31de6d4ca9ef5eb203cc6e
Sha1:   18ee4d0a0f991f17466d66fe2b61ec392ef71c93
Sha256: e01cb8fb09717956b0877dd36def73b8362076bee074cdfdd643cf123a585a2e

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /500/3064505?excludes=&oaid=d6nc548331sq568285528e1y5cngy431&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=http%3A%2F%2Fyts.yts2.net%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: inpagepush.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/

                                         
                                         139.45.197.237
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 24 Sep 2022 11:37:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: ffbc87eb9aa3021d0eaa0f193ca1c36d
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: http://yts.yts2.net
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=d6nc548331sq568285528e1y5cngy431; expires=Sun, 24 Sep 2023 11:37:01 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with very long lines (1450), with no line terminators
Size:   1167
Md5:    fffb49f44aeee0dc229f967479697d0c
Sha1:   9024d31452015fdb89aebc67c623ba48463311a6
Sha256: 16f31b9f5be6cb8e47d647450d4f284e1b03263d9a4870efe61de5a7d1418b45
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "56A8D4150F4A94475CC501E57CF4E38BD5B1C54C9EC5CACEE941E5EF95482DD2"
Last-Modified: Sat, 24 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2885
Expires: Sat, 24 Sep 2022 12:25:06 GMT
Date: Sat, 24 Sep 2022 11:37:01 GMT
Connection: keep-alive

                                        
                                            POST /cdn-cgi/rum? HTTP/1.1 
Host: yts.yts2.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
content-type: application/json
Content-Length: 29153
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: _pk_id.1.a8e0=2a8ef1efd733a398.1664019419.; _pk_ses.1.a8e0=1; _ym_uid=166401942084189488; _ym_d=1664019420; __atuvc=1%7C38; __atuvs=632eebdb38bcda4e000; sb_main_a286902791a7f4c98bcb1e812322cd78=1; sb_count_a286902791a7f4c98bcb1e812322cd78=1; _ym_isad=2; dom3ic8zudi28v8lr6fgphwffqoz0j6c=cfbeeb80-9b61-4632-9e0e-e1fd72bf5138%3A2%3A1

                                         
                                         104.21.3.99
HTTP/1.1 200 OK
                                        
Date: Sat, 24 Sep 2022 11:37:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: cloudflare
CF-RAY: 74fb39c97dc4b512-OSL
X-Frame-Options: DENY