Overview

URL www110.zippyshare.com/d/tzq4tpu5/30517/l3050ecc-nosware.com.rar
IP46.166.139.231
ASNNForce Entertainment B.V.
Location Netherlands
Report completed2022-06-24 07:25:56 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2022-06-24 2 encloseddealing.com/1d/35/84/1d3584ff950f38d5b2e10bc2994be620.js Malware
2022-06-24 2 d24ak3f2b.top/advertisers.js Malware
2022-06-24 2 cdn.barscreative1.com/sb/notifications/vpn/default/us/mac/black/2/index.html Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS
Added / Verified Severity Host Comment
2022-06-24 2 encloseddealing.com Sinkholed
2022-06-24 2 captiongodfather.com Sinkholed
2022-06-24 2 d24ak3f2b.top Sinkholed
2022-06-24 2 unseenreport.com Sinkholed
2022-06-24 2 unseenreport.com Sinkholed
2022-06-24 2 abateall.com Sinkholed


Files

No files detected



Passive DNS (28)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
[Mnemonic Passive DNS] ocsp.pki.goog (2) 175 2017-06-14 07:23:31 UTC 2022-06-24 05:00:03 UTC 142.250.74.3
[Mnemonic Passive DNS] abateall.com (1) 0 No data No data 192.243.61.225 Unknown ranking
[Mnemonic Passive DNS] cdn.barscreative1.com (1) 25648 No data No data 172.67.205.72
[Mnemonic Passive DNS] ocsp.digicert.com (2) 86 2012-11-29 12:49:49 UTC 2022-06-24 05:56:55 UTC 93.184.220.29
[Mnemonic Passive DNS] historiousmor.xyz (3) 0 No data No data 44.195.137.121 Unknown ranking
[Mnemonic Passive DNS] d24ak3f2b.top (1) 105412 No data No data 142.0.197.108
[Mnemonic Passive DNS] img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-06-24 04:59:01 UTC 34.120.237.76
[Mnemonic Passive DNS] cdn.cloudimagesb.com (1) 23099 2021-02-12 16:15:41 UTC 2022-06-24 06:16:47 UTC 45.133.44.9
[Mnemonic Passive DNS] ocsp.sectigo.com (5) 487 2018-12-17 11:31:55 UTC 2022-06-24 05:47:35 UTC 104.18.32.68
[Mnemonic Passive DNS] ocsp.sca1b.amazontrust.com (1) 1015 No data No data 54.230.245.39
[Mnemonic Passive DNS] r3.o.lencr.org (13) 344 2020-12-02 08:52:13 UTC 2022-06-24 04:59:03 UTC 23.36.77.32
[Mnemonic Passive DNS] ds88pc0kw6cvc.cloudfront.net (2) 0 No data No data 54.230.245.114 Unknown ranking
[Mnemonic Passive DNS] simplewebanalysis.com (1) 0 No data No data 52.29.132.48 Unknown ranking
[Mnemonic Passive DNS] ghableleader.xyz (4) 0 No data No data 54.230.111.94 Unknown ranking
[Mnemonic Passive DNS] unseenreport.com (2) 0 No data No data 192.243.59.13 Unknown ranking
[Mnemonic Passive DNS] firefox.settings.services.mozilla.com (2) 867 2016-03-17 08:25:01 UTC 2020-05-25 20:01:47 UTC 54.230.111.118
[Mnemonic Passive DNS] content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-06-24 05:05:58 UTC 54.230.111.99
[Mnemonic Passive DNS] ocsp2.globalsign.com (1) 1544 2012-05-21 07:12:19 UTC 2022-06-24 05:12:44 UTC 104.18.21.226
[Mnemonic Passive DNS] encloseddealing.com (1) 0 No data No data 192.243.59.20 Unknown ranking
[Mnemonic Passive DNS] push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-06-24 05:17:04 UTC 44.238.171.181
[Mnemonic Passive DNS] contile.services.mozilla.com (1) 1114 No data No data 34.117.237.239
[Mnemonic Passive DNS] d10lumateci472.cloudfront.net (2) 0 No data No data 54.230.245.149 Unknown ranking
[Mnemonic Passive DNS] delayeddisembroildisembroil.com (4) 0 No data No data 192.243.61.225 Unknown ranking
[Mnemonic Passive DNS] e1.o.lencr.org (6) 6159 2021-08-20 07:36:30 UTC 2022-06-24 05:38:32 UTC 23.36.76.226
[Mnemonic Passive DNS] aphycolourses.info (1) 121151 No data No data 44.195.137.121
[Mnemonic Passive DNS] cdn.sb4you1.com (3) 22321 No data No data 172.67.183.56
[Mnemonic Passive DNS] www110.zippyshare.com (10) 0 No data No data 46.166.139.231 Domain (zippyshare.com) ranked at: 41031
[Mnemonic Passive DNS] captiongodfather.com (1) 0 No data No data 192.243.59.12 Unknown ranking


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 46.166.139.231

Date UQ / IDS / BL URL IP
2022-06-26 16:17:44 +0000
0 - 0 - 4 www110.zippyshare.com/d/tzq4tpu5/7320/l3050ec (...) 46.166.139.231
2022-06-26 16:17:33 +0000
0 - 0 - 3 www110.zippyshare.com/d/tzq4tpu5/8683/l3050ec (...) 46.166.139.231
2022-06-24 08:02:11 +0000
0 - 0 - 8 www110.zippyshare.com/d/tzq4tpu5/17103/l3050e (...) 46.166.139.231
2022-06-17 19:40:33 +0000
0 - 0 - 9 https://www110.zippyshare.com/d/2HPetcoH/3583 (...) 46.166.139.231
2022-06-17 02:22:35 +0000
0 - 0 - 4 www109.zippyshare.com/d/oc6swaoi/16487/revo.u (...) 46.166.139.231
2022-06-17 02:22:17 +0000
0 - 0 - 12 www109.zippyshare.com/d/oc6swaoi/8755/revo.un (...) 46.166.139.231
2022-06-12 13:32:02 +0000
0 - 0 - 12 https://www110.zippyshare.com/d/YZENOK7Q/1825 (...) 46.166.139.231
2022-06-10 15:53:19 +0000
0 - 0 - 7 www109.zippyshare.com/d/oc6swaoi/37047/revo.u (...) 46.166.139.231
2018-12-15 12:56:12 +0100
0 - 0 - 1 https://www110.zippyshare.com/d/u2mtbtGA/841/ (...) 46.166.139.231
2017-09-05 18:40:13 +0200
0 - 0 - 0 www109.zippyshare.com/v/5BA45I0d/file.html 46.166.139.231

Last 10 reports on ASN: NForce Entertainment B.V.

Date UQ / IDS / BL URL IP
2022-08-19 16:52:08 +0000
0 - 0 - 4 major.wrengostic.com/ 185.107.56.57
2022-08-19 16:51:22 +0000
0 - 0 - 3 buy.wrengostic.com/ 185.107.56.57
2022-08-19 15:50:15 +0000
0 - 0 - 5 edge.wrengostic.com/ 185.107.56.57
2022-08-19 13:21:56 +0000
0 - 0 - 7 boletosimple.com.ar/ 77.247.179.88
2022-08-18 12:23:59 +0000
0 - 0 - 3 how.wrengostic.com/ 185.107.56.58
2022-08-18 06:15:23 +0000
4 - 0 - 3 from.hammerhandz.com/ 185.107.56.58
2022-08-18 01:18:56 +0000
0 - 0 - 1 use.wrengostic.com/ 185.107.56.57
2022-08-18 00:49:35 +0000
4 - 0 - 3 rp.seroteforoh.com/?pcrc=867485255&v=2.0 77.247.179.88
2022-08-17 17:47:08 +0000
3 - 0 - 3 ihaveachargefromapple.com/ 77.247.182.245
2022-08-17 07:53:58 +0000
0 - 0 - 1 141.98.6.236/newz2k/Ivnut-Z2K-4.exe 141.98.6.236

No other reports on domain: zippyshare.com



JavaScript

Executed Scripts (18)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (79)


Request Response
                                        
                                            GET /d/tzq4tpu5/30517/l3050ecc-nosware.com.rar HTTP/1.1 
Host: www110.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         46.166.139.231
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Fri, 24 Jun 2022 07:25:39 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: JSESSIONID=0EC4DF3F698763D40C7D809F17E5287E; Path=/; HttpOnly
Location: http://www110.zippyshare.com/v/tzq4tpu5/file.html

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "22A7AFFA696C3188DD074DEB68A2EC519EA227AC839D0238C9F82660B9E14D6A"
Last-Modified: Tue, 21 Jun 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8764
Expires: Fri, 24 Jun 2022 09:51:44 GMT
Date: Fri, 24 Jun 2022 07:25:40 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.118
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 24 Jun 2022 06:44:25 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: oZkLU1hLcg2wSnOIC1WO7NE_dZconVY8rNYV6okLHkkp2R17RD03rg==
Age: 2475


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-06-30-19-51-38.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.99
HTTP/2 200 OK
                                        
content-type: binary/octet-stream
content-length: 5348
last-modified: Wed, 11 May 2022 19:51:39 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 24 Jun 2022 02:10:52 GMT
etag: "48ca0beea419a9039591cf1aee5179e0"
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: o3dUKyZaYsyANckGCS_thZweeqgd8gsSJ3HqEAt0nQPHh7KiyOUHuw==
age: 18889
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    48ca0beea419a9039591cf1aee5179e0
Sha1:   9e92629f505fcc07aab51221e8fe62197a23e307
Sha256: 630a5f110337b4a4876aa85c21107d9e8f2550bcc60f023a4777d895b17399fd
                                        
                                            GET /v/tzq4tpu5/file.html HTTP/1.1 
Host: www110.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: JSESSIONID=0EC4DF3F698763D40C7D809F17E5287E
Upgrade-Insecure-Requests: 1

                                         
                                         46.166.139.231
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 24 Jun 2022 07:25:40 GMT
Content-Length: 178
Connection: keep-alive
Location: https://www110.zippyshare.com/v/tzq4tpu5/file.html


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   178
Md5:    cd2e0e43980a00fb6a2742d3afd803b8
Sha1:   81ffbd1712afe8cdf138b570c0fc9934742c33c1
Sha256: bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 24 Jun 2022 07:25:40 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST /gsalphasha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 24 Jun 2022 07:25:40 GMT
Content-Length: 1423
Connection: keep-alive
Expires: Tue, 28 Jun 2022 04:45:36 GMT
ETag: "f291b6ac431f7304699f19f17d8c7f7d854946b0"
Last-Modified: Fri, 24 Jun 2022 04:45:36 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1183
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7203bb17fed31c12-OSL


--- Additional Info ---
Magic:  data
Size:   1423
Md5:    f00001a26a1684d5a079f93d7e20d802
Sha1:   f291b6ac431f7304699f19f17d8c7f7d854946b0
Sha256: 3775a216c3aba4575d1d105d981b1d8ad82108c2973a473735b9489987fefedb
                                        
                                            GET /v/tzq4tpu5/file.html HTTP/1.1 
Host: www110.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: zippyadb=0; zippop=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Server: nginx
Date: Fri, 24 Jun 2022 07:25:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: JSESSIONID=8D62F9382FDC54C89FD19D61F2A2B504; Path=/; HttpOnly zippop=2; Domain=.zippyshare.com; Expires=Fri, 24-Jun-2022 19:25:40 GMT; Path=/
Content-Language: en
Expires: Fri, 24 Jun 2022 07:25:39 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (41981), with CRLF, CR, LF line terminators
Size:   39520
Md5:    242230ebbadf1c55292bdca67aa35823
Sha1:   e2a3ea0449f7dceb7697311a15a306f25efae335
Sha256: 338d1e29072509b7e22d2e55f4fd70c30e20b2dcf2b05e6dad878ad5277fcf5b
                                        
                                            GET /wro/viewjs-9c29d4e653e865831dc028fdac7e7dfff3be049e.css HTTP/1.1 
Host: www110.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/v/tzq4tpu5/file.html
Cookie: zippyadb=0; zippop=2; JSESSIONID=8D62F9382FDC54C89FD19D61F2A2B504
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Fri, 24 Jun 2022 07:25:40 GMT
Content-Length: 66707
Connection: keep-alive
Cache-Control: public, max-age=259200000
Expires: Tue, 10 Sep 2030 07:25:40 GMT
Accept-Ranges: bytes
ETag: W/"207098-1654675203000"
Last-Modified: Wed, 08 Jun 2022 08:00:03 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text, with very long lines (38971)
Size:   66707
Md5:    7e0e3e48bd85cdf4041d04d6d265622a
Sha1:   06bd818fbba909a62546da78470bc01fd813076e
Sha256: b6f4ece3f288037b58e9803601d45e812775c0140f09d7860574f6c56781ec1c
                                        
                                            GET /ads.js HTTP/1.1 
Host: www110.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/v/tzq4tpu5/file.html
Cookie: zippyadb=0; zippop=2; JSESSIONID=8D62F9382FDC54C89FD19D61F2A2B504
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Fri, 24 Jun 2022 07:25:40 GMT
Content-Length: 138
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"157-1654675202000"
Last-Modified: Wed, 08 Jun 2022 08:00:02 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text
Size:   138
Md5:    80ce0db0d04307c0a7e7bfbe492e329d
Sha1:   f8efbdda6799a957baa59e907d466dbc3fd7be90
Sha256: da32bd619e9f9cf48c390020230b751333e2a402fce01635102f340a39f88113
                                        
                                            GET /sw.js HTTP/1.1 
Host: www110.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/v/tzq4tpu5/file.html
Cookie: zippyadb=0; zippop=2; JSESSIONID=8D62F9382FDC54C89FD19D61F2A2B504
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Fri, 24 Jun 2022 07:25:40 GMT
Content-Length: 36755
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"95651-1654675203000"
Last-Modified: Wed, 08 Jun 2022 08:00:03 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   36755
Md5:    9f3eb972e27d96787df56867ba104e59
Sha1:   e266af1162c320a8366da4487c3698c0db0ca354
Sha256: 5750d3ef81845bcf96250e0b2e66d4b21aec5ed0144822ca14a9491f70392ae3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 24 Jun 2022 07:25:40 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 24 Jun 2022 05:03:55 GMT
Expires: Fri, 01 Jul 2022 05:03:55 GMT
ETag: 01A43A962E09DA3F9D837207EEB01B7E915E37A4
Cache-Control: max-age=595694,s-maxage=1800,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp13
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7203bb19d9580afa-OSL

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 24 Jun 2022 07:25:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wro/viewjs-5c4b087e763baf82dfed5e75dc71d50f709ecb00.js HTTP/1.1 
Host: www110.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/v/tzq4tpu5/file.html
Cookie: zippyadb=0; zippop=2; JSESSIONID=8D62F9382FDC54C89FD19D61F2A2B504
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Fri, 24 Jun 2022 07:25:40 GMT
Content-Length: 147861
Connection: keep-alive
Cache-Control: public, max-age=259200000
Expires: Tue, 10 Sep 2030 07:25:40 GMT
Accept-Ranges: bytes
ETag: W/"478725-1654675203000"
Last-Modified: Wed, 08 Jun 2022 08:00:03 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text, with very long lines (65535)
Size:   147861
Md5:    1dd393cf506e088f2a0b45a37beabda7
Sha1:   384796f00e05bce54b4bcae1f2dd4e5d0c5c478a
Sha256: c9420067db3629caab61a3e5983ef9b303d24913f01c2a3307ee0e392cc87616
                                        
                                            GET /?kcpsd=843055 HTTP/1.1 
Host: ds88pc0kw6cvc.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.245.114
HTTP/2 200 OK
                                        
content-length: 49642
date: Fri, 24 Jun 2022 07:25:40 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: G7wa-i7j0l5JHcpKErMfCM9oSspUzDr-f2A4hkrkZCoQXwfo56Eyuw==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (15952)
Size:   49642
Md5:    00dca3dfe238c8ee6cbcf0aad0bda8f4
Sha1:   c7bee0e2f0448520ba4cbb0059207396b00378f9
Sha256: 54b721d2f87413b45c88c906bdf47de8f4c2648fcd02ffa3cabbe1834efcfca4
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "3D7DAFA5172DE1B8BEE3B42CA818DC87A5C79F68B264145703F51C7D009B5C27"
Last-Modified: Tue, 21 Jun 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4183
Expires: Fri, 24 Jun 2022 08:35:24 GMT
Date: Fri, 24 Jun 2022 07:25:41 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 24 Jun 2022 07:25:41 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 24 Jun 2022 05:03:55 GMT
Expires: Fri, 01 Jul 2022 05:03:55 GMT
ETag: 01A43A962E09DA3F9D837207EEB01B7E915E37A4
Cache-Control: max-age=595693,s-maxage=1800,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp7
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7203bb1c4c00b506-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 24 Jun 2022 07:25:41 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 24 Jun 2022 05:03:55 GMT
Expires: Fri, 01 Jul 2022 05:03:55 GMT
ETag: 01A43A962E09DA3F9D837207EEB01B7E915E37A4
Cache-Control: max-age=595693,s-maxage=1800,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp4
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7203bb1c4bec0afa-OSL

                                        
                                            GET /?amuld=726474 HTTP/1.1 
Host: d10lumateci472.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.245.149
HTTP/2 200 OK
                                        
content-length: 35993
date: Fri, 24 Jun 2022 07:25:41 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: z5D3AinnLgXYnNg8WuFNF1mq-bn9j3C9FcLiIL-Wl_PHO1vKKw1AZg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (15478)
Size:   35993
Md5:    a2811a810fa4d85ec55629bd7ee7d3a3
Sha1:   83a5ffaadddf25e1f771202da7021c65e3da8b21
Sha256: 8ec064a513a054547ff1a991917a6747682c21385b7e667f1ecaea9f526c411b
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 24 Jun 2022 07:25:41 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 24 Jun 2022 05:03:55 GMT
Expires: Fri, 01 Jul 2022 05:03:55 GMT
ETag: 01A43A962E09DA3F9D837207EEB01B7E915E37A4
Cache-Control: max-age=595693,s-maxage=1800,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp11
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7203bb1c5f2d0b69-OSL

                                        
                                            GET /images/favicon2.ico HTTP/1.1 
Host: www110.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/v/tzq4tpu5/file.html
Cookie: zippyadb=0; zippop=2; JSESSIONID=8D62F9382FDC54C89FD19D61F2A2B504
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Fri, 24 Jun 2022 07:25:41 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: public, max-age=25920000
Expires: Thu, 20 Apr 2023 07:25:41 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.118
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 24 Jun 2022 07:11:58 GMT
Cache-Control: max-age=3600
Expires: Fri, 24 Jun 2022 07:39:12 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: XchqHUmmmY9Dyn7ovwf01lPDcCzYpko26CNAYX_uhnqnM4vYy1e6XQ==
Age: 823


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4861
Cache-Control: max-age=130153
Date: Fri, 24 Jun 2022 07:25:41 GMT
Etag: "62b4ad61-118"
Expires: Sat, 25 Jun 2022 19:34:54 GMT
Last-Modified: Thu, 23 Jun 2022 18:13:53 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /1d/35/84/1d3584ff950f38d5b2e10bc2994be620.js HTTP/1.1 
Host: encloseddealing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.9
Date: Fri, 24 Jun 2022 07:25:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a9aa976cb4d12e3b88936ab5c49e2253
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (53762), with no line terminators
Size:   17180
Md5:    d7546fdf2dd18da98621c454ba4e3192
Sha1:   5dc6ada55345222690779e22225d97e8c7e09c6d
Sha256: 73a133ee5edaad82f2d8dab6c321a8afcbc4ba5c4e79a80e0cf5f71a62a0b9d3

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C8CE8D8DC46E08AC8D9070F15C32E97203A14B22E8B3C3766FB62CDA90102BC6"
Last-Modified: Wed, 22 Jun 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1674
Expires: Fri, 24 Jun 2022 07:53:35 GMT
Date: Fri, 24 Jun 2022 07:25:41 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5951
Cache-Control: 'max-age=158059'
Date: Fri, 24 Jun 2022 07:25:41 GMT
Last-Modified: Fri, 24 Jun 2022 05:46:30 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "AE1F703A3EE6BEEE75FFF4EF50CDC5BEC7913D7181C3555EBD04C4147ED0F02A"
Last-Modified: Tue, 21 Jun 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17596
Expires: Fri, 24 Jun 2022 12:18:57 GMT
Date: Fri, 24 Jun 2022 07:25:41 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A669B17C5487B9B53DAE1CB3790B99C81FF3E79A2D301C5C166616DFFBF9347C"
Last-Modified: Thu, 23 Jun 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19282
Expires: Fri, 24 Jun 2022 12:47:03 GMT
Date: Fri, 24 Jun 2022 07:25:41 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "AE1F703A3EE6BEEE75FFF4EF50CDC5BEC7913D7181C3555EBD04C4147ED0F02A"
Last-Modified: Tue, 21 Jun 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17596
Expires: Fri, 24 Jun 2022 12:18:57 GMT
Date: Fri, 24 Jun 2022 07:25:41 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eCirGg/r1Py7EkaWX1ldTg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         44.238.171.181
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: IdFlhpRCRL4ZPVvvx2rTXdhP96I=

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 24 Jun 2022 07:25:41 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 23 Jun 2022 23:32:36 GMT
Expires: Thu, 30 Jun 2022 23:32:36 GMT
ETag: C29545E1D326B7F5C8210193B4A6A43258A085A9
Cache-Control: max-age=575814,s-maxage=1800,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp4
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7203bb2049c3b506-OSL

                                        
                                            GET /ca/66/21/ca6621f64bcdfd0a5aa2af7c57675832.js HTTP/1.1 
Host: captiongodfather.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.12
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.6
Date: Fri, 24 Jun 2022 07:25:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d5c5d358f2e4a81dfbe742e09baab874
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (33859), with no line terminators
Size:   11415
Md5:    add0dc68770e813627606430839e9358
Sha1:   21fb7a4dd0b721551c3d174412b0b58a4dd22088
Sha256: 66f0b95f3e3b57488276a6b40c624e1639694235bd1a2d0eabe1c1464d8e67fc

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /sw.js?clZHSW4pdHB7X0RlcGtCUHRra1tBYyR6VkRuai9bF2VqfVsXb2ooXUAyanpYQWZ0K1tFZiMsD1B6ZXwMSzUiellBeyQvDUp7cy0KFnt%2BLV1He394V0ZvJngLSjQlK0xedDQ%2BTF50LyAdBjk1IAEHJSomHFwuPjNMXnR2eUBHdGsvDx4lImUIEzo0LEIUNys6Cy8 HTTP/1.1 
Host: www110.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: zippyadb=0; zippop=2; JSESSIONID=8D62F9382FDC54C89FD19D61F2A2B504
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Fri, 24 Jun 2022 07:25:41 GMT
Content-Length: 36755
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"95651-1654675203000"
Last-Modified: Wed, 08 Jun 2022 08:00:03 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   36755
Md5:    9f3eb972e27d96787df56867ba104e59
Sha1:   e266af1162c320a8366da4487c3698c0db0ca354
Sha256: 5750d3ef81845bcf96250e0b2e66d4b21aec5ed0144822ca14a9491f70392ae3
                                        
                                            GET /RnkyaWw9W0EeMzMLXktWZBFGHRw1Qx1GGzEOA1hcaANbGRw%2FCloIHiNXUQYBaQpFRwY1Wx5LHysfEFNdaltGCAsZEFZLVmROAFhadU4QRU41DFA2BSJLEFNOc0oHCl9%2BTwpECnMcAURYcxwLRA11S1ZEX3BKAloOc04CDQknW08 HTTP/1.1 
Host: aphycolourses.info
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         44.195.137.121
HTTP/2 200 OK
                                        
content-type: application/javascript; charset=utf-8
set-cookie: 4ae850f22aed277b243d7abf01a7e7d5=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"e102-JM1zPowQzy3mpd1VQQJ+bzidpNY"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (57602), with no line terminators
Size:   22909
Md5:    6f70ad922fb431eba59518d71b0fd21d
Sha1:   5e4a4882ec7580389decd2c5f84eb859c8bba046
Sha256: acf7ec2564ab233b87d9990691265d52b54d8d79e3cb7498f5d48b34ee070d01
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "43A13B73C14A970CF96F9B6FA009E96A4DDF436C4A58CCD40C608B0B8D5A9595"
Last-Modified: Thu, 23 Jun 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3966
Expires: Fri, 24 Jun 2022 08:31:48 GMT
Date: Fri, 24 Jun 2022 07:25:42 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.39
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=109109
Date: Fri, 24 Jun 2022 07:25:42 GMT
Etag: "62b45cf7-1d7"
Expires: Sat, 25 Jun 2022 13:44:11 GMT
Last-Modified: Thu, 23 Jun 2022 12:30:47 GMT
Server: ECS (nyb/1D17)
X-Cache: Miss from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2DdVFvqvmDX-KVQ9VZkkDMGG091QV3g6MLTSFsfwQSgIAXoLVAjz4g==
Age: 4404

                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www110.zippyshare.com
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Cookie: uid_id2=38cab85e-5d18-4036-8e46-416ed728d52f:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         52.29.132.48
HTTP/2 200 OK
                                        
date: Fri, 24 Jun 2022 07:25:42 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www110.zippyshare.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    c6a11d32775014fa770b2a419af38a9f
Sha1:   135cc49414ead6435513f9edd57beb3321bb49d4
Sha256: 9768394ba811ffd5368046307b0636344dada1c65eb50f2d997c9e121812d849
                                        
                                            POST / HTTP/1.1 
Host: historiousmor.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 387
Origin: https://www110.zippyshare.com
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         44.195.137.121
HTTP/2 200 OK
                                        
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5EC5F1704950BBEC18A5F5BC27BF4CAD5C28CF5F1149F5AD6FFA351EFD6A97F8"
Last-Modified: Thu, 23 Jun 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4508
Expires: Fri, 24 Jun 2022 08:40:50 GMT
Date: Fri, 24 Jun 2022 07:25:42 GMT
Connection: keep-alive

                                        
                                            GET /images/favicon.ico HTTP/1.1 
Host: www110.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/v/tzq4tpu5/file.html
Cookie: zippyadb=0; zippop=2; JSESSIONID=8D62F9382FDC54C89FD19D61F2A2B504; ppu_main_1d3584ff950f38d5b2e10bc2994be620=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=38cab85e-5d18-4036-8e46-416ed728d52f%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx
Date: Fri, 24 Jun 2022 07:25:42 GMT
Content-Length: 3611
Connection: keep-alive
Cache-Control: public, max-age=25920000
Expires: Thu, 20 Apr 2023 07:25:42 GMT
Accept-Ranges: bytes
ETag: W/"3611-1427651017000"
Last-Modified: Sun, 29 Mar 2015 17:43:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size:   3611
Md5:    b3bf18448d2e26f529500cb013975564
Sha1:   1b9d2cecad0cf85d336a24a0ccaa610c39a49f6a
Sha256: 968e719e5fbc1706a6db025adc28931e64fcf76c3ae80fa4ab6ff40b53b36b20
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 24 Jun 2022 07:25:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /utx?cb=PMwMYhNMVYkm&top=www110.zippyshare.com&tid=843055 HTTP/1.1 
Host: ghableleader.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www110.zippyshare.com
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.94
HTTP/2 204 No Content
                                        
date: Fri, 24 Jun 2022 07:25:42 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www110.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 24 Jun 2022 07:26:42 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ltE_KTJEgPa8Fnb4G9ilz89oKNo9TwepbwLUAnH0GSrPzfFAgkw2vg==
X-Firefox-Spdy: h2

                                        
                                            GET /utx?cb=5xxIi9hDlKjJ&top=www110.zippyshare.com&tid=726474 HTTP/1.1 
Host: ghableleader.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www110.zippyshare.com
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.94
HTTP/2 204 No Content
                                        
date: Fri, 24 Jun 2022 07:25:42 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www110.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 24 Jun 2022 07:26:42 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VuIdlXGW6cNjHG-x7ozfSRtvC42Fwy2ZsWu2KS2mrTx91Olxcvw8gQ==
X-Firefox-Spdy: h2

                                        
                                            GET /multi?cs=OTVRTVcABmZ4YgABaH9vDQVndGQ&abt=0&red=1&sm=76&k=zippyshare&v=1.0.58.2&sts=0&prn=0&emb=0&tid=726474&fs=1&ref=https%3A%2F%2Fwww110.zippyshare.com%2Fv%2Ftzq4tpu5%2Ffile.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_35NC=1656055536806&crc=1 HTTP/1.1 
Host: ghableleader.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www110.zippyshare.com
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.94
HTTP/2 200 OK
                                        
content-type: text/plain
content-length: 1405
date: Fri, 24 Jun 2022 07:25:42 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www110.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=ebd3a912-bdf5-499c-8029-60d5bd429478
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: l6kl63utVHiv6UEaOw6F727CGPAV9t1tEdIGoi0xO3wWYe_2KtBSZg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3035), with no line terminators
Size:   1405
Md5:    4f2eb451130e695fe51341a998964a27
Sha1:   61b7b5d799f3a5755dcfa2230a04c7bc0d6f7729
Sha256: aa5f2735ca8d83ebf180177808e843773cceee838d6aa3a96adc7ffac62a4679
                                        
                                            GET /Lem9Bb2kZAC8JVg4GJVJRTlxxWlxcBTIABwpSECwvOz54ADgLCWcbEx5ScUkFGwEmUk8fASJSWFwOJQ1USkk1HwYRUjQBDR8JKAEMHkk0DlQXADsGBRYOZF0vT0FxSltKRzleWF9cA0pbSgMoARwCSnNfEUJZHlldX1wDSltKHTdKWjtWd0FZU0pzXw4fDC-oATEgpc19YSl9wX1hfXXEJAAgKJwARX10HVl9UX2caVEs HTTP/1.1 
Host: ds88pc0kw6cvc.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.245.114
HTTP/2 200 OK
                                        
content-length: 350
date: Fri, 24 Jun 2022 07:25:42 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: j4fiR3nXn7d1K3bJEgZ4kSxs36x1DN3xmQJtxP4VjLKoV-stESa8sw==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (442), with no line terminators
Size:   350
Md5:    a454685a1e9bbdead18885421f4154d6
Sha1:   687447677b1afa055fc6a0f4d56e60d1696468b4
Sha256: 326dd7fe2b2b293edefe20b460e8d349717a57c5e8b07ba917148fd3252260cf
                                        
                                            GET /advertisers.js HTTP/1.1 
Host: d24ak3f2b.top
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.0.197.108
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.6
Date: Fri, 24 Jun 2022 07:25:42 GMT
Content-Length: 0
Connection: keep-alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /2bGIya3IPDVwNTRgLVlZFXlQGXEZKCEEEHBxfdAEnXysDPj8oUmQjVBgYVlZCSg5TBRVRRFcFEVFTFAoWDl8CTQYcDVlWFxoVRQUDBgBIElQZAw8GHRYLXgcTSVB0XlxcRwBbWhRTA05BLkcAWx4FDEcTV15SSlNEM1QGTkEuRwBbABpHASpLWkwCQldeUl-UOEQcNF1k0XlIDW0JdUgNOQFwEWxkXCg1KTkAqWwRFQkoXD1o HTTP/1.1 
Host: d10lumateci472.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.245.149
HTTP/2 200 OK
                                        
content-length: 442
date: Fri, 24 Jun 2022 07:25:42 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yvRUpa5fFlY_R9GHe_dQx209905TJy-5jfpxt3-HIGXWRbOrvycdMA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (584), with no line terminators
Size:   442
Md5:    f2f3d6846c4b9b6f24d3f6870fd55ba4
Sha1:   7d309e1111d73fe2a4974e132ff49f0438e9ebf7
Sha256: 9026e69236ac0b97ecc851df9f0c9da0a6fe87a7a7854ce49cf74209d4c25c5c
                                        
                                            POST / HTTP/1.1 
Host: historiousmor.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www110.zippyshare.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://www110.zippyshare.com
Content-Length: 356
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         44.195.137.121
HTTP/2 200 OK
                                        
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            GET /floater?cs=VWp0TlNhUkB%2FYWZcQH5gZV1HfGY&abt=0&red=1&sm=83&k=zippyshare&v=0.8.8.2&sts=0&prn=0&emb=0&tid=843055&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww110.zippyshare.com%2Fv%2Ftzq4tpu5%2Ffile.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_jvsp=1656055536804&crc=1 HTTP/1.1 
Host: ghableleader.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www110.zippyshare.com
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.94
HTTP/2 200 OK
                                        
content-type: text/plain
content-length: 3541
date: Fri, 24 Jun 2022 07:25:42 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www110.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=1182d7f0-1d04-4e94-936c-f272a20d3116
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: P1sqm2YKsi96Ncr5QbSWxXDXVeLyj6o7N5LrmNhZWIpzO1229HKEIQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5419), with no line terminators
Size:   3541
Md5:    96ad14c6a624646604f578c27d5cf10d
Sha1:   8e3029348eed558112b4152131202641f2b9f759
Sha256: c3d618a01c37c3e0d6c9004590137a8f4ccff9b30b16813997d5d88d7e3a35fd
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1394332035FF30FC505CCB0EB81DD131660600CACDD2559D109B725075B69669"
Last-Modified: Tue, 21 Jun 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3230
Expires: Fri, 24 Jun 2022 08:19:33 GMT
Date: Fri, 24 Jun 2022 07:25:43 GMT
Connection: keep-alive

                                        
                                            GET /RTFibGEeE1VeUHMCVU5NZxNOTlR2BAFfWXMJTwpUIAJPWFQgCE8NUndVT19XdgFRDlRyAQYJAGcdQFkDfFIHX1Z2HAEKAn0cVggFIRxbCFJwHFpdWHEIA10EfVMADkNpExEbQ2kTCgUSMV4QBQ4wQg8DE2tJGxZDaRNTXE9wE04KAClCB0AHJF0RCU0jUA4fBBg HTTP/1.1 
Host: historiousmor.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         44.195.137.121
HTTP/2 200 OK
                                        
content-type: application/javascript; charset=utf-8
set-cookie: 91781912de2972d0c4e389eb8d2040ac=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8447-VfsZhjzxuTHC8SRZgSlI2Ss8EXw"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (33863), with no line terminators
Size:   13201
Md5:    6864614031d8f447db5e036aa504d904
Sha1:   fdc10d15aee79ef1a84339db398383d80e7227cf
Sha256: 022468b48a05232fe65164a533901cc5b5fcf8fe3d182bc819d20ac79943a608
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1394332035FF30FC505CCB0EB81DD131660600CACDD2559D109B725075B69669"
Last-Modified: Tue, 21 Jun 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3230
Expires: Fri, 24 Jun 2022 08:19:33 GMT
Date: Fri, 24 Jun 2022 07:25:43 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49c3ccce-1ae1-4a47-8d95-aa572c4ceae9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 11646
x-amzn-requestid: 3061c5bd-7a81-4f52-a333-fc122a7521a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UM1AKHdVIAMFbVQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62b50200-23220ada786a596b248d127b;Sampled=0
x-amzn-remapped-date: Fri, 24 Jun 2022 00:14:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Q2QWHo5LVycJplvw3MVNXWQs2mCsEx6xulLVDD0ywU9NwMdb37QJSQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Jun 2022 00:28:18 GMT
age: 25045
etag: "1a85dce8e73089b14f81c10c492f96eee2cab510"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11646
Md5:    35eb3d6d8ced3eb364e64f0174bd1450
Sha1:   1a85dce8e73089b14f81c10c492f96eee2cab510
Sha256: 5e13e75e2a9f7c7d99e493565d2205ccbcf74f5047dbe450452ab60dd46cb66f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1749b3b-0d9b-43a1-8965-f7f13602c892.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 7281
x-amzn-requestid: ed27e890-50fd-42e3-ae91-6ea788e157f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UM1BhG8JoAMFppQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62b50209-479195105ec805f252173f07;Sampled=0
x-amzn-remapped-date: Fri, 24 Jun 2022 00:15:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dW71IPIO0pvMPqUTy5s8MzPgXHF-_C0vcvAdZ0QNiMSWcHfSvcznpA==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Jun 2022 00:33:48 GMT
age: 24715
etag: "7de1e1a3d5278c4a95a6c41707de9f42b340df9a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7281
Md5:    e13f75fbc853ddadb00c907e132f0772
Sha1:   7de1e1a3d5278c4a95a6c41707de9f42b340df9a
Sha256: 495b9150ad122944a29462010c86648c4b9b8a83b70686d1e0557cb93111d2a0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92d82a42-6b15-49d4-909b-032f805d3c47.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 4253
x-amzn-requestid: dc2f230b-d9d9-4d10-af7c-f7c7c92eaad1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UM1BYHgZoAMFzqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62b50208-282d2a0d707326a647d17b82;Sampled=0
x-amzn-remapped-date: Fri, 24 Jun 2022 00:15:04 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MsQNllN96JiXwoPPx6dhqZdIz7jsup0Q0VuwbzmYGsscB0uhTsF8Yw==
via: 1.1 b47618c03bd47cf085f27b1e215f76cc.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Jun 2022 00:48:35 GMT
age: 23828
etag: "e5f4947c997c4d9ba9a1a2b6696aef163655b808"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4253
Md5:    d5983f34363faf36540f0fb6806435d8
Sha1:   e5f4947c997c4d9ba9a1a2b6696aef163655b808
Sha256: 31ae38c2c9446152b979340de0c1c43e3e2060ba8abff66dc2e0b5d5f676379e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ee0f212-4313-40f0-9c30-2eb07cb2ea12.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 8898
x-amzn-requestid: d9208711-1eaa-493d-9dd2-0f53189d3d55
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: TtggbExsIAMFvIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a87acf-52322d6565f9695f6363dcd4;Sampled=0
x-amzn-remapped-date: Tue, 14 Jun 2022 12:10:55 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7u2B0-q7_oiBwA3WWhhvbfUlc8uRQTKxlHQHjJIsQ1gw9ZMR2WLkGA==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Jun 2022 08:02:24 GMT
age: 84199
etag: "cd11ececd4ca2538610988e35d57eb41aea26e9b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8898
Md5:    03d2157588ed473d22e1f3bfd99457d6
Sha1:   cd11ececd4ca2538610988e35d57eb41aea26e9b
Sha256: cb00b37c8250e1b0718cc00b966deaaf15d78fd6d36887d9adb55533f4663197
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F319c2e11-c803-4fa5-9943-c89fa08b67ea.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 6378
x-amzn-requestid: 8d7c596c-f3fd-4461-b3e5-3fd6c12eb739
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UM1HsELJoAMFZOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62b50231-0fa643c12cca1fd865fa3743;Sampled=0
x-amzn-remapped-date: Fri, 24 Jun 2022 00:15:45 GMT
x-amz-cf-pop: SEA73-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VuQr41Lak-id_Tx8kulXdEpp_P2iHQtZAmkcz-0S0OFMtko4epw84Q==
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Jun 2022 00:28:54 GMT
age: 25009
etag: "f385bed6a1b3f809e0d470cd64dde4fc23ab0d72"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6378
Md5:    4e051fc2cbe481c532bee7a6737ed71c
Sha1:   f385bed6a1b3f809e0d470cd64dde4fc23ab0d72
Sha256: 857b5bea277f51174914cb8af6a94e8f8df9929e17067304503333fd8144d4a6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd7f9a35-0e8a-460e-b220-6d735af41155.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 8983
x-amzn-requestid: 627a7551-ca6d-4b1b-b794-956df9b5487d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UMz6RHgpoAMFyKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62b50041-6c9d1ed4728c796230f8630e;Sampled=0
x-amzn-remapped-date: Fri, 24 Jun 2022 00:07:29 GMT
x-amz-cf-pop: SEA73-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: bqEUkBIE90v5mTTgWDVS80-exnhBWN8NLPHX9A28F6uQQ74lG4ZOEw==
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Jun 2022 00:23:18 GMT
age: 25345
etag: "09043e8c1fc47eb1113e4a34da30b3047a73f835"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8983
Md5:    eb1d09ebdf227ca72fbb08c09fbb92ae
Sha1:   09043e8c1fc47eb1113e4a34da30b3047a73f835
Sha256: df8bb827f695f360f8b9e8f14b2b45a6af27cb2213808cecff3ea59f75cf66cc
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "068E579FBBEB0061A16F92109D9AE92D9164C86F613BC2FC8BFED0D0EE9A863F"
Last-Modified: Wed, 22 Jun 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10546
Expires: Fri, 24 Jun 2022 10:21:29 GMT
Date: Fri, 24 Jun 2022 07:25:43 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "068E579FBBEB0061A16F92109D9AE92D9164C86F613BC2FC8BFED0D0EE9A863F"
Last-Modified: Wed, 22 Jun 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10546
Expires: Fri, 24 Jun 2022 10:21:29 GMT
Date: Fri, 24 Jun 2022 07:25:43 GMT
Connection: keep-alive

                                        
                                            GET /pxf.gif?uuid=38cab85e-5d18-4036-8e46-416ed728d52f&eb=f2971074fea048c017123c068028f7b0&te=b8a4e026d9f6325fba5277f9c4602d23&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=12.31&b_frame=0&pk=ca6621f64bcdfd0a5aa2af7c57675832&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7 HTTP/1.1 
Host: unseenreport.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.13
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.6
Date: Fri, 24 Jun 2022 07:25:43 GMT
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5525bd122c27acf60558e5c21eec3848
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    93b885adfe0da089cdf634904fd59f71
Sha1:   5ba93c9db0cff93f52b521d7420e43f6eda2784f
Sha256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pxf.gif?uuid=38cab85e-5d18-4036-8e46-416ed728d52f&eb=f2971074fea048c017123c068028f7b0&te=b8a4e026d9f6325fba5277f9c4602d23&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=12.31&b_frame=0&pk=1d3584ff950f38d5b2e10bc2994be620&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7 HTTP/1.1 
Host: unseenreport.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.13
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.6
Date: Fri, 24 Jun 2022 07:25:43 GMT
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0a2bd6bd442c2a45077aa1de5f90b24a
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    93b885adfe0da089cdf634904fd59f71
Sha1:   5ba93c9db0cff93f52b521d7420e43f6eda2784f
Sha256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "9F16B283197C925F7D27F63100EBCB1EB23BCA1544C75B5D870C9072BAEE0AE8"
Last-Modified: Thu, 23 Jun 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12931
Expires: Fri, 24 Jun 2022 11:01:15 GMT
Date: Fri, 24 Jun 2022 07:25:44 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4488F9BF923694410F93E08AD9666BCE77BC566C66EB39A9626F31CDC011241A"
Last-Modified: Thu, 23 Jun 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10578
Expires: Fri, 24 Jun 2022 10:22:03 GMT
Date: Fri, 24 Jun 2022 07:25:45 GMT
Connection: keep-alive

                                        
                                            GET /winnotice?sid=H4sIAAAAAAAC%2F1RTz2skRRSu0XhYPCkrCoqMNwWZdM%2FvcQ%2FBGCNh42bdddGTUl1VnTzT09VUdU1PcgqK4kkGvXmqfMkmqMHVmxdX6Sx4CAiZW0DzDyj4Cxa8yYwxwQfFe%2FW%2Bd%2FhefV99sO1OWQ2Onyy8qjcpSfhsqxZUn30zDK9Ulyl1w%2Bqw23673bxSNYMXeu1a8Fz1FSXW9Ww9CIMgDMLqIhkV6%2BHsBARlB72w1gtqzXotbDUxNB7WVWB5BXJwyh4FyfHMvcplkCiR9r9aUHY919nzL%2FddwnNtMJD7t9L1VBcp%2BhdlbCqI0%2F2zaWh7vHgXOr09pQg9OB%2BMaMwqP9xFlO6fEUM02J1yixKoFJF8GMWghEpKEC8h9HsgecwAIXFtBWl%2F75o2Bd%2F4F%2BUTdMxm7v8FKsZs5ufLSPtfzic0rN7UictJpxbD2IOGJWi1ROYOkW8yUHEIkb8Lkj%2By2fvLSPu7KzbRIOmnuxOVoLhEokbglsFNDjG4uAKXVdCXJ1URhmEnkIIH3Z4QDdlRUVsGIe%2FEIQ%2BDdhdOTOiNkGcjiGQEYbaQmS2s0wjGfQSyJRz3oMwjs3vdZiNotaDE0dzfv7z%2F9Dev%2FQpOJ9W40%2BsFvY5oNxqNoNNScSxbrV5cjzrtbhiGdUR0NHer9dAfwZ2rSIhB8aPvfmfTgE09Uud3UkMeRh2xs9gxMj%2BaO59a87CSweYMA%2BlRKIbCMhScoSCGImcoBv62TGzd%2Bj2ZWBeFZ7l%2Blht%2BOztlj0z1%2BFO8hXV1Uo0DUe%2FGvWaj3m32elFXNjuNdrctRSi7qtmVsPTf1mQfALcVbNKYPfbTb8gmTpGfIOKHsMkhBD0D7p4CLzz4msdm6iH1AY94rniS1ITuI8svId%2BobCen7PEpj%2Bbgzv%2BeUxiPzHi8Q%2FcYVpMPd27ogu3e0IVlX69kOfVpk088czPnuXrw86tqo9BGLi3Y0WcvigkwKQ9eVzZf5qmkdNWyL%2BZJSmUWtRGKfbtk31DRdWfX5p1JXbZ8%2FaXFpX5mlLWk0xKcjlc%2FhqAxu%2FREZ%2FoZnlz5FGRKGOfRd%2BfygHQJkW3BZhc9qxlMcnGPMobC%2BR1Tjy6aEwMkFzqDR37bfg9LHrll%2FwAAAP%2F%2FAQAA%2F%2F8wXO3hUQQAAA%3D%3D&ap=${AUCTION_PRICE}&l=3438255&sub3=1656055542&pid=91283&sub2=icon&auid=f799097c6333075effd559f2b7681112&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1 
Host: abateall.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.225
HTTP/1.1 307 Temporary Redirect
                                        
Server: nginx/1.22.0
Date: Fri, 24 Jun 2022 07:25:45 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 107d08edf03a9587cb501f401b7a7301
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B494E4413A824900A570C70F6E0DEC62E18CC1CCF88AB669A8BB3112A74164E5"
Last-Modified: Wed, 22 Jun 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6057
Expires: Fri, 24 Jun 2022 09:06:42 GMT
Date: Fri, 24 Jun 2022 07:25:45 GMT
Connection: keep-alive

                                        
                                            GET /cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1 
Host: cdn.cloudimagesb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         45.133.44.9
HTTP/2 200 OK
                                        
date: Fri, 24 Jun 2022 07:25:45 GMT
content-type: image/jpeg
content-length: 33103
server: nginx/1.17.6
last-modified: Tue, 09 Jun 2020 11:44:50 GMT
etag: "5edf7632-814f"
expires: Sun, 26 Jun 2022 07:25:45 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2020:05:18 19:19:17], baseline, precision 8, 200x200, components 3\012- data
Size:   33103
Md5:    70cf8250da1a25a7b445231428af7828
Sha1:   a849d338423d2919949340838c768bba90b9081c
Sha256: b7060bc46dc459a00d4124523a26f0cbf31fba31d41fccae9f82bedaf22c1186
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "93EAD4AFB314D87DD80A555E059B2943AFC94D458991DA1EAE19FF6DCD9D1714"
Last-Modified: Fri, 24 Jun 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3751
Expires: Fri, 24 Jun 2022 08:28:18 GMT
Date: Fri, 24 Jun 2022 07:25:47 GMT
Connection: keep-alive

                                        
                                            GET /sbar.json?key=ca6621f64bcdfd0a5aa2af7c57675832&uuid=38cab85e-5d18-4036-8e46-416ed728d52f%3A3%3A1 HTTP/1.1 
Host: delayeddisembroildisembroil.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www110.zippyshare.com
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.225
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.22.0
Date: Fri, 24 Jun 2022 07:25:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www110.zippyshare.com
Access-Control-Allow-Origin: https://www110.zippyshare.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15255681; expires=Sat, 25 Jun 2022 07:25:47 GMT; secure; SameSite=None uid_id2=38cab85e-5d18-4036-8e46-416ed728d52f:3:1; expires=Fri, 01 Jul 2022 07:25:47 GMT; secure; SameSite=None pdhtkv=true; expires=Sat, 25 Jun 2022 07:25:47 GMT; secure; SameSite=None uncs=1; expires=Sat, 25 Jun 2022 07:25:47 GMT; secure; SameSite=None pdhtkv29=true; expires=Sat, 25 Jun 2022 07:25:47 GMT; secure; SameSite=None uncs29=1; expires=Sat, 25 Jun 2022 07:25:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 364cf1e86163ee251ae60fa61b2d12e3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (5615), with no line terminators
Size:   3980
Md5:    a097c6a186cd50da2642f43f76c511df
Sha1:   4d06505942f3a6463318e9b07a0a694606ce4666
Sha256: 591be687fd7f3483ebf51d5e7f08402cdd43012292341686475692ea14b25922
                                        
                                            GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSMWwcRRSdTaw0VCFpQAJdgQRI%2BLy7d7d7TgqUEIwiTBwlIOjQ7MzsefDszmpm5%2FZ8ojBEQimPlmr9zo4FRBEUlEToHAlEJCQflQvcIdEipDQ06C4WB7957%2F33i7dv57Ndd0J8OHp87R09lErRlU7Tb7zyQRBcbqzL3A0ag270YdS%2B3DD9S6tR03%2B18ZZgW3ol9APfD%2FygsSaNSPVgZWZCFvdXg%2Baq32yHzaDTxsD8X1vnwVIPvH9CnoXk06VH3kVINkGefXNN2K1SF6%2B9mTlFS23Q5wfv5Vu5rnJkC5oaD2l%2BcHoNbY%2FWHkLn%2B%2FO40P1%2FDxM5Jd6PD5HkB6chkfT35jkTBZEj4c%2Bg6k8g1ASSTsD0HUh%2BRADGcWMDeXbvhjYV3X7q0pk7JUtP%2FoKspmTpt4vIswdXlRw0bmvlSqlzi0FaQw4mkL0JCneIcngGsjoEKz%2BF5L%2BQlSfryLO9Das0JD9%2BqdVlNOl2xHKHB93ltt%2BKlruiHS23g0jwOOzyTpjOC5JyAplOoMQI1J6Fsx6c9OBSD67wkPHjBguCIPY5o353lbEWj0UScT%2BgcRrQwI%2B6cGz2DSOUxQhMjcDMDgqzgy05gnE%2FwG7WsNyDLQn6vEYlCCpLUFGCShJUJUHVr%2Fe5sqGt73FlXRKcYniKrXqsy94u3ddlT%2BRktzgh5%2BfF%2FfHTJ9gSxw1GoygM0qidMJ5yn3YoDWkas04cxZ1uK4SVNaQ9A2o9DOWUkJ8voJjhF5eQ0ENYdQgmz4O6F0CrcRz6oJvjdtfHMH8wlEWxbTepEU2mM3BdoyiXUG57u%2BqEPDdP8vLvz0Owx%2BR0wEyNwtT4SD4i6Km741u6Inu3dGXJtxtFKTM5pLPfe7ukpTj31dtiu9KGX79mR19eYTNjRu%2B%2FK2y5TnMu854lX1%2BVnAuzpg0T5Pvr9n2R3HR286ozuSvWb76xdj0rjLBW6nwCKo8%2BjsDklJy7sj9%2Ftxf%2BDCHNBMbVyNwiqdQTsGIHtljsrCYwaqGTwkPl6rEJk8VSSQIlFpomNex%2FdLLgu%2FYueuZF0PIO8qxG39ToqxpUjWDd2XFZmMev%2F9qaDxLljRNlvL1EGfX502qtPG7ErZZPo9VOEMdUxEk77KZRwCkN21EYRbSF0k6T79K%2F%2FwEAAP%2F%2FAQAA%2F%2F9vr%2BdDggQAAA%3D%3D HTTP/1.1 
Host: delayeddisembroildisembroil.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Cookie: u_pl=15255681; uid_id2=38cab85e-5d18-4036-8e46-416ed728d52f:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.225
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.22.0
Date: Fri, 24 Jun 2022 07:25:47 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9e9f4b995decae77ca4914952764a90c
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "E0A872A1B3B0950B5FF200EDCC690786B4531BBF96332FDF5FA7095F5A3D6CC5"
Last-Modified: Fri, 24 Jun 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10411
Expires: Fri, 24 Jun 2022 10:19:18 GMT
Date: Fri, 24 Jun 2022 07:25:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "E0A872A1B3B0950B5FF200EDCC690786B4531BBF96332FDF5FA7095F5A3D6CC5"
Last-Modified: Fri, 24 Jun 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10411
Expires: Fri, 24 Jun 2022 10:19:18 GMT
Date: Fri, 24 Jun 2022 07:25:47 GMT
Connection: keep-alive

                                        
                                            GET /sb/notifications/vpn/default/us/mac/black/2/index.html HTTP/1.1 
Host: cdn.barscreative1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www110.zippyshare.com
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.205.72
HTTP/2 200 OK
                                        
date: Fri, 24 Jun 2022 07:25:47 GMT
content-type: text/html
last-modified: Wed, 02 Sep 2020 10:55:17 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qPI806jEsDq%2FvooEghXcLBFD%2BtYBwOz2RxCKO3J40Sxe9uJJ3%2BMeMtlaVHwXICjj%2FFTQQkKvu2UVy%2F%2FuVAmh64t4xBQ4I%2F8UQmGBcvHxiF1GYc9R2xywidVYPZoOjFTxzK1K9GvxRXo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7203bb44fdb8b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text
Size:   385
Md5:    0b7fe6b9717219203981e35045262450
Sha1:   3c07ddb5c9f642179b5c2db4e2e50919959f0b51
Sha256: 725eb6e379cb606c2e29cedb14bb0bb5ff0f0f87074a2313a9e47c3f43a45a61

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /sb/notifications/vpn/default/us/mac/black/2/img/update-icon.png HTTP/1.1 
Host: cdn.sb4you1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         172.67.183.56
HTTP/2 200 OK
                                        
date: Fri, 24 Jun 2022 07:25:47 GMT
content-type: image/png
content-length: 68457
last-modified: Wed, 02 Sep 2020 10:55:45 GMT
etag: "5f4f7a31-10b69"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1504322
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mm%2Bd0qmLvHbFW5rdG9TzEA%2BUNlcVLbqgQncIKl6k8xHWKudyvqrqsgrXgILmz4nzPD5KPp8GASqIey6DTQDGfG9k5AtSTnhEWTiEnL1zbygwvW782rOzbtVvidjofwQ7KKQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7203bb46898a1bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 435 x 438, 8-bit/color RGBA, non-interlaced\012- data
Size:   68457
Md5:    2f2eeb4c930df8fb46602fe0caf6a683
Sha1:   1cad9a04d5601507629ca5ca08ad7f6de8ea8061
Sha256: fb173bb1457002470e16630e3152ee66a14240a2d5d27a419c848a8ebb2e66a9
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "E0A872A1B3B0950B5FF200EDCC690786B4531BBF96332FDF5FA7095F5A3D6CC5"
Last-Modified: Fri, 24 Jun 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10411
Expires: Fri, 24 Jun 2022 10:19:18 GMT
Date: Fri, 24 Jun 2022 07:25:47 GMT
Connection: keep-alive

                                        
                                            GET /sb/notifications/vpn/default/us/mac/black/2/css/style.css HTTP/1.1 
Host: cdn.sb4you1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www110.zippyshare.com
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.183.56
HTTP/2 200 OK
                                        
date: Fri, 24 Jun 2022 07:25:48 GMT
content-type: text/css
last-modified: Wed, 02 Sep 2020 11:08:42 GMT
etag: W/"5f4f7d3a-1a7d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1sLN5axYkAR5H7Kxchbs62RAFCa1N05xDA8BuVpEGb4dhAjPf9712Bb94QYmUl1vb1idyFOk%2Bsj4gglAX7RjExUZxGMCOw9JFH99F%2Bqh7jKg1tH2EEBnC0w35hEZZjxwcZk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7203bb46595d1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1500
Md5:    f15951b6887a5007bd862f58d7495768
Sha1:   9996d9882b0e708c78cb3135662511586104e297
Sha256: df958eb03fefe952525ef075eb2440053a8f13fd58dcc66614f3c14a6b3ca011
                                        
                                            GET /sb/notifications/vpn/default/us/mac/black/2/js/script.js HTTP/1.1 
Host: cdn.sb4you1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www110.zippyshare.com
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.183.56
HTTP/2 200 OK
                                        
date: Fri, 24 Jun 2022 07:25:48 GMT
content-type: application/javascript
last-modified: Wed, 02 Sep 2020 10:55:46 GMT
etag: W/"5f4f7a32-189"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X0%2FSd6HcWrizhyegR4b3foSXgOAbmvl0cetYASDbIpIzlVL1XmFE3RFJj3NJeq8PBYsTH06GYfjxvAsQpMUlYQJ5brhA%2B%2FWSsieEhcufxFHDoQqcwYqjrLSfKj6JH6%2FEP1Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7203bb46595c1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   188
Md5:    c527ba7735151bb1c53fd28c73c81a43
Sha1:   ba797639c67dc1919045afed50a8237e85a3638e
Sha256: 786fa7668b16e88448e8cd5e65d25c45d6593a7b24cfcdca620e843cc25cd824
                                        
                                            GET /pixel/sbls?bv=22.2.6607&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fcss%2Fanimate.css&l=79245&fd=216 HTTP/1.1 
Host: delayeddisembroildisembroil.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Cookie: u_pl=15255681; uid_id2=38cab85e-5d18-4036-8e46-416ed728d52f:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.225
HTTP/1.1 200 OK
                                        
Server: nginx/1.22.0
Date: Fri, 24 Jun 2022 07:25:48 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

                                        
                                            GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidTaw0VCFpQAJdgQRI%2BLy7d7e3TgqUEIwiTBwlIOjQ%2FO158OzOamb39nyiMERCKY%2BWav3OjgVEERSUROgcCUQkJB%2BVC9wh0SKkNDToLhYHX%2FPe%2B95XvH07n%2B2WJ8RHSY%2BvvWOGSmu60mn6jVc%2BCILLjXWVlYPGII4%2BjNqXG7Z%2FaTVq%2Bq823pJ8y6yEfuD7gR801pSViRmszEyo%2FP5q0Fz1m%2B2wGXTaGNj%2Fa1d6cNSD6J%2BQZ6HEdOmRdxGKT5Cl31yTbqsw%2BWtvpqWmhbHoi4P3sq3MVBnSBU2shyQ7OL2GcUdrD2Gy%2FXlcmP6%2Fh0xNiffjQ7Ds4DQkWH9vnpNpyAxMPIOqP4HUEyg6ATd3oMQRAbjAjQ1k6b0bxlZ0%2B6lLZ%2B6ULD35C6qakqXfLiJLH1zVatC4bXRZKJM5DJIaajCB6k2Ql4cohmegqkPw4lMo8QtZebKOLN3bcNpAieOXWjGnLO7I5Y4I4uW234qWY9mOlttBJEU3jEUnTOYFKTWBSibQcgTqzqJ0HkrloUw8lLmHVBw3eBAEXV9w6sernLdEV7JI%2BAHtJgEN%2FChGyWffMEKRj8D1CNzuILc72FIj2PIHuM0aTnhwBUFf1KgkQeUIKkpQKYKqIKj69b7QLnT1PaFdyYJTDE%2BxVY9N0dul%2B6boyYzs5ifk%2FLy4P376BFvyuMFpFIVBErUZF4nwaYfSkCZd3ulG3U7cCuFUDeXOgDoPQzUl5OcLyGf4xSUweginD8HVedDyBdBq3A190M1xO%2FYxzB4MVZ5vu01qZZObFMLUyIslFNverj4hz82TvPz785D8MTkdcFsjtzU%2BUo8Ievru%2BJapyN4tUzny7UZeqFQN6ez33i5oIc999bbcrowV16%2B50ZdX%2BMyY0fvvSles00yorOfI11eVENKuGcsl%2Bf66e1%2Bym6XbvFrarMzXb76xdj3NrXROmWwCqo4%2BjsDVlJy7sj9%2Ftxf%2BDKHsBLaskZaLpMpMwPMduHyxc4bA6oVmuYeqrMc2ZIulVgRaLjRlNdx%2FNFvwXXcXPfsiaHEHWVqjb2v0dQ2qR3Dl2XGR28ev%2F9qaD5j2xkxbb49pqz9%2FWq1Tx42WL7pMJrLLZLvTTiQXrNNhPk84a4k45ijclH2X%2FP0PAAAA%2F%2F8BAAD%2F%2F%2B97MquCBAAA HTTP/1.1 
Host: delayeddisembroildisembroil.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www110.zippyshare.com/
Cookie: u_pl=15255681; uid_id2=38cab85e-5d18-4036-8e46-416ed728d52f:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.225
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.22.0
Date: Fri, 24 Jun 2022 07:25:48 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e619f56f3f0ee141bf7b53b6ad4a14d9
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c