Overview

URLwww1.attacker.tv/watch-movie/harry-potter-and-the-prisoner-of-azkaban-19594.1613248
IP 172.67.138.111 (United States)
ASN#13335 CLOUDFLARENET
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-26 23:50:10 UTC
StatusLoading report..
IDS alerts0
Blocklist alert1
urlquery alerts No alerts detected
Tags None

Domain Summary (37)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
ocsp.pki.goog (11) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.35
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-11-26 11:26:18 UTC 142.250.74.168
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 35.165.41.15
s7.addthis.com (2) 1504 2012-05-21 03:34:04 UTC 2020-04-01 20:53:06 UTC 23.38.200.123
www.facebook.com (1) 99 2012-05-21 00:23:41 UTC 2021-06-08 06:38:51 UTC 31.13.72.36
onclickgenius.com (1) 65265 2015-05-27 13:58:12 UTC 2022-11-25 07:00:21 UTC 35.190.71.96
ocsp.digicert.com (15) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
www1.attacker.tv (2) 0 2020-11-12 17:21:36 UTC 2022-11-17 04:36:52 UTC 172.67.138.111 Domain (attacker.tv) ranked at: 143702
connect.facebook.net (1) 139 2012-05-22 02:51:28 UTC 2020-02-17 13:26:09 UTC 31.13.72.12
www.gstatic.com (1) 0 2016-07-26 09:37:06 UTC 2022-11-26 09:57:59 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
z.moatads.com (1) 374 2014-02-11 16:19:47 UTC 2020-02-15 21:59:06 UTC 23.38.201.146
fleraprt.com (1) 0 2022-01-14 22:55:14 UTC 2022-11-26 08:45:18 UTC 139.45.195.254 Unknown ranking
r3.o.lencr.org (7) 344 No data No data 23.36.77.32
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
widgets.pinterest.com (2) 6540 2013-04-10 10:19:37 UTC 2019-08-06 22:42:52 UTC 151.101.84.84
cdn.onesignal.com (1) 3015 2015-04-22 13:41:50 UTC 2022-11-26 05:57:54 UTC 104.18.226.52
ocsp.sectigo.com (3) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 172.64.155.188
inpagepush.com (3) 78279 2019-12-03 20:32:41 UTC 2022-11-26 08:32:50 UTC 139.45.197.237
www1.attacker.tv (2) 0 2020-11-12 17:21:36 UTC 2022-11-17 04:36:52 UTC 104.21.78.239 Domain (attacker.tv) ranked at: 143702
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-11-26 07:22:52 UTC 142.250.74.10
fonts.gstatic.com (6) 0 2014-09-09 00:40:21 UTC 2022-11-26 10:10:14 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540
m.addthis.com (1) 1448 2013-11-06 20:12:22 UTC 2020-03-27 07:44:36 UTC 23.38.200.123
cdn.jsdelivr.net (1) 439 2012-09-30 00:15:09 UTC 2020-08-10 12:12:39 UTC 151.101.85.229
www.google.com (1) 7 2016-03-22 03:56:07 UTC 2022-11-26 09:58:02 UTC 142.250.74.164
offerimage.com (1) 304078 2019-06-10 11:11:53 UTC 2022-11-26 12:42:19 UTC 172.67.22.216
cdnjs.cloudflare.com (7) 235 2015-04-17 20:46:33 UTC 2022-11-26 09:48:30 UTC 104.17.25.14
asccdn.com (1) 81350 2020-05-06 08:03:08 UTC 2022-11-25 18:43:40 UTC 104.21.48.91
www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-11-26 11:34:11 UTC 142.250.74.174
my.rtmark.net (1) 9054 2017-08-22 14:11:49 UTC 2022-11-26 05:56:01 UTC 139.45.195.8
api-public.addthis.com (3) 4111 2012-05-21 13:44:35 UTC 2019-02-13 04:08:26 UTC 23.38.200.123
tzegilo.com (1) 0 2022-01-14 15:27:15 UTC 2022-11-26 05:56:05 UTC 104.21.84.149 Unknown ranking
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-26 05:33:16 UTC 34.117.237.239
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-26 05:33:20 UTC 34.102.187.140
ocsp.globalsign.com (1) 2075 2012-07-20 17:46:16 UTC 2020-05-02 20:58:10 UTC 104.18.21.226
rabbitstream.net (4) 313455 2022-01-20 12:51:51 UTC 2022-11-26 18:15:45 UTC 104.21.91.139
ssl.p.jwpcdn.com (3) 2512 2018-06-15 20:32:33 UTC 2020-05-04 06:58:55 UTC 151.101.86.114
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-11-26 2 fleraprt.com Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 2 reports on IP: 172.67.138.111
Date UQ / IDS / BL URL IP
2023-01-09 06:26:14 +0000 0 - 0 - 4 bribi-bi-fast.com/ 172.67.138.111
2022-11-26 23:50:10 +0000 0 - 0 - 1 www1.attacker.tv/watch-movie/harry-potter-and (...) 172.67.138.111


Last 5 reports on ASN: CLOUDFLARENET
Date UQ / IDS / BL URL IP
2023-02-06 00:33:22 +0000 0 - 1 - 0 caninep4.com/ 23.227.38.72
2023-02-06 00:32:55 +0000 0 - 0 - 2 www5.conect-online.shop/ 172.67.223.202
2023-02-06 00:32:27 +0000 0 - 4 - 0 k2s.cc/file/f419808ea664d/QEENSAXE.part1.rar 104.22.57.248
2023-02-06 00:32:05 +0000 0 - 4 - 0 k2s.cc/file/f419808ea664d/QEENSAXE.part1.rar 104.22.57.248
2023-02-06 00:32:06 +0000 0 - 2 - 0 download.freemake.net/products/F544A92022B58D (...) 188.114.96.1


Last 2 reports on domain: attacker.tv
Date UQ / IDS / BL URL IP
2022-11-26 23:50:10 +0000 0 - 0 - 1 www1.attacker.tv/watch-movie/harry-potter-and (...) 172.67.138.111
2022-10-25 17:14:48 +0000 0 - 0 - 2 www1.attacker.tv/watch-tv/the-grand-tour-3947 (...) 104.21.78.239


Last 3 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-10-25 17:14:48 +0000 0 - 0 - 2 www1.attacker.tv/watch-tv/the-grand-tour-3947 (...) 104.21.78.239
2022-09-03 23:53:46 +0000 0 - 0 - 3 flixtor.gg/watch-movie/watch-the-blond-one-41 (...) 104.21.14.251
2022-11-02 06:27:12 +0000 0 - 0 - 3 putlocker.sb/watch-tv/watch-the-elon-musk-sho (...) 104.21.1.205

JavaScript

Executed Scripts (50)

Executed Evals (7)
#1 JavaScript::Eval (size: 22) - SHA256: 2ed176c7f9d5b3c8ca6ccdb0e994b6ddc34944c41fc4db7451fd7a3d27fed6f1
0,
function(y) {
    xz(2, y)
}
#2 JavaScript::Eval (size: 11) - SHA256: 8ee784d797ce97ed9716bb42682346deb0c7ae8ff75d7ad8ae60508907054c16
addthis.cbs
#3 JavaScript::Eval (size: 19782) - SHA256: 868e10aa60775960b6f14fc3789f88bc8ae5c09df3ed655c5a6d2f5103033740
(function() {
    var p = function(R, n, k) {
            k[V(R, n, k), Rl] = 2796
        },
        nX = function(R, n) {
            return R(function(k) {
                k(n)
            }), [function() {
                return n
            }]
        },
        kz = function(R, n, k, q, c) {
            for (n = (q = (c = n[3] | 0, 0), n[2]) | 0; 14 > q; q++) c = c >>> 8 | c << 24, k = k >>> 8 | k << 24, k += R | 0, c += n | 0, k ^= n + 2298, R = R << 3 | R >>> 29, c ^= q + 2298, R ^= k, n = n << 3 | n >>> 29, n ^= c;
            return [R >>> 24 & 255, R >>> 16 & 255, R >>> 8 & 255, R >>> 0 & 255, k >>> 24 & 255, k >>> 16 & 255, k >>> 8 & 255, k >>> 0 & 255]
        },
        E, L = function(R, n, k, q, c, y, e, K, N, Q, Z, w, U, h) {
            if (y = v(n, 278), y >= n.B) throw [x, 31];
            for (c = (K = 0, q = R, Q = y, n.c0.length); 0 < q;) Z = Q % 8, N = 8 - (Z | 0), N = N < q ? N : q, U = Q >> 3, w = n.i[U], k && (e = n, e.A != Q >> 6 && (e.A = Q >> 6, h = v(e, 358), e.l = kz(e.O, [0, 0, h[1], h[2]], e.A)), w ^= n.l[U & c]), K |= (w >> 8 - (Z | 0) - (N | 0) & (1 << N) - 1) << (q | 0) - (N | 0), Q += N, q -= N;
            return V(278, n, (k = K, (y | 0) + (R | 0))), k
        },
        yB = function(R, n, k, q) {
            try {
                q = R[((n | 0) + 2) % 3], R[n] = (R[n] | 0) - (R[((n | 0) + 1) % 3] | 0) - (q | 0) ^ (1 == n ? q << k : q >>> k)
            } catch (c) {
                throw c;
            }
        },
        eM = function(R, n) {
            return n = P(R), n & 128 && (n = n & 127 | P(R) << 7), n
        },
        qX = function(R, n, k) {
            if ((n = typeof R, "object") == n)
                if (R) {
                    if (R instanceof Array) return "array";
                    if (R instanceof Object) return n;
                    if ("[object Window]" == (k = Object.prototype.toString.call(R), k)) return "object";
                    if ("[object Array]" == k || "number" == typeof R.length && "undefined" != typeof R.splice && "undefined" != typeof R.propertyIsEnumerable && !R.propertyIsEnumerable("splice")) return "array";
                    if ("[object Function]" == k || "undefined" != typeof R.call && "undefined" != typeof R.propertyIsEnumerable && !R.propertyIsEnumerable("call")) return "function"
                } else return "null";
            else if ("function" == n && "undefined" == typeof R.call) return "object";
            return n
        },
        C = function(R, n) {
            R.P.splice(0, 0, n)
        },
        G = function(R, n, k, q, c, y) {
            if (n.C == n)
                for (c = v(n, R), 421 == R ? (R = function(e, K, N, Q) {
                        if (c.mm != (Q = ((K = c.length, K) | 0) - 4 >> 3, Q)) {
                            Q = (c.mm = (N = [0, 0, y[1], y[2]], Q), (Q << 3) - 4);
                            try {
                                c.nk = kz(KX(c, Q), N, KX(c, (Q | 0) + 4))
                            } catch (Z) {
                                throw Z;
                            }
                        }
                        c.push(c.nk[K & 7] ^ e)
                    }, y = v(n, 408)) : R = function(e) {
                        c.push(e)
                    }, q && R(q & 255), n = k.length, q = 0; q < n; q++) R(k[q])
        },
        NX = function(R, n, k, q) {
            for (; R.P.length;) {
                k = (R.F = null, R).P.pop();
                try {
                    q = ca(R, k)
                } catch (c) {
                    r(R, c)
                }
                if (n && R.F) {
                    n = R.F, n(function() {
                        B(true, R, true)
                    });
                    break
                }
            }
            return q
        },
        QB = function(R, n, k, q) {
            return (q = I[R.substring(0, 3) + "_"]) ? q(R.substring(3), n, k) : nX(n, R)
        },
        sk = function(R, n, k, q, c) {
            G(((c = (k = u((c = u((q = n & 4, n &= 3, R)), R)), v(R, c)), q) && (c = pX("" + c)), n && G(k, R, D(2, c.length)), k), R, c)
        },
        l = function(R, n, k, q, c, y, e, K, N) {
            if ((R.C = (((K = (y = (N = (c = (e = 0 < (k || R.X++, R).U && R.S && R.xh && 1 >= R.J && !R.L && !R.F && (!k || 1 < R.Z - n) && 0 == document.hidden, 4 == R.X)) || e ? R.s() : R.T, N - R.T), y) >> 14, R).O && (R.O ^= K * (y << 2)), R).Y += K, K || R.C), c) || e) R.X = 0, R.T = N;
            if (!e || N - R.H < R.U - (q ? 255 : k ? 5 : 2)) return false;
            return !((V(278, (q = v(R, (R.Z = n, k ? 426 : 278)), R), R.B), R.P).push([jM, q, k ? n + 1 : n]), R.F = z, 0)
        },
        Ek = function(R, n, k) {
            if (3 == R.length) {
                for (k = 0; 3 > k; k++) n[k] += R[k];
                for (k = [(R = 0, 13), 8, 13, 12, 16, 5, 3, 10, 15]; 9 > R; R++) n[3](n, R % 3, k[R])
            }
        },
        u = function(R, n) {
            if (R.L) return Zn(R, R.N);
            return n = L(8, R, true), n & 128 && (n ^= 128, R = L(2, R, true), n = (n << 2) + (R | 0)), n
        },
        KX = function(R, n) {
            return R[n] << 24 | R[(n | 0) + 1] << 16 | R[(n | 0) + 2] << 8 | R[(n | 0) + 3]
        },
        we = function(R, n, k, q, c, y, e, K) {
            return (c = d[n.I]((k = [-2, 42, -72, -(y = va, 46), -26, -71, k, 61, (K = q & 7, 9), 2], n.MJ)), c)[n.I] = function(N) {
                e = N, K += 6 + 7 * q, K &= 7
            }, c.concat = function(N) {
                return (N = (e = (N = +(N = R % 16 + 1, k)[K + 59 & 7] * R * N - N * e - -2440 * e + (y() | 0) * N + 1 * R * R * N - 2562 * R * e - 61 * R * R * e + K + 61 * e * e, void 0), k[N]), k[(K + 69 & 7) + (q & 2)] = N, k)[K + (q & 2)] = 42, N
            }, c
        },
        V = function(R, n, k) {
            if (278 == R || 426 == R) n.u[R] ? n.u[R].concat(k) : n.u[R] = h8(n, k);
            else {
                if (n.D && 358 != R) return;
                305 == R || 421 == R || 352 == R || 236 == R || 408 == R ? n.u[R] || (n.u[R] = we(R, n, k, 54)) : n.u[R] = we(R, n, k, 113)
            }
            358 == R && (n.O = L(32, n, false), n.A = void 0)
        },
        P = function(R) {
            return R.L ? Zn(R, R.N) : L(8, R, true)
        },
        B = function(R, n, k, q, c, y) {
            if (n.P.length) {
                (n.S = !(n.S && 0(), 0), n).xh = k;
                try {
                    q = n.s(), n.H = q, n.T = q, n.X = 0, c = NX(n, k), y = n.s() - n.H, n.G += y, y < (R ? 0 : 10) || 0 >= n.g-- || (y = Math.floor(y), n.K.push(254 >= y ? y : 254))
                } finally {
                    n.S = false
                }
                return c
            }
        },
        xz = function(R, n, k, q) {
            for (k = (q = u(n), 0); 0 < R; R--) k = k << 8 | P(n);
            V(q, n, k)
        },
        I, Pa = function(R, n, k, q) {
            return v(R, (LX((q = v(R, 278), R.i && q < R.B ? (V(278, R, R.B), Uk(k, R)) : V(278, R, k), n), R), V(278, R, q), 15))
        },
        Tu = function(R, n, k, q, c) {
            for (c = (q = (k.In = (k.MJ = J8(k.I, (k.v0 = (k.NJ = be, CX), k.c0 = k[F], {get: function() {
                        return this.concat()
                    }
                })), d)[k.I](k.MJ, {
                    value: {
                        value: {}
                    }
                }), []), 0); 128 > c; c++) q[c] = String.fromCharCode(c);
            B((C((C(k, (C(k, (p(340, (V((V(305, k, [160, ((V(307, (V(327, (V(236, k, (p(59, k, (p(127, k, (p(119, (V(421, k, (V(270, k, (p(87, (p(158, (p(396, k, (p(448, k, (k.on = (p(362, (k.E9 = (p((p(250, k, (p(371, (V(15, (p(354, k, (V(352, k, ((p(442, k, (p(227, k, (p(103, k, (p(11, k, (p(121, (V(289, (p(173, (V(409, k, (p(275, k, (p(317, (p(375, k, (p(432, ((p((p(295, (V(278, k, (k.B0 = (k.wE = (k.P0 = function(y) {
                this.C = y
            }, k.u = (k.R = void 0, []), k.F = ((k.O = (k.N = void 0, void 0), k.Y = 1, k.U = 0, (k.Rn = [], k).C = k, c = window.performance || {}, k.j = [], (k.J = 0, k).T = 0, k.B = 0, k.S = ((k.A = void 0, k.X = void 0, k).i = [], k.H = (k.P = (k.xh = false, []), k.g = (k.G = 0, 25), 0), k.L = (k.l = void 0, void 0), k.D = false, k.Z = 8001, false), k).K = [], null), 0), c).timeOrigin || (c.timing || {}).navigationStart || 0, 0)), V(426, k, 0), k), function(y, e, K, N) {
                V((e = v(y, (N = (K = (N = (e = u(y), u(y)), u(y)), v(y, N)), e)), K), y, e in N | 0)
            }), 163), k, function(y, e, K, N) {
                !l(y, e, true, false) && (e = re(y), N = e.Ck, K = e.h, y.C == y || K == y.P0 && N == y) && (V(e.un, y, K.apply(N, e.o)), y.T = y.s())
            }), p)(341, k, function(y, e, K, N) {
                if (N = y.Rn.pop()) {
                    for (K = P(y); 0 < K; K--) e = u(y), N[e] = y.u[e];
                    y.u = (N[236] = y.u[236], N[307] = y.u[307], N)
                } else V(278, y, y.B)
            }), k), function(y, e) {
                (e = v(y, u(y)), Uk)(e, y.C)
            }), function(y, e, K, N) {
                (e = v(y, (N = v((K = (N = u((e = u(y), y)), u(y)), y), N), e)) == N, V)(K, y, +e)
            })), k), function(y) {
                xz(4, y)
            }), function(y, e, K, N, Q, Z) {
                if (!l(y, e, true, true)) {
                    if ("object" == (y = v((N = (Q = v((e = v((N = (e = (Q = (Z = u(y), u)(y), u(y)), u)(y), y), e), y), Q), v(y, N)), y), Z), qX)(y)) {
                        for (K in Z = [], y) Z.push(K);
                        y = Z
                    }
                    for (Z = (e = 0 < e ? e : 1, K = y.length, 0); Z < K; Z += e) Q(y.slice(Z, (Z | 0) + (e | 0)), N)
                }
            })), p(193, k, function(y, e, K, N, Q) {
                0 !== (Q = v(y, (K = (e = v((N = v(y, (N = (Q = u((K = u(y), y)), e = u(y), u(y)), N)), y), e), v(y.C, K)), Q)), K) && (N = Ba(e, N, y, 1, K, Q), K.addEventListener(Q, N, W), V(270, y, [K, Q, N]))
            }), 687)), k), function(y) {
                sk(y, 4)
            }), k), 0), k), function() {}), function(y, e, K, N, Q, Z, w) {
                for (w = (e = (K = (N = u(y), Z = eM(y), Q = "", v(y, 115)), K.length), 0); Z--;) w = ((w | 0) + (eM(y) | 0)) % e, Q += q[K[w]];
                V(N, y, Q)
            })), function(y, e, K) {
                K = v((e = (K = (e = u(y), u(y)), 0 != v(y, e)), y), K), e && V(278, y, K)
            })), function(y, e, K, N, Q) {
                for (K = (e = (N = u(y), eM)(y), 0), Q = []; K < e; K++) Q.push(P(y));
                V(N, y, Q)
            })), function(y, e, K) {
                (e = u((K = u(y), y)), V)(e, y, "" + v(y, K))
            })), V)(408, k, [0, 0, 0]), [])), function(y, e, K, N, Q, Z, w, U, h, T, Y, J) {
                function f(b, a) {
                    for (; e < b;) T |= P(y) << e, e += 8;
                    return T >>= (a = T & (e -= b, (1 << b) - 1), b), a
                }
                for (K = (h = (U = (Y = (e = T = (Z = u(y), 0), f(3) | 0) + 1, f(5)), 0), []), Q = 0; Q < U; Q++) J = f(1), K.push(J), h += J ? 0 : 1;
                for (Q = (N = (h = ((h | 0) - 1).toString(2).length, []), 0); Q < U; Q++) K[Q] || (N[Q] = f(h));
                for (h = 0; h < U; h++) K[h] && (N[h] = u(y));
                for (w = []; Y--;) w.push(v(y, u(y)));
                p(Z, y, function(b, a, O, VB, X) {
                    for (O = (VB = (X = [], []), 0); O < U; O++) {
                        if (a = N[O], !K[O]) {
                            for (; a >= X.length;) X.push(u(b));
                            a = X[a]
                        }
                        VB.push(a)
                    }
                    b.L = h8(b, w.slice()), b.N = h8(b, VB)
                })
            })), k), {}), k), function(y) {
                al(y, 1)
            }), function(y, e, K) {
                l(y, e, true, false) || (e = u(y), K = u(y), V(K, y, function(N) {
                    return eval(N)
                }(Gu(v(y.C, e)))))
            })), 499), k, function(y) {
                sk(y, 3)
            }), 0), k), function(y, e, K, N) {
                K = (N = P((e = u(y), y)), u(y)), V(K, y, v(y, e) >>> N)
            }), 0), function(y, e, K, N) {
                V((e = v(y, (N = v(y, (K = u((N = u(y), y)), N)), K)), K), y, e + N)
            })), function(y, e) {
                y = (e = u(y), v)(y.C, e), y[0].removeEventListener(y[1], y[2], W)
            })), k), function(y, e, K, N, Q) {
                V((K = v(y, (N = (Q = v(y, (Q = (N = (K = (e = u(y), u(y)), u(y)), u)(y), Q)), v(y, N)), K)), e), y, Ba(K, N, y, Q))
            }), k), function(y, e, K) {
                V((K = v(y, (e = (K = u(y), u(y)), K)), K = qX(K), e), y, K)
            }), 0)), S(4))), k), function(y, e, K, N, Q, Z) {
                l(y, e, true, false) || (N = re(y.C), e = N.o, Z = N.Ck, Q = N.h, K = e.length, N = N.un, e = 0 == K ? new Z[Q] : 1 == K ? new Z[Q](e[0]) : 2 == K ? new Z[Q](e[0], e[1]) : 3 == K ? new Z[Q](e[0], e[1], e[2]) : 4 == K ? new Z[Q](e[0], e[1], e[2], e[3]) : 2(), V(N, y, e))
            }), function(y, e, K, N) {
                N = u((e = u(y), y)), K = u(y), y.C == y && (N = v(y, N), K = v(y, K), v(y, e)[N] = K, 358 == e && (y.A = void 0, 2 == N && (y.O = L(32, y, false), y.A = void 0)))
            })), function(y) {
                al(y, 4)
            })), [])), k), H), k), 2048), k).an = 0, 0), 0]), 120), k, k), k), function(y, e, K, N) {
                V((K = v((e = v(y, (N = u((K = u((e = u(y), y)), y)), e)), y), K), N), y, e[K])
            }), p(472, k, function(y, e, K, N) {
                N = (e = u(y), u)(y), K = u(y), V(K, y, v(y, e) || v(y, N))
            }), [Rl])), [A, n])), k), [Il, R]), true), k, true)
        },
        J8 = function(R, n) {
            return d[R](d.prototype, {
                pop: n,
                replace: n,
                length: n,
                document: n,
                splice: n,
                parent: n,
                stack: n,
                floor: n,
                prototype: n,
                console: n,
                call: n,
                propertyIsEnumerable: n
            })
        },
        pX = function(R, n, k, q, c) {
            for (q = (R = R.replace(/\r\n/g, "\n"), n = 0, []), k = 0; n < R.length; n++) c = R.charCodeAt(n), 128 > c ? q[k++] = c : (2048 > c ? q[k++] = c >> 6 | 192 : (55296 == (c & 64512) && n + 1 < R.length && 56320 == (R.charCodeAt(n + 1) & 64512) ? (c = 65536 + ((c & 1023) << 10) + (R.charCodeAt(++n) & 1023), q[k++] = c >> 18 | 240, q[k++] = c >> 12 & 63 | 128) : q[k++] = c >> 12 | 224, q[k++] = c >> 6 & 63 | 128), q[k++] = c & 63 | 128);
            return q
        },
        LX = function(R, n, k, q, c, y) {
            if (!n.R) {
                n.J++;
                try {
                    for (k = (q = (y = void 0, n).B, 0); --R;) try {
                        if ((c = void 0, n).L) y = Zn(n, n.L);
                        else {
                            if (k = v(n, 278), k >= q) break;
                            y = (c = (V(426, n, k), u(n)), v)(n, c)
                        }(y && y[ue] & 2048 ? y(n, R) : M(n, 0, [x, 21, c]), l)(n, R, false, false)
                    } catch (e) {
                        v(n, 409) ? M(n, 22, e) : V(409, n, e)
                    }
                    if (!R) {
                        if (n.Lk) {
                            n.J--, LX(338687074593, n);
                            return
                        }
                        M(n, 0, [x, 33])
                    }
                } catch (e) {
                    try {
                        M(n, 22, e)
                    } catch (K) {
                        r(n, K)
                    }
                }
                n.J--
            }
        },
        Zn = function(R, n) {
            return (n = n.create().shift(), R.L.create()).length || R.N.create().length || (R.L = void 0, R.N = void 0), n
        },
        Dn = function(R, n, k, q) {
            function c() {}
            return {
                invoke: (k = QB((q = void 0, R), function(y) {
                    c && (n && z(n), q = y, c(), c = void 0)
                }, !!n)[0], function(y, e, K, N) {
                    function Q() {
                        q(function(Z) {
                            z(function() {
                                y(Z)
                            })
                        }, K)
                    }
                    if (!e) return e = k(K), y && y(e), e;
                    q ? Q() : (N = c, c = function() {
                        N(), z(Q)
                    })
                })
            }
        },
        v = function(R, n) {
            if (void 0 === (R = R.u[n], R)) throw [x, 30, n];
            if (R.value) return R.create();
            return R.create(1 * n * n + 42 * n + -40), R.prototype
        },
        D = function(R, n, k, q) {
            for (k = (q = (R | 0) - 1, []); 0 <= q; q--) k[(R | 0) - 1 - (q | 0)] = n >> 8 * q & 255;
            return k
        },
        Uk = function(R, n) {
            V(278, ((n.Rn.push(n.u.slice()), n.u)[278] = void 0, n), R)
        },
        r = function(R, n) {
            R.R = ((R.R ? R.R + "~" : "E:") + n.message + ":" + n.stack).slice(0, 2048)
        },
        fX = function(R, n, k) {
            return n.W(function(q) {
                k = q
            }, false, R), k
        },
        Ba = function(R, n, k, q, c, y) {
            function e() {
                if (k.C == k) {
                    if (k.u) {
                        var K = [m, R, n, void 0, c, y, arguments];
                        if (2 == q) var N = B(false, (C(k, K), k), false);
                        else if (1 == q) {
                            var Q = !k.P.length;
                            C(k, K), Q && B(false, k, false)
                        } else N = ca(k, K);
                        return N
                    }
                    c && y && c.removeEventListener(y, e, W)
                }
            }
            return e
        },
        S = function(R, n) {
            for (n = []; R--;) n.push(255 * Math.random() | 0);
            return n
        },
        ca = function(R, n, k, q, c) {
            if (c = n[0], c == g) R.g = 25, R.v(n);
            else if (c == F) {
                q = n[1];
                try {
                    k = R.R || R.v(n)
                } catch (y) {
                    r(R, y), k = R.R
                }
                q(k)
            } else if (c == jM) R.v(n);
            else if (c == A) R.v(n);
            else if (c == Il) {
                try {
                    for (k = 0; k < R.j.length; k++) try {
                        q = R.j[k], q[0][q[1]](q[2])
                    } catch (y) {}
                } catch (y) {}(0, n[R.j = [], 1])(function(y, e) {
                    R.W(y, true, e)
                }, function(y) {
                    (C((y = !R.P.length, R), [ue]), y) && B(false, R, true)
                })
            } else {
                if (c == m) return k = n[2], V(126, R, n[6]), V(15, R, k), R.v(n);
                c == ue ? (R.K = [], R.i = [], R.u = null) : c == Rl && "loading" === H.document.readyState && (R.F = function(y, e) {
                    function K() {
                        e || (e = true, y())
                    }
                    H.document.addEventListener("DOMContentLoaded", (e = false, K), W), H.addEventListener("load", K, W)
                })
            }
        },
        al = function(R, n, k, q) {
            G((k = u(R), q = u(R), q), R, D(n, v(R, k)))
        },
        $z = function(R, n) {
            if ((R = null, n = H.trustedTypes, !n) || !n.createPolicy) return R;
            try {
                R = n.createPolicy("bg", {
                    createHTML: zu,
                    createScript: zu,
                    createScriptURL: zu
                })
            } catch (k) {
                H.console && H.console.error(k.message)
            }
            return R
        },
        zu = function(R) {
            return R
        },
        M = function(R, n, k, q, c, y) {
            if (!R.D) {
                if ((k = v(R, (n = (0 == (q = ((c = void 0, k && k[0] === x) && (c = k[2], n = k[1], k = void 0), v)(R, 236), q).length && (y = v(R, 426) >> 3, q.push(n, y >> 8 & 255, y & 255), void 0 != c && q.push(c & 255)), ""), k && (k.message && (n += k.message), k.stack && (n += ":" + k.stack)), 307)), 3) < k) {
                    R.C = (c = (n = pX((k -= ((n = n.slice(0, (k | 0) - 3), n.length) | 0) + 3, n)), R.C), R);
                    try {
                        G(421, R, D(2, n.length).concat(n), 9)
                    } finally {
                        R.C = c
                    }
                }
                V(307, R, k)
            }
        },
        H = this || self,
        t = function(R, n, k) {
            k = this;
            try {
                Tu(n, R, this)
            } catch (q) {
                r(this, q), n(function(c) {
                    c(k.R)
                })
            }
        },
        h8 = function(R, n, k) {
            return k = d[R.I](R.In), k[R.I] = function() {
                return n
            }, k.concat = function(q) {
                n = q
            }, k
        },
        W = {
            passive: true,
            capture: true
        },
        re = function(R, n, k, q, c, y) {
            for (q = (c = (n = (k = u((y = R[le] || {}, R)), y.un = u(R), y.o = [], R.C == R ? (P(R) | 0) - 1 : 1), u(R)), 0); q < n; q++) y.o.push(u(R));
            for (y.Ck = v(R, c); n--;) y.o[n] = v(R, y.o[n]);
            return y.h = v(R, k), y
        },
        z = H.requestIdleCallback ? function(R) {
            requestIdleCallback(function() {
                R()
            }, {
                timeout: 4
            })
        } : H.setImmediate ? function(R) {
            setImmediate(R)
        } : function(R) {
            setTimeout(R, 0)
        },
        de = function(R, n) {
            n.push(R[0] << 24 | R[1] << 16 | R[2] << 8 | R[3]), n.push(R[4] << 24 | R[5] << 16 | R[6] << 8 | R[7]), n.push(R[8] << 24 | R[9] << 16 | R[10] << 8 | R[11])
        },
        le = String.fromCharCode(105, 110, 116, 101, 103, 67, 104, 101, 99, 107, 66, 121, 112, 97, 115, 115),
        x = ((t.prototype.V = "toString", t.prototype.Lk = false, t).prototype.Qy = void 0, {}),
        g = [],
        Il = [],
        jM = [],
        A = [],
        m = [],
        ue = (t.prototype.kh = void 0, []),
        F = [],
        Rl = [],
        d = (E = ((de, function() {})(S), yB, Ek, t.prototype), E.zc = function() {
            return Math.floor(this.G + (this.s() - this.H))
        }, x.constructor),
        va = (E.s = (t.prototype.I = "create", (E.dE = (E.W = function(R, n, k, q, c) {
            if ((k = "array" === qX(k) ? k : [k], this).R) R(this.R);
            else try {
                q = !this.P.length, c = [], C(this, [g, c, k]), C(this, [F, R, c]), n && !q || B(true, this, n)
            } catch (y) {
                r(this, y), R(this.R)
            }
        }, function(R, n, k, q, c, y) {
            for (c = q = 0, y = []; q < R.length; q++)
                for (c += n, k = k << n | R[q]; 7 < c;) c -= 8, y.push(k >> c & 255);
            return y
        }), (E.eN = (E.s9 = function(R, n, k) {
            return ((n = (n ^= n << 13, n ^= n >> 17, (n ^ n << 5) & k)) || (n = 1), R) ^ n
        }, function(R, n, k, q, c) {
            for (q = c = 0; c < R.length; c++) q += R.charCodeAt(c), q += q << 10, q ^= q >> 6;
            return c = new Number((q += q << 3, q ^= q >> 11, R = q + (q << 15) >>> 0, R & (1 << n) - 1)), c[0] = (R >>> n) % k, c
        }), E.FH = function() {
            return Math.floor(this.s())
        }, window.performance || {}).now) ? function() {
            return this.B0 + window.performance.now()
        } : function() {
            return +new Date
        }), void 0),
        CX = ((t.prototype.v = function(R, n) {
            return n = {}, va = (R = {}, function() {
                    return n == R ? -40 : 9
                }),
                function(k, q, c, y, e, K, N, Q, Z, w, U, h, T, Y, J) {
                    n = (Y = n, R);
                    try {
                        if (h = k[0], h == A) {
                            T = k[1];
                            try {
                                for (Q = (y = atob(T), e = [], K = 0); Q < y.length; Q++) J = y.charCodeAt(Q), 255 < J && (e[K++] = J & 255, J >>= 8), e[K++] = J;
                                V(358, this, (this.B = (this.i = e, this.i).length << 3, [0, 0, 0]))
                            } catch (f) {
                                M(this, 17, f);
                                return
                            }
                            LX(8001, this)
                        } else if (h == g) k[1].push(v(this, 307), v(this, 421).length, v(this, 352).length, v(this, 305).length), V(15, this, k[2]), this.u[349] && Pa(this, 8001, v(this, 349));
                        else {
                            if (h == F) {
                                this.C = (Z = (U = D(2, (v(this, (K = k[2], 305)).length | 0) + 2), this.C), this);
                                try {
                                    w = v(this, 236), 0 < w.length && G(305, this, D(2, w.length).concat(w), 10), G(305, this, D(1, this.Y), 109), G(305, this, D(1, this[F].length)), y = 0, y -= (v(this, 305).length | 0) + 5, y += v(this, 289) & 2047, q = v(this, 421), 4 < q.length && (y -= (q.length | 0) + 3), 0 < y && G(305, this, D(2, y).concat(S(y)), 15), 4 < q.length && G(305, this, D(2, q.length).concat(q), 156)
                                } finally {
                                    this.C = Z
                                }
                                if (c = ((Q = S(2).concat(v(this, 305)), Q[1] = Q[0] ^ 6, Q[3] = Q[1] ^ U[0], Q)[4] = Q[1] ^ U[1], this.rE(Q))) c = "!" + c;
                                else
                                    for (c = "", y = 0; y < Q.length; y++) N = Q[y][this.V](16), 1 == N.length && (N = "0" + N), c += N;
                                return v(this, (v((v((V(307, this, (e = c, K.shift())), this), 421).length = K.shift(), this), 352).length = K.shift(), 305)).length = K.shift(), e
                            }
                            if (h == jM) Pa(this, k[2], k[1]);
                            else if (h == m) return Pa(this, 8001, k[1])
                        }
                    } finally {
                        n = Y
                    }
                }
        }(), t.prototype).rE = function(R, n, k, q) {
            if (n = window.btoa) {
                for (q = (k = 0, ""); k < R.length; k += 8192) q += String.fromCharCode.apply(null, R.slice(k, k + 8192));
                R = n(q).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "")
            } else R = void 0;
            return R
        }, /./);
    (t.prototype.Ax = 0, t.prototype).yy = 0;
    var be, Fn = A.pop.bind((t.prototype[Il] = [0, 0, 1, 1, 0, 1, 1], t).prototype[g]),
        Gu = function(R, n) {
            return (n = $z()) && 1 === R.eval(n.createScript("1")) ? function(k) {
                return n.createScript(k)
            } : function(k) {
                return "" + k
            }
        }(((be = J8(t.prototype.I, {get: (CX[t.prototype.V] = Fn, Fn)
        }), t.prototype).O9 = void 0, H));
    40 < (I = H.botguard || (H.botguard = {}), I.m) || (I.m = 41, I.bg = Dn, I.a = QB), I.bDL_ = function(R, n, k) {
        return k = new t(R, n), [function(q) {
            return fX(q, k)
        }]
    };
}).call(this);
#4 JavaScript::Eval (size: 22) - SHA256: 9bb0c662c12831d4a6a9d504b2534e28f08b91591da1303a05ad2b3e12a6e49e
0,
function(y) {
    xz(1, y)
}
#5 JavaScript::Eval (size: 15588) - SHA256: 0d4559ba47020dfb3d3229a79fae241152a0337f86a9c8a01bd5add41c1753b7
/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */
(function() {
    var y = this || self,
        e = function(R) {
            return R
        },
        q = function(R, n) {
            if ((n = (R = y.trustedTypes, null), !R) || !R.createPolicy) return n;
            try {
                n = R.createPolicy("bg", {
                    createHTML: e,
                    createScript: e,
                    createScriptURL: e
                })
            } catch (k) {
                y.console && y.console.error(k.message)
            }
            return n
        };
    (0, eval)(function(R, n) {
        return (n = q()) && 1 === R.eval(n.createScript("1")) ? function(k) {
            return n.createScript(k)
        } : function(k) {
            return "" + k
        }
    }(y)(Array(7824 * Math.random() | 0).join("\n") + '(function(){var p=function(R,n,k){k[V(R,n,k),Rl]=2796},nX=function(R,n){return R(function(k){k(n)}),[function(){return n}]},kz=function(R,n,k,q,c){for(n=(q=(c=n[3]|0,0),n[2])|0;14>q;q++)c=c>>>8|c<<24,k=k>>>8|k<<24,k+=R|0,c+=n|0,k^=n+2298,R=R<<3|R>>>29,c^=q+2298,R^=k,n=n<<3|n>>>29,n^=c;return[R>>>24&255,R>>>16&255,R>>>8&255,R>>>0&255,k>>>24&255,k>>>16&255,k>>>8&255,k>>>0&255]},E,L=function(R,n,k,q,c,y,e,K,N,Q,Z,w,U,h){if(y=v(n,278),y>=n.B)throw[x,31];for(c=(K=0,q=R,Q=y,n.c0.length);0<q;)Z=Q%8,N=8-(Z|0),N=N<q?N:q,U=Q>>3,w=n.i[U],k&&(e=n,e.A!=Q>>6&&(e.A=Q>>6,h=v(e,358),e.l=kz(e.O,[0,0,h[1],h[2]],e.A)),w^=n.l[U&c]),K|=(w>>8-(Z|0)-(N|0)&(1<<N)-1)<<(q|0)-(N|0),Q+=N,q-=N;return V(278,n,(k=K,(y|0)+(R|0))),k},yB=function(R,n,k,q){try{q=R[((n|0)+2)%3],R[n]=(R[n]|0)-(R[((n|0)+1)%3]|0)-(q|0)^(1==n?q<<k:q>>>k)}catch(c){throw c;}},eM=function(R,n){return n=P(R),n&128&&(n=n&127|P(R)<<7),n},qX=function(R,n,k){if((n=typeof R,"object")==n)if(R){if(R instanceof Array)return"array";if(R instanceof Object)return n;if("[object Window]"==(k=Object.prototype.toString.call(R),k))return"object";if("[object Array]"==k||"number"==typeof R.length&&"undefined"!=typeof R.splice&&"undefined"!=typeof R.propertyIsEnumerable&&!R.propertyIsEnumerable("splice"))return"array";if("[object Function]"==k||"undefined"!=typeof R.call&&"undefined"!=typeof R.propertyIsEnumerable&&!R.propertyIsEnumerable("call"))return"function"}else return"null";else if("function"==n&&"undefined"==typeof R.call)return"object";return n},C=function(R,n){R.P.splice(0,0,n)},G=function(R,n,k,q,c,y){if(n.C==n)for(c=v(n,R),421==R?(R=function(e,K,N,Q){if(c.mm!=(Q=((K=c.length,K)|0)-4>>3,Q)){Q=(c.mm=(N=[0,0,y[1],y[2]],Q),(Q<<3)-4);try{c.nk=kz(KX(c,Q),N,KX(c,(Q|0)+4))}catch(Z){throw Z;}}c.push(c.nk[K&7]^e)},y=v(n,408)):R=function(e){c.push(e)},q&&R(q&255),n=k.length,q=0;q<n;q++)R(k[q])},NX=function(R,n,k,q){for(;R.P.length;){k=(R.F=null,R).P.pop();try{q=ca(R,k)}catch(c){r(R,c)}if(n&&R.F){n=R.F,n(function(){B(true,R,true)});break}}return q},QB=function(R,n,k,q){return(q=I[R.substring(0,3)+"_"])?q(R.substring(3),n,k):nX(n,R)},sk=function(R,n,k,q,c){G(((c=(k=u((c=u((q=n&4,n&=3,R)),R)),v(R,c)),q)&&(c=pX(""+c)),n&&G(k,R,D(2,c.length)),k),R,c)},l=function(R,n,k,q,c,y,e,K,N){if((R.C=(((K=(y=(N=(c=(e=0<(k||R.X++,R).U&&R.S&&R.xh&&1>=R.J&&!R.L&&!R.F&&(!k||1<R.Z-n)&&0==document.hidden,4==R.X))||e?R.s():R.T,N-R.T),y)>>14,R).O&&(R.O^=K*(y<<2)),R).Y+=K,K||R.C),c)||e)R.X=0,R.T=N;if(!e||N-R.H<R.U-(q?255:k?5:2))return false;return!((V(278,(q=v(R,(R.Z=n,k?426:278)),R),R.B),R.P).push([jM,q,k?n+1:n]),R.F=z,0)},Ek=function(R,n,k){if(3==R.length){for(k=0;3>k;k++)n[k]+=R[k];for(k=[(R=0,13),8,13,12,16,5,3,10,15];9>R;R++)n[3](n,R%3,k[R])}},u=function(R,n){if(R.L)return Zn(R,R.N);return n=L(8,R,true),n&128&&(n^=128,R=L(2,R,true),n=(n<<2)+(R|0)),n},KX=function(R,n){return R[n]<<24|R[(n|0)+1]<<16|R[(n|0)+2]<<8|R[(n|0)+3]},we=function(R,n,k,q,c,y,e,K){return(c=d[n.I]((k=[-2,42,-72,-(y=va,46),-26,-71,k,61,(K=q&7,9),2],n.MJ)),c)[n.I]=function(N){e=N,K+=6+7*q,K&=7},c.concat=function(N){return(N=(e=(N=+(N=R%16+1,k)[K+59&7]*R*N-N*e- -2440*e+(y()|0)*N+1*R*R*N-2562*R*e-61*R*R*e+K+61*e*e,void 0),k[N]),k[(K+69&7)+(q&2)]=N,k)[K+(q&2)]=42,N},c},V=function(R,n,k){if(278==R||426==R)n.u[R]?n.u[R].concat(k):n.u[R]=h8(n,k);else{if(n.D&&358!=R)return;305==R||421==R||352==R||236==R||408==R?n.u[R]||(n.u[R]=we(R,n,k,54)):n.u[R]=we(R,n,k,113)}358==R&&(n.O=L(32,n,false),n.A=void 0)},P=function(R){return R.L?Zn(R,R.N):L(8,R,true)},B=function(R,n,k,q,c,y){if(n.P.length){(n.S=!(n.S&&0(),0),n).xh=k;try{q=n.s(),n.H=q,n.T=q,n.X=0,c=NX(n,k),y=n.s()-n.H,n.G+=y,y<(R?0:10)||0>=n.g--||(y=Math.floor(y),n.K.push(254>=y?y:254))}finally{n.S=false}return c}},xz=function(R,n,k,q){for(k=(q=u(n),0);0<R;R--)k=k<<8|P(n);V(q,n,k)},I,Pa=function(R,n,k,q){return v(R,(LX((q=v(R,278),R.i&&q<R.B?(V(278,R,R.B),Uk(k,R)):V(278,R,k),n),R),V(278,R,q),15))},Tu=function(R,n,k,q,c){for(c=(q=(k.In=(k.MJ=J8(k.I,(k.v0=(k.NJ=be,CX),k.c0=k[F],{get:function(){return this.concat()}})),d)[k.I](k.MJ,{value:{value:{}}}),[]),0);128>c;c++)q[c]=String.fromCharCode(c);B((C((C(k,(C(k,(p(340,(V((V(305,k,[160,((V(307,(V(327,(V(236,k,(p(59,k,(p(127,k,(p(119,(V(421,k,(V(270,k,(p(87,(p(158,(p(396,k,(p(448,k,(k.on=(p(362,(k.E9=(p((p(250,k,(p(371,(V(15,(p(354,k,(V(352,k,((p(442,k,(p(227,k,(p(103,k,(p(11,k,(p(121,(V(289,(p(173,(V(409,k,(p(275,k,(p(317,(p(375,k,(p(432,((p((p(295,(V(278,k,(k.B0=(k.wE=(k.P0=function(y){this.C=y},k.u=(k.R=void 0,[]),k.F=((k.O=(k.N=void 0,void 0),k.Y=1,k.U=0,(k.Rn=[],k).C=k,c=window.performance||{},k.j=[],(k.J=0,k).T=0,k.B=0,k.S=((k.A=void 0,k.X=void 0,k).i=[],k.H=(k.P=(k.xh=false,[]),k.g=(k.G=0,25),0),k.L=(k.l=void 0,void 0),k.D=false,k.Z=8001,false),k).K=[],null),0),c).timeOrigin||(c.timing||{}).navigationStart||0,0)),V(426,k,0),k),function(y,e,K,N){V((e=v(y,(N=(K=(N=(e=u(y),u(y)),u(y)),v(y,N)),e)),K),y,e in N|0)}),163),k,function(y,e,K,N){!l(y,e,true,false)&&(e=re(y),N=e.Ck,K=e.h,y.C==y||K==y.P0&&N==y)&&(V(e.un,y,K.apply(N,e.o)),y.T=y.s())}),p)(341,k,function(y,e,K,N){if(N=y.Rn.pop()){for(K=P(y);0<K;K--)e=u(y),N[e]=y.u[e];y.u=(N[236]=y.u[236],N[307]=y.u[307],N)}else V(278,y,y.B)}),k),function(y,e){(e=v(y,u(y)),Uk)(e,y.C)}),function(y,e,K,N){(e=v(y,(N=v((K=(N=u((e=u(y),y)),u(y)),y),N),e))==N,V)(K,y,+e)})),k),function(y){xz(4,y)}),function(y,e,K,N,Q,Z){if(!l(y,e,true,true)){if("object"==(y=v((N=(Q=v((e=v((N=(e=(Q=(Z=u(y),u)(y),u(y)),u)(y),y),e),y),Q),v(y,N)),y),Z),qX)(y)){for(K in Z=[],y)Z.push(K);y=Z}for(Z=(e=0<e?e:1,K=y.length,0);Z<K;Z+=e)Q(y.slice(Z,(Z|0)+(e|0)),N)}})),p(193,k,function(y,e,K,N,Q){0!==(Q=v(y,(K=(e=v((N=v(y,(N=(Q=u((K=u(y),y)),e=u(y),u(y)),N)),y),e),v(y.C,K)),Q)),K)&&(N=Ba(e,N,y,1,K,Q),K.addEventListener(Q,N,W),V(270,y,[K,Q,N]))}),687)),k),function(y){sk(y,4)}),k),0),k),function(){}),function(y,e,K,N,Q,Z,w){for(w=(e=(K=(N=u(y),Z=eM(y),Q="",v(y,115)),K.length),0);Z--;)w=((w|0)+(eM(y)|0))%e,Q+=q[K[w]];V(N,y,Q)})),function(y,e,K){K=v((e=(K=(e=u(y),u(y)),0!=v(y,e)),y),K),e&&V(278,y,K)})),function(y,e,K,N,Q){for(K=(e=(N=u(y),eM)(y),0),Q=[];K<e;K++)Q.push(P(y));V(N,y,Q)})),function(y,e,K){(e=u((K=u(y),y)),V)(e,y,""+v(y,K))})),V)(408,k,[0,0,0]),[])),function(y,e,K,N,Q,Z,w,U,h,T,Y,J){function f(b,a){for(;e<b;)T|=P(y)<<e,e+=8;return T>>=(a=T&(e-=b,(1<<b)-1),b),a}for(K=(h=(U=(Y=(e=T=(Z=u(y),0),f(3)|0)+1,f(5)),0),[]),Q=0;Q<U;Q++)J=f(1),K.push(J),h+=J?0:1;for(Q=(N=(h=((h|0)-1).toString(2).length,[]),0);Q<U;Q++)K[Q]||(N[Q]=f(h));for(h=0;h<U;h++)K[h]&&(N[h]=u(y));for(w=[];Y--;)w.push(v(y,u(y)));p(Z,y,function(b,a,O,VB,X){for(O=(VB=(X=[],[]),0);O<U;O++){if(a=N[O],!K[O]){for(;a>=X.length;)X.push(u(b));a=X[a]}VB.push(a)}b.L=h8(b,w.slice()),b.N=h8(b,VB)})})),k),{}),k),function(y){al(y,1)}),function(y,e,K){l(y,e,true,false)||(e=u(y),K=u(y),V(K,y,function(N){return eval(N)}(Gu(v(y.C,e)))))})),499),k,function(y){sk(y,3)}),0),k),function(y,e,K,N){K=(N=P((e=u(y),y)),u(y)),V(K,y,v(y,e)>>>N)}),0),function(y,e,K,N){V((e=v(y,(N=v(y,(K=u((N=u(y),y)),N)),K)),K),y,e+N)})),function(y,e){y=(e=u(y),v)(y.C,e),y[0].removeEventListener(y[1],y[2],W)})),k),function(y,e,K,N,Q){V((K=v(y,(N=(Q=v(y,(Q=(N=(K=(e=u(y),u(y)),u(y)),u)(y),Q)),v(y,N)),K)),e),y,Ba(K,N,y,Q))}),k),function(y,e,K){V((K=v(y,(e=(K=u(y),u(y)),K)),K=qX(K),e),y,K)}),0)),S(4))),k),function(y,e,K,N,Q,Z){l(y,e,true,false)||(N=re(y.C),e=N.o,Z=N.Ck,Q=N.h,K=e.length,N=N.un,e=0==K?new Z[Q]:1==K?new Z[Q](e[0]):2==K?new Z[Q](e[0],e[1]):3==K?new Z[Q](e[0],e[1],e[2]):4==K?new Z[Q](e[0],e[1],e[2],e[3]):2(),V(N,y,e))}),function(y,e,K,N){N=u((e=u(y),y)),K=u(y),y.C==y&&(N=v(y,N),K=v(y,K),v(y,e)[N]=K,358==e&&(y.A=void 0,2==N&&(y.O=L(32,y,false),y.A=void 0)))})),function(y){al(y,4)})),[])),k),H),k),2048),k).an=0,0),0]),120),k,k),k),function(y,e,K,N){V((K=v((e=v(y,(N=u((K=u((e=u(y),y)),y)),e)),y),K),N),y,e[K])}),p(472,k,function(y,e,K,N){N=(e=u(y),u)(y),K=u(y),V(K,y,v(y,e)||v(y,N))}),[Rl])),[A,n])),k),[Il,R]),true),k,true)},J8=function(R,n){return d[R](d.prototype,{pop:n,replace:n,length:n,document:n,splice:n,parent:n,stack:n,floor:n,prototype:n,console:n,call:n,propertyIsEnumerable:n})},pX=function(R,n,k,q,c){for(q=(R=R.replace(/\\r\\n/g,"\\n"),n=0,[]),k=0;n<R.length;n++)c=R.charCodeAt(n),128>c?q[k++]=c:(2048>c?q[k++]=c>>6|192:(55296==(c&64512)&&n+1<R.length&&56320==(R.charCodeAt(n+1)&64512)?(c=65536+((c&1023)<<10)+(R.charCodeAt(++n)&1023),q[k++]=c>>18|240,q[k++]=c>>12&63|128):q[k++]=c>>12|224,q[k++]=c>>6&63|128),q[k++]=c&63|128);return q},LX=function(R,n,k,q,c,y){if(!n.R){n.J++;try{for(k=(q=(y=void 0,n).B,0);--R;)try{if((c=void 0,n).L)y=Zn(n,n.L);else{if(k=v(n,278),k>=q)break;y=(c=(V(426,n,k),u(n)),v)(n,c)}(y&&y[ue]&2048?y(n,R):M(n,0,[x,21,c]),l)(n,R,false,false)}catch(e){v(n,409)?M(n,22,e):V(409,n,e)}if(!R){if(n.Lk){n.J--,LX(338687074593,n);return}M(n,0,[x,33])}}catch(e){try{M(n,22,e)}catch(K){r(n,K)}}n.J--}},Zn=function(R,n){return(n=n.create().shift(),R.L.create()).length||R.N.create().length||(R.L=void 0,R.N=void 0),n},Dn=function(R,n,k,q){function c(){}return{invoke:(k=QB((q=void 0,R),function(y){c&&(n&&z(n),q=y,c(),c=void 0)},!!n)[0],function(y,e,K,N){function Q(){q(function(Z){z(function(){y(Z)})},K)}if(!e)return e=k(K),y&&y(e),e;q?Q():(N=c,c=function(){N(),z(Q)})})}},v=function(R,n){if(void 0===(R=R.u[n],R))throw[x,30,n];if(R.value)return R.create();return R.create(1*n*n+42*n+-40),R.prototype},D=function(R,n,k,q){for(k=(q=(R|0)-1,[]);0<=q;q--)k[(R|0)-1-(q|0)]=n>>8*q&255;return k},Uk=function(R,n){V(278,((n.Rn.push(n.u.slice()),n.u)[278]=void 0,n),R)},r=function(R,n){R.R=((R.R?R.R+"~":"E:")+n.message+":"+n.stack).slice(0,2048)},fX=function(R,n,k){return n.W(function(q){k=q},false,R),k},Ba=function(R,n,k,q,c,y){function e(){if(k.C==k){if(k.u){var K=[m,R,n,void 0,c,y,arguments];if(2==q)var N=B(false,(C(k,K),k),false);else if(1==q){var Q=!k.P.length;C(k,K),Q&&B(false,k,false)}else N=ca(k,K);return N}c&&y&&c.removeEventListener(y,e,W)}}return e},S=function(R,n){for(n=[];R--;)n.push(255*Math.random()|0);return n},ca=function(R,n,k,q,c){if(c=n[0],c==g)R.g=25,R.v(n);else if(c==F){q=n[1];try{k=R.R||R.v(n)}catch(y){r(R,y),k=R.R}q(k)}else if(c==jM)R.v(n);else if(c==A)R.v(n);else if(c==Il){try{for(k=0;k<R.j.length;k++)try{q=R.j[k],q[0][q[1]](q[2])}catch(y){}}catch(y){}(0,n[R.j=[],1])(function(y,e){R.W(y,true,e)},function(y){(C((y=!R.P.length,R),[ue]),y)&&B(false,R,true)})}else{if(c==m)return k=n[2],V(126,R,n[6]),V(15,R,k),R.v(n);c==ue?(R.K=[],R.i=[],R.u=null):c==Rl&&"loading"===H.document.readyState&&(R.F=function(y,e){function K(){e||(e=true,y())}H.document.addEventListener("DOMContentLoaded",(e=false,K),W),H.addEventListener("load",K,W)})}},al=function(R,n,k,q){G((k=u(R),q=u(R),q),R,D(n,v(R,k)))},$z=function(R,n){if((R=null,n=H.trustedTypes,!n)||!n.createPolicy)return R;try{R=n.createPolicy("bg",{createHTML:zu,createScript:zu,createScriptURL:zu})}catch(k){H.console&&H.console.error(k.message)}return R},zu=function(R){return R},M=function(R,n,k,q,c,y){if(!R.D){if((k=v(R,(n=(0==(q=((c=void 0,k&&k[0]===x)&&(c=k[2],n=k[1],k=void 0),v)(R,236),q).length&&(y=v(R,426)>>3,q.push(n,y>>8&255,y&255),void 0!=c&&q.push(c&255)),""),k&&(k.message&&(n+=k.message),k.stack&&(n+=":"+k.stack)),307)),3)<k){R.C=(c=(n=pX((k-=((n=n.slice(0,(k|0)-3),n.length)|0)+3,n)),R.C),R);try{G(421,R,D(2,n.length).concat(n),9)}finally{R.C=c}}V(307,R,k)}},H=this||self,t=function(R,n,k){k=this;try{Tu(n,R,this)}catch(q){r(this,q),n(function(c){c(k.R)})}},h8=function(R,n,k){return k=d[R.I](R.In),k[R.I]=function(){return n},k.concat=function(q){n=q},k},W={passive:true,capture:true},re=function(R,n,k,q,c,y){for(q=(c=(n=(k=u((y=R[le]||{},R)),y.un=u(R),y.o=[],R.C==R?(P(R)|0)-1:1),u(R)),0);q<n;q++)y.o.push(u(R));for(y.Ck=v(R,c);n--;)y.o[n]=v(R,y.o[n]);return y.h=v(R,k),y},z=H.requestIdleCallback?function(R){requestIdleCallback(function(){R()},{timeout:4})}:H.setImmediate?function(R){setImmediate(R)}:function(R){setTimeout(R,0)},de=function(R,n){n.push(R[0]<<24|R[1]<<16|R[2]<<8|R[3]),n.push(R[4]<<24|R[5]<<16|R[6]<<8|R[7]),n.push(R[8]<<24|R[9]<<16|R[10]<<8|R[11])},le=String.fromCharCode(105,110,116,101,103,67,104,101,99,107,66,121,112,97,115,115),x=((t.prototype.V="toString",t.prototype.Lk=false,t).prototype.Qy=void 0,{}),g=[],Il=[],jM=[],A=[],m=[],ue=(t.prototype.kh=void 0,[]),F=[],Rl=[],d=(E=((de,function(){})(S),yB,Ek,t.prototype),E.zc=function(){return Math.floor(this.G+(this.s()-this.H))},x.constructor),va=(E.s=(t.prototype.I="create",(E.dE=(E.W=function(R,n,k,q,c){if((k="array"===qX(k)?k:[k],this).R)R(this.R);else try{q=!this.P.length,c=[],C(this,[g,c,k]),C(this,[F,R,c]),n&&!q||B(true,this,n)}catch(y){r(this,y),R(this.R)}},function(R,n,k,q,c,y){for(c=q=0,y=[];q<R.length;q++)for(c+=n,k=k<<n|R[q];7<c;)c-=8,y.push(k>>c&255);return y}),(E.eN=(E.s9=function(R,n,k){return((n=(n^=n<<13,n^=n>>17,(n^n<<5)&k))||(n=1),R)^n},function(R,n,k,q,c){for(q=c=0;c<R.length;c++)q+=R.charCodeAt(c),q+=q<<10,q^=q>>6;return c=new Number((q+=q<<3,q^=q>>11,R=q+(q<<15)>>>0,R&(1<<n)-1)),c[0]=(R>>>n)%k,c}),E.FH=function(){return Math.floor(this.s())},window.performance||{}).now)?function(){return this.B0+window.performance.now()}:function(){return+new Date}),void 0),CX=((t.prototype.v=function(R,n){return n={},va=(R={},function(){return n==R?-40:9}),function(k,q,c,y,e,K,N,Q,Z,w,U,h,T,Y,J){n=(Y=n,R);try{if(h=k[0],h==A){T=k[1];try{for(Q=(y=atob(T),e=[],K=0);Q<y.length;Q++)J=y.charCodeAt(Q),255<J&&(e[K++]=J&255,J>>=8),e[K++]=J;V(358,this,(this.B=(this.i=e,this.i).length<<3,[0,0,0]))}catch(f){M(this,17,f);return}LX(8001,this)}else if(h==g)k[1].push(v(this,307),v(this,421).length,v(this,352).length,v(this,305).length),V(15,this,k[2]),this.u[349]&&Pa(this,8001,v(this,349));else{if(h==F){this.C=(Z=(U=D(2,(v(this,(K=k[2],305)).length|0)+2),this.C),this);try{w=v(this,236),0<w.length&&G(305,this,D(2,w.length).concat(w),10),G(305,this,D(1,this.Y),109),G(305,this,D(1,this[F].length)),y=0,y-=(v(this,305).length|0)+5,y+=v(this,289)&2047,q=v(this,421),4<q.length&&(y-=(q.length|0)+3),0<y&&G(305,this,D(2,y).concat(S(y)),15),4<q.length&&G(305,this,D(2,q.length).concat(q),156)}finally{this.C=Z}if(c=((Q=S(2).concat(v(this,305)),Q[1]=Q[0]^6,Q[3]=Q[1]^U[0],Q)[4]=Q[1]^U[1],this.rE(Q)))c="!"+c;else for(c="",y=0;y<Q.length;y++)N=Q[y][this.V](16),1==N.length&&(N="0"+N),c+=N;return v(this,(v((v((V(307,this,(e=c,K.shift())),this),421).length=K.shift(),this),352).length=K.shift(),305)).length=K.shift(),e}if(h==jM)Pa(this,k[2],k[1]);else if(h==m)return Pa(this,8001,k[1])}}finally{n=Y}}}(),t.prototype).rE=function(R,n,k,q){if(n=window.btoa){for(q=(k=0,"");k<R.length;k+=8192)q+=String.fromCharCode.apply(null,R.slice(k,k+8192));R=n(q).replace(/\\+/g,"-").replace(/\\//g,"_").replace(/=/g,"")}else R=void 0;return R},/./);(t.prototype.Ax=0,t.prototype).yy=0;var be,Fn=A.pop.bind((t.prototype[Il]=[0,0,1,1,0,1,1],t).prototype[g]),Gu=function(R,n){return(n=$z())&&1===R.eval(n.createScript("1"))?function(k){return n.createScript(k)}:function(k){return""+k}}(((be=J8(t.prototype.I,{get:(CX[t.prototype.V]=Fn,Fn)}),t.prototype).O9=void 0,H));40<(I=H.botguard||(H.botguard={}),I.m)||(I.m=41,I.bg=Dn,I.a=QB),I.bDL_=function(R,n,k){return k=new t(R,n),[function(q){return fX(q,k)}]};}).call(this);'));
}).call(this);
#6 JavaScript::Eval (size: 64) - SHA256: cc158dc49db31ac40a09769c14f1e96ce12d8ee44ddb54a5321c32cd0536ef78
0,
function(y, e, K) {
    (e = (K = u((e = u(y), y)), y.u[e] && v(y, e)), V)(K, y, e)
}
#7 JavaScript::Eval (size: 8) - SHA256: 3c4b9b06fe520e9d07b2150eebd412a59c91d789706d99a2b2dc9bf217604d1f
_ate.cbs

Executed Writes (0)


HTTP Transactions (97)


Request Response
                                        
                                            GET /watch-movie/harry-potter-and-the-prisoner-of-azkaban-19594.1613248 HTTP/1.1 
Host: www1.attacker.tv
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         104.21.78.239
HTTP/1.1 301 Moved Permanently
                                        
Date: Sat, 26 Nov 2022 23:49:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 27 Nov 2022 00:49:58 GMT
Location: https://www1.attacker.tv/watch-movie/harry-potter-and-the-prisoner-of-azkaban-19594.1613248
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JxvJdCpTm0MoTIT9UisST3ZYs2R6I7zQSqa%2FjDvhkzZPdF2T7pV0%2BSpwc9hIIaMYYvfvRY99leP7zeMUjtGU%2F0p6mwf8fWB9%2BOOHMfJgsyfP4uarcvA1%2BwsnXAADvvMlyfKz"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77068612d952b50c-OSL
alt-svc: h2=":443"; ma=60

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17591
Expires: Sun, 27 Nov 2022 04:43:10 GMT
Date: Sat, 26 Nov 2022 23:49:59 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2185
Expires: Sun, 27 Nov 2022 00:26:24 GMT
Date: Sat, 26 Nov 2022 23:49:59 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5875
Cache-Control: max-age=130744
Date: Sat, 26 Nov 2022 23:49:59 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 12:09:03 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: FlhTK7aZMhdIaAPz12HGb/+UX2nd92ilpBQ2dRDFuNDkWbUPJV1k4q5efba/Ymla1o7Hz+jLy64=
x-amz-request-id: 2AE0F6GE5712Q7B2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 23:44:25 GMT
age: 334
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 23:19:17 GMT
cache-control: public,max-age=3600
age: 1842
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    d130218d0e2841f39c99610fe1a2ab90
Sha1:   29fbe1e177ee55c7a61ae0a206afff271cf5f945
Sha256: 6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=114805
Date: Sat, 26 Nov 2022 23:49:59 GMT
Etag: "6381c39c-117"
Expires: Mon, 28 Nov 2022 07:43:24 GMT
Last-Modified: Sat, 26 Nov 2022 07:43:24 GMT
Server: nginx
Content-Length: 279

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 26 Nov 2022 23:49:59 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=114805
Date: Sat, 26 Nov 2022 23:49:59 GMT
Etag: "6381c39c-117"
Expires: Mon, 28 Nov 2022 07:43:24 GMT
Last-Modified: Sat, 26 Nov 2022 07:43:24 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1847
Cache-Control: max-age=162355
Date: Sat, 26 Nov 2022 23:49:59 GMT
Etag: "63827623-118"
Expires: Mon, 28 Nov 2022 20:55:54 GMT
Last-Modified: Sat, 26 Nov 2022 20:25:07 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1847
Cache-Control: max-age=162355
Date: Sat, 26 Nov 2022 23:49:59 GMT
Etag: "63827623-118"
Expires: Mon, 28 Nov 2022 20:55:54 GMT
Last-Modified: Sat, 26 Nov 2022 20:25:07 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1847
Cache-Control: max-age=162355
Date: Sat, 26 Nov 2022 23:49:59 GMT
Etag: "63827623-118"
Expires: Mon, 28 Nov 2022 20:55:54 GMT
Last-Modified: Sat, 26 Nov 2022 20:25:07 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4341
Cache-Control: max-age=119858
Date: Sat, 26 Nov 2022 23:49:59 GMT
Etag: "6381c665-117"
Expires: Mon, 28 Nov 2022 09:07:37 GMT
Last-Modified: Sat, 26 Nov 2022 07:55:17 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.25.14
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Sat, 26 Nov 2022 23:49:59 GMT
content-length: 15800
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04010-22688"
last-modified: Mon, 04 May 2020 16:17:20 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 14955933
expires: Thu, 16 Nov 2023 23:49:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MNU2RWkUsUsuqGPfpWNpup6AAsbD%2FKllUkEbU14chaGdmyFS9Di2upPr%2FWuwEJsbN554yUqxKDd2zoRosZmdoxU4rj9MZ7Vp8QODz2ogi7DW%2BGpe0ApIBpMbt7pbm4HTg%2FPN9Qpo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 77068616cc29b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65324)
Size:   15800
Md5:    003a16566999b99177dd5e903a4cf1b3
Sha1:   53bfa1a6981a12ccb734b23b65094e15a13cafae
Sha256: 9e493de8a2dc6fb90ebb3704df66003f96548a9c302898ed6422f6e5ff1aadac
                                        
                                            GET /ajax/libs/postscribe/2.0.8/postscribe.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.17.25.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 26 Nov 2022 23:49:59 GMT
content-length: 5117
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03faa-45f4"
last-modified: Mon, 04 May 2020 16:15:38 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 14788261
expires: Thu, 16 Nov 2023 23:49:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PYQ9li%2BfGIiTIbiX9y0uwf8E%2BDdkrbYwWZHmY5GP%2B9uLPgDhl%2BUyNPdgJDYAuwlAt5QzaSDSFbFpDcPt7LggYB2WJu6AB6ZUt22DnIntOwGtpPdQnmJRBapBPSOha34b1KENNpjp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 77068616cc2fb4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (17660)
Size:   5117
Md5:    abe1df98b6ab4644bd567e6669d0da03
Sha1:   27e3bf22ef08b7ca0090721ed31b4f921d278e7c
Sha256: cd40ba7dbf63d67511c0fd56b7e5327dbedb43d15c439d79a8aacb6377059540
                                        
                                            GET /ajax/libs/lazysizes/5.1.1/lazysizes.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.17.25.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 26 Nov 2022 23:49:59 GMT
content-length: 2950
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed0-1b91"
last-modified: Mon, 04 May 2020 16:12:00 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3306999
expires: Thu, 16 Nov 2023 23:49:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YIFTeoVwpBqjccWrcm1FDPDK6MQhDCgP6J1x%2BhjKr1jggMFUVSya6WO2BWLpWgzPVeRhR%2F%2Fhuv%2F%2Badx7THklY4%2BjxiGcrKeFbRLsKcMtbQMjxfXZ4%2FoDtLHAg%2Bk%2Fz7TKz%2BrRPuSf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 77068616cc2bb4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (7031)
Size:   2950
Md5:    379c5aa33e89ac9f77eb76b172a90412
Sha1:   cf0ec5f99553b412715a023f8f645eb8366cc254
Sha256: a859d73a0cab8a91abb9abcb384c6e495dee74176769927affef9a1d53a295b0
                                        
                                            GET /ajax/libs/font-awesome/5.9.0/css/all.css HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.25.14
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Sat, 26 Nov 2022 23:49:59 GMT
content-length: 10234
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e60-111ac"
last-modified: Mon, 04 May 2020 16:10:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1410130
expires: Thu, 16 Nov 2023 23:49:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i46Oe8zfvsEFqGPzkGAC2I%2FCtM59%2FLzoBeF26LFnfBcpP0d4OiDdH%2F8iqCS2cAHs5KahbpAVyq%2FunxWw5Loj3Q1avrpmsEfEwLXUnYbUZe1uyXTJ8qjH%2FNtYj16BjGnPDerXBOdq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 77068616cc31b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   10234
Md5:    cd3dfb72d171caffb268d3c10438ec02
Sha1:   8b9087b902215e978e1e1bb6f734b2d46f02481a
Sha256: a9a7eadd55d4e2714c778709066da5fe32c900f70d6270e29cc61842f35dfe51
                                        
                                            GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.25.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 26 Nov 2022 23:49:59 GMT
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2673623
expires: Thu, 16 Nov 2023 23:49:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tw1exVZOPsvUz8Z%2BE5oUaKzcIDvMWgeL5If7l8%2B8Usgiyr9wbDKAmlR1Qvo3o97pqqJSa3%2BqmNfZXlyV6%2F1EJ7%2FFD8xK6h7JDs1WreZvBE0gYfj7krn8J4DaXcu%2FgnZFwukAXJgg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 77068616dc49b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   27748
Md5:    638a4990025383a0f83ebf29bdb84a68
Sha1:   153e8818dc42f598e47fde8cf398f1447649a4d0
Sha256: 878e34b89800bb271d3588e526eb3598eb3822e263f3bdaf53645847d39d0ad6
                                        
                                            GET /ajax/libs/vue/2.6.10/vue.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.25.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 26 Nov 2022 23:49:59 GMT
content-length: 30769
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb0402c-16deb"
last-modified: Mon, 04 May 2020 16:17:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1390995
expires: Thu, 16 Nov 2023 23:49:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hoB%2BZO0pSFYYWzfbBxg41hG3UaC7XkQKvMA%2BhFhBEbsw83LAFAk7rout6zsjrP0YhIQFPpDF46Zvuv1JBhd8EIl4rx6Kc98FUJbBUUoye6uLsj%2BZIu8mwuqTfXBt1wY%2F32gSde%2Bq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 77068616ec56b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65449)
Size:   30769
Md5:    20eb0d013d0158a84ab33c104d1ffc05
Sha1:   be486bc183d1445430c2b2db8f19af09030d7c85
Sha256: 71abc6482d32546a080bd4de97f60ebb671e189f819a1a5a17cbe7e56fc1b008
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 23:49:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 23:49:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /npm/js-cookie@beta/dist/js.cookie.min.js HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.85.229
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 3.0.0-beta.4
x-jsd-version-type: version
etag: W/"5de-umxYiZHe1aDZ+J/AVp+cMSpsIxY"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 26 Nov 2022 23:49:59 GMT
age: 41905
x-served-by: cache-fra-eddf8230032-FRA, cache-bma1635-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 728
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1464)
Size:   728
Md5:    10e1d412a891140480ee59c17ec11661
Sha1:   5a5b3bb74ea7526a8fa4aa517313368eb1e45c0a
Sha256: 99297119d3c367af9e3a9ceb86ecc93db66993912ef0c4f8fa4154394c29744d
                                        
                                            GET /ajax/libs/popper.js/1.15.0/umd/popper.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.25.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 26 Nov 2022 23:49:59 GMT
content-length: 6680
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-52aa"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 5170286
expires: Thu, 16 Nov 2023 23:49:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2FP4Bk9Zxe%2Buuc%2FyMAOaW2rtOgBpH2hKFgf7bLBn%2BvX4hKKK9BTD0%2BK3Eb2oDiVBaNRpcUe2kYB77Oq%2Fjm11rjN6TkPCvhIagLUPAQm4nI9P9mY8GFjy5crSGS%2Fq5PyE61w4Vsn8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 770686174ccdb4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (20989)
Size:   6680
Md5:    12823d3177e37701ecf67f10fe002251
Sha1:   d9a4c13eb4557008f46b063948f2997a55c498e8
Sha256: a58e2e99f9569a968e240697a5ef755e73a677746f4fc5ba11cfea02260f13cd
                                        
                                            GET /watch-movie/harry-potter-and-the-prisoner-of-azkaban-19594.1613248 HTTP/1.1 
Host: www1.attacker.tv
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         172.67.138.111
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Sat, 26 Nov 2022 23:49:59 GMT
x-dns-prefetch-control: on
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff, nosniff
x-permitted-cross-domain-policies: none
x-xss-protection: 0, 1; mode=block
content-language: en
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VBnWApvlTggnWgixviDJJjRcKrsgIuHo9yaqdYE19ot4bAlTRbs3wl%2BAMJFFeAvQnBQs7klCGXjGh5NSJv%2B1V%2FixZwIowm5azZuWKPpfS5Bu1M1ln0xsIDCJRxH5mDBu4ciP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77068614d975b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (303), with CRLF, LF line terminators
Size:   20672
Md5:    b04c782178127ec7137212915be39d81
Sha1:   8ff0eb516daa85332056c760e6d5c1b587e72a4d
Sha256: 134d7920b5c8f192211ef87bcdb943fec4fbe1ca9fbb4fb1be9e5d2776413fb4
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1847
Cache-Control: max-age=162355
Date: Sat, 26 Nov 2022 23:49:59 GMT
Etag: "63827623-118"
Expires: Mon, 28 Nov 2022 20:55:54 GMT
Last-Modified: Sat, 26 Nov 2022 20:25:07 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /recaptcha/api.js?render=6LfV6aAaAAAAAC-irCKNuIS5Nf5ocl5r0K3Q0cdz HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.164
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
expires: Sat, 26 Nov 2022 23:49:59 GMT
date: Sat, 26 Nov 2022 23:49:59 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 582
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (884), with no line terminators
Size:   582
Md5:    3587791e852ebafd6e675e88e548e722
Sha1:   e01f8f3755de5039f27c30cb34f3a2bf5465a384
Sha256: 7f21960182e85daf52ae52607e9f4b4adf37ff92c67e97d782158dfa0a7be717
                                        
                                            GET /gtag/js?id=UA-149466866-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 26 Nov 2022 23:49:59 GMT
expires: Sat, 26 Nov 2022 23:49:59 GMT
cache-control: private, max-age=900
last-modified: Sat, 26 Nov 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43595
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1921)
Size:   43595
Md5:    6a7f54c58998200187d723cbd8bcae33
Sha1:   4a25bd601bff33e5c7e53a45e2b73acdd40632db
Sha256: 2fb0682fad6f1acbbef5cd8e1fce751aa379257f5f0fd52e5fbe45c4c4c51be0
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4341
Cache-Control: max-age=119858
Date: Sat, 26 Nov 2022 23:49:59 GMT
Etag: "6381c665-117"
Expires: Mon, 28 Nov 2022 09:07:37 GMT
Last-Modified: Sat, 26 Nov 2022 07:55:17 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 23:49:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "EB093FEB67FC9886982DC1E7DB9B6BE615FFA3B1"
Expires: Sun, 27 Nov 2022 10:00:00 GMT
Last-Modified: Sat, 26 Nov 2022 22:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2732
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77068617ba82b529-OSL


--- Additional Info ---
Magic:  data
Size:   1462
Md5:    abb2a2d66ba69a0f81fc23242e727f1b
Sha1:   4e79ed02d1650f8774e67a0899c21e475d90661b
Sha256: 9da9900fe2e5558f3e8e222c0b083355e59a67293ca80975d3df2b63f05b471e
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 23:49:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 23:49:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 23:49:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 23:49:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 23:08:54 GMT
cache-control: public,max-age=3600
age: 2465
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /css?family=Roboto:300,400,500,700 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 26 Nov 2022 23:49:59 GMT
date: Sat, 26 Nov 2022 23:49:59 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6267
Cache-Control: max-age=126079
Date: Sat, 26 Nov 2022 23:49:59 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 10:51:18 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wp11piqUw7AXjUzzToxlvA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         35.165.41.15
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dgbM26oEMUhrBaCkykvYAHN4DLY=

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 23:50:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 23:50:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www1.attacker.tv
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:53:49 GMT
expires: Thu, 23 Nov 2023 18:53:49 GMT
cache-control: public, max-age=31536000
age: 276971
last-modified: Wed, 11 May 2022 19:24:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size:   15860
Md5:    e9f5aaf547f165386cd313b995dddd8e
Sha1:   acdef5603c2387b0e5bffd744b679a24a8bc1968
Sha256: f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 23:50:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 23:50:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www1.attacker.tv
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:08 GMT
expires: Thu, 23 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 274552
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www1.attacker.tv
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:21 GMT
expires: Thu, 23 Nov 2023 19:34:21 GMT
cache-control: public, max-age=31536000
age: 274539
last-modified: Wed, 11 May 2022 19:24:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size:   15740
Md5:    b9c29351c46f3e8c8631c4002457f48a
Sha1:   e57e59c5780995ff2937ab2b511a769212974a87
Sha256: f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www1.attacker.tv
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 14:07:32 GMT
expires: Thu, 23 Nov 2023 14:07:32 GMT
cache-control: public, max-age=31536000
age: 294148
last-modified: Wed, 11 May 2022 19:24:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size:   15920
Md5:    3a44e06eb954b96aa043227f3534189d
Sha1:   23cef6993ddb2b2979e8e7647fc3763694e2ba7d
Sha256: b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 23:50:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /js/300/addthis_widget.js HTTP/1.1 
Host: s7.addthis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.38.200.123
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx/1.15.8
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: "5f971164-5834c"
cache-control: public, max-age=600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 116388
date: Sat, 26 Nov 2022 23:50:00 GMT
vary: Accept-Encoding
x-distribution: 99
x-host: s7.addthis.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   185623
Md5:    7dacde0b07e06d47e3af767408a9c494
Sha1:   c81296d47c7b936287e3aa4458cf9d3e6d6db7e0
Sha256: 5c3fe667ea97357ef514a136d8abade47e2cd30a376e08bdfc66355696b69636
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5766
Cache-Control: max-age=102525
Date: Sat, 26 Nov 2022 23:50:00 GMT
Etag: "63817d1f-1d7"
Expires: Mon, 28 Nov 2022 04:18:45 GMT
Last-Modified: Sat, 26 Nov 2022 02:42:39 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /vi_VN/sdk.js HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www1.attacker.tv
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         31.13.72.12
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: be48c04ecef137f4fe096c4ab02542ca
etag: "2e67884b02dcafa35c5d2dd62c3f1fc2"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sat, 26 Nov 2022 23:59:20 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: UXPSayOZenfozluAj4lXVQ==
x-fb-debug: lKJNBsJ3CczyJB9ZXHNig6RDvADPA/pSdc7aAceqLqswdp7sIKMbbwvusqnBEawMtTXRFxqRDYMKcx4w3iSePg==
priority: u=3,i
content-length: 1685
x-fb-trip-id: 1904183273
date: Sat, 26 Nov 2022 23:50:00 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1957)
Size:   1685
Md5:    5173d26b23997a77e8ce5b808f895755
Sha1:   3011132e9973eb89aebbc09b86ebcb3ed43f4cd1
Sha256: fdb34bd8e8244f162cb82918e889bc30a4cfec8355323a7abf7f5947b045e55b
                                        
                                            GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www1.attacker.tv
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 21:26:04 GMT
expires: Sun, 26 Nov 2023 21:26:04 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
age: 8636
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (730)
Size:   162976
Md5:    79d18cf4265108d7cecca1bf4ada6109
Sha1:   e51d0285a545381d4c39e9e0292a650ffeeecbb9
Sha256: 59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5766
Cache-Control: max-age=102525
Date: Sat, 26 Nov 2022 23:50:00 GMT
Etag: "63817d1f-1d7"
Expires: Mon, 28 Nov 2022 04:18:45 GMT
Last-Modified: Sat, 26 Nov 2022 02:42:39 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2732
Cache-Control: max-age=119664
Date: Sat, 26 Nov 2022 23:50:00 GMT
Etag: "6381cbec-118"
Expires: Mon, 28 Nov 2022 09:04:24 GMT
Last-Modified: Sat, 26 Nov 2022 08:18:52 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /script/compatibility.js HTTP/1.1 
Host: asccdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.48.91
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sat, 26 Nov 2022 23:50:00 GMT
x-guploader-uploadid: ADPycdvlhDYanHECByaSza43raCvmpFPU8fiCV7OLEX_q4EIweZAHwBoezGh7KYmWphViGMHxR6yJfcHC_HKodp5ba6Xmg
x-goog-generation: 1655802523449377
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 14461
x-goog-hash: crc32c=COVK0Q==, md5=lGu5GSoU5trQNansgXjwcw==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
expires: Sun, 27 Nov 2022 00:10:15 GMT
cache-control: public, max-age=14400
last-modified: Tue, 21 Jun 2022 09:08:43 GMT
etag: W/"946bb9192a14e6dad035a9ec8178f073"
age: 2012
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L%2Fv1pnS73F8IU3mHiFXwHQ8alKKgUzDhbQuXp1QVLiVDQzXm%2FmoSkOQ5q%2F0o%2BnW1TX2oHiXgLhZipC4jjjeD3po%2B%2F7DelV%2BNIEDXXTjPxH9E6QSjDlH9%2FDeINQ7%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7706861c1b1afab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (14461), with no line terminators
Size:   91995
Md5:    a8d550510da9255f6a8b260e79c142ef
Sha1:   05c89cd8c42b4a852568fa9c7a770bd1f6a452f0
Sha256: 83fd7601a140043b535ed7ccf34143b2e220fc937192ceee15f8b02326da7148
                                        
                                            GET /addthismoatframe568911941483/moatframe.js HTTP/1.1 
Host: z.moatads.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.38.201.146
HTTP/2 200 OK
content-type: application/x-javascript
                                        
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
x-amz-request-id: 61EC92F13BB22DD4
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-length: 948
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=59579
date: Sat, 26 Nov 2022 23:50:00 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (523)
Size:   948
Md5:    f14b4e1f799b14f798a195f43cf58376
Sha1:   b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86
Sha256: 92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 26 Nov 2022 22:41:08 GMT
expires: Sun, 27 Nov 2022 00:41:08 GMT
cache-control: public, max-age=7200
age: 4133
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   20146
Md5:    1ade0f1548bd913b22a8454949ce6747
Sha1:   ebd24951648c88bd1335e33279a83e56f3b87a26
Sha256: 99261a50a1f22d81858951a26645e6739b8bf27a3c1ccddb85e2b152db1fc0bf
                                        
                                            GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 12:31:58 GMT
expires: Sun, 26 Nov 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 40683
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size:   15344
Md5:    5d4aeb4e5f5ef754e307d7ffaef688bd
Sha1:   06db651cdf354c64a7383ea9c77024ef4fb4cef8
Sha256: 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
                                        
                                            GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 21:46:16 GMT
expires: Fri, 24 Nov 2023 21:46:16 GMT
cache-control: public, max-age=31536000
age: 180225
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size:   15552
Md5:    285467176f7fe6bb6a9c6873b3dad2cc
Sha1:   ea04e4ff5142ddd69307c183def721a160e0a64e
Sha256: 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
                                        
                                            GET /static/sh.f48a1a04fe8dbf021b4cda1d.html HTTP/1.1 
Host: s7.addthis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.38.200.123
HTTP/2 200 OK
content-type: text/html
                                        
server: nginx/1.15.8
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Sat, 26 Nov 2022 23:50:01 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63757)
Size:   26421
Md5:    707317ccaabe08d32d1bd781754e6871
Sha1:   bb82dcd3e044c960e0861c2ce878f5504e628f78
Sha256: d0a164ece41c61aec26517fb645646f5ba91f72ea5448eff1ee6c393b7c53051
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BE524E069364F1231FF9F6F8A5CA6AE8AA4353BA95FA7913C30C13ED008AB8FD"
Last-Modified: Sat, 26 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9017
Expires: Sun, 27 Nov 2022 02:20:18 GMT
Date: Sat, 26 Nov 2022 23:50:01 GMT
Connection: keep-alive

                                        
                                            GET /gid.js HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www1.attacker.tv
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sat, 26 Nov 2022 23:50:01 GMT
content-length: 65
access-control-allow-origin: https://www1.attacker.tv
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=436f457ca73c4cb98806fac08e5dd88c; expires=Sun, 26 Nov 2023 23:50:01 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   65
Md5:    72b2b5a68d115e221abe097f953ead43
Sha1:   b6bb8f88dafc881b0eb48be0c624b49970612d64
Sha256: 8c8871c916e15a31682842fa1efcbcb56c1dd1e8d933e47654f621d97dba27dc
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2824
Cache-Control: max-age=157537
Date: Sat, 26 Nov 2022 23:50:01 GMT
Etag: "63825f82-117"
Expires: Mon, 28 Nov 2022 19:35:38 GMT
Last-Modified: Sat, 26 Nov 2022 18:48:34 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279


--- Additional Info ---
Magic:  data
Size:   37388
Md5:    a548e6f9ace414a341f61d3a35e4fdf5
Sha1:   a0c2ea8ce52ea8538f83fa06e8b7ba14fe0ea2b2
Sha256: c354226d009e6fa5ab3bd6b3d2147f71cf4f278966d6f048d983fb4422024c11
                                        
                                            GET /v4.0/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3db28c5f2e961e%26domain%3Dwww1.attacker.tv%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww1.attacker.tv%252Ff3be3a557d8bbb2%26relation%3Dparent.parent&container_width=1170&height=100&href=https%3A%2F%2Fwww1.attacker.tv%2Fwatch-movie%2Fharry-potter-and-the-prisoner-of-azkaban-19594.1613248&locale=vi_VN&numposts=10&sdk=joey&version=v4.0&width= HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         31.13.72.36
HTTP/2 200 OK
content-type: text/html;charset=utf-8
                                        
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: /GpvR3xH0xOeX+10emjLCICb3vzjnz9nq1p9mDEgGtbPZ2J6CgDVxDnI+IN0GENE06ZBO8vRBr3xWnxd/VGJmQ==
content-length: 0
date: Sat, 26 Nov 2022 23:50:01 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 23:50:01 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 12:52:19 GMT
Expires: Thu, 01 Dec 2022 12:52:18 GMT
Etag: "e975c9f5121852023ef22cbee9738cd8db575686"
Cache-Control: max-age=391936,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 770686218bebfac0-OSL

                                        
                                            POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1 
Host: fleraprt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 961
Origin: https://www1.attacker.tv
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.254
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Server: nginx/1.19.10
Date: Sat, 26 Nov 2022 23:50:02 GMT
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://www1.attacker.tv
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    adb4650bfc9d2a73d4dd69583b0ceb14
Sha1:   1ce399d6e936232aaf2192cd7903a279c5015f22
Sha256: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10811
Expires: Sun, 27 Nov 2022 02:50:12 GMT
Date: Sat, 26 Nov 2022 23:50:01 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10811
Expires: Sun, 27 Nov 2022 02:50:12 GMT
Date: Sat, 26 Nov 2022 23:50:01 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10811
Expires: Sun, 27 Nov 2022 02:50:12 GMT
Date: Sat, 26 Nov 2022 23:50:01 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10811
Expires: Sun, 27 Nov 2022 02:50:12 GMT
Date: Sat, 26 Nov 2022 23:50:01 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:37 GMT
age: 7104
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4803
Md5:    cc0a257323f882caff067adb86d906e4
Sha1:   cedf2f21be7cd366bd46055b62b5513db3011dfc
Sha256: c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4565b77f-3e3b-4410-b35b-b4e9a478ce4f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8145
x-amzn-requestid: ff37a7a0-ac51-4629-bb45-8983c4bcdd96
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFFCuFL4oAMFpRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637eb544-7644e0183e2abc225f5e0938;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 00:05:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0oFg5UqP5KArhT2955eVqJsGhcnVoe7Je9nf6yTA7BLSsMVT2mXXUA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 20:26:21 GMT
age: 12220
etag: "1021cf938f62cf18466e2ff4d55ce8c52c0f9cf6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8145
Md5:    cc51742200b699c93a6ede66c7997d2a
Sha1:   1021cf938f62cf18466e2ff4d55ce8c52c0f9cf6
Sha256: a7cc50883ac1a59fc14f0467551dec16cef3b033df599b23916427c5e42be1aa
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 23:50:01 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 19:53:32 GMT
Expires: Fri, 02 Dec 2022 19:53:31 GMT
Etag: "c00f8e4c79b23904862da82516da28b9495acc44"
Cache-Control: max-age=503609,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 770686223eea0b4d-OSL

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5099
x-amzn-requestid: 57648043-7820-453d-9549-0f743b6c2557
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4jFBvoAMFl1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-53b59d607b82c264180f469d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VsdLWuh4rCawI5V0YYGaHxEMl2YEVNgsbjfCwzDsrnCZhRK2FkCkVw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:41 GMT
age: 7100
etag: "f2129466436cbbdd58abe42a47fb7af19eba58e6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5099
Md5:    433875a1b1fef34e45f2d8ac344c07e3
Sha1:   f2129466436cbbdd58abe42a47fb7af19eba58e6
Sha256: ab1e7b46f3804640c7dd94d70c8c31ec2dfc3e2f0f015a8556d04d9d9089c450
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15290721-a62e-49b8-80c6-967680cff24f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6883
x-amzn-requestid: 9e3878c9-1817-427e-b121-969a8cbc7ad8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cL1ySF0tIAMFY4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638169a8-5143ffea77b70cf67ef60ad7;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 01:19:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: agN3iI99V_lKDGyKTEkZg_jgR8P6nrI53d-fXsHGHkQP55suaCC2xA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 05:30:06 GMT
age: 65995
etag: "590c34be54c9889eec4ff7993e070fda836f711f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6883
Md5:    f7f16c0f8a8e710210ce77c0e4c1c2a2
Sha1:   590c34be54c9889eec4ff7993e070fda836f711f
Sha256: 4224287ba765da59c877ac4f1dec65accc5bec934b7598d9cbbee669ba4ab12e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbfe38fd9-0497-4ec8-8f57-1ba100e73fcc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6859
x-amzn-requestid: 4a1b13ad-9455-401d-a914-c1ada2191977
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYTHRroAMFR8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-4e5d630b23cdeb2e4b6d75d1;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: D24B6xoLZ2nu1NdlMU5TgJSc-DfzD6vrMzgU3s6tAiAsUuzBb_t89Q==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 08:23:04 GMT
age: 55617
etag: "26b8dd82140c0db021048e11bff65a391dc6b444"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6859
Md5:    f80a9a9b55da31c98663e157dde74a19
Sha1:   26b8dd82140c0db021048e11bff65a391dc6b444
Sha256: 680c39e4ea1d784db9831958942a64f3e83618dc443c8bcaa34223d85bb5b926
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34752db1-0be8-4784-9fa0-41e828e40e06.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13049
x-amzn-requestid: 2755f206-af23-4597-b4b9-7dae5001d6be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cBsvpHDJoAMFhFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d5b30-600008f573bd7e0024585eb1;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 23:28:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z7Hy7zEJmW8khrRb_uNcDa3UATX8DaKsdis-wUJAXfOZN4BM-0JtvQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 01:46:48 GMT
age: 79393
etag: "3b0ec6a7188dadf986f72fda8110296d9abd6f35"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13049
Md5:    1db6041a0bdb2319ae85afcc30caaeec
Sha1:   3b0ec6a7188dadf986f72fda8110296d9abd6f35
Sha256: 05f1f9b7834e7268dc34e3233434217f58cb68ee43a403cd08d0bb0ab4f37815
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2824
Cache-Control: max-age=157537
Date: Sat, 26 Nov 2022 23:50:01 GMT
Etag: "63825f82-117"
Expires: Mon, 28 Nov 2022 19:35:38 GMT
Last-Modified: Sat, 26 Nov 2022 18:48:34 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279

                                        
                                            OPTIONS /500/3203398?excludes=&oaid=436f457ca73c4cb98806fac08e5dd88c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Fwww1.attacker.tv%2Fwatch-movie%2Fharry-potter-and-the-prisoner-of-azkaban-19594.1613248&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: inpagepush.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www1.attacker.tv/
Origin: https://www1.attacker.tv
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         139.45.197.237
HTTP/2 200 OK
                                        
server: nginx
date: Sat, 26 Nov 2022 23:50:01 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://www1.attacker.tv
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            GET /images/player-loading.svg HTTP/1.1 
Host: rabbitstream.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabbitstream.net/embed-4/aGA6gtB2OjEk?z=
Cookie: connect.sid=s%3ANHuw8Qaq22N-5qh-7j5Q-hwcH-XJtQ1v.ysXvCxxo0QnxZpuasttBvzqsul8RtiXEDo5%2BES6KliY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.21.91.139
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sat, 26 Nov 2022 23:50:01 GMT
x-dns-prefetch-control: on
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
cache-control: public, max-age=14400
last-modified: Wed, 21 Sep 2022 17:25:38 GMT
etag: W/"24d-18361156e72"
vary: Accept-Encoding
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tRq75cGwzlgJu7fe6m9%2BtWpD0bJncdM2PLCHVznHtK%2FH2LQZeG%2BiC9MTJdQLuSFReFK7BygvZEwUn1p8yRFKRlyLTxeGcU4umG9I53R7GvJGzeoZM734KqTFC2w%2Bvi7VsIPC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77068623ad5bb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Size:   1059
Md5:    660cb09ee86250aba63c4c4495ed88ef
Sha1:   19d39852d24792023a2d42d7839dc5b3e7da5bed
Sha256: 595a702b56ed28e1b252dcbdb5af18818daaa02febbe7faae64f353d8818fc49
                                        
                                            GET /www/images/2fed87d8d9131d075b72354b838c2d77.jpeg HTTP/1.1 
Host: offerimage.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.67.22.216
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sat, 26 Nov 2022 23:50:01 GMT
content-length: 10853
cache-control: max-age=86400
cf-bgj: h2pri
etag: "62b2c84c-2a65"
expires: Sun, 27 Nov 2022 09:13:33 GMT
last-modified: Wed, 22 Jun 2022 07:44:12 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 52588
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 770686250a82b524-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 192x192, components 3\012- data
Size:   10853
Md5:    2fed87d8d9131d075b72354b838c2d77
Sha1:   69624c46c1556c35c67e85724451cce20ad405ec
Sha256: 8adac582983620ad0421a1be7648f58c731feaf3de0bf027ebefe412505b01ed
                                        
                                            GET /css/embed.min.css?v=0.5 HTTP/1.1 
Host: rabbitstream.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabbitstream.net/embed-4/aGA6gtB2OjEk?z=
Cookie: connect.sid=s%3ANHuw8Qaq22N-5qh-7j5Q-hwcH-XJtQ1v.ysXvCxxo0QnxZpuasttBvzqsul8RtiXEDo5%2BES6KliY
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.21.91.139
HTTP/2 200 OK
content-type: text/css; charset=UTF-8
                                        
date: Sat, 26 Nov 2022 23:50:01 GMT
x-dns-prefetch-control: on
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
cache-control: public, max-age=14400
last-modified: Sun, 09 Oct 2022 09:24:35 GMT
etag: W/"1fa5e-183bc0f7e79"
vary: Accept-Encoding
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n8D%2B2agvct2R2F%2FQHL3HVq9rWHZwkem7df5AenYKjTOOqI7ZZxNfekO33By1o9CXmFMq5nzYEWohfKQpd2iEedmMabWXOfqY6y2K9JnWYD%2BBAysGiCjXSlKHteOH7tkKudmf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77068623ad59b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65371)
Size:   100669
Md5:    563b6cdf32f471580d5d4ba6b57b1db5
Sha1:   c871149f8a0f19711d94b0f583cc8057793fef39
Sha256: ec798d7b58e42637d1de36fb37a8751cd25123e1536a084b3b71887312f2fe74
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 23:50:01 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 19:53:32 GMT
Expires: Fri, 02 Dec 2022 19:53:31 GMT
Etag: "c00f8e4c79b23904862da82516da28b9495acc44"
Cache-Control: max-age=503609,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 770686253d8bfac0-OSL

                                        
                                            GET /live/red_lojson/300lo.json?si=6382a6287f4bbda5&bkl=0&bl=1&pdt=504&sid=6382a6287f4bbda5&pub=ra-5da59293a14f83e9&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www1.attacker.tv&fp=watch-movie%2Fharry-potter-and-the-prisoner-of-azkaban-19594.1613248&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=free%20Harry%20Potter%20and%20the%20Prisoner%20of%20Azkaban%20watch%2Cwatch%20Harry%20Potter%20and%20the%20Prisoner%20of%20Azkaban%202004%20free%2Cdownload%20Harry%20Potter%20and%20the%20Prisoner%20of%20Azkaban%20free&colc=1669506601012&jsl=129&uvs=6382a6287f28a2e2000&skipb=1&callback=addthis.cbs.jsonp__59966959887497760 HTTP/1.1 
Host: m.addthis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.38.200.123
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
                                        
content-length: 89
cache-control: max-age=0, no-cache, no-store, no-transform
pragma: no-cache
content-disposition: attachment; filename=1.txt
date: Sat, 26 Nov 2022 23:50:02 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   89
Md5:    248881773854145c381b7d985f894445
Sha1:   2d53f87fd5b848389b0e19e6194302b50eb917a3
Sha256: dae4529bd035f645360462de204f2cfb375d2125af015a15b3ed474658fccee7
                                        
                                            GET /500/3203398?excludes=&oaid=436f457ca73c4cb98806fac08e5dd88c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Fwww1.attacker.tv%2Fwatch-movie%2Fharry-potter-and-the-prisoner-of-azkaban-19594.1613248&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: inpagepush.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://www1.attacker.tv
Connection: keep-alive
Referer: https://www1.attacker.tv/
Cookie: OAID=7f9f6ddb5a4e49bb84376f47be2893bf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         139.45.197.237
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sat, 26 Nov 2022 23:50:01 GMT
x-trace-id: 92316ae7b798bc208968764033b4f1e7
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://www1.attacker.tv
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=436f457ca73c4cb98806fac08e5dd88c; expires=Sun, 26 Nov 2023 23:50:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with very long lines (1826), with no line terminators
Size:   1416
Md5:    6987c5e64507d8383ba2bd2d51b9d3d8
Sha1:   c9d6f9be89a46500a4193ece7df7be521cfcf84e
Sha256: da2a0d66cafa6af6b2d7f0a7221f63e1d50bb423cf1de0321753462c06ad26f1
                                        
                                            POST /url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fattacker.tv%2Fwatch-movie%2Fharry-potter-and-the-prisoner-of-azkaban-19594.1613248 HTTP/1.1 
Host: api-public.addthis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Origin: https://www1.attacker.tv
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

search
                                         23.38.200.123
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx/1.15.8
content-length: 2
cache-control: no-transform, max-age=0, s-maxage=14400
surrogate-key: sFbt=https://attacker.tv/watch-movie/harry-potter-and-the-prisoner-of-azkaban-19594.1613248
last-modified: Sat, 26 Nov 2022 23:00:00 GMT
access-control-allow-origin: https://www1.attacker.tv
access-control-allow-credentials: true
strict-transport-security: max-age=15724800; includeSubDomains
date: Sat, 26 Nov 2022 23:50:02 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   2
Md5:    99914b932bd37a50b983c5e7c90ae93b
Sha1:   bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
Sha256: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
                                        
                                            GET /url/shares.json?url=http%3A%2F%2Fattacker.tv%2Fwatch-movie%2Fharry-potter-and-the-prisoner-of-azkaban-19594.1613248&callback=_ate.cbs.rcb_hy0h0 HTTP/1.1 
Host: api-public.addthis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.38.200.123
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx/1.15.8
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
surrogate-key: attacker.tv/watch-movie/harry-potter-and-the-prisoner-of-azkaban-19594.1613248
last-modified: Sat, 26 Nov 2022 23:50:02 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 54
date: Sat, 26 Nov 2022 23:50:02 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2

                                        
                                            GET /url/shares.json?url=https%3A%2F%2Fattacker.tv%2Fwatch-movie%2Fharry-potter-and-the-prisoner-of-azkaban-19594.1613248&callback=_ate.cbs.rcb_85ei0 HTTP/1.1 
Host: api-public.addthis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.38.200.123
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx/1.15.8
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
surrogate-key: attacker.tv/watch-movie/harry-potter-and-the-prisoner-of-azkaban-19594.1613248
last-modified: Sat, 26 Nov 2022 23:50:02 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 54
date: Sat, 26 Nov 2022 23:50:02 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   54
Md5:    660da2a5bd3559d3a5cd1f4d6b5994ec
Sha1:   f529862ee5f7b628cecf857764997289431ba373
Sha256: 29ecfe78d908e8f0df42ee97a61614f13fe0e68d9054a26ca2dc3c317aec04a9
                                        
                                            GET /player/v/8.24.0/jwpsrv.js HTTP/1.1 
Host: ssl.p.jwpcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabbitstream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.86.114
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: max-age=900, immutable
last-modified: Fri, 29 Jul 2022 17:51:17 GMT
etag: "662d21d9cc48caa9758882be57e10e92"
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 26 Nov 2022 23:50:02 GMT
via: 1.1 varnish
age: 752
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 44
x-timer: S1669506602.412066,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 18857
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (63039)
Size:   18857
Md5:    47c80e5e949f9c51cea9f3f4eb3411c8
Sha1:   ea848020d7f54579af52ebd5e5f6922b98cc2512
Sha256: 6455d2bb063d9fde3276b77cb3e6e886c9b2a87dfc1bf16365d0cd3e8c1d131d
                                        
                                            GET /player/v/8.24.0/jwplayer.core.controls.js HTTP/1.1 
Host: ssl.p.jwpcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabbitstream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.86.114
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: max-age=31536000, immutable
last-modified: Wed, 15 Dec 2021 01:03:59 GMT
etag: "8d83cd6719fd11dfc5dae660af42c7c0"
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 26 Nov 2022 23:50:02 GMT
via: 1.1 varnish
age: 29915014
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 12626
x-timer: S1669506602.416643,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 80433
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65135)
Size:   80433
Md5:    7fd47fac557d413714608ee8253723a7
Sha1:   b66ad823206509f7428e680fd859a2d327765bb7
Sha256: d6be9b17c49b1a31639796b44f534d9becdfe5ac7ac3c0069217e51a6775fcec
                                        
                                            GET /script/suurl.php?r=3303339&cbrandom=0.5453819620682706&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=Harry%20Potter%20and%20the%20Prisoner%20of%20Azkaban%20Full%20Movies%20on%20Attacker.tv&cbref=&cbdescription=Harry%20Potter%20and%20the%20Prisoner%20of%20Azkaban%202004%20stream%20in%20full%20HD%20online%2C%20with%20English%20subtitle%2C%20Free%20to%20play&cbkeywords=free%20Harry%20Potter%20and%20the%20Prisoner%20of%20Azkaban%20watch%2C%20watch%20Harry%20Potter%20and%20the%20Prisoner%20of%20Azkaban%202004%20free%2C%20download%20Harry%20Potter%20and%20the%20Prisoner%20of%20Azkaban%20free%2C%20full%20Harry%20Potter%20and%20the%20Prisoner%20of%20Azkaban%20online%2C%20Harry%20Potter%20and%20the%20Prisoner%20of%20Azkaban&cbcdn=asccdn.com HTTP/1.1 
Host: onclickgenius.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         35.190.71.96
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: openresty
date: Sat, 26 Nov 2022 23:50:01 GMT
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /embed-4/aGA6gtB2OjEk?z= HTTP/1.1 
Host: rabbitstream.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         104.21.91.139
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Sat, 26 Nov 2022 23:50:01 GMT
x-dns-prefetch-control: on
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
set-cookie: connect.sid=s%3ANHuw8Qaq22N-5qh-7j5Q-hwcH-XJtQ1v.ysXvCxxo0QnxZpuasttBvzqsul8RtiXEDo5%2BES6KliY; Path=/; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sOoN6s3nw%2F5CObcbuuVTad8zbkM2x1kLPS82pGXBizZguhnT7Gkh2mAQo3XEc6RvbYdM0Xla8I7GTQ3VpgivdYXrKgxWQVysfejTNld1KgiDU559T5d5VYGkRIHsQt4yb5Lu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77068622cc5fb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /stattag.js HTTP/1.1 
Host: tzegilo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.84.149
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sat, 26 Nov 2022 23:50:00 GMT
last-modified: Wed, 23 Nov 2022 15:07:42 GMT
etag: W/"637e373e-32a6"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5660
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bxl18IqP91BHyp71N%2Fb4eXf8JOVqftvZxOCNsRrKJtfS1fPK9MNYmkXi9LC4EONyWhltOnJfgc%2BpPpS4SYPK%2BBd64YtRiaDtRVFdo57S0v1nNseZYqVU0nLmI1RO0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7706861d79c0b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /player/v/8.24.0/provider.hlsjs.js HTTP/1.1 
Host: ssl.p.jwpcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabbitstream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.86.114
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: max-age=31536000, immutable
last-modified: Wed, 15 Dec 2021 01:04:02 GMT
etag: "8da114839937e49d7dd29e337a3ea236"
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 26 Nov 2022 23:50:02 GMT
via: 1.1 varnish
age: 29915011
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 12947
x-timer: S1669506602.433422,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 115802
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /v1/urls/count.json?url=https%3A%2F%2Fattacker.tv%2Fwatch-movie%2Fharry-potter-and-the-prisoner-of-azkaban-19594.1613248&callback=window._ate.cbs.rcb_euad0 HTTP/1.1 
Host: widgets.pinterest.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.84.84
HTTP/2 200 OK
content-type: application/javascript
                                        
x-content-type-options: nosniff
access-control-allow-origin: *
cache-control: must-revalidate, max-age=887
expires: Sun, 27 Nov 2022 00:05:02 GMT
x-envoy-upstream-service-time: 1
x-pinterest-rid: 1623890258587716
date: Sat, 26 Nov 2022 23:50:02 GMT
age: 0
content-encoding: br
vary: accept-encoding
accept-ranges: none
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /v1/urls/count.json?url=http%3A%2F%2Fattacker.tv%2Fwatch-movie%2Fharry-potter-and-the-prisoner-of-azkaban-19594.1613248&callback=window._ate.cbs.rcb_ei5y0 HTTP/1.1 
Host: widgets.pinterest.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.84.84
HTTP/2 200 OK
content-type: application/javascript
                                        
x-content-type-options: nosniff
access-control-allow-origin: *
cache-control: must-revalidate, max-age=887
expires: Sun, 27 Nov 2022 00:05:02 GMT
x-envoy-upstream-service-time: 1
x-pinterest-rid: 8382664811164739
date: Sat, 26 Nov 2022 23:50:02 GMT
age: 0
content-encoding: br
vary: accept-encoding
accept-ranges: none
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sdks/OneSignalSDK.js HTTP/1.1 
Host: cdn.onesignal.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.18.226.52
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sat, 26 Nov 2022 23:49:59 GMT
etag: W/"ae63ef8ff03da61fffaa7f165729897a"
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 2276
expires: Tue, 29 Nov 2022 23:49:59 GMT
cache-control: public, max-age=259200
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 770686174cd6b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /400/3203398 HTTP/1.1 
Host: inpagepush.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.attacker.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         139.45.197.237
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sat, 26 Nov 2022 23:49:59 GMT
x-trace-id: 407a4fa06d1b179f6e2479f2e31a8f69
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=7f9f6ddb5a4e49bb84376f47be2893bf; expires=Sun, 26 Nov 2023 23:49:59 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/player/prod/e4-player.min.js?v=1669503731 HTTP/1.1 
Host: rabbitstream.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabbitstream.net/embed-4/aGA6gtB2OjEk?z=
Cookie: connect.sid=s%3ANHuw8Qaq22N-5qh-7j5Q-hwcH-XJtQ1v.ysXvCxxo0QnxZpuasttBvzqsul8RtiXEDo5%2BES6KliY
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.21.91.139
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Sat, 26 Nov 2022 23:50:01 GMT
x-dns-prefetch-control: on
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
cache-control: public, max-age=14400
last-modified: Sat, 26 Nov 2022 23:02:44 GMT
etag: W/"d5af0-184b62dc6d9"
vary: Accept-Encoding
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZSh3JsKtWej7vXH1%2FiqCOhWesIKD2ukKLvCcvYiR4vI09vFHD3azzRL4cKawdmXetO8f%2Fv3wV5NdOGKUtjKgDDCKBPg4zf%2Fi0bvu%2BjixoIgyt3QMCjax3Nu94UP7YWo1C5ue"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77068623ad5cb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---