Overview

URL adultgamelist.com/external.php?link=aHR0cHM6Ly93d3cxLnppcHB5c2hhcmUuY29tL3YvT1RRUURwN2wvZmlsZS5odG1s
IP104.21.4.37
ASNCLOUDFLARENET
Location
Report completed2022-09-07 12:29:09 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-07 2 replacementportugueserecollection.com/1d/35/84/1d3584ff950f38d5b2e10bc2994b (...) Malware
2022-09-07 2 d24ak3f2b.top/advertisers.js Malware
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-07 2 replacementportugueserecollection.com Sinkholed
2022-09-07 2 perryvolleyball.com Sinkholed
2022-09-07 2 unseenreport.com Sinkholed
2022-09-07 2 unseenreport.com Sinkholed
2022-09-07 2 mustcoast.com Sinkholed
2022-09-07 2 graduatewonderentreaty.com Sinkholed


Files

No files detected



Passive DNS (44)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-07 04:49:50 UTC 34.117.237.239
mnemonic passive DNS ocsp.pki.goog (4) 175 2017-06-14 07:23:31 UTC 2022-09-07 04:49:42 UTC 142.250.74.3
mnemonic passive DNS perryvolleyball.com (1) 0 2022-08-25 13:05:48 UTC 2022-09-07 06:56:14 UTC 192.243.59.13 Unknown ranking
mnemonic passive DNS www.maxonclick.com (3) 173326 2017-01-29 09:04:56 UTC 2022-08-26 18:43:52 UTC 35.190.68.123
mnemonic passive DNS s7.addthis.com (3) 1504 2012-05-21 03:34:04 UTC 2022-09-07 05:00:35 UTC 23.38.200.123
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-07 05:03:48 UTC 143.204.55.49
mnemonic passive DNS ayassociallya.xyz (5) 0 2022-09-06 18:32:29 UTC 2022-09-07 09:57:18 UTC 104.21.81.61 Unknown ranking
mnemonic passive DNS d24ak3f2b.top (1) 105412 2020-05-28 13:46:58 UTC 2022-09-06 23:48:38 UTC 64.58.113.244
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-07 06:45:34 UTC 34.120.237.76
mnemonic passive DNS www.reddit.com (2) 2161 2012-05-22 18:03:18 UTC 2022-09-07 10:02:10 UTC 151.101.85.140
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-07 06:02:11 UTC 93.184.220.29
mnemonic passive DNS crrepo.com (2) 82002 2018-11-06 20:34:07 UTC 2022-09-07 09:27:56 UTC 104.21.235.114
mnemonic passive DNS unseenreport.com (2) 0 2022-03-30 14:33:17 UTC 2022-09-07 05:42:51 UTC 192.243.59.12 Unknown ranking
mnemonic passive DNS cdn.cloudimagesb.com (1) 23099 2021-02-12 16:15:41 UTC 2022-09-07 07:54:14 UTC 45.133.44.9
mnemonic passive DNS d10lumateci472.cloudfront.net (2) 0 2020-12-02 18:46:05 UTC 2022-08-26 18:43:52 UTC 54.230.245.49 Unknown ranking
mnemonic passive DNS e1.o.lencr.org (11) 6159 2021-08-20 07:36:30 UTC 2022-09-07 04:52:54 UTC 23.36.77.32
mnemonic passive DNS replacementportugueserecollection.com (1) 0 2022-05-04 14:09:29 UTC 2022-09-02 10:06:16 UTC 192.243.59.20 Unknown ranking
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-07 05:08:41 UTC 54.187.146.10
mnemonic passive DNS ksehinkitw.hair (3) 0 2022-07-21 06:48:53 UTC 2022-09-07 11:09:59 UTC 107.22.28.167 Unknown ranking
mnemonic passive DNS creepingbrings.com (1) 0 2022-05-27 14:56:26 UTC 2022-09-07 06:24:15 UTC 104.21.234.233 Unknown ranking
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-07 05:49:58 UTC 143.204.55.115
mnemonic passive DNS r3.o.lencr.org (10) 344 2020-12-02 08:52:13 UTC 2022-09-07 04:50:01 UTC 23.36.76.226
mnemonic passive DNS ocsp.sectigo.com (5) 487 2018-12-17 11:31:55 UTC 2022-09-07 11:05:26 UTC 172.64.155.188
mnemonic passive DNS ocsp.sca1b.amazontrust.com (2) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.88
mnemonic passive DNS z.moatads.com (1) 374 2014-02-11 16:19:47 UTC 2022-09-07 05:03:20 UTC 23.38.201.146
mnemonic passive DNS v1.addthisedge.com (1) 1721 2019-05-22 18:56:22 UTC 2022-09-07 05:06:45 UTC 23.38.200.123
mnemonic passive DNS adultgamelist.com (2) 222811 2016-02-14 17:08:53 UTC 2022-08-25 22:50:16 UTC 172.67.131.158
mnemonic passive DNS addresseepaper.com (1) 18169 2021-11-01 21:11:31 UTC 2022-09-07 06:25:45 UTC 104.21.234.254
mnemonic passive DNS www1.zippyshare.com (7) 0 2012-06-01 20:42:59 UTC 2022-06-29 15:36:19 UTC 109.201.154.138 Domain (zippyshare.com) ranked at: 41031
mnemonic passive DNS opertyvaluat.autos (3) 0 2022-08-21 19:39:48 UTC 2022-09-07 08:07:32 UTC 54.230.111.74 Unknown ranking
mnemonic passive DNS m.addthis.com (1) 1448 2013-11-06 20:12:22 UTC 2022-09-07 05:04:21 UTC 23.38.200.123
mnemonic passive DNS mustcoast.com (1) 0 2022-08-17 12:30:17 UTC 2022-09-07 08:59:16 UTC 192.243.61.228 Unknown ranking
mnemonic passive DNS graduatewonderentreaty.com (1) 0 2022-09-03 20:26:10 UTC 2022-09-07 06:15:04 UTC 209.192.156.100 Unknown ranking
mnemonic passive DNS pogothere.xyz (4) 0 2022-09-04 19:11:25 UTC 2022-09-07 05:46:58 UTC 172.67.137.152 Unknown ranking
mnemonic passive DNS adultgamelist.com (2) 222811 2016-02-14 17:08:53 UTC 2022-08-25 22:50:16 UTC 104.21.4.37
mnemonic passive DNS ds88pc0kw6cvc.cloudfront.net (2) 0 2021-02-20 14:25:22 UTC 2022-09-06 21:21:35 UTC 54.230.245.18 Unknown ranking
mnemonic passive DNS static.serve-servee.com (1) 0 2022-06-18 03:19:30 UTC 2022-09-07 06:08:48 UTC 172.67.217.88 Unknown ranking
mnemonic passive DNS clksite.com (1) 68288 No data No data 173.192.101.24
mnemonic passive DNS ocsp2.globalsign.com (1) 1544 2012-05-21 07:12:19 UTC 2022-09-07 04:51:26 UTC 104.18.20.226
mnemonic passive DNS www.google.com (1) 7 2017-01-29 11:48:58 UTC 2022-09-07 06:15:17 UTC 142.250.74.164
mnemonic passive DNS ablesasmetotr.monster (1) 0 2022-08-03 09:44:11 UTC 2022-09-06 02:56:03 UTC 143.204.55.7 Unknown ranking
mnemonic passive DNS simplewebanalysis.com (1) 0 2022-02-25 04:06:25 UTC 2022-09-07 09:57:15 UTC 52.28.172.243 Unknown ranking
mnemonic passive DNS api-public.addthis.com (3) 4111 2012-05-21 13:44:35 UTC 2022-09-07 05:06:45 UTC 23.38.200.123
mnemonic passive DNS xml.serve-servee.com (1) 0 2022-06-18 07:06:23 UTC 2022-09-07 06:08:46 UTC 172.67.217.88 Unknown ranking


Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 104.21.4.37

Date UQ / IDS / BL URL IP
2022-09-07 12:29:09 +0000
0 - 0 - 8 adultgamelist.com/external.php?link=aHR0cHM6L (...) 104.21.4.37

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-12-01 16:40:39 +0000
0 - 0 - 1 confrimations.click/suncoastcreditunion.com/l (...) 172.67.181.205
2022-12-01 16:39:13 +0000
0 - 0 - 1 whatqapp.com/whatsapp.exe 188.114.96.1
2022-12-01 16:39:13 +0000
0 - 0 - 2 www.whatqapp.com/whatsapp.exe 104.21.33.96
2022-12-01 16:39:01 +0000
0 - 0 - 1 cdn.discordapp.com/attachments/10162837392670 (...) 162.159.135.233
2022-12-01 16:39:00 +0000
0 - 0 - 3 whatqapp.com/whatsapp.exe 188.114.97.1

Last 1 reports on domain: adultgamelist.com

Date UQ / IDS / BL URL IP
2022-09-07 12:29:09 +0000
0 - 0 - 8 adultgamelist.com/external.php?link=aHR0cHM6L (...) 104.21.4.37

No other reports with similar screenshot



JavaScript

Executed Scripts (34)


Executed Evals (2)

#1 JavaScript::Eval (size: 11, repeated: 1) - SHA256: 8ee784d797ce97ed9716bb42682346deb0c7ae8ff75d7ad8ae60508907054c16

                                        addthis.cbs
                                    

#2 JavaScript::Eval (size: 8, repeated: 1) - SHA256: 3c4b9b06fe520e9d07b2150eebd412a59c91d789706d99a2b2dc9bf217604d1f

                                        _ate.cbs
                                    

Executed Writes (6)

#1 JavaScript::Write (size: 774, repeated: 1) - SHA256: d55e99fe5e143b41cdc84f31d5b33232e3e3ed446c9443f18e30ab7526fda895

                                        < iframe width = "300"
height = "250"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
allowfullscreen = "true"
style = "border: medium none; padding: 0; margin: 0;  sandbox="
allow - scripts allow - forms allow - popups allow - popups - to - escape - sandbox allow - pointer - lock allow - same - origin " id="
63188e8 aefe1e " frameborder="
0 " src="
https: //www.maxonclick.com/ad/display.php?stamat=m%257C%252CkYiM6NiYrB1dAN0dEdHP3xP.863%252CZMkKdRAQlkuDbgTABrav5AdpRiY-5CmsYO-cKEx04zwNHbspdhibIaGu6SS2hog0KObaOcCwkkiteEBDy80JPMyF66AeLjiFC_r-jABckcE%252C&cbpage=https://www1.zippyshare.com/v/OTQQDp7l/file.html&cbur=0.17144498963039057&cbtitle=Zippyshare.com%20-%20bondage_lily_1.zip&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=" scrolling="no"></iframe>
                                    

#2 JavaScript::Write (size: 773, repeated: 1) - SHA256: 0163dce635090026dcc2268c1e903022697d7937bdbe4716a3f573bab5604cd3

                                        < iframe width = "300"
height = "250"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
allowfullscreen = "true"
style = "border: medium none; padding: 0; margin: 0;  sandbox="
allow - scripts allow - forms allow - popups allow - popups - to - escape - sandbox allow - pointer - lock allow - same - origin " id="
63188e8 acd9d3 " frameborder="
0 " src="
https: //www.maxonclick.com/ad/display.php?stamat=m%257C%252CsYhIuojMqB1dAN0dEdHP3xP.da8%252CZMkKdRAQlkuDbgTABrav5E4hlimmg8dLjgep4xX-FtSo8d0jwSWrLf1tZfhZSC_7ZLPa0I90tsrV1OrDmXOTYjnl2IX5QGwqb5vRlMkv_-o%252C&cbpage=https://www1.zippyshare.com/v/OTQQDp7l/file.html&cbur=0.8088196482316624&cbtitle=Zippyshare.com%20-%20bondage_lily_1.zip&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=" scrolling="no"></iframe>
                                    

#3 JavaScript::Write (size: 773, repeated: 1) - SHA256: dee44afa5797c8e7f2a4f84f566d880d3359962a528d4624b89f608d9d8e0cb4

                                        < iframe width = "300"
height = "250"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
allowfullscreen = "true"
style = "border: medium none; padding: 0; margin: 0;  sandbox="
allow - scripts allow - forms allow - popups allow - popups - to - escape - sandbox allow - pointer - lock allow - same - origin " id="
63188e8 af0099 " frameborder="
0 " src="
https: //www.maxonclick.com/ad/display.php?stamat=m%257C%252Cso2IuYhMqB1dAN0dEdHP3xP.6ab%252CZMkKdRAQlkuDbgTABrav5Jf2PwJFCQE2umRFHgbkOmMCsEretiIZ2cgIJiJoRgs2Y42HaVhVEfsUg4jb3i94VzSdqySinQmE7I1SkfP-jLk%252C&cbpage=https://www1.zippyshare.com/v/OTQQDp7l/file.html&cbur=0.9437247230443112&cbtitle=Zippyshare.com%20-%20bondage_lily_1.zip&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=" scrolling="no"></iframe>
                                    

#4 JavaScript::Write (size: 739, repeated: 1) - SHA256: b961ce95b5bdf9cc0c3747c1db1b127754b00043ffb0ba39fe452b746129b868

                                        < a href = "https://www.maxonclick.com/do/c.php?stamat=m%257C%252C%252CAhJ69jfjtGU3BZ9GH0dEdHP3xP.261%252CObJzBhUqIyKlZu8NccxcPErcCpoABth7gm5WmM7EyrhLy9-y9gfMp_lrQC7-oz3ctKuIvYuTGIDHQXkZ7L5-bFI0jUNDYbdY2Hf8daq6w70W3ty5xvCIkDnlQqW-62wyleS3c8fbv4zzm1B58FyzY_WsOj3uS0sAEhNYHvQ3bD6I2amy9AiT0dG2zYc_B14gcpRF_1bqTfsdRurTCf7DfTM6Nw1wC-82UdRx-YT1DY7QcFm-VGNGml2PmEvrUYfkqiPTIjMVZL3_SZcnMJoj1cXE2V1CvonCG3-ZBrlshlFfQA7veSrBdIb17zsqnzmQ8e1JwOAXmO_EIDTEiu9fkp49sefiClLbNGBn1QP9n67p06OzW0Qm1ZB7WDxpT1XOHecEGcs0W2JsPwAQ6FPKndIYk8_iGIREFza5Qs6vuIb2BjiaqVM9prBWZOmEO63z0ZXFplgPr2fDvD3lj4ORRg%252C%252C"
target = "_blank" > < img border = "0"
src = "https://crrepo.com/extban/278371020/creatives/23426596/e192295018ae5357d1c5b67ef5e985ad_3890.jpg"
width = "100%" / > < /a>
                                    

#5 JavaScript::Write (size: 739, repeated: 1) - SHA256: 1ddcef36269485df1e44791442f416fc7a411cd563d3803fa362245cb8cedb33

                                        < a href = "https://www.maxonclick.com/do/c.php?stamat=m%257C%252C%252CQ3Kid2L-tGU3BZ9GH0dEdHP3xP.c13%252CFIvEm1VLbfHuWZNAxSSophwtsAJSff6cPgt1UlgB-VjUohHnzwI-cYDsVgUBQmyiicApmk7T6ysyd3f4L1QkISG05i2hj92TxOynaCqsllIxqy62q1jFeO9N3tRotRFv-EbJv-GIA8K20hcMK4_NPFmY9qwDq4MzSmOYoToRoYsGdT5SYaHTP5YSM_nEoVni6iCjbiFTTMId3NK1iw9Nob2mASW1fnGR3jSEzxc5QF82zETNTGDeKYZl-hq_m83W252zopQgUhc4KBXX_9VtljRCLDtrJuUNGpnROgEbh-9FfwEL3cE7h6U5SCWCma12MULnOqJ8U4dqQUaV7NR0cVV89cAuk8-CWNorHVfUBFMmxSZsjbNrn0sTtG8smd5cblp8wpeL4LhQCs5jRAzHRG6lHknWS8_oMGJCR6sSYC-4MwvCtJUIDDnHawyZOS_jqUovlTBZxDZxnTB0igOKxg%252C%252C"
target = "_blank" > < img border = "0"
src = "https://crrepo.com/extban/280030620/creatives/23426588/e192295018ae5357d1c5b67ef5e985ad_9166.jpg"
width = "100%" / > < /a>
                                    

#6 JavaScript::Write (size: 739, repeated: 1) - SHA256: 4d56e491131abee010cd708624f61bd1305de3c7f238819564a6c1100bce5d92

                                        < a href = "https://www.maxonclick.com/do/c.php?stamat=m%257C%252C%252CAhIWIiY_tGU3BZ9GH0dEdHP3xP.d6b%252CpMV2tndXg8H4lolpQJzQ0iKbfnqox84D9oAlsoJPox6bwZAIeKNHiaZPyjRRmeZENJcIseBmksOAqShiA6RidqNub-ZzYHYY9Qi7z8PmgknicjlH0vcxtnRssNnkEVRVeDldD1mkmqrDvxxElO_VYm9Pu7lGMBMJTNokOfU_OPhPM4wKms44q0oDOSESgBcdtQVZ2clInN04SKsIaRCeSiTLf0CIV5F4g8Q_hO-FCDezC7FJ_6-DbVRCT39TgsLoAXp18T7zruhvefVRAclNe_xaF1sCiDcThL-AxLEHkb6lI3XhwWBGXwgYk6RqitagcuTxYaLBFogTgYOPSQpDoK5I3eMgRVph91M2V2CoocuIz2VZHExgUiQ_UYtJQFngUa1MtAbjWYWgxpbKpb3_LDTQNlw_BB9YwD4lz2nKDItBLpttx7mKiPotvs3TDJAHFSesf9_zrQ-jZHTpwrUPLg%252C%252C"
target = "_blank" > < img border = "0"
src = "https://crrepo.com/extban/278371020/creatives/23426596/e192295018ae5357d1c5b67ef5e985ad_3890.jpg"
width = "100%" / > < /a>
                                    


HTTP Transactions (105)


Request Response
                                        
                                            GET /external.php?link=aHR0cHM6Ly93d3cxLnppcHB5c2hhcmUuY29tL3YvT1RRUURwN2wvZmlsZS5odG1s HTTP/1.1 
Host: adultgamelist.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         104.21.4.37
HTTP/1.1 302 Found
Content-Type: text/html
                                        
Date: Wed, 07 Sep 2022 12:28:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
location: https://adultgamelist.com/external.php?link=aHR0cHM6Ly93d3cxLnppcHB5c2hhcmUuY29tL3YvT1RRUURwN2wvZmlsZS5odG1s
vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N4%2BaiyZtt1AHmKAwKJhx%2BV0FWFx3GC5BxYYNKsYjxj%2BFHDD9uaHxJkHUO1n0CJOcpkmid6%2BlJufw9WUNrnEdRWqyUkyQ32X9NPZt9%2FjGYogV95BK7keSDVx6EMlnL4gd1v6EYA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746f727e3bc1b529-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   706
Md5:    4ae1d260efd7d494735ac7b74724e505
Sha1:   fbdb7641c3612927dce2c1c624e426d4440c581f
Sha256: e2e8307d168caa27f8d0c0164eef39da2fa997cafa2638dffe13369434eb75ff
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 07 Sep 2022 12:00:18 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: HZ0GyHLjKKJSa6qROE6MLD05HtpHBSxp-drGewHRMejh4jLja7_UhA==
Age: 1720


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    99b7d23c1748d0526782b9ff9ea45f09
Sha1:   eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
Sha256: 48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6294
Expires: Wed, 07 Sep 2022 14:13:52 GMT
Date: Wed, 07 Sep 2022 12:28:58 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Sep 2022 05:15:28 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: hfEZhuvFql23RKRzEiswwWBtSHWfjo0deCd2bFX0esMvNSdFt1Fp7Q==
age: 31344
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 07 Sep 2022 12:28:58 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST /gsalphasha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Length: 1423
Connection: keep-alive
Expires: Sun, 11 Sep 2022 09:16:17 GMT
ETag: "78a3a73fa926290827ee3659f23d560ed506e927"
Last-Modified: Wed, 07 Sep 2022 09:16:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2668
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 746f72811aacb518-OSL


--- Additional Info ---
Magic:  data
Size:   1423
Md5:    4634e96cb70abbf3b018438d8bd6808c
Sha1:   78a3a73fa926290827ee3659f23d560ed506e927
Sha256: c897da642ac8ccd5d498caae59beb2e6f74fe1cf355505f47b83adf1c88343b4
                                        
                                            GET /v/OTQQDp7l/file.html HTTP/1.1 
Host: www1.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         109.201.154.138
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Server: nginx
Date: Wed, 07 Sep 2022 12:28:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: JSESSIONID=BE908CD95393D2E026F30971190DC867; Path=/; HttpOnly zippop=1; Domain=.zippyshare.com; Expires=Thu, 08-Sep-2022 00:28:58 GMT; Path=/
Content-Language: en
Expires: Wed, 07 Sep 2022 12:28:57 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (38078), with CRLF, CR, LF line terminators
Size:   40119
Md5:    61f846fb74818cb0f43f5e36fbe907d3
Sha1:   8e915867fa887e45ebd6ff7b7cdc52c9a0ea5332
Sha256: cbf68133f082d79c5b9ed88f369b589209620b816daae93c4af0f62f1fa64c04
                                        
                                            GET /wro/viewjs-9c29d4e653e865831dc028fdac7e7dfff3be049e.css HTTP/1.1 
Host: www1.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/v/OTQQDp7l/file.html
Cookie: JSESSIONID=BE908CD95393D2E026F30971190DC867; zippop=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         109.201.154.138
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Length: 66707
Connection: keep-alive
Cache-Control: public, max-age=259200000
Expires: Sun, 24 Nov 2030 12:28:58 GMT
Accept-Ranges: bytes
ETag: W/"207098-1654675203000"
Last-Modified: Wed, 08 Jun 2022 08:00:03 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text, with very long lines (38971)
Size:   66707
Md5:    7e0e3e48bd85cdf4041d04d6d265622a
Sha1:   06bd818fbba909a62546da78470bc01fd813076e
Sha256: b6f4ece3f288037b58e9803601d45e812775c0140f09d7860574f6c56781ec1c
                                        
                                            GET /ads.js HTTP/1.1 
Host: www1.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/v/OTQQDp7l/file.html
Cookie: JSESSIONID=BE908CD95393D2E026F30971190DC867; zippop=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         109.201.154.138
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Length: 138
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"157-1654675202000"
Last-Modified: Wed, 08 Jun 2022 08:00:02 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text
Size:   138
Md5:    80ce0db0d04307c0a7e7bfbe492e329d
Sha1:   f8efbdda6799a957baa59e907d466dbc3fd7be90
Sha256: da32bd619e9f9cf48c390020230b751333e2a402fce01635102f340a39f88113
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 12:28:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /sw.js HTTP/1.1 
Host: www1.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/v/OTQQDp7l/file.html
Cookie: JSESSIONID=BE908CD95393D2E026F30971190DC867; zippop=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         109.201.154.138
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Length: 39747
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"103046-1660075830000"
Last-Modified: Tue, 09 Aug 2022 20:10:30 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   39747
Md5:    8eb407280763dcf09beecf329aa120cb
Sha1:   188a5ee64fff4cca2640944ee7bee5c98472fad2
Sha256: e274b58ce593d021577bd2900e8377acfe92c1af4132ad52b78ee6d07149c6b7
                                        
                                            GET /recaptcha/api.js?render=explicit HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.164
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
expires: Wed, 07 Sep 2022 12:28:58 GMT
date: Wed, 07 Sep 2022 12:28:58 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 554
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (852), with no line terminators
Size:   554
Md5:    6e4a38cd105b9075bf2c5d9e4e303181
Sha1:   d787656a4cbb4e51d66e270524dac034bb31a706
Sha256: 3d056e6dd956553d8c40c314c36d92c4306b9a59ccbb05ffd7f26281da7caf16
                                        
                                            GET /wro/viewjs-5c4b087e763baf82dfed5e75dc71d50f709ecb00.js HTTP/1.1 
Host: www1.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/v/OTQQDp7l/file.html
Cookie: JSESSIONID=BE908CD95393D2E026F30971190DC867; zippop=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         109.201.154.138
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Length: 147861
Connection: keep-alive
Cache-Control: public, max-age=259200000
Expires: Sun, 24 Nov 2030 12:28:58 GMT
Accept-Ranges: bytes
ETag: W/"478725-1654675203000"
Last-Modified: Wed, 08 Jun 2022 08:00:03 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text, with very long lines (65535)
Size:   147861
Md5:    1dd393cf506e088f2a0b45a37beabda7
Sha1:   384796f00e05bce54b4bcae1f2dd4e5d0c5c478a
Sha256: c9420067db3629caab61a3e5983ef9b303d24913f01c2a3307ee0e392cc87616
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 17:03:57 GMT
Expires: Mon, 12 Sep 2022 17:03:56 GMT
Etag: "89c5cac1fd0fad8b51e4508ea75d2321459ea994"
Cache-Control: max-age=447897,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 746f7282eb35b515-OSL

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 12:28:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 17:03:57 GMT
Expires: Mon, 12 Sep 2022 17:03:56 GMT
Etag: "89c5cac1fd0fad8b51e4508ea75d2321459ea994"
Cache-Control: max-age=447897,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 746f7282edf5b503-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 17:03:57 GMT
Expires: Mon, 12 Sep 2022 17:03:56 GMT
Etag: "89c5cac1fd0fad8b51e4508ea75d2321459ea994"
Cache-Control: max-age=447897,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 746f7282d9b01bfe-OSL

                                        
                                            GET /?kcpsd=843055 HTTP/1.1 
Host: ds88pc0kw6cvc.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.245.18
HTTP/2 200 OK
                                        
content-length: 49664
date: Wed, 07 Sep 2022 12:28:58 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eVY3FekKHsni9WKX4TcrSLhWSgUqxg08HQ6vtZc6XlWQWiYklKp3Jw==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (15952)
Size:   49664
Md5:    fa8f4739766c8441bb6fa30e94aeb3f9
Sha1:   30c2be1dc30c92cdebe2dc445b202470ceba582f
Sha256: 020199ef57013772c4c0ebb926ef186881407bc5349db4568490e527a8a33412
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Wed, 07 Sep 2022 11:38:18 GMT
Expires: Wed, 07 Sep 2022 12:02:39 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: hrqcm3EZgVas4rqxAfh0eP0o9tEfIDnnYN-YDXqs7c-D3W0d3bSf0A==
Age: 3040


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 12:28:58 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 17:03:57 GMT
Expires: Mon, 12 Sep 2022 17:03:56 GMT
Etag: "89c5cac1fd0fad8b51e4508ea75d2321459ea994"
Cache-Control: max-age=447897,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 746f72847d41b515-OSL

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A969DEEDE58C8C0229D7BCED1C2D7F63F622F4C1BEF5E5348AE9B49BF603653E"
Last-Modified: Sun, 04 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11845
Expires: Wed, 07 Sep 2022 15:46:24 GMT
Date: Wed, 07 Sep 2022 12:28:59 GMT
Connection: keep-alive

                                        
                                            GET /?amuld=726474 HTTP/1.1 
Host: d10lumateci472.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.245.49
HTTP/2 200 OK
                                        
content-length: 36045
date: Wed, 07 Sep 2022 12:28:58 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Ura3ZHQzVsfYpuk748D7Z53-Lc7ordzSYHa_o_7NTKwm5jeE2GDSfQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (15478)
Size:   36045
Md5:    4211f20ba846061c1a3531d75daf95f0
Sha1:   f187fb44017cb825e8df2a16b76507feddb85182
Sha256: f1df5991c077cc0f6112a111937664a2b06088efea352536f06fbbe13803f654
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6407
Cache-Control: max-age=163471
Date: Wed, 07 Sep 2022 12:28:59 GMT
Etag: "63185113-1d7"
Expires: Fri, 09 Sep 2022 09:53:30 GMT
Last-Modified: Wed, 07 Sep 2022 08:06:43 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /images/favicon2.ico HTTP/1.1 
Host: www1.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/v/OTQQDp7l/file.html
Cookie: JSESSIONID=BE908CD95393D2E026F30971190DC867; zippop=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         109.201.154.138
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Wed, 07 Sep 2022 12:28:59 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: public, max-age=25920000
Expires: Tue, 04 Jul 2023 12:28:59 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B50227312AAB2253D40CF00929138236131FAF61E079E2FFCC5AB6A44749E52F"
Last-Modified: Tue, 06 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11119
Expires: Wed, 07 Sep 2022 15:34:18 GMT
Date: Wed, 07 Sep 2022 12:28:59 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "DCA99AA64D1B91C4368D043F519D2C6B3F99C5A8B5A6610076CE1DE2B04818EE"
Last-Modified: Tue, 06 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3900
Expires: Wed, 07 Sep 2022 13:33:59 GMT
Date: Wed, 07 Sep 2022 12:28:59 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "DCA99AA64D1B91C4368D043F519D2C6B3F99C5A8B5A6610076CE1DE2B04818EE"
Last-Modified: Tue, 06 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3900
Expires: Wed, 07 Sep 2022 13:33:59 GMT
Date: Wed, 07 Sep 2022 12:28:59 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "DCA99AA64D1B91C4368D043F519D2C6B3F99C5A8B5A6610076CE1DE2B04818EE"
Last-Modified: Tue, 06 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3900
Expires: Wed, 07 Sep 2022 13:33:59 GMT
Date: Wed, 07 Sep 2022 12:28:59 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "DCA99AA64D1B91C4368D043F519D2C6B3F99C5A8B5A6610076CE1DE2B04818EE"
Last-Modified: Tue, 06 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3900
Expires: Wed, 07 Sep 2022 13:33:59 GMT
Date: Wed, 07 Sep 2022 12:28:59 GMT
Connection: keep-alive

                                        
                                            GET /UGtBdEV/VCIHeAQsCEUIFCFkRgcHDAQ2Bj45EDYiOyokGCYdKiYlYyQCJUlyYl11Q3F2GygQeGJSZwcxMR80B3hhTSgaIz9WZwJ4YUVxWnBpRXBSMG1aZwA1MQx8RWMgHzUYeGFdd0ZwZVh2R3dmWHM HTTP/1.1 
Host: ayassociallya.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.81.61
HTTP/2 204 No Content
                                        
date: Wed, 07 Sep 2022 12:28:59 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lkV7yy7Y6iV8OZj1ap5fUQm6bhUmgi538uRnhy4LImnN7u2GFjkZRvlCm0FF5zcUNvx1iChHJ7JzlYJhC2z4kQY0Ry8VzK0%2BpRlnLtwOQUQnKRiYg9%2F9%2FFNDUbCkRrfiEKes4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f72868ab0b524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /b2IycHdAXVEDSgxRZDsUOAZ3IT8DJ2QbISEEZyoiPidwRiQ5WhQEHgtfCkREX1cHVgcGBg9DRUkRRhEDGhEPQkdfVRQZGQkND0JRGV8CXk9BWxxBURpfA1YDHwNVTUZJEkYEG1JTBEZFWlcBR0RdVARJ HTTP/1.1 
Host: ayassociallya.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.81.61
HTTP/2 204 No Content
                                        
date: Wed, 07 Sep 2022 12:28:59 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7MXA3JiWFMB5RjGMXVy%2BxoqxMocpBH2lFISfESLSjXeh1k5nIOOCvW1KsWdBkDEDDZSP3%2FpyNBlBYB9TqHjDRidj6jSDYKmndSqMthZ5u%2FjXDBCg2vze9%2FVYcpQhSW6w5dCWnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f72869ac4b524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /cWN4VmFeXBslXCs0F2QCGlYrDhYnKx5nLyIiLQBYJw9AETIfOl4iCBVeQGJSQVZNcBEYB0VlU1cQDDcVBBBFZ0cYDR45XFcVRWZPSU1BeFBXFkVnRwUTGTFcQEUIIhUdXklgV0NWTWVWQlFOYFY HTTP/1.1 
Host: ayassociallya.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.81.61
HTTP/2 204 No Content
                                        
date: Wed, 07 Sep 2022 12:28:59 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yPjosMw7ZIPZVvG2QDOZRhvoShlWJ5UFOESx%2BUyzzXuM8H4sS7VcyBRJ%2BbUb%2Fw8L5Tix0QqJT7AyUkm%2F%2FNLB4pmZoas13PYEBdub7kTOC7oY0AvilLI5HBF65z4kJtj5Mu2Q9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f72869ac7b524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /1d/35/84/1d3584ff950f38d5b2e10bc2994be620.js HTTP/1.1 
Host: replacementportugueserecollection.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.9
Date: Wed, 07 Sep 2022 12:28:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f1ce18ca2cf87295de9cdcd5b4d05536
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (53759), with no line terminators
Size:   17182
Md5:    cecbff92dca8cc2e8e2ac8114842f9c4
Sha1:   79c921828353d2fb5f3712746eef1a9c90ba6e8e
Sha256: c56a980ada08cbb3b13aaf74eb7aa5ee165c48562807470968b993d9ddc7c81b

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            POST /WWVKMTN2WilCDgpVewRnDityVHYpUR9fAmgxJEFiPC0ie1cPFmxFWj1YcgUAaVB/F0MwAXcCAX8WPlBHLBZ3AwNpUmxYXT8KdwMVL1h6Hwt3XGQAFSxYexdHKQQtDAJ/FT5FX2RUfAcBbFB5BgBrUn4G HTTP/1.1 
Host: ayassociallya.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         104.21.81.61
HTTP/2 204 No Content
                                        
date: Wed, 07 Sep 2022 12:28:59 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t080ThhYgQah9fHOj3rGGmlxC9W7j4EkiQVuNS%2BKdYmQH4PlV2ertZyB3B7NVfOqa46nVtGnw%2BiUV4q8j4Sw8EcKzPjx8mMOGf43FeCLwkDhl%2BYpobmhyPTVNCCPIdGqc%2BH7fA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f7286db4db524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /popunder.gif HTTP/1.1 
Host: ayassociallya.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.81.61
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 07 Sep 2022 12:28:59 GMT
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 62539
last-modified: Tue, 06 Sep 2022 19:06:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cnc3m6q1qvRYs2hPWnUugG%2Feo0PCTyUPTym%2BrOI2pSmSO3jLJTIN06WoQFIagsPvMaO67tVuoTdIOoyRtCz%2FIfqZhbCUMijuG1g18oSvXTNcqw7kjfUSF979kgWgfylfLi6hlw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746f72869ac2b524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   379
Md5:    ec1d0f1f6cde1c434cb72dec89939b97
Sha1:   d77296754de8d6c01c094a829da4908b411fd467
Sha256: 8eb4e9bdcb0b49e0964df2c5f316d92012dfcf65db0a09465c63e25c1349a11f
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: k4IldhRw9w9WS+72YBPIFQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.187.146.10
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iI0Smw9YlWB7nds2v8R3dP7IeIc=

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 07 Sep 2022 12:28:59 GMT
Last-Modified: Wed, 07 Sep 2022 11:57:44 GMT
Server: ECS (dcb/7FA7)
X-Cache: Miss from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: g3tLBtBLDbW-vDLNCVz1hy5A7yrVTHRQoP-NVlNcHvtVBI7dc3MkBQ==
Age: 1875

                                        
                                            GET /sw.js?b1c2U240dQFhX1lkAXFCTXUacQtfZQ5rWAlhG2YPCWcbZwpYZRtqWV41G2cPV2QBZVlcYQFmD017FDVdWTRUalwMegRgXQ16AmteC3oPalhfeg5gX1gyVTFZDmZUZExDdUUkTEN1XSALBz5YOAcbIBg7DwYlFH9MXmcYZkxDMVc%2EHQp7UDICHDIaNQ8DJFMO HTTP/1.1 
Host: www1.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: JSESSIONID=BE908CD95393D2E026F30971190DC867; zippop=1; zippyadb=0
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         109.201.154.138
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Sep 2022 12:28:59 GMT
Content-Length: 39747
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"103046-1660075830000"
Last-Modified: Tue, 09 Aug 2022 20:10:30 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   39747
Md5:    8eb407280763dcf09beecf329aa120cb
Sha1:   188a5ee64fff4cca2640944ee7bee5c98472fad2
Sha256: e274b58ce593d021577bd2900e8377acfe92c1af4132ad52b78ee6d07149c6b7
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "604F30F23D59DFE745AF62DFE586C0135ACD11F5C369298ABCA51ED81A20A2A2"
Last-Modified: Mon, 05 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10307
Expires: Wed, 07 Sep 2022 15:20:46 GMT
Date: Wed, 07 Sep 2022 12:28:59 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 12:28:59 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 11:32:38 GMT
Expires: Mon, 12 Sep 2022 11:32:37 GMT
Etag: "eb0353a271fdadd5a5c07acffebc655c7178083e"
Cache-Control: max-age=428017,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 746f728998ccb503-OSL

                                        
                                            GET /utx?tid=721637&top=www1.zippyshare.com&cb=ttrNTyK5MWVV HTTP/1.1 
Host: ablesasmetotr.monster
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.7
HTTP/2 204 No Content
                                        
date: Wed, 07 Sep 2022 12:28:59 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www1.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 07 Sep 2022 12:29:59 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: agK5r-q-4Mm9VY7K7jrqfdq5N--O4sjAWRREOZZusVMyEL_McKxj8Q==
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "552630DD7A6F6D55724BB33BA44222215265F19DA0FD4C9C69F716E7FC26655D"
Last-Modified: Wed, 07 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11563
Expires: Wed, 07 Sep 2022 15:41:42 GMT
Date: Wed, 07 Sep 2022 12:28:59 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ksehinkitw.hair
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 386
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         107.22.28.167
HTTP/2 200 OK
                                        
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            GET /bjRndjk1FlBECFgHUFQVTBZLVFxeBl9ODwgCSkNYCARKQl1ZBkpPDl9WSkJYVgdQQA5dAlBDWEwYRRAKWFcFTwsNGVVFCgwZU04JChleTw9eGV9FCFlRBBQODwUFQRtCFhQBG0IWDAVcBl0JHVAaQ0keWAdGRVobXwRJQxtCUgYaSgsYARdVHVFLEFgCRwIr HTTP/1.1 
Host: ksehinkitw.hair
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                         
                                         107.22.28.167
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
set-cookie: e7c79b94dc38c5e879e841798b37cd65=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8445-aqT7XLTMp2xGL4eF+3rAv4uEPR4"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (33861), with no line terminators
Size:   13202
Md5:    b4714fa6341973c277b3e8aa13685c37
Sha1:   2b42ddebb10817acf687bb46db8b0d5d7b97079a
Sha256: fd9608ab0357fec5261d34780526e2387a6524c38d0adea41bfe8d8833a2426c
                                        
                                            POST / HTTP/1.1 
Host: ksehinkitw.hair
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www1.zippyshare.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://www1.zippyshare.com
Content-Length: 348
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         107.22.28.167
HTTP/2 200 OK
                                        
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            GET /ca/66/21/ca6621f64bcdfd0a5aa2af7c57675832.js HTTP/1.1 
Host: perryvolleyball.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.13
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.6
Date: Wed, 07 Sep 2022 12:29:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2b9f54b44f1e1c084a62f085aa4a2f93
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (37142), with no line terminators
Size:   13409
Md5:    8274745a3886d49cea4027475ab6735c
Sha1:   b4d6262561d6a08c58fd500e5cea75b3321bda43
Sha256: 30d0479b28b9bf3c8c272133540b33876fe8e2260b973a0e9a849651ad392f81

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4FAF02CCB2693370B69139BAEB5F5731D96309F5E2469A7DC560A3B6563B0A8F"
Last-Modified: Wed, 07 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11635
Expires: Wed, 07 Sep 2022 15:42:55 GMT
Date: Wed, 07 Sep 2022 12:29:00 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 07 Sep 2022 12:29:00 GMT
Last-Modified: Wed, 07 Sep 2022 12:01:57 GMT
Server: ECS (nyb/1D15)
X-Cache: Miss from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 66Z5siLghmVtOPO9-qcTiKBoFbOT-LL0E4fQ7198q48tsdORcvgUDg==
Age: 1623

                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         52.28.172.243
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Wed, 07 Sep 2022 12:29:00 GMT
content-length: 40
server: fasthttp
access-control-allow-origin: https://www1.zippyshare.com
access-control-allow-credentials: true
set-cookie: uid_id2=eb8d8101-db77-4943-a551-47fd18247ef8:3:1; expires=Sat, 04 Sep 2032 12:29:00 GMT; secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    2e117bd5447db2295c89b2acd50ea2ad
Sha1:   5cafbce9081ecf9a9284d245522dbaa3549ed99f
Sha256: 35965d852f2830f49264b55377f5d1ec75010989a61ceb735414c363691985af
                                        
                                            GET /a/display.php?r=1142801 HTTP/1.1 
Host: www.maxonclick.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         35.190.68.123
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: openresty
date: Wed, 07 Sep 2022 12:28:58 GMT
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   6071
Md5:    e6aab8334a1facc10aade476eb92b688
Sha1:   5c5aba3d17d55651879d6879bf4300dba422df70
Sha256: 877eeccb305abbde6bd799c44bd1ef51f062aacc6c4ac3f2d6bc37eab6e254dd
                                        
                                            GET /sfp.js HTTP/1.1 
Host: creepingbrings.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.234.233
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Wed, 07 Sep 2022 12:29:00 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 495b684b49dcaf97250277a2bc3ffeba
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 07 Sep 2022 12:29:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZKfOsFpAu%2F%2FOnTywOIpwjZoCPVVvPAnnFFNZTKk%2BRNVl4JtK0E6WwNu3J1FABgE0Vr7fqp%2FqMrTUqsIzbMaNh1L04MeUMfK8PwOKELgicss97f4OcdQ2phIG8sCffZ3NSo%2FgjDg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746f728cbfebdd83-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size:   139485
Md5:    6e9cfa0bd973b5d3ffa32c4fab5d2623
Sha1:   c9e270650ce01f5aff4c47220eaf61414b677413
Sha256: a4724865c76f82a2561fff7243f13000595daf8dc337dbf647a06455a41711ac
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "C8DB2779B77F006E79DA5FBAC511FD2E3978DAC73C6533A307742AC09585278A"
Last-Modified: Wed, 07 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9780
Expires: Wed, 07 Sep 2022 15:12:00 GMT
Date: Wed, 07 Sep 2022 12:29:00 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "C8DB2779B77F006E79DA5FBAC511FD2E3978DAC73C6533A307742AC09585278A"
Last-Modified: Wed, 07 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9780
Expires: Wed, 07 Sep 2022 15:12:00 GMT
Date: Wed, 07 Sep 2022 12:29:00 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "C8DB2779B77F006E79DA5FBAC511FD2E3978DAC73C6533A307742AC09585278A"
Last-Modified: Wed, 07 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9780
Expires: Wed, 07 Sep 2022 15:12:00 GMT
Date: Wed, 07 Sep 2022 12:29:00 GMT
Connection: keep-alive

                                        
                                            GET /advertisers.js HTTP/1.1 
Host: d24ak3f2b.top
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         64.58.113.244
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.6
Date: Wed, 07 Sep 2022 12:29:00 GMT
Content-Length: 0
Connection: keep-alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 12:29:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /extban/278371020/creatives/23426596/e192295018ae5357d1c5b67ef5e985ad_3890.jpg HTTP/1.1 
Host: crrepo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.maxonclick.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.235.114
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Wed, 07 Sep 2022 12:28:59 GMT
last-modified: Thu, 03 Mar 2022 16:56:37 GMT
etag: W/"6220f345-1d8b1"
via: 1.1 google
cache-control: max-age=14400
cf-cache-status: HIT
age: 3126
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dyTMX0Gbz9qJxiF1Il0bJCalrQwg%2FSMDx%2Fx%2FQnoKL2jN5bl2%2F2lj4N4%2FurOP%2Fg2I%2FKiq1ORIdZ0VK5dQyGgpJEfjrACB0EfdvMo%2FeoDSJjnx1WTN6WZ9J3%2BWqOyj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746f728828e5dd80-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Size:   279065
Md5:    1b18c6a95c158fd369f08ceb8547d0b4
Sha1:   c90ab5cad8545dc8254e9c68cd96636b1ba3cb17
Sha256: 748c0763b427bf55fb8e862f9d7968ef5138c75821c115aa5c0ef07bb8dd9293
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 12:29:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /Vc2dJTXEQCCcrTgcOLXBJR1R5eERVDToiHwNaDzgGCQocISMZEg50MykSbzkLF1p5ax0SCS5wVxYJKnBAVQYtL0xDQT09HhhaPCMVFgEgIxQXQTwsTB4IMyQdHwZsfzdGSXloQ0NPMXxAVlQLaENDCyAjBAtCe30JS1EWe0VWVAtoQ0MVP2hCMl5/Y0FaQn-t9FhYEIiJUQSF7fUBDV3h9QFZVeSsYAQIvIglWVQ90R11XbzhMQg HTTP/1.1 
Host: ds88pc0kw6cvc.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.245.18
HTTP/2 200 OK
                                        
content-length: 366
date: Wed, 07 Sep 2022 12:29:00 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ORskuiBGEQNT11GHu592gQt1iRpwh360L4VWco3U0Zx_OHlwxtSJaQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (459), with no line terminators
Size:   366
Md5:    85155a2d0e4382b67999e00dc38b9baa
Sha1:   f684ef8fc5c62ce0c3e790e26852d03c714b411d
Sha256: ab3f58bc416ce7a8129e351907dbac8f08ae26e6d55d4b578dbfe788f2636e1f
                                        
                                            GET /utx?cb=ay0f1GtqFwDM&top=www1.zippyshare.com&tid=726474 HTTP/1.1 
Host: opertyvaluat.autos
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.74
HTTP/2 204 No Content
                                        
date: Wed, 07 Sep 2022 12:29:00 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www1.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 07 Sep 2022 12:30:00 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GPc5UHSJ1-BeLAZJrKeQjc24wB12AJy_6SBqdSMP-HXRu_lq4fEYhQ==
X-Firefox-Spdy: h2

                                        
                                            GET /addthismoatframe568911941483/moatframe.js HTTP/1.1 
Host: z.moatads.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.38.201.146
HTTP/2 200 OK
content-type: application/x-javascript
                                        
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
x-amz-request-id: 61EC92F13BB22DD4
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-length: 948
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=12297
date: Wed, 07 Sep 2022 12:29:00 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (523)
Size:   948
Md5:    f14b4e1f799b14f798a195f43cf58376
Sha1:   b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86
Sha256: 92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac
                                        
                                            GET /multi?cs=c3lkbGlBQVBdUUtLV1VbRUxdXl8&abt=0&red=1&sm=76&k=zippyshare%20bondage%20lily&v=1.0.59.1&sts=0&prn=0&emb=0&tid=726474&fs=1&ref=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_bIvA=1662553732750&crc=1 HTTP/1.1 
Host: opertyvaluat.autos
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.74
HTTP/2 200 OK
content-type: text/plain
                                        
content-length: 1572
date: Wed, 07 Sep 2022 12:29:00 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www1.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=b1ae41c0-590e-4552-bc49-2f4a53d36428
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uHOXFNX4YA9WRrUDSwPIgHGQji8Gw9Q-6Ix9kGp6eOUKhhiS41C02Q==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3235), with no line terminators
Size:   1572
Md5:    c48b13af7d37d4b7ea21c9cf62300107
Sha1:   265efa327141b526e4c2d59d6218fa6b3e930fd3
Sha256: 77a66de268b80537e97fd26ba65cb577604a8759e5c9246079b301c8cf8e166c
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7088
Expires: Wed, 07 Sep 2022 14:27:08 GMT
Date: Wed, 07 Sep 2022 12:29:00 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe32c4c11-63fc-45cc-8135-a07269f9cfff.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10271
x-amzn-requestid: 35becc3c-0dd1-431e-ab12-9c4309b4b4ad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDq2jEU4IAMF-Ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317be90-6230a24936c52c523c5cb51b;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 21:41:36 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: HmdB8KJC3CWB5P3VZpUybK5b1415u-fV9mU8FGSMvEP_3K89JKi8-g==
via: 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 22:19:32 GMT
etag: "b01d56a5089b4603c0457635cb27fb3e674f65d1"
age: 50968
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10271
Md5:    e394af6d0aec5b71edd498560f9ec203
Sha1:   b01d56a5089b4603c0457635cb27fb3e674f65d1
Sha256: 95a5f3cf75273226304f1bda382bb4e6b3b1b93102680e088679cd6ab456d9b4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ef55d7-b6c2-4550-aff3-c9052f7d4816.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6214
x-amzn-requestid: 46a44af0-e547-49e8-bc39-f6c49d94e375
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xj_0HFKbIAMFRbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630b134d-0297c83c305422fa51b86dcf;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 07:03:41 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _ZKcuRO8Z6wBMdm79iDZj5uRYk4YYpYJqOoG8hZqY81O0R7hfbe5bQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 05:12:06 GMT
age: 26214
etag: "50f1459de01174e594e03e7df4dfaa8eb1798672"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6214
Md5:    f922505178de0cea92eedcfda85a9f67
Sha1:   50f1459de01174e594e03e7df4dfaa8eb1798672
Sha256: 981cd58768d6ad841673add855ddcc7106fbc85de05db9a1bd2d6bc8928b4c2c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8510bf06-7808-4fda-a5d9-b75fc73021c9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12661
x-amzn-requestid: 71ef9e09-ccf1-4930-865d-665ece4bf3a6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3hXnFnXIAMFqKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312e296-627daf7c7ad3e23a60b183cd;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 05:13:58 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: xwunW741LulZXvM0har5nqrcCiyYoUwvhCWiPsEvs5P2VKSe476_Cw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 22:14:32 GMT
etag: "dd9cd9b711d7112efa85eff8a798346dbd7d5f5f"
age: 51268
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12661
Md5:    79f4356c488498012cc7fc03be21e3df
Sha1:   dd9cd9b711d7112efa85eff8a798346dbd7d5f5f
Sha256: ebd84bf1db6b39b92be1020c7ea5c32eaa23dfb347ec83941d5bc56e80855ebc
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b220c7c-ed68-4f56-82a7-5748d044635a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8462
x-amzn-requestid: 1a501a0a-2671-468b-885b-2a2efb73bc2e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDq64HbCIAMFjGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317beab-395f6d1436b027ee60d00abd;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 21:42:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: ZWf6CXKcClMXAXmFXNp0sxVCMUFyZqhhh7B83tJMX_jvteLRDzG8QA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:42:04 GMT
etag: "cde85fbe83c9e29618edf4e05002bd623e3ab965"
age: 53216
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8462
Md5:    70c964498818242b742575cfa1769b67
Sha1:   cde85fbe83c9e29618edf4e05002bd623e3ab965
Sha256: bdb0e76fe216f742789ba5a77645c640fe0c7f207707181e618fa31d4cf58605
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faba86944-df9f-4d50-9b10-d50644b978e3.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4805
x-amzn-requestid: 270858f2-c94d-4047-8e3b-c49a5a603610
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XjbiJHuZoAMFpSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630ad940-3ba2164762e4f74227b6a23b;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 02:56:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: do30zKZmrP_j4feGGu8G39ibskE4dXxTL8YzpAR7PCFpQuJalYeJqA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:57:13 GMT
age: 52307
etag: "5200b601017ce86614783b76fd2a775c1c48d4e9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4805
Md5:    4f29d8aaae2d67c27c58001e7553dea7
Sha1:   5200b601017ce86614783b76fd2a775c1c48d4e9
Sha256: 6b55c4d692cf584e0319b07251d9845749fe8954062dab66e003dd2706451504
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46aec6c9-5dde-4aba-879c-d92f0cfec73f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13523
x-amzn-requestid: b2c7ccfe-afe6-4d77-acc0-5e62df08a1c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xz3f2Eh2IAMFSig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63116c65-44dfff0c0bc9901a58748862;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 02:37:25 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: n6BxAAOIhcTjxBEFBBdGH3dX38cSrxmIgy1ycXRe1yXW4HAwmbLE8A==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 23:35:19 GMT
age: 46421
etag: "800998b57db224e881f26b245baa4da9626d9f0a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13523
Md5:    f754103a24f76f89b092a30c13f2d5d5
Sha1:   800998b57db224e881f26b245baa4da9626d9f0a
Sha256: 2d535af5239ad8c836cb8545ae6bcc957b3ebcf5ae3abe60fb4281c9e268b0be
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "C8DB2779B77F006E79DA5FBAC511FD2E3978DAC73C6533A307742AC09585278A"
Last-Modified: Wed, 07 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9780
Expires: Wed, 07 Sep 2022 15:12:00 GMT
Date: Wed, 07 Sep 2022 12:29:00 GMT
Connection: keep-alive

                                        
                                            GET /HRjBBekUlXy8cejJZJUdydAZ1TXFgWjIVKzYNBiAQdFE4SyBwfjtJLmBEOx54dhYtGyshDWcfKyUNcFwkIlJ8SmMyQC4ReD5ZJxg/NVYlESxgRSBHKClKKBYpJxVzPHBoAGRIdW5IcEtgdXJkSHUqWS8PPWMCcQJ9cG93TmB1cmRIdTRGZEkEfwZvSmxjAn-EdICVbLl93AAJxS3V2AXFLYHQAJxM3I1YuAmB0dnhMa3YWNEd0 HTTP/1.1 
Host: d10lumateci472.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.245.49
HTTP/2 200 OK
                                        
content-length: 466
date: Wed, 07 Sep 2022 12:29:00 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SY0cQU6KW81wcMZDSnbyC2TC6zX99AFclInAIHIBhQ8zHIc12xuDGQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (605), with no line terminators
Size:   466
Md5:    3791d4bd49530b17b31bf82a179e4599
Sha1:   724fa709cf6414c363ab73898ad1c69c72d4d489
Sha256: 017644088884dd6dbd8b4eb8ce1effda639ee223a2de5c7459eb693ac64942c9
                                        
                                            GET /static/sh.f48a1a04fe8dbf021b4cda1d.html HTTP/1.1 
Host: s7.addthis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.38.200.123
HTTP/2 200 OK
content-type: text/html
                                        
server: nginx/1.15.8
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Wed, 07 Sep 2022 12:29:00 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63757)
Size:   26421
Md5:    707317ccaabe08d32d1bd781754e6871
Sha1:   bb82dcd3e044c960e0861c2ce878f5504e628f78
Sha256: d0a164ece41c61aec26517fb645646f5ba91f72ea5448eff1ee6c393b7c53051
                                        
                                            GET /live/boost/ra-4d7009770839a69f/_ate.track.config_resp HTTP/1.1 
Host: v1.addthisedge.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.38.200.123
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
                                        
content-length: 394
etag: -1051258987--gzip
content-disposition: attachment; filename=1.txt
content-encoding: gzip
cache-control: public, max-age=6, s-maxage=86400
date: Wed, 07 Sep 2022 12:29:00 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (959), with no line terminators
Size:   394
Md5:    a56b6037cbe0514682f237a248cb225a
Sha1:   13c4d58372a70db705a2413b9abbd32de3c8ea70
Sha256: 45fc6ad9d670562601f73fd77a7e63112f8efe24fa49a85e093ab02126b4f193
                                        
                                            GET /live/red_lojson/300lo.json?si=63188e86451092a0&bkl=0&bl=1&pdt=674&sid=63188e86451092a0&pub=ra-4d7009770839a69f&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www1.zippyshare.com&fp=v%2FOTQQDp7l%2Ffile.html&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1662553734282&jsl=1&uvs=63188e867507dad3000&skipb=1&callback=addthis.cbs.jsonp__15734682921263620 HTTP/1.1 
Host: m.addthis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.38.200.123
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
                                        
content-length: 89
cache-control: max-age=0, no-cache, no-store, no-transform
pragma: no-cache
content-disposition: attachment; filename=1.txt
date: Wed, 07 Sep 2022 12:29:01 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   89
Md5:    c7ec27799041f8ad41eaeefa75405c49
Sha1:   2c79a0d952b4ebb2658ca5e7e80cccc895e7cc4d
Sha256: 136b81871279c0cbb524663f5e77dc14f9e779a5e72a59e92c27d8ae47310187
                                        
                                            GET /floater?cs=R1dnZk9wYlRTfnFvUFF8dGJXXnc&abt=0&red=1&sm=83&k=zippyshare%20bondage%20lily&v=0.8.9.1&sts=0&prn=0&emb=0&tid=843055&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_6KyC=1662553732747&crc=1 HTTP/1.1 
Host: opertyvaluat.autos
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.74
HTTP/2 200 OK
content-type: text/plain
                                        
content-length: 3624
date: Wed, 07 Sep 2022 12:29:00 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www1.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=56725d3c-4411-4524-a151-954102a8f1e5
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Gj_pmdZZmVhJN-15VzPXolVjNxMfMHhe2Id1y_YlJoixofo7F7Ne7Q==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5339), with no line terminators
Size:   3624
Md5:    bd8b70de2ac2d18f8caa2e12cf9320b8
Sha1:   fc006080c2fcbf56b63ac799e7aaf137b0934170
Sha256: 9009ecdc5da1091498e2fd35cab500d9602ad2cd9262f5f450440bc805750bce
                                        
                                            GET /static/layers.fa6cd1947ce26e890d3d.js HTTP/1.1 
Host: s7.addthis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.38.200.123
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx/1.15.8
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-41cf5"
timing-allow-origin: *
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 77672
date: Wed, 07 Sep 2022 12:29:01 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size:   77672
Md5:    9a77dff666eebb6cf4bbc4c67c7b563b
Sha1:   9e98d7824a7b4e34665c2690d6f52caddad1fe4b
Sha256: 6cdf8e597f3cbe759531153fd926d51aeaebd836a1c9bc1436e079645bfd3ad7
                                        
                                            GET /a/display.php?r=1142807 HTTP/1.1 
Host: www.maxonclick.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         35.190.68.123
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: openresty
date: Wed, 07 Sep 2022 12:28:58 GMT
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   2963
Md5:    299076e77db78b6dd4c78295154eb27b
Sha1:   e393c4f551d8982c98d2d2ea88ef87378dfcc811
Sha256: 6282f6f1ccd5415fb0f012ba2a1eb77ecaae1f93f3070987ea215acda3239950
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "18B245D8CF9427A2FAB1793342EC08D8B1967083AAD465785540D7F6BBC1AF01"
Last-Modified: Mon, 05 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10523
Expires: Wed, 07 Sep 2022 15:24:24 GMT
Date: Wed, 07 Sep 2022 12:29:01 GMT
Connection: keep-alive

                                        
                                            GET /static/125.c67f34a1c8d546f5900e.js HTTP/1.1 
Host: s7.addthis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.38.200.123
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx/1.15.8
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-346"
timing-allow-origin: *
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 511
date: Wed, 07 Sep 2022 12:29:01 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (838), with no line terminators
Size:   511
Md5:    e02aca9ac7f599f09da7c89606af0b47
Sha1:   dd33e0b0b5c6a92acc26c87c74e1567ad32f0600
Sha256: f13686a68bfdcb2f0a03a7d90f742b039702c653ce99c003ad95c5def964f6bc
                                        
                                            GET /pxf.gif?uuid=eb8d8101-db77-4943-a551-47fd18247ef8&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=1d3584ff950f38d5b2e10bc2994be620&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12 HTTP/1.1 
Host: unseenreport.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.12
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.6
Date: Wed, 07 Sep 2022 12:29:01 GMT
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ce5fc6566332845a275dd57a3a93c7f3
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    93b885adfe0da089cdf634904fd59f71
Sha1:   5ba93c9db0cff93f52b521d7420e43f6eda2784f
Sha256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /api/info.json?url=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&jsonp=_ate.cbs.rcb_6n7b0 HTTP/1.1 
Host: www.reddit.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.140
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
x-ua-compatible: IE=edge
expires: -1
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store
x-ratelimit-remaining: 299
x-ratelimit-used: 1
x-ratelimit-reset: 59
access-control-allow-origin: *
access-control-expose-headers: X-Moose
x-moose: majestic
accept-ranges: bytes
date: Wed, 07 Sep 2022 12:29:01 GMT
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: csv=2; Max-Age=63072000; Domain=.reddit.com; Path=/; Secure; SameSite=None edgebucket=ZfXQJzMky2tB0ssYYR; Domain=reddit.com; Max-Age=63071999; Path=/; secure
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
content-length: 144
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   144
Md5:    51a069ef254e68a3458bcd141bdf88ce
Sha1:   6120ecac9c9612404d9ec9fb663b57620e54ecd6
Sha256: 97aeacd061effe2747eba9ea1792abd40f8fc1960fa6e48a4a6b647d05fa4bf6
                                        
                                            GET /api/info.json?url=http%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&jsonp=_ate.cbs.rcb_dh0z0 HTTP/1.1 
Host: www.reddit.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.140
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
x-ua-compatible: IE=edge
expires: -1
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store
x-ratelimit-remaining: 298
x-ratelimit-used: 2
x-ratelimit-reset: 59
access-control-allow-origin: *
access-control-expose-headers: X-Moose
x-moose: majestic
accept-ranges: bytes
date: Wed, 07 Sep 2022 12:29:01 GMT
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: csv=2; Max-Age=63072000; Domain=.reddit.com; Path=/; Secure; SameSite=None edgebucket=w8Lg6YOV4MwQBacKwr; Domain=reddit.com; Max-Age=63071999; Path=/; secure
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
content-length: 144
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   144
Md5:    aecc5c76d142865c2c73c604d965a1eb
Sha1:   2eb3777af5b55c61a480077085762777474c9989
Sha256: 3785c550dc8c434f2f7ff8b8d6a85a2d8533d396326557d0f524d9ec66f43c91
                                        
                                            GET /pxf.gif?uuid=eb8d8101-db77-4943-a551-47fd18247ef8&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=ca6621f64bcdfd0a5aa2af7c57675832&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12 HTTP/1.1 
Host: unseenreport.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.12
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.6
Date: Wed, 07 Sep 2022 12:29:01 GMT
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dba58691d3fe6ffeca77b75ec4103d95
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    93b885adfe0da089cdf634904fd59f71
Sha1:   5ba93c9db0cff93f52b521d7420e43f6eda2784f
Sha256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /url/shares.json?url=http%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&callback=_ate.cbs.rcb_i8440 HTTP/1.1 
Host: api-public.addthis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.38.200.123
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx/1.15.8
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
surrogate-key: www1.zippyshare.com/v/otqqdp7l/file.html
last-modified: Wed, 07 Sep 2022 12:29:01 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 53
date: Wed, 07 Sep 2022 12:29:01 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   53
Md5:    38c7e8a235b57e85ee981a8255cedaf6
Sha1:   d81e73e49909e0119f7c9a0efca2748bc4e1e070
Sha256: 91279ed9e7741eedb997a6ef39f18c13d2ede6d47ae4c5cec2dad116cf413d42
                                        
                                            GET /url/shares.json?url=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html&callback=_ate.cbs.rcb_1rrn0 HTTP/1.1 
Host: api-public.addthis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.38.200.123
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx/1.15.8
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
surrogate-key: www1.zippyshare.com/v/otqqdp7l/file.html
last-modified: Wed, 07 Sep 2022 12:29:01 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 53
date: Wed, 07 Sep 2022 12:29:01 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   53
Md5:    a464ab49292bc1eee73c1b9dd29d7879
Sha1:   4e681c4611c57ce039eef2f484501696183ddb27
Sha256: 9317048d1f5d3fbe482cfd392867b0e7afabfbda9acae92e19b1d332fee2d174
                                        
                                            POST /url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fwww1.zippyshare.com%2Fv%2FOTQQDp7l%2Ffile.html HTTP/1.1 
Host: api-public.addthis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         23.38.200.123
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx/1.15.8
content-length: 2
cache-control: no-transform, max-age=0, s-maxage=14400
surrogate-key: sFbt=https://www1.zippyshare.com/v/OTQQDp7l/file.html
last-modified: Wed, 07 Sep 2022 12:00:00 GMT
access-control-allow-origin: https://www1.zippyshare.com
access-control-allow-credentials: true
strict-transport-security: max-age=15724800; includeSubDomains
date: Wed, 07 Sep 2022 12:29:01 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   2
Md5:    99914b932bd37a50b983c5e7c90ae93b
Sha1:   bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
Sha256: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "AAFAA6BA276C411D920CE6FABD4372D08E60792FCAA7C05D6511509567674587"
Last-Modified: Mon, 05 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3651
Expires: Wed, 07 Sep 2022 13:29:54 GMT
Date: Wed, 07 Sep 2022 12:29:03 GMT
Connection: keep-alive

                                        
                                            GET /thumbnail?i=GAX3N0uYy04_0&imgt=icon HTTP/1.1 
Host: xml.serve-servee.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         172.67.217.88
HTTP/2 302 Found
                                        
date: Wed, 07 Sep 2022 12:29:03 GMT
content-length: 0
location: https://static.serve-servee.com/n337/ad/250x250_hqCCg8Cm.png
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pIs1QHt1QD%2Bk0wW78cyWScBD4nfsQlfv%2FMDNfRI7sKdP7phypILD%2FmQ2xYPuMhjwVVbsgZcvkrJEBHJ3Pv8tkYVj02AWyYkH5BLfzAHzPUutAk64rNIMBotPEUcl4E2i%2BGkD%2FdXQrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f729ee93db500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "AAFAA6BA276C411D920CE6FABD4372D08E60792FCAA7C05D6511509567674587"
Last-Modified: Mon, 05 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3651
Expires: Wed, 07 Sep 2022 13:29:54 GMT
Date: Wed, 07 Sep 2022 12:29:03 GMT
Connection: keep-alive

                                        
                                            GET /n337/ad/250x250_hqCCg8Cm.png HTTP/1.1 
Host: static.serve-servee.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         172.67.217.88
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 07 Sep 2022 12:29:03 GMT
content-length: 88957
last-modified: Thu, 08 Apr 2021 13:54:09 GMT
accept-ranges: bytes
etag: "606f0b01-15b7d"
cache-control: max-age=86400
x-hw: 1662553743.cds065.sk1.h2,1662553743.cds203.sk1.c
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N7kIfhCjDsTuIyYu%2BG43jcb76OsCyAxAMn7K7WuD%2F9Lod6gp3wrKzCvkniqk8yw0V7lreA37PJvRZOqdIgLu5awkjtKn7FnL0zqovlDz%2Bbt73YutLR7pgmW%2BSccdRRz6RvLXPVlcLdyHvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f729fcb3eb500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 250 x 250, 8-bit/color RGB, non-interlaced\012- data
Size:   88957
Md5:    0994ec31361ea569c5549063145bfdd2
Sha1:   9b270e9f7a346a0f0f60a978e154f49740350270
Sha256: e4dbff1cf1f9750d68296737897eba9bd59ebdcb292015e87c3be61b5c242422
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "2763F3BDD1169546BD9579AD134732AC43AE9C3AB39381832996DDD8EF0CB38E"
Last-Modified: Tue, 06 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1916
Expires: Wed, 07 Sep 2022 13:00:59 GMT
Date: Wed, 07 Sep 2022 12:29:03 GMT
Connection: keep-alive

                                        
                                            GET /winnotice?sid=H4sIAAAAAAAC%2F1STT2gkxRfHa36%2FvSyelBUvexhvCjLpnplMelxkcc1GgnGz7Cp6UqqrqpNnuruaqq7pSU5BQfa0jHjwz6nyTTZB3RU9eHSVzqKHgJC5RTR3D6IorFeZMSb4oHiv3vcdPq%2Feq3e33DFrwfGj%2BZf1BqUpn5ltBc2nXg%2FDS80lyt2wOYx6b%2Fa6l5pm8Gy%2F1wqebr6oxJqeaQdhEIRB2FwgoxI9nJmIoOJuP2z1g1a33QpnuxgaD%2BsasLwBOThmj4Hk%2BNyDxgWQqJFnX8wru1bq4pmrmUt5qQ0Gcu%2FVfC3XVY7sLExMA0m%2Bd1INbQ8X7kPnd6aI0IPTwpjGrPH9fcT53gkY4sHOlC1OoXLE8hFUgxoqrUG8htDvgOQhA4TEtWXk2e41bSq%2B%2Fo%2FKJ%2BqYnXv4J6gas3M%2FX0CefX4lpWHzpk5dSTq3GCYeNKxBKzUKt49yg4GqfYjybZD8gc08XEKe7SzbVIOkn%2FZOVIOSGqkagVsGNznE4JIGXNFAJo%2BaIgzDuUAKHkR9ITpyTsU9GYR8Lgl5GPQiODHBG6EsRhDpCMJsojCbWKMRjLsNsjUc96DCo7C7UbcTzM5CiYPLv3w0sY%2FB6aiZBL1QxUEsYymjKJmLVK8X9WfbSRwmXHVCxHRwmX33l%2F%2Fq19tIiUHxg29%2BZ1ODzT1y57dzQx5GHbAT2zayPLh8WrXqYSWDLRkG0qNSDJVlqDhDRQxVyVAN%2FB2Z2rb1uzK1Lg5PfPvEd%2FxWccwenc7jD%2FEG1tQEXbSjpN%2FttKNuvx9HsjvX6UU9KUIZqW4kYenfrsn%2BD9w2sEFj9vhPv6GYbIp8HzHfh033IehJcHcRvPLgqx4buYfU9zJnS6G5LVtCZyjK8yjXG1vpMXtiCtL78NZ%2F3lMYj8J4vEUPGFbSW9s3dMV2bujKsi%2BXi5Iy2uCTpblZ8lL9%2F9OX1HqljVyct6NPnhcTYRLefUXZconnkvIVyz67QlIqs6CNUOzrRfuaiq87u3rFmdwVS9dfWFjMCqOsJZ3X4HR49QMIGrPz7%2F04%2FQ0X7z0HMjWM88jc6XxAuoYoNmGLs5zVDCY9u8cFQ%2BX8tmnHZ8nJBqRngwaP%2FZb9FpY8Ssv%2BBgAA%2F%2F8BAAD%2F%2Fyk7ZIZSBAAA&ap=${AUCTION_PRICE}&l=3577992&sub3=1662553740&pid=91283&sub2=icon&auid=f061eb0bdbdd88f78e668952fb1fae31&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1 
Host: mustcoast.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.228
HTTP/1.1 307 Temporary Redirect
                                        
Server: nginx/1.22.0
Date: Wed, 07 Sep 2022 12:29:03 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b5795f6c16daccd31af7036ab90642ce
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "54DAF99F14294BD52D5F516AA5CEC0584B8A43DAAE4525FABB7692F9F114AF5B"
Last-Modified: Wed, 07 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10053
Expires: Wed, 07 Sep 2022 15:16:36 GMT
Date: Wed, 07 Sep 2022 12:29:03 GMT
Connection: keep-alive

                                        
                                            GET /cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1 
Host: cdn.cloudimagesb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         45.133.44.9
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Wed, 07 Sep 2022 12:29:03 GMT
content-length: 33103
server: nginx/1.17.6
last-modified: Tue, 09 Jun 2020 11:44:50 GMT
etag: "5edf7632-814f"
expires: Fri, 09 Sep 2022 12:29:03 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2020:05:18 19:19:17], baseline, precision 8, 200x200, components 3\012- data
Size:   33103
Md5:    70cf8250da1a25a7b445231428af7828
Sha1:   a849d338423d2919949340838c768bba90b9081c
Sha256: b7060bc46dc459a00d4124523a26f0cbf31fba31d41fccae9f82bedaf22c1186
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "056BAB003AE25D85FC3BF70208842D94ABF096FA009AA72F54421D15215F7490"
Last-Modified: Tue, 06 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10411
Expires: Wed, 07 Sep 2022 15:22:37 GMT
Date: Wed, 07 Sep 2022 12:29:06 GMT
Connection: keep-alive

                                        
                                            GET /sbar.json?key=ca6621f64bcdfd0a5aa2af7c57675832&uuid=eb8d8101-db77-4943-a551-47fd18247ef8%3A3%3A1 HTTP/1.1 
Host: graduatewonderentreaty.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www1.zippyshare.com
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         209.192.156.100
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.19.5
Date: Wed, 07 Sep 2022 12:29:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www1.zippyshare.com
Access-Control-Allow-Origin: https://www1.zippyshare.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15255681; expires=Thu, 08 Sep 2022 12:29:06 GMT; secure; SameSite=None uid_id2=eb8d8101-db77-4943-a551-47fd18247ef8:3:1; expires=Wed, 14 Sep 2022 12:29:06 GMT; secure; SameSite=None pdhtkv=true; expires=Thu, 08 Sep 2022 12:29:06 GMT; secure; SameSite=None uncs=1; expires=Thu, 08 Sep 2022 12:29:06 GMT; secure; SameSite=None pdhtkv29=true; expires=Thu, 08 Sep 2022 12:29:06 GMT; secure; SameSite=None uncs29=1; expires=Thu, 08 Sep 2022 12:29:06 GMT; secure; SameSite=None slecca6621f64bcdfd0a5aa2af7c57675832=[3364902]; expires=Wed, 07 Sep 2022 12:29:11 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4a0b1e4e46473a3949f129927d636c0f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (5762), with no line terminators
Size:   3808
Md5:    29b8d6e47b54bc1f2e791051c36acbee
Sha1:   671a7744026c03e2e1905dad14458c1c7f2ba56c
Sha256: afb63c2f53532d9ba5580604e6675d60c03f22ceb6bb308ee4ebc90a4817fc8d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET / HTTP/1.1 
Host: pogothere.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www1.zippyshare.com/
Origin: https://www1.zippyshare.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.137.152
HTTP/2 200 OK
content-type: text/plain
                                        
date: Wed, 07 Sep 2022 12:29:00 GMT
set-cookie: csu=1350559241091549@1@1662553740; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www1.zippyshare.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CWjTlk727oS3Luhr%2BejWx89wfuPf%2BssuiA46u6uJK9qlLD8ZU55l3KjpwImlGqHHYDuidslAowO9JGMMq%2FzxJLtsUsXeCcdmjr12tkFyF6tDeS1oc8mhd8oEFyuv%2FF%2Ff"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f728eee990b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /asd100.bin HTTP/1.1 
Host: pogothere.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www1.zippyshare.com/
Origin: https://www1.zippyshare.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.67.137.152
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
date: Wed, 07 Sep 2022 12:29:00 GMT
access-control-allow-origin: https://www1.zippyshare.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Wed, 07 Sep 2022 07:41:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n86DhAPfMcQ8u6amVFs6aVM2amO%2B1xRWxhIF9i0TgxS3PVxN63YMnsiGzOYt2AGT788OK%2FaDRw6V1lUTcKIRXLwVkK2FCqk9Y%2BN9TowQCAa%2BG4Sjap81Ji%2FIhPODnBFo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746f728ece620b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /extban/280030620/creatives/23426588/e192295018ae5357d1c5b67ef5e985ad_9166.jpg HTTP/1.1 
Host: crrepo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.maxonclick.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.21.235.114
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Wed, 07 Sep 2022 12:28:59 GMT
last-modified: Thu, 03 Mar 2022 16:47:21 GMT
etag: W/"6220f119-1d8b1"
via: 1.1 google
cache-control: max-age=14400
cf-cache-status: HIT
age: 2162
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rSfr4dW07URWuykCxDHKd%2BxTo89FujQdU1ryKww0VON9zHJ7kPlfgIh%2BtxjHNxHlmwItMY9bPvf4nOHpr9h6FB3oxWHLBLux%2ByOSVkrtzljkw%2FDEujpJJcLxfbiP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746f7288a9b3dd80-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /external.php?link=aHR0cHM6Ly93d3cxLnppcHB5c2hhcmUuY29tL3YvT1RRUURwN2wvZmlsZS5odG1s HTTP/1.1 
Host: adultgamelist.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         172.67.131.158
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Wed, 07 Sep 2022 12:28:58 GMT
location: https://www1.zippyshare.com/v/OTQQDp7l/file.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZDueaX3n73CLa4Ec1kaFUhsBj7pbkUjzIaVdTTmAfUl5z3k7gRv8mY4CK5mcPXvxaBP0EtdJTli8guKDW9KIHWnQu%2BCBwy7dowA73jgEgH5lp4e3nwFgGZ82jFDyjPMNuW1rlw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f727ffd11b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sfp.js HTTP/1.1 
Host: addresseepaper.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.234.254
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Wed, 07 Sep 2022 12:28:59 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: f77c1d44ecb09b0f9cbf15805d5dcc75
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 07 Sep 2022 12:28:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IGgsFQtD8Bch6C27DglrRNAzgHaZY0TMcoDZ%2B%2FWQGrYsiil3Kn3TqevwA9xTBnfaw0z07W5ZuKc%2B3%2Fm0gPKoyZKQGYLpiyGGRTpzRq0eaaFZWVU5mi2IM8Ci4pjpgNVOa2XDqUA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746f7288189d731b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/advertisement.js HTTP/1.1 
Host: clksite.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         173.192.101.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 07 Sep 2022 12:28:59 GMT
last-modified: Mon, 12 Jun 2017 13:33:59 GMT
vary: Accept-Encoding
etag: W/"593e9847-1b"
expires: Fri, 09 Sep 2022 12:28:59 GMT
cache-control: max-age=172800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /asd100.bin HTTP/1.1 
Host: pogothere.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www1.zippyshare.com/
Origin: https://www1.zippyshare.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.67.137.152
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
date: Wed, 07 Sep 2022 12:29:00 GMT
access-control-allow-origin: https://www1.zippyshare.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Wed, 07 Sep 2022 07:41:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ihoDm3bN%2FiiyBOsnQ7j1oxgZaQ0CC5xHUX5mWpcsd%2B%2Fa92%2BMjOsc%2FZqthNBrlnYOa75qajCBuEWFMbq%2BbpD8dGAJJ1u35QmMxtE%2BZ8FNAz9OtRRRj%2Br461bqQbBjM8%2B%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746f728eee9c0b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET / HTTP/1.1 
Host: pogothere.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www1.zippyshare.com/
Origin: https://www1.zippyshare.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         172.67.137.152
HTTP/2 200 OK
content-type: text/plain
                                        
date: Wed, 07 Sep 2022 12:29:00 GMT
set-cookie: csu=208666646936432@1@1662553740; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www1.zippyshare.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3g%2FCPyM0yTueA8F3Yrn3fCt%2BYg6AYTDJvcmz7jsoVNdvGE0TE1sL5njih4W9p7cidilJv3BdFlfRO9IDO5l1%2FDn3mhAcBG4vqnpOZJG9nb6EOhEK792Xhp40f47q%2Fd0A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746f728fcfac0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /a/display.php?r=1142795 HTTP/1.1 
Host: www.maxonclick.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www1.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         35.190.68.123
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: openresty
date: Wed, 07 Sep 2022 12:28:58 GMT
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---