adultgamelist.com/external.php?link=aHR0cHM6Ly93d3cxLnppcHB5c2hhcmUuY29tL3YvT1RRUURwN2wvZmlsZS5odG1s
302 Found 706 B URL HTTP/1.1 adultgamelist.com/external.php?link=aHR0cHM6Ly93d3cxLnppcHB5c2hhcmUuY29tL3YvT1RRUURwN2wvZmlsZS5odG1s
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 4ae1d260efd7d494735ac7b74724e505
fbdb7641c3612927dce2c1c624e426d4440c581f
e2e8307d168caa27f8d0c0164eef39da2fa997cafa2638dffe13369434eb75ff
GET /external.php?link=aHR0cHM6Ly93d3cxLnppcHB5c2hhcmUuY29tL3YvT1RRUURwN2wvZmlsZS5odG1s HTTP/1.1
Host: adultgamelist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
location: https://adultgamelist.com/external.php?link=aHR0cHM6Ly93d3cxLnppcHB5c2hhcmUuY29tL3YvT1RRUURwN2wvZmlsZS5odG1s
vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N4%2BaiyZtt1AHmKAwKJhx%2BV0FWFx3GC5BxYYNKsYjxj%2BFHDD9uaHxJkHUO1n0CJOcpkmid6%2BlJufw9WUNrnEdRWqyUkyQ32X9NPZt9%2FjGYogV95BK7keSDVx6EMlnL4gd1v6EYA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746f727e3bc1b529-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 07 Sep 2022 12:00:18 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: HZ0GyHLjKKJSa6qROE6MLD05HtpHBSxp-drGewHRMejh4jLja7_UhA==
Age: 1720
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6294
Expires: Wed, 07 Sep 2022 14:13:52 GMT
Date: Wed, 07 Sep 2022 12:28:58 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Sep 2022 05:15:28 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: hfEZhuvFql23RKRzEiswwWBtSHWfjo0deCd2bFX0esMvNSdFt1Fp7Q==
age: 31344
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 12:28:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP
Hash 4634e96cb70abbf3b018438d8bd6808c
78a3a73fa926290827ee3659f23d560ed506e927
c897da642ac8ccd5d498caae59beb2e6f74fe1cf355505f47b83adf1c88343b4
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sun, 11 Sep 2022 09:16:17 GMT
ETag: "78a3a73fa926290827ee3659f23d560ed506e927"
Last-Modified: Wed, 07 Sep 2022 09:16:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2668
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 746f72811aacb518-OSL
www1.zippyshare.com/v/OTQQDp7l/file.html
200 OK 40 kB URL HTTP/1.1 www1.zippyshare.com/v/OTQQDp7l/file.html
IP
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (38078), with CRLF, CR, LF line terminators
Hash 61f846fb74818cb0f43f5e36fbe907d3
8e915867fa887e45ebd6ff7b7cdc52c9a0ea5332
cbf68133f082d79c5b9ed88f369b589209620b816daae93c4af0f62f1fa64c04
GET /v/OTQQDp7l/file.html HTTP/1.1
Host: www1.zippyshare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: JSESSIONID=BE908CD95393D2E026F30971190DC867; Path=/; HttpOnly
zippop=1; Domain=.zippyshare.com; Expires=Thu, 08-Sep-2022 00:28:58 GMT; Path=/
Content-Language: en
Expires: Wed, 07 Sep 2022 12:28:57 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
www1.zippyshare.com/wro/viewjs-9c29d4e653e865831dc028fdac7e7dfff3be049e.css
200 OK 67 kB URL HTTP/1.1 www1.zippyshare.com/wro/viewjs-9c29d4e653e865831dc028fdac7e7dfff3be049e.css
IP
ASN #43350 NForce Entertainment B.V.
File type ASCII text, with very long lines (38971)
Hash 7e0e3e48bd85cdf4041d04d6d265622a
06bd818fbba909a62546da78470bc01fd813076e
b6f4ece3f288037b58e9803601d45e812775c0140f09d7860574f6c56781ec1c
GET /wro/viewjs-9c29d4e653e865831dc028fdac7e7dfff3be049e.css HTTP/1.1
Host: www1.zippyshare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/v/OTQQDp7l/file.html
Cookie: JSESSIONID=BE908CD95393D2E026F30971190DC867; zippop=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Type: text/css
Content-Length: 66707
Connection: keep-alive
Cache-Control: public, max-age=259200000
Expires: Sun, 24 Nov 2030 12:28:58 GMT
Accept-Ranges: bytes
ETag: W/"207098-1654675203000"
Last-Modified: Wed, 08 Jun 2022 08:00:03 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
www1.zippyshare.com/ads.js
200 OK 138 B URL HTTP/1.1 www1.zippyshare.com/ads.js
IP
ASN #43350 NForce Entertainment B.V.
Hash 80ce0db0d04307c0a7e7bfbe492e329d
f8efbdda6799a957baa59e907d466dbc3fd7be90
da32bd619e9f9cf48c390020230b751333e2a402fce01635102f340a39f88113
GET /ads.js HTTP/1.1
Host: www1.zippyshare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/v/OTQQDp7l/file.html
Cookie: JSESSIONID=BE908CD95393D2E026F30971190DC867; zippop=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Type: application/javascript
Content-Length: 138
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"157-1654675202000"
Last-Modified: Wed, 08 Jun 2022 08:00:02 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 21d1b5be072df45253749eeb3290be82
4ac9978797c085289b9fcc2fe9a57b619e1c78c9
9ea779e1ad86a4a7c403b574908e2dc60d079b366ab1cf439b34c73c9a9c64c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 12:28:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www1.zippyshare.com/sw.js
200 OK 40 kB URL HTTP/1.1 www1.zippyshare.com/sw.js
IP
ASN #43350 NForce Entertainment B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 8eb407280763dcf09beecf329aa120cb
188a5ee64fff4cca2640944ee7bee5c98472fad2
e274b58ce593d021577bd2900e8377acfe92c1af4132ad52b78ee6d07149c6b7
GET /sw.js HTTP/1.1
Host: www1.zippyshare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/v/OTQQDp7l/file.html
Cookie: JSESSIONID=BE908CD95393D2E026F30971190DC867; zippop=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Type: application/javascript
Content-Length: 39747
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"103046-1660075830000"
Last-Modified: Tue, 09 Aug 2022 20:10:30 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
www.google.com/recaptcha/api.js?render=explicit
200 OK 554 B URL HTTP/2 www.google.com/recaptcha/api.js?render=explicit
IP
File type ASCII text, with very long lines (852), with no line terminators
Hash 6e4a38cd105b9075bf2c5d9e4e303181
d787656a4cbb4e51d66e270524dac034bb31a706
3d056e6dd956553d8c40c314c36d92c4306b9a59ccbb05ffd7f26281da7caf16
GET /recaptcha/api.js?render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Wed, 07 Sep 2022 12:28:58 GMT
date: Wed, 07 Sep 2022 12:28:58 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 554
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www1.zippyshare.com/wro/viewjs-5c4b087e763baf82dfed5e75dc71d50f709ecb00.js
200 OK 148 kB URL HTTP/1.1 www1.zippyshare.com/wro/viewjs-5c4b087e763baf82dfed5e75dc71d50f709ecb00.js
IP
ASN #43350 NForce Entertainment B.V.
File type ASCII text, with very long lines (65535)
Size 148 kB (147861 bytes)
Hash 1dd393cf506e088f2a0b45a37beabda7
384796f00e05bce54b4bcae1f2dd4e5d0c5c478a
c9420067db3629caab61a3e5983ef9b303d24913f01c2a3307ee0e392cc87616
GET /wro/viewjs-5c4b087e763baf82dfed5e75dc71d50f709ecb00.js HTTP/1.1
Host: www1.zippyshare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/v/OTQQDp7l/file.html
Cookie: JSESSIONID=BE908CD95393D2E026F30971190DC867; zippop=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Type: application/javascript
Content-Length: 147861
Connection: keep-alive
Cache-Control: public, max-age=259200000
Expires: Sun, 24 Nov 2030 12:28:58 GMT
Accept-Ranges: bytes
ETag: W/"478725-1654675203000"
Last-Modified: Wed, 08 Jun 2022 08:00:03 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
ocsp.sectigo.com/
200 OK 471 B IP
Hash 44cf810117ad19a7d07f5e44ab1d0bc7
89c5cac1fd0fad8b51e4508ea75d2321459ea994
1a332b57d049093e77f51c1678ce0db81fd4d5565b81eddb1c233eeb9cb9e081
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 17:03:57 GMT
Expires: Mon, 12 Sep 2022 17:03:56 GMT
Etag: "89c5cac1fd0fad8b51e4508ea75d2321459ea994"
Cache-Control: max-age=447897,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 746f7282eb35b515-OSL
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8fc7316fab55e89a81536e926eab6f83
7fcab743b176312e76999b39a1b2a3b97dbeb10f
8178b9805611209f5c47dce32da555117870a90648e026d08cc691a4103169a7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 12:28:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
200 OK 471 B IP
Hash 44cf810117ad19a7d07f5e44ab1d0bc7
89c5cac1fd0fad8b51e4508ea75d2321459ea994
1a332b57d049093e77f51c1678ce0db81fd4d5565b81eddb1c233eeb9cb9e081
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 17:03:57 GMT
Expires: Mon, 12 Sep 2022 17:03:56 GMT
Etag: "89c5cac1fd0fad8b51e4508ea75d2321459ea994"
Cache-Control: max-age=447897,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 746f7282edf5b503-OSL
ocsp.sectigo.com/
200 OK 471 B IP
Hash 44cf810117ad19a7d07f5e44ab1d0bc7
89c5cac1fd0fad8b51e4508ea75d2321459ea994
1a332b57d049093e77f51c1678ce0db81fd4d5565b81eddb1c233eeb9cb9e081
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 17:03:57 GMT
Expires: Mon, 12 Sep 2022 17:03:56 GMT
Etag: "89c5cac1fd0fad8b51e4508ea75d2321459ea994"
Cache-Control: max-age=447897,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 746f7282d9b01bfe-OSL
ds88pc0kw6cvc.cloudfront.net/?kcpsd=843055
200 OK 50 kB URL HTTP/2 ds88pc0kw6cvc.cloudfront.net/?kcpsd=843055
IP
File type Unicode text, UTF-8 text, with very long lines (15952)
Hash fa8f4739766c8441bb6fa30e94aeb3f9
30c2be1dc30c92cdebe2dc445b202470ceba582f
020199ef57013772c4c0ebb926ef186881407bc5349db4568490e527a8a33412
GET /?kcpsd=843055 HTTP/1.1
Host: ds88pc0kw6cvc.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 49664
date: Wed, 07 Sep 2022 12:28:58 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eVY3FekKHsni9WKX4TcrSLhWSgUqxg08HQ6vtZc6XlWQWiYklKp3Jw==
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Wed, 07 Sep 2022 11:38:18 GMT
Expires: Wed, 07 Sep 2022 12:02:39 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: hrqcm3EZgVas4rqxAfh0eP0o9tEfIDnnYN-YDXqs7c-D3W0d3bSf0A==
Age: 3040
ocsp.sectigo.com/
200 OK 471 B IP
Hash 44cf810117ad19a7d07f5e44ab1d0bc7
89c5cac1fd0fad8b51e4508ea75d2321459ea994
1a332b57d049093e77f51c1678ce0db81fd4d5565b81eddb1c233eeb9cb9e081
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 17:03:57 GMT
Expires: Mon, 12 Sep 2022 17:03:56 GMT
Etag: "89c5cac1fd0fad8b51e4508ea75d2321459ea994"
Cache-Control: max-age=447897,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 746f72847d41b515-OSL
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 217210205c7564b6e22fdf1c0e5683e0
1b87b4c44e48d70acc0884d410cf45371bdeae7a
a969deede58c8c0229d7bced1c2d7f63f622f4c1bef5e5348ae9b49bf603653e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A969DEEDE58C8C0229D7BCED1C2D7F63F622F4C1BEF5E5348AE9B49BF603653E"
Last-Modified: Sun, 04 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11845
Expires: Wed, 07 Sep 2022 15:46:24 GMT
Date: Wed, 07 Sep 2022 12:28:59 GMT
Connection: keep-alive
d10lumateci472.cloudfront.net/?amuld=726474
200 OK 36 kB URL HTTP/2 d10lumateci472.cloudfront.net/?amuld=726474
IP
File type Unicode text, UTF-8 text, with very long lines (15478)
Hash 4211f20ba846061c1a3531d75daf95f0
f187fb44017cb825e8df2a16b76507feddb85182
f1df5991c077cc0f6112a111937664a2b06088efea352536f06fbbe13803f654
GET /?amuld=726474 HTTP/1.1
Host: d10lumateci472.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 36045
date: Wed, 07 Sep 2022 12:28:58 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Ura3ZHQzVsfYpuk748D7Z53-Lc7ordzSYHa_o_7NTKwm5jeE2GDSfQ==
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash a81b0f5b5d11bf95fc176833b2f6e808
5b194aa5a8bf3a6b0d117ccfd0f487f6db0587b5
8f6ae83f2b85db7174bbbc6553e2921617b5c8a401315e76082682949a0bd9cc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6407
Cache-Control: max-age=163471
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 12:28:59 GMT
Etag: "63185113-1d7"
Expires: Fri, 09 Sep 2022 09:53:30 GMT
Last-Modified: Wed, 07 Sep 2022 08:06:43 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
www1.zippyshare.com/images/favicon2.ico
200 OK 0 B URL HTTP/1.1 www1.zippyshare.com/images/favicon2.ico
IP
ASN #43350 NForce Entertainment B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/favicon2.ico HTTP/1.1
Host: www1.zippyshare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/v/OTQQDp7l/file.html
Cookie: JSESSIONID=BE908CD95393D2E026F30971190DC867; zippop=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Sep 2022 12:28:59 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Cache-Control: public, max-age=25920000
Expires: Tue, 04 Jul 2023 12:28:59 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e2ca116024ab3d704589eaba49335429
126495627ba357d0d5ea084f6c4a9ef42373dee7
b50227312aab2253d40cf00929138236131faf61e079e2ffcc5ab6a44749e52f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B50227312AAB2253D40CF00929138236131FAF61E079E2FFCC5AB6A44749E52F"
Last-Modified: Tue, 06 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11119
Expires: Wed, 07 Sep 2022 15:34:18 GMT
Date: Wed, 07 Sep 2022 12:28:59 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 94c5cd787f9c2e677a63add589d37eeb
716f5f9a889f43f9dfd91afcca69a4551bebc827
dca99aa64d1b91c4368d043f519d2c6b3f99c5a8b5a6610076ce1de2b04818ee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "DCA99AA64D1B91C4368D043F519D2C6B3F99C5A8B5A6610076CE1DE2B04818EE"
Last-Modified: Tue, 06 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3900
Expires: Wed, 07 Sep 2022 13:33:59 GMT
Date: Wed, 07 Sep 2022 12:28:59 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 94c5cd787f9c2e677a63add589d37eeb
716f5f9a889f43f9dfd91afcca69a4551bebc827
dca99aa64d1b91c4368d043f519d2c6b3f99c5a8b5a6610076ce1de2b04818ee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "DCA99AA64D1B91C4368D043F519D2C6B3F99C5A8B5A6610076CE1DE2B04818EE"
Last-Modified: Tue, 06 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3900
Expires: Wed, 07 Sep 2022 13:33:59 GMT
Date: Wed, 07 Sep 2022 12:28:59 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 94c5cd787f9c2e677a63add589d37eeb
716f5f9a889f43f9dfd91afcca69a4551bebc827
dca99aa64d1b91c4368d043f519d2c6b3f99c5a8b5a6610076ce1de2b04818ee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "DCA99AA64D1B91C4368D043F519D2C6B3F99C5A8B5A6610076CE1DE2B04818EE"
Last-Modified: Tue, 06 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3900
Expires: Wed, 07 Sep 2022 13:33:59 GMT
Date: Wed, 07 Sep 2022 12:28:59 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 94c5cd787f9c2e677a63add589d37eeb
716f5f9a889f43f9dfd91afcca69a4551bebc827
dca99aa64d1b91c4368d043f519d2c6b3f99c5a8b5a6610076ce1de2b04818ee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "DCA99AA64D1B91C4368D043F519D2C6B3F99C5A8B5A6610076CE1DE2B04818EE"
Last-Modified: Tue, 06 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3900
Expires: Wed, 07 Sep 2022 13:33:59 GMT
Date: Wed, 07 Sep 2022 12:28:59 GMT
Connection: keep-alive
ayassociallya.xyz/UGtBdEV/VCIHeAQsCEUIFCFkRgcHDAQ2Bj45EDYiOyokGCYdKiYlYyQCJUlyYl11Q3F2GygQeGJSZwcxMR80B3hhTSgaIz9WZwJ4YUVxWnBpRXBSMG1aZwA1MQx8RWMgHzUYeGFdd0ZwZVh2R3dmWHM
204 No Content 0 B URL HTTP/2 ayassociallya.xyz/UGtBdEV/VCIHeAQsCEUIFCFkRgcHDAQ2Bj45EDYiOyokGCYdKiYlYyQCJUlyYl11Q3F2GygQeGJSZwcxMR80B3hhTSgaIz9WZwJ4YUVxWnBpRXBSMG1aZwA1MQx8RWMgHzUYeGFdd0ZwZVh2R3dmWHM
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /UGtBdEV/VCIHeAQsCEUIFCFkRgcHDAQ2Bj45EDYiOyokGCYdKiYlYyQCJUlyYl11Q3F2GygQeGJSZwcxMR80B3hhTSgaIz9WZwJ4YUVxWnBpRXBSMG1aZwA1MQx8RWMgHzUYeGFdd0ZwZVh2R3dmWHM HTTP/1.1
Host: ayassociallya.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Sep 2022 12:28:59 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lkV7yy7Y6iV8OZj1ap5fUQm6bhUmgi538uRnhy4LImnN7u2GFjkZRvlCm0FF5zcUNvx1iChHJ7JzlYJhC2z4kQY0Ry8VzK0%2BpRlnLtwOQUQnKRiYg9%2F9%2FFNDUbCkRrfiEKes4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f72868ab0b524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ayassociallya.xyz/b2IycHdAXVEDSgxRZDsUOAZ3IT8DJ2QbISEEZyoiPidwRiQ5WhQEHgtfCkREX1cHVgcGBg9DRUkRRhEDGhEPQkdfVRQZGQkND0JRGV8CXk9BWxxBURpfA1YDHwNVTUZJEkYEG1JTBEZFWlcBR0RdVARJ
204 No Content 0 B URL HTTP/2 ayassociallya.xyz/b2IycHdAXVEDSgxRZDsUOAZ3IT8DJ2QbISEEZyoiPidwRiQ5WhQEHgtfCkREX1cHVgcGBg9DRUkRRhEDGhEPQkdfVRQZGQkND0JRGV8CXk9BWxxBURpfA1YDHwNVTUZJEkYEG1JTBEZFWlcBR0RdVARJ
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b2IycHdAXVEDSgxRZDsUOAZ3IT8DJ2QbISEEZyoiPidwRiQ5WhQEHgtfCkREX1cHVgcGBg9DRUkRRhEDGhEPQkdfVRQZGQkND0JRGV8CXk9BWxxBURpfA1YDHwNVTUZJEkYEG1JTBEZFWlcBR0RdVARJ HTTP/1.1
Host: ayassociallya.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Sep 2022 12:28:59 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7MXA3JiWFMB5RjGMXVy%2BxoqxMocpBH2lFISfESLSjXeh1k5nIOOCvW1KsWdBkDEDDZSP3%2FpyNBlBYB9TqHjDRidj6jSDYKmndSqMthZ5u%2FjXDBCg2vze9%2FVYcpQhSW6w5dCWnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f72869ac4b524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ayassociallya.xyz/cWN4VmFeXBslXCs0F2QCGlYrDhYnKx5nLyIiLQBYJw9AETIfOl4iCBVeQGJSQVZNcBEYB0VlU1cQDDcVBBBFZ0cYDR45XFcVRWZPSU1BeFBXFkVnRwUTGTFcQEUIIhUdXklgV0NWTWVWQlFOYFY
204 No Content 0 B URL HTTP/2 ayassociallya.xyz/cWN4VmFeXBslXCs0F2QCGlYrDhYnKx5nLyIiLQBYJw9AETIfOl4iCBVeQGJSQVZNcBEYB0VlU1cQDDcVBBBFZ0cYDR45XFcVRWZPSU1BeFBXFkVnRwUTGTFcQEUIIhUdXklgV0NWTWVWQlFOYFY
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cWN4VmFeXBslXCs0F2QCGlYrDhYnKx5nLyIiLQBYJw9AETIfOl4iCBVeQGJSQVZNcBEYB0VlU1cQDDcVBBBFZ0cYDR45XFcVRWZPSU1BeFBXFkVnRwUTGTFcQEUIIhUdXklgV0NWTWVWQlFOYFY HTTP/1.1
Host: ayassociallya.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Sep 2022 12:28:59 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yPjosMw7ZIPZVvG2QDOZRhvoShlWJ5UFOESx%2BUyzzXuM8H4sS7VcyBRJ%2BbUb%2Fw8L5Tix0QqJT7AyUkm%2F%2FNLB4pmZoas13PYEBdub7kTOC7oY0AvilLI5HBF65z4kJtj5Mu2Q9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f72869ac7b524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
replacementportugueserecollection.com/1d/35/84/1d3584ff950f38d5b2e10bc2994be620.js
200 OK 17 kB URL HTTP/1.1 replacementportugueserecollection.com/1d/35/84/1d3584ff950f38d5b2e10bc2994be620.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (53759), with no line terminators
Hash cecbff92dca8cc2e8e2ac8114842f9c4
79c921828353d2fb5f3712746eef1a9c90ba6e8e
c56a980ada08cbb3b13aaf74eb7aa5ee165c48562807470968b993d9ddc7c81b
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /1d/35/84/1d3584ff950f38d5b2e10bc2994be620.js HTTP/1.1
Host: replacementportugueserecollection.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 07 Sep 2022 12:28:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f1ce18ca2cf87295de9cdcd5b4d05536
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ayassociallya.xyz/WWVKMTN2WilCDgpVewRnDityVHYpUR9fAmgxJEFiPC0ie1cPFmxFWj1YcgUAaVB/F0MwAXcCAX8WPlBHLBZ3AwNpUmxYXT8KdwMVL1h6Hwt3XGQAFSxYexdHKQQtDAJ/FT5FX2RUfAcBbFB5BgBrUn4G
204 No Content 0 B URL HTTP/2 ayassociallya.xyz/WWVKMTN2WilCDgpVewRnDityVHYpUR9fAmgxJEFiPC0ie1cPFmxFWj1YcgUAaVB/F0MwAXcCAX8WPlBHLBZ3AwNpUmxYXT8KdwMVL1h6Hwt3XGQAFSxYexdHKQQtDAJ/FT5FX2RUfAcBbFB5BgBrUn4G
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /WWVKMTN2WilCDgpVewRnDityVHYpUR9fAmgxJEFiPC0ie1cPFmxFWj1YcgUAaVB/F0MwAXcCAX8WPlBHLBZ3AwNpUmxYXT8KdwMVL1h6Hwt3XGQAFSxYexdHKQQtDAJ/FT5FX2RUfAcBbFB5BgBrUn4G HTTP/1.1
Host: ayassociallya.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
date: Wed, 07 Sep 2022 12:28:59 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t080ThhYgQah9fHOj3rGGmlxC9W7j4EkiQVuNS%2BKdYmQH4PlV2ertZyB3B7NVfOqa46nVtGnw%2BiUV4q8j4Sw8EcKzPjx8mMOGf43FeCLwkDhl%2BYpobmhyPTVNCCPIdGqc%2BH7fA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f7286db4db524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ayassociallya.xyz/popunder.gif
200 OK 379 B URL HTTP/2 ayassociallya.xyz/popunder.gif
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ec1d0f1f6cde1c434cb72dec89939b97
d77296754de8d6c01c094a829da4908b411fd467
8eb4e9bdcb0b49e0964df2c5f316d92012dfcf65db0a09465c63e25c1349a11f
GET /popunder.gif HTTP/1.1
Host: ayassociallya.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Sep 2022 12:28:59 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 62539
last-modified: Tue, 06 Sep 2022 19:06:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cnc3m6q1qvRYs2hPWnUugG%2Feo0PCTyUPTym%2BrOI2pSmSO3jLJTIN06WoQFIagsPvMaO67tVuoTdIOoyRtCz%2FIfqZhbCUMijuG1g18oSvXTNcqw7kjfUSF979kgWgfylfLi6hlw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746f72869ac2b524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: k4IldhRw9w9WS+72YBPIFQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iI0Smw9YlWB7nds2v8R3dP7IeIc=
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 755d1fd74081f3e99659c84174b8e14a
4f4f5de2af1fc99132c6d383199143445dd49760
806b4dc0d17eb4c071e4561b90e626fe75648b3440a193d7a8069ba8bd016af6
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 07 Sep 2022 12:28:59 GMT
Last-Modified: Wed, 07 Sep 2022 11:57:44 GMT
Server: ECS (dcb/7FA7)
X-Cache: Miss from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: g3tLBtBLDbW-vDLNCVz1hy5A7yrVTHRQoP-NVlNcHvtVBI7dc3MkBQ==
Age: 1875
www1.zippyshare.com/sw.js?b1c2U240dQFhX1lkAXFCTXUacQtfZQ5rWAlhG2YPCWcbZwpYZRtqWV41G2cPV2QBZVlcYQFmD017FDVdWTRUalwMegRgXQ16AmteC3oPalhfeg5gX1gyVTFZDmZUZExDdUUkTEN1XSALBz5YOAcbIBg7DwYlFH9MXmcYZkxDMVc%2EHQp7UDICHDIaNQ8DJFMO
200 OK 40 kB URL HTTP/1.1 www1.zippyshare.com/sw.js?b1c2U240dQFhX1lkAXFCTXUacQtfZQ5rWAlhG2YPCWcbZwpYZRtqWV41G2cPV2QBZVlcYQFmD017FDVdWTRUalwMegRgXQ16AmteC3oPalhfeg5gX1gyVTFZDmZUZExDdUUkTEN1XSALBz5YOAcbIBg7DwYlFH9MXmcYZkxDMVc%2EHQp7UDICHDIaNQ8DJFMO
IP
ASN #43350 NForce Entertainment B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 8eb407280763dcf09beecf329aa120cb
188a5ee64fff4cca2640944ee7bee5c98472fad2
e274b58ce593d021577bd2900e8377acfe92c1af4132ad52b78ee6d07149c6b7
GET /sw.js?b1c2U240dQFhX1lkAXFCTXUacQtfZQ5rWAlhG2YPCWcbZwpYZRtqWV41G2cPV2QBZVlcYQFmD017FDVdWTRUalwMegRgXQ16AmteC3oPalhfeg5gX1gyVTFZDmZUZExDdUUkTEN1XSALBz5YOAcbIBg7DwYlFH9MXmcYZkxDMVc%2EHQp7UDICHDIaNQ8DJFMO HTTP/1.1
Host: www1.zippyshare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: JSESSIONID=BE908CD95393D2E026F30971190DC867; zippop=1; zippyadb=0
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Sep 2022 12:28:59 GMT
Content-Type: application/javascript
Content-Length: 39747
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"103046-1660075830000"
Last-Modified: Tue, 09 Aug 2022 20:10:30 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 61a1d49aa535963841c587d8263dd108
0efb6da29383ab32455f2df3490eb3cb2c27ae81
604f30f23d59dfe745af62dfe586c0135acd11f5c369298abca51ed81a20a2a2
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "604F30F23D59DFE745AF62DFE586C0135ACD11F5C369298ABCA51ED81A20A2A2"
Last-Modified: Mon, 05 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10307
Expires: Wed, 07 Sep 2022 15:20:46 GMT
Date: Wed, 07 Sep 2022 12:28:59 GMT
Connection: keep-alive
ocsp.sectigo.com/
200 OK 471 B IP
Hash 5c09727079ff1a8e19a29f5bae9ed9b4
eb0353a271fdadd5a5c07acffebc655c7178083e
2549f25828eae4e2366e9f469e8e0c9c0d9cfe3314aae7615d2ba5fb257483d9
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 12:28:59 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 11:32:38 GMT
Expires: Mon, 12 Sep 2022 11:32:37 GMT
Etag: "eb0353a271fdadd5a5c07acffebc655c7178083e"
Cache-Control: max-age=428017,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 746f728998ccb503-OSL
ablesasmetotr.monster/utx?tid=721637&top=www1.zippyshare.com&cb=ttrNTyK5MWVV
204 No Content 0 B URL HTTP/2 ablesasmetotr.monster/utx?tid=721637&top=www1.zippyshare.com&cb=ttrNTyK5MWVV
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?tid=721637&top=www1.zippyshare.com&cb=ttrNTyK5MWVV HTTP/1.1
Host: ablesasmetotr.monster
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Sep 2022 12:28:59 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www1.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 07 Sep 2022 12:29:59 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: agK5r-q-4Mm9VY7K7jrqfdq5N--O4sjAWRREOZZusVMyEL_McKxj8Q==
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 20b4a35460e98cbd00ad5e45a731af89
674d6776ac8dabaecfdeb50932d7132a2e30ff2b
552630dd7a6f6d55724bb33ba44222215265f19da0fd4c9c69f716e7fc26655d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "552630DD7A6F6D55724BB33BA44222215265F19DA0FD4C9C69F716E7FC26655D"
Last-Modified: Wed, 07 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11563
Expires: Wed, 07 Sep 2022 15:41:42 GMT
Date: Wed, 07 Sep 2022 12:28:59 GMT
Connection: keep-alive
ksehinkitw.hair/
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: ksehinkitw.hair
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 386
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
ksehinkitw.hair/bjRndjk1FlBECFgHUFQVTBZLVFxeBl9ODwgCSkNYCARKQl1ZBkpPDl9WSkJYVgdQQA5dAlBDWEwYRRAKWFcFTwsNGVVFCgwZU04JChleTw9eGV9FCFlRBBQODwUFQRtCFhQBG0IWDAVcBl0JHVAaQ0keWAdGRVobXwRJQxtCUgYaSgsYARdVHVFLEFgCRwIr
200 OK 13 kB URL HTTP/2 ksehinkitw.hair/bjRndjk1FlBECFgHUFQVTBZLVFxeBl9ODwgCSkNYCARKQl1ZBkpPDl9WSkJYVgdQQA5dAlBDWEwYRRAKWFcFTwsNGVVFCgwZU04JChleTw9eGV9FCFlRBBQODwUFQRtCFhQBG0IWDAVcBl0JHVAaQ0keWAdGRVobXwRJQxtCUgYaSgsYARdVHVFLEFgCRwIr
IP
File type ASCII text, with very long lines (33861), with no line terminators
Hash b4714fa6341973c277b3e8aa13685c37
2b42ddebb10817acf687bb46db8b0d5d7b97079a
fd9608ab0357fec5261d34780526e2387a6524c38d0adea41bfe8d8833a2426c
GET /bjRndjk1FlBECFgHUFQVTBZLVFxeBl9ODwgCSkNYCARKQl1ZBkpPDl9WSkJYVgdQQA5dAlBDWEwYRRAKWFcFTwsNGVVFCgwZU04JChleTw9eGV9FCFlRBBQODwUFQRtCFhQBG0IWDAVcBl0JHVAaQ0keWAdGRVobXwRJQxtCUgYaSgsYARdVHVFLEFgCRwIr HTTP/1.1
Host: ksehinkitw.hair
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: e7c79b94dc38c5e879e841798b37cd65=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8445-aqT7XLTMp2xGL4eF+3rAv4uEPR4"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ksehinkitw.hair/
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: ksehinkitw.hair
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www1.zippyshare.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://www1.zippyshare.com
Content-Length: 348
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
perryvolleyball.com/ca/66/21/ca6621f64bcdfd0a5aa2af7c57675832.js
200 OK 13 kB URL HTTP/1.1 perryvolleyball.com/ca/66/21/ca6621f64bcdfd0a5aa2af7c57675832.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37142), with no line terminators
Hash 8274745a3886d49cea4027475ab6735c
b4d6262561d6a08c58fd500e5cea75b3321bda43
30d0479b28b9bf3c8c272133540b33876fe8e2260b973a0e9a849651ad392f81
Analyzer Verdict Alert quad9 Sinkholed
GET /ca/66/21/ca6621f64bcdfd0a5aa2af7c57675832.js HTTP/1.1
Host: perryvolleyball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Sep 2022 12:29:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2b9f54b44f1e1c084a62f085aa4a2f93
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4c0819a8e339996a6226b5838907e58c
0e18fc163874b2c97dde9bb2dc4e1f27d4c4981d
4faf02ccb2693370b69139baeb5f5731d96309f5e2469a7dc560a3b6563b0a8f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FAF02CCB2693370B69139BAEB5F5731D96309F5E2469A7DC560A3B6563B0A8F"
Last-Modified: Wed, 07 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11635
Expires: Wed, 07 Sep 2022 15:42:55 GMT
Date: Wed, 07 Sep 2022 12:29:00 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash bb439f59c8d155bc837839ed089c527d
36c9258bd9882ebf12a46b04439f6b50d4be5b46
9928d01dd1e2c94b3dd9803cce428a5926cf0ad1196bae92c266022e8ef4ee4e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 07 Sep 2022 12:29:00 GMT
Last-Modified: Wed, 07 Sep 2022 12:01:57 GMT
Server: ECS (nyb/1D15)
X-Cache: Miss from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 66Z5siLghmVtOPO9-qcTiKBoFbOT-LL0E4fQ7198q48tsdORcvgUDg==
Age: 1623
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 2e117bd5447db2295c89b2acd50ea2ad
5cafbce9081ecf9a9284d245522dbaa3549ed99f
35965d852f2830f49264b55377f5d1ec75010989a61ceb735414c363691985af
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Sep 2022 12:29:00 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www1.zippyshare.com
access-control-allow-credentials: true
set-cookie: uid_id2=eb8d8101-db77-4943-a551-47fd18247ef8:3:1; expires=Sat, 04 Sep 2032 12:29:00 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
www.maxonclick.com/a/display.php?r=1142801
200 OK 6.1 kB URL HTTP/2 www.maxonclick.com/a/display.php?r=1142801
IP
Hash e6aab8334a1facc10aade476eb92b688
5c5aba3d17d55651879d6879bf4300dba422df70
877eeccb305abbde6bd799c44bd1ef51f062aacc6c4ac3f2d6bc37eab6e254dd
GET /a/display.php?r=1142801 HTTP/1.1
Host: www.maxonclick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Wed, 07 Sep 2022 12:28:58 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
creepingbrings.com/sfp.js
200 OK 140 kB URL HTTP/2 creepingbrings.com/sfp.js
IP
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size 140 kB (139485 bytes)
Hash 6e9cfa0bd973b5d3ffa32c4fab5d2623
c9e270650ce01f5aff4c47220eaf61414b677413
a4724865c76f82a2561fff7243f13000595daf8dc337dbf647a06455a41711ac
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Sep 2022 12:29:00 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 495b684b49dcaf97250277a2bc3ffeba
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 07 Sep 2022 12:29:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZKfOsFpAu%2F%2FOnTywOIpwjZoCPVVvPAnnFFNZTKk%2BRNVl4JtK0E6WwNu3J1FABgE0Vr7fqp%2FqMrTUqsIzbMaNh1L04MeUMfK8PwOKELgicss97f4OcdQ2phIG8sCffZ3NSo%2FgjDg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746f728cbfebdd83-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 5c0465ff9b3ac1a41eb8497485bc27fe
d4442d741e8d2278901ff9565b895790b7b7acfb
c8db2779b77f006e79da5fbac511fd2e3978dac73c6533a307742ac09585278a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C8DB2779B77F006E79DA5FBAC511FD2E3978DAC73C6533A307742AC09585278A"
Last-Modified: Wed, 07 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9780
Expires: Wed, 07 Sep 2022 15:12:00 GMT
Date: Wed, 07 Sep 2022 12:29:00 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 5c0465ff9b3ac1a41eb8497485bc27fe
d4442d741e8d2278901ff9565b895790b7b7acfb
c8db2779b77f006e79da5fbac511fd2e3978dac73c6533a307742ac09585278a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C8DB2779B77F006E79DA5FBAC511FD2E3978DAC73C6533A307742AC09585278A"
Last-Modified: Wed, 07 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9780
Expires: Wed, 07 Sep 2022 15:12:00 GMT
Date: Wed, 07 Sep 2022 12:29:00 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 5c0465ff9b3ac1a41eb8497485bc27fe
d4442d741e8d2278901ff9565b895790b7b7acfb
c8db2779b77f006e79da5fbac511fd2e3978dac73c6533a307742ac09585278a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C8DB2779B77F006E79DA5FBAC511FD2E3978DAC73C6533A307742AC09585278A"
Last-Modified: Wed, 07 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9780
Expires: Wed, 07 Sep 2022 15:12:00 GMT
Date: Wed, 07 Sep 2022 12:29:00 GMT
Connection: keep-alive
d24ak3f2b.top/advertisers.js
200 OK 0 B URL HTTP/1.1 d24ak3f2b.top/advertisers.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /advertisers.js HTTP/1.1
Host: d24ak3f2b.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Sep 2022 12:29:00 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash eb53024bbd41c1d8f88fa7b9becb704a
c87f5ac53cff6e3436c15551f8092f1e0215cb79
f2f589c71f9426ead1c60e4707982aa501b785a6040c95214db905a5cff8a777
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 12:29:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
crrepo.com/extban/278371020/creatives/23426596/e192295018ae5357d1c5b67ef5e985ad_3890.jpg
200 OK 279 kB URL HTTP/2 crrepo.com/extban/278371020/creatives/23426596/e192295018ae5357d1c5b67ef5e985ad_3890.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Size 279 kB (279065 bytes)
Hash 1b18c6a95c158fd369f08ceb8547d0b4
c90ab5cad8545dc8254e9c68cd96636b1ba3cb17
748c0763b427bf55fb8e862f9d7968ef5138c75821c115aa5c0ef07bb8dd9293
GET /extban/278371020/creatives/23426596/e192295018ae5357d1c5b67ef5e985ad_3890.jpg HTTP/1.1
Host: crrepo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.maxonclick.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Sep 2022 12:28:59 GMT
content-type: image/jpeg
last-modified: Thu, 03 Mar 2022 16:56:37 GMT
etag: W/"6220f345-1d8b1"
via: 1.1 google
cache-control: max-age=14400
cf-cache-status: HIT
age: 3126
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dyTMX0Gbz9qJxiF1Il0bJCalrQwg%2FSMDx%2Fx%2FQnoKL2jN5bl2%2F2lj4N4%2FurOP%2Fg2I%2FKiq1ORIdZ0VK5dQyGgpJEfjrACB0EfdvMo%2FeoDSJjnx1WTN6WZ9J3%2BWqOyj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746f728828e5dd80-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash eb53024bbd41c1d8f88fa7b9becb704a
c87f5ac53cff6e3436c15551f8092f1e0215cb79
f2f589c71f9426ead1c60e4707982aa501b785a6040c95214db905a5cff8a777
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 12:29:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ds88pc0kw6cvc.cloudfront.net/Vc2dJTXEQCCcrTgcOLXBJR1R5eERVDToiHwNaDzgGCQocISMZEg50MykSbzkLF1p5ax0SCS5wVxYJKnBAVQYtL0xDQT09HhhaPCMVFgEgIxQXQTwsTB4IMyQdHwZsfzdGSXloQ0NPMXxAVlQLaENDCyAjBAtCe30JS1EWe0VWVAtoQ0MVP2hCMl5/Y0FaQn-t9FhYEIiJUQSF7fUBDV3h9QFZVeSsYAQIvIglWVQ90R11XbzhMQg
200 OK 366 B URL HTTP/2 ds88pc0kw6cvc.cloudfront.net/Vc2dJTXEQCCcrTgcOLXBJR1R5eERVDToiHwNaDzgGCQocISMZEg50MykSbzkLF1p5ax0SCS5wVxYJKnBAVQYtL0xDQT09HhhaPCMVFgEgIxQXQTwsTB4IMyQdHwZsfzdGSXloQ0NPMXxAVlQLaENDCyAjBAtCe30JS1EWe0VWVAtoQ0MVP2hCMl5/Y0FaQn-t9FhYEIiJUQSF7fUBDV3h9QFZVeSsYAQIvIglWVQ90R11XbzhMQg
IP
File type ASCII text, with very long lines (459), with no line terminators
Hash 85155a2d0e4382b67999e00dc38b9baa
f684ef8fc5c62ce0c3e790e26852d03c714b411d
ab3f58bc416ce7a8129e351907dbac8f08ae26e6d55d4b578dbfe788f2636e1f
GET /Vc2dJTXEQCCcrTgcOLXBJR1R5eERVDToiHwNaDzgGCQocISMZEg50MykSbzkLF1p5ax0SCS5wVxYJKnBAVQYtL0xDQT09HhhaPCMVFgEgIxQXQTwsTB4IMyQdHwZsfzdGSXloQ0NPMXxAVlQLaENDCyAjBAtCe30JS1EWe0VWVAtoQ0MVP2hCMl5/Y0FaQn-t9FhYEIiJUQSF7fUBDV3h9QFZVeSsYAQIvIglWVQ90R11XbzhMQg HTTP/1.1
Host: ds88pc0kw6cvc.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 366
date: Wed, 07 Sep 2022 12:29:00 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ORskuiBGEQNT11GHu592gQt1iRpwh360L4VWco3U0Zx_OHlwxtSJaQ==
X-Firefox-Spdy: h2
opertyvaluat.autos/utx?cb=ay0f1GtqFwDM&top=www1.zippyshare.com&tid=726474
204 No Content 0 B URL HTTP/2 opertyvaluat.autos/utx?cb=ay0f1GtqFwDM&top=www1.zippyshare.com&tid=726474
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=ay0f1GtqFwDM&top=www1.zippyshare.com&tid=726474 HTTP/1.1
Host: opertyvaluat.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Sep 2022 12:29:00 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www1.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 07 Sep 2022 12:30:00 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GPc5UHSJ1-BeLAZJrKeQjc24wB12AJy_6SBqdSMP-HXRu_lq4fEYhQ==
X-Firefox-Spdy: h2
z.moatads.com/addthismoatframe568911941483/moatframe.js
200 OK 948 B URL HTTP/2 z.moatads.com/addthismoatframe568911941483/moatframe.js
IP
File type ASCII text, with very long lines (523)
Hash f14b4e1f799b14f798a195f43cf58376
b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86
92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac
GET /addthismoatframe568911941483/moatframe.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
x-amz-request-id: 61EC92F13BB22DD4
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-type: application/x-javascript
content-length: 948
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=12297
date: Wed, 07 Sep 2022 12:29:00 GMT
X-Firefox-Spdy: h2
opertyvaluat.autos/multi?cs=c3lkbGlBQVBdUUtLV1VbRUxdXl8&abt=0&red=1&sm=76&k=zippyshare%20bondage%20lily&v=1.0.59.1&sts=0&prn=0&emb=0&tid=726474&fs=1&ref=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_bIvA=1662553732750&crc=1
200 OK 1.6 kB URL HTTP/2 opertyvaluat.autos/multi?cs=c3lkbGlBQVBdUUtLV1VbRUxdXl8&abt=0&red=1&sm=76&k=zippyshare%20bondage%20lily&v=1.0.59.1&sts=0&prn=0&emb=0&tid=726474&fs=1&ref=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_bIvA=1662553732750&crc=1
IP
File type ASCII text, with very long lines (3235), with no line terminators
Hash c48b13af7d37d4b7ea21c9cf62300107
265efa327141b526e4c2d59d6218fa6b3e930fd3
77a66de268b80537e97fd26ba65cb577604a8759e5c9246079b301c8cf8e166c
GET /multi?cs=c3lkbGlBQVBdUUtLV1VbRUxdXl8&abt=0&red=1&sm=76&k=zippyshare%20bondage%20lily&v=1.0.59.1&sts=0&prn=0&emb=0&tid=726474&fs=1&ref=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_bIvA=1662553732750&crc=1 HTTP/1.1
Host: opertyvaluat.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
content-length: 1572
date: Wed, 07 Sep 2022 12:29:00 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www1.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=b1ae41c0-590e-4552-bc49-2f4a53d36428
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uHOXFNX4YA9WRrUDSwPIgHGQji8Gw9Q-6Ix9kGp6eOUKhhiS41C02Q==
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7088
Expires: Wed, 07 Sep 2022 14:27:08 GMT
Date: Wed, 07 Sep 2022 12:29:00 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe32c4c11-63fc-45cc-8135-a07269f9cfff.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe32c4c11-63fc-45cc-8135-a07269f9cfff.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e394af6d0aec5b71edd498560f9ec203
b01d56a5089b4603c0457635cb27fb3e674f65d1
95a5f3cf75273226304f1bda382bb4e6b3b1b93102680e088679cd6ab456d9b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe32c4c11-63fc-45cc-8135-a07269f9cfff.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10271
x-amzn-requestid: 35becc3c-0dd1-431e-ab12-9c4309b4b4ad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDq2jEU4IAMF-Ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317be90-6230a24936c52c523c5cb51b;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 21:41:36 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: HmdB8KJC3CWB5P3VZpUybK5b1415u-fV9mU8FGSMvEP_3K89JKi8-g==
via: 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 22:19:32 GMT
etag: "b01d56a5089b4603c0457635cb27fb3e674f65d1"
content-type: image/jpeg
age: 50968
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ef55d7-b6c2-4550-aff3-c9052f7d4816.jpeg
200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ef55d7-b6c2-4550-aff3-c9052f7d4816.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f922505178de0cea92eedcfda85a9f67
50f1459de01174e594e03e7df4dfaa8eb1798672
981cd58768d6ad841673add855ddcc7106fbc85de05db9a1bd2d6bc8928b4c2c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ef55d7-b6c2-4550-aff3-c9052f7d4816.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6214
x-amzn-requestid: 46a44af0-e547-49e8-bc39-f6c49d94e375
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xj_0HFKbIAMFRbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630b134d-0297c83c305422fa51b86dcf;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 07:03:41 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _ZKcuRO8Z6wBMdm79iDZj5uRYk4YYpYJqOoG8hZqY81O0R7hfbe5bQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 05:12:06 GMT
age: 26214
etag: "50f1459de01174e594e03e7df4dfaa8eb1798672"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8510bf06-7808-4fda-a5d9-b75fc73021c9.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8510bf06-7808-4fda-a5d9-b75fc73021c9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 79f4356c488498012cc7fc03be21e3df
dd9cd9b711d7112efa85eff8a798346dbd7d5f5f
ebd84bf1db6b39b92be1020c7ea5c32eaa23dfb347ec83941d5bc56e80855ebc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8510bf06-7808-4fda-a5d9-b75fc73021c9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12661
x-amzn-requestid: 71ef9e09-ccf1-4930-865d-665ece4bf3a6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3hXnFnXIAMFqKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312e296-627daf7c7ad3e23a60b183cd;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 05:13:58 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: xwunW741LulZXvM0har5nqrcCiyYoUwvhCWiPsEvs5P2VKSe476_Cw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 22:14:32 GMT
etag: "dd9cd9b711d7112efa85eff8a798346dbd7d5f5f"
content-type: image/jpeg
age: 51268
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b220c7c-ed68-4f56-82a7-5748d044635a.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b220c7c-ed68-4f56-82a7-5748d044635a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 70c964498818242b742575cfa1769b67
cde85fbe83c9e29618edf4e05002bd623e3ab965
bdb0e76fe216f742789ba5a77645c640fe0c7f207707181e618fa31d4cf58605
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b220c7c-ed68-4f56-82a7-5748d044635a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8462
x-amzn-requestid: 1a501a0a-2671-468b-885b-2a2efb73bc2e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDq64HbCIAMFjGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317beab-395f6d1436b027ee60d00abd;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 21:42:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: ZWf6CXKcClMXAXmFXNp0sxVCMUFyZqhhh7B83tJMX_jvteLRDzG8QA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:42:04 GMT
etag: "cde85fbe83c9e29618edf4e05002bd623e3ab965"
content-type: image/jpeg
age: 53216
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faba86944-df9f-4d50-9b10-d50644b978e3.jpeg
200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faba86944-df9f-4d50-9b10-d50644b978e3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4f29d8aaae2d67c27c58001e7553dea7
5200b601017ce86614783b76fd2a775c1c48d4e9
6b55c4d692cf584e0319b07251d9845749fe8954062dab66e003dd2706451504
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faba86944-df9f-4d50-9b10-d50644b978e3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4805
x-amzn-requestid: 270858f2-c94d-4047-8e3b-c49a5a603610
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XjbiJHuZoAMFpSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630ad940-3ba2164762e4f74227b6a23b;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 02:56:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: do30zKZmrP_j4feGGu8G39ibskE4dXxTL8YzpAR7PCFpQuJalYeJqA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:57:13 GMT
age: 52307
etag: "5200b601017ce86614783b76fd2a775c1c48d4e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46aec6c9-5dde-4aba-879c-d92f0cfec73f.jpeg
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46aec6c9-5dde-4aba-879c-d92f0cfec73f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f754103a24f76f89b092a30c13f2d5d5
800998b57db224e881f26b245baa4da9626d9f0a
2d535af5239ad8c836cb8545ae6bcc957b3ebcf5ae3abe60fb4281c9e268b0be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46aec6c9-5dde-4aba-879c-d92f0cfec73f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13523
x-amzn-requestid: b2c7ccfe-afe6-4d77-acc0-5e62df08a1c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xz3f2Eh2IAMFSig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63116c65-44dfff0c0bc9901a58748862;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 02:37:25 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: n6BxAAOIhcTjxBEFBBdGH3dX38cSrxmIgy1ycXRe1yXW4HAwmbLE8A==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 23:35:19 GMT
age: 46421
etag: "800998b57db224e881f26b245baa4da9626d9f0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 5c0465ff9b3ac1a41eb8497485bc27fe
d4442d741e8d2278901ff9565b895790b7b7acfb
c8db2779b77f006e79da5fbac511fd2e3978dac73c6533a307742ac09585278a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C8DB2779B77F006E79DA5FBAC511FD2E3978DAC73C6533A307742AC09585278A"
Last-Modified: Wed, 07 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9780
Expires: Wed, 07 Sep 2022 15:12:00 GMT
Date: Wed, 07 Sep 2022 12:29:00 GMT
Connection: keep-alive
d10lumateci472.cloudfront.net/HRjBBekUlXy8cejJZJUdydAZ1TXFgWjIVKzYNBiAQdFE4SyBwfjtJLmBEOx54dhYtGyshDWcfKyUNcFwkIlJ8SmMyQC4ReD5ZJxg/NVYlESxgRSBHKClKKBYpJxVzPHBoAGRIdW5IcEtgdXJkSHUqWS8PPWMCcQJ9cG93TmB1cmRIdTRGZEkEfwZvSmxjAn-EdICVbLl93AAJxS3V2AXFLYHQAJxM3I1YuAmB0dnhMa3YWNEd0
200 OK 466 B URL HTTP/2 d10lumateci472.cloudfront.net/HRjBBekUlXy8cejJZJUdydAZ1TXFgWjIVKzYNBiAQdFE4SyBwfjtJLmBEOx54dhYtGyshDWcfKyUNcFwkIlJ8SmMyQC4ReD5ZJxg/NVYlESxgRSBHKClKKBYpJxVzPHBoAGRIdW5IcEtgdXJkSHUqWS8PPWMCcQJ9cG93TmB1cmRIdTRGZEkEfwZvSmxjAn-EdICVbLl93AAJxS3V2AXFLYHQAJxM3I1YuAmB0dnhMa3YWNEd0
IP
File type ASCII text, with very long lines (605), with no line terminators
Hash 3791d4bd49530b17b31bf82a179e4599
724fa709cf6414c363ab73898ad1c69c72d4d489
017644088884dd6dbd8b4eb8ce1effda639ee223a2de5c7459eb693ac64942c9
GET /HRjBBekUlXy8cejJZJUdydAZ1TXFgWjIVKzYNBiAQdFE4SyBwfjtJLmBEOx54dhYtGyshDWcfKyUNcFwkIlJ8SmMyQC4ReD5ZJxg/NVYlESxgRSBHKClKKBYpJxVzPHBoAGRIdW5IcEtgdXJkSHUqWS8PPWMCcQJ9cG93TmB1cmRIdTRGZEkEfwZvSmxjAn-EdICVbLl93AAJxS3V2AXFLYHQAJxM3I1YuAmB0dnhMa3YWNEd0 HTTP/1.1
Host: d10lumateci472.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 466
date: Wed, 07 Sep 2022 12:29:00 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SY0cQU6KW81wcMZDSnbyC2TC6zX99AFclInAIHIBhQ8zHIc12xuDGQ==
X-Firefox-Spdy: h2
s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
200 OK 26 kB URL HTTP/2 s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63757)
Hash 707317ccaabe08d32d1bd781754e6871
bb82dcd3e044c960e0861c2ce878f5504e628f78
d0a164ece41c61aec26517fb645646f5ba91f72ea5448eff1ee6c393b7c53051
GET /static/sh.f48a1a04fe8dbf021b4cda1d.html HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Wed, 07 Sep 2022 12:29:00 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
v1.addthisedge.com/live/boost/ra-4d7009770839a69f/_ate.track.config_resp
200 OK 394 B URL HTTP/2 v1.addthisedge.com/live/boost/ra-4d7009770839a69f/_ate.track.config_resp
IP
File type ASCII text, with very long lines (959), with no line terminators
Hash a56b6037cbe0514682f237a248cb225a
13c4d58372a70db705a2413b9abbd32de3c8ea70
45fc6ad9d670562601f73fd77a7e63112f8efe24fa49a85e093ab02126b4f193
GET /live/boost/ra-4d7009770839a69f/_ate.track.config_resp HTTP/1.1
Host: v1.addthisedge.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 394
etag: -1051258987--gzip
content-disposition: attachment; filename=1.txt
content-encoding: gzip
cache-control: public, max-age=6, s-maxage=86400
date: Wed, 07 Sep 2022 12:29:00 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
m.addthis.com/live/red_lojson/300lo.json?si=63188e86451092a0&bkl=0&bl=1&pdt=674&sid=63188e86451092a0&pub=ra-4d7009770839a69f&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www1.zippyshare.com&fp=v%2FOTQQDp7l%2Ffile.html&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1662553734282&jsl=1&uvs=63188e867507dad3000&skipb=1&callback=addthis.cbs.jsonp__15734682921263620
200 OK 89 B URL HTTP/2 m.addthis.com/live/red_lojson/300lo.json?si=63188e86451092a0&bkl=0&bl=1&pdt=674&sid=63188e86451092a0&pub=ra-4d7009770839a69f&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www1.zippyshare.com&fp=v%2FOTQQDp7l%2Ffile.html&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1662553734282&jsl=1&uvs=63188e867507dad3000&skipb=1&callback=addthis.cbs.jsonp__15734682921263620
IP
File type ASCII text, with no line terminators
Hash c7ec27799041f8ad41eaeefa75405c49
2c79a0d952b4ebb2658ca5e7e80cccc895e7cc4d
136b81871279c0cbb524663f5e77dc14f9e779a5e72a59e92c27d8ae47310187
GET /live/red_lojson/300lo.json?si=63188e86451092a0&bkl=0&bl=1&pdt=674&sid=63188e86451092a0&pub=ra-4d7009770839a69f&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www1.zippyshare.com&fp=v%2FOTQQDp7l%2Ffile.html&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1662553734282&jsl=1&uvs=63188e867507dad3000&skipb=1&callback=addthis.cbs.jsonp__15734682921263620 HTTP/1.1
Host: m.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 89
cache-control: max-age=0, no-cache, no-store, no-transform
pragma: no-cache
content-disposition: attachment; filename=1.txt
date: Wed, 07 Sep 2022 12:29:01 GMT
X-Firefox-Spdy: h2
opertyvaluat.autos/floater?cs=R1dnZk9wYlRTfnFvUFF8dGJXXnc&abt=0&red=1&sm=83&k=zippyshare%20bondage%20lily&v=0.8.9.1&sts=0&prn=0&emb=0&tid=843055&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_6KyC=1662553732747&crc=1
200 OK 3.6 kB URL HTTP/2 opertyvaluat.autos/floater?cs=R1dnZk9wYlRTfnFvUFF8dGJXXnc&abt=0&red=1&sm=83&k=zippyshare%20bondage%20lily&v=0.8.9.1&sts=0&prn=0&emb=0&tid=843055&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_6KyC=1662553732747&crc=1
IP
File type ASCII text, with very long lines (5339), with no line terminators
Hash bd8b70de2ac2d18f8caa2e12cf9320b8
fc006080c2fcbf56b63ac799e7aaf137b0934170
9009ecdc5da1091498e2fd35cab500d9602ad2cd9262f5f450440bc805750bce
GET /floater?cs=R1dnZk9wYlRTfnFvUFF8dGJXXnc&abt=0&red=1&sm=83&k=zippyshare%20bondage%20lily&v=0.8.9.1&sts=0&prn=0&emb=0&tid=843055&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_6KyC=1662553732747&crc=1 HTTP/1.1
Host: opertyvaluat.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
content-length: 3624
date: Wed, 07 Sep 2022 12:29:00 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www1.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=56725d3c-4411-4524-a151-954102a8f1e5
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Gj_pmdZZmVhJN-15VzPXolVjNxMfMHhe2Id1y_YlJoixofo7F7Ne7Q==
X-Firefox-Spdy: h2
s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
200 OK 78 kB URL HTTP/2 s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
IP
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 9a77dff666eebb6cf4bbc4c67c7b563b
9e98d7824a7b4e34665c2690d6f52caddad1fe4b
6cdf8e597f3cbe759531153fd926d51aeaebd836a1c9bc1436e079645bfd3ad7
GET /static/layers.fa6cd1947ce26e890d3d.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-41cf5"
timing-allow-origin: *
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 77672
date: Wed, 07 Sep 2022 12:29:01 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
www.maxonclick.com/a/display.php?r=1142807
200 OK 3.0 kB URL HTTP/2 www.maxonclick.com/a/display.php?r=1142807
IP
Hash 299076e77db78b6dd4c78295154eb27b
e393c4f551d8982c98d2d2ea88ef87378dfcc811
6282f6f1ccd5415fb0f012ba2a1eb77ecaae1f93f3070987ea215acda3239950
GET /a/display.php?r=1142807 HTTP/1.1
Host: www.maxonclick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Wed, 07 Sep 2022 12:28:58 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 601d02860a32cd0667c2b4b6d5746e29
cd419b7dbf9f54edca0ceca468d14627d70f0764
18b245d8cf9427a2fab1793342ec08d8b1967083aad465785540d7f6bbc1af01
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18B245D8CF9427A2FAB1793342EC08D8B1967083AAD465785540D7F6BBC1AF01"
Last-Modified: Mon, 05 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10523
Expires: Wed, 07 Sep 2022 15:24:24 GMT
Date: Wed, 07 Sep 2022 12:29:01 GMT
Connection: keep-alive
s7.addthis.com/static/125.c67f34a1c8d546f5900e.js
200 OK 511 B URL HTTP/2 s7.addthis.com/static/125.c67f34a1c8d546f5900e.js
IP
File type ASCII text, with very long lines (838), with no line terminators
Hash e02aca9ac7f599f09da7c89606af0b47
dd33e0b0b5c6a92acc26c87c74e1567ad32f0600
f13686a68bfdcb2f0a03a7d90f742b039702c653ce99c003ad95c5def964f6bc
GET /static/125.c67f34a1c8d546f5900e.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-346"
timing-allow-origin: *
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 511
date: Wed, 07 Sep 2022 12:29:01 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=eb8d8101-db77-4943-a551-47fd18247ef8&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=1d3584ff950f38d5b2e10bc2994be620&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=eb8d8101-db77-4943-a551-47fd18247ef8&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=1d3584ff950f38d5b2e10bc2994be620&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=eb8d8101-db77-4943-a551-47fd18247ef8&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=1d3584ff950f38d5b2e10bc2994be620&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Sep 2022 12:29:01 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ce5fc6566332845a275dd57a3a93c7f3
Strict-Transport-Security: max-age=0; includeSubdomains
www.reddit.com/api/info.json?url=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&jsonp=_ate.cbs.rcb_6n7b0
200 OK 144 B URL HTTP/2 www.reddit.com/api/info.json?url=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&jsonp=_ate.cbs.rcb_6n7b0
IP
File type ASCII text, with no line terminators
Hash 51a069ef254e68a3458bcd141bdf88ce
6120ecac9c9612404d9ec9fb663b57620e54ecd6
97aeacd061effe2747eba9ea1792abd40f8fc1960fa6e48a4a6b647d05fa4bf6
GET /api/info.json?url=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&jsonp=_ate.cbs.rcb_6n7b0 HTTP/1.1
Host: www.reddit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
x-ua-compatible: IE=edge
expires: -1
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store
x-ratelimit-remaining: 299
x-ratelimit-used: 1
x-ratelimit-reset: 59
access-control-allow-origin: *
access-control-expose-headers: X-Moose
x-moose: majestic
accept-ranges: bytes
date: Wed, 07 Sep 2022 12:29:01 GMT
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: csv=2; Max-Age=63072000; Domain=.reddit.com; Path=/; Secure; SameSite=None
edgebucket=ZfXQJzMky2tB0ssYYR; Domain=reddit.com; Max-Age=63071999; Path=/; secure
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
content-length: 144
X-Firefox-Spdy: h2
www.reddit.com/api/info.json?url=http%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&jsonp=_ate.cbs.rcb_dh0z0
200 OK 144 B URL HTTP/2 www.reddit.com/api/info.json?url=http%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&jsonp=_ate.cbs.rcb_dh0z0
IP
File type ASCII text, with no line terminators
Hash aecc5c76d142865c2c73c604d965a1eb
2eb3777af5b55c61a480077085762777474c9989
3785c550dc8c434f2f7ff8b8d6a85a2d8533d396326557d0f524d9ec66f43c91
GET /api/info.json?url=http%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&jsonp=_ate.cbs.rcb_dh0z0 HTTP/1.1
Host: www.reddit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
x-ua-compatible: IE=edge
expires: -1
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store
x-ratelimit-remaining: 298
x-ratelimit-used: 2
x-ratelimit-reset: 59
access-control-allow-origin: *
access-control-expose-headers: X-Moose
x-moose: majestic
accept-ranges: bytes
date: Wed, 07 Sep 2022 12:29:01 GMT
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: csv=2; Max-Age=63072000; Domain=.reddit.com; Path=/; Secure; SameSite=None
edgebucket=w8Lg6YOV4MwQBacKwr; Domain=reddit.com; Max-Age=63071999; Path=/; secure
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
content-length: 144
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=eb8d8101-db77-4943-a551-47fd18247ef8&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=ca6621f64bcdfd0a5aa2af7c57675832&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=eb8d8101-db77-4943-a551-47fd18247ef8&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=ca6621f64bcdfd0a5aa2af7c57675832&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=eb8d8101-db77-4943-a551-47fd18247ef8&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=ca6621f64bcdfd0a5aa2af7c57675832&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Sep 2022 12:29:01 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dba58691d3fe6ffeca77b75ec4103d95
Strict-Transport-Security: max-age=0; includeSubdomains
api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&callback=_ate.cbs.rcb_i8440
200 OK 53 B URL HTTP/2 api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&callback=_ate.cbs.rcb_i8440
IP
File type ASCII text, with no line terminators
Hash 38c7e8a235b57e85ee981a8255cedaf6
d81e73e49909e0119f7c9a0efca2748bc4e1e070
91279ed9e7741eedb997a6ef39f18c13d2ede6d47ae4c5cec2dad116cf413d42
GET /url/shares.json?url=http%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&callback=_ate.cbs.rcb_i8440 HTTP/1.1
Host: api-public.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
surrogate-key: www1.zippyshare.com/v/otqqdp7l/file.html
last-modified: Wed, 07 Sep 2022 12:29:01 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 53
date: Wed, 07 Sep 2022 12:29:01 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&callback=_ate.cbs.rcb_1rrn0
200 OK 53 B URL HTTP/2 api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&callback=_ate.cbs.rcb_1rrn0
IP
File type ASCII text, with no line terminators
Hash a464ab49292bc1eee73c1b9dd29d7879
4e681c4611c57ce039eef2f484501696183ddb27
9317048d1f5d3fbe482cfd392867b0e7afabfbda9acae92e19b1d332fee2d174
GET /url/shares.json?url=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&callback=_ate.cbs.rcb_1rrn0 HTTP/1.1
Host: api-public.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
surrogate-key: www1.zippyshare.com/v/otqqdp7l/file.html
last-modified: Wed, 07 Sep 2022 12:29:01 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 53
date: Wed, 07 Sep 2022 12:29:01 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html
200 OK 2 B URL HTTP/2 api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html HTTP/1.1
Host: api-public.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/json
content-length: 2
cache-control: no-transform, max-age=0, s-maxage=14400
surrogate-key: sFbt=https://www1.zippyshare.com/v/OTQQDp7l/file.html
last-modified: Wed, 07 Sep 2022 12:00:00 GMT
access-control-allow-origin: https://www1.zippyshare.com
access-control-allow-credentials: true
strict-transport-security: max-age=15724800; includeSubDomains
date: Wed, 07 Sep 2022 12:29:01 GMT
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 6a704f90077472a9e242ed4539f2ef54
1f02cc512f21342ed8383de6216032f0fe73d1c5
aafaa6ba276c411d920ce6fabd4372d08e60792fcaa7c05d6511509567674587
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AAFAA6BA276C411D920CE6FABD4372D08E60792FCAA7C05D6511509567674587"
Last-Modified: Mon, 05 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3651
Expires: Wed, 07 Sep 2022 13:29:54 GMT
Date: Wed, 07 Sep 2022 12:29:03 GMT
Connection: keep-alive
xml.serve-servee.com/thumbnail?i=GAX3N0uYy04_0&imgt=icon
302 Found 0 B URL HTTP/2 xml.serve-servee.com/thumbnail?i=GAX3N0uYy04_0&imgt=icon
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=GAX3N0uYy04_0&imgt=icon HTTP/1.1
Host: xml.serve-servee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 07 Sep 2022 12:29:03 GMT
content-length: 0
location: https://static.serve-servee.com/n337/ad/250x250_hqCCg8Cm.png
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pIs1QHt1QD%2Bk0wW78cyWScBD4nfsQlfv%2FMDNfRI7sKdP7phypILD%2FmQ2xYPuMhjwVVbsgZcvkrJEBHJ3Pv8tkYVj02AWyYkH5BLfzAHzPUutAk64rNIMBotPEUcl4E2i%2BGkD%2FdXQrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f729ee93db500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 6a704f90077472a9e242ed4539f2ef54
1f02cc512f21342ed8383de6216032f0fe73d1c5
aafaa6ba276c411d920ce6fabd4372d08e60792fcaa7c05d6511509567674587
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AAFAA6BA276C411D920CE6FABD4372D08E60792FCAA7C05D6511509567674587"
Last-Modified: Mon, 05 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3651
Expires: Wed, 07 Sep 2022 13:29:54 GMT
Date: Wed, 07 Sep 2022 12:29:03 GMT
Connection: keep-alive
static.serve-servee.com/n337/ad/250x250_hqCCg8Cm.png
200 OK 89 kB URL HTTP/2 static.serve-servee.com/n337/ad/250x250_hqCCg8Cm.png
IP
File type PNG image data, 250 x 250, 8-bit/color RGB, non-interlaced\012- data
Hash 0994ec31361ea569c5549063145bfdd2
9b270e9f7a346a0f0f60a978e154f49740350270
e4dbff1cf1f9750d68296737897eba9bd59ebdcb292015e87c3be61b5c242422
GET /n337/ad/250x250_hqCCg8Cm.png HTTP/1.1
Host: static.serve-servee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Sep 2022 12:29:03 GMT
content-type: image/png
content-length: 88957
last-modified: Thu, 08 Apr 2021 13:54:09 GMT
accept-ranges: bytes
etag: "606f0b01-15b7d"
cache-control: max-age=86400
x-hw: 1662553743.cds065.sk1.h2,1662553743.cds203.sk1.c
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N7kIfhCjDsTuIyYu%2BG43jcb76OsCyAxAMn7K7WuD%2F9Lod6gp3wrKzCvkniqk8yw0V7lreA37PJvRZOqdIgLu5awkjtKn7FnL0zqovlDz%2Bbt73YutLR7pgmW%2BSccdRRz6RvLXPVlcLdyHvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f729fcb3eb500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a1ebc6278b6de5050eaa75556de5923d
7b0cd0bdc9ce1d8bf2a0e116146fa4345f3cfd4a
2763f3bdd1169546bd9579ad134732ac43ae9c3ab39381832996ddd8ef0cb38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2763F3BDD1169546BD9579AD134732AC43AE9C3AB39381832996DDD8EF0CB38E"
Last-Modified: Tue, 06 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1916
Expires: Wed, 07 Sep 2022 13:00:59 GMT
Date: Wed, 07 Sep 2022 12:29:03 GMT
Connection: keep-alive
mustcoast.com/winnotice?sid=H4sIAAAAAAAC%2F1STT2gkxRfHa36%2FvSyelBUvexhvCjLpnplMelxkcc1GgnGz7Cp6UqqrqpNnuruaqq7pSU5BQfa0jHjwz6nyTTZB3RU9eHSVzqKHgJC5RTR3D6IorFeZMSb4oHiv3vcdPq%2Feq3e33DFrwfGj%2BZf1BqUpn5ltBc2nXg%2FDS80lyt2wOYx6b%2Fa6l5pm8Gy%2F1wqebr6oxJqeaQdhEIRB2FwgoxI9nJmIoOJuP2z1g1a33QpnuxgaD%2BsasLwBOThmj4Hk%2BNyDxgWQqJFnX8wru1bq4pmrmUt5qQ0Gcu%2FVfC3XVY7sLExMA0m%2Bd1INbQ8X7kPnd6aI0IPTwpjGrPH9fcT53gkY4sHOlC1OoXLE8hFUgxoqrUG8htDvgOQhA4TEtWXk2e41bSq%2B%2Fo%2FKJ%2BqYnXv4J6gas3M%2FX0CefX4lpWHzpk5dSTq3GCYeNKxBKzUKt49yg4GqfYjybZD8gc08XEKe7SzbVIOkn%2FZOVIOSGqkagVsGNznE4JIGXNFAJo%2BaIgzDuUAKHkR9ITpyTsU9GYR8Lgl5GPQiODHBG6EsRhDpCMJsojCbWKMRjLsNsjUc96DCo7C7UbcTzM5CiYPLv3w0sY%2FB6aiZBL1QxUEsYymjKJmLVK8X9WfbSRwmXHVCxHRwmX33l%2F%2Fq19tIiUHxg29%2BZ1ODzT1y57dzQx5GHbAT2zayPLh8WrXqYSWDLRkG0qNSDJVlqDhDRQxVyVAN%2FB2Z2rb1uzK1Lg5PfPvEd%2FxWccwenc7jD%2FEG1tQEXbSjpN%2FttKNuvx9HsjvX6UU9KUIZqW4kYenfrsn%2BD9w2sEFj9vhPv6GYbIp8HzHfh033IehJcHcRvPLgqx4buYfU9zJnS6G5LVtCZyjK8yjXG1vpMXtiCtL78NZ%2F3lMYj8J4vEUPGFbSW9s3dMV2bujKsi%2BXi5Iy2uCTpblZ8lL9%2F9OX1HqljVyct6NPnhcTYRLefUXZconnkvIVyz67QlIqs6CNUOzrRfuaiq87u3rFmdwVS9dfWFjMCqOsJZ3X4HR49QMIGrPz7%2F04%2FQ0X7z0HMjWM88jc6XxAuoYoNmGLs5zVDCY9u8cFQ%2BX8tmnHZ8nJBqRngwaP%2FZb9FpY8Ssv%2BBgAA%2F%2F8BAAD%2F%2Fyk7ZIZSBAAA&ap=${AUCTION_PRICE}&l=3577992&sub3=1662553740&pid=91283&sub2=icon&auid=f061eb0bdbdd88f78e668952fb1fae31&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
307 Temporary Redirect 0 B URL HTTP/1.1 mustcoast.com/winnotice?sid=H4sIAAAAAAAC%2F1STT2gkxRfHa36%2FvSyelBUvexhvCjLpnplMelxkcc1GgnGz7Cp6UqqrqpNnuruaqq7pSU5BQfa0jHjwz6nyTTZB3RU9eHSVzqKHgJC5RTR3D6IorFeZMSb4oHiv3vcdPq%2Feq3e33DFrwfGj%2BZf1BqUpn5ltBc2nXg%2FDS80lyt2wOYx6b%2Fa6l5pm8Gy%2F1wqebr6oxJqeaQdhEIRB2FwgoxI9nJmIoOJuP2z1g1a33QpnuxgaD%2BsasLwBOThmj4Hk%2BNyDxgWQqJFnX8wru1bq4pmrmUt5qQ0Gcu%2FVfC3XVY7sLExMA0m%2Bd1INbQ8X7kPnd6aI0IPTwpjGrPH9fcT53gkY4sHOlC1OoXLE8hFUgxoqrUG8htDvgOQhA4TEtWXk2e41bSq%2B%2Fo%2FKJ%2BqYnXv4J6gas3M%2FX0CefX4lpWHzpk5dSTq3GCYeNKxBKzUKt49yg4GqfYjybZD8gc08XEKe7SzbVIOkn%2FZOVIOSGqkagVsGNznE4JIGXNFAJo%2BaIgzDuUAKHkR9ITpyTsU9GYR8Lgl5GPQiODHBG6EsRhDpCMJsojCbWKMRjLsNsjUc96DCo7C7UbcTzM5CiYPLv3w0sY%2FB6aiZBL1QxUEsYymjKJmLVK8X9WfbSRwmXHVCxHRwmX33l%2F%2Fq19tIiUHxg29%2BZ1ODzT1y57dzQx5GHbAT2zayPLh8WrXqYSWDLRkG0qNSDJVlqDhDRQxVyVAN%2FB2Z2rb1uzK1Lg5PfPvEd%2FxWccwenc7jD%2FEG1tQEXbSjpN%2FttKNuvx9HsjvX6UU9KUIZqW4kYenfrsn%2BD9w2sEFj9vhPv6GYbIp8HzHfh033IehJcHcRvPLgqx4buYfU9zJnS6G5LVtCZyjK8yjXG1vpMXtiCtL78NZ%2F3lMYj8J4vEUPGFbSW9s3dMV2bujKsi%2BXi5Iy2uCTpblZ8lL9%2F9OX1HqljVyct6NPnhcTYRLefUXZconnkvIVyz67QlIqs6CNUOzrRfuaiq87u3rFmdwVS9dfWFjMCqOsJZ3X4HR49QMIGrPz7%2F04%2FQ0X7z0HMjWM88jc6XxAuoYoNmGLs5zVDCY9u8cFQ%2BX8tmnHZ8nJBqRngwaP%2FZb9FpY8Ssv%2BBgAA%2F%2F8BAAD%2F%2Fyk7ZIZSBAAA&ap=${AUCTION_PRICE}&l=3577992&sub3=1662553740&pid=91283&sub2=icon&auid=f061eb0bdbdd88f78e668952fb1fae31&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /winnotice?sid=H4sIAAAAAAAC%2F1STT2gkxRfHa36%2FvSyelBUvexhvCjLpnplMelxkcc1GgnGz7Cp6UqqrqpNnuruaqq7pSU5BQfa0jHjwz6nyTTZB3RU9eHSVzqKHgJC5RTR3D6IorFeZMSb4oHiv3vcdPq%2Feq3e33DFrwfGj%2BZf1BqUpn5ltBc2nXg%2FDS80lyt2wOYx6b%2Fa6l5pm8Gy%2F1wqebr6oxJqeaQdhEIRB2FwgoxI9nJmIoOJuP2z1g1a33QpnuxgaD%2BsasLwBOThmj4Hk%2BNyDxgWQqJFnX8wru1bq4pmrmUt5qQ0Gcu%2FVfC3XVY7sLExMA0m%2Bd1INbQ8X7kPnd6aI0IPTwpjGrPH9fcT53gkY4sHOlC1OoXLE8hFUgxoqrUG8htDvgOQhA4TEtWXk2e41bSq%2B%2Fo%2FKJ%2BqYnXv4J6gas3M%2FX0CefX4lpWHzpk5dSTq3GCYeNKxBKzUKt49yg4GqfYjybZD8gc08XEKe7SzbVIOkn%2FZOVIOSGqkagVsGNznE4JIGXNFAJo%2BaIgzDuUAKHkR9ITpyTsU9GYR8Lgl5GPQiODHBG6EsRhDpCMJsojCbWKMRjLsNsjUc96DCo7C7UbcTzM5CiYPLv3w0sY%2FB6aiZBL1QxUEsYymjKJmLVK8X9WfbSRwmXHVCxHRwmX33l%2F%2Fq19tIiUHxg29%2BZ1ODzT1y57dzQx5GHbAT2zayPLh8WrXqYSWDLRkG0qNSDJVlqDhDRQxVyVAN%2FB2Z2rb1uzK1Lg5PfPvEd%2FxWccwenc7jD%2FEG1tQEXbSjpN%2FttKNuvx9HsjvX6UU9KUIZqW4kYenfrsn%2BD9w2sEFj9vhPv6GYbIp8HzHfh033IehJcHcRvPLgqx4buYfU9zJnS6G5LVtCZyjK8yjXG1vpMXtiCtL78NZ%2F3lMYj8J4vEUPGFbSW9s3dMV2bujKsi%2BXi5Iy2uCTpblZ8lL9%2F9OX1HqljVyct6NPnhcTYRLefUXZconnkvIVyz67QlIqs6CNUOzrRfuaiq87u3rFmdwVS9dfWFjMCqOsJZ3X4HR49QMIGrPz7%2F04%2FQ0X7z0HMjWM88jc6XxAuoYoNmGLs5zVDCY9u8cFQ%2BX8tmnHZ8nJBqRngwaP%2FZb9FpY8Ssv%2BBgAA%2F%2F8BAAD%2F%2Fyk7ZIZSBAAA&ap=${AUCTION_PRICE}&l=3577992&sub3=1662553740&pid=91283&sub2=icon&auid=f061eb0bdbdd88f78e668952fb1fae31&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1
Host: mustcoast.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.22.0
Date: Wed, 07 Sep 2022 12:29:03 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b5795f6c16daccd31af7036ab90642ce
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7c34afdb543f36633ccaa1856798ce9b
568d09d760f3b498376e86a26b13345bd53cd217
54daf99f14294bd52d5f516aa5cec0584b8a43daae4525fabb7692f9f114af5b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54DAF99F14294BD52D5F516AA5CEC0584B8A43DAAE4525FABB7692F9F114AF5B"
Last-Modified: Wed, 07 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10053
Expires: Wed, 07 Sep 2022 15:16:36 GMT
Date: Wed, 07 Sep 2022 12:29:03 GMT
Connection: keep-alive
cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
IP
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2020:05:18 19:19:17], baseline, precision 8, 200x200, components 3\012- data
Hash 70cf8250da1a25a7b445231428af7828
a849d338423d2919949340838c768bba90b9081c
b7060bc46dc459a00d4124523a26f0cbf31fba31d41fccae9f82bedaf22c1186
GET /cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Sep 2022 12:29:03 GMT
content-type: image/jpeg
content-length: 33103
server: nginx/1.17.6
last-modified: Tue, 09 Jun 2020 11:44:50 GMT
etag: "5edf7632-814f"
expires: Fri, 09 Sep 2022 12:29:03 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7b37420aa6c3f2c8c169157a49e67c1a
4c4942c5e9a3a55c157b0a251fda6939baa65739
056bab003ae25d85fc3bf70208842d94abf096fa009aa72f54421d15215f7490
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "056BAB003AE25D85FC3BF70208842D94ABF096FA009AA72F54421D15215F7490"
Last-Modified: Tue, 06 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10411
Expires: Wed, 07 Sep 2022 15:22:37 GMT
Date: Wed, 07 Sep 2022 12:29:06 GMT
Connection: keep-alive
graduatewonderentreaty.com/sbar.json?key=ca6621f64bcdfd0a5aa2af7c57675832&uuid=eb8d8101-db77-4943-a551-47fd18247ef8%3A3%3A1
200 OK 3.8 kB URL HTTP/1.1 graduatewonderentreaty.com/sbar.json?key=ca6621f64bcdfd0a5aa2af7c57675832&uuid=eb8d8101-db77-4943-a551-47fd18247ef8%3A3%3A1
IP
File type JSON data\012- , ASCII text, with very long lines (5762), with no line terminators
Hash 29b8d6e47b54bc1f2e791051c36acbee
671a7744026c03e2e1905dad14458c1c7f2ba56c
afb63c2f53532d9ba5580604e6675d60c03f22ceb6bb308ee4ebc90a4817fc8d
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=ca6621f64bcdfd0a5aa2af7c57675832&uuid=eb8d8101-db77-4943-a551-47fd18247ef8%3A3%3A1 HTTP/1.1
Host: graduatewonderentreaty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Sep 2022 12:29:06 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www1.zippyshare.com
Access-Control-Allow-Origin: https://www1.zippyshare.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15255681; expires=Thu, 08 Sep 2022 12:29:06 GMT; secure; SameSite=None
uid_id2=eb8d8101-db77-4943-a551-47fd18247ef8:3:1; expires=Wed, 14 Sep 2022 12:29:06 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 08 Sep 2022 12:29:06 GMT; secure; SameSite=None
uncs=1; expires=Thu, 08 Sep 2022 12:29:06 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 08 Sep 2022 12:29:06 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 08 Sep 2022 12:29:06 GMT; secure; SameSite=None
slecca6621f64bcdfd0a5aa2af7c57675832=[3364902]; expires=Wed, 07 Sep 2022 12:29:11 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4a0b1e4e46473a3949f129927d636c0f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
pogothere.xyz/
200 OK 0 B IP
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www1.zippyshare.com/
Origin: https://www1.zippyshare.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Sep 2022 12:29:00 GMT
content-type: text/plain
set-cookie: csu=1350559241091549@1@1662553740; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www1.zippyshare.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CWjTlk727oS3Luhr%2BejWx89wfuPf%2BssuiA46u6uJK9qlLD8ZU55l3KjpwImlGqHHYDuidslAowO9JGMMq%2FzxJLtsUsXeCcdmjr12tkFyF6tDeS1oc8mhd8oEFyuv%2FF%2Ff"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f728eee990b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www1.zippyshare.com/
Origin: https://www1.zippyshare.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 Sep 2022 12:29:00 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www1.zippyshare.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Wed, 07 Sep 2022 07:41:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n86DhAPfMcQ8u6amVFs6aVM2amO%2B1xRWxhIF9i0TgxS3PVxN63YMnsiGzOYt2AGT788OK%2FaDRw6V1lUTcKIRXLwVkK2FCqk9Y%2BN9TowQCAa%2BG4Sjap81Ji%2FIhPODnBFo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746f728ece620b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
crrepo.com/extban/280030620/creatives/23426588/e192295018ae5357d1c5b67ef5e985ad_9166.jpg
200 OK 0 B URL HTTP/2 crrepo.com/extban/280030620/creatives/23426588/e192295018ae5357d1c5b67ef5e985ad_9166.jpg
IP
GET /extban/280030620/creatives/23426588/e192295018ae5357d1c5b67ef5e985ad_9166.jpg HTTP/1.1
Host: crrepo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.maxonclick.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Sep 2022 12:28:59 GMT
content-type: image/jpeg
last-modified: Thu, 03 Mar 2022 16:47:21 GMT
etag: W/"6220f119-1d8b1"
via: 1.1 google
cache-control: max-age=14400
cf-cache-status: HIT
age: 2162
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rSfr4dW07URWuykCxDHKd%2BxTo89FujQdU1ryKww0VON9zHJ7kPlfgIh%2BtxjHNxHlmwItMY9bPvf4nOHpr9h6FB3oxWHLBLux%2ByOSVkrtzljkw%2FDEujpJJcLxfbiP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746f7288a9b3dd80-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adultgamelist.com/external.php?link=aHR0cHM6Ly93d3cxLnppcHB5c2hhcmUuY29tL3YvT1RRUURwN2wvZmlsZS5odG1s
302 Found 0 B URL HTTP/2 adultgamelist.com/external.php?link=aHR0cHM6Ly93d3cxLnppcHB5c2hhcmUuY29tL3YvT1RRUURwN2wvZmlsZS5odG1s
IP
GET /external.php?link=aHR0cHM6Ly93d3cxLnppcHB5c2hhcmUuY29tL3YvT1RRUURwN2wvZmlsZS5odG1s HTTP/1.1
Host: adultgamelist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Wed, 07 Sep 2022 12:28:58 GMT
content-type: text/html; charset=UTF-8
location: https://www1.zippyshare.com/v/OTQQDp7l/file.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZDueaX3n73CLa4Ec1kaFUhsBj7pbkUjzIaVdTTmAfUl5z3k7gRv8mY4CK5mcPXvxaBP0EtdJTli8guKDW9KIHWnQu%2BCBwy7dowA73jgEgH5lp4e3nwFgGZ82jFDyjPMNuW1rlw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f727ffd11b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
200 OK 0 B URL HTTP/2 addresseepaper.com/sfp.js
IP
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Sep 2022 12:28:59 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: f77c1d44ecb09b0f9cbf15805d5dcc75
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 07 Sep 2022 12:28:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IGgsFQtD8Bch6C27DglrRNAzgHaZY0TMcoDZ%2B%2FWQGrYsiil3Kn3TqevwA9xTBnfaw0z07W5ZuKc%2B3%2Fm0gPKoyZKQGYLpiyGGRTpzRq0eaaFZWVU5mi2IM8Ci4pjpgNVOa2XDqUA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746f7288189d731b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
clksite.com/static/advertisement.js
200 OK 0 B URL HTTP/2 clksite.com/static/advertisement.js
IP
GET /static/advertisement.js HTTP/1.1
Host: clksite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 12:28:59 GMT
content-type: application/javascript
last-modified: Mon, 12 Jun 2017 13:33:59 GMT
vary: Accept-Encoding
etag: W/"593e9847-1b"
expires: Fri, 09 Sep 2022 12:28:59 GMT
cache-control: max-age=172800
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www1.zippyshare.com/
Origin: https://www1.zippyshare.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 Sep 2022 12:29:00 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www1.zippyshare.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Wed, 07 Sep 2022 07:41:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ihoDm3bN%2FiiyBOsnQ7j1oxgZaQ0CC5xHUX5mWpcsd%2B%2Fa92%2BMjOsc%2FZqthNBrlnYOa75qajCBuEWFMbq%2BbpD8dGAJJ1u35QmMxtE%2BZ8FNAz9OtRRRj%2Br461bqQbBjM8%2B%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746f728eee9c0b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 0 B IP
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www1.zippyshare.com/
Origin: https://www1.zippyshare.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Sep 2022 12:29:00 GMT
content-type: text/plain
set-cookie: csu=208666646936432@1@1662553740; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www1.zippyshare.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3g%2FCPyM0yTueA8F3Yrn3fCt%2BYg6AYTDJvcmz7jsoVNdvGE0TE1sL5njih4W9p7cidilJv3BdFlfRO9IDO5l1%2FDn3mhAcBG4vqnpOZJG9nb6EOhEK792Xhp40f47q%2Fd0A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f728fcfac0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.maxonclick.com/a/display.php?r=1142795
200 OK 0 B URL HTTP/2 www.maxonclick.com/a/display.php?r=1142795
IP
GET /a/display.php?r=1142795 HTTP/1.1
Host: www.maxonclick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Wed, 07 Sep 2022 12:28:58 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
104.21.4.37
104.21.234.254
143.204.55.115
151.101.85.140
23.38.200.123
52.28.172.243
109.201.154.138
93.184.220.29