firefox.settings.services.mozilla.com/v1/
18.164.68.15200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.164.68.15:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 24 Sep 2022 11:05:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 af877631d7eceee4a5878c04d25f5986.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: iJHLoYNNWOFgm4Ww_RDX9zVjo-cJWygxEfMkWozmki5SPwgpgcN17Q==
Age: 1879
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9404
Expires: Sat, 24 Sep 2022 14:13:42 GMT
Date: Sat, 24 Sep 2022 11:36:58 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
108.156.28.95200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 108.156.28.95:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Sep 2022 04:13:03 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 7309328e91f012108061822748228b68.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: hEh5aHFwy3w8NFTS3Ufh1WaiC7XUvRx8doMKmvxb8kRKs_bfM02aCg==
age: 26635
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:36:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
glimtors.net/ntfc.php?p=2651991
139.45.197.251200 OK 5.9 kB URL HTTP/1.1 glimtors.net/ntfc.php?p=2651991
IP 139.45.197.251:0
File type C source, ASCII text, with very long lines (14504), with no line terminators
Hash 2dc56cbe6ace5b8e04ea88157f3a3fad
a2682aab8a9a39ada36c5a0755a952efd03e265f
aae4015874fe9eec20704ad59c71840604a641df7beb0c617bf6d52712dda633
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ntfc.php?p=2651991 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 24 Sep 2022 11:36:58 GMT
Content-Type: application/javascript
Last-Modified: Tue, 20 Sep 2022 07:25:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63296afd-38a8"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Content-Encoding: gzip
yts.yts2.net/
104.21.3.99200 OK 92 kB IP 104.21.3.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (60411)
Hash 31dd862a41846f54573d1801c1bc2c90
562cea28983d07e68db90a8ad418353cbf05247d
b567fe03e3791e510fb757620e2a98bb3c8c36c6430333e84dccce5d5e70f45e
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:58 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=saRI4Rh8z44%2BePkSo9Uvv7Q%2FFvUnKJQYW5lYavlL9AKWVUUSvmoSy2uMpr1e6QhWRd7Rzp3ytBTG0ZcbePwjmQKKtgh8G9QG96gunrZIpHxB8rMvg0C4oWIkpJ8eh74%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74fb39b37b2f1c0a-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
i.imgur.com/TH5z5DM.png
151.101.84.193200 OK 1.5 kB IP 151.101.84.193:0
File type PNG image data, 94 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash 063ed504acc2ee96cec413d248379761
c2ba3db79e0b25c801ff431539a63d17014533ca
5718709bc4408d9d06689ad12333e3e79299dd44abcf447ca6a5718aedc8a517
GET /TH5z5DM.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 25 Jul 2021 13:23:59 GMT
etag: "063ed504acc2ee96cec413d248379761"
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 24 Sep 2022 11:36:58 GMT
age: 2779708
x-served-by: cache-iad-kcgs7200177-IAD, cache-bma1633-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 12
x-timer: S1664019419.655047,VS0,VE0
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 1476
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4fb51016b82f43bc6ee9f5ace001690c
5390a86aa0a7b82f5d09605b10812567b309d27a
73283fa4b416ee80d2ac87c30d2183afa1ae487a8650563b79adc1f001030f73
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 11:36:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c1aa06d798889a200ee5695421ac8080
332ad6c298960fe24c2004e5ec1665f7eefa90e5
fe43ab8011ca3508c2b811eb55482976c239542e2a0e8de35167f5469e15eddc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "FE43AB8011CA3508C2B811EB55482976C239542E2A0E8DE35167F5469E15EDDC"
Last-Modified: Thu, 22 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13835
Expires: Sat, 24 Sep 2022 15:27:33 GMT
Date: Sat, 24 Sep 2022 11:36:58 GMT
Connection: keep-alive
yts.yts2.net/assets/fonts/fonts.css
104.21.3.99200 OK 1.1 kB URL HTTP/1.1 yts.yts2.net/assets/fonts/fonts.css
IP 104.21.3.99:0
Hash 4d6865342cab4d9eddc47fed493ad12b
078ef82b27357fcd18f9547d042c8e0deff09fe8
bfeb9f11cde780768801d2a1e9e49ea169c307d7357678332603dad7fa6c3f88
GET /assets/fonts/fonts.css HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:58 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jhPgzVee0RQmdciJ6%2FhRHwGf1Kc9EsGQ%2FVOeVtpzDBb61syjOHMKiCdKaiDfeMgsxUlfzGvCBZdcRHZXyzQwxivFM%2BSaprNOzuie9boQ3jD2fIi8mo%2F9gqe7sXvWv30%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b61862b512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
cdnquality.com/script/bootstrap.js
104.17.72.30200 OK 33 kB URL HTTP/1.1 cdnquality.com/script/bootstrap.js
IP 104.17.72.30:0
File type Unicode text, UTF-8 text, with very long lines (37814), with NEL line terminators
Hash 4bdbadd335465a68d3520ef6fea6ef42
655e8482b039c691190fd080c076e68e5f57708b
c4f697ac4a0251edbb81e87b450635576554df336cc95199afef7103570a2033
GET /script/bootstrap.js HTTP/1.1
Host: cdnquality.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: ADPycduJU3UZq3J3GHnUNLomDykgpXFt1yVIPgVO4zed_-if5tEsgiThQRwPh1weMF45bOwWWrqIHVYpY7dvKhyhoUT9yw
x-goog-generation: 1662626315119008
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 100523
x-goog-hash: crc32c=PsCFGQ==, md5=kKQG58EUy5y9vRcdgoLiJA==
x-goog-storage-class: MULTI_REGIONAL
Access-Control-Allow-Origin: *
Expires: Sat, 24 Sep 2022 15:36:58 GMT
Cache-Control: public, max-age=14400
Last-Modified: Thu, 08 Sep 2022 08:38:35 GMT
ETag: W/"90a406e7c114cb9cbdbd171d8282e224"
CF-Cache-Status: HIT
Age: 2118
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b76a45b503-OSL
Content-Encoding: gzip
yts.yts2.net/app/apx19.js
104.21.3.99200 OK 2.6 kB URL HTTP/1.1 yts.yts2.net/app/apx19.js
IP 104.21.3.99:0
File type ASCII text, with very long lines (9183), with no line terminators
Hash 9ea8acd8d74e4f328d558b64219e02c5
156ce99860c738bee0a97dbe9c543a83f4fd5457
cc0dc5bf2c19d0830dd3962179d22ed40f200ecf8dc905a4e64bba0c1ccf9dff
Analyzer Verdict Alert fortinet Phishing
GET /app/apx19.js HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:58 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 03 Nov 2021 22:39:34 GMT
ETag: W/"61830fa6-23df"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DrNyTPzy5z9%2B0QSCmjStudHFs0o7aodIuETwEGjr8erR3ULOF0b6ojb%2FLxhIyb7Y3jwEoFW%2BSvY7kpY9593ZFuthsF7FTzah8l3BAyS8MmHc0n%2B%2Bbj4os91WpPYlSsw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b76ede1c0a-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3ab30900719e5cdbb2ccaf8fbf8b7377
3ee50c6583096374663369374e3042c98894d488
9753c62c5c23cd8dcf2676d85dda25d6de710da174bab19d10f451681d066b58
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "9753C62C5C23CD8DCF2676D85DDA25D6DE710DA174BAB19D10F451681D066B58"
Last-Modified: Fri, 23 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7998
Expires: Sat, 24 Sep 2022 13:50:16 GMT
Date: Sat, 24 Sep 2022 11:36:58 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4fb51016b82f43bc6ee9f5ace001690c
5390a86aa0a7b82f5d09605b10812567b309d27a
73283fa4b416ee80d2ac87c30d2183afa1ae487a8650563b79adc1f001030f73
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 11:36:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yts.yts2.net/app/apx14.js
104.21.3.99200 OK 2.2 kB URL HTTP/1.1 yts.yts2.net/app/apx14.js
IP 104.21.3.99:0
File type ASCII text, with very long lines (7663), with no line terminators
Hash 5fd0d992c153321728eef72725f9e2f1
11af100c190b0c91d3126ca0c792aa6cd3954897
f39352e9834fda1868dab410b72a2850f516686f140843e9f0eef835be503330
Analyzer Verdict Alert fortinet Phishing
GET /app/apx14.js HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:58 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 03 Nov 2021 22:39:34 GMT
ETag: W/"61830fa6-1def"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cEpUsscsWk8Hf6dh%2BQsPim%2BTLTHOLfTG%2Bh6pu6tlRJzz97b4iCuL7xy%2Fe7JYJek421NRqQMl%2FdDn00iQoutsMpFiVwvW2AGy94alGCi9scEvYvmQ3q0OgnQyJJClWLI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b76f2bb4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 93bb19665dd69df3aa7a65bd842fb49c
737aa992e225498ea0a1a298500997c5c0af7763
596796ba37b19822f4af2c25f963646dc57392f389b5ab9e2fd260ef911aa750
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "596796BA37B19822F4AF2C25F963646DC57392F389B5AB9E2FD260EF911AA750"
Last-Modified: Fri, 23 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2361
Expires: Sat, 24 Sep 2022 12:16:19 GMT
Date: Sat, 24 Sep 2022 11:36:58 GMT
Connection: keep-alive
yts.yts2.net/hy.js?q22q2q2
104.21.3.99200 OK 18 kB URL HTTP/1.1 yts.yts2.net/hy.js?q22q2q2
IP 104.21.3.99:0
File type ASCII text, with very long lines (56131), with no line terminators
Hash f12634066d38736854588dc61b5ba109
623e90c430f1609e59e16407553e2d2ff8882d8e
7ca898a6218b8e61a9a999ffb0c76a9c60f86dfd4353b2496225e6473c72c0de
Analyzer Verdict Alert fortinet Phishing
GET /hy.js?q22q2q2 HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:58 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 03 Nov 2021 22:39:31 GMT
ETag: W/"61830fa3-db43"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OOQ1PkuXzwMcxDu0QQB%2FZbvPTsqzRo9dZGddCGCgBxyLx0eN4Y0BTFGgIl1lFXbsubmXD8XaJ2qQ5Kjfq2GsT7tiYqdMj8J7yLCJEr6AQQsuroiiqIKwD7m0tXIEVWg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b76954b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
yts.yts2.net/zpp/zpp4.js?q22q2q2
104.21.3.99200 OK 14 kB URL HTTP/1.1 yts.yts2.net/zpp/zpp4.js?q22q2q2
IP 104.21.3.99:0
File type ASCII text, with very long lines (38995), with no line terminators
Hash 3c741ddc90399bc2910b2cdc0a826716
163182c6b04f146fbf6de424ead05c91e59e3c51
e6753c7588e28e17f44aa00cbe8c314de3f2bbcb8e892a439eed11dd989b1d84
Analyzer Verdict Alert fortinet Phishing
GET /zpp/zpp4.js?q22q2q2 HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:58 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 03 Nov 2021 22:40:10 GMT
ETag: W/"61830fca-9853"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Tx3b4LI1djp8zb9BvMsxvj9vdn0nWy6zkP3IuQAb%2F6aitygYuqHYpyxEzjNft98jQpm5lEDOB1SE67i%2BQ58MG5KI1ukzWfBiTyTw8cuipqqCjh3JLiVMWFNjkxmNi4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b76c25b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3ab30900719e5cdbb2ccaf8fbf8b7377
3ee50c6583096374663369374e3042c98894d488
9753c62c5c23cd8dcf2676d85dda25d6de710da174bab19d10f451681d066b58
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "9753C62C5C23CD8DCF2676D85DDA25D6DE710DA174BAB19D10F451681D066B58"
Last-Modified: Fri, 23 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7998
Expires: Sat, 24 Sep 2022 13:50:16 GMT
Date: Sat, 24 Sep 2022 11:36:58 GMT
Connection: keep-alive
benumelan.com/5/2632704
139.45.197.239200 OK 23 kB IP 139.45.197.239:0
File type ASCII text, with very long lines (62318), with no line terminators
Hash 9443018804a3154814fa5227507a2cb8
a2938babbc03e349f9fdd2dd40e357a5bc3081c8
e61b9c285ee4e74f5a88463c27c4b853ab1f0794d8782dd7b0b8446ecb84f9a8
GET /5/2632704 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 24 Sep 2022 11:36:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: ef493012f2e95c2b442ab58d89b1fc76
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=579046efdd454324862e084be28182c3; expires=Sun, 24 Sep 2023 11:36:58 GMT; path=/
oaidts=1664019418; expires=Sun, 24 Sep 2023 11:36:58 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
yts.yts2.net/app/x12.js
104.21.3.99200 OK 3.0 kB IP 104.21.3.99:0
File type ASCII text, with very long lines (11180), with no line terminators
Hash 7f0c811d15a31a93662cfa30df4ef5ea
3f5b8f499bc7f50d2315eadc7cf043d317b60b95
af3050874dc2886642989014b75a7b4734239520ee7d36ea06d4527e41d92beb
Analyzer Verdict Alert fortinet Phishing
GET /app/x12.js HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:58 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 03 Nov 2021 22:39:34 GMT
ETag: W/"61830fa6-2bac"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nr8GbA6lLzuj1isZBi%2BkoI2oYuu8vzQm8D%2F2Nj5LKddYzqU0Tth3NOkgDekAzvwdWpk%2F9%2FbovZuLRJRe4I8382Z8qx80N4zmdofQ0Yh%2FUu%2Ba%2FLAtWGmm0Gvlv3r6BqE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b7cf511c0a-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
inpagepush.com/400/3064505
139.45.197.237200 OK 31 kB URL HTTP/1.1 inpagepush.com/400/3064505
IP 139.45.197.237:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 6ceaf0cb63cfd0e0546ea3b1dba09a2b
a357eaf50a642a70be55751a7bbbd646c2dabcfb
ff5a0a215fe8886f4edfa558756486752fca627814b77a0304cccce449854d8b
Analyzer Verdict Alert fortinet Malware
GET /400/3064505 HTTP/1.1
Host: inpagepush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 24 Sep 2022 11:36:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 3741884ec5d675f6b8dd6903cad6db95
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=a72b1d57ba37407b9229727c9c70ee91; expires=Sun, 24 Sep 2023 11:36:58 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 74f8106f9e79334e1a3e4fa5f1b75f87
e4a34ca9768ccdc8c8e21fcc9e0e35e32a00c6dc
4ebf7b29337dc4098a4c2eee2accb6093cf870cab3d77690cf539b9f289894a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4EBF7B29337DC4098A4C2EEE2ACCB6093CF870CAB3D77690CF539B9F289894A1"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3484
Expires: Sat, 24 Sep 2022 12:35:02 GMT
Date: Sat, 24 Sep 2022 11:36:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 74f8106f9e79334e1a3e4fa5f1b75f87
e4a34ca9768ccdc8c8e21fcc9e0e35e32a00c6dc
4ebf7b29337dc4098a4c2eee2accb6093cf870cab3d77690cf539b9f289894a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4EBF7B29337DC4098A4C2EEE2ACCB6093CF870CAB3D77690CF539B9F289894A1"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3484
Expires: Sat, 24 Sep 2022 12:35:02 GMT
Date: Sat, 24 Sep 2022 11:36:58 GMT
Connection: keep-alive
yts.yts2.net/assets/minified/2bacb5de663bc55f0cbed2b4a7d1504dc.css?2
104.21.3.99200 OK 20 kB URL HTTP/1.1 yts.yts2.net/assets/minified/2bacb5de663bc55f0cbed2b4a7d1504dc.css?2
IP 104.21.3.99:0
File type ASCII text, with very long lines (57580)
Hash f6baa5754564f3db32bfb36cc8c2b8ec
396282b4692ce4c36098ae784df2b1b8750910dd
e9b877d4cfe9778fcb107bbc5c1339b3c5e687f7213c94837dfa32566762e3ee
Analyzer Verdict Alert fortinet Phishing
GET /assets/minified/2bacb5de663bc55f0cbed2b4a7d1504dc.css?2 HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:58 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B2dvJMUCDh8IgfM80Mx35RRlt6Yv4Gf5NnbxhWbGWOjCktpWMu2zc8mAEyNGf1yHaUUcE8Ei%2Bs2NwaXM0l%2B9grubGLAajieCa0PYN3VVeqqcnSu5yPB4yPgN82hpcEU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b62f61b506-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
glimtors.net/zone?pub=0&zone_id=2651991&is_mobile=false&domain=yts.yts2.net&var=&ymid=&var_3=
139.45.197.251200 OK 705 B URL HTTP/2 glimtors.net/zone?pub=0&zone_id=2651991&is_mobile=false&domain=yts.yts2.net&var=&ymid=&var_3=
IP 139.45.197.251:0
File type JSON data\012- , ASCII text, with very long lines (704)
Hash b18d5b02acbe521fa98c14f41a146878
b41fb97c36ff991a2f7472d1a3f6f6155f07baaa
f5d46eb65adae4c5657a5f10f8636ec0f886e1f93770b4e1974de5f198e30266
Analyzer Verdict Alert quad9 Sinkholed
GET /zone?pub=0&zone_id=2651991&is_mobile=false&domain=yts.yts2.net&var=&ymid=&var_3= HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Origin: http://yts.yts2.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:36:58 GMT
content-type: application/json; charset=utf-8
content-length: 705
x-trace-id: f87c278258b0c27d95a7115fbbf2b5c0
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c1aa06d798889a200ee5695421ac8080
332ad6c298960fe24c2004e5ec1665f7eefa90e5
fe43ab8011ca3508c2b811eb55482976c239542e2a0e8de35167f5469e15eddc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "FE43AB8011CA3508C2B811EB55482976C239542E2A0E8DE35167F5469E15EDDC"
Last-Modified: Thu, 22 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13834
Expires: Sat, 24 Sep 2022 15:27:33 GMT
Date: Sat, 24 Sep 2022 11:36:59 GMT
Connection: keep-alive
visitanalytics.userreport.com/hit?t=USRur-core-nomedia&accountId=8304d5a6-2fb4-4e26-bb15-eebf51293e6d&rnd=4uphk2vr1c&dsu=1.c386fb1104692a5d.71a8695d-4d39-4d0f-afe0-230d0a232786.1.1362.86df7ee4169b67f3&med=http%3A%2F%2Fyts.yts2.net%2F
108.138.217.52200 OK 43 B URL HTTP/2 visitanalytics.userreport.com/hit?t=USRur-core-nomedia&accountId=8304d5a6-2fb4-4e26-bb15-eebf51293e6d&rnd=4uphk2vr1c&dsu=1.c386fb1104692a5d.71a8695d-4d39-4d0f-afe0-230d0a232786.1.1362.86df7ee4169b67f3&med=http%3A%2F%2Fyts.yts2.net%2F
IP 108.138.217.52:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hit?t=USRur-core-nomedia&accountId=8304d5a6-2fb4-4e26-bb15-eebf51293e6d&rnd=4uphk2vr1c&dsu=1.c386fb1104692a5d.71a8695d-4d39-4d0f-afe0-230d0a232786.1.1362.86df7ee4169b67f3&med=http%3A%2F%2Fyts.yts2.net%2F HTTP/1.1
Host: visitanalytics.userreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 43
last-modified: Thu, 04 Jun 2020 12:03:06 GMT
x-amz-meta-cb-modifiedtime: Tue, 14 Apr 2015 11:43:27 GMT
x-amz-version-id: vrBc0EhGKa8dl_tujGhI9Fe7xKDJ.7QF
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Sep 2022 09:40:48 GMT
cache-control: no-cache, no-store, must-revalidate
expires: 0
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a3ffeedc8ed545612c2465ea4fb13fbe.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: LziGDxJwsdzBak-G7Bf8FE33z3buMZhpCTTVTuhTOT5oMTSWmlyVPQ==
age: 17510
X-Firefox-Spdy: h2
yts.yts2.net/assets/images/website/banner1080p.png
104.21.3.99200 OK 1.6 kB URL HTTP/1.1 yts.yts2.net/assets/images/website/banner1080p.png
IP 104.21.3.99:0
File type PNG image data, 118 x 91, 8-bit gray+alpha, non-interlaced\012- data
Hash 7028eef7ae02c71d2deaa8732b336b52
8868b6729d736341aa0f6ceef44c3c10912f8b96
285ed5a42f875509d424f98f667e4ff49581ddb68537aab4779f665d001ba128
GET /assets/images/website/banner1080p.png HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A3mM35P91GuduGl5aprF2dOHxUHhquL5Mq8RgyxV6yE%2FHIgo1MjkMC4ei27s3OWzVjPSPgGCtVeJoV475RMyo8UnY7WCiLaYpF%2BUG3LICtWILZhP7yj%2Fxq4c13ES%2Fr4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b8681ab4f9-OSL
alt-svc: h2=":443"; ma=60
yts.yts2.net/assets/images/movies/a_haunting_on_dice_road_2_town_of_the_dead_2017/medium-cover.jpg
104.21.3.99200 OK 25 kB URL HTTP/1.1 yts.yts2.net/assets/images/movies/a_haunting_on_dice_road_2_town_of_the_dead_2017/medium-cover.jpg
IP 104.21.3.99:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash 2ef18015c48e265bd8e0ea6b046a4251
e6441283a6100115256083f485ddc4f8817e6c13
dcde09c38ed7be9391af88998f9ffe8dd212af91aed1fbb42a08c6dec231c5af
GET /assets/images/movies/a_haunting_on_dice_road_2_town_of_the_dead_2017/medium-cover.jpg HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XbBa3OANl%2BiJ9DHUgj1G1w8iEuXKyfP3SFLwRj8OgUU9euu%2FBfTpIABn7RHYOatcIqM%2FP0nyBL9VxyEgDKc%2B6TexEAH%2BvK9wpISjXlUHwytboSeXi86ALsdg%2B7FY1DA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b86d7db51b-OSL
alt-svc: h2=":443"; ma=60
fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap
142.250.74.10200 OK 40 kB URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap
IP 142.250.74.10:0
Hash 5874f3c36acf38baa9810e70b386537b
c3c7460f45d0ae790430e2cbfd9fd3f20dd5565b
435f14459c043f9cc62b4d2c51c307b312b5d7e2f34e41db8a774633fe8a1393
GET /css2?family=Roboto:wght@400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 24 Sep 2022 11:36:58 GMT
date: Sat, 24 Sep 2022 11:36:58 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 11:36:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
metrica-yandex.com/metrika/tag.js?1001
104.21.11.244200 OK 33 kB URL HTTP/2 metrica-yandex.com/metrika/tag.js?1001
IP 104.21.11.244:0
File type ASCII text, with very long lines (60271), with no line terminators
Hash 0909ab343acc7a2c283c1d277f600917
a1bf7eb8b647e92271ee311a2228f85c41924a0f
d54fb00db64ef62ec2846e4f7131384ab68b9ec8f4eb1ac14410ee554d29651e
GET /metrika/tag.js?1001 HTTP/1.1
Host: metrica-yandex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:36:58 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 30 Sep 2021 23:00:22 GMT
etag: W/"61564186-eb6f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 30975393
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r3jnnm6Idazae3Pg4meNQJ6sxlkHgIDz0Z6LJbY35mDtdDRc3k8m9tQdjPUSoh%2FhmHht9SvsEO01Bmc5xgkwIlOTUMc91BIXNeVh49aRAfswDyAjPKKShlO7bk%2FyuYp32wPzbRM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39b63d6eb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 230571
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
yts.yts2.net/assets/fonts/icomoon.woff?fmg7s2
104.21.3.99200 OK 3.6 kB URL HTTP/1.1 yts.yts2.net/assets/fonts/icomoon.woff?fmg7s2
IP 104.21.3.99:0
File type Web Open Font Format, CFF, length 3560, version 0.0\012- data
Hash 4e54891305c71736de2da03f14b57434
fbf29db32b5514cad7a908167ce63c76a91a2f12
332ec1d337a38ad421deff49f3585da56563253756da3870b26b46bd025f96e4
GET /assets/fonts/icomoon.woff?fmg7s2 HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://yts.yts2.net/assets/fonts/fonts.css
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: application/font-woff
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Wed, 21 Sep 2022 14:25:31 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2BaUvMME2cqi9I2wjlnkeLI5dQ%2FTMqNdy9c8uirIBynilEFuSDHkS2fUGoKeCU25gQYvW2XunyaITGsN7XcfuR3BceHGd8%2B%2FW1WA6KQKthcMVySOQXmUbfkMb8bFpf0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b93e92b51b-OSL
alt-svc: h2=":443"; ma=60
yts.yts2.net/assets/fonts/P5sMzZCDf9_T_10ZxCE.woff2
104.21.3.99200 OK 18 kB URL HTTP/1.1 yts.yts2.net/assets/fonts/P5sMzZCDf9_T_10ZxCE.woff2
IP 104.21.3.99:0
File type Web Open Font Format (Version 2), TrueType, length 18364, version 1.0\012- data
Hash d3ee727b257658b2ec8ef91639815c2c
5a7721c4680c382bfd251f10123027e843079ebd
ad69e547e43620390c7d7e192a4d00959602042fecd2be1e131a0a9b3398a36d
Analyzer Verdict Alert fortinet Phishing
GET /assets/fonts/P5sMzZCDf9_T_10ZxCE.woff2 HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://yts.yts2.net/assets/fonts/fonts.css
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Sat, 24 Sep 2022 11:36:59 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5LA4QWkkIrR%2Byn1gNriA9gbgADkC6PlLtgAP64ayh0JBwHhQ5xypAg940fpNPNzEK6M5IXBcEYlJablXUCeiTFMpIyVJQl3oMg4AubTm47dNNZYZM%2B5SAxQz7p3K9Fo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b8d876b4f9-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 11:36:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yts.yts2.net/assets/fonts/glyphicons-halflings-regular.woff
104.21.3.99200 OK 23 kB URL HTTP/1.1 yts.yts2.net/assets/fonts/glyphicons-halflings-regular.woff
IP 104.21.3.99:0
File type Web Open Font Format, TrueType, length 23320, version 1.0\012- data
Hash 68ed1dac06bf0409c18ae7bc62889170
22037a3455914e5662fa51a596677bdb329e2c5c
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e
Analyzer Verdict Alert fortinet Phishing
GET /assets/fonts/glyphicons-halflings-regular.woff HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://yts.yts2.net/assets/minified/2bacb5de663bc55f0cbed2b4a7d1504dc.css?2
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: application/font-woff
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Sat, 24 Sep 2022 11:36:59 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zG%2BY%2F%2BzHUdoXScu6t6oXCJsShct8vBS5X59cx2uy0mEOqENwOQ6%2BLk6YYSKPRpSiviraNv0d%2BFM17bC20806ckQggdCNamN8T2S6PcSzAq9A0SZ3aCPD0WNI4xK%2FwgQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b95b7ab511-OSL
alt-svc: h2=":443"; ma=60
yts.yts2.net/assets/minified/modded1.js?yify=4
104.21.3.99200 OK 45 kB URL HTTP/1.1 yts.yts2.net/assets/minified/modded1.js?yify=4
IP 104.21.3.99:0
File type ASCII text, with very long lines (65452)
Hash 82bc117056e97588c7ba63716676f94f
d92200651622d395797b8841bb05facead4e36b2
ebeff371e1b6c69cea3284066d5c0a7b1e2ed8bcec0e6e4bf56337fac56aa4a5
Analyzer Verdict Alert fortinet Phishing
GET /assets/minified/modded1.js?yify=4 HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jaX7Tz4HPw%2F%2BWLT4PBcd43%2FS5YQXl9lyQzOqx7v%2FeDPrVDtFgM2GPoywgdWcw%2BQdDaFnY7x9umuS9%2FZpDUyqhOv4xtg2nnzizEAk80e7ZnIHd0HcbnHEzK7yZpGJhzU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b759c0b512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.164.68.15200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.164.68.15:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sat, 24 Sep 2022 11:20:46 GMT
Expires: Sat, 24 Sep 2022 11:42:22 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 46b5aeb0e7bcc8895e9b923ffd4a3896.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: v9XQN4SEXWWP8Uhen-zOY-udtZ3HMrDH93PfxAd1nI2xVGYHQ75JJA==
Age: 973
yts.yts2.net/assets/fonts/P5sCzZCDf9_T_10c9CNkiA.woff2
104.21.3.99200 OK 19 kB URL HTTP/1.1 yts.yts2.net/assets/fonts/P5sCzZCDf9_T_10c9CNkiA.woff2
IP 104.21.3.99:0
File type Web Open Font Format (Version 2), TrueType, length 20204, version 1.0\012- data
Hash 381c6ea42b5bee5fc57f3bafeb2524d0
d9573f35c37a1532263109b71ffb65cfd9a5d236
069c9f5132e41fa80dd8995c80b7b40e1a6b17d7288ad343e4a4467823608fbf
Analyzer Verdict Alert fortinet Phishing
GET /assets/fonts/P5sCzZCDf9_T_10c9CNkiA.woff2 HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://yts.yts2.net/assets/fonts/fonts.css
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Sat, 24 Sep 2022 11:36:59 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JMiopgQiXDsI6C9kZa6sz7uoBy8aIX3mWJ1O5KAWJJ7w5HAPk45oWnGTygx49QZamRb36I6QcrDoYcdjJGSM1RX%2FJthJV3qbfamxfGXO7mlotfuc%2F2lSwpDjxtJsvzg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b999a01c0a-OSL
alt-svc: h2=":443"; ma=60
yts.yts2.net/assets/images/movies/snowy_road_2015/medium-cover.jpg
104.21.3.99200 OK 27 kB URL HTTP/1.1 yts.yts2.net/assets/images/movies/snowy_road_2015/medium-cover.jpg
IP 104.21.3.99:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash f97b8f59da1305316400ba1a280fecfa
842e927ef5163f827758fc2276ee1fc6e096f599
d40543d868810424a15e4d2940e3545f0f25ca5cf8f9625c9d5593be0472e63b
GET /assets/images/movies/snowy_road_2015/medium-cover.jpg HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3fY8%2F%2BRaojXfhAKATZXN5ZvHiUXS9mAwuQzvRLR41GDD0UwrcyHHDg2IwkoougMEcUMopBd2XbNdpOxPc%2FBgfy6sffDiA0%2BURQm%2FQNQJUTiaO9NJUDVL%2FyZ8PxsiY5U%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b8697bb506-OSL
alt-svc: h2=":443"; ma=60
yts.yts2.net/assets/images/website/icon-search.svg
104.21.3.99200 OK 559 B URL HTTP/1.1 yts.yts2.net/assets/images/website/icon-search.svg
IP 104.21.3.99:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 35fb1b1fd99b576d4ab009a9354b1752
35eead23367569788b3fcaaa741292a200d84c8e
a850256428026095f291a9b7d892113ad3c797f318b1bc7528f5dbd2c12619e5
Analyzer Verdict Alert fortinet Phishing
GET /assets/images/website/icon-search.svg HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/assets/minified/2bacb5de663bc55f0cbed2b4a7d1504dc.css?2
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:59 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WLF4lX0rRYB0fbf9i0WFTWkUjk0LO1NUATI7upcEo8lKPnnrrwLZqPX2hkdT6v8JKl%2Bz2RnipvfFyoF9JIRJVS8QNLlQQAmkMvX9Hlhxg3oAWEaq6xkecxe5UqHj8U8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b9ef78b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
yts.yts2.net/assets/images/website/rss-icon.png
104.21.3.99200 OK 1.5 kB URL HTTP/1.1 yts.yts2.net/assets/images/website/rss-icon.png
IP 104.21.3.99:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 2374708dade12394d7d0fa4bf0d01636
394287de1c090befdee97dd0b159885776c39180
5f2cd2a2b125f6c2150c3976c43a5e6059b7ab3d67960d745eaa488f83e46d90
GET /assets/images/website/rss-icon.png HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vmzIi081uqYvVPwA2CgAtJFJI0G2ZJhAPO%2Fajz4Z0zGhyYJaYZAqJ5XiYYUlQwTzAoUZhLoWA1IT%2BL6OEuBZEcv56ud6TP89%2BEhtpsucTVGmJRsnIEqR3wLH7D6HN%2F0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39b9e991b4f9-OSL
alt-svc: h2=":443"; ma=60
borrowdefeat.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js
192.243.59.20200 OK 13 kB URL HTTP/1.1 borrowdefeat.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37119), with no line terminators
Hash a674a5bf02a3e6e1cf123e2aeabf371e
478362f595edb7bc43142e7bd374dec8cabc9811
74d07325f212b451e2f75f181ff46f0d471918c47a166fa4f2c5fede020ad710
Analyzer Verdict Alert quad9 Sinkholed
GET /a2/86/90/a286902791a7f4c98bcb1e812322cd78.js HTTP/1.1
Host: borrowdefeat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 532aa052ef9f8d09d15dd0c4b116b9ec
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
yts.yts2.net/assets/images/website/banner720p.png
104.21.3.99200 OK 1.7 kB URL HTTP/1.1 yts.yts2.net/assets/images/website/banner720p.png
IP 104.21.3.99:0
File type PNG image data, 118 x 91, 8-bit/color RGBA, non-interlaced\012- data
Hash 5d1af846e570e691dade89fb8ad1fb2f
49cef29b3c315193171011658add54ff05fb9899
db107528cd0668fa01488c838bd75e37d830e691f754df73ce0d604c3637b4d0
GET /assets/images/website/banner720p.png HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=St8G9XxEs904jgDEUkQ2RzOEaUTlD3YOn7asj%2FOLb7yIBsK11fjYrZHWX1dtDi5oUufqMfo4l7yV9BzZ%2FKn0qDTQvW7ARLiywx%2BJcobCjoa6zx2HiiS0zFuhI6TUSCA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39ba7bfab506-OSL
alt-svc: h2=":443"; ma=60
cdnquality.com/script/ut.js?cb=1664019418258
104.17.72.30200 OK 24 kB URL HTTP/1.1 cdnquality.com/script/ut.js?cb=1664019418258
IP 104.17.72.30:0
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash 247b9ea3eb310459e21f78029267717c
1d7ea226aaf8046de5af9ef7975ad30398f517ad
dd787f72c85d7d6b736c0563371ea98a66542289101d8001a186d5a595ac05dc
GET /script/ut.js?cb=1664019418258 HTTP/1.1
Host: cdnquality.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: ADPycduQc_-Q_yReIjFJgwVVT0zrYteLdYonr0bTqZ1yhOWtytGGRamRauYRrQSHeWt_hzZMc_u8V8APdTAv9p7CZxlNrfpK24t0
x-goog-generation: 1661773552581597
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 71356
x-goog-hash: crc32c=PTRdbg==, md5=xzBO68tQafaL0/qedCGKNg==
x-goog-storage-class: MULTI_REGIONAL
Access-Control-Allow-Origin: *
Expires: Sat, 24 Sep 2022 15:36:59 GMT
Cache-Control: public, max-age=14400
Last-Modified: Mon, 29 Aug 2022 11:45:52 GMT
ETag: W/"c7304eebcb5069f68bd3fa9e74218a36"
CF-Cache-Status: HIT
Age: 898
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bb0e6ab503-OSL
Content-Encoding: gzip
yts.yts2.net/assets/images/movies/the_invitation_2022/medium-cover.jpg
104.21.3.99200 OK 24 kB URL HTTP/1.1 yts.yts2.net/assets/images/movies/the_invitation_2022/medium-cover.jpg
IP 104.21.3.99:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash 18e09bb4aa4350a009527d705786d4df
0fea7cd959be6f6f3b26bd66053460988fe194dc
8c562f783fab6f09bfe0f8fa7e8f3b0d75b8a271655ab0b1e39d8610743a747f
GET /assets/images/movies/the_invitation_2022/medium-cover.jpg HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tIf%2B7O58sIgsEqTgwlDZPc26zdORuZdljn7SJu%2FXGO%2Fc1t6JOez%2FFHhnRCww4Kk2RG6LWQgkgBCOzDTnpyQkEQOjrMeNrZlzozpYrDmfxRtRqYeSb%2BqbDj%2Bvmlb%2B4Ew%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39ba4c7ab512-OSL
alt-svc: h2=":443"; ma=60
matomo.hellohi.me/matomo.js
172.67.219.82301 Moved Permanently 169 B URL HTTP/1.1 matomo.hellohi.me/matomo.js
IP 172.67.219.82:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f3099a531821c476589c3d2d00d53772
8e539d05a8355d6835a56f94b75f405c6e55f6f3
a5287e1cf9fe9dc106bd2172a5b175c7833427866b7819872b1b6fa34b66daef
GET /matomo.js HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 301 Moved Permanently
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://matomo.hellohi.me/matomo.js
Referrer-Policy: origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1194
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xyCst8iIHi%2Ftc%2FhQa2eo0%2FVsJM1exwCvHdtr65Gx66Rpp99nm%2FVW1Up%2Fm6RFvwYQrhKclneBrVWhlZOzmTnnHeTs2f%2BYO4UxsOws3qmYQQ7u3yM4fQIwS9YHYPq5bf6na4ODvg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bb283cb4f4-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a7809de115ea73f8b61f3d20a9978493
01fc65a2b694d7aadd5204d21801e87b2b55b73e
72692486033feeb149424c59576c6c75b17228dfc89b4c369d2e17cc4bff3d52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2332
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 11:36:59 GMT
Last-Modified: Sat, 24 Sep 2022 10:58:07 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
yts.yts2.net/assets/images/movies/bad_girls_go_to_hell_1965/medium-cover.jpg
104.21.3.99200 OK 29 kB URL HTTP/1.1 yts.yts2.net/assets/images/movies/bad_girls_go_to_hell_1965/medium-cover.jpg
IP 104.21.3.99:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash 727a9c1bfe824880fc2fd98dcf7ab0d5
30c3cf3283ee05245e48df1b890ea991aca41250
c1ba6836b6f658ffab0dd0e5b43780ea0ff5b4f28e4132f6315a78cde262856a
GET /assets/images/movies/bad_girls_go_to_hell_1965/medium-cover.jpg HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=54c37OJVbCB8H7Hw%2Fz0pff9PGAQjKDWMentNt2LzLGI6F2VTYdkzqpcCrh3uWxUVyiu7o7djxBmmgnIgrAdvp694CWqPieGXvas1jSr3biJ7tFsTCKrfP4Ikis6lIM0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39ba987bb51b-OSL
alt-svc: h2=":443"; ma=60
sak.userreport.com/51154825e7c34fdb8f52/launcher.js
108.138.233.48200 OK 36 kB URL HTTP/2 sak.userreport.com/51154825e7c34fdb8f52/launcher.js
IP 108.138.233.48:0
File type Unicode text, UTF-8 text, with very long lines (28463), with no line terminators
Hash 151bb45db89aacf723a7af214f7b97b3
110bb7d7f2c3040d9135ed265932cad54af70ad1
c71bd775818f48b8e87878eb3827052150323510753d98ca6ce5dddcf39dc0fd
GET /51154825e7c34fdb8f52/launcher.js HTTP/1.1
Host: sak.userreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 23 May 2022 09:01:02 GMT
x-amz-version-id: puv43SnL5INQghBXWZN4PYhRelo.cmF7
server: AmazonS3
content-encoding: br
date: Sat, 24 Sep 2022 11:36:10 GMT
cache-control: max-age=7200, s-maxage=60
etag: W/"84fd26909f77c7c141450fbdf990b3dc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 07f0ece9786fde9fe26b41b49e10daca.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P4
x-amz-cf-id: piEL8eeYXclmX_gFWIo6lXBW77JLFmSSSd0MiTkvG21V-2uI7xblSA==
age: 56
X-Firefox-Spdy: h2
yts.yts2.net/assets/images/movies/heathers_the_musical_2022/medium-cover.jpg
104.21.3.99200 OK 36 kB URL HTTP/1.1 yts.yts2.net/assets/images/movies/heathers_the_musical_2022/medium-cover.jpg
IP 104.21.3.99:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash 7d629d6c3d7244ddb87ba4fe6fa85c08
88c9c310c243da8a56da4be2e5722371cc12e34d
72b0a21064174757d452f6e7799fb5659a8a2cea38ae2c771cd8e34c234b0011
GET /assets/images/movies/heathers_the_musical_2022/medium-cover.jpg HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wPG5Zne9QBF%2BmC3eVjLcvsUQpD%2F30xXxNd5m8SI6ViOg6iBjlgaViEkLN9qIpCEkFk4RtGMwGtlYrrN%2BhbTDArc2dMdGNZPbfujNlp6zUgTnQtHEf6dNHXk9KXnei%2BQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39baea98b4f9-OSL
alt-svc: h2=":443"; ma=60
yts.yts2.net/assets/images/movies/1314_the_challenge_of_helping_2022/medium-cover.jpg
104.21.3.99200 OK 39 kB URL HTTP/1.1 yts.yts2.net/assets/images/movies/1314_the_challenge_of_helping_2022/medium-cover.jpg
IP 104.21.3.99:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash c1950913896b0f9bf72e8c6dc98c894d
35d1c7c8334b584ed99278181ccf92cc0680fcd8
e4df84eadd74220ac31b0077d0a5095565bd56246dc893a7c2f53e3577043f86
GET /assets/images/movies/1314_the_challenge_of_helping_2022/medium-cover.jpg HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gUVW%2BuRhdOhH6Q6%2By4yneu3t3L7GpdhafeS2hCatDs4kwBAeEAcgXiQ%2BD3NM9ilySXpo%2B%2F7Mj0ITbMvjr4nMdfrN8cD0ilwssOprWYfEn4wZNjASHCLmAMzJ%2FyUCxlQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bb3d75b512-OSL
alt-svc: h2=":443"; ma=60
yts.yts2.net/assets/images/movies/hope_lives_2022/medium-cover.jpg
104.21.3.99200 OK 42 kB URL HTTP/1.1 yts.yts2.net/assets/images/movies/hope_lives_2022/medium-cover.jpg
IP 104.21.3.99:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash 8eec816565276575792f01c9a876ab4b
843c9f63505435795f0ff87002501d96b1780dea
0f1abd1f7470fecb8869e5ba6c009496a993d934e5167761148d238f576b4eb6
GET /assets/images/movies/hope_lives_2022/medium-cover.jpg HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TFMPiEzCxaQVO9jn8MBhVFbvGUVtqJMeZuBwmX8zLiFx4YmI%2FsQ5bmmcvQ%2F%2FOayl8HHzxxZv8cBgRVkJUBXszmOjXsEL8vEBp%2Fb6IvFf1SLT9WWFMGwjXZGK%2BTfFBnI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bb1cb4b506-OSL
alt-svc: h2=":443"; ma=60
youradexchange.com/script/suurl4.php?r=5655310&cbur=0.5902997597050416&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&cbpage=http%3A%2F%2Fyts.yts2.net%2F&cbref=&cbdescription=The%20official%20YTS%20YIFY%20Movies%20Torrents%20website.%20Download%20free%20yify%20movies%20torrents%20in%20720p%2C%201080p%20and%203D%20quality.%20The%20fastest%20downloads%20at%20the%20smallest%20size.&cbkeywords=yts%2C%20yify%2C%20yify%20movies%2C%20yts%20movies%2C%20yts%20torrents%2C%20yify%20movies%2C%20yify%20torrents&cbcdn=cdnquality.com&aggr=0
35.190.41.116200 OK 697 B URL HTTP/1.1 youradexchange.com/script/suurl4.php?r=5655310&cbur=0.5902997597050416&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&cbpage=http%3A%2F%2Fyts.yts2.net%2F&cbref=&cbdescription=The%20official%20YTS%20YIFY%20Movies%20Torrents%20website.%20Download%20free%20yify%20movies%20torrents%20in%20720p%2C%201080p%20and%203D%20quality.%20The%20fastest%20downloads%20at%20the%20smallest%20size.&cbkeywords=yts%2C%20yify%2C%20yify%20movies%2C%20yts%20movies%2C%20yts%20torrents%2C%20yify%20movies%2C%20yify%20torrents&cbcdn=cdnquality.com&aggr=0
IP 35.190.41.116:0
File type JSON data\012- , ASCII text, with very long lines (884)
Hash c2ce830a0cc3a4ae465371a472b00166
0584b5d91078e3337d323207be8815adf9574b31
f733d2baa17bde26993d09b80cae6e827640562126ab4b98ac4690b63c0ba3dc
GET /script/suurl4.php?r=5655310&cbur=0.5902997597050416&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&cbpage=http%3A%2F%2Fyts.yts2.net%2F&cbref=&cbdescription=The%20official%20YTS%20YIFY%20Movies%20Torrents%20website.%20Download%20free%20yify%20movies%20torrents%20in%20720p%2C%201080p%20and%203D%20quality.%20The%20fastest%20downloads%20at%20the%20smallest%20size.&cbkeywords=yts%2C%20yify%2C%20yify%20movies%2C%20yts%20movies%2C%20yts%20torrents%2C%20yify%20movies%2C%20yify%20torrents&cbcdn=cdnquality.com&aggr=0 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://yts.yts2.net/
Origin: http://yts.yts2.net
Connection: keep-alive
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 google
glimtors.net/ntfc.php?p=2651991
139.45.197.251304 Not Modified 0 B URL HTTP/1.1 glimtors.net/ntfc.php?p=2651991
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ntfc.php?p=2651991 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
If-Modified-Since: Tue, 20 Sep 2022 07:25:49 GMT
If-None-Match: W/"63296afd-38a8"
HTTP/1.1 304 Not Modified
Server: nginx
Date: Sat, 24 Sep 2022 11:36:59 GMT
Last-Modified: Tue, 20 Sep 2022 07:25:49 GMT
Connection: keep-alive
ETag: "63296afd-38a8"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
yts.yts2.net/assets/images/movies/a_haunting_on_dice_road_the_hell_house_2016/medium-cover.jpg
104.21.3.99200 OK 33 kB URL HTTP/1.1 yts.yts2.net/assets/images/movies/a_haunting_on_dice_road_the_hell_house_2016/medium-cover.jpg
IP 104.21.3.99:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash 0f68f07cc95fc3103678fe722fdadeb2
33041a3f1c8f1e8ea176ea879cf399039ce15773
15e394bfdf856919cddd704b17e7cc2bc1c53cfa79d23707fead54c6d6412da9
GET /assets/images/movies/a_haunting_on_dice_road_the_hell_house_2016/medium-cover.jpg HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PYBdn29YXKnh62%2BuTGLjbUWyeb7lZqo6xObx7vFX61GIs6xawpVuIjYUZtJZ%2Bd8CQG3WMdcMKmThZUaotxpsJn5ygDacLUMmN1e6Mn7jBqcFDoCJHQBDBGEZCZaqDkI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bb7b461c0a-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash bf3a7be382dcbef4cd3fa4857a16eb6e
4db68adcc35f4af9d6d7f94e54403329589cc0ab
6ede9e2e7184a215d6871ad360c3cda192b2e6a78031bc194b9d5504efc353c6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2360
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 11:36:59 GMT
Last-Modified: Sat, 24 Sep 2022 10:57:39 GMT
Server: ECS (amb/6BA7)
X-Cache: HIT
Content-Length: 278
yts.yts2.net/assets/images/movies/bad_reputation_2018/medium-cover.jpg
104.21.3.99200 OK 21 kB URL HTTP/1.1 yts.yts2.net/assets/images/movies/bad_reputation_2018/medium-cover.jpg
IP 104.21.3.99:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash f2b4f69088a9dabc86e91c6380162d97
ac78371819e67fa57d129ea48d7a34c2f0461306
4ddc5dec52a0de94e8b214740a5ba9ad9696b02d2091c3aa15dfb48849119d61
GET /assets/images/movies/bad_reputation_2018/medium-cover.jpg HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vmzmNR1qf4XYlFYMQ78leIBUpyskHfNsJ4OsVYJ1uAtu7ALWeYq1wazFW8%2BffW335M426ZvO8tmbz2MqsKtQAL6nCbnBCHhDS4IGlKDgBAs37Yhc0liY%2FLOmSQJC%2Fzo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bb79a5b51b-OSL
alt-svc: h2=":443"; ma=60
yts.yts2.net/assets/images/movies/Doom_UNRATED_2005/medium-cover.jpg
104.21.3.99200 OK 23 kB URL HTTP/1.1 yts.yts2.net/assets/images/movies/Doom_UNRATED_2005/medium-cover.jpg
IP 104.21.3.99:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash 1a09c38b1dbbeeb61c39000d36b3c584
0a74e755804a6232ef012600d3ae74f53bde04b3
0d27b740dc737de53ed74cc60784ce26092d04fb8ad8718dc19b55080885020e
GET /assets/images/movies/Doom_UNRATED_2005/medium-cover.jpg HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:59 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aoY1691lQJtbQh76NTcsBZF1xwUW1ds1Ocp6K7Xy%2BuD066BFoMsipKNhkQuWuDa7ube1V9iYWOc4BdRzwzhWCpxeQ3FFk98XeQxtQRgPT52MKJEW7Y9LaB7CEEtZ0EY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bb8b53b4f9-OSL
alt-svc: h2=":443"; ma=60
yts.yts2.net/images/download.png
104.21.3.99200 OK 1.3 kB URL HTTP/1.1 yts.yts2.net/images/download.png
IP 104.21.3.99:0
File type PNG image data, 20 x 21, 8-bit/color RGB, non-interlaced\012- data
Hash c0e74c1af39c0ec8d135af2363a14cf8
0e2fed8eff1137b12d53e466d5daa6c17ba3c594
32c96725715e90eb5659d4f4cea51b06d07afbdb666c360ee4c0a74a1b70c654
GET /images/download.png HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wIzsqg0RBWtmaW9RuRNYM2CdDDSyPhe4H096OJmYXN%2FEIUY9uJblPN5QcruWCLDkRBANG8od6J2RZD8Fxs5ZnW21p%2FGDFcWuPqHFI0bRsjiUU9rt%2F1hxuJPn7wx04R4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bc0edeb512-OSL
alt-svc: h2=":443"; ma=60
yts.yts2.net/helper-js/
104.21.3.99200 OK 1.0 kB IP 104.21.3.99:0
File type ASCII text, with very long lines (2612), with CRLF line terminators
Hash bb2bb3eefccd5534669fa8f38ff8240f
ff299df2c6c4ca647e7da57f977c43c6b1d0c8d3
c13d95fd2b36e7379bb026c16804a9c8a141037542177cd80c87326b101f5a14
Analyzer Verdict Alert fortinet Phishing
GET /helper-js/ HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: s-maxage=0, max-age=0 no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RChcO4blHNWYGdeZ0Ju2SehHuLoHHh6iFr%2B%2Fupm1Z61M4%2FkUB3CPcNupw1vL1vEqCzj%2B0n0hSpaHd%2Fhfb01kJB2v%2BJKKsZl1seJvnCifT4%2BqzYIGjTZPFA9VRyIVN34%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74fb39bc1d84b506-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
yts.yts2.net/assets/images/movies/emily_the_criminal_2022/medium-cover.jpg
104.21.3.99200 OK 33 kB URL HTTP/1.1 yts.yts2.net/assets/images/movies/emily_the_criminal_2022/medium-cover.jpg
IP 104.21.3.99:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3\012- data
Hash fef02df24f27d9358d3695041362c08f
914a3051db0f22bf9f8d7d2419f4fa48426c061e
d0ace16d9a276c19f42a3bf756be6d2c7dfa02f82221f972905166dcce27f11c
GET /assets/images/movies/emily_the_criminal_2022/medium-cover.jpg HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GZJrT0gPf%2FVlz%2Bjkqdm0gSlHH%2BF2%2B34ZA6MTFcRP%2BRxKoaUBakQdv0jXGMglPNDkbQy8o8YOzW8VuuUXQKf7j5jhTz85nOsCotE%2BRtsP8Q7nAsUr29g%2Brh9cNhgfkl4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39ba1c40b511-OSL
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
54.186.209.73101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.209.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dzAo8CYpQ1Ya8Fqar18krQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zlxEM59+IT3P5qEhN/IwKSVWct4=
benumelan.com/42/38?z=3372123
139.45.197.239200 OK 0 B URL HTTP/2 benumelan.com/42/38?z=3372123
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /42/38?z=3372123 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: scm=1; OAID=79331847b038482d90c144d0d3cdd4ab; oaidts=1664019418
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:36:59 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 47f513eec896535b17fb9ca9e795bc9d
access-control-expose-headers: X-Sc
set-cookie: OAID=79331847b038482d90c144d0d3cdd4ab; expires=Sun, 24 Sep 2023 11:36:59 GMT; secure; SameSite=None
oaidts=1664019418; expires=Sun, 24 Sep 2023 11:36:59 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ecma.sidebyz.com/j/m/w2.js.php
172.67.167.53200 OK 528 B URL HTTP/2 ecma.sidebyz.com/j/m/w2.js.php
IP 172.67.167.53:0
File type HTML document, ASCII text, with very long lines (492)
Hash 0449105353cf3fc02147c612886ff1bc
4dd8512753ebc618ddb7fb0b335435681af22944
415db3a23d21d921eddfff8d01e8556d6879fc9156d5882d02e8249baf38d82d
GET /j/m/w2.js.php HTTP/1.1
Host: ecma.sidebyz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:36:59 GMT
content-type: application/javascript; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=csMFOyWx3kzHcU6wPYeYx16M%2BQtarolriye3KcvYWYj%2Buf%2BAra1ShPE9k9NP96k%2FEimZyKF1w4yWCU%2BHcpgIy00YM4J4vgnrpD3o2EuiUYRm3IrJH%2BjfYcuNH%2Fv5M8sUxpEq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fb39bc9df8b506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
yts.yts2.net/assets/images/website/ajax-spinner.gif
104.21.3.99200 OK 38 kB URL HTTP/1.1 yts.yts2.net/assets/images/website/ajax-spinner.gif
IP 104.21.3.99:0
File type GIF image data, version 89a, 84 x 84\012- data
Hash 6c25b2f7efe1457cbe08ab4452e81589
77029c58741ebead12614624d9765648d1bb82ff
04a309929e0e1d64d9aed3b63dbe88f613004a37de9e1ddc8bd7cd6091846ef4
GET /assets/images/website/ajax-spinner.gif HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 18:45:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ON80mLPUzxL1DTd6k3LfFWVrVsmz6Sn%2Bqr7DeSbOG8NaRA4IAnewDtw2STPQ0%2BRPKDiublIzuHajaD0LBASV77J%2BShqMugJiDALyX1qEU3TkHxRUHJyjCa1%2BOaLwnrk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bc7c501c0a-OSL
alt-svc: h2=":443"; ma=60
glimtors.net/pfe/current/universal.min.js?v=3.1.395
139.45.197.251304 Not Modified 0 B URL HTTP/2 glimtors.net/pfe/current/universal.min.js?v=3.1.395
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/universal.min.js?v=3.1.395 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Origin: http://yts.yts2.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 20 Sep 2022 07:25:49 GMT
If-None-Match: W/"63296afd-1fafa"
TE: trailers
HTTP/2 304 Not Modified
server: nginx
date: Sat, 24 Sep 2022 11:36:59 GMT
last-modified: Tue, 20 Sep 2022 07:25:49 GMT
etag: "63296afd-1fafa"
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
glimtors.net/zone?pub=0&zone_id=2651991&is_mobile=false&domain=yts.yts2.net&var=&ymid=&var_3=
139.45.197.251200 OK 705 B URL HTTP/2 glimtors.net/zone?pub=0&zone_id=2651991&is_mobile=false&domain=yts.yts2.net&var=&ymid=&var_3=
IP 139.45.197.251:0
File type JSON data\012- , ASCII text, with very long lines (704)
Hash b18d5b02acbe521fa98c14f41a146878
b41fb97c36ff991a2f7472d1a3f6f6155f07baaa
f5d46eb65adae4c5657a5f10f8636ec0f886e1f93770b4e1974de5f198e30266
Analyzer Verdict Alert quad9 Sinkholed
GET /zone?pub=0&zone_id=2651991&is_mobile=false&domain=yts.yts2.net&var=&ymid=&var_3= HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Origin: http://yts.yts2.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:36:59 GMT
content-type: application/json; charset=utf-8
content-length: 705
x-trace-id: 3a4f734ee554c1d218513706bb04c824
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
dozubatan.com/400/4495524
139.45.197.237200 OK 30 kB URL HTTP/1.1 dozubatan.com/400/4495524
IP 139.45.197.237:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash df8ef9797e4f021bbf4a22c6960d45f9
c4190edc0ea69720dbd93420197b0f670a27f768
d859438a9a45696d6a11b45cf3468b6c216737d86a36b7326b7da07dfe68bffa
GET /400/4495524 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 4df6ff695acb6aca8de04fb1ddee907d
Pragma: no-cache
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=ae38f88a937746fdacf657d003c603fa; expires=Sun, 24 Sep 2023 11:36:59 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 96740ddd9ff9e0bee4d7e614ed52d31b
b2673f83983c7590c1898a953c55e41b100dfea5
8fda915148fb50320311ac62a5c5c2a9272082163301ec77c59c53026b1055e5
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 03:02:15 GMT
Expires: Fri, 30 Sep 2022 03:02:14 GMT
Etag: "b2673f83983c7590c1898a953c55e41b100dfea5"
Cache-Control: max-age=486914,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74fb39beafcd0b65-OSL
ocsp.sca1b.amazontrust.com/
108.138.212.162200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 108.138.212.162:0
Hash b912b648b93421767076bd6436ae2a36
0fc695b3079e70d1d7cf4fa415d4bd00e4350f9d
be7e29208c3efbb0f655fcf49ce1c51889aa4d4af8722f96e17abdc88eca9735
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 11:36:59 GMT
Last-Modified: Sat, 24 Sep 2022 10:21:01 GMT
Server: ECS (nyb/1D34)
X-Cache: Miss from cloudfront
Via: 1.1 ce3edb24525b5cd14ad82bbb2327e8a4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P3
X-Amz-Cf-Id: mpj0Mp4iz03xZzhgu0X2yziAR4xBAhTOxMnc1selKnUZKgTXfrXQHA==
Age: 4559
rndskittytor.com/400/4837723
139.45.197.238200 OK 30 kB URL HTTP/1.1 rndskittytor.com/400/4837723
IP 139.45.197.238:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash e078b3d2c596dd31fe12196c548753e4
97691ad3f5b6eb56b311a0adcb98f778dc904bda
cc9b13046a0843cd452a55408a736840370b19872af0d40112a2028e22ee54d0
Analyzer Verdict Alert quad9 Sinkholed
GET /400/4837723 HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 24 Sep 2022 11:36:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 31468e36a83104693a09f9833090dbb1
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=2ba4ab8eeb58438aa0ad19fd57e94183; expires=Sun, 24 Sep 2023 11:36:59 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
simplewebanalysis.com/stats
52.29.95.124200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
File type ASCII text, with no line terminators
Hash 7a3a793f2734adeb0ee02032fa354993
86d8799ab065460fe389ce282c7695532ac9148f
5ac1da0f5241c2b6b389dc521004845242937e1582ecbb73602db8acaf21f29e
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:37:00 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
set-cookie: uid_id2=cfbeeb80-9b61-4632-9e0e-e1fd72bf5138:2:1; expires=Tue, 21 Sep 2032 11:37:00 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
creepingbrings.com/sfp.js
172.64.163.10200 OK 23 kB URL HTTP/1.1 creepingbrings.com/sfp.js
IP 172.64.163.10:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 487ad2b48cd98e36abf708a3b60f4a36
ccf7b110523d50bb619becd48c3f013cc5fdce87
768eff747f795e1232d182eb859170e32d4f06ed29da872c09af5363c459668f
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:37:00 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 7f5ea6f8c9bda3eccfe703bfb85abfa4
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 24 Sep 2022 11:36:59 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wk6QA36q3Q0khiW23wXjmKIz5tdaXzxOGBqKs2iS1QBkYSk6Nv8QBtdOMSTtYpAfK5kz%2Bvhzxbr5roV8%2Fq3ixQmpnz58yxUkMURBXPu%2BiJBG6uI8gUXAiibx2MovQ2aT%2FLdrVuc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39bdfac20686-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash af56ebb29d27fb6a049680fe85c8828b
235a3579a72192a6a1fc0366d6d8671e2630b9f5
68454f522f57ca84315459fbf178251544804533512e9bebb8a6e3f3bce12895
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:37:00 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 22 Sep 2022 18:25:22 GMT
Expires: Thu, 29 Sep 2022 18:25:21 GMT
Etag: "235a3579a72192a6a1fc0366d6d8671e2630b9f5"
Cache-Control: max-age=455900,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74fb39be6d08b51b-OSL
my.rtmark.net/gid.js?userId=579046efdd454324862e084be28182c3
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=579046efdd454324862e084be28182c3
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash e18981255b7bf0cd0485b95cbd4574a0
e5d43cffa1d8212a238be3b51f9ce9338a94bfa4
d34deadd58212c70bbc7b2f5fdeec429c2efe018d64996bc8efcfbba7a6f0ff0
GET /gid.js?userId=579046efdd454324862e084be28182c3 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=579046efdd454324862e084be28182c3; expires=Sun, 24 Sep 2023 11:37:00 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
benumelan.com/5/2632704
139.45.197.239200 OK 23 kB IP 139.45.197.239:0
File type ASCII text, with very long lines (62297), with no line terminators
Hash 5e63c2d796a4dacb396867d0de311781
b59f305cdc4a7ba2813e336aa8e3d607214e4aa3
36e4753b888cd7c77ba901893f3a7f6f889d2419ea81af512ce47f0fcf74f9ac
GET /5/2632704 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 24 Sep 2022 11:37:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 386bd13356e0869bc68dfd5c3b909fe0
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=012133489509478f8689775ef6017c10; expires=Sun, 24 Sep 2023 11:37:00 GMT; path=/
oaidts=1664019420; expires=Sun, 24 Sep 2023 11:37:00 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
overzubatan.com/5/2632704
139.45.197.239200 OK 23 kB URL HTTP/1.1 overzubatan.com/5/2632704
IP 139.45.197.239:0
File type ASCII text, with very long lines (62342), with no line terminators
Hash bcfc5930847388b5ebedb25bdcb9217b
b57fe9c3e57a6ad59cce6023ae8a14f5b2cbd15b
83f99174d1228421416475c98306e5434c5a82733f58943553013b2674453cac
GET /5/2632704 HTTP/1.1
Host: overzubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 24 Sep 2022 11:37:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 7eae686e6ce42752cfe193ad0b5d1fca
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=1d7d82b29718490d951f3424c5644248; expires=Sun, 24 Sep 2023 11:37:00 GMT; path=/
oaidts=1664019420; expires=Sun, 24 Sep 2023 11:37:00 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
s7.addthis.com/js/300/addthis_widget.js
23.38.200.123308 Permanent Redirect 171 B URL HTTP/1.1 s7.addthis.com/js/300/addthis_widget.js
IP 23.38.200.123:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 3c417e9efbcaeb3bf7e7df75cf3b22fd
00465aec6b8ec302eae8abb99678fc5c09c3f343
21bd143d38dbbae427615a7266a86a18dc95c417f3e510632d7a9180d98d3571
GET /js/300/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 308 Permanent Redirect
Server: nginx/1.15.8
Content-Type: text/html
Content-Length: 171
Location: https://s7.addthis.com/js/300/addthis_widget.js
Date: Sat, 24 Sep 2022 11:37:00 GMT
Connection: keep-alive
X-Distribution: 99
X-Host: s7.addthis.com
yts.yts2.net/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1664006400
104.21.3.99200 OK 15 kB URL HTTP/1.1 yts.yts2.net/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1664006400
IP 104.21.3.99:0
File type ASCII text, with very long lines (36481), with no line terminators
Hash 85a12ab7012eeaac2423e78290049735
e12ecb6b4452c7b241df2d39363936093e896bc7
863e562544bdfbc55d50066025aa2c71fc6d63853fe37bfff7ef469552cab411
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1664006400 HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:37:00 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: max-age=14400, public
x-control-type-options: nosniff
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fz0yTqYNGFIXlMoSCRJLYuuBAVr%2BW9tAHx3MBDUV6OZdzXxfswnAelGOUHptBXzTspBA5nL91gDp6sTp30cuDwIR4DbN1ZWrzIeF7rHK9qQD%2FdH8WoS%2B6K5C5J6HYYc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74fb39c0ac5fb511-OSL
alt-svc: h2=":443"; ma=60
glimtors.net/custom
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
OPTIONS /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://yts.yts2.net/
Origin: http://yts.yts2.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=459129ff17f649f389ebce8fb69cdd6a&zoneId=2651991&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=459129ff17f649f389ebce8fb69cdd6a&zoneId=2651991&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash e18981255b7bf0cd0485b95cbd4574a0
e5d43cffa1d8212a238be3b51f9ce9338a94bfa4
d34deadd58212c70bbc7b2f5fdeec429c2efe018d64996bc8efcfbba7a6f0ff0
GET /gid.js?pub=0&userId=459129ff17f649f389ebce8fb69cdd6a&zoneId=2651991&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Origin: http://yts.yts2.net
Connection: keep-alive
Cookie: ID=579046efdd454324862e084be28182c3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=579046efdd454324862e084be28182c3; expires=Sun, 24 Sep 2023 11:37:00 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
glimtors.net/custom
139.45.197.251200 OK 39 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
POST /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Content-Type: application/json
Origin: http://yts.yts2.net
Content-Length: 360
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: ffba983520a68677d48cb94243e3c29e
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
dozubatan.com/400/4495524
139.45.197.237200 OK 30 kB URL HTTP/1.1 dozubatan.com/400/4495524
IP 139.45.197.237:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash df8ef9797e4f021bbf4a22c6960d45f9
c4190edc0ea69720dbd93420197b0f670a27f768
d859438a9a45696d6a11b45cf3468b6c216737d86a36b7326b7da07dfe68bffa
GET /400/4495524 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 24 Sep 2022 11:37:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 49ee3a59789c71db9089cff118b1021a
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=8125f35db4ff4ed4a0c0a54a5fa85e50; expires=Sun, 24 Sep 2023 11:37:00 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 8e1ac5e5fc05be7f0113670ad02f3ef9
2061d26094c24893ca931f12d593ea0a2040b5ec
54a50e2e673a6008a37dcc81db0fdf5809f40b270844cf99cdfae9e2f3a0fd10
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:37:00 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Wed, 28 Sep 2022 09:17:42 GMT
ETag: "2061d26094c24893ca931f12d593ea0a2040b5ec"
Last-Modified: Sat, 24 Sep 2022 09:17:43 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2484
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39c19c52b523-OSL
yts.yts2.net/assets/images/website/apple-touch-icon-180x180.png
104.21.3.99200 OK 7.0 kB URL HTTP/1.1 yts.yts2.net/assets/images/website/apple-touch-icon-180x180.png
IP 104.21.3.99:0
File type PNG image data, 152 x 152, 8-bit/color RGB, non-interlaced\012- data
Hash f87afcf11d459620ff02da6112365db2
d09e6d4e7db706569474bfb7ec93f31ccbd6ed69
a70913fad67537f16d871e4c456c8f4484106f6d4ef3e12fa3c3b2eceefee508
GET /assets/images/website/apple-touch-icon-180x180.png HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:37:00 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Sat, 24 Sep 2022 11:37:00 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e6%2BVCNsvkHO7fjR0qkSt3otIdWxK221PSQdT9D18C1kkyGooLJS5qxjluP6zPyAeLLGivBS%2FVR5pO%2FFxImskXPSdbl5%2FOzbxdcyotXYreXa7GtpnXHhoNvc1LJ0fK3Q%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39c0ab4bb512-OSL
alt-svc: h2=":443"; ma=60
dozubatan.com/400/4495524
139.45.197.237200 OK 30 kB URL HTTP/1.1 dozubatan.com/400/4495524
IP 139.45.197.237:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash df8ef9797e4f021bbf4a22c6960d45f9
c4190edc0ea69720dbd93420197b0f670a27f768
d859438a9a45696d6a11b45cf3468b6c216737d86a36b7326b7da07dfe68bffa
GET /400/4495524 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 24 Sep 2022 11:37:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: ad7db8c1e1591cacbfd5e8079570918a
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=8150c463b531494a99710db098614a7d; expires=Sun, 24 Sep 2023 11:37:00 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
yts.yts2.net/assets/images/website/favicon-16x16.png
104.21.3.99200 OK 619 B URL HTTP/1.1 yts.yts2.net/assets/images/website/favicon-16x16.png
IP 104.21.3.99:0
File type PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced\012- data
Hash ea830fdd4f9a6d19aa7455dabdac987a
b0d567d6b4d40959e1bd44032f6bc2331057b319
71148160c085a70d1af7708c1d52cfcf39f8ef6e4ce13f0f20c080b2e19195db
GET /assets/images/website/favicon-16x16.png HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:37:00 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Sat, 24 Sep 2022 11:37:00 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TvgRLbteidTmPNyrOEw0Q%2Ba%2Bkp8HxfVNP0DgjlGnkSGEeprUXlOLrT99KChqmnX1Ocmp9jtVUzO57TjL9rwxDs7rm8BEcCEtWlGm5Azf%2F4sgr4jn5jWL8Xq%2BQiDqxUk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fb39c0aab9b506-OSL
alt-svc: h2=":443"; ma=60
s7.addthis.com/js/300/addthis_widget.js
23.38.200.123200 OK 116 kB URL HTTP/2 s7.addthis.com/js/300/addthis_widget.js
IP 23.38.200.123:0
File type ASCII text, with very long lines (54602)
Size 116 kB (116423 bytes)
Hash d5b9b7a3accd3b7b7de639c072ae3ee2
9583b5c046d78af5c6379d844219f828aa2222d0
648dad6716bb917c7d981e7772fca499d9583717fd83ffef47b0534cb9132b60
GET /js/300/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-5834c"
cache-control: public, max-age=600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 116423
date: Sat, 24 Sep 2022 11:37:00 GMT
vary: Accept-Encoding
x-distribution: 99
x-host: s7.addthis.com
X-Firefox-Spdy: h2
matomo.hellohi.me/matomo.php?action_name=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&idsite=1&rec=1&r=237153&h=11&m=36&s=59&url=http%3A%2F%2Fyts.yts2.net%2F&_id=2a8ef1efd733a398&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=G56nLa&pf_net=4&pf_srv=329&pf_tfr=174&pf_dm1=1588
172.67.219.82301 Moved Permanently 169 B URL HTTP/1.1 matomo.hellohi.me/matomo.php?action_name=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&idsite=1&rec=1&r=237153&h=11&m=36&s=59&url=http%3A%2F%2Fyts.yts2.net%2F&_id=2a8ef1efd733a398&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=G56nLa&pf_net=4&pf_srv=329&pf_tfr=174&pf_dm1=1588
IP 172.67.219.82:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f3099a531821c476589c3d2d00d53772
8e539d05a8355d6835a56f94b75f405c6e55f6f3
a5287e1cf9fe9dc106bd2172a5b175c7833427866b7819872b1b6fa34b66daef
POST /matomo.php?action_name=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&idsite=1&rec=1&r=237153&h=11&m=36&s=59&url=http%3A%2F%2Fyts.yts2.net%2F&_id=2a8ef1efd733a398&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=G56nLa&pf_net=4&pf_srv=329&pf_tfr=174&pf_dm1=1588 HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 301 Moved Permanently
Date: Sat, 24 Sep 2022 11:37:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://matomo.hellohi.me/matomo.php?action_name=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&idsite=1&rec=1&r=237153&h=11&m=36&s=59&url=http%3A%2F%2Fyts.yts2.net%2F&_id=2a8ef1efd733a398&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=G56nLa&pf_net=4&pf_srv=329&pf_tfr=174&pf_dm1=1588
Referrer-Policy: origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TD8z47YQnEGq2cufcIJyaqxQL3n4eNGZ9q1o2soTB9g4ZENUUgGBxMHzCIH3WvVtTRbySb6pYTDmTPkYVtFOE7XPVpvWi5I%2BTsVWBWzO0P03w0i5HAlZZMGjk%2BasGmb7edSLSA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74fb39c17e02b4f4-OSL
alt-svc: h2=":443"; ma=60
mc.yandex.ru/metrika/tag.js
77.88.21.119200 OK 72 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 77.88.21.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (593)
Hash 7a68c8644032413981e4ba5bc0d66c4a
2d46ca8055e8577ae7138140e34a6e633434973c
e0573e9a9cbfc3f00a921fa64c50270f5941a1ebb253ab70af2cc0dac45cb0d5
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 72341
date: Sat, 24 Sep 2022 11:37:00 GMT
access-control-allow-origin: *
etag: "632d6d03-11a95"
expires: Sat, 24 Sep 2022 12:37:00 GMT
last-modified: Fri, 23 Sep 2022 11:23:31 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
yts.yts2.net/cdn-cgi/challenge-platform/h/b/cv/result/74ba9c653e53d69a
104.21.3.99200 OK 28 B URL HTTP/1.1 yts.yts2.net/cdn-cgi/challenge-platform/h/b/cv/result/74ba9c653e53d69a
IP 104.21.3.99:0
File type ASCII text, with no line terminators
Hash 86de097d54457ad4fbf85150ea2dc2fb
194863f4b15ecf7eb4f38bf7ed46b688289be8a4
6301b31e8f84ba8a7465199ebf1c2341253198f21763ad7e7cf6fdebe3d832ec
Analyzer Verdict Alert fortinet Phishing
POST /cdn-cgi/challenge-platform/h/b/cv/result/74ba9c653e53d69a HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 11743
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: _pk_id.1.a8e0=2a8ef1efd733a398.1664019419.; _pk_ses.1.a8e0=1
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:37:00 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cf_bm=ZfovDt1LCse5Bc1LudmXEUNUM8RsL74EOtbNRBDie78-1664019420-0-ATxd/7gRbDrOYy4+hs39yb6DamE3lrK5aCT37chwEz9bBO6aLFkkJIR09WTDfEl+Ig==; path=/; expires=Sat, 24-Sep-22 12:07:00 GMT; domain=.yts2.net; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zk5vXgKxi%2B6EI8u2%2Bseite22kvK8Std3QKIDsk7zFCnuYSyVwhSmg79xQiOE6c%2Flo1dTqKog1T67Ptsfb4P8LOl7kO84YoGh5uwm8qZYHpe%2FTteLTiXI%2BEgFBCcEDoE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74fb39c3ef4cb512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
benumelan.com/9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.yts2.net%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=d6nc548331sq568285528e1y5cngy431
139.45.197.239204 No Content 0 B URL HTTP/2 benumelan.com/9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.yts2.net%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=d6nc548331sq568285528e1y5cngy431
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.yts2.net%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=d6nc548331sq568285528e1y5cngy431 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://yts.yts2.net/
Origin: http://yts.yts2.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=d6nc548331sq568285528e1y5cngy431
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=d6nc548331sq568285528e1y5cngy431
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash e18981255b7bf0cd0485b95cbd4574a0
e5d43cffa1d8212a238be3b51f9ce9338a94bfa4
d34deadd58212c70bbc7b2f5fdeec429c2efe018d64996bc8efcfbba7a6f0ff0
GET /gid.js?userId=d6nc548331sq568285528e1y5cngy431 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: ID=579046efdd454324862e084be28182c3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=579046efdd454324862e084be28182c3; expires=Sun, 24 Sep 2023 11:37:00 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=d6nc548331sq568285528e1y5cngy431
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=d6nc548331sq568285528e1y5cngy431
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash e18981255b7bf0cd0485b95cbd4574a0
e5d43cffa1d8212a238be3b51f9ce9338a94bfa4
d34deadd58212c70bbc7b2f5fdeec429c2efe018d64996bc8efcfbba7a6f0ff0
GET /gid.js?userId=d6nc548331sq568285528e1y5cngy431 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: ID=579046efdd454324862e084be28182c3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=579046efdd454324862e084be28182c3; expires=Sun, 24 Sep 2023 11:37:00 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 722ef108c4d4fc81d56f8a6c10adcffb
4db06d907ef3eaaf9aa08d9a7ec559206f94469c
db67bd24af8e50a7af38451c2febe20ec4c1eaf713e6e6bcc5ed4b1d55d24098
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DB67BD24AF8E50A7AF38451C2FEBE20EC4C1EAF713E6E6BCC5ED4B1D55D24098"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6858
Expires: Sat, 24 Sep 2022 13:31:18 GMT
Date: Sat, 24 Sep 2022 11:37:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dcd8465cf93abf138d43d74e184850ae
74597e9ef283f2df6d5570c43278acf172951ac1
570a7924c3e4e7f81cd293bd1469601c5fdd1154f0ee5be56a76191a989ce8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "570A7924C3E4E7F81CD293BD1469601C5FDD1154F0EE5BE56A76191A989CE8E7"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13939
Expires: Sat, 24 Sep 2022 15:29:19 GMT
Date: Sat, 24 Sep 2022 11:37:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7961
Expires: Sat, 24 Sep 2022 13:49:41 GMT
Date: Sat, 24 Sep 2022 11:37:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7961
Expires: Sat, 24 Sep 2022 13:49:41 GMT
Date: Sat, 24 Sep 2022 11:37:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7960
Expires: Sat, 24 Sep 2022 13:49:41 GMT
Date: Sat, 24 Sep 2022 11:37:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7960
Expires: Sat, 24 Sep 2022 13:49:41 GMT
Date: Sat, 24 Sep 2022 11:37:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7960
Expires: Sat, 24 Sep 2022 13:49:41 GMT
Date: Sat, 24 Sep 2022 11:37:01 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d78fe23-176d-4858-a42b-1f7944845b79.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d78fe23-176d-4858-a42b-1f7944845b79.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2255aa8ee173094449d814a20238a8ac
7d480011939a32baf53926a144eac807ac397bcb
1db716c4c69c851100e788f78bd7c04282d6878068361e06a29fe44dd6ffee32
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d78fe23-176d-4858-a42b-1f7944845b79.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4866
x-amzn-requestid: d96de29c-d64e-415e-9cf7-85a0fad34967
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7tCNGjuoAMFpeA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2874-548fc71f4a4a9ad74298ee7a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:43:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: SBMDqLaDDc-YOHE3gTp-QZSOxwzpsjHi8tLMpoQUmm8XqNdr3HFYmg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:51:18 GMT
age: 49543
etag: "7d480011939a32baf53926a144eac807ac397bcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 55d224ac83a417772c98bc5080fb6689
a30f9044330824e70dde0dcc785890d981e6fdf5
b2ea4dea200109019a65834b98e31e8fac718a199513810a2819858be2b4470a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9935
x-amzn-requestid: 9eb8463d-172a-40a2-8eed-3c97b1260afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sQ5FARoAMFXQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2738-3709a2f22ecc033532223b26;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:38:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: e5eETCL5yFnoG4HPx0Qv8hjGnlXx5vOL4syMx9uato8nuIHkSvMezg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:53:50 GMT
age: 49391
etag: "a30f9044330824e70dde0dcc785890d981e6fdf5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa150280eb113504d61a25935c0f0127
ed04f74fbb4c77b21e2babc51a82857f5e23d169
07df17fffb391aa82efb09e30d97e88fa4dbe6df00e37bb90304f69179f4848e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10032
x-amzn-requestid: 521c4012-9834-4100-a7ed-30093502f1a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPBHGYoAMFh-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-77b03c321240d76a572d603a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lAQOV9_fZ2RFvhRKMtDOeRTWJc-Jo1u-DrtJshcQuCSOUXVbNMjhaw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:56:56 GMT
age: 49205
etag: "ed04f74fbb4c77b21e2babc51a82857f5e23d169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8d9af95acfc8b9b431eb1e020157f6d
f6f926be6e265a597aaede424f05fcd7c76fcc20
0b61d6cb0e0908cb8d303b9e951e2854166bd232e0291b5d698a6b757c064e88
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6386
x-amzn-requestid: 4380489e-d0ba-4f67-ac4f-67619ba34422
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7shGHryIAMF6zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e27a0-005f9c783c7722f16c178026;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:39:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: RuUOjTDRTkcaGFf_hTWrHZ89edOajgGUdl5PjbaUV7CUppat6IYsRg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:52:36 GMT
age: 49465
etag: "f6f926be6e265a597aaede424f05fcd7c76fcc20"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
benumelan.com/9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.yts2.net%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=d6nc548331sq568285528e1y5cngy431
139.45.197.239200 OK 11 kB URL HTTP/2 benumelan.com/9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.yts2.net%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=d6nc548331sq568285528e1y5cngy431
IP 139.45.197.239:0
Hash c8eec2a891448b2fc89accae7bc0383c
2e62fc2c745a9acb606af6970cbd2c304b3d8fcf
4e56b6583fdc4b29264d0ed90386ce687c9f5c8cf6451dda07dcefb0de831f5d
POST /9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.yts2.net%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=d6nc548331sq568285528e1y5cngy431 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 330
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: scm=1; OAID=79331847b038482d90c144d0d3cdd4ab; oaidts=1664019418
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: c12d7168a643f4f83046fe5018763983
access-control-expose-headers: X-Sc
set-cookie: OAID=d6nc548331sq568285528e1y5cngy431; expires=Sun, 24 Sep 2023 11:37:00 GMT; secure; SameSite=None
oaidts=1664019418; expires=Sun, 24 Sep 2023 11:37:00 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9444e811-e2d5-4901-a86d-9e9269a6f846.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9444e811-e2d5-4901-a86d-9e9269a6f846.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3b6b51846ec2b7d856b7dc12e4d720f4
5a69190a9a778a6979e11fafedd43e1031caf8e2
a497c04d1c9d0be88aa9c288423346e83c6a7b296295387b3b7b855c550492a2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9444e811-e2d5-4901-a86d-9e9269a6f846.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10927
x-amzn-requestid: a4c6c1b1-3777-4410-bef1-5dd2518af86a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCjSEqfIAMF1kA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e14-4cdfc5ea1c42120d4a085752;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:08 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 2E3NtoZf88ePzaJgYpYqQhdCwUvRUcxFeqi3UAmx3INau5OGS6dHPQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 22:08:59 GMT
age: 48482
etag: "5a69190a9a778a6979e11fafedd43e1031caf8e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
z.moatads.com/addthismoatframe568911941483/moatframe.js
23.38.201.146200 OK 948 B URL HTTP/2 z.moatads.com/addthismoatframe568911941483/moatframe.js
IP 23.38.201.146:0
File type ASCII text, with very long lines (523)
Hash f14b4e1f799b14f798a195f43cf58376
b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86
92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac
GET /addthismoatframe568911941483/moatframe.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
x-amz-request-id: 61EC92F13BB22DD4
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-type: application/x-javascript
content-length: 948
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=20209
date: Sat, 24 Sep 2022 11:37:01 GMT
X-Firefox-Spdy: h2
s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
23.38.200.123200 OK 26 kB URL HTTP/2 s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
IP 23.38.200.123:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63757)
Hash 707317ccaabe08d32d1bd781754e6871
bb82dcd3e044c960e0861c2ce878f5504e628f78
d0a164ece41c61aec26517fb645646f5ba91f72ea5448eff1ee6c393b7c53051
GET /static/sh.f48a1a04fe8dbf021b4cda1d.html HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Sat, 24 Sep 2022 11:37:01 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
v1.addthisedge.com/live/boost/ra-56896aba6888ef3e/_ate.track.config_resp
23.38.200.123200 OK 781 B URL HTTP/2 v1.addthisedge.com/live/boost/ra-56896aba6888ef3e/_ate.track.config_resp
IP 23.38.200.123:0
File type ASCII text, with very long lines (2972), with no line terminators
Hash 4ca13a8818d6714a20008f71d15429f9
57f62401730efea6a41352b30d82eee59a6c8483
a424f95ab7529ef369593d41a0b3a07aef3ebccd9af91f67188d1acbf32ea4fd
GET /live/boost/ra-56896aba6888ef3e/_ate.track.config_resp HTTP/1.1
Host: v1.addthisedge.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 781
etag: 96635934--gzip
content-disposition: attachment; filename=1.txt
content-encoding: gzip
cache-control: public, max-age=60, s-maxage=86400
date: Sat, 24 Sep 2022 11:37:01 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
mc.yandex.ru/watch/86221166?wmode=7&page-url=http%3A%2F%2Fyts.yts2.net%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A961%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A917127036897%3Ahid%3A685356246%3Az%3A0%3Ai%3A20220924113659%3Aet%3A1664019420%3Ac%3A1%3Arn%3A37948402%3Arqn%3A1%3Au%3A166401942084189488%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C1%2C329%2C0%2C-6%2C0%2C%2C1611%2C5%2C%2C%2C%2C2184%3Ans%3A1664019416985%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664019420%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
77.88.21.119302 Found 33 kB URL HTTP/2 mc.yandex.ru/watch/86221166?wmode=7&page-url=http%3A%2F%2Fyts.yts2.net%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A961%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A917127036897%3Ahid%3A685356246%3Az%3A0%3Ai%3A20220924113659%3Aet%3A1664019420%3Ac%3A1%3Arn%3A37948402%3Arqn%3A1%3Au%3A166401942084189488%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C1%2C329%2C0%2C-6%2C0%2C%2C1611%2C5%2C%2C%2C%2C2184%3Ans%3A1664019416985%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664019420%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type gzip compressed data, from Unix\012- data
Hash 4bdbadd335465a68d3520ef6fea6ef42
655e8482b039c691190fd080c076e68e5f57708b
c4f697ac4a0251edbb81e87b450635576554df336cc95199afef7103570a2033
GET /watch/86221166?wmode=7&page-url=http%3A%2F%2Fyts.yts2.net%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A961%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A917127036897%3Ahid%3A685356246%3Az%3A0%3Ai%3A20220924113659%3Aet%3A1664019420%3Ac%3A1%3Arn%3A37948402%3Arqn%3A1%3Au%3A166401942084189488%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C1%2C329%2C0%2C-6%2C0%2C%2C1611%2C5%2C%2C%2C%2C2184%3Ans%3A1664019416985%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664019420%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/86221166/1?wmode=7&page-url=http%3A%2F%2Fyts.yts2.net%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A961%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A917127036897%3Ahid%3A685356246%3Az%3A0%3Ai%3A20220924113659%3Aet%3A1664019420%3Ac%3A1%3Arn%3A37948402%3Arqn%3A1%3Au%3A166401942084189488%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C1%2C329%2C0%2C-6%2C0%2C%2C1611%2C5%2C%2C%2C%2C2184%3Ans%3A1664019416985%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664019420%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Sat, 24 Sep 2022 11:37:01 GMT
access-control-allow-origin: http://yts.yts2.net
set-cookie: yandexuid=17212501664019421; Expires=Sun, 24-Sep-2023 11:37:01 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=17212501664019421; Expires=Sun, 24-Sep-2023 11:37:01 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1131898891664019421; Path=/; SameSite=None; Secure
i=mv1t9osAq5chsG/Qb5ROLTGAZKd6bcWPCscIMFeXhK0lUOkLobdG87ac4vhi7ZqzF1nK+VjJRe4oQoKg8jKsBKWS5iE=; Expires=Tue, 21-Sep-2032 11:36:59 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1695555421.yrts.1664019421#1695555421.yrtsi.1664019421; Expires=Sun, 24-Sep-2023 11:37:01 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 24-Sep-2022 11:37:01 GMT
last-modified: Sat, 24-Sep-2022 11:37:01 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
m.addthis.com/live/red_lojson/300lo.json?si=632eebdbec0c58ba&bkl=0&bl=1&pdt=666&sid=632eebdbec0c58ba&pub=ra-56896aba6888ef3e&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=yts.yts2.net&fp=&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=yts%2Cyify%2Cyify%20movies%2Cyts%20movies%2Cyts%20torrents%2Cyify%20movies%2Cyify%20torrents&colc=1664019419954&jsl=0&uvs=632eebdb38bcda4e000&skipb=1&callback=addthis.cbs.jsonp__42865913423868830
23.38.200.123200 OK 89 B URL HTTP/2 m.addthis.com/live/red_lojson/300lo.json?si=632eebdbec0c58ba&bkl=0&bl=1&pdt=666&sid=632eebdbec0c58ba&pub=ra-56896aba6888ef3e&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=yts.yts2.net&fp=&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=yts%2Cyify%2Cyify%20movies%2Cyts%20movies%2Cyts%20torrents%2Cyify%20movies%2Cyify%20torrents&colc=1664019419954&jsl=0&uvs=632eebdb38bcda4e000&skipb=1&callback=addthis.cbs.jsonp__42865913423868830
IP 23.38.200.123:0
File type ASCII text, with no line terminators
Hash e9cbbb0c1cfab9fc84f1e9876af5b598
70556950979ae01d0446b368a55a2ffce888d62c
fb806ea185f9bf374a7090e67cb286abb547233d203d7b0ab578f24d3a8b6bd8
GET /live/red_lojson/300lo.json?si=632eebdbec0c58ba&bkl=0&bl=1&pdt=666&sid=632eebdbec0c58ba&pub=ra-56896aba6888ef3e&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=yts.yts2.net&fp=&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=yts%2Cyify%2Cyify%20movies%2Cyts%20movies%2Cyts%20torrents%2Cyify%20movies%2Cyify%20torrents&colc=1664019419954&jsl=0&uvs=632eebdb38bcda4e000&skipb=1&callback=addthis.cbs.jsonp__42865913423868830 HTTP/1.1
Host: m.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 89
cache-control: max-age=0, no-cache, no-store, no-transform
pragma: no-cache
content-disposition: attachment; filename=1.txt
date: Sat, 24 Sep 2022 11:37:01 GMT
X-Firefox-Spdy: h2
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://yts.yts2.net/
Content-Type: text/plain;charset=UTF-8
Origin: http://yts.yts2.net
Content-Length: 1696
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 24 Sep 2022 11:37:18 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: http://yts.yts2.net
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
matomo.hellohi.me/matomo.php?action_name=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&idsite=1&rec=1&r=892453&h=11&m=36&s=59&url=http%3A%2F%2Fyts.yts2.net%2F&_id=2a8ef1efd733a398&_idn=0&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=8zK1on&pf_net=4&pf_srv=329&pf_tfr=174&pf_dm1=1588
172.67.219.82301 Moved Permanently 169 B URL HTTP/1.1 matomo.hellohi.me/matomo.php?action_name=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&idsite=1&rec=1&r=892453&h=11&m=36&s=59&url=http%3A%2F%2Fyts.yts2.net%2F&_id=2a8ef1efd733a398&_idn=0&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=8zK1on&pf_net=4&pf_srv=329&pf_tfr=174&pf_dm1=1588
IP 172.67.219.82:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f3099a531821c476589c3d2d00d53772
8e539d05a8355d6835a56f94b75f405c6e55f6f3
a5287e1cf9fe9dc106bd2172a5b175c7833427866b7819872b1b6fa34b66daef
POST /matomo.php?action_name=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&idsite=1&rec=1&r=892453&h=11&m=36&s=59&url=http%3A%2F%2Fyts.yts2.net%2F&_id=2a8ef1efd733a398&_idn=0&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=8zK1on&pf_net=4&pf_srv=329&pf_tfr=174&pf_dm1=1588 HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 301 Moved Permanently
Date: Sat, 24 Sep 2022 11:37:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://matomo.hellohi.me/matomo.php?action_name=The%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&idsite=1&rec=1&r=892453&h=11&m=36&s=59&url=http%3A%2F%2Fyts.yts2.net%2F&_id=2a8ef1efd733a398&_idn=0&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=8zK1on&pf_net=4&pf_srv=329&pf_tfr=174&pf_dm1=1588
Referrer-Policy: origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kTSsDgn23tl%2BhOa1mLfOQx2OX2noGrUuzPyZA90cka%2Fvz6KKDsSOnjPQkXQGYTh08mjE176h5lOngRJ6QfLxG1NZPxpWdX8CBoyEWfdikEbBzHFPHTF25%2FtMN52PQTU5OA71lg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74fb39c69b94b4f4-OSL
alt-svc: h2=":443"; ma=60
s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
23.38.200.123200 OK 78 kB URL HTTP/2 s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
IP 23.38.200.123:0
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 9a77dff666eebb6cf4bbc4c67c7b563b
9e98d7824a7b4e34665c2690d6f52caddad1fe4b
6cdf8e597f3cbe759531153fd926d51aeaebd836a1c9bc1436e079645bfd3ad7
GET /static/layers.fa6cd1947ce26e890d3d.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-41cf5"
timing-allow-origin: *
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 77672
date: Sat, 24 Sep 2022 11:37:01 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 24 Sep 2022 11:37:01 GMT
access-control-allow-origin: *
etag: "632d6d03-2b"
expires: Sat, 24 Sep 2022 12:37:01 GMT
accept-ranges: bytes
last-modified: Fri, 23 Sep 2022 11:23:31 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/86221166/1?wmode=7&page-url=http%3A%2F%2Fyts.yts2.net%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A961%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A917127036897%3Ahid%3A685356246%3Az%3A0%3Ai%3A20220924113659%3Aet%3A1664019420%3Ac%3A1%3Arn%3A37948402%3Arqn%3A1%3Au%3A166401942084189488%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C1%2C329%2C0%2C-6%2C0%2C%2C1611%2C5%2C%2C%2C%2C2184%3Ans%3A1664019416985%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664019420%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
77.88.21.119200 OK 407 B URL HTTP/2 mc.yandex.ru/watch/86221166/1?wmode=7&page-url=http%3A%2F%2Fyts.yts2.net%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A961%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A917127036897%3Ahid%3A685356246%3Az%3A0%3Ai%3A20220924113659%3Aet%3A1664019420%3Ac%3A1%3Arn%3A37948402%3Arqn%3A1%3Au%3A166401942084189488%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C1%2C329%2C0%2C-6%2C0%2C%2C1611%2C5%2C%2C%2C%2C2184%3Ans%3A1664019416985%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664019420%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
IP 77.88.21.119:0
File type JSON data\012- , ASCII text, with very long lines (407), with no line terminators
Hash d2cd413b2bb40f0c19c52bec6c366178
233d99e939b2a58f59a66a48363fc65f221f219f
8e404adcc6fdf57ad8780caae053b7526d8d81b4afbc33606c853e79e339ffe0
GET /watch/86221166/1?wmode=7&page-url=http%3A%2F%2Fyts.yts2.net%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A961%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A917127036897%3Ahid%3A685356246%3Az%3A0%3Ai%3A20220924113659%3Aet%3A1664019420%3Ac%3A1%3Arn%3A37948402%3Arqn%3A1%3Au%3A166401942084189488%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C1%2C329%2C0%2C-6%2C0%2C%2C1611%2C5%2C%2C%2C%2C2184%3Ans%3A1664019416985%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664019420%3At%3AThe%20Official%20Home%20of%20YIFY%20Movies%20Torrent%20Download%20-%20YTS&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Referer: http://yts.yts2.net/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 407
date: Sat, 24 Sep 2022 11:37:01 GMT
x-content-type-options: nosniff
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 24-Sep-2022 11:37:01 GMT
last-modified: Sat, 24-Sep-2022 11:37:01 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.29.95.124200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
File type ASCII text, with no line terminators
Hash 7a3a793f2734adeb0ee02032fa354993
86d8799ab065460fe389ce282c7695532ac9148f
5ac1da0f5241c2b6b389dc521004845242937e1582ecbb73602db8acaf21f29e
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: uid_id2=cfbeeb80-9b61-4632-9e0e-e1fd72bf5138:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:37:01 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
X-Firefox-Spdy: h2
glimtors.net/custom
139.45.197.251200 OK 39 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
POST /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Content-Type: application/json
Origin: http://yts.yts2.net
Content-Length: 611
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:01 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 77a4c50ce856eddbb29fce63d53fdf44
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=d6nc548331sq568285528e1y5cngy431
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=d6nc548331sq568285528e1y5cngy431
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash e18981255b7bf0cd0485b95cbd4574a0
e5d43cffa1d8212a238be3b51f9ce9338a94bfa4
d34deadd58212c70bbc7b2f5fdeec429c2efe018d64996bc8efcfbba7a6f0ff0
GET /gid.js?userId=d6nc548331sq568285528e1y5cngy431 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: ID=579046efdd454324862e084be28182c3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:01 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=579046efdd454324862e084be28182c3; expires=Sun, 24 Sep 2023 11:37:01 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
benumelan.com/11?rnd=1581370871&z=3372123&b=14566424&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=y4GSB4qRsyMnz93ODZdij7vquhCC4el221BtTxjgDP1lKzbsDg0upZ9Wtm6irZ1oxuVI7fUvKJF_EA-E9x0irqzeOq9I17tyaHRppZZeGYpu7m4-yzTHHk0Mh-pNPGQNW7Z6g9O4Z75iNE-JD9HM7vyxKFTtQ0zcn3zEnplcyX7IRTda5ioQnsfyEq_rdkG1F7OEQ9QmlvzDgGKLzb3ptwnQhBUv3kpM1Jc4cfEmdj6UDHGfRgMm6iJC6xzfX74Si6Xk_-NUwUe7V0lgfCE_QUsfViWrh67etwZWaCcJuaydhTnxCZ4j94lV6nB4Q_NL8z5KpfQjQFU2U5mej7z-wFsmN6SlT2y6iuLetY5j70KU8Xwv0zjXmSQrpwxHF6rSnf5nheh_G9ShU1P6beDoux0CdkuwaECLUUovkFv8wO7ZaHdY7p8r7l_kFJ6-1JuJsGEMOjlmdpuqS-QUJpC5aRTekG3JwuF9pP67G0IP5PcS4L_epYTzStg1O8vcp9qNYNwkonOrUxB1tUO27_mTq0n1xGb6O4BAcsvVNvkH3u9olefZnktri91MC7cE1-dKbub4UjN3O4XEFQTBs9JA7esgL0OTvgbBbxv4GbsDa7pKtFYxtt9KZyWdmtz4smi_rTrcg7aCcHpfcyesEtybdGa7M-yQQUaM&ruid=7a866e3b-673a-470e-932f-a317c23ed629&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.yts2.net%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=661
139.45.197.239200 OK 0 B URL HTTP/2 benumelan.com/11?rnd=1581370871&z=3372123&b=14566424&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=y4GSB4qRsyMnz93ODZdij7vquhCC4el221BtTxjgDP1lKzbsDg0upZ9Wtm6irZ1oxuVI7fUvKJF_EA-E9x0irqzeOq9I17tyaHRppZZeGYpu7m4-yzTHHk0Mh-pNPGQNW7Z6g9O4Z75iNE-JD9HM7vyxKFTtQ0zcn3zEnplcyX7IRTda5ioQnsfyEq_rdkG1F7OEQ9QmlvzDgGKLzb3ptwnQhBUv3kpM1Jc4cfEmdj6UDHGfRgMm6iJC6xzfX74Si6Xk_-NUwUe7V0lgfCE_QUsfViWrh67etwZWaCcJuaydhTnxCZ4j94lV6nB4Q_NL8z5KpfQjQFU2U5mej7z-wFsmN6SlT2y6iuLetY5j70KU8Xwv0zjXmSQrpwxHF6rSnf5nheh_G9ShU1P6beDoux0CdkuwaECLUUovkFv8wO7ZaHdY7p8r7l_kFJ6-1JuJsGEMOjlmdpuqS-QUJpC5aRTekG3JwuF9pP67G0IP5PcS4L_epYTzStg1O8vcp9qNYNwkonOrUxB1tUO27_mTq0n1xGb6O4BAcsvVNvkH3u9olefZnktri91MC7cE1-dKbub4UjN3O4XEFQTBs9JA7esgL0OTvgbBbxv4GbsDa7pKtFYxtt9KZyWdmtz4smi_rTrcg7aCcHpfcyesEtybdGa7M-yQQUaM&ruid=7a866e3b-673a-470e-932f-a317c23ed629&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.yts2.net%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=661
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /11?rnd=1581370871&z=3372123&b=14566424&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=y4GSB4qRsyMnz93ODZdij7vquhCC4el221BtTxjgDP1lKzbsDg0upZ9Wtm6irZ1oxuVI7fUvKJF_EA-E9x0irqzeOq9I17tyaHRppZZeGYpu7m4-yzTHHk0Mh-pNPGQNW7Z6g9O4Z75iNE-JD9HM7vyxKFTtQ0zcn3zEnplcyX7IRTda5ioQnsfyEq_rdkG1F7OEQ9QmlvzDgGKLzb3ptwnQhBUv3kpM1Jc4cfEmdj6UDHGfRgMm6iJC6xzfX74Si6Xk_-NUwUe7V0lgfCE_QUsfViWrh67etwZWaCcJuaydhTnxCZ4j94lV6nB4Q_NL8z5KpfQjQFU2U5mej7z-wFsmN6SlT2y6iuLetY5j70KU8Xwv0zjXmSQrpwxHF6rSnf5nheh_G9ShU1P6beDoux0CdkuwaECLUUovkFv8wO7ZaHdY7p8r7l_kFJ6-1JuJsGEMOjlmdpuqS-QUJpC5aRTekG3JwuF9pP67G0IP5PcS4L_epYTzStg1O8vcp9qNYNwkonOrUxB1tUO27_mTq0n1xGb6O4BAcsvVNvkH3u9olefZnktri91MC7cE1-dKbub4UjN3O4XEFQTBs9JA7esgL0OTvgbBbxv4GbsDa7pKtFYxtt9KZyWdmtz4smi_rTrcg7aCcHpfcyesEtybdGa7M-yQQUaM&ruid=7a866e3b-673a-470e-932f-a317c23ed629&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.yts2.net%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=661 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: scm=1; OAID=d6nc548331sq568285528e1y5cngy431; oaidts=1664019418
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:01 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 2ed72eb8090291e2d6845e9c4f042a6f
access-control-expose-headers: X-Sc
set-cookie: OAID=d6nc548331sq568285528e1y5cngy431; expires=Sun, 24 Sep 2023 11:37:01 GMT; secure; SameSite=None
oaidts=1664019418; expires=Sun, 24 Sep 2023 11:37:01 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
rndskittytor.com/401/4837723?oo=1&oaid=d6nc548331sq568285528e1y5cngy431
139.45.197.238200 OK 784 B URL HTTP/2 rndskittytor.com/401/4837723?oo=1&oaid=d6nc548331sq568285528e1y5cngy431
IP 139.45.197.238:0
File type JSON data\012- , ASCII text, with very long lines (2051), with no line terminators
Hash e4424dc6aa31de6d4ca9ef5eb203cc6e
18ee4d0a0f991f17466d66fe2b61ec392ef71c93
e01cb8fb09717956b0877dd36def73b8362076bee074cdfdd643cf123a585a2e
Analyzer Verdict Alert quad9 Sinkholed
GET /401/4837723?oo=1&oaid=d6nc548331sq568285528e1y5cngy431 HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:01 GMT
content-type: application/json
x-trace-id: b26745142d64ad65da13bf992496f9fe
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: http://yts.yts2.net
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=d6nc548331sq568285528e1y5cngy431; expires=Sun, 24 Sep 2023 11:37:00 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
inpagepush.com/500/3064505?excludes=&oaid=d6nc548331sq568285528e1y5cngy431&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=http%3A%2F%2Fyts.yts2.net%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 1.2 kB URL HTTP/1.1 inpagepush.com/500/3064505?excludes=&oaid=d6nc548331sq568285528e1y5cngy431&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=http%3A%2F%2Fyts.yts2.net%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1450), with no line terminators
Hash fffb49f44aeee0dc229f967479697d0c
9024d31452015fdb89aebc67c623ba48463311a6
16f31b9f5be6cb8e47d647450d4f284e1b03263d9a4870efe61de5a7d1418b45
GET /500/3064505?excludes=&oaid=d6nc548331sq568285528e1y5cngy431&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=http%3A%2F%2Fyts.yts2.net%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: inpagepush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 24 Sep 2022 11:37:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: ffbc87eb9aa3021d0eaa0f193ca1c36d
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: http://yts.yts2.net
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=d6nc548331sq568285528e1y5cngy431; expires=Sun, 24 Sep 2023 11:37:01 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0186a8d7b5a73882a9cf2d81e548e706
cedf994106d41565bd3eca071e0b2e6579b79e00
56a8d4150f4a94475cc501e57cf4e38bd5b1c54c9ec5cacee941e5ef95482dd2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56A8D4150F4A94475CC501E57CF4E38BD5B1C54C9EC5CACEE941E5EF95482DD2"
Last-Modified: Sat, 24 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2885
Expires: Sat, 24 Sep 2022 12:25:06 GMT
Date: Sat, 24 Sep 2022 11:37:01 GMT
Connection: keep-alive
yts.yts2.net/cdn-cgi/rum?
104.21.3.99200 OK 0 B URL HTTP/1.1 yts.yts2.net/cdn-cgi/rum?
IP 104.21.3.99:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
POST /cdn-cgi/rum? HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
content-type: application/json
Content-Length: 29153
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: _pk_id.1.a8e0=2a8ef1efd733a398.1664019419.; _pk_ses.1.a8e0=1; _ym_uid=166401942084189488; _ym_d=1664019420; __atuvc=1%7C38; __atuvs=632eebdb38bcda4e000; sb_main_a286902791a7f4c98bcb1e812322cd78=1; sb_count_a286902791a7f4c98bcb1e812322cd78=1; _ym_isad=2; dom3ic8zudi28v8lr6fgphwffqoz0j6c=cfbeeb80-9b61-4632-9e0e-e1fd72bf5138%3A2%3A1
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 11:37:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: cloudflare
CF-RAY: 74fb39c97dc4b512-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
offerimage.com/www/images/3d08aacb36c7474e0d13b60f8f4adc14.png
104.22.32.172200 OK 66 kB URL HTTP/2 offerimage.com/www/images/3d08aacb36c7474e0d13b60f8f4adc14.png
IP 104.22.32.172:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 3d08aacb36c7474e0d13b60f8f4adc14
e4af2de372b5e3a2211579a5973ef7ed160e7be4
54b0569cf052e12dd373e86031009d0a54a893275a21c2ef863277a9a978ab1c
GET /www/images/3d08aacb36c7474e0d13b60f8f4adc14.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:37:01 GMT
content-type: image/png
content-length: 66121
last-modified: Mon, 12 Oct 2020 05:50:58 GMT
etag: "5f83eec2-10249"
expires: Sat, 24 Sep 2022 13:23:42 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 79999
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39c9c96e1665-ARN
X-Firefox-Spdy: h2
dozubatan.com/500/4495524?excludes=&oaid=579046efdd454324862e084be28182c3&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=http%3A%2F%2Fyts.yts2.net%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4495524?excludes=&oaid=579046efdd454324862e084be28182c3&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=http%3A%2F%2Fyts.yts2.net%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/4495524?excludes=&oaid=579046efdd454324862e084be28182c3&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=http%3A%2F%2Fyts.yts2.net%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://yts.yts2.net/
Origin: http://yts.yts2.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:01 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 339f86b358be62defb0f6165028a0b46
d583ede88621d0169802ebdf94d8da131572066e
de1b914bc0b575f9dcda2abcdfef76f849e371f858bf07011b04b23404260c24
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE1B914BC0B575F9DCDA2ABCDFEF76F849E371F858BF07011B04B23404260C24"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7880
Expires: Sat, 24 Sep 2022 13:48:21 GMT
Date: Sat, 24 Sep 2022 11:37:01 GMT
Connection: keep-alive
dozubatan.com/400/4495524?oo=1&oaid=d6nc548331sq568285528e1y5cngy431
139.45.197.237200 OK 782 B URL HTTP/2 dozubatan.com/400/4495524?oo=1&oaid=d6nc548331sq568285528e1y5cngy431
IP 139.45.197.237:0
File type JSON data\012- , ASCII text, with very long lines (2042), with no line terminators
Hash f70c74d011f67e53bca99d6c4fed54f5
fb6916b2d49d6de2b60a3a6c4e7cc3b78bea16fd
26d954f5c1f83bc1148bd9073db821551f8e334b77e01ef7eed82663d23c57bd
GET /400/4495524?oo=1&oaid=d6nc548331sq568285528e1y5cngy431 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: OAID=d6nc548331sq568285528e1y5cngy431
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:01 GMT
content-type: application/json
x-trace-id: af0a13344d511ee91edc1a58f8f91cbf
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: http://yts.yts2.net
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=d6nc548331sq568285528e1y5cngy431; expires=Sun, 24 Sep 2023 11:37:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
glimtors.net/custom
139.45.197.251200 OK 39 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
POST /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Content-Type: application/json
Origin: http://yts.yts2.net
Content-Length: 357
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:02 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: a9ea5f12e2d425a41b4528e262e399e5
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/59/18/87/696d730a6449b8b7387d630f8c/01605255030712.jpeg
139.45.197.155200 OK 19 kB URL HTTP/2 interstitial-07.com/contents/s/59/18/87/696d730a6449b8b7387d630f8c/01605255030712.jpeg
IP 139.45.197.155:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Hash 591887696d730a6449b8b7387d630f8c
6d3270da32d09e8456956eb63a22f4ddb8c7d1d1
bc664179d3ed921f7a6c959a125faf1cb25a03de68f0b19adf80c92560d0bae4
GET /contents/s/59/18/87/696d730a6449b8b7387d630f8c/01605255030712.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=p8NYtlbFpV62T4w&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D4055285057%26z%3D3372123%26b%3D14566424%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Dy4GSB4qRsyMnz93ODZdij7vquhCC4el221BtTxjgDP1lKzbsDg0upZ9Wtm6irZ1oxuVI7fUvKJF_EA-E9x0irqzeOq9I17tyaHRppZZeGYpu7m4-yzTHHk0Mh-pNPGQNW7Z6g9O4Z75iNE-JD9HM7vyxKFTtQ0zcn3zEnplcyX7IRTda5ioQnsfyEq_rdkG1F7OEQ9QmlvzDgGKLzb3ptwnQhBUv3kpM1Jc4cfEmdj6UDHGfRgMm6iJC6xzfX74Si6Xk_-NUwUe7V0lgfCE_QUsfViWrh67etwZWaCcJuaydhTnxCZ4j94lV6nB4Q_NL8z5KpfQjQFU2U5mej7z-wFsmN6SlT2y6iuLetY5j70KU8Xwv0zjXmSQrpwxHF6rSnf5nheh_G9ShU1P6beDoux0CdkuwaECLUUovkFv8wO7ZaHdY7p8r7l_kFJ6-1JuJsGEMOjlmdpuqS-QUJpC5aRTekG3JwuF9pP67G0IP5PcS4L_epYTzStg1O8vcp9qNYNwkonOrUxB1tUO27_mTq0n1xGb6O4BAcsvVNvkH3u9olefZnktri91MC7cE1-dKbub4UjN3O4XEFQTBs9JA7esgL0OTvgbBbxv4GbsDa7pKtFYxtt9KZyWdmtz4smi_rTrcg7aCcHpfcyesEtybdGa7M-yQQUaM%26bag%3DK9GC8xFjczykNNyRrWsoXw%3D%3D%26ruid%3D7a866e3b-673a-470e-932f-a317c23ed629%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fyts.yts2.net%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:02 GMT
content-type: image/jpeg
content-length: 19158
last-modified: Tue, 10 May 2022 15:13:46 GMT
etag: "627a812a-4ad6"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
quarrelaimless.com/sbar.json?key=a286902791a7f4c98bcb1e812322cd78
192.243.59.20200 OK 3.9 kB URL HTTP/1.1 quarrelaimless.com/sbar.json?key=a286902791a7f4c98bcb1e812322cd78
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5466), with no line terminators
Hash efc2df7703963b7dd14c29f550f09197
d708ce171f84a27f512971ae97829ad886260b93
fe27923b58ea6b04b09914b3e935e0604e09088f1e41c384509f346135baa3bd
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a286902791a7f4c98bcb1e812322cd78 HTTP/1.1
Host: quarrelaimless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 24 Sep 2022 11:37:02 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://yts.yts2.net
Access-Control-Allow-Origin: http://yts.yts2.net
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15816950; expires=Sun, 25 Sep 2022 11:37:01 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 25 Sep 2022 11:37:02 GMT; secure; SameSite=None
uncs=1; expires=Sun, 25 Sep 2022 11:37:02 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 25 Sep 2022 11:37:02 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 25 Sep 2022 11:37:02 GMT; secure; SameSite=None
sleca286902791a7f4c98bcb1e812322cd78=[3357660]; expires=Sat, 24 Sep 2022 11:37:07 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 47a82516c092225bd0816eb759700366
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 986b5ec9070371f564599590660c967f
035d62ac46379e6b9a4a86975c8fc81052f9a2f8
357258fc3abbb14a97f6a79adcadcac3920f1f5c16dc66708522cce32f9d6266
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "357258FC3ABBB14A97F6A79ADCADCAC3920F1F5C16DC66708522CCE32F9D6266"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5508
Expires: Sat, 24 Sep 2022 13:08:50 GMT
Date: Sat, 24 Sep 2022 11:37:02 GMT
Connection: keep-alive
dozubatan.com/500/4495524?excludes=&oaid=579046efdd454324862e084be28182c3&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=http%3A%2F%2Fyts.yts2.net%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 33 kB URL HTTP/2 dozubatan.com/500/4495524?excludes=&oaid=579046efdd454324862e084be28182c3&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=http%3A%2F%2Fyts.yts2.net%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash 563960fa096a2fb67bed4afe6247a6ba
f733ed90d0b4a7186bfd2b63c4db6d7632a15f45
d1a8cab28dee17144189e8adffa5053e8c5ae17ea345a957eea0ac45e697c6c3
GET /500/4495524?excludes=&oaid=579046efdd454324862e084be28182c3&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=http%3A%2F%2Fyts.yts2.net%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: OAID=d6nc548331sq568285528e1y5cngy431
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:01 GMT
content-type: application/javascript
x-trace-id: 555046dbeeeb4c079f6bbfb2f8e31337
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: http://yts.yts2.net
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=579046efdd454324862e084be28182c3; expires=Sun, 24 Sep 2023 11:37:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash de246bb9ff0bac26a711009a3804d43c
5cc1da24eb19af3aae3551ecd71094219cc575ce
87237e5dc0460bb46019bc570c73fc30e6a76daa758573ee6914feef4abe60b6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4706
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 11:37:02 GMT
Last-Modified: Sat, 24 Sep 2022 10:18:36 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
unseenreport.com/pxf.gif?uuid=cfbeeb80-9b61-4632-9e0e-e1fd72bf5138&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.29&b_frame=0&pk=a286902791a7f4c98bcb1e812322cd78&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=cfbeeb80-9b61-4632-9e0e-e1fd72bf5138&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.29&b_frame=0&pk=a286902791a7f4c98bcb1e812322cd78&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=cfbeeb80-9b61-4632-9e0e-e1fd72bf5138&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.29&b_frame=0&pk=a286902791a7f4c98bcb1e812322cd78&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 24 Sep 2022 11:37:02 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 83e3362374a79a90e67e1651a7b27b1e
Strict-Transport-Security: max-age=0; includeSubdomains
quarrelaimless.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz28bRRTHZ9sckDiBegEJZHECCTm7a2dtk0NFCEGB9ActiEocYH7ZGTzeWc3seJ2cIiqh3nD%2Fg83XSaNChOAPoEJOpR5yirkQCfwPcKqQeuKA7EYYnjR67833HT7vxzf7fkpCeHq%2Bfs3sKq3p8ko1rLx5J4pWK1sq9YPKoJl8kdRXK7b%2FTiuphm9VPpC8a5bjMArDKIwqG8rKthksz0So7LgVVVthtR5Xo5U6Bvb%2FufMBHA0g%2BlPyMpSYLD0OrkDxMdLej%2BvSdXOTvf1%2Bz2uaG4u%2BOPo07aamSNFbhG0boJ0eXVTDuLONRzDp4RwXpv9vIVMTEjx5BJYeXUCC9Q%2FmnExDpmDiRRT9MaQeQ9ExuLkLJc4IwAWu30Dae3Dd2ILuPFfpTJ2QpWd%2FQRUTsvTHFaS9H9a0GlRuG%2B1zZVKHQbuEGoyhOmNk%2FgT57iWo4gQ8%2FxpKEKS9EkqU856VGkO1x9ByCOoC%2BNlTAXw7gM8C9MR5hUdR1AgFp2GzxXlNNCRLRBjRRjuiUZg04fkMa4g8G4LrIbjdQ2b30FX3z1Y%2BhPW%2FwG2XcCKAyyck%2BHgPfVGikASFIygoQaEIipyg6JeHQrvYlQ%2BEdp5FFz6%2B8LVyZPLOPj00eUemZD%2BbkpfmI3l65xm68rxC42bSCuNGa8ZX560m4yySzSiuxTEXjSacKqHcpXm3u7P1lFNkakLIt7%2BB0RM4fQKu3gD1r4EWo0Ycgm6P6s0Qu%2BmxT5k2vCtFVQkIUyLLl5DvBPt6Sl6Zc9RWf4fkp1e%2FZNcmTx%2F%2BDW5LZLbEV%2BoxQUffG90yBTm4ZQpHfrqR5aqndulsbbdzmsvL330kdwpjxea6Gz58l8%2BEWXj8iXT5Fk2FSjuOfL%2BmhJB2w1guyc%2Bb7jPJbnq3veZt6rOtm%2B9tbPYyK51TJh2Dzlp7cgquJuQFUcwv8lX3OZQdw%2FoSPX9KLgzKnIBne3DZgt%2BZy7B6UcOyAIUvRzZmi0%2BtCLRc5JSVcP%2FJ2SLed%2FfQsa%2BD5nfnh9i3Jfq6BNVDOH95lGf29OqvtbmB6WDEtA0OmLb6%2FvPhOnVeadRqIU1aK1GjQWWD1eNmO4kEpXE9iZOE1pC7Ca%2F%2BOf0HAAD%2F%2FwEAAP%2F%2FbFZhL1wEAAA%3D
192.243.59.20200 OK 7 B URL HTTP/1.1 quarrelaimless.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz28bRRTHZ9sckDiBegEJZHECCTm7a2dtk0NFCEGB9ActiEocYH7ZGTzeWc3seJ2cIiqh3nD%2Fg83XSaNChOAPoEJOpR5yirkQCfwPcKqQeuKA7EYYnjR67833HT7vxzf7fkpCeHq%2Bfs3sKq3p8ko1rLx5J4pWK1sq9YPKoJl8kdRXK7b%2FTiuphm9VPpC8a5bjMArDKIwqG8rKthksz0So7LgVVVthtR5Xo5U6Bvb%2FufMBHA0g%2BlPyMpSYLD0OrkDxMdLej%2BvSdXOTvf1%2Bz2uaG4u%2BOPo07aamSNFbhG0boJ0eXVTDuLONRzDp4RwXpv9vIVMTEjx5BJYeXUCC9Q%2FmnExDpmDiRRT9MaQeQ9ExuLkLJc4IwAWu30Dae3Dd2ILuPFfpTJ2QpWd%2FQRUTsvTHFaS9H9a0GlRuG%2B1zZVKHQbuEGoyhOmNk%2FgT57iWo4gQ8%2FxpKEKS9EkqU856VGkO1x9ByCOoC%2BNlTAXw7gM8C9MR5hUdR1AgFp2GzxXlNNCRLRBjRRjuiUZg04fkMa4g8G4LrIbjdQ2b30FX3z1Y%2BhPW%2FwG2XcCKAyyck%2BHgPfVGikASFIygoQaEIipyg6JeHQrvYlQ%2BEdp5FFz6%2B8LVyZPLOPj00eUemZD%2BbkpfmI3l65xm68rxC42bSCuNGa8ZX560m4yySzSiuxTEXjSacKqHcpXm3u7P1lFNkakLIt7%2BB0RM4fQKu3gD1r4EWo0Ycgm6P6s0Qu%2BmxT5k2vCtFVQkIUyLLl5DvBPt6Sl6Zc9RWf4fkp1e%2FZNcmTx%2F%2BDW5LZLbEV%2BoxQUffG90yBTm4ZQpHfrqR5aqndulsbbdzmsvL330kdwpjxea6Gz58l8%2BEWXj8iXT5Fk2FSjuOfL%2BmhJB2w1guyc%2Bb7jPJbnq3veZt6rOtm%2B9tbPYyK51TJh2Dzlp7cgquJuQFUcwv8lX3OZQdw%2FoSPX9KLgzKnIBne3DZgt%2BZy7B6UcOyAIUvRzZmi0%2BtCLRc5JSVcP%2FJ2SLed%2FfQsa%2BD5nfnh9i3Jfq6BNVDOH95lGf29OqvtbmB6WDEtA0OmLb6%2FvPhOnVeadRqIU1aK1GjQWWD1eNmO4kEpXE9iZOE1pC7Ca%2F%2BOf0HAAD%2F%2FwEAAP%2F%2FbFZhL1wEAAA%3D
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSz28bRRTHZ9sckDiBegEJZHECCTm7a2dtk0NFCEGB9ActiEocYH7ZGTzeWc3seJ2cIiqh3nD%2Fg83XSaNChOAPoEJOpR5yirkQCfwPcKqQeuKA7EYYnjR67833HT7vxzf7fkpCeHq%2Bfs3sKq3p8ko1rLx5J4pWK1sq9YPKoJl8kdRXK7b%2FTiuphm9VPpC8a5bjMArDKIwqG8rKthksz0So7LgVVVthtR5Xo5U6Bvb%2FufMBHA0g%2BlPyMpSYLD0OrkDxMdLej%2BvSdXOTvf1%2Bz2uaG4u%2BOPo07aamSNFbhG0boJ0eXVTDuLONRzDp4RwXpv9vIVMTEjx5BJYeXUCC9Q%2FmnExDpmDiRRT9MaQeQ9ExuLkLJc4IwAWu30Dae3Dd2ILuPFfpTJ2QpWd%2FQRUTsvTHFaS9H9a0GlRuG%2B1zZVKHQbuEGoyhOmNk%2FgT57iWo4gQ8%2FxpKEKS9EkqU856VGkO1x9ByCOoC%2BNlTAXw7gM8C9MR5hUdR1AgFp2GzxXlNNCRLRBjRRjuiUZg04fkMa4g8G4LrIbjdQ2b30FX3z1Y%2BhPW%2FwG2XcCKAyyck%2BHgPfVGikASFIygoQaEIipyg6JeHQrvYlQ%2BEdp5FFz6%2B8LVyZPLOPj00eUemZD%2BbkpfmI3l65xm68rxC42bSCuNGa8ZX560m4yySzSiuxTEXjSacKqHcpXm3u7P1lFNkakLIt7%2BB0RM4fQKu3gD1r4EWo0Ycgm6P6s0Qu%2BmxT5k2vCtFVQkIUyLLl5DvBPt6Sl6Zc9RWf4fkp1e%2FZNcmTx%2F%2BDW5LZLbEV%2BoxQUffG90yBTm4ZQpHfrqR5aqndulsbbdzmsvL330kdwpjxea6Gz58l8%2BEWXj8iXT5Fk2FSjuOfL%2BmhJB2w1guyc%2Bb7jPJbnq3veZt6rOtm%2B9tbPYyK51TJh2Dzlp7cgquJuQFUcwv8lX3OZQdw%2FoSPX9KLgzKnIBne3DZgt%2BZy7B6UcOyAIUvRzZmi0%2BtCLRc5JSVcP%2FJ2SLed%2FfQsa%2BD5nfnh9i3Jfq6BNVDOH95lGf29OqvtbmB6WDEtA0OmLb6%2FvPhOnVeadRqIU1aK1GjQWWD1eNmO4kEpXE9iZOE1pC7Ca%2F%2BOf0HAAD%2F%2FwEAAP%2F%2FbFZhL1wEAAA%3D HTTP/1.1
Host: quarrelaimless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: u_pl=15816950; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca286902791a7f4c98bcb1e812322cd78=[3357660]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 24 Sep 2022 11:37:02 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ed67d45ed9da10687b0d12c4f0a7e8ec
Strict-Transport-Security: max-age=0; includeSubdomains
unphionetor.com/vctx?t=72747
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=72747
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 24 Sep 2022 11:37:02 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 9a77088dde36147cfe8f5543d192a6c7
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 24 Sep 2022 11:37:02 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: a6e104525e315c6040cbaf42ab77de70
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
benumelan.com/11?rnd=1581370871&z=3372123&b=14566424&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=y4GSB4qRsyMnz93ODZdij7vquhCC4el221BtTxjgDP1lKzbsDg0upZ9Wtm6irZ1oxuVI7fUvKJF_EA-E9x0irqzeOq9I17tyaHRppZZeGYpu7m4-yzTHHk0Mh-pNPGQNW7Z6g9O4Z75iNE-JD9HM7vyxKFTtQ0zcn3zEnplcyX7IRTda5ioQnsfyEq_rdkG1F7OEQ9QmlvzDgGKLzb3ptwnQhBUv3kpM1Jc4cfEmdj6UDHGfRgMm6iJC6xzfX74Si6Xk_-NUwUe7V0lgfCE_QUsfViWrh67etwZWaCcJuaydhTnxCZ4j94lV6nB4Q_NL8z5KpfQjQFU2U5mej7z-wFsmN6SlT2y6iuLetY5j70KU8Xwv0zjXmSQrpwxHF6rSnf5nheh_G9ShU1P6beDoux0CdkuwaECLUUovkFv8wO7ZaHdY7p8r7l_kFJ6-1JuJsGEMOjlmdpuqS-QUJpC5aRTekG3JwuF9pP67G0IP5PcS4L_epYTzStg1O8vcp9qNYNwkonOrUxB1tUO27_mTq0n1xGb6O4BAcsvVNvkH3u9olefZnktri91MC7cE1-dKbub4UjN3O4XEFQTBs9JA7esgL0OTvgbBbxv4GbsDa7pKtFYxtt9KZyWdmtz4smi_rTrcg7aCcHpfcyesEtybdGa7M-yQQUaM&ruid=7a866e3b-673a-470e-932f-a317c23ed629&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.yts2.net%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
139.45.197.239200 OK 0 B URL HTTP/2 benumelan.com/11?rnd=1581370871&z=3372123&b=14566424&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=y4GSB4qRsyMnz93ODZdij7vquhCC4el221BtTxjgDP1lKzbsDg0upZ9Wtm6irZ1oxuVI7fUvKJF_EA-E9x0irqzeOq9I17tyaHRppZZeGYpu7m4-yzTHHk0Mh-pNPGQNW7Z6g9O4Z75iNE-JD9HM7vyxKFTtQ0zcn3zEnplcyX7IRTda5ioQnsfyEq_rdkG1F7OEQ9QmlvzDgGKLzb3ptwnQhBUv3kpM1Jc4cfEmdj6UDHGfRgMm6iJC6xzfX74Si6Xk_-NUwUe7V0lgfCE_QUsfViWrh67etwZWaCcJuaydhTnxCZ4j94lV6nB4Q_NL8z5KpfQjQFU2U5mej7z-wFsmN6SlT2y6iuLetY5j70KU8Xwv0zjXmSQrpwxHF6rSnf5nheh_G9ShU1P6beDoux0CdkuwaECLUUovkFv8wO7ZaHdY7p8r7l_kFJ6-1JuJsGEMOjlmdpuqS-QUJpC5aRTekG3JwuF9pP67G0IP5PcS4L_epYTzStg1O8vcp9qNYNwkonOrUxB1tUO27_mTq0n1xGb6O4BAcsvVNvkH3u9olefZnktri91MC7cE1-dKbub4UjN3O4XEFQTBs9JA7esgL0OTvgbBbxv4GbsDa7pKtFYxtt9KZyWdmtz4smi_rTrcg7aCcHpfcyesEtybdGa7M-yQQUaM&ruid=7a866e3b-673a-470e-932f-a317c23ed629&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.yts2.net%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /11?rnd=1581370871&z=3372123&b=14566424&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=y4GSB4qRsyMnz93ODZdij7vquhCC4el221BtTxjgDP1lKzbsDg0upZ9Wtm6irZ1oxuVI7fUvKJF_EA-E9x0irqzeOq9I17tyaHRppZZeGYpu7m4-yzTHHk0Mh-pNPGQNW7Z6g9O4Z75iNE-JD9HM7vyxKFTtQ0zcn3zEnplcyX7IRTda5ioQnsfyEq_rdkG1F7OEQ9QmlvzDgGKLzb3ptwnQhBUv3kpM1Jc4cfEmdj6UDHGfRgMm6iJC6xzfX74Si6Xk_-NUwUe7V0lgfCE_QUsfViWrh67etwZWaCcJuaydhTnxCZ4j94lV6nB4Q_NL8z5KpfQjQFU2U5mej7z-wFsmN6SlT2y6iuLetY5j70KU8Xwv0zjXmSQrpwxHF6rSnf5nheh_G9ShU1P6beDoux0CdkuwaECLUUovkFv8wO7ZaHdY7p8r7l_kFJ6-1JuJsGEMOjlmdpuqS-QUJpC5aRTekG3JwuF9pP67G0IP5PcS4L_epYTzStg1O8vcp9qNYNwkonOrUxB1tUO27_mTq0n1xGb6O4BAcsvVNvkH3u9olefZnktri91MC7cE1-dKbub4UjN3O4XEFQTBs9JA7esgL0OTvgbBbxv4GbsDa7pKtFYxtt9KZyWdmtz4smi_rTrcg7aCcHpfcyesEtybdGa7M-yQQUaM&ruid=7a866e3b-673a-470e-932f-a317c23ed629&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fyts.yts2.net%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: scm=1; OAID=d6nc548331sq568285528e1y5cngy431; oaidts=1664019418
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:02 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 4e25489a646dd62983c7532c4ccc892b
access-control-expose-headers: X-Sc
set-cookie: OAID=d6nc548331sq568285528e1y5cngy431; expires=Sun, 24 Sep 2023 11:37:02 GMT; secure; SameSite=None
oaidts=1664019418; expires=Sun, 24 Sep 2023 11:37:02 GMT; secure; SameSite=None
oaidvc=1; expires=Sun, 24 Sep 2023 11:37:02 GMT; secure; SameSite=None
CNT=1_v1_GETeAAEAAAA7SwG7; expires=Sat, 24 Sep 2022 12:37:02 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
s7.addthis.com/static/27.b19236fc1114f3874e03.js
23.38.200.123200 OK 276 B URL HTTP/2 s7.addthis.com/static/27.b19236fc1114f3874e03.js
IP 23.38.200.123:0
File type ASCII text, with very long lines (1161), with no line terminators
Hash 1e264d57b109c7e67675dc8505679a65
6c21801fad194d373a62d9e8cf9dccfba33e8936
ab85fae69fa698b09666d95ff7faaacab286328a34b7c2e0d6970c7f24b8c41d
GET /static/27.b19236fc1114f3874e03.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-489"
timing-allow-origin: *
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 276
date: Sat, 24 Sep 2022 11:37:02 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
www.reddit.com/api/info.json?url=http%3A%2F%2Fyts.yts2.net%2F&jsonp=_ate.cbs.rcb_iqvx0
151.101.85.140301 Moved Permanently 0 B URL HTTP/1.1 www.reddit.com/api/info.json?url=http%3A%2F%2Fyts.yts2.net%2F&jsonp=_ate.cbs.rcb_iqvx0
IP 151.101.85.140:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/info.json?url=http%3A%2F%2Fyts.yts2.net%2F&jsonp=_ate.cbs.rcb_iqvx0 HTTP/1.1
Host: www.reddit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 301 Moved Permanently
Retry-After: 0
Location: https://www.reddit.com/api/info.json?url=http%3A%2F%2Fyts.yts2.net%2F&jsonp=_ate.cbs.rcb_iqvx0
Content-Length: 0
Accept-Ranges: bytes
Date: Sat, 24 Sep 2022 11:37:02 GMT
Via: 1.1 varnish
Connection: close
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Cache-Control: private, max-age=3600
Server: snooserv
Report-To: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
NEL: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
www.reddit.com/api/info.json?url=https%3A%2F%2Fyts.yts2.net%2F&jsonp=_ate.cbs.rcb_85i60
151.101.85.140301 Moved Permanently 0 B URL HTTP/1.1 www.reddit.com/api/info.json?url=https%3A%2F%2Fyts.yts2.net%2F&jsonp=_ate.cbs.rcb_85i60
IP 151.101.85.140:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/info.json?url=https%3A%2F%2Fyts.yts2.net%2F&jsonp=_ate.cbs.rcb_85i60 HTTP/1.1
Host: www.reddit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Retry-After: 0
Location: https://www.reddit.com/api/info.json?url=https%3A%2F%2Fyts.yts2.net%2F&jsonp=_ate.cbs.rcb_85i60
Accept-Ranges: bytes
Date: Sat, 24 Sep 2022 11:37:02 GMT
Via: 1.1 varnish
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Cache-Control: private, max-age=3600
Server: snooserv
Report-To: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
NEL: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
dozubatan.com/400/4495524?oo=1&oaid=d6nc548331sq568285528e1y5cngy431
139.45.197.237200 OK 849 B URL HTTP/2 dozubatan.com/400/4495524?oo=1&oaid=d6nc548331sq568285528e1y5cngy431
IP 139.45.197.237:0
Hash 844498841f506304b1814bb03160ac7e
16cb454486430669481a0ff0e80013ae48ffae41
d999043ae6f15035919cbd95b0542acd325ff63e115480d6291bc75e1ebbd944
GET /400/4495524?oo=1&oaid=d6nc548331sq568285528e1y5cngy431 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
content-type: application/json
x-trace-id: 9c8fb1f8acdea3bdf79779508bb85e3a
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: http://yts.yts2.net
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=d6nc548331sq568285528e1y5cngy431; expires=Sun, 24 Sep 2023 11:37:00 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/400/4495524?oo=1&oaid=d6nc548331sq568285528e1y5cngy431
139.45.197.237200 OK 3.7 kB URL HTTP/2 dozubatan.com/400/4495524?oo=1&oaid=d6nc548331sq568285528e1y5cngy431
IP 139.45.197.237:0
Hash a1a36cd4e21d56cd86238bb50b8f11a9
5ed92bb18fd5f37eadebdbaded3c8d5b2d111217
b3c3637158bcc6eaaef323dbf30826e6429b649660b6a806d17d96e7625722d8
GET /400/4495524?oo=1&oaid=d6nc548331sq568285528e1y5cngy431 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: OAID=d6nc548331sq568285528e1y5cngy431
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:01 GMT
content-type: application/json
x-trace-id: 3557227506ad2590c3057a39cc62aa36
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: http://yts.yts2.net
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=d6nc548331sq568285528e1y5cngy431; expires=Sun, 24 Sep 2023 11:37:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
benumelan.com/15?rnd=325765598&z=3372123&var=&rb=y4GSB4qRsyMnz93ODZdij7vquhCC4el221BtTxjgDP1lKzbsDg0upZ9Wtm6irZ1oxuVI7fUvKJF_EA-E9x0irqzeOq9I17tyaHRppZZeGYpu7m4-yzTHHk0Mh-pNPGQNW7Z6g9O4Z75iNE-JD9HM7vyxKFTtQ0zcn3zEnplcyX7IRTda5ioQnsfyEq_rdkG1F7OEQ9QmlvzDgGKLzb3ptwnQhBUv3kpM1Jc4cfEmdj6UDHGfRgMm6iJC6xzfX74Si6Xk_-NUwUe7V0lgfCE_QUsfViWrh67etwZWaCcJuaydhTnxCZ4j94lV6nB4Q_NL8z5KpfQjQFU2U5mej7z-wFsmN6SlT2y6iuLetY5j70KU8Xwv0zjXmSQrpwxHF6rSnf5nheh_G9ShU1P6beDoux0CdkuwaECLUUovkFv8wO7ZaHdY7p8r7l_kFJ6-1JuJsGEMOjlmdpuqS-QUJpC5aRTekG3JwuF9pP67G0IP5PcS4L_epYTzStg1O8vcp9qNYNwkonOrUxB1tUO27_mTq0n1xGb6O4BAcsvVNvkH3u9olefZnktri91MC7cE1-dKbub4UjN3O4XEFQTBs9JA7esgL0OTvgbBbxv4GbsDa7pKtFYxtt9KZyWdmtz4smi_rTrcg7aCcHpfcyesEtybdGa7M-yQQUaM&ruid=7a866e3b-673a-470e-932f-a317c23ed629&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A2.284%2C%22location%22%3A%22http%3A%2F%2Fyts.yts2.net%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22wvr%22%3A1%2C%22wiv%22%3Atrue%2C%22isIONS%22%3Atrue%7D
139.45.197.239204 No Content 0 B URL HTTP/2 benumelan.com/15?rnd=325765598&z=3372123&var=&rb=y4GSB4qRsyMnz93ODZdij7vquhCC4el221BtTxjgDP1lKzbsDg0upZ9Wtm6irZ1oxuVI7fUvKJF_EA-E9x0irqzeOq9I17tyaHRppZZeGYpu7m4-yzTHHk0Mh-pNPGQNW7Z6g9O4Z75iNE-JD9HM7vyxKFTtQ0zcn3zEnplcyX7IRTda5ioQnsfyEq_rdkG1F7OEQ9QmlvzDgGKLzb3ptwnQhBUv3kpM1Jc4cfEmdj6UDHGfRgMm6iJC6xzfX74Si6Xk_-NUwUe7V0lgfCE_QUsfViWrh67etwZWaCcJuaydhTnxCZ4j94lV6nB4Q_NL8z5KpfQjQFU2U5mej7z-wFsmN6SlT2y6iuLetY5j70KU8Xwv0zjXmSQrpwxHF6rSnf5nheh_G9ShU1P6beDoux0CdkuwaECLUUovkFv8wO7ZaHdY7p8r7l_kFJ6-1JuJsGEMOjlmdpuqS-QUJpC5aRTekG3JwuF9pP67G0IP5PcS4L_epYTzStg1O8vcp9qNYNwkonOrUxB1tUO27_mTq0n1xGb6O4BAcsvVNvkH3u9olefZnktri91MC7cE1-dKbub4UjN3O4XEFQTBs9JA7esgL0OTvgbBbxv4GbsDa7pKtFYxtt9KZyWdmtz4smi_rTrcg7aCcHpfcyesEtybdGa7M-yQQUaM&ruid=7a866e3b-673a-470e-932f-a317c23ed629&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A2.284%2C%22location%22%3A%22http%3A%2F%2Fyts.yts2.net%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22wvr%22%3A1%2C%22wiv%22%3Atrue%2C%22isIONS%22%3Atrue%7D
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /15?rnd=325765598&z=3372123&var=&rb=y4GSB4qRsyMnz93ODZdij7vquhCC4el221BtTxjgDP1lKzbsDg0upZ9Wtm6irZ1oxuVI7fUvKJF_EA-E9x0irqzeOq9I17tyaHRppZZeGYpu7m4-yzTHHk0Mh-pNPGQNW7Z6g9O4Z75iNE-JD9HM7vyxKFTtQ0zcn3zEnplcyX7IRTda5ioQnsfyEq_rdkG1F7OEQ9QmlvzDgGKLzb3ptwnQhBUv3kpM1Jc4cfEmdj6UDHGfRgMm6iJC6xzfX74Si6Xk_-NUwUe7V0lgfCE_QUsfViWrh67etwZWaCcJuaydhTnxCZ4j94lV6nB4Q_NL8z5KpfQjQFU2U5mej7z-wFsmN6SlT2y6iuLetY5j70KU8Xwv0zjXmSQrpwxHF6rSnf5nheh_G9ShU1P6beDoux0CdkuwaECLUUovkFv8wO7ZaHdY7p8r7l_kFJ6-1JuJsGEMOjlmdpuqS-QUJpC5aRTekG3JwuF9pP67G0IP5PcS4L_epYTzStg1O8vcp9qNYNwkonOrUxB1tUO27_mTq0n1xGb6O4BAcsvVNvkH3u9olefZnktri91MC7cE1-dKbub4UjN3O4XEFQTBs9JA7esgL0OTvgbBbxv4GbsDa7pKtFYxtt9KZyWdmtz4smi_rTrcg7aCcHpfcyesEtybdGa7M-yQQUaM&ruid=7a866e3b-673a-470e-932f-a317c23ed629&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A2.284%2C%22location%22%3A%22http%3A%2F%2Fyts.yts2.net%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22wvr%22%3A1%2C%22wiv%22%3Atrue%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: scm=1; OAID=d6nc548331sq568285528e1y5cngy431; oaidts=1664019418; oaidvc=1; CNT=1_v1_GETeAAEAAAA7SwG7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 24 Sep 2022 11:37:02 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 8c632bf4bb343fb0d869fde2bf70c1bb
access-control-expose-headers: X-Sc
set-cookie: OAID=d6nc548331sq568285528e1y5cngy431; expires=Sun, 24 Sep 2023 11:37:02 GMT; secure; SameSite=None
oaidts=1664019418; expires=Sun, 24 Sep 2023 11:37:02 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
www.reddit.com/api/info.json?url=http%3A%2F%2Fyts.yts2.net%2F&jsonp=_ate.cbs.rcb_iqvx0
151.101.85.140200 OK 144 B URL HTTP/2 www.reddit.com/api/info.json?url=http%3A%2F%2Fyts.yts2.net%2F&jsonp=_ate.cbs.rcb_iqvx0
IP 151.101.85.140:0
File type ASCII text, with no line terminators
Hash d09f1763cf8fedc31fe9deeab05ce53b
adba4e43a04070756917bdd2227c60218cb04d69
f5b21b66796cd07b3bb24b9e3d4135bf32845c90ca49ea0022e248e5768775a5
GET /api/info.json?url=http%3A%2F%2Fyts.yts2.net%2F&jsonp=_ate.cbs.rcb_iqvx0 HTTP/1.1
Host: www.reddit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
x-ua-compatible: IE=edge
expires: -1
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store
x-ratelimit-remaining: 299
x-ratelimit-used: 1
x-ratelimit-reset: 178
access-control-allow-origin: *
access-control-expose-headers: X-Moose
x-moose: majestic
accept-ranges: bytes
date: Sat, 24 Sep 2022 11:37:02 GMT
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: csv=2; Max-Age=63072000; Domain=.reddit.com; Path=/; Secure; SameSite=None
edgebucket=UAbivIwqfCSKc6ePN5; Domain=reddit.com; Max-Age=63071999; Path=/; secure
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
content-length: 144
X-Firefox-Spdy: h2
www.reddit.com/api/info.json?url=https%3A%2F%2Fyts.yts2.net%2F&jsonp=_ate.cbs.rcb_85i60
151.101.85.140200 OK 144 B URL HTTP/2 www.reddit.com/api/info.json?url=https%3A%2F%2Fyts.yts2.net%2F&jsonp=_ate.cbs.rcb_85i60
IP 151.101.85.140:0
File type ASCII text, with no line terminators
Hash 632c9ab79fb1ae00b8aa75633b837298
0cfa4b97c0dd5921e847fd155739cf402f96ea1c
c3765f2bf630a818a080f5ed33dfdc7fd0ffeb715a2b4fa066f960cb78314256
GET /api/info.json?url=https%3A%2F%2Fyts.yts2.net%2F&jsonp=_ate.cbs.rcb_85i60 HTTP/1.1
Host: www.reddit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
x-ua-compatible: IE=edge
expires: -1
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store
x-ratelimit-remaining: 298
x-ratelimit-used: 2
x-ratelimit-reset: 178
access-control-allow-origin: *
access-control-expose-headers: X-Moose
x-moose: majestic
accept-ranges: bytes
date: Sat, 24 Sep 2022 11:37:02 GMT
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: csv=2; Max-Age=63072000; Domain=.reddit.com; Path=/; Secure; SameSite=None
edgebucket=MfntqLVLwOWJP7pb61; Domain=reddit.com; Max-Age=63071999; Path=/; secure
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
content-length: 144
X-Firefox-Spdy: h2
yts.yts2.net/assets/images/website/logo-YTS.svg
104.21.3.99200 OK 3.7 kB URL HTTP/2 yts.yts2.net/assets/images/website/logo-YTS.svg
IP 104.21.3.99:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (482)
Hash 851024e9380b2f83ec06941a2a3e618e
46220d33d8b01c2a340c5b297aca308b9eedad8f
ed79712a08ef6167bd545300ad496a01fae777471603c2359bf01aaf1e5678e0
Analyzer Verdict Alert fortinet Phishing
GET /assets/images/website/logo-YTS.svg HTTP/1.1
Host: yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:36:58 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Fri, 23 Sep 2022 18:45:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XWXbC4e47%2BzkPz4Q45JkCcdsDa%2Fu%2BRo4ZtKNmuNg3pJXmXiXT1VmvdhZqS7XZopYOmRWrULuhfRjypxUSJljzR8Po24AYTuaZiaTjtkAmMPTj%2FkaXGo8IfgDqw4gNMo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39b78d261c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b803a6ce3f92e2c474869f819e011de2
cb173569b4402d022e65ae4395ee94b17f3a2a74
92dff408426ce81f09abe452d8b9532064f0ec96bb42264493fd4e8f92f098c9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "92DFF408426CE81F09ABE452D8B9532064F0EC96BB42264493FD4E8F92F098C9"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7654
Expires: Sat, 24 Sep 2022 13:44:36 GMT
Date: Sat, 24 Sep 2022 11:37:02 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.10200 OK 660 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.10:0
Hash 55130bf120bd75a4bba7d678be617cdf
77b172c0cc1d15e60ab95edccf3ac1e640d16812
262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sat, 24 Sep 2022 11:37:02 GMT
Date: Sat, 24 Sep 2022 11:37:02 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/img/close.png
172.64.201.2200 OK 6.0 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/img/close.png
IP 172.64.201.2:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/img/close.png HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:37:02 GMT
content-type: image/png
content-length: 5982
last-modified: Fri, 21 May 2021 10:10:48 GMT
etag: "60a78728-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4498355
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cBM%2FRlufJgkkeEP67zf9TP03vuRvVO8z2xJrL3qubu8T3VhiL4rGcp0TZM3A%2F%2Fd5CEujEQWfb4HAgwrH5xsxYce3g28NIzaezD7oWxvQri0M69IxIdnSmmDsMCl4unSWnts%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39d10cee7198-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/img/icon.png
172.64.201.2200 OK 46 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/img/icon.png
IP 172.64.201.2:0
File type PNG image data, 340 x 340, 8-bit/color RGB, non-interlaced\012- data
Hash 0d687af39faa7241d1a584f1c3eec050
ccd68a2138d3da9c44c93a139a72fcd8fd750614
cdd30ab847b158f337faaca366647fa594365de0c63b58c9e8243dec575df329
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/img/icon.png HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:37:02 GMT
content-type: image/png
content-length: 45627
last-modified: Tue, 01 Feb 2022 11:50:51 GMT
etag: "61f91e9b-b23b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4498355
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YRejq42tYhawn7yY7Q5k6Ex8HdE%2Fe9L97FSPeg45y%2BiGHoUJG37qWIaHruR%2FSsCpG%2FYGjOQBUIv72pQCmAJaQ0VhcVMjeOAJaDwI5D5t3stQXylzHzQzUsmf8yqVL5uEZ8U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39d10cf97198-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/img/number.png
172.64.201.2200 OK 1.1 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/img/number.png
IP 172.64.201.2:0
File type PNG image data, 43 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e4414e85c588bf7db195e49c02ab2bb
09254e79b255f1b2dfe45adbbe44583a4b433782
0b977ec6e7cf5d35df03cd3a8041f5f523f5d4059ac67c152c0a7b613e20b762
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/img/number.png HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:37:02 GMT
content-type: image/png
content-length: 1138
last-modified: Fri, 21 May 2021 10:10:48 GMT
etag: "60a78728-472"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4498354
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dsNlAXUAWCbCdhSP6fCxrJTRIdB84MYS770VtC1olrdyOwhN6YlSTARf%2BZMgfUl%2B7WtHh2jB4rGH3PefR6k8Brr9Xx%2BNYAL7HscLcWqpwTEfJMcB7l9nevJSygM%2F1qDCxxo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39d10cf57198-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/img/arrow.png
172.64.201.2200 OK 2.0 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/img/arrow.png
IP 172.64.201.2:0
File type PNG image data, 52 x 81, 8-bit/color RGBA, non-interlaced\012- data
Hash ef2bad0eceeff00bf615df0a433a5bff
a910af81d23d78c96283b46c241d3d9652562009
9c362044a93ac6919b7174a1620d4d82dbe1940a450aea1abca32a48fd160d40
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/img/arrow.png HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:37:02 GMT
content-type: image/png
content-length: 2008
last-modified: Fri, 21 May 2021 10:10:48 GMT
etag: "60a78728-7d8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4498355
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x27vMi2Ugmmof481LLibkSPA%2BOGplAT3hnfrUd%2F4giVv%2BizCBGT5NGRM2ryik0hUkk3M3CSMlLNKibiis4v66xbKiEvAOr47cfHOFNrlVyKS%2FbQHcB6js7Ifu5o%2BrSF8Ces%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39d10cf27198-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b803a6ce3f92e2c474869f819e011de2
cb173569b4402d022e65ae4395ee94b17f3a2a74
92dff408426ce81f09abe452d8b9532064f0ec96bb42264493fd4e8f92f098c9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "92DFF408426CE81F09ABE452D8B9532064F0EC96BB42264493FD4E8F92F098C9"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7654
Expires: Sat, 24 Sep 2022 13:44:36 GMT
Date: Sat, 24 Sep 2022 11:37:02 GMT
Connection: keep-alive
quarrelaimless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F7%2Findex.html&l=2186&fd=657
192.243.59.20200 OK 0 B URL HTTP/1.1 quarrelaimless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F7%2Findex.html&l=2186&fd=657
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F7%2Findex.html&l=2186&fd=657 HTTP/1.1
Host: quarrelaimless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 24 Sep 2022 11:37:02 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
quarrelaimless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F7%2Fcss%2Fanimate.css&l=79249&fd=329
192.243.59.20200 OK 0 B URL HTTP/1.1 quarrelaimless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F7%2Fcss%2Fanimate.css&l=79249&fd=329
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F7%2Fcss%2Fanimate.css&l=79249&fd=329 HTTP/1.1
Host: quarrelaimless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 24 Sep 2022 11:37:03 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
quarrelaimless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F7%2Fcss%2Fstyle.css&l=9494&fd=352
192.243.59.20200 OK 0 B URL HTTP/1.1 quarrelaimless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F7%2Fcss%2Fstyle.css&l=9494&fd=352
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F7%2Fcss%2Fstyle.css&l=9494&fd=352 HTTP/1.1
Host: quarrelaimless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 24 Sep 2022 11:37:03 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/css/animate.css
172.64.201.2200 OK 4.8 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/css/animate.css
IP 172.64.201.2:0
Hash c91016401e0a0b7b3d7572de48c76597
12fb634abb5e708b4f55d1489055b4f626d3cdd1
2472e286e0bf6f54cef9d99e9c63301c873fa02bc4e3979e1a18587a6d973120
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:37:03 GMT
content-type: text/css
last-modified: Fri, 21 May 2021 10:10:46 GMT
etag: W/"60a78726-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3PTOBh9ZnxzaAeUhhRimJ7i20neYI%2B7DBQoXqSik979mGCBg1mMYZIkO1TQRk4CEL7mFJFOzUPGmKHNmpf%2BIJPJ%2BUITFrYiVFa9FcEWL9N2dy7wi%2FFXTc%2B20Nh%2FOs9Yl4sk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39d0dcb67198-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 21 Sep 2022 20:15:52 GMT
Expires: Thu, 21 Sep 2023 20:15:52 GMT
Cache-Control: public, max-age=31536000
Age: 228071
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 21 Sep 2022 20:15:52 GMT
Expires: Thu, 21 Sep 2023 20:15:52 GMT
Cache-Control: public, max-age=31536000
Age: 228071
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2
quarrelaimless.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSS2tkRRTH685kIbhSZqOgNK4UpHPv7bdZDMYYiWYezigOuNB6dafs6luXqlt9O1kFB2R29nyDm38nE0aD6AdwkM7ALLJKuzGg%2FQVcDcKsXEj3NLYeKM459T%2BL33l8c%2BCnJISnFxvXzJ7Smq7WymHpzTtRtFbaVokflAbN%2Bhf16lrJ9t9p1cvhW6UPJO%2Ba1TiMwjAKo9KmsrJtBqszESo9aUXlVliuxuWoVsXA%2Fj93PoCjAUR%2FSl6GEpOVx8EVKD5G0vtxQ7puZtK33%2B95TTNj0RfHnybdxOQJesuwbQO0k%2BNFNYw733wEkxzNcWH6%2FxYyNSHBk0dgyfECEqx%2FOOdkGjIBEy8i748h9RiKjsHNXShxTgAucP0Gkt6D68bmdPe5SmfqhKw8%2Bwsqn5CVP64g6f2wrtWgdNtonymTOAzaBdRgDNUZI%2FWnyPYuQeWn4NnXUIIg6RVQopj3rNQYqj2GlkNQF8DPngrg2wF8GqAnLko8iqJGKDgNmy3OK6IhWV2EEW20IxqF9SY8n2ENkaVDcD0Et%2FtI7T666v557UNY%2FwvcTgEnArhsQoKP99EXBXJJkDuCnBLkiiDPCPJ%2BcSS0i13xQGjnWbTw8cJXipHJOgf0yGQdmZCDdEpemo%2Fk6Z1n6MqLEo2b9VYYN1ozvipvNRlnkWxGcSWOuWg04VQB5S7Nu92braeYIlUTQr79DYyewulTcPUGqH8NNB814hB0Z1RththLTnzCtOFdKcpKQJgCabaCbDc40FPyypyjsvY7JD%2B7%2BiW7Nnn68G9wWyC1Bb5Sjwk6%2Bt7olsnJ4S2TO%2FLTjTRTPbVHZ2u7ndFMXv7uI7mbGyu2Ntzw4bt8JszCk0%2Bky7ZpIlTSceT7dSWEtJvGckl%2B3nKfSXbTu511bxOfbt98b3Orl1rpnDLJGHTW2pMzcDUhL4h8fpGvus%2Bh7BjWF%2Bj5M7IwKHMKnu7DpUt%2BZy7D6mUNSwPkvhjZmC0%2FtSLQcplTVsD9J2fL%2BMDdQ8e%2BDprdnR9i3xbo6wJUD%2BH85VGW2rOrv1bmBqaDEdM2OGTa6vvPh%2BvURakSigaTbdlgslqrtiUXrFZjIW9zVhHNJkfmJrz85%2FQfAAAA%2F%2F8BAAD%2F%2F%2ByCtMdcBAAA
192.243.59.20200 OK 7 B URL HTTP/1.1 quarrelaimless.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSS2tkRRTH685kIbhSZqOgNK4UpHPv7bdZDMYYiWYezigOuNB6dafs6luXqlt9O1kFB2R29nyDm38nE0aD6AdwkM7ALLJKuzGg%2FQVcDcKsXEj3NLYeKM459T%2BL33l8c%2BCnJISnFxvXzJ7Smq7WymHpzTtRtFbaVokflAbN%2Bhf16lrJ9t9p1cvhW6UPJO%2Ba1TiMwjAKo9KmsrJtBqszESo9aUXlVliuxuWoVsXA%2Fj93PoCjAUR%2FSl6GEpOVx8EVKD5G0vtxQ7puZtK33%2B95TTNj0RfHnybdxOQJesuwbQO0k%2BNFNYw733wEkxzNcWH6%2FxYyNSHBk0dgyfECEqx%2FOOdkGjIBEy8i748h9RiKjsHNXShxTgAucP0Gkt6D68bmdPe5SmfqhKw8%2Bwsqn5CVP64g6f2wrtWgdNtonymTOAzaBdRgDNUZI%2FWnyPYuQeWn4NnXUIIg6RVQopj3rNQYqj2GlkNQF8DPngrg2wF8GqAnLko8iqJGKDgNmy3OK6IhWV2EEW20IxqF9SY8n2ENkaVDcD0Et%2FtI7T666v557UNY%2FwvcTgEnArhsQoKP99EXBXJJkDuCnBLkiiDPCPJ%2BcSS0i13xQGjnWbTw8cJXipHJOgf0yGQdmZCDdEpemo%2Fk6Z1n6MqLEo2b9VYYN1ozvipvNRlnkWxGcSWOuWg04VQB5S7Nu92braeYIlUTQr79DYyewulTcPUGqH8NNB814hB0Z1RththLTnzCtOFdKcpKQJgCabaCbDc40FPyypyjsvY7JD%2B7%2BiW7Nnn68G9wWyC1Bb5Sjwk6%2Bt7olsnJ4S2TO%2FLTjTRTPbVHZ2u7ndFMXv7uI7mbGyu2Ntzw4bt8JszCk0%2Bky7ZpIlTSceT7dSWEtJvGckl%2B3nKfSXbTu511bxOfbt98b3Orl1rpnDLJGHTW2pMzcDUhL4h8fpGvus%2Bh7BjWF%2Bj5M7IwKHMKnu7DpUt%2BZy7D6mUNSwPkvhjZmC0%2FtSLQcplTVsD9J2fL%2BMDdQ8e%2BDprdnR9i3xbo6wJUD%2BH85VGW2rOrv1bmBqaDEdM2OGTa6vvPh%2BvURakSigaTbdlgslqrtiUXrFZjIW9zVhHNJkfmJrz85%2FQfAAAA%2F%2F8BAAD%2F%2F%2ByCtMdcBAAA
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSS2tkRRTH685kIbhSZqOgNK4UpHPv7bdZDMYYiWYezigOuNB6dafs6luXqlt9O1kFB2R29nyDm38nE0aD6AdwkM7ALLJKuzGg%2FQVcDcKsXEj3NLYeKM459T%2BL33l8c%2BCnJISnFxvXzJ7Smq7WymHpzTtRtFbaVokflAbN%2Bhf16lrJ9t9p1cvhW6UPJO%2Ba1TiMwjAKo9KmsrJtBqszESo9aUXlVliuxuWoVsXA%2Fj93PoCjAUR%2FSl6GEpOVx8EVKD5G0vtxQ7puZtK33%2B95TTNj0RfHnybdxOQJesuwbQO0k%2BNFNYw733wEkxzNcWH6%2FxYyNSHBk0dgyfECEqx%2FOOdkGjIBEy8i748h9RiKjsHNXShxTgAucP0Gkt6D68bmdPe5SmfqhKw8%2Bwsqn5CVP64g6f2wrtWgdNtonymTOAzaBdRgDNUZI%2FWnyPYuQeWn4NnXUIIg6RVQopj3rNQYqj2GlkNQF8DPngrg2wF8GqAnLko8iqJGKDgNmy3OK6IhWV2EEW20IxqF9SY8n2ENkaVDcD0Et%2FtI7T666v557UNY%2FwvcTgEnArhsQoKP99EXBXJJkDuCnBLkiiDPCPJ%2BcSS0i13xQGjnWbTw8cJXipHJOgf0yGQdmZCDdEpemo%2Fk6Z1n6MqLEo2b9VYYN1ozvipvNRlnkWxGcSWOuWg04VQB5S7Nu92braeYIlUTQr79DYyewulTcPUGqH8NNB814hB0Z1RththLTnzCtOFdKcpKQJgCabaCbDc40FPyypyjsvY7JD%2B7%2BiW7Nnn68G9wWyC1Bb5Sjwk6%2Bt7olsnJ4S2TO%2FLTjTRTPbVHZ2u7ndFMXv7uI7mbGyu2Ntzw4bt8JszCk0%2Bky7ZpIlTSceT7dSWEtJvGckl%2B3nKfSXbTu511bxOfbt98b3Orl1rpnDLJGHTW2pMzcDUhL4h8fpGvus%2Bh7BjWF%2Bj5M7IwKHMKnu7DpUt%2BZy7D6mUNSwPkvhjZmC0%2FtSLQcplTVsD9J2fL%2BMDdQ8e%2BDprdnR9i3xbo6wJUD%2BH85VGW2rOrv1bmBqaDEdM2OGTa6vvPh%2BvURakSigaTbdlgslqrtiUXrFZjIW9zVhHNJkfmJrz85%2FQfAAAA%2F%2F8BAAD%2F%2F%2ByCtMdcBAAA HTTP/1.1
Host: quarrelaimless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: u_pl=15816950; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca286902791a7f4c98bcb1e812322cd78=[3357660]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 24 Sep 2022 11:37:03 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 000c7e506ce63d667d4c1e2e156ce048
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/js/script.js
172.64.201.2200 OK 317 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/js/script.js
IP 172.64.201.2:0
Hash 4761ad2393202bfabef11ba0db779752
f67daa266767f3528ac554901f32ca9b43da00ff
92fdc96ed03a7abaff8750ca48f8f19cd769784927289cbd2544b9c642acf55c
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/js/script.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:37:03 GMT
content-type: application/javascript
last-modified: Fri, 21 May 2021 10:10:50 GMT
etag: W/"60a7872a-2c7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oGEvli%2B4l69PyblMV5DZXml6yK6qy0kDXbc%2FPIrGy69QM74NG24wm%2FtogFEDBCeSy%2BXKPKFhRNbXttrjlp9ntYr3kluw35oYyBgoTcafi9gLEL8XYC5tjUCpkJOnXgy6MTw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39d18d947198-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
benumelan.com/15?rnd=325765598&z=3372123&var=&rb=y4GSB4qRsyMnz93ODZdij7vquhCC4el221BtTxjgDP1lKzbsDg0upZ9Wtm6irZ1oxuVI7fUvKJF_EA-E9x0irqzeOq9I17tyaHRppZZeGYpu7m4-yzTHHk0Mh-pNPGQNW7Z6g9O4Z75iNE-JD9HM7vyxKFTtQ0zcn3zEnplcyX7IRTda5ioQnsfyEq_rdkG1F7OEQ9QmlvzDgGKLzb3ptwnQhBUv3kpM1Jc4cfEmdj6UDHGfRgMm6iJC6xzfX74Si6Xk_-NUwUe7V0lgfCE_QUsfViWrh67etwZWaCcJuaydhTnxCZ4j94lV6nB4Q_NL8z5KpfQjQFU2U5mej7z-wFsmN6SlT2y6iuLetY5j70KU8Xwv0zjXmSQrpwxHF6rSnf5nheh_G9ShU1P6beDoux0CdkuwaECLUUovkFv8wO7ZaHdY7p8r7l_kFJ6-1JuJsGEMOjlmdpuqS-QUJpC5aRTekG3JwuF9pP67G0IP5PcS4L_epYTzStg1O8vcp9qNYNwkonOrUxB1tUO27_mTq0n1xGb6O4BAcsvVNvkH3u9olefZnktri91MC7cE1-dKbub4UjN3O4XEFQTBs9JA7esgL0OTvgbBbxv4GbsDa7pKtFYxtt9KZyWdmtz4smi_rTrcg7aCcHpfcyesEtybdGa7M-yQQUaM&ruid=7a866e3b-673a-470e-932f-a317c23ed629&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A4.287%2C%22location%22%3A%22http%3A%2F%2Fyts.yts2.net%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22wvr%22%3A1%2C%22wiv%22%3Atrue%2C%22isIONS%22%3Atrue%7D
139.45.197.239204 No Content 0 B URL HTTP/2 benumelan.com/15?rnd=325765598&z=3372123&var=&rb=y4GSB4qRsyMnz93ODZdij7vquhCC4el221BtTxjgDP1lKzbsDg0upZ9Wtm6irZ1oxuVI7fUvKJF_EA-E9x0irqzeOq9I17tyaHRppZZeGYpu7m4-yzTHHk0Mh-pNPGQNW7Z6g9O4Z75iNE-JD9HM7vyxKFTtQ0zcn3zEnplcyX7IRTda5ioQnsfyEq_rdkG1F7OEQ9QmlvzDgGKLzb3ptwnQhBUv3kpM1Jc4cfEmdj6UDHGfRgMm6iJC6xzfX74Si6Xk_-NUwUe7V0lgfCE_QUsfViWrh67etwZWaCcJuaydhTnxCZ4j94lV6nB4Q_NL8z5KpfQjQFU2U5mej7z-wFsmN6SlT2y6iuLetY5j70KU8Xwv0zjXmSQrpwxHF6rSnf5nheh_G9ShU1P6beDoux0CdkuwaECLUUovkFv8wO7ZaHdY7p8r7l_kFJ6-1JuJsGEMOjlmdpuqS-QUJpC5aRTekG3JwuF9pP67G0IP5PcS4L_epYTzStg1O8vcp9qNYNwkonOrUxB1tUO27_mTq0n1xGb6O4BAcsvVNvkH3u9olefZnktri91MC7cE1-dKbub4UjN3O4XEFQTBs9JA7esgL0OTvgbBbxv4GbsDa7pKtFYxtt9KZyWdmtz4smi_rTrcg7aCcHpfcyesEtybdGa7M-yQQUaM&ruid=7a866e3b-673a-470e-932f-a317c23ed629&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A4.287%2C%22location%22%3A%22http%3A%2F%2Fyts.yts2.net%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22wvr%22%3A1%2C%22wiv%22%3Atrue%2C%22isIONS%22%3Atrue%7D
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /15?rnd=325765598&z=3372123&var=&rb=y4GSB4qRsyMnz93ODZdij7vquhCC4el221BtTxjgDP1lKzbsDg0upZ9Wtm6irZ1oxuVI7fUvKJF_EA-E9x0irqzeOq9I17tyaHRppZZeGYpu7m4-yzTHHk0Mh-pNPGQNW7Z6g9O4Z75iNE-JD9HM7vyxKFTtQ0zcn3zEnplcyX7IRTda5ioQnsfyEq_rdkG1F7OEQ9QmlvzDgGKLzb3ptwnQhBUv3kpM1Jc4cfEmdj6UDHGfRgMm6iJC6xzfX74Si6Xk_-NUwUe7V0lgfCE_QUsfViWrh67etwZWaCcJuaydhTnxCZ4j94lV6nB4Q_NL8z5KpfQjQFU2U5mej7z-wFsmN6SlT2y6iuLetY5j70KU8Xwv0zjXmSQrpwxHF6rSnf5nheh_G9ShU1P6beDoux0CdkuwaECLUUovkFv8wO7ZaHdY7p8r7l_kFJ6-1JuJsGEMOjlmdpuqS-QUJpC5aRTekG3JwuF9pP67G0IP5PcS4L_epYTzStg1O8vcp9qNYNwkonOrUxB1tUO27_mTq0n1xGb6O4BAcsvVNvkH3u9olefZnktri91MC7cE1-dKbub4UjN3O4XEFQTBs9JA7esgL0OTvgbBbxv4GbsDa7pKtFYxtt9KZyWdmtz4smi_rTrcg7aCcHpfcyesEtybdGa7M-yQQUaM&ruid=7a866e3b-673a-470e-932f-a317c23ed629&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A4.287%2C%22location%22%3A%22http%3A%2F%2Fyts.yts2.net%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22wvr%22%3A1%2C%22wiv%22%3Atrue%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: scm=1; OAID=d6nc548331sq568285528e1y5cngy431; oaidts=1664019418; oaidvc=1; CNT=1_v1_GETeAAEAAAA7SwG7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 24 Sep 2022 11:37:04 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://yts.yts2.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 03f26141b5c87abf47e3ee1e05a9d4e9
access-control-expose-headers: X-Sc
set-cookie: OAID=d6nc548331sq568285528e1y5cngy431; expires=Sun, 24 Sep 2023 11:37:04 GMT; secure; SameSite=None
oaidts=1664019418; expires=Sun, 24 Sep 2023 11:37:04 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
rndskittytor.com/impression/y0DB1YrJspk4favRkVDldOFhnmUYDJ7v2lCHX2w836-kzuasaQogw7-9I6KzB7rrkyk1xZKQw740c0FncPiPLjPu09kkKCflpvDQylp85VhfuaBPD_oMWkt9k-jXGL3jq1pWPArjesHx-rbnpKQ51_lZpvw5IHR1Acp97B6L67U8Xo1zRKDu8lKxab0ipeZiSyez5tDKAUVYZqiZ4jPYRNAYWCYnibJKmTjbVSThUfd8S4Nz_DDBwno2pS0ggSC0SgwU3_WIvEyDKhDI-c9ycUFFul8inAuCK1MWWI90pIWGZt_iuyZ8HKnLAHVY4Hk4HA1wWHAomqzSOTVyN1pNd0l_N6UZbiIPoWueBQnEEJDkmwFA0SbSfOAJccLF5Hz8-ORillBi6cbPwiGQXstnBjL844ljtCaJjgJbdHs_ZL9Iwnp1buEnOog3s3iO7YHgml1roKJkXQdtw2uZhVIoOXv6B7GBD1i6D9hdAzEW4DbSq8QDVl7ybGNpg8tmQFgnSvxX9TFFnr83UX1ogqsyoJ4nLnQjJy7bFqsOpi9jZGg8StEa9ohnXF4tfMOofQhQdcOM4X1SOlUjR51n1Ot0_hFcdJ-AtJmD7di-mw==?_z=4837723&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=5&pl=http%3A%2F%2Fyts.yts2.net%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.238200 OK 43 B URL HTTP/2 rndskittytor.com/impression/y0DB1YrJspk4favRkVDldOFhnmUYDJ7v2lCHX2w836-kzuasaQogw7-9I6KzB7rrkyk1xZKQw740c0FncPiPLjPu09kkKCflpvDQylp85VhfuaBPD_oMWkt9k-jXGL3jq1pWPArjesHx-rbnpKQ51_lZpvw5IHR1Acp97B6L67U8Xo1zRKDu8lKxab0ipeZiSyez5tDKAUVYZqiZ4jPYRNAYWCYnibJKmTjbVSThUfd8S4Nz_DDBwno2pS0ggSC0SgwU3_WIvEyDKhDI-c9ycUFFul8inAuCK1MWWI90pIWGZt_iuyZ8HKnLAHVY4Hk4HA1wWHAomqzSOTVyN1pNd0l_N6UZbiIPoWueBQnEEJDkmwFA0SbSfOAJccLF5Hz8-ORillBi6cbPwiGQXstnBjL844ljtCaJjgJbdHs_ZL9Iwnp1buEnOog3s3iO7YHgml1roKJkXQdtw2uZhVIoOXv6B7GBD1i6D9hdAzEW4DbSq8QDVl7ybGNpg8tmQFgnSvxX9TFFnr83UX1ogqsyoJ4nLnQjJy7bFqsOpi9jZGg8StEa9ohnXF4tfMOofQhQdcOM4X1SOlUjR51n1Ot0_hFcdJ-AtJmD7di-mw==?_z=4837723&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=5&pl=http%3A%2F%2Fyts.yts2.net%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.238:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/y0DB1YrJspk4favRkVDldOFhnmUYDJ7v2lCHX2w836-kzuasaQogw7-9I6KzB7rrkyk1xZKQw740c0FncPiPLjPu09kkKCflpvDQylp85VhfuaBPD_oMWkt9k-jXGL3jq1pWPArjesHx-rbnpKQ51_lZpvw5IHR1Acp97B6L67U8Xo1zRKDu8lKxab0ipeZiSyez5tDKAUVYZqiZ4jPYRNAYWCYnibJKmTjbVSThUfd8S4Nz_DDBwno2pS0ggSC0SgwU3_WIvEyDKhDI-c9ycUFFul8inAuCK1MWWI90pIWGZt_iuyZ8HKnLAHVY4Hk4HA1wWHAomqzSOTVyN1pNd0l_N6UZbiIPoWueBQnEEJDkmwFA0SbSfOAJccLF5Hz8-ORillBi6cbPwiGQXstnBjL844ljtCaJjgJbdHs_ZL9Iwnp1buEnOog3s3iO7YHgml1roKJkXQdtw2uZhVIoOXv6B7GBD1i6D9hdAzEW4DbSq8QDVl7ybGNpg8tmQFgnSvxX9TFFnr83UX1ogqsyoJ4nLnQjJy7bFqsOpi9jZGg8StEa9ohnXF4tfMOofQhQdcOM4X1SOlUjR51n1Ot0_hFcdJ-AtJmD7di-mw==?_z=4837723&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=5&pl=http%3A%2F%2Fyts.yts2.net%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: OAID=579046efdd454324862e084be28182c3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:04 GMT
content-type: image/gif
content-length: 43
x-trace-id: d372554ef87b541711f2a80cb0823fbd
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
youradexchange.com/ut/hb.php?cb=0.0014015043374758784
35.190.41.116204 No Content 0 B URL HTTP/1.1 youradexchange.com/ut/hb.php?cb=0.0014015043374758784
IP 35.190.41.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ut/hb.php?cb=0.0014015043374758784 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain; charset=utf-8
Content-Length: 1038
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
HTTP/1.1 204 No Content
Server: openresty
Date: Sat, 24 Sep 2022 11:37:07 GMT
Access-Control-Allow-Origin: *
Via: 1.1 google
benumelan.com/27/b7bd02994a2771796f8a835cfb750d4b
139.45.197.239200 OK 0 B URL HTTP/2 benumelan.com/27/b7bd02994a2771796f8a835cfb750d4b
IP 139.45.197.239:0
GET /27/b7bd02994a2771796f8a835cfb750d4b HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: scm=1; OAID=79331847b038482d90c144d0d3cdd4ab; oaidts=1664019418
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:36:59 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Thu, 22 Sep 2022 08:42:06 GMT
expires: Thu, 22 Oct 2082 08:42:06 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
172.67.194.45200 OK 0 B IP 172.67.194.45:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:36:59 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 6506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LyuE%2BCiouy8e0lJxy7RiHG5FHS0bcZ5P37Rqa07JL6DNqpoRX8WmSYFL3sK%2FHnzqSrcJDwq31PDYk5cLPZ0VyUzCxGerrbl7Z21dLbc9Z7E9sPxYiEnyOHM1lOJwnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39be28fe0b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/index.html
172.67.74.218200 OK 0 B URL HTTP/2 cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/index.html
IP 172.67.74.218:0
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:37:02 GMT
content-type: text/html
last-modified: Tue, 01 Feb 2022 13:22:32 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gPHViiuymtyvCYU6XsAsCr4BiFCWru73kVFtwyfCXmyFy9e97JtmnHfbQFRJliPymLgM%2Buq%2FSOttsHdlNHac3uVJMKeV1DNlxU2tBBItNGimurpPH9xWby4y%2FDi2nJZ1CmyyiLk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39cc5baab524-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/js/jquery.min.js
172.64.201.2200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/js/jquery.min.js
IP 172.64.201.2:0
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/js/jquery.min.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:37:02 GMT
content-type: application/javascript
last-modified: Fri, 21 May 2021 10:10:50 GMT
etag: W/"60a7872a-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 790200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Jz4zNjkHJQuWcIS0xNvJj%2BCVkS3AjDRFu64rR8%2FGNoD0mI%2B4IAxgT%2BKWMsRZG6v%2FGS8q9ysdddPn4E5P8VSQiy%2FdVOqAa8H%2BBMSD98nriCyDhmE76%2FGGIBJASkMVYxa0B0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39d11cfd7198-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-yts.yts2.net/assets/images/movies/breaking_2022/background.jpg
104.21.3.99200 OK 0 B URL HTTP/2 img-yts.yts2.net/assets/images/movies/breaking_2022/background.jpg
IP 104.21.3.99:0
GET /assets/images/movies/breaking_2022/background.jpg HTTP/1.1
Host: img-yts.yts2.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:36:59 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Fri, 23 Sep 2022 18:45:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qWAZAaHHOjEJYLY9tfD7AgOOKhpz2DhoQycSBRvgxDa9eNkfExNV2RC%2F%2FSTwHHe9szff%2BJaD9cGKm0bFZclJyrX%2FC4hyOAS6x7Xcxk%2Bag4bl5fuhxnP13iuVu%2Bx4xO6LhkRo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39b8ae491c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rndskittytor.com/500/4837723?excludes=&oaid=579046efdd454324862e084be28182c3&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=http%3A%2F%2Fyts.yts2.net%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.238200 OK 0 B URL HTTP/2 rndskittytor.com/500/4837723?excludes=&oaid=579046efdd454324862e084be28182c3&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=http%3A%2F%2Fyts.yts2.net%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.238:0
Analyzer Verdict Alert quad9 Sinkholed
GET /500/4837723?excludes=&oaid=579046efdd454324862e084be28182c3&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=5&pl=http%3A%2F%2Fyts.yts2.net%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Cookie: OAID=d6nc548331sq568285528e1y5cngy431
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:01 GMT
content-type: application/javascript
x-trace-id: 7b6785bf1ab9aa3db0f545c1905bae2d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: http://yts.yts2.net
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=579046efdd454324862e084be28182c3; expires=Sun, 24 Sep 2023 11:37:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
glimtors.net/pfe/current/defaultSkin.min.js
139.45.197.251200 OK 0 B URL HTTP/2 glimtors.net/pfe/current/defaultSkin.min.js
IP 139.45.197.251:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Origin: http://yts.yts2.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:01 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 07:25:49 GMT
etag: W/"63296afd-df63"
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/css/style.css
172.64.201.2200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/css/style.css
IP 172.64.201.2:0
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/7/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:37:03 GMT
content-type: text/css
last-modified: Mon, 31 Jan 2022 14:46:40 GMT
etag: W/"61f7f650-2516"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tj37%2FQXP2iYUttuWGNOGANdaD%2FyPHG27GVuoJ74uZd3Gy0DBgJuN840BOgj0YcqabIPW%2B5R%2FGvpnyHOFJXxFlk2kt3xAd180iAyd9iyE8IiSC2qBydeBkxAlM3HKzfjINMk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39d0dcab7198-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
benumelan.com/1?z=3372123
139.45.197.239200 OK 0 B URL HTTP/2 benumelan.com/1?z=3372123
IP 139.45.197.239:0
GET /1?z=3372123 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:36:58 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 66f22c818834708ed9c56ca7b81f824c
access-control-expose-headers: X-Sc
x-sc: 0T7AdfB8ixTTPG3cjk8q9_XwIJuWlYi22QPg0eRU9E_DO8FfslZslYCTGfSCbt5oYgj4k7bm-C4lvVLnwtLJ-su2wAc=
set-cookie: scm=1; expires=Sun, 24 Sep 2023 11:36:58 GMT; secure; SameSite=None
OAID=79331847b038482d90c144d0d3cdd4ab; expires=Sun, 24 Sep 2023 11:36:58 GMT; secure; SameSite=None
oaidts=1664019418; expires=Sun, 24 Sep 2023 11:36:58 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
glimtors.net/pfe/current/universal.min.js?v=3.1.395
139.45.197.251200 OK 0 B URL HTTP/2 glimtors.net/pfe/current/universal.min.js?v=3.1.395
IP 139.45.197.251:0
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/universal.min.js?v=3.1.395 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Origin: http://yts.yts2.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:36:58 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 07:25:49 GMT
etag: W/"63296afd-1fafa"
access-control-allow-origin: http://yts.yts2.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.itskiddoan.club/apu.php?zoneid=3388548
139.45.197.236200 OK 0 B URL HTTP/2 cdn.itskiddoan.club/apu.php?zoneid=3388548
IP 139.45.197.236:0
GET /apu.php?zoneid=3388548 HTTP/1.1
Host: cdn.itskiddoan.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 11:37:00 GMT
content-type: application/javascript
x-trace-id: 3fe7de7a7d4160dbf82577a42d5f133b
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=906770f185e246efafd21504aa625fa1; expires=Sun, 24 Sep 2023 11:37:00 GMT; path=/; secure; SameSite=None
oaidts=1664019420; expires=Sun, 24 Sep 2023 11:37:00 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
matomo.hellohi.me/matomo.js
172.67.219.82200 OK 0 B URL HTTP/2 matomo.hellohi.me/matomo.js
IP 172.67.219.82:0
GET /matomo.js HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://yts.yts2.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:37:00 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 19 Aug 2022 17:37:06 GMT
etag: W/"62ffca42-fbde"
expires: Sat, 24 Sep 2022 12:06:50 GMT
cache-control: public, max-age=14400
pragma: public
cf-cache-status: HIT
age: 1810
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M31OCrBrCuWSyDsR3%2FKg1Bz4f5QBXbf0B7dSAYB88COwE%2FNtoxblGUxtBAXSpekinI%2BPR7c%2FQmCjsnuzw4PcbLEy5Y2Et9SnCO5FLAbHXJKpJaNnc2PLHkfMffVoIQqTy%2F8B3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39bfc83bb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
172.64.156.26200 OK 0 B URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP 172.64.156.26:0
GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://yts.yts2.net
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:36:58 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39b78c56b4f4-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
c.palama2.com/j/m/qqqq.js
172.67.150.228200 OK 0 B URL HTTP/2 c.palama2.com/j/m/qqqq.js
IP 172.67.150.228:0
GET /j/m/qqqq.js HTTP/1.1
Host: c.palama2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://yts.yts2.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 11:36:58 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 02 Mar 2021 03:16:06 GMT
etag: W/"603dadf6-bcdf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 259176
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5yCI4CZz6AX8YLYXg9uTT3Z%2Bf%2B5X92LEQl8Kr%2B8o4yvmBzpKtchpwmBIFwRDWydvBDB7mnh7k8TxWMa1lL9CnSZkskVA%2BmDu9gVYRkdt%2BbezosTkwzOUa9oFbUN%2BxPqO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fb39b7dabdb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2