www.zoomnews1.com/2022/11/2022.html?m=1
142.250.74.179301 Moved Permanently 186 B URL HTTP/1.1 www.zoomnews1.com/2022/11/2022.html?m=1
IP 142.250.74.179:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash adfbb23d5c54d38562d52f09a747f371
2300d8afe7c6c82c6211d757beb9f0e7ed3c1b79
ea03ea5f91f0389246624a478414956611119ee6a27d6ebf3e239335ad3fb89c
GET /2022/11/2022.html?m=1 HTTP/1.1
Host: www.zoomnews1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://www.zoomnews1.com/2022/11/2022.html?m=1
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Sat, 26 Nov 2022 09:04:12 GMT
Expires: Sat, 26 Nov 2022 09:04:12 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 186
Server: GSE
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12412
Expires: Sat, 26 Nov 2022 12:31:04 GMT
Date: Sat, 26 Nov 2022 09:04:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c63b226725ca6e92e3ef586ac19e603
d21ae42a1927501e5293ff3564f52b49f6b0decc
141ac47acc3800e5d35a82012fa4b044277abad3a95dc24415f66fb72c972ae6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3691
Expires: Sat, 26 Nov 2022 10:05:43 GMT
Date: Sat, 26 Nov 2022 09:04:12 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 10730f388c028d64e19b8a48d414768f
e43b104e57e5ea7ff8568835776858cf2ede6f00
f3c30c6d139288f1bfe13fce85c6ddc1514e1639fcf4d31a6012a3309ed1d50d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5482
Cache-Control: max-age=97104
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:12 GMT
Etag: "63809972-1d7"
Expires: Sun, 27 Nov 2022 12:02:36 GMT
Last-Modified: Fri, 25 Nov 2022 10:31:14 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: V5nLfSw+EwtZhKDi1Agjqj1OdoEU1VZ0JOg13i54PBQPvwADH7WKDEkhbj+fBtelO0/kavVVIys=
x-amz-request-id: P9ZCWE718JT740TT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 08:44:10 GMT
age: 1202
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 08:19:13 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2699
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/ynnDyG9kJJ4
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/ynnDyG9kJJ4
IP 142.250.74.3:0
Hash 8b02dfa82c902929e8a006fc8360b16d
7cbd2623d2585f5dc246c9c6278fb77de98adfcc
0a4a36f84537834a9fb4cebcf19c8eba2bfea36a75c43fc8c36ce1127152fdb2
POST /s/gts1d4/ynnDyG9kJJ4 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:12 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:12 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 08:08:54 GMT
cache-control: public,max-age=3600
age: 3319
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
www.zoomnews1.com/2022/11/2022.html?m=1
142.250.74.179200 OK 113 kB URL HTTP/2 www.zoomnews1.com/2022/11/2022.html?m=1
IP 142.250.74.179:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3644)
Size 113 kB (112638 bytes)
Hash 2de39bc6d12370704f332b3bfad7eb06
cab809202ca471c1d39ed9814430507cfced6549
32d5692ecb84036bdaede1806130028ba2a28080d11b97fde08a79e470181bbb
GET /2022/11/2022.html?m=1 HTTP/1.1
Host: www.zoomnews1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Sat, 26 Nov 2022 09:04:13 GMT
date: Sat, 26 Nov 2022 09:04:13 GMT
cache-control: private, max-age=0
last-modified: Tue, 22 Nov 2022 00:36:08 GMT
etag: W/"fd21b457a631a3bc2eb9479b6695e82e63f8f5bc47e160bb2cd59afb6442c30f"
x-robots-tag: all,noodp
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 112638
server: GSE
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 13c265f2c258e0bcea2ac1149188d332
3d42f91eec1fae7ff5e243d2a35afdd5a6d58db0
26666f4ea8fe16648ef9593216b725f692a1cb913763b186cd19d59e7875a930
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2968
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:13 GMT
Last-Modified: Sat, 26 Nov 2022 08:14:45 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
www.zoomnews1.com/js/cookienotice.js
142.250.74.179200 OK 2.0 kB URL HTTP/2 www.zoomnews1.com/js/cookienotice.js
IP 142.250.74.179:0
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
GET /js/cookienotice.js HTTP/1.1
Host: www.zoomnews1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/2022/11/2022.html?m=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
date: Sat, 26 Nov 2022 09:04:13 GMT
expires: Sat, 03 Dec 2022 09:04:13 GMT
cache-control: public, max-age=604800
last-modified: Fri, 25 Nov 2022 18:49:48 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash df06e70fc8a35facf1d8db463d18e231
fa8a2975566cc792898f870e48ae7518d3657326
4cef7e704f4d575ce6733f6f2d803d241b597be51ff3fb03f72e5c33a893b504
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6007
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:13 GMT
Last-Modified: Sat, 26 Nov 2022 07:24:06 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
code.jquery.com/jquery-1.10.2.min.js
69.16.175.42200 OK 33 kB URL HTTP/2 code.jquery.com/jquery-1.10.2.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (32072)
Hash 68cc08e82915da8b82fc6be74ab86365
4089530b0c00f6cbd1452d7f873be85454196fd1
6c63276db5e51f227be1c9bdaf73d76fa01040499944a8c8607db0c234f0575c
GET /jquery-1.10.2.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 09:04:13 GMT
content-encoding: gzip
content-length: 32788
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-16bb3"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1669453453.dop232.sk1.t,1669453453.cds259.sk1.hn,1669453453.cds243.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 13c265f2c258e0bcea2ac1149188d332
3d42f91eec1fae7ff5e243d2a35afdd5a6d58db0
26666f4ea8fe16648ef9593216b725f692a1cb913763b186cd19d59e7875a930
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2968
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:13 GMT
Last-Modified: Sat, 26 Nov 2022 08:14:45 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.firebase.com/v0/firebase.js
151.101.65.195200 OK 24 kB URL HTTP/2 cdn.firebase.com/v0/firebase.js
IP 151.101.65.195:0
File type ASCII text, with very long lines (1829)
Hash cb1ef176cd4227000c4c09846f103c06
9fd791ae13589a6d56b642291c69049f5533550a
d183c3e524e2c62ce8278731568b37635eb5aeb09b082c9b6c88ccabc6983841
GET /v0/firebase.js HTTP/1.1
Host: cdn.firebase.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
cache-control: public,max-age=432000
content-encoding: br
content-type: application/javascript
etag: "16af03cf134a042390c20240c4c8580c6a855f81d65e5f55e65313f1931e9183-br"
last-modified: Wed, 15 Jul 2020 22:46:44 GMT
strict-transport-security: max-age=31556926
accept-ranges: bytes
date: Sat, 26 Nov 2022 09:04:13 GMT
x-served-by: cache-bma1675-BMA
x-cache: HIT
x-cache-hits: 13
x-timer: S1669453454.612480,VS0,VE0
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23597
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8835a3e28372c5e3f3ae22517c32be39
578f8d48b0997952381c975f6ec043a789447669
f2d7131525b66677a67e63e9609109e18cd7c4e0bf76386eaefe5d37548e2b6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F2D7131525B66677A67E63E9609109E18CD7C4E0BF76386EAEFE5D37548E2B6B"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5141
Expires: Sat, 26 Nov 2022 10:29:54 GMT
Date: Sat, 26 Nov 2022 09:04:13 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6983392700438f228fa9b5bba4594fc5
d27c65105b44a2e1ff7663ba0021a475b5b30cd2
557627dbab910f61773f0f818efc6b18bb2b5816175199b997684a799c1c97e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2c43454660e9762b6590c06c6bb8a11b
35eaf97ad92c303255833ad3fda4fd4e3bd4821f
e588c0f690193ce5bacf990bf72a6952c53708623ebe9784d30af5311e74c00c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E588C0F690193CE5BACF990BF72A6952C53708623EBE9784D30AF5311E74C00C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14571
Expires: Sat, 26 Nov 2022 13:07:04 GMT
Date: Sat, 26 Nov 2022 09:04:13 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1d4/NixXNlSfsH0
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/NixXNlSfsH0
IP 142.250.74.3:0
Hash f72ae9ce0f7945aabee486a08f94ce6b
c8bac7e51d633c8d3449552e4e2ae2b85e06a50a
0cbea4c82423f95ed9709dcb6d4f47abe9a89077acbbad3be038e46b39a5d9b1
POST /s/gts1d4/NixXNlSfsH0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/2342155703-widgets.js
142.250.74.105200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/2342155703-widgets.js
IP 142.250.74.105:0
File type ASCII text, with very long lines (2221)
Hash 1217c8e34acb09c7cea97bae4d386ea1
55ee17703d0a7710943e93913bacb49220d98b4b
c2f23437ab938096bf8b40de8b08c4f27bb880b7ef8588481ec5ccc08b58870b
GET /static/v1/widgets/2342155703-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56726
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 16:02:03 GMT
expires: Tue, 21 Nov 2023 16:02:03 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Nov 2022 00:52:59 GMT
content-type: text/javascript
age: 406930
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6983392700438f228fa9b5bba4594fc5
d27c65105b44a2e1ff7663ba0021a475b5b30cd2
557627dbab910f61773f0f818efc6b18bb2b5816175199b997684a799c1c97e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
35.162.142.194101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.142.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: znI4FrOBqdSjREh++w/2Ow==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rt0dsbd0qmCQo3+nNyPTh3cySwg=
www.zoomnews1.com/feeds/posts/default/-/%D8%A7%D8%AE%D8%A8%D8%A7%D8%B1%20%D8%A7%D9%84%D8%B1%D9%8A%D8%A7%D8%B6%D8%A9?alt=json-in-script&callback=related_results_labels_thumbs&max-results=8
142.250.74.179200 OK 2.5 kB URL HTTP/2 www.zoomnews1.com/feeds/posts/default/-/%D8%A7%D8%AE%D8%A8%D8%A7%D8%B1%20%D8%A7%D9%84%D8%B1%D9%8A%D8%A7%D8%B6%D8%A9?alt=json-in-script&callback=related_results_labels_thumbs&max-results=8
IP 142.250.74.179:0
File type Unicode text, UTF-8 text, with very long lines (7094)
Hash 47f9a4c2de2830c4816047c1a7a68de7
d386fbd637202ec01b0508dd5d2476968e3b32fa
4de9dfe457495b00844412fb3d31e05e1ecfbe58432a1de057b26928da290fee
GET /feeds/posts/default/-/%D8%A7%D8%AE%D8%A8%D8%A7%D8%B1%20%D8%A7%D9%84%D8%B1%D9%8A%D8%A7%D8%B6%D8%A9?alt=json-in-script&callback=related_results_labels_thumbs&max-results=8 HTTP/1.1
Host: www.zoomnews1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/2022/11/2022.html?m=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
etag: W/"85a32e9126a2f317a5f93fe7230c85e0329b7503eb21e1e513c3438ed3584719"
date: Sat, 26 Nov 2022 09:04:13 GMT
content-type: text/javascript; charset=UTF-8
server: blogger-renderd
expires: Sat, 26 Nov 2022 09:04:14 GMT
cache-control: public, must-revalidate, proxy-revalidate, max-age=1
x-content-type-options: nosniff
x-xss-protection: 0
last-modified: Tue, 22 Nov 2022 00:36:08 GMT
content-encoding: gzip
content-length: 2462
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4f68477135f68514115361bf70d57d36
40a5ca81d6d461900b16a70546483b49eda2b0eb
8c9fc44454d9a62d50f7219a890b2afafd6e38978d0230458285d1f38a94dd7f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C9FC44454D9A62D50F7219A890B2AFAFD6E38978D0230458285D1F38A94DD7F"
Last-Modified: Fri, 25 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16720
Expires: Sat, 26 Nov 2022 13:42:53 GMT
Date: Sat, 26 Nov 2022 09:04:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4f68477135f68514115361bf70d57d36
40a5ca81d6d461900b16a70546483b49eda2b0eb
8c9fc44454d9a62d50f7219a890b2afafd6e38978d0230458285d1f38a94dd7f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C9FC44454D9A62D50F7219A890B2AFAFD6E38978D0230458285D1F38A94DD7F"
Last-Modified: Fri, 25 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16720
Expires: Sat, 26 Nov 2022 13:42:53 GMT
Date: Sat, 26 Nov 2022 09:04:13 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Droid+Serif:bold
142.250.74.10200 OK 783 B URL HTTP/2 fonts.googleapis.com/css?family=Droid+Serif:bold
IP 142.250.74.10:0
Hash 108876345671f97ebe7aef4057b24070
5026549b829b49eb2a123334cc91aa31fc562add
e49ef4aa9b660a9cd216309d586dbc3561513307081b0ffbd772881cb65a3457
GET /css?family=Droid+Serif:bold HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 26 Nov 2022 09:04:13 GMT
date: Sat, 26 Nov 2022 09:04:13 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4f68477135f68514115361bf70d57d36
40a5ca81d6d461900b16a70546483b49eda2b0eb
8c9fc44454d9a62d50f7219a890b2afafd6e38978d0230458285d1f38a94dd7f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C9FC44454D9A62D50F7219A890B2AFAFD6E38978D0230458285D1F38A94DD7F"
Last-Modified: Fri, 25 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16720
Expires: Sat, 26 Nov 2022 13:42:53 GMT
Date: Sat, 26 Nov 2022 09:04:13 GMT
Connection: keep-alive
www.zoomnews1.com/2022/11/2022.html?m=1
142.250.74.179200 OK 0 B URL HTTP/2 www.zoomnews1.com/2022/11/2022.html?m=1
IP 142.250.74.179:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /2022/11/2022.html?m=1 HTTP/1.1
Host: www.zoomnews1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/2022/11/2022.html?m=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-robots-tag: all,noodp
content-type: text/html; charset=UTF-8
expires: Sat, 26 Nov 2022 09:04:13 GMT
date: Sat, 26 Nov 2022 09:04:13 GMT
cache-control: private, max-age=0
last-modified: Tue, 22 Nov 2022 00:36:08 GMT
etag: W/"fd21b457a631a3bc2eb9479b6695e82e63f8f5bc47e160bb2cd59afb6442c30f"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 0
server: GSE
X-Firefox-Spdy: h2
woafoame.net/tag.min.js
139.45.197.239200 OK 23 kB IP 139.45.197.239:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 09c6bc35f4808f91eef702f269b590ea
e684a310ca3a4f2fdfb24c5a99a34dd96d634ec5
f50dd06f8c62afb27e75aab75507ff7517b9f896a2f8dc489d458f4e45a14e02
Analyzer Verdict Alert quad9 Sinkholed
GET /tag.min.js HTTP/1.1
Host: woafoame.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:13 GMT
content-type: text/javascript; charset=utf-8
content-length: 23258
content-encoding: br
x-trace-id: 1c50b202ed343a2ea849e6b78a4e3e22
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Wed, 23 Nov 2022 10:04:39 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
woafoame.net/tag.min.js
139.45.197.239200 OK 23 kB IP 139.45.197.239:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 09c6bc35f4808f91eef702f269b590ea
e684a310ca3a4f2fdfb24c5a99a34dd96d634ec5
f50dd06f8c62afb27e75aab75507ff7517b9f896a2f8dc489d458f4e45a14e02
Analyzer Verdict Alert quad9 Sinkholed
GET /tag.min.js HTTP/1.1
Host: woafoame.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:14 GMT
content-type: text/javascript; charset=utf-8
content-length: 23258
content-encoding: br
x-trace-id: f79e16009b6fed04f9dd8b0ef04ece33
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Wed, 23 Nov 2022 10:04:39 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
fonts.gstatic.com/ea/droidarabickufi/v6/DroidKufi-Bold.woff2
216.58.207.195200 OK 32 kB URL HTTP/2 fonts.gstatic.com/ea/droidarabickufi/v6/DroidKufi-Bold.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 31544, version 1.0\012- data
Hash 4650b9f9ddfc876d3fde0a9663539522
7dc2e4b8c259f1bb4d98ec64a39645373d31d71e
31f02fb9a8ae77e5d8bb229bf73f473f783e8155042655926cafca211cd11c98
GET /ea/droidarabickufi/v6/DroidKufi-Bold.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.zoomnews1.com
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31544
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:49:53 GMT
expires: Thu, 23 Nov 2023 18:49:53 GMT
cache-control: public, max-age=31536000
age: 224061
last-modified: Wed, 13 Aug 2014 16:50:04 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
woafoame.net/5/5493122/?oo=1&aab=1
139.45.197.239200 OK 25 kB URL HTTP/2 woafoame.net/5/5493122/?oo=1&aab=1
IP 139.45.197.239:0
Hash 9aed80cffcaef51380fd9f3cbf87b6b2
ff1f3f1f64d080897a6d7b2fd12c0ca999f1b28c
6c5d2e7b8968f232cd1de51bd0de7de51b6e3e0daa81960de97cea35f93f0a11
Analyzer Verdict Alert quad9 Sinkholed
GET /5/5493122/?oo=1&aab=1 HTTP/1.1
Host: woafoame.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.zoomnews1.com
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:13 GMT
content-type: application/json
x-trace-id: 77d64613952ce0cd0b562939345153a1
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=4a1340d3af2042639ebcf727665590d5; expires=Sun, 26 Nov 2023 09:04:13 GMT; path=/; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:13 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
woafoame.net/5/5493122/?oo=1&aab=1
139.45.197.239200 OK 2.0 kB URL HTTP/2 woafoame.net/5/5493122/?oo=1&aab=1
IP 139.45.197.239:0
Hash 7fdfa0403e02704849f10a652c747596
67f2e702048c94b0fd510d260ffc6cfb03b642ef
d122ab46bb10de281521053e29c6412f623da3ba02a81c6d9a8b9b37cd42593b
Analyzer Verdict Alert quad9 Sinkholed
GET /5/5493122/?oo=1&aab=1 HTTP/1.1
Host: woafoame.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.zoomnews1.com
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:13 GMT
content-type: application/json
x-trace-id: 613bee386b9f59c17ab4b7701aeb88e6
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=07e2fb45769140258aff29beec2f17df; expires=Sun, 26 Nov 2023 09:04:13 GMT; path=/; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:13 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/earlyaccess/droidarabicnaskh.css
142.250.74.10200 OK 762 B URL HTTP/2 fonts.googleapis.com/earlyaccess/droidarabicnaskh.css
IP 142.250.74.10:0
Hash 006d7cf21666fc64442082c385f503b0
1d7987ac3e3798879a6b96070702700bf1969c9c
ad58d6245fbe703c7c05d6f5a5a842a2177d5626a0d23683c05c369b6859ac2d
GET /earlyaccess/droidarabicnaskh.css HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
expires: Sat, 26 Nov 2022 09:04:13 GMT
date: Sat, 26 Nov 2022 09:04:13 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.zoomnews1.com/2022/11/2022.html?m=1
142.250.74.179200 OK 0 B URL HTTP/2 www.zoomnews1.com/2022/11/2022.html?m=1
IP 142.250.74.179:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /2022/11/2022.html?m=1 HTTP/1.1
Host: www.zoomnews1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/2022/11/2022.html?m=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-robots-tag: all,noodp
content-type: text/html; charset=UTF-8
expires: Sat, 26 Nov 2022 09:04:14 GMT
date: Sat, 26 Nov 2022 09:04:14 GMT
cache-control: private, max-age=0
last-modified: Tue, 22 Nov 2022 00:36:08 GMT
etag: W/"fd21b457a631a3bc2eb9479b6695e82e63f8f5bc47e160bb2cd59afb6442c30f"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 0
server: GSE
X-Firefox-Spdy: h2
www.zoomnews1.com/2022/11/2022.html?m=1
142.250.74.179200 OK 0 B URL HTTP/2 www.zoomnews1.com/2022/11/2022.html?m=1
IP 142.250.74.179:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /2022/11/2022.html?m=1 HTTP/1.1
Host: www.zoomnews1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/2022/11/2022.html?m=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-robots-tag: all,noodp
content-type: text/html; charset=UTF-8
expires: Sat, 26 Nov 2022 09:04:14 GMT
date: Sat, 26 Nov 2022 09:04:14 GMT
cache-control: private, max-age=0
last-modified: Tue, 22 Nov 2022 00:36:08 GMT
etag: W/"fd21b457a631a3bc2eb9479b6695e82e63f8f5bc47e160bb2cd59afb6442c30f"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 0
server: GSE
X-Firefox-Spdy: h2
vaugroar.com/pfe/current/universal.min.js?v=3.1.405
139.45.197.250200 OK 34 kB URL HTTP/2 vaugroar.com/pfe/current/universal.min.js?v=3.1.405
IP 139.45.197.250:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash e2bc5230988019996ab6f71909039e8b
5fde0b645d92b5bb19a8b3f124ea043f0b7a978b
c73480dcc941a13b571d653de607adab08178feb0231460f60a02ff45af2655e
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/universal.min.js?v=3.1.405 HTTP/1.1
Host: vaugroar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.zoomnews1.com/
Origin: https://www.zoomnews1.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:14 GMT
content-type: application/javascript
last-modified: Thu, 24 Nov 2022 15:53:54 GMT
etag: W/"637f9392-180b9"
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
arsnivyr.com/1?z=5493119
139.45.197.242200 OK 6.8 kB IP 139.45.197.242:0
File type ASCII text, with very long lines (16471)
Hash 61e8abc6537759f0b7624cac8c66e23a
9e0bc0d444eebc29632351f3868e8d5f97efc1b5
7f9e1ea4a7cb8993b0fa629244d065acd0ae9834f6cd8abd007f110494c77bb2
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5493119 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Cookie: scm=1; OAID=84b6b5c4fed547f782c89ca34a3c8949; oaidts=1669453453
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:13 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: f0edc7f5edba9904722883ce3c70f47e
access-control-expose-headers: X-Sc
set-cookie: OAID=84b6b5c4fed547f782c89ca34a3c8949; expires=Sun, 26 Nov 2023 09:04:13 GMT; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:13 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash 60d9fdf331e9ab9f5a9ddcbbcf49224e
76283488ae5a3b927449deca35db469067f9b45c
0035dd77abe4fab821cf0868586f22f43d4ce6a6f9bdbd4d0e97249c56b26e6c
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:14 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "7935D970C0B3DB9863C550BAAE3D27EB866EB507"
Expires: Sat, 26 Nov 2022 20:00:00 GMT
Last-Modified: Sat, 26 Nov 2022 08:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 35
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77017498cd59b503-OSL
www.zoomnews1.com/feeds/posts/default/-/?alt=json-in-script&max-results=8&callback=jQuery1102012180954461855131_1669453452854&_=1669453452855
142.250.74.179400 Bad Request 193 B URL HTTP/2 www.zoomnews1.com/feeds/posts/default/-/?alt=json-in-script&max-results=8&callback=jQuery1102012180954461855131_1669453452854&_=1669453452855
IP 142.250.74.179:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 83b482393f028e6de91b032e7fae746b
50bad14cd7b4602d7b9f1ef6d769288588594fc8
031cbc91f964c96aa1975380c3bd66f5fe254439f3281bf0e06bc385c3912aa2
GET /feeds/posts/default/-/?alt=json-in-script&max-results=8&callback=jQuery1102012180954461855131_1669453452854&_=1669453452855 HTTP/1.1
Host: www.zoomnews1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://www.zoomnews1.com/2022/11/2022.html?m=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 400 Bad Request
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
date: Sat, 26 Nov 2022 09:04:14 GMT
server: Blogger Render Server 1.0
content-length: 193
x-xss-protection: 0
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0a5c1b54daca67c400e76b7224ae5521
2583cebe55e8d1bfe6c921d595d8d36cf480ff2f
941e5441730c4558040e0decdec018ff15dad6abc6be4858c6417f2e941dbcbd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "941E5441730C4558040E0DECDEC018FF15DAD6ABC6BE4858C6417F2E941DBCBD"
Last-Modified: Thu, 24 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11420
Expires: Sat, 26 Nov 2022 12:14:34 GMT
Date: Sat, 26 Nov 2022 09:04:14 GMT
Connection: keep-alive
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash d9e90fb269beb4bc7a58e0d4836d45ac
939c8617a4e1436230d86347963ad03d4f4ec3e2
f62ce4abe9a6f8e451ba811f36e837df9ceb79c6c96f2c3e5f4cc35f5032af60
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.zoomnews1.com
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:14 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=7a4cba7df116406aa2569040c00b7260; expires=Sun, 26 Nov 2023 09:04:14 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
name.disqus.com/count.js
151.101.84.134200 OK 871 B IP 151.101.84.134:0
File type ASCII text, with very long lines (528)
Hash a487039f9b553cb4f6928743872234e9
b3d835075d1983a8c2fe716285d173fcc3708f9c
364f622ba24e063adcee84f132da53c6e6071745f04a00d10937663deb24b822
GET /count.js HTTP/1.1
Host: name.disqus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 871
Content-Type: application/javascript; charset=utf-8
Server: nginx
Last-Modified: Thu, 17 Nov 2022 15:05:16 GMT
ETag: "63764dac-367"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Amz-Cf-Pop: DFW3-C1
X-Amz-Cf-Id: LWfy2FfEi2ZtlA-I5s7kYZRPm5MqV4W-F6U8t8L2xaTF9u8dIrU2gg==
Cache-Control: public, max-age=300
Date: Sat, 26 Nov 2022 09:04:14 GMT
Age: 5
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains
Cross-Origin-Resource-Policy: cross-origin
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e4d661d999b855142d472fd230fb4ab3
b4be1feeaccc98768ec3393929772bd8f75deed7
97a1c1b509250dd99cde7f76b53a43b7ee415011744414d83f5980df2e11dc60
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash bc8d456542f88a5e3712f8679104234f
a4bc16d08d7a947bbe90d88dc91bb62e84e53897
eb150b7f1125829f285ce9921321db482eb89099687d14f9f80796a60052f6b1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4844
Cache-Control: max-age=88523
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:14 GMT
Etag: "63807a6d-118"
Expires: Sun, 27 Nov 2022 09:39:37 GMT
Last-Modified: Fri, 25 Nov 2022 08:18:53 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 280
tzegilo.com/stattag.js
172.67.194.45200 OK 5.5 kB IP 172.67.194.45:0
File type ASCII text, with very long lines (12966), with no line terminators
Hash 2751f1bcbda0c8514d42ce7e8a056822
96d795806a9dd9087e8a8f5d5da88789d1f16c90
b3d78c193e97c205fc5df140f5ae8555492a1ae96ba0f3f6eed594f3d3339573
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 09:04:14 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:42 GMT
etag: W/"637e373e-32a6"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2922
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HmIJSjQgD%2BUlCl2kpxQHTbpryxxzRiJZpMc7J6l5gl8hyaBhS%2BJ1uOKzMDLcepuaobAwdm8DiVzSxicYU4m7yROWO7Ks3HnoT1G00k5Vxdpni%2Fn1DeKIEKbnUQaWyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7701749bfb3db527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.zoomnews1.com/feeds/posts/default/-/?alt=json-in-script&max-results=8&callback=jQuery1102012180954461855131_1669453452856&_=1669453452857
142.250.74.179400 Bad Request 193 B URL HTTP/2 www.zoomnews1.com/feeds/posts/default/-/?alt=json-in-script&max-results=8&callback=jQuery1102012180954461855131_1669453452856&_=1669453452857
IP 142.250.74.179:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 83b482393f028e6de91b032e7fae746b
50bad14cd7b4602d7b9f1ef6d769288588594fc8
031cbc91f964c96aa1975380c3bd66f5fe254439f3281bf0e06bc385c3912aa2
GET /feeds/posts/default/-/?alt=json-in-script&max-results=8&callback=jQuery1102012180954461855131_1669453452856&_=1669453452857 HTTP/1.1
Host: www.zoomnews1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://www.zoomnews1.com/2022/11/2022.html?m=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 400 Bad Request
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
date: Sat, 26 Nov 2022 09:04:14 GMT
server: Blogger Render Server 1.0
content-length: 193
x-xss-protection: 0
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
www.zoomnews1.com/favicon.ico
142.250.74.179200 OK 412 B URL HTTP/2 www.zoomnews1.com/favicon.ico
IP 142.250.74.179:0
File type MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel\012- data
Hash 501c61a70f5c41181aa050d9110909ca
5b985d5671a7caf686fdfb1df13488c4407f6c9f
c4aaf001607ee331f6871b4dbbf45942b1e197726714fd106e46d70cc10ee97e
GET /favicon.ico HTTP/1.1
Host: www.zoomnews1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/2022/11/2022.html?m=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon; charset=UTF-8
expires: Sat, 26 Nov 2022 09:04:14 GMT
date: Sat, 26 Nov 2022 09:04:14 GMT
cache-control: private, max-age=86400
last-modified: Tue, 22 Nov 2022 00:36:08 GMT
etag: W/"fd21b457a631a3bc2eb9479b6695e82e63f8f5bc47e160bb2cd59afb6442c30f"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4int/5EXjxzFGjgM
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4int/5EXjxzFGjgM
IP 142.250.74.3:0
Hash 409491f498c0f79ddca0e56159d380c3
7231cb4f426e30c7fd2273d23ebfbae87ec1918f
e50302c6220b9b52e223dd3e6dd2880d961247484dfe212f902e69c430a79989
POST /s/gts1d4int/5EXjxzFGjgM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:14 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
vaugroar.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /custom HTTP/1.1
Host: vaugroar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.zoomnews1.com/
Origin: https://www.zoomnews1.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:14 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash c910a44bf58b708c25d146fd52adb8e9
374a72c3026ea1fa5defd1e8eb7be2ca7184dfd5
3cf34029e6a112320130d154ac1291e49bcb4a80f0caaf84309456986f0adc77
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:14 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 13:33:17 GMT
Expires: Fri, 02 Dec 2022 13:33:16 GMT
Etag: "374a72c3026ea1fa5defd1e8eb7be2ca7184dfd5"
Cache-Control: max-age=533941,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7701749d38b3fac0-OSL
elprof.firebaseio.com/.ws?v=5
34.120.160.131101 Switching Protocols 0 B URL HTTP/1.1 elprof.firebaseio.com/.ws?v=5
IP 34.120.160.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /.ws?v=5 HTTP/1.1
Host: elprof.firebaseio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://www.zoomnews1.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: hQ2oAxStxHRHDH+5VyDNEA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Sat, 26 Nov 2022 09:04:14 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: JHG4WvkL8kouiYOS6E1O30miGm0=
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
arsnivyr.com/9?z=5491106&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
139.45.197.242204 No Content 0 B URL HTTP/2 arsnivyr.com/9?z=5491106&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=5491106&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.zoomnews1.com/
Origin: https://www.zoomnews1.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 26 Nov 2022 09:04:14 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
arsnivyr.com/27/22b0ff6d446d45dfe24f0ae457b1c7db
139.45.197.242200 OK 123 kB URL HTTP/2 arsnivyr.com/27/22b0ff6d446d45dfe24f0ae457b1c7db
IP 139.45.197.242:0
File type ASCII text, with very long lines (65523)
Size 123 kB (123031 bytes)
Hash a872c0c51efd65b15def4acad64a0151
322a63a33a0b9d7349060431d9a0059c324a8b07
196f0c16e01e497c8fc265534d06c1182824c36477e079616a42da81af32fe31
Analyzer Verdict Alert quad9 Sinkholed
GET /27/22b0ff6d446d45dfe24f0ae457b1c7db HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Cookie: scm=1; OAID=84b6b5c4fed547f782c89ca34a3c8949; oaidts=1669453453
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:14 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Fri, 25 Nov 2022 08:14:39 GMT
expires: Fri, 25 Dec 2082 08:14:39 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css
104.18.11.207200 OK 6.0 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css
IP 104.18.11.207:0
File type ASCII text, with very long lines (26548)
Hash b4489cda98c3b8b796721ec11c7d1430
16379920b2586c49efcf1ec3d2f0050fa70ac32a
81eba44d68b0fea1b78d903e1c50c0ce602af69bd0305b3f84aa35ba2afd4682
GET /font-awesome/4.4.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 09:04:13 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 12/13/2021 21:25:06
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 632
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 8ac87b10825a6871d9cd076fc3a23e4f
cdn-cache: HIT
cf-cache-status: HIT
age: 14900205
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 770174948cc00b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Play
142.250.74.10200 OK 492 B URL HTTP/2 fonts.googleapis.com/css?family=Play
IP 142.250.74.10:0
Hash 6ce6447ff48fb1cfa08d079f45be9262
8395f8057f11c634db519038050c404c5735eb4a
1f16adfbec2ff5cf6e7a9eee672743412658607d514651b75d0ab91e61ccb4af
GET /css?family=Play HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 26 Nov 2022 09:04:13 GMT
date: Sat, 26 Nov 2022 09:04:13 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
arsnivyr.com/9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
139.45.197.242204 No Content 0 B URL HTTP/2 arsnivyr.com/9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.zoomnews1.com/
Origin: https://www.zoomnews1.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 26 Nov 2022 09:04:14 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
vaugroar.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert quad9 Sinkholed
POST /custom HTTP/1.1
Host: vaugroar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.zoomnews1.com/
Content-Type: application/json
Origin: https://www.zoomnews1.com
Content-Length: 392
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:14 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 6c1bf4cedb4d49bda746a16085b445b0
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
37.48.68.71200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1209
Origin: https://www.zoomnews1.com
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 26 Nov 2022 09:04:14 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://www.zoomnews1.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
arsnivyr.com/9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
139.45.197.242204 No Content 0 B URL HTTP/2 arsnivyr.com/9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.zoomnews1.com/
Origin: https://www.zoomnews1.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 26 Nov 2022 09:04:14 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
arsnivyr.com/9?z=5491106&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
139.45.197.242200 OK 2.7 kB URL HTTP/2 arsnivyr.com/9?z=5491106&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
IP 139.45.197.242:0
File type JSON data\012- , ASCII text, with very long lines (6415), with no line terminators
Hash dba2f1d67b751cbe5be6d9b7e56f6535
8a9eb74e72f53dc45da2e1e131a58d6a39e14ca4
92a2a195bbd5e7eaba0d4dbae75d74dc075062c8882b94df884998f9192613c7
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5491106&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 156
Origin: https://www.zoomnews1.com
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Cookie: scm=1; OAID=84b6b5c4fed547f782c89ca34a3c8949; oaidts=1669453453
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:14 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 3ab44afd5a21d5b4720da027611da751
access-control-expose-headers: X-Sc
set-cookie: OAID=7a4cba7df116406aa2569040c00b7260; expires=Sun, 26 Nov 2023 09:04:14 GMT; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:14 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
arsnivyr.com/9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
139.45.197.242200 OK 2.7 kB URL HTTP/2 arsnivyr.com/9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
IP 139.45.197.242:0
File type JSON data\012- , ASCII text, with very long lines (6397), with no line terminators
Hash fa8958dd9b60dbd18a11affa4ee45fa9
1d8843dcb2a82ef5ab139a95aeb80d6308250a3d
4697f9042c83ff6c54882124c4f27118949ef29cd31c77a691537caee15b69fa
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 156
Origin: https://www.zoomnews1.com
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Cookie: scm=1; OAID=84b6b5c4fed547f782c89ca34a3c8949; oaidts=1669453453
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 1d4e0ef93e6f330c108e3c0e2afe22b3
access-control-expose-headers: X-Sc
set-cookie: OAID=7a4cba7df116406aa2569040c00b7260; expires=Sun, 26 Nov 2023 09:04:14 GMT; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:14 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
arsnivyr.com/9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
139.45.197.242200 OK 2.8 kB URL HTTP/2 arsnivyr.com/9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
IP 139.45.197.242:0
File type JSON data\012- , ASCII text, with very long lines (6841), with no line terminators
Hash 7d3bb986c72a66683f8b87f9b3b5900b
49bbb357e93611de892ba6ef040bbcc2040b9033
c00db246f4ffb7c7a77dda072fc83a724e0eebc19793202a38f0afd04fb10ac4
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 156
Origin: https://www.zoomnews1.com
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Cookie: scm=1; OAID=84b6b5c4fed547f782c89ca34a3c8949; oaidts=1669453453
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: c3112317166ad3ccf6f1055a6270d92d
access-control-expose-headers: X-Sc
set-cookie: OAID=7a4cba7df116406aa2569040c00b7260; expires=Sun, 26 Nov 2023 09:04:15 GMT; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:15 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
arsnivyr.com/11?rnd=4179343255&z=5493119&b=15699230&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=UcvWXM3bwAF7G2mgs5p36td8Cu-OPkBqJgXcIKqMxyNt8AtF_IvjqjcYgLG7ko22_mdGHLZfsu6y7xBHjPs4Lhm_QJbYG0v8eEnd_g-YO08xxNzXn_an2_C2pevkYLY5w7zABW3-eZjV9iDQNbIpPI1_Zgby9qQDtQAa8Gl4bPJqGiaO3cjt28_XPZIY3CGOgtsYaKcI8SeWDvmiqXh9S-8ktjljGMzWp3CCb107hjRH6ygba_ZT095w2ZbSK02dQTdV657QUX1DjhMfwk1mZS-GU_w7Xpy22BT-R4A0uz0JWEk9wGtPrh0u0z9eXZwNfd7ebe353wkRMYEE3zHpYF-a40tNRvfCVw7VYWefRNsYQA9cI0c-StlHDOyzKKF-Kw9EkOaHST5uVR5104Ag9SE0TRNA4MIRDFtCAm5gX5XkwMUg2j5kgHbKdFGgn18OTdaC3ZA6zvR7UvJzUl4fZt7X7xnCoCy1x5r3zZgcrPeWXYwYy4yGslxRvP9oOS4yZ-cDN66eBYIeHHHm3YE5CbwrhR4Pq3Ol7W_ZrVrWgeACwnSqlwu9r19C2jHgVo0A8cgJ8TU_t-RDDOGuShcfkK4exZBInLtYzAqkRkkeqruxHyqjjaMTysvvRrPmFi0k1HLDZ06I5QfMJRsuIjOWRErSo_cgE4DwNtSrdK9pQWd3xlj71ExtSDQ6FfTOsfqOaITVcd6vbsxqQimkyog9bchRntyusu6nVathAtndcN4JwgEQ&ruid=41506aaf-095f-4952-826e-4e95fd3ef3bc&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&ot=202
139.45.197.242200 OK 0 B URL HTTP/2 arsnivyr.com/11?rnd=4179343255&z=5493119&b=15699230&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=UcvWXM3bwAF7G2mgs5p36td8Cu-OPkBqJgXcIKqMxyNt8AtF_IvjqjcYgLG7ko22_mdGHLZfsu6y7xBHjPs4Lhm_QJbYG0v8eEnd_g-YO08xxNzXn_an2_C2pevkYLY5w7zABW3-eZjV9iDQNbIpPI1_Zgby9qQDtQAa8Gl4bPJqGiaO3cjt28_XPZIY3CGOgtsYaKcI8SeWDvmiqXh9S-8ktjljGMzWp3CCb107hjRH6ygba_ZT095w2ZbSK02dQTdV657QUX1DjhMfwk1mZS-GU_w7Xpy22BT-R4A0uz0JWEk9wGtPrh0u0z9eXZwNfd7ebe353wkRMYEE3zHpYF-a40tNRvfCVw7VYWefRNsYQA9cI0c-StlHDOyzKKF-Kw9EkOaHST5uVR5104Ag9SE0TRNA4MIRDFtCAm5gX5XkwMUg2j5kgHbKdFGgn18OTdaC3ZA6zvR7UvJzUl4fZt7X7xnCoCy1x5r3zZgcrPeWXYwYy4yGslxRvP9oOS4yZ-cDN66eBYIeHHHm3YE5CbwrhR4Pq3Ol7W_ZrVrWgeACwnSqlwu9r19C2jHgVo0A8cgJ8TU_t-RDDOGuShcfkK4exZBInLtYzAqkRkkeqruxHyqjjaMTysvvRrPmFi0k1HLDZ06I5QfMJRsuIjOWRErSo_cgE4DwNtSrdK9pQWd3xlj71ExtSDQ6FfTOsfqOaITVcd6vbsxqQimkyog9bchRntyusu6nVathAtndcN4JwgEQ&ruid=41506aaf-095f-4952-826e-4e95fd3ef3bc&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&ot=202
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=4179343255&z=5493119&b=15699230&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=UcvWXM3bwAF7G2mgs5p36td8Cu-OPkBqJgXcIKqMxyNt8AtF_IvjqjcYgLG7ko22_mdGHLZfsu6y7xBHjPs4Lhm_QJbYG0v8eEnd_g-YO08xxNzXn_an2_C2pevkYLY5w7zABW3-eZjV9iDQNbIpPI1_Zgby9qQDtQAa8Gl4bPJqGiaO3cjt28_XPZIY3CGOgtsYaKcI8SeWDvmiqXh9S-8ktjljGMzWp3CCb107hjRH6ygba_ZT095w2ZbSK02dQTdV657QUX1DjhMfwk1mZS-GU_w7Xpy22BT-R4A0uz0JWEk9wGtPrh0u0z9eXZwNfd7ebe353wkRMYEE3zHpYF-a40tNRvfCVw7VYWefRNsYQA9cI0c-StlHDOyzKKF-Kw9EkOaHST5uVR5104Ag9SE0TRNA4MIRDFtCAm5gX5XkwMUg2j5kgHbKdFGgn18OTdaC3ZA6zvR7UvJzUl4fZt7X7xnCoCy1x5r3zZgcrPeWXYwYy4yGslxRvP9oOS4yZ-cDN66eBYIeHHHm3YE5CbwrhR4Pq3Ol7W_ZrVrWgeACwnSqlwu9r19C2jHgVo0A8cgJ8TU_t-RDDOGuShcfkK4exZBInLtYzAqkRkkeqruxHyqjjaMTysvvRrPmFi0k1HLDZ06I5QfMJRsuIjOWRErSo_cgE4DwNtSrdK9pQWd3xlj71ExtSDQ6FfTOsfqOaITVcd6vbsxqQimkyog9bchRntyusu6nVathAtndcN4JwgEQ&ruid=41506aaf-095f-4952-826e-4e95fd3ef3bc&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&ot=202 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.zoomnews1.com
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Cookie: scm=1; OAID=7a4cba7df116406aa2569040c00b7260; oaidts=1669453453
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: eb6714df59ae880a5492a6b0b2224920
access-control-expose-headers: X-Sc
set-cookie: OAID=7a4cba7df116406aa2569040c00b7260; expires=Sun, 26 Nov 2023 09:04:15 GMT; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:15 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsISHqVZXCXQVpY1evoQLV_UXcAPPT1b7i6S9Lg6Y3DTEmKo_GCsSVGWKYefc9xtRaPPT6iIoFilnpVgdwkh7S5f_2l2smH1EpIwKbv_wIAquN5yHhmmev2YCWgGddys6DXNbn2wta9vyMuDXfP1en5hUpV_gY6nC5W-igA8OlHlKu0ieVYiuXt4sj/w640-h358/%D8%AA%D9%86%D8%B2%D9%8A%D9%84%20(5).jpeg
142.250.74.33200 OK 9.0 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsISHqVZXCXQVpY1evoQLV_UXcAPPT1b7i6S9Lg6Y3DTEmKo_GCsSVGWKYefc9xtRaPPT6iIoFilnpVgdwkh7S5f_2l2smH1EpIwKbv_wIAquN5yHhmmev2YCWgGddys6DXNbn2wta9vyMuDXfP1en5hUpV_gY6nC5W-igA8OlHlKu0ieVYiuXt4sj/w640-h358/%D8%AA%D9%86%D8%B2%D9%8A%D9%84%20(5).jpeg
IP 142.250.74.33:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 300x168, components 3\012- data
Hash a961e4072d7f5a4e1320798ba687b847
1793d005152c7e690f73f5cecebd9bffca0bde7c
6f65e843043428c1d474eda96065d8aff47624c32584b35565b15b79d8b0b8d6
GET /img/b/R29vZ2xl/AVvXsEgsISHqVZXCXQVpY1evoQLV_UXcAPPT1b7i6S9Lg6Y3DTEmKo_GCsSVGWKYefc9xtRaPPT6iIoFilnpVgdwkh7S5f_2l2smH1EpIwKbv_wIAquN5yHhmmev2YCWgGddys6DXNbn2wta9vyMuDXfP1en5hUpV_gY6nC5W-igA8OlHlKu0ieVYiuXt4sj/w640-h358/%D8%AA%D9%86%D8%B2%D9%8A%D9%84%20(5).jpeg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v3ea"
expires: Sun, 27 Nov 2022 09:04:15 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="_____ (5).jpeg";filename*=UTF-8''%D8%AA%D9%86%D8%B2%D9%8A%D9%84%20(5).jpeg
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Sat, 26 Nov 2022 09:04:15 GMT
server: fife
content-length: 9016
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
arsnivyr.com/11?rnd=1092799291&z=5493119&b=15484935&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=T46VSoD9bxo7e6l4kkHHJwVvuZuxf-fzMDaeSpoVaatCdkVM47uCxlkWZqR2WKRxFyGVoWVXJbqh2fec88JzIy9XZ71wfF0Qcdklvg5B7xsz1NZQaQzezbdjnqnvnLJe0Ep-NU9dQpy0C31zwyip16pOwVeffVpypmQoIFpnIDee5uMMaTZ9BW_qFnrdDWZ8F4Sd2ZCjTVDeqYoAem0DyaurJ79zs1U4-9hCWPCG3liKYNFTiaW_UllVN2OHe0tOSdO4XhVo7tVQuuBxXfxG06qUQKhuzS3Ic0s7JM1anea611FObFx2_XHAshG7OTRLjQfTh90JalGmbuLVuv6vgbm7Ca1YLCnT1_2nr93fcCpLXKS7bPM4h5SwSTDDBjBquZE2hDrOSD9o6qz-8I8BO2mnpJFBvclq5NKOaRxGM0GSSl8HAbZqAs3314vUyWmhS87I5u9aPt8_aC3MK4TRTR1WUf3OGrmI7OxtYKz_HY6Vn-kiigulgnTNoG1w4cOfaa4t1AevB8EIaZnjXvaK-t19Pl7ALhb-AdQFEvsISdX7EGgses3euTOO0ZFyVrN2PLJWtWNbqu0pAeo8D5G5_UBTZgFc_KGGsw1HE_YkhFO8_Y2LAER_CLCMkJdEhzIS0yGhpR2h32P_F88nIfxig06S69fPT9cJCT-FmL1--i8unQPFFEiTfft4kWRcxWPsk71g8DMqv8bMGPossSGQSKM4fFtY03GxrtNc3uyeFd8AMbQTgKut7ML6UF8H-VxQAbra9q4dTxEJkU8-dv4Y6sk70j8xcP5PoSRxAReKog5l35PMHPw2xu2FLmrsCpsBaLJudw==&ruid=75799bcf-97a7-464e-8b44-d86a27838d96&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&ot=212
139.45.197.242200 OK 0 B URL HTTP/2 arsnivyr.com/11?rnd=1092799291&z=5493119&b=15484935&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=T46VSoD9bxo7e6l4kkHHJwVvuZuxf-fzMDaeSpoVaatCdkVM47uCxlkWZqR2WKRxFyGVoWVXJbqh2fec88JzIy9XZ71wfF0Qcdklvg5B7xsz1NZQaQzezbdjnqnvnLJe0Ep-NU9dQpy0C31zwyip16pOwVeffVpypmQoIFpnIDee5uMMaTZ9BW_qFnrdDWZ8F4Sd2ZCjTVDeqYoAem0DyaurJ79zs1U4-9hCWPCG3liKYNFTiaW_UllVN2OHe0tOSdO4XhVo7tVQuuBxXfxG06qUQKhuzS3Ic0s7JM1anea611FObFx2_XHAshG7OTRLjQfTh90JalGmbuLVuv6vgbm7Ca1YLCnT1_2nr93fcCpLXKS7bPM4h5SwSTDDBjBquZE2hDrOSD9o6qz-8I8BO2mnpJFBvclq5NKOaRxGM0GSSl8HAbZqAs3314vUyWmhS87I5u9aPt8_aC3MK4TRTR1WUf3OGrmI7OxtYKz_HY6Vn-kiigulgnTNoG1w4cOfaa4t1AevB8EIaZnjXvaK-t19Pl7ALhb-AdQFEvsISdX7EGgses3euTOO0ZFyVrN2PLJWtWNbqu0pAeo8D5G5_UBTZgFc_KGGsw1HE_YkhFO8_Y2LAER_CLCMkJdEhzIS0yGhpR2h32P_F88nIfxig06S69fPT9cJCT-FmL1--i8unQPFFEiTfft4kWRcxWPsk71g8DMqv8bMGPossSGQSKM4fFtY03GxrtNc3uyeFd8AMbQTgKut7ML6UF8H-VxQAbra9q4dTxEJkU8-dv4Y6sk70j8xcP5PoSRxAReKog5l35PMHPw2xu2FLmrsCpsBaLJudw==&ruid=75799bcf-97a7-464e-8b44-d86a27838d96&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&ot=212
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=1092799291&z=5493119&b=15484935&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=T46VSoD9bxo7e6l4kkHHJwVvuZuxf-fzMDaeSpoVaatCdkVM47uCxlkWZqR2WKRxFyGVoWVXJbqh2fec88JzIy9XZ71wfF0Qcdklvg5B7xsz1NZQaQzezbdjnqnvnLJe0Ep-NU9dQpy0C31zwyip16pOwVeffVpypmQoIFpnIDee5uMMaTZ9BW_qFnrdDWZ8F4Sd2ZCjTVDeqYoAem0DyaurJ79zs1U4-9hCWPCG3liKYNFTiaW_UllVN2OHe0tOSdO4XhVo7tVQuuBxXfxG06qUQKhuzS3Ic0s7JM1anea611FObFx2_XHAshG7OTRLjQfTh90JalGmbuLVuv6vgbm7Ca1YLCnT1_2nr93fcCpLXKS7bPM4h5SwSTDDBjBquZE2hDrOSD9o6qz-8I8BO2mnpJFBvclq5NKOaRxGM0GSSl8HAbZqAs3314vUyWmhS87I5u9aPt8_aC3MK4TRTR1WUf3OGrmI7OxtYKz_HY6Vn-kiigulgnTNoG1w4cOfaa4t1AevB8EIaZnjXvaK-t19Pl7ALhb-AdQFEvsISdX7EGgses3euTOO0ZFyVrN2PLJWtWNbqu0pAeo8D5G5_UBTZgFc_KGGsw1HE_YkhFO8_Y2LAER_CLCMkJdEhzIS0yGhpR2h32P_F88nIfxig06S69fPT9cJCT-FmL1--i8unQPFFEiTfft4kWRcxWPsk71g8DMqv8bMGPossSGQSKM4fFtY03GxrtNc3uyeFd8AMbQTgKut7ML6UF8H-VxQAbra9q4dTxEJkU8-dv4Y6sk70j8xcP5PoSRxAReKog5l35PMHPw2xu2FLmrsCpsBaLJudw==&ruid=75799bcf-97a7-464e-8b44-d86a27838d96&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&ot=212 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.zoomnews1.com
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Cookie: scm=1; OAID=7a4cba7df116406aa2569040c00b7260; oaidts=1669453453; oaidvc=1; CNT=1_v1_B0jsAAEAAAB6SwAA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: e63d14d6d04bdc6d88d0a43086bd1a3c
access-control-expose-headers: X-Sc
set-cookie: OAID=7a4cba7df116406aa2569040c00b7260; expires=Sun, 26 Nov 2023 09:04:15 GMT; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:15 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e4d661d999b855142d472fd230fb4ab3
b4be1feeaccc98768ec3393929772bd8f75deed7
97a1c1b509250dd99cde7f76b53a43b7ee415011744414d83f5980df2e11dc60
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6384a874a72c3df8941f526f18b35cc5
e380f3712b8a1edfddba7bfa6d1fd27d4ae8c472
1dd1d45f6988f9be4f87bfdd19ef3252e672defd246b20b6c8a44da37298e55d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DD1D45F6988F9BE4F87BFDD19EF3252E672DEFD246B20B6C8A44DA37298E55D"
Last-Modified: Thu, 24 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1574
Expires: Sat, 26 Nov 2022 09:30:29 GMT
Date: Sat, 26 Nov 2022 09:04:15 GMT
Connection: keep-alive
arsnivyr.com/121?rnd=2410624569&z=5493119&b=15484935&c=6264466&var=&d=https%3A%2F%2Fmediasama.com%2Fstarharem%2F01%2Fs%2Findex_rt.html&cln={CELL_NUMBER}&btp=7&rb=T46VSoD9bxo7e6l4kkHHJwVvuZuxf-fzMDaeSpoVaatCdkVM47uCxlkWZqR2WKRxFyGVoWVXJbqh2fec88JzIy9XZ71wfF0Qcdklvg5B7xsz1NZQaQzezbdjnqnvnLJe0Ep-NU9dQpy0C31zwyip16pOwVeffVpypmQoIFpnIDee5uMMaTZ9BW_qFnrdDWZ8F4Sd2ZCjTVDeqYoAem0DyaurJ79zs1U4-9hCWPCG3liKYNFTiaW_UllVN2OHe0tOSdO4XhVo7tVQuuBxXfxG06qUQKhuzS3Ic0s7JM1anea611FObFx2_XHAshG7OTRLjQfTh90JalGmbuLVuv6vgbm7Ca1YLCnT1_2nr93fcCpLXKS7bPM4h5SwSTDDBjBquZE2hDrOSD9o6qz-8I8BO2mnpJFBvclq5NKOaRxGM0GSSl8HAbZqAs3314vUyWmhS87I5u9aPt8_aC3MK4TRTR1WUf3OGrmI7OxtYKz_HY6Vn-kiigulgnTNoG1w4cOfaa4t1AevB8EIaZnjXvaK-t19Pl7ALhb-AdQFEvsISdX7EGgses3euTOO0ZFyVrN2PLJWtWNbqu0pAeo8D5G5_UBTZgFc_KGGsw1HE_YkhFO8_Y2LAER_CLCMkJdEhzIS0yGhpR2h32P_F88nIfxig06S69fPT9cJCT-FmL1--i8unQPFFEiTfft4kWRcxWPsk71g8DMqv8bMGPossSGQSKM4fFtY03GxrtNc3uyeFd8AMbQTgKut7ML6UF8H-VxQAbra9q4dTxEJkU8-dv4Y6sk70j8xcP5PoSRxAReKog5l35PMHPw2xu2FLmrsCpsBaLJudw==&bag=ZLuqgj0Kl7bM7rUFxqPD1o9asEH8ETuc&ruid=75799bcf-97a7-464e-8b44-d86a27838d96
139.45.197.242302 Found 0 B URL HTTP/2 arsnivyr.com/121?rnd=2410624569&z=5493119&b=15484935&c=6264466&var=&d=https%3A%2F%2Fmediasama.com%2Fstarharem%2F01%2Fs%2Findex_rt.html&cln={CELL_NUMBER}&btp=7&rb=T46VSoD9bxo7e6l4kkHHJwVvuZuxf-fzMDaeSpoVaatCdkVM47uCxlkWZqR2WKRxFyGVoWVXJbqh2fec88JzIy9XZ71wfF0Qcdklvg5B7xsz1NZQaQzezbdjnqnvnLJe0Ep-NU9dQpy0C31zwyip16pOwVeffVpypmQoIFpnIDee5uMMaTZ9BW_qFnrdDWZ8F4Sd2ZCjTVDeqYoAem0DyaurJ79zs1U4-9hCWPCG3liKYNFTiaW_UllVN2OHe0tOSdO4XhVo7tVQuuBxXfxG06qUQKhuzS3Ic0s7JM1anea611FObFx2_XHAshG7OTRLjQfTh90JalGmbuLVuv6vgbm7Ca1YLCnT1_2nr93fcCpLXKS7bPM4h5SwSTDDBjBquZE2hDrOSD9o6qz-8I8BO2mnpJFBvclq5NKOaRxGM0GSSl8HAbZqAs3314vUyWmhS87I5u9aPt8_aC3MK4TRTR1WUf3OGrmI7OxtYKz_HY6Vn-kiigulgnTNoG1w4cOfaa4t1AevB8EIaZnjXvaK-t19Pl7ALhb-AdQFEvsISdX7EGgses3euTOO0ZFyVrN2PLJWtWNbqu0pAeo8D5G5_UBTZgFc_KGGsw1HE_YkhFO8_Y2LAER_CLCMkJdEhzIS0yGhpR2h32P_F88nIfxig06S69fPT9cJCT-FmL1--i8unQPFFEiTfft4kWRcxWPsk71g8DMqv8bMGPossSGQSKM4fFtY03GxrtNc3uyeFd8AMbQTgKut7ML6UF8H-VxQAbra9q4dTxEJkU8-dv4Y6sk70j8xcP5PoSRxAReKog5l35PMHPw2xu2FLmrsCpsBaLJudw==&bag=ZLuqgj0Kl7bM7rUFxqPD1o9asEH8ETuc&ruid=75799bcf-97a7-464e-8b44-d86a27838d96
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /121?rnd=2410624569&z=5493119&b=15484935&c=6264466&var=&d=https%3A%2F%2Fmediasama.com%2Fstarharem%2F01%2Fs%2Findex_rt.html&cln={CELL_NUMBER}&btp=7&rb=T46VSoD9bxo7e6l4kkHHJwVvuZuxf-fzMDaeSpoVaatCdkVM47uCxlkWZqR2WKRxFyGVoWVXJbqh2fec88JzIy9XZ71wfF0Qcdklvg5B7xsz1NZQaQzezbdjnqnvnLJe0Ep-NU9dQpy0C31zwyip16pOwVeffVpypmQoIFpnIDee5uMMaTZ9BW_qFnrdDWZ8F4Sd2ZCjTVDeqYoAem0DyaurJ79zs1U4-9hCWPCG3liKYNFTiaW_UllVN2OHe0tOSdO4XhVo7tVQuuBxXfxG06qUQKhuzS3Ic0s7JM1anea611FObFx2_XHAshG7OTRLjQfTh90JalGmbuLVuv6vgbm7Ca1YLCnT1_2nr93fcCpLXKS7bPM4h5SwSTDDBjBquZE2hDrOSD9o6qz-8I8BO2mnpJFBvclq5NKOaRxGM0GSSl8HAbZqAs3314vUyWmhS87I5u9aPt8_aC3MK4TRTR1WUf3OGrmI7OxtYKz_HY6Vn-kiigulgnTNoG1w4cOfaa4t1AevB8EIaZnjXvaK-t19Pl7ALhb-AdQFEvsISdX7EGgses3euTOO0ZFyVrN2PLJWtWNbqu0pAeo8D5G5_UBTZgFc_KGGsw1HE_YkhFO8_Y2LAER_CLCMkJdEhzIS0yGhpR2h32P_F88nIfxig06S69fPT9cJCT-FmL1--i8unQPFFEiTfft4kWRcxWPsk71g8DMqv8bMGPossSGQSKM4fFtY03GxrtNc3uyeFd8AMbQTgKut7ML6UF8H-VxQAbra9q4dTxEJkU8-dv4Y6sk70j8xcP5PoSRxAReKog5l35PMHPw2xu2FLmrsCpsBaLJudw==&bag=ZLuqgj0Kl7bM7rUFxqPD1o9asEH8ETuc&ruid=75799bcf-97a7-464e-8b44-d86a27838d96 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: scm=1; OAID=7a4cba7df116406aa2569040c00b7260; oaidts=1669453453; oaidvc=1; CNT=1_v1_B0jsAAEAAAB6SwAA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
content-length: 0
location: https://mediasama.com/starharem/01/s/index_rt.html
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: e57de1340efc67a5abca2d2ed2602adf
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
arsnivyr.com/11?rnd=3934559543&z=5493119&b=15484935&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=JeHwXWsQBmxpbuKp-cpNHUkMHVP3ieOM3o5Z-B0N50e6oLpgkYOmgRb0lu_kWyMJzcf4_dlWZ2oyA7xj3ulZzeDUl6EsKzARHJqRTxm326fx3GfxAllJpx7QK32vTwFUDYMcbCOYAmYvMHLvb7KQ1VxTAX2cyBjINvXKfQmF7pNsT0zkmFFKbx3QLV_IoXhJ546Y6Qbw9Wwpmmbqti17xalktuaEdc2JYWUv2r2iTGxbRl_RB_3rqbB539tHS33ohULzlvF5IqKV54pWP9YsUI9msO4fyKiLO9AZa02aicOhMIq3HvM5gie2ioaYySYzaHZE-nBez0cOZsT-vRR2rs0T12iWvtMI06Awcw-U-S63zpyERiiRkqM5sE3JY8lhskwA1LttfyjsME7nf-hJFSAoLsGHvKqQYPB06LvKGVQgu3hHFI21TuZqhqi-a0cIaHwPwhXliC6L8XTmYQf-RkCKOwZeDXr-P_fNc5joWt8R3N_tbNFGYmRZD7ue5Q1xvrJnCE-bzvU7ulC_f0XqElYt9zUxgQO6KmaB8PXaDpCTsqu02am7RsrMmfUqITvfySGHXADMmU8KpJ25YLt1x0u4xncgXrfjJw_gxcAv0yBCZngZKdjiE6TgQnpj_GObU48tE7wKAIYoyY9s4bHOS2TX8b5EG3N4fGN5qlkYQIr6Fqc68wzTv1hn17oyg2dFO5lxdjI9RupomAkUyMjbCKGr-gRI0DJLKKe-nMaSuLzXd73X0_wTguTk7WysheVSIkhJa-diEsyOS8cC09sehnXshkSea6kkUcIRy_bRLfX_Jf0IdyS5FNbbLb-xXfaK308zOA==&ruid=42d2be69-c0b6-47c5-83c7-997f2523f7ef&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&ot=290
139.45.197.242200 OK 0 B URL HTTP/2 arsnivyr.com/11?rnd=3934559543&z=5493119&b=15484935&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=JeHwXWsQBmxpbuKp-cpNHUkMHVP3ieOM3o5Z-B0N50e6oLpgkYOmgRb0lu_kWyMJzcf4_dlWZ2oyA7xj3ulZzeDUl6EsKzARHJqRTxm326fx3GfxAllJpx7QK32vTwFUDYMcbCOYAmYvMHLvb7KQ1VxTAX2cyBjINvXKfQmF7pNsT0zkmFFKbx3QLV_IoXhJ546Y6Qbw9Wwpmmbqti17xalktuaEdc2JYWUv2r2iTGxbRl_RB_3rqbB539tHS33ohULzlvF5IqKV54pWP9YsUI9msO4fyKiLO9AZa02aicOhMIq3HvM5gie2ioaYySYzaHZE-nBez0cOZsT-vRR2rs0T12iWvtMI06Awcw-U-S63zpyERiiRkqM5sE3JY8lhskwA1LttfyjsME7nf-hJFSAoLsGHvKqQYPB06LvKGVQgu3hHFI21TuZqhqi-a0cIaHwPwhXliC6L8XTmYQf-RkCKOwZeDXr-P_fNc5joWt8R3N_tbNFGYmRZD7ue5Q1xvrJnCE-bzvU7ulC_f0XqElYt9zUxgQO6KmaB8PXaDpCTsqu02am7RsrMmfUqITvfySGHXADMmU8KpJ25YLt1x0u4xncgXrfjJw_gxcAv0yBCZngZKdjiE6TgQnpj_GObU48tE7wKAIYoyY9s4bHOS2TX8b5EG3N4fGN5qlkYQIr6Fqc68wzTv1hn17oyg2dFO5lxdjI9RupomAkUyMjbCKGr-gRI0DJLKKe-nMaSuLzXd73X0_wTguTk7WysheVSIkhJa-diEsyOS8cC09sehnXshkSea6kkUcIRy_bRLfX_Jf0IdyS5FNbbLb-xXfaK308zOA==&ruid=42d2be69-c0b6-47c5-83c7-997f2523f7ef&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&ot=290
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=3934559543&z=5493119&b=15484935&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=JeHwXWsQBmxpbuKp-cpNHUkMHVP3ieOM3o5Z-B0N50e6oLpgkYOmgRb0lu_kWyMJzcf4_dlWZ2oyA7xj3ulZzeDUl6EsKzARHJqRTxm326fx3GfxAllJpx7QK32vTwFUDYMcbCOYAmYvMHLvb7KQ1VxTAX2cyBjINvXKfQmF7pNsT0zkmFFKbx3QLV_IoXhJ546Y6Qbw9Wwpmmbqti17xalktuaEdc2JYWUv2r2iTGxbRl_RB_3rqbB539tHS33ohULzlvF5IqKV54pWP9YsUI9msO4fyKiLO9AZa02aicOhMIq3HvM5gie2ioaYySYzaHZE-nBez0cOZsT-vRR2rs0T12iWvtMI06Awcw-U-S63zpyERiiRkqM5sE3JY8lhskwA1LttfyjsME7nf-hJFSAoLsGHvKqQYPB06LvKGVQgu3hHFI21TuZqhqi-a0cIaHwPwhXliC6L8XTmYQf-RkCKOwZeDXr-P_fNc5joWt8R3N_tbNFGYmRZD7ue5Q1xvrJnCE-bzvU7ulC_f0XqElYt9zUxgQO6KmaB8PXaDpCTsqu02am7RsrMmfUqITvfySGHXADMmU8KpJ25YLt1x0u4xncgXrfjJw_gxcAv0yBCZngZKdjiE6TgQnpj_GObU48tE7wKAIYoyY9s4bHOS2TX8b5EG3N4fGN5qlkYQIr6Fqc68wzTv1hn17oyg2dFO5lxdjI9RupomAkUyMjbCKGr-gRI0DJLKKe-nMaSuLzXd73X0_wTguTk7WysheVSIkhJa-diEsyOS8cC09sehnXshkSea6kkUcIRy_bRLfX_Jf0IdyS5FNbbLb-xXfaK308zOA==&ruid=42d2be69-c0b6-47c5-83c7-997f2523f7ef&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&ot=290 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.zoomnews1.com
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Cookie: scm=1; OAID=7a4cba7df116406aa2569040c00b7260; oaidts=1669453453; oaidvc=1; CNT=1_v1_B0jsAAEAAAB6SwAA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 180d84b04d54d63b53c9dfe8f794ded1
access-control-expose-headers: X-Sc
set-cookie: OAID=7a4cba7df116406aa2569040c00b7260; expires=Sun, 26 Nov 2023 09:04:15 GMT; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:15 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10578
Expires: Sat, 26 Nov 2022 12:00:33 GMT
Date: Sat, 26 Nov 2022 09:04:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10578
Expires: Sat, 26 Nov 2022 12:00:33 GMT
Date: Sat, 26 Nov 2022 09:04:15 GMT
Connection: keep-alive
arsnivyr.com/121?rnd=1487377957&z=5493119&b=15484935&c=6264466&var=&d=https%3A%2F%2Fmediasama.com%2Fstarharem%2F01%2Fs%2Findex_rt.html&cln={CELL_NUMBER}&btp=7&rb=JeHwXWsQBmxpbuKp-cpNHUkMHVP3ieOM3o5Z-B0N50e6oLpgkYOmgRb0lu_kWyMJzcf4_dlWZ2oyA7xj3ulZzeDUl6EsKzARHJqRTxm326fx3GfxAllJpx7QK32vTwFUDYMcbCOYAmYvMHLvb7KQ1VxTAX2cyBjINvXKfQmF7pNsT0zkmFFKbx3QLV_IoXhJ546Y6Qbw9Wwpmmbqti17xalktuaEdc2JYWUv2r2iTGxbRl_RB_3rqbB539tHS33ohULzlvF5IqKV54pWP9YsUI9msO4fyKiLO9AZa02aicOhMIq3HvM5gie2ioaYySYzaHZE-nBez0cOZsT-vRR2rs0T12iWvtMI06Awcw-U-S63zpyERiiRkqM5sE3JY8lhskwA1LttfyjsME7nf-hJFSAoLsGHvKqQYPB06LvKGVQgu3hHFI21TuZqhqi-a0cIaHwPwhXliC6L8XTmYQf-RkCKOwZeDXr-P_fNc5joWt8R3N_tbNFGYmRZD7ue5Q1xvrJnCE-bzvU7ulC_f0XqElYt9zUxgQO6KmaB8PXaDpCTsqu02am7RsrMmfUqITvfySGHXADMmU8KpJ25YLt1x0u4xncgXrfjJw_gxcAv0yBCZngZKdjiE6TgQnpj_GObU48tE7wKAIYoyY9s4bHOS2TX8b5EG3N4fGN5qlkYQIr6Fqc68wzTv1hn17oyg2dFO5lxdjI9RupomAkUyMjbCKGr-gRI0DJLKKe-nMaSuLzXd73X0_wTguTk7WysheVSIkhJa-diEsyOS8cC09sehnXshkSea6kkUcIRy_bRLfX_Jf0IdyS5FNbbLb-xXfaK308zOA==&bag=ZLuqgj0Kl7bM7rUFxqPD1o9asEH8ETuc&ruid=42d2be69-c0b6-47c5-83c7-997f2523f7ef
139.45.197.242302 Found 0 B URL HTTP/2 arsnivyr.com/121?rnd=1487377957&z=5493119&b=15484935&c=6264466&var=&d=https%3A%2F%2Fmediasama.com%2Fstarharem%2F01%2Fs%2Findex_rt.html&cln={CELL_NUMBER}&btp=7&rb=JeHwXWsQBmxpbuKp-cpNHUkMHVP3ieOM3o5Z-B0N50e6oLpgkYOmgRb0lu_kWyMJzcf4_dlWZ2oyA7xj3ulZzeDUl6EsKzARHJqRTxm326fx3GfxAllJpx7QK32vTwFUDYMcbCOYAmYvMHLvb7KQ1VxTAX2cyBjINvXKfQmF7pNsT0zkmFFKbx3QLV_IoXhJ546Y6Qbw9Wwpmmbqti17xalktuaEdc2JYWUv2r2iTGxbRl_RB_3rqbB539tHS33ohULzlvF5IqKV54pWP9YsUI9msO4fyKiLO9AZa02aicOhMIq3HvM5gie2ioaYySYzaHZE-nBez0cOZsT-vRR2rs0T12iWvtMI06Awcw-U-S63zpyERiiRkqM5sE3JY8lhskwA1LttfyjsME7nf-hJFSAoLsGHvKqQYPB06LvKGVQgu3hHFI21TuZqhqi-a0cIaHwPwhXliC6L8XTmYQf-RkCKOwZeDXr-P_fNc5joWt8R3N_tbNFGYmRZD7ue5Q1xvrJnCE-bzvU7ulC_f0XqElYt9zUxgQO6KmaB8PXaDpCTsqu02am7RsrMmfUqITvfySGHXADMmU8KpJ25YLt1x0u4xncgXrfjJw_gxcAv0yBCZngZKdjiE6TgQnpj_GObU48tE7wKAIYoyY9s4bHOS2TX8b5EG3N4fGN5qlkYQIr6Fqc68wzTv1hn17oyg2dFO5lxdjI9RupomAkUyMjbCKGr-gRI0DJLKKe-nMaSuLzXd73X0_wTguTk7WysheVSIkhJa-diEsyOS8cC09sehnXshkSea6kkUcIRy_bRLfX_Jf0IdyS5FNbbLb-xXfaK308zOA==&bag=ZLuqgj0Kl7bM7rUFxqPD1o9asEH8ETuc&ruid=42d2be69-c0b6-47c5-83c7-997f2523f7ef
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /121?rnd=1487377957&z=5493119&b=15484935&c=6264466&var=&d=https%3A%2F%2Fmediasama.com%2Fstarharem%2F01%2Fs%2Findex_rt.html&cln={CELL_NUMBER}&btp=7&rb=JeHwXWsQBmxpbuKp-cpNHUkMHVP3ieOM3o5Z-B0N50e6oLpgkYOmgRb0lu_kWyMJzcf4_dlWZ2oyA7xj3ulZzeDUl6EsKzARHJqRTxm326fx3GfxAllJpx7QK32vTwFUDYMcbCOYAmYvMHLvb7KQ1VxTAX2cyBjINvXKfQmF7pNsT0zkmFFKbx3QLV_IoXhJ546Y6Qbw9Wwpmmbqti17xalktuaEdc2JYWUv2r2iTGxbRl_RB_3rqbB539tHS33ohULzlvF5IqKV54pWP9YsUI9msO4fyKiLO9AZa02aicOhMIq3HvM5gie2ioaYySYzaHZE-nBez0cOZsT-vRR2rs0T12iWvtMI06Awcw-U-S63zpyERiiRkqM5sE3JY8lhskwA1LttfyjsME7nf-hJFSAoLsGHvKqQYPB06LvKGVQgu3hHFI21TuZqhqi-a0cIaHwPwhXliC6L8XTmYQf-RkCKOwZeDXr-P_fNc5joWt8R3N_tbNFGYmRZD7ue5Q1xvrJnCE-bzvU7ulC_f0XqElYt9zUxgQO6KmaB8PXaDpCTsqu02am7RsrMmfUqITvfySGHXADMmU8KpJ25YLt1x0u4xncgXrfjJw_gxcAv0yBCZngZKdjiE6TgQnpj_GObU48tE7wKAIYoyY9s4bHOS2TX8b5EG3N4fGN5qlkYQIr6Fqc68wzTv1hn17oyg2dFO5lxdjI9RupomAkUyMjbCKGr-gRI0DJLKKe-nMaSuLzXd73X0_wTguTk7WysheVSIkhJa-diEsyOS8cC09sehnXshkSea6kkUcIRy_bRLfX_Jf0IdyS5FNbbLb-xXfaK308zOA==&bag=ZLuqgj0Kl7bM7rUFxqPD1o9asEH8ETuc&ruid=42d2be69-c0b6-47c5-83c7-997f2523f7ef HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: scm=1; OAID=7a4cba7df116406aa2569040c00b7260; oaidts=1669453453; oaidvc=1; CNT=1_v1_B0jsAAEAAAB6SwAA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
content-length: 0
location: https://mediasama.com/starharem/01/s/index_rt.html
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 231b1d6d8b283c2abf7d095729c4fcfe
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10578
Expires: Sat, 26 Nov 2022 12:00:33 GMT
Date: Sat, 26 Nov 2022 09:04:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10578
Expires: Sat, 26 Nov 2022 12:00:33 GMT
Date: Sat, 26 Nov 2022 09:04:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10578
Expires: Sat, 26 Nov 2022 12:00:33 GMT
Date: Sat, 26 Nov 2022 09:04:15 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc7a5b86-3ad1-40c7-b173-8a9ac078c227.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc7a5b86-3ad1-40c7-b173-8a9ac078c227.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5088223f5973e3cd56f03f50a1e84b79
0b6c9b51d10762a4747286ab5b1c2354fa39c622
8159e4f7eec7bea518bb29e3fdb070bab4fb70116205577f7b7d74ad4d0dfbc7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc7a5b86-3ad1-40c7-b173-8a9ac078c227.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8913
x-amzn-requestid: d0a9414c-eccf-44e8-adb7-92654544eeb5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWWXEpeIAMFnzw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381375b-5825510666b3e80a5f83cafa;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:44:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: whO__FB0B2ywDP_p63eQ044RXbT207sX1i87I6nPAFUB85nSYc0Cuw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:06 GMT
age: 40689
etag: "0b6c9b51d10762a4747286ab5b1c2354fa39c622"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30fddcf4-c88b-41c3-90f7-a4530639de73.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30fddcf4-c88b-41c3-90f7-a4530639de73.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e0c5064718601e80b7bfc931120ff70
741e5e48c4fb170efee9b611be5638d999a09bd2
d0b1537f43277e7f59152e6272d4f3888ab4618fa7fe0e4b24e2f851dbf0f4cd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30fddcf4-c88b-41c3-90f7-a4530639de73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7025
x-amzn-requestid: 2c9cd3bc-80d4-4578-a0aa-4f1ff7f19d30
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVNYGwaIAMFU8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813588-0c66a293144f894f001ae0cf;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: r2feThcq6D5u1ptiBnSuA5ZC00_W8moa4pb6xSxxeIEMbgoPtQdUyQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:51:02 GMT
age: 40393
etag: "741e5e48c4fb170efee9b611be5638d999a09bd2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
arsnivyr.com/121?rnd=2146411656&z=5493119&b=13251580&c=5652603&var=&d=https%3A%2F%2Fasian-movies-online.com%2F%3Fpa%3DPR7O624C2E%3Fclickid%3D620295354350309376&cln={CELL_NUMBER}&btp=7&rb=IwgvbrXC2SHTdWBWkK0BcPoOgLkaPbCVAWYK5O3Wy1AnA6eNNkn5p3qtaaTf34NIwvBDgiFN2CpWkctoYdvG-rPIb3vnMpWxL4uVcV_eZCK5eRIfI2UDLtG7fIkhjCSDUtOt0UeaScGB2Aeowu7JfBhXbFLlBgfwPofo7RGO4jXjdoFZgt6gqAyWHXYJ-2-Jl7hld-cB1oPi2Tt_Fl1iKkDPS16pgAjCJDpMvXXgOfxgBOKt3nmf75ZzISFtx4JipI3kCsAgFxlfUyjs56I3kGqul-VfH_UgHrFxz_JiHqXVNBeKlvx6_mcZomEiYDO-Imk_AM0R1q7hdDjnjoIp6ncjGLJMWjeVrnb7cMJauFhINrx0N4dNlbYNI5iHrl4DbaSs-G4B3CdSsptin0NWN_nHCjT83QPYGXNBQZlR67yyr7kUuIYYtBVseIZYkAXvGbn_dB24ZcTh_0Z6OZdCllh81ZmYJFIcfGZ-ArEgWjY2nX9kq0zGGiitt6YpQg_6LbGVcyu76pW4ABHlIW938Qhs-3gNwbtLN_Q3G3jUZUxX8dE6o93uIDA2---wbArJqG2zbXVHFwvkKqUIMYBB4HFbpJMWLBITU_S9gqP9z-02AKH0OSGxxHS97UH3VpfJuCx6su9e8gpwWliD4T06Qd2A-LAHhFcFLaxER1UzB-GOaAb_Z41NQnyWgWin9HIHlIhXh0LePR2jNGslK1n3HacGAwvOtVnlyBq6GG4EqR3BwKeUzAxdV4ttqSjCYPnEIKl-IV5Jlhp8yH49hvsCZvxiVqo9r3sILtxPD-LCPFg6tLdWKDMbXZhVj7ack2PGwIqbqfTCsRsSOH8AlFwBwbyiFRvSFCynjzSlgA==&bag=swAVj_Luz32YL8YvR76FKWDjRWXxRI4D&ruid=4b6760ab-bcfb-4710-afd3-c4307694ba0d&subid=620295354350309376
139.45.197.242302 Found 0 B URL HTTP/2 arsnivyr.com/121?rnd=2146411656&z=5493119&b=13251580&c=5652603&var=&d=https%3A%2F%2Fasian-movies-online.com%2F%3Fpa%3DPR7O624C2E%3Fclickid%3D620295354350309376&cln={CELL_NUMBER}&btp=7&rb=IwgvbrXC2SHTdWBWkK0BcPoOgLkaPbCVAWYK5O3Wy1AnA6eNNkn5p3qtaaTf34NIwvBDgiFN2CpWkctoYdvG-rPIb3vnMpWxL4uVcV_eZCK5eRIfI2UDLtG7fIkhjCSDUtOt0UeaScGB2Aeowu7JfBhXbFLlBgfwPofo7RGO4jXjdoFZgt6gqAyWHXYJ-2-Jl7hld-cB1oPi2Tt_Fl1iKkDPS16pgAjCJDpMvXXgOfxgBOKt3nmf75ZzISFtx4JipI3kCsAgFxlfUyjs56I3kGqul-VfH_UgHrFxz_JiHqXVNBeKlvx6_mcZomEiYDO-Imk_AM0R1q7hdDjnjoIp6ncjGLJMWjeVrnb7cMJauFhINrx0N4dNlbYNI5iHrl4DbaSs-G4B3CdSsptin0NWN_nHCjT83QPYGXNBQZlR67yyr7kUuIYYtBVseIZYkAXvGbn_dB24ZcTh_0Z6OZdCllh81ZmYJFIcfGZ-ArEgWjY2nX9kq0zGGiitt6YpQg_6LbGVcyu76pW4ABHlIW938Qhs-3gNwbtLN_Q3G3jUZUxX8dE6o93uIDA2---wbArJqG2zbXVHFwvkKqUIMYBB4HFbpJMWLBITU_S9gqP9z-02AKH0OSGxxHS97UH3VpfJuCx6su9e8gpwWliD4T06Qd2A-LAHhFcFLaxER1UzB-GOaAb_Z41NQnyWgWin9HIHlIhXh0LePR2jNGslK1n3HacGAwvOtVnlyBq6GG4EqR3BwKeUzAxdV4ttqSjCYPnEIKl-IV5Jlhp8yH49hvsCZvxiVqo9r3sILtxPD-LCPFg6tLdWKDMbXZhVj7ack2PGwIqbqfTCsRsSOH8AlFwBwbyiFRvSFCynjzSlgA==&bag=swAVj_Luz32YL8YvR76FKWDjRWXxRI4D&ruid=4b6760ab-bcfb-4710-afd3-c4307694ba0d&subid=620295354350309376
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /121?rnd=2146411656&z=5493119&b=13251580&c=5652603&var=&d=https%3A%2F%2Fasian-movies-online.com%2F%3Fpa%3DPR7O624C2E%3Fclickid%3D620295354350309376&cln={CELL_NUMBER}&btp=7&rb=IwgvbrXC2SHTdWBWkK0BcPoOgLkaPbCVAWYK5O3Wy1AnA6eNNkn5p3qtaaTf34NIwvBDgiFN2CpWkctoYdvG-rPIb3vnMpWxL4uVcV_eZCK5eRIfI2UDLtG7fIkhjCSDUtOt0UeaScGB2Aeowu7JfBhXbFLlBgfwPofo7RGO4jXjdoFZgt6gqAyWHXYJ-2-Jl7hld-cB1oPi2Tt_Fl1iKkDPS16pgAjCJDpMvXXgOfxgBOKt3nmf75ZzISFtx4JipI3kCsAgFxlfUyjs56I3kGqul-VfH_UgHrFxz_JiHqXVNBeKlvx6_mcZomEiYDO-Imk_AM0R1q7hdDjnjoIp6ncjGLJMWjeVrnb7cMJauFhINrx0N4dNlbYNI5iHrl4DbaSs-G4B3CdSsptin0NWN_nHCjT83QPYGXNBQZlR67yyr7kUuIYYtBVseIZYkAXvGbn_dB24ZcTh_0Z6OZdCllh81ZmYJFIcfGZ-ArEgWjY2nX9kq0zGGiitt6YpQg_6LbGVcyu76pW4ABHlIW938Qhs-3gNwbtLN_Q3G3jUZUxX8dE6o93uIDA2---wbArJqG2zbXVHFwvkKqUIMYBB4HFbpJMWLBITU_S9gqP9z-02AKH0OSGxxHS97UH3VpfJuCx6su9e8gpwWliD4T06Qd2A-LAHhFcFLaxER1UzB-GOaAb_Z41NQnyWgWin9HIHlIhXh0LePR2jNGslK1n3HacGAwvOtVnlyBq6GG4EqR3BwKeUzAxdV4ttqSjCYPnEIKl-IV5Jlhp8yH49hvsCZvxiVqo9r3sILtxPD-LCPFg6tLdWKDMbXZhVj7ack2PGwIqbqfTCsRsSOH8AlFwBwbyiFRvSFCynjzSlgA==&bag=swAVj_Luz32YL8YvR76FKWDjRWXxRI4D&ruid=4b6760ab-bcfb-4710-afd3-c4307694ba0d&subid=620295354350309376 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: scm=1; OAID=7a4cba7df116406aa2569040c00b7260; oaidts=1669453453; oaidvc=1; CNT=1_v1_B0jsAAEAAAB6SwAA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
content-length: 0
location: https://asian-movies-online.com/?pa=PR7O624C2E?clickid=620295354350309376
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: b2f7a7bc719816dc53aa471cea8790e5
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f5318cc-4728-4160-afd1-9d20b79b7de9.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f5318cc-4728-4160-afd1-9d20b79b7de9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3b1c6878914466cfece680fa7cb73502
47fac81a2dd809df5c42ca1362f71d553572d2b1
6458883dfa2bdfd483e92e5f847a229508ef00ce1dbd11f49eec369d0bd3160a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f5318cc-4728-4160-afd1-9d20b79b7de9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9914
x-amzn-requestid: 4db4ed29-20b4-4ca7-8835-2463d0989d5b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVFHQYIAMFc4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135b9-613da006118724124e345b29;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qKxrYxVsJWOXAbrn6IpwLycF3rknFLkQeDyKOLq5WyflvTLeUjg_Lg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:18:42 GMT
age: 38733
etag: "47fac81a2dd809df5c42ca1362f71d553572d2b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
arsnivyr.com/11?rnd=41669783&z=5493119&b=13251580&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=IwgvbrXC2SHTdWBWkK0BcPoOgLkaPbCVAWYK5O3Wy1AnA6eNNkn5p3qtaaTf34NIwvBDgiFN2CpWkctoYdvG-rPIb3vnMpWxL4uVcV_eZCK5eRIfI2UDLtG7fIkhjCSDUtOt0UeaScGB2Aeowu7JfBhXbFLlBgfwPofo7RGO4jXjdoFZgt6gqAyWHXYJ-2-Jl7hld-cB1oPi2Tt_Fl1iKkDPS16pgAjCJDpMvXXgOfxgBOKt3nmf75ZzISFtx4JipI3kCsAgFxlfUyjs56I3kGqul-VfH_UgHrFxz_JiHqXVNBeKlvx6_mcZomEiYDO-Imk_AM0R1q7hdDjnjoIp6ncjGLJMWjeVrnb7cMJauFhINrx0N4dNlbYNI5iHrl4DbaSs-G4B3CdSsptin0NWN_nHCjT83QPYGXNBQZlR67yyr7kUuIYYtBVseIZYkAXvGbn_dB24ZcTh_0Z6OZdCllh81ZmYJFIcfGZ-ArEgWjY2nX9kq0zGGiitt6YpQg_6LbGVcyu76pW4ABHlIW938Qhs-3gNwbtLN_Q3G3jUZUxX8dE6o93uIDA2---wbArJqG2zbXVHFwvkKqUIMYBB4HFbpJMWLBITU_S9gqP9z-02AKH0OSGxxHS97UH3VpfJuCx6su9e8gpwWliD4T06Qd2A-LAHhFcFLaxER1UzB-GOaAb_Z41NQnyWgWin9HIHlIhXh0LePR2jNGslK1n3HacGAwvOtVnlyBq6GG4EqR3BwKeUzAxdV4ttqSjCYPnEIKl-IV5Jlhp8yH49hvsCZvxiVqo9r3sILtxPD-LCPFg6tLdWKDMbXZhVj7ack2PGwIqbqfTCsRsSOH8AlFwBwbyiFRvSFCynjzSlgA==&ruid=4b6760ab-bcfb-4710-afd3-c4307694ba0d&subid=620295354350309376&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&ot=311
139.45.197.242200 OK 0 B URL HTTP/2 arsnivyr.com/11?rnd=41669783&z=5493119&b=13251580&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=IwgvbrXC2SHTdWBWkK0BcPoOgLkaPbCVAWYK5O3Wy1AnA6eNNkn5p3qtaaTf34NIwvBDgiFN2CpWkctoYdvG-rPIb3vnMpWxL4uVcV_eZCK5eRIfI2UDLtG7fIkhjCSDUtOt0UeaScGB2Aeowu7JfBhXbFLlBgfwPofo7RGO4jXjdoFZgt6gqAyWHXYJ-2-Jl7hld-cB1oPi2Tt_Fl1iKkDPS16pgAjCJDpMvXXgOfxgBOKt3nmf75ZzISFtx4JipI3kCsAgFxlfUyjs56I3kGqul-VfH_UgHrFxz_JiHqXVNBeKlvx6_mcZomEiYDO-Imk_AM0R1q7hdDjnjoIp6ncjGLJMWjeVrnb7cMJauFhINrx0N4dNlbYNI5iHrl4DbaSs-G4B3CdSsptin0NWN_nHCjT83QPYGXNBQZlR67yyr7kUuIYYtBVseIZYkAXvGbn_dB24ZcTh_0Z6OZdCllh81ZmYJFIcfGZ-ArEgWjY2nX9kq0zGGiitt6YpQg_6LbGVcyu76pW4ABHlIW938Qhs-3gNwbtLN_Q3G3jUZUxX8dE6o93uIDA2---wbArJqG2zbXVHFwvkKqUIMYBB4HFbpJMWLBITU_S9gqP9z-02AKH0OSGxxHS97UH3VpfJuCx6su9e8gpwWliD4T06Qd2A-LAHhFcFLaxER1UzB-GOaAb_Z41NQnyWgWin9HIHlIhXh0LePR2jNGslK1n3HacGAwvOtVnlyBq6GG4EqR3BwKeUzAxdV4ttqSjCYPnEIKl-IV5Jlhp8yH49hvsCZvxiVqo9r3sILtxPD-LCPFg6tLdWKDMbXZhVj7ack2PGwIqbqfTCsRsSOH8AlFwBwbyiFRvSFCynjzSlgA==&ruid=4b6760ab-bcfb-4710-afd3-c4307694ba0d&subid=620295354350309376&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&ot=311
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=41669783&z=5493119&b=13251580&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=IwgvbrXC2SHTdWBWkK0BcPoOgLkaPbCVAWYK5O3Wy1AnA6eNNkn5p3qtaaTf34NIwvBDgiFN2CpWkctoYdvG-rPIb3vnMpWxL4uVcV_eZCK5eRIfI2UDLtG7fIkhjCSDUtOt0UeaScGB2Aeowu7JfBhXbFLlBgfwPofo7RGO4jXjdoFZgt6gqAyWHXYJ-2-Jl7hld-cB1oPi2Tt_Fl1iKkDPS16pgAjCJDpMvXXgOfxgBOKt3nmf75ZzISFtx4JipI3kCsAgFxlfUyjs56I3kGqul-VfH_UgHrFxz_JiHqXVNBeKlvx6_mcZomEiYDO-Imk_AM0R1q7hdDjnjoIp6ncjGLJMWjeVrnb7cMJauFhINrx0N4dNlbYNI5iHrl4DbaSs-G4B3CdSsptin0NWN_nHCjT83QPYGXNBQZlR67yyr7kUuIYYtBVseIZYkAXvGbn_dB24ZcTh_0Z6OZdCllh81ZmYJFIcfGZ-ArEgWjY2nX9kq0zGGiitt6YpQg_6LbGVcyu76pW4ABHlIW938Qhs-3gNwbtLN_Q3G3jUZUxX8dE6o93uIDA2---wbArJqG2zbXVHFwvkKqUIMYBB4HFbpJMWLBITU_S9gqP9z-02AKH0OSGxxHS97UH3VpfJuCx6su9e8gpwWliD4T06Qd2A-LAHhFcFLaxER1UzB-GOaAb_Z41NQnyWgWin9HIHlIhXh0LePR2jNGslK1n3HacGAwvOtVnlyBq6GG4EqR3BwKeUzAxdV4ttqSjCYPnEIKl-IV5Jlhp8yH49hvsCZvxiVqo9r3sILtxPD-LCPFg6tLdWKDMbXZhVj7ack2PGwIqbqfTCsRsSOH8AlFwBwbyiFRvSFCynjzSlgA==&ruid=4b6760ab-bcfb-4710-afd3-c4307694ba0d&subid=620295354350309376&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&ot=311 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.zoomnews1.com
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Cookie: scm=1; OAID=7a4cba7df116406aa2569040c00b7260; oaidts=1669453453; oaidvc=1; CNT=1_v1_B0jsAAEAAAB6SwAA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 4dcf1afe8304f9ac448ce81be54e3ecd
access-control-expose-headers: X-Sc
set-cookie: OAID=7a4cba7df116406aa2569040c00b7260; expires=Sun, 26 Nov 2023 09:04:15 GMT; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:15 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a783df85f30f9c555f9df6b99f61744d
61f9bed607e81606be78285596acdc5e0e4f4994
19db42201d0fa059f680d890ede6683c04e893e6308a2256d0203f826a7f34de
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3502
x-amzn-requestid: ca3f2610-e03c-48a7-abb3-fbbab76f63d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYUHO5IAMFqDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-7e36137711dc4668278c1c94;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SRN-oOfa8Z0mQZFYkWAv32XFiXChfGjfwZkfWz-IzHubwrKgzwoTxQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 03:55:38 GMT
age: 18517
etag: "61f9bed607e81606be78285596acdc5e0e4f4994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 02:19:43 GMT
age: 24272
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88ca6be9-2485-4243-a3fe-1e61449736dd.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88ca6be9-2485-4243-a3fe-1e61449736dd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 801dd70f0c591086062e2a9054f78efc
6a2f4d4bfec41d16fa84b0a9b0b13f7dcff2be3d
ba28f27ea906aaa6db1fbdca53ecbd4366b99d2696fb888e47b731e21c0f82da
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88ca6be9-2485-4243-a3fe-1e61449736dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6431
x-amzn-requestid: 0daa58b7-3fd8-463f-85f5-6f84fdb17661
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVOBEpEIAMF87A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381358c-3f8b9c18598ba2532518668d;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: FyVMZKsBMppWLcVlLTcWdr_HSifdSnU2IuE3dLHqFD9EgSEZSue5AA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:52:00 GMT
age: 40335
etag: "6a2f4d4bfec41d16fa84b0a9b0b13f7dcff2be3d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
arsnivyr.com/11?rnd=156777889&z=5493119&b=15540606&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=tZG8gfF2v3cQlHVLRlLezwstc0FIyJ0wsYg3oxFlx8EI4uKUMy__oQ6jZ4okynE1JNLXoipQmttXXdwDZKoMrSHxG42LhShJitwor2O8Y0DtQtoCeqYSGCh3iBv-96E33oA2Lubgd4bcvs7669Y_qZ5rhmbzi81n27A9dninZfjWLKsiq5UWsbtG8BK5W2IYIeIOPeEAJ7jB-8FTIUcZ074a6Lt9Kr72z9mB8TIW4JYaxbajYkz6KdUg6dJV9mgLjg_4I5Zh9LkApkM-1IxLFrRXkrROO8ftNqs-w_aXWqKX-LXAxHnHwYMQV2WMbluS5aeo9d4GjHHoiuZ8jf7aKSLGdRegkyJZyIAQOxDpQ-UaavFuecpSdi-a_O88cDajbBfkweqmwPSyczYNkfhMGP-LQuZLg42VeQEtiNB6En08hnaFL1e8v1t86F8PMHl6YOxoBqQGJRGqGxYFG_FCjw7JBhKnR6YNW5Ot5TXpYcFyEqt3Ik1mSSkCuJpKvwwiAO1MnoumBLtanObOdchH9SI-ui6TqzcG23dK2AhWSvoI9JiDAiLkqYvcDfEAVfpaWqYsUnTnzeaLpmbg9PCfkALZk8snINvye76PLK9BG3CDp6KUFCsxPz7zTRpTkBeZ-iLsE-zlL4Ru9ODKwTlikcY-OA2yU4n5Q5GcrSwgmAlLLHKm31UbMv2dyc6ORtdcjvuX-EMFCfDWMJxYOESLGJ7eZorFhKsJcC3KYasVsBxJ-6dL_Kwf-yA0pNySBb3v7keisGmXpxrKdYcyPYF_qaBvTPll4nJgUF3s1aQ45Pm1x73O96tsupkugJCCjgY0raK0O7twhRd21KGYrKht-T8883m9LcO_trnoIg==&ruid=dcf332f0-5790-4789-8f27-0b70048e53a0&subid=620295354379677697&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&ot=327
139.45.197.242200 OK 0 B URL HTTP/2 arsnivyr.com/11?rnd=156777889&z=5493119&b=15540606&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=tZG8gfF2v3cQlHVLRlLezwstc0FIyJ0wsYg3oxFlx8EI4uKUMy__oQ6jZ4okynE1JNLXoipQmttXXdwDZKoMrSHxG42LhShJitwor2O8Y0DtQtoCeqYSGCh3iBv-96E33oA2Lubgd4bcvs7669Y_qZ5rhmbzi81n27A9dninZfjWLKsiq5UWsbtG8BK5W2IYIeIOPeEAJ7jB-8FTIUcZ074a6Lt9Kr72z9mB8TIW4JYaxbajYkz6KdUg6dJV9mgLjg_4I5Zh9LkApkM-1IxLFrRXkrROO8ftNqs-w_aXWqKX-LXAxHnHwYMQV2WMbluS5aeo9d4GjHHoiuZ8jf7aKSLGdRegkyJZyIAQOxDpQ-UaavFuecpSdi-a_O88cDajbBfkweqmwPSyczYNkfhMGP-LQuZLg42VeQEtiNB6En08hnaFL1e8v1t86F8PMHl6YOxoBqQGJRGqGxYFG_FCjw7JBhKnR6YNW5Ot5TXpYcFyEqt3Ik1mSSkCuJpKvwwiAO1MnoumBLtanObOdchH9SI-ui6TqzcG23dK2AhWSvoI9JiDAiLkqYvcDfEAVfpaWqYsUnTnzeaLpmbg9PCfkALZk8snINvye76PLK9BG3CDp6KUFCsxPz7zTRpTkBeZ-iLsE-zlL4Ru9ODKwTlikcY-OA2yU4n5Q5GcrSwgmAlLLHKm31UbMv2dyc6ORtdcjvuX-EMFCfDWMJxYOESLGJ7eZorFhKsJcC3KYasVsBxJ-6dL_Kwf-yA0pNySBb3v7keisGmXpxrKdYcyPYF_qaBvTPll4nJgUF3s1aQ45Pm1x73O96tsupkugJCCjgY0raK0O7twhRd21KGYrKht-T8883m9LcO_trnoIg==&ruid=dcf332f0-5790-4789-8f27-0b70048e53a0&subid=620295354379677697&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&ot=327
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=156777889&z=5493119&b=15540606&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=tZG8gfF2v3cQlHVLRlLezwstc0FIyJ0wsYg3oxFlx8EI4uKUMy__oQ6jZ4okynE1JNLXoipQmttXXdwDZKoMrSHxG42LhShJitwor2O8Y0DtQtoCeqYSGCh3iBv-96E33oA2Lubgd4bcvs7669Y_qZ5rhmbzi81n27A9dninZfjWLKsiq5UWsbtG8BK5W2IYIeIOPeEAJ7jB-8FTIUcZ074a6Lt9Kr72z9mB8TIW4JYaxbajYkz6KdUg6dJV9mgLjg_4I5Zh9LkApkM-1IxLFrRXkrROO8ftNqs-w_aXWqKX-LXAxHnHwYMQV2WMbluS5aeo9d4GjHHoiuZ8jf7aKSLGdRegkyJZyIAQOxDpQ-UaavFuecpSdi-a_O88cDajbBfkweqmwPSyczYNkfhMGP-LQuZLg42VeQEtiNB6En08hnaFL1e8v1t86F8PMHl6YOxoBqQGJRGqGxYFG_FCjw7JBhKnR6YNW5Ot5TXpYcFyEqt3Ik1mSSkCuJpKvwwiAO1MnoumBLtanObOdchH9SI-ui6TqzcG23dK2AhWSvoI9JiDAiLkqYvcDfEAVfpaWqYsUnTnzeaLpmbg9PCfkALZk8snINvye76PLK9BG3CDp6KUFCsxPz7zTRpTkBeZ-iLsE-zlL4Ru9ODKwTlikcY-OA2yU4n5Q5GcrSwgmAlLLHKm31UbMv2dyc6ORtdcjvuX-EMFCfDWMJxYOESLGJ7eZorFhKsJcC3KYasVsBxJ-6dL_Kwf-yA0pNySBb3v7keisGmXpxrKdYcyPYF_qaBvTPll4nJgUF3s1aQ45Pm1x73O96tsupkugJCCjgY0raK0O7twhRd21KGYrKht-T8883m9LcO_trnoIg==&ruid=dcf332f0-5790-4789-8f27-0b70048e53a0&subid=620295354379677697&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&ot=327 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.zoomnews1.com
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Cookie: scm=1; OAID=7a4cba7df116406aa2569040c00b7260; oaidts=1669453453; oaidvc=1; CNT=1_v1_B0jsAAEAAAB6SwAA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: c060e835d55dc941248beec6cc1fc3b3
access-control-expose-headers: X-Sc
set-cookie: OAID=7a4cba7df116406aa2569040c00b7260; expires=Sun, 26 Nov 2023 09:04:15 GMT; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:15 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
arsnivyr.com/121?rnd=2638552170&z=5493119&b=15540606&c=6274858&var=&d=https%3A%2F%2Fb6f71hwqomrafu683pz507uj2g.hop.clickbank.net%2F%3Ftid%3Dgo1%26clickid%3D620295354379677697&cln={CELL_NUMBER}&btp=7&rb=tZG8gfF2v3cQlHVLRlLezwstc0FIyJ0wsYg3oxFlx8EI4uKUMy__oQ6jZ4okynE1JNLXoipQmttXXdwDZKoMrSHxG42LhShJitwor2O8Y0DtQtoCeqYSGCh3iBv-96E33oA2Lubgd4bcvs7669Y_qZ5rhmbzi81n27A9dninZfjWLKsiq5UWsbtG8BK5W2IYIeIOPeEAJ7jB-8FTIUcZ074a6Lt9Kr72z9mB8TIW4JYaxbajYkz6KdUg6dJV9mgLjg_4I5Zh9LkApkM-1IxLFrRXkrROO8ftNqs-w_aXWqKX-LXAxHnHwYMQV2WMbluS5aeo9d4GjHHoiuZ8jf7aKSLGdRegkyJZyIAQOxDpQ-UaavFuecpSdi-a_O88cDajbBfkweqmwPSyczYNkfhMGP-LQuZLg42VeQEtiNB6En08hnaFL1e8v1t86F8PMHl6YOxoBqQGJRGqGxYFG_FCjw7JBhKnR6YNW5Ot5TXpYcFyEqt3Ik1mSSkCuJpKvwwiAO1MnoumBLtanObOdchH9SI-ui6TqzcG23dK2AhWSvoI9JiDAiLkqYvcDfEAVfpaWqYsUnTnzeaLpmbg9PCfkALZk8snINvye76PLK9BG3CDp6KUFCsxPz7zTRpTkBeZ-iLsE-zlL4Ru9ODKwTlikcY-OA2yU4n5Q5GcrSwgmAlLLHKm31UbMv2dyc6ORtdcjvuX-EMFCfDWMJxYOESLGJ7eZorFhKsJcC3KYasVsBxJ-6dL_Kwf-yA0pNySBb3v7keisGmXpxrKdYcyPYF_qaBvTPll4nJgUF3s1aQ45Pm1x73O96tsupkugJCCjgY0raK0O7twhRd21KGYrKht-T8883m9LcO_trnoIg==&bag=rqqn3D9rcHlPh6WEqLdeR262lSM8W2t8&ruid=dcf332f0-5790-4789-8f27-0b70048e53a0&subid=620295354379677697
139.45.197.242302 Found 0 B URL HTTP/2 arsnivyr.com/121?rnd=2638552170&z=5493119&b=15540606&c=6274858&var=&d=https%3A%2F%2Fb6f71hwqomrafu683pz507uj2g.hop.clickbank.net%2F%3Ftid%3Dgo1%26clickid%3D620295354379677697&cln={CELL_NUMBER}&btp=7&rb=tZG8gfF2v3cQlHVLRlLezwstc0FIyJ0wsYg3oxFlx8EI4uKUMy__oQ6jZ4okynE1JNLXoipQmttXXdwDZKoMrSHxG42LhShJitwor2O8Y0DtQtoCeqYSGCh3iBv-96E33oA2Lubgd4bcvs7669Y_qZ5rhmbzi81n27A9dninZfjWLKsiq5UWsbtG8BK5W2IYIeIOPeEAJ7jB-8FTIUcZ074a6Lt9Kr72z9mB8TIW4JYaxbajYkz6KdUg6dJV9mgLjg_4I5Zh9LkApkM-1IxLFrRXkrROO8ftNqs-w_aXWqKX-LXAxHnHwYMQV2WMbluS5aeo9d4GjHHoiuZ8jf7aKSLGdRegkyJZyIAQOxDpQ-UaavFuecpSdi-a_O88cDajbBfkweqmwPSyczYNkfhMGP-LQuZLg42VeQEtiNB6En08hnaFL1e8v1t86F8PMHl6YOxoBqQGJRGqGxYFG_FCjw7JBhKnR6YNW5Ot5TXpYcFyEqt3Ik1mSSkCuJpKvwwiAO1MnoumBLtanObOdchH9SI-ui6TqzcG23dK2AhWSvoI9JiDAiLkqYvcDfEAVfpaWqYsUnTnzeaLpmbg9PCfkALZk8snINvye76PLK9BG3CDp6KUFCsxPz7zTRpTkBeZ-iLsE-zlL4Ru9ODKwTlikcY-OA2yU4n5Q5GcrSwgmAlLLHKm31UbMv2dyc6ORtdcjvuX-EMFCfDWMJxYOESLGJ7eZorFhKsJcC3KYasVsBxJ-6dL_Kwf-yA0pNySBb3v7keisGmXpxrKdYcyPYF_qaBvTPll4nJgUF3s1aQ45Pm1x73O96tsupkugJCCjgY0raK0O7twhRd21KGYrKht-T8883m9LcO_trnoIg==&bag=rqqn3D9rcHlPh6WEqLdeR262lSM8W2t8&ruid=dcf332f0-5790-4789-8f27-0b70048e53a0&subid=620295354379677697
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /121?rnd=2638552170&z=5493119&b=15540606&c=6274858&var=&d=https%3A%2F%2Fb6f71hwqomrafu683pz507uj2g.hop.clickbank.net%2F%3Ftid%3Dgo1%26clickid%3D620295354379677697&cln={CELL_NUMBER}&btp=7&rb=tZG8gfF2v3cQlHVLRlLezwstc0FIyJ0wsYg3oxFlx8EI4uKUMy__oQ6jZ4okynE1JNLXoipQmttXXdwDZKoMrSHxG42LhShJitwor2O8Y0DtQtoCeqYSGCh3iBv-96E33oA2Lubgd4bcvs7669Y_qZ5rhmbzi81n27A9dninZfjWLKsiq5UWsbtG8BK5W2IYIeIOPeEAJ7jB-8FTIUcZ074a6Lt9Kr72z9mB8TIW4JYaxbajYkz6KdUg6dJV9mgLjg_4I5Zh9LkApkM-1IxLFrRXkrROO8ftNqs-w_aXWqKX-LXAxHnHwYMQV2WMbluS5aeo9d4GjHHoiuZ8jf7aKSLGdRegkyJZyIAQOxDpQ-UaavFuecpSdi-a_O88cDajbBfkweqmwPSyczYNkfhMGP-LQuZLg42VeQEtiNB6En08hnaFL1e8v1t86F8PMHl6YOxoBqQGJRGqGxYFG_FCjw7JBhKnR6YNW5Ot5TXpYcFyEqt3Ik1mSSkCuJpKvwwiAO1MnoumBLtanObOdchH9SI-ui6TqzcG23dK2AhWSvoI9JiDAiLkqYvcDfEAVfpaWqYsUnTnzeaLpmbg9PCfkALZk8snINvye76PLK9BG3CDp6KUFCsxPz7zTRpTkBeZ-iLsE-zlL4Ru9ODKwTlikcY-OA2yU4n5Q5GcrSwgmAlLLHKm31UbMv2dyc6ORtdcjvuX-EMFCfDWMJxYOESLGJ7eZorFhKsJcC3KYasVsBxJ-6dL_Kwf-yA0pNySBb3v7keisGmXpxrKdYcyPYF_qaBvTPll4nJgUF3s1aQ45Pm1x73O96tsupkugJCCjgY0raK0O7twhRd21KGYrKht-T8883m9LcO_trnoIg==&bag=rqqn3D9rcHlPh6WEqLdeR262lSM8W2t8&ruid=dcf332f0-5790-4789-8f27-0b70048e53a0&subid=620295354379677697 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: scm=1; OAID=7a4cba7df116406aa2569040c00b7260; oaidts=1669453453; oaidvc=1; CNT=1_v1_B0jsAAEAAAB6SwAA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
content-length: 0
location: https://b6f71hwqomrafu683pz507uj2g.hop.clickbank.net/?tid=go1&clickid=620295354379677697
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: f1176349f40b38f9126f9939d387b1a4
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
www.zoomnews1.com/sw.js
142.250.74.179404 Not Found 106 kB IP 142.250.74.179:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (11669)
Size 106 kB (106049 bytes)
Hash 7dd9cb1d4198cf2942a957c73b006088
27ca8e4b5e0848a22e0db6c3e4ad340db19ec971
546ee4588499228f4a4725013869e62943bc5c20c3567105e61ea1a98348a41a
GET /sw.js HTTP/1.1
Host: www.zoomnews1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.zoomnews1.com/2022/11/2022.html?m=1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 26 Nov 2022 09:04:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 106049
server: GSE
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5844fa98f22b90ce1c89857f6156ece9
295c447aa533046ce0c6aeda4deee0d117bd63de
d6b967fa46c8918f9c2ddc8fea7090e095bce3d0f3ddd5fb6dd6fc262850f0f2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D6B967FA46C8918F9C2DDC8FEA7090E095BCE3D0F3DDD5FB6DD6FC262850F0F2"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17088
Expires: Sat, 26 Nov 2022 13:49:03 GMT
Date: Sat, 26 Nov 2022 09:04:15 GMT
Connection: keep-alive
interstitial-07.com/contents/s/b3/f6/f1/b5df954598f7bc8916af3f9c8f/0856949380779.png
139.45.197.155200 OK 39 kB URL HTTP/2 interstitial-07.com/contents/s/b3/f6/f1/b5df954598f7bc8916af3f9c8f/0856949380779.png
IP 139.45.197.155:0
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash b3f6f1b5df954598f7bc8916af3f9c8f
1d4b7f5f40e1fa8c9811532082870f82dcc954ed
bacbe8e9cc313cad0c29bfb06669fd8cdb25c7e3167c952dbe2e4b0956279d9f
GET /contents/s/b3/f6/f1/b5df954598f7bc8916af3f9c8f/0856949380779.png HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=Q8m1zw0DFUIrvfv&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D523227711%26z%3D5493119%26b%3D15699230%26c%3D6316018%26var%3D%26d%3Dhttps%253A%252F%252Fwww.bybit.com%252Fen-US%252Fregister%253Faffiliate_id%253D46217%2526group_id%253D0%2526group_type%253D1%26cln%3D1%26btp%3D7%26rb%3DUcvWXM3bwAF7G2mgs5p36td8Cu-OPkBqJgXcIKqMxyNt8AtF_IvjqjcYgLG7ko22_mdGHLZfsu6y7xBHjPs4Lhm_QJbYG0v8eEnd_g-YO08xxNzXn_an2_C2pevkYLY5w7zABW3-eZjV9iDQNbIpPI1_Zgby9qQDtQAa8Gl4bPJqGiaO3cjt28_XPZIY3CGOgtsYaKcI8SeWDvmiqXh9S-8ktjljGMzWp3CCb107hjRH6ygba_ZT095w2ZbSK02dQTdV657QUX1DjhMfwk1mZS-GU_w7Xpy22BT-R4A0uz0JWEk9wGtPrh0u0z9eXZwNfd7ebe353wkRMYEE3zHpYF-a40tNRvfCVw7VYWefRNsYQA9cI0c-StlHDOyzKKF-Kw9EkOaHST5uVR5104Ag9SE0TRNA4MIRDFtCAm5gX5XkwMUg2j5kgHbKdFGgn18OTdaC3ZA6zvR7UvJzUl4fZt7X7xnCoCy1x5r3zZgcrPeWXYwYy4yGslxRvP9oOS4yZ-cDN66eBYIeHHHm3YE5CbwrhR4Pq3Ol7W_ZrVrWgeACwnSqlwu9r19C2jHgVo0A8cgJ8TU_t-RDDOGuShcfkK4exZBInLtYzAqkRkkeqruxHyqjjaMTysvvRrPmFi0k1HLDZ06I5QfMJRsuIjOWRErSo_cgE4DwNtSrdK9pQWd3xlj71ExtSDQ6FfTOsfqOaITVcd6vbsxqQimkyog9bchRntyusu6nVathAtndcN4JwgEQ%26bag%3D2Vtk9xF_Ft9oNvl2qEPeRQ%3D%3D%26ruid%3D41506aaf-095f-4952-826e-4e95fd3ef3bc%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.zoomnews1.com%252F2022%252F11%252F2022.html%253Fm%253D1%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D4%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
content-type: image/png
content-length: 38625
last-modified: Fri, 11 Nov 2022 17:13:30 GMT
vary: Accept-Encoding
etag: "636e82ba-96e1"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4b27340c287e9d3e4c957aabc228b8c5
dc7593fbe317e9067e13b81d0a2ca92d388fcd31
d91927e98199753cc80ed16488468552b694147b7fe6a4a7d6d4bbd586dec968
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D91927E98199753CC80ED16488468552B694147B7FE6A4A7D6D4BBD586DEC968"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4565
Expires: Sat, 26 Nov 2022 10:20:20 GMT
Date: Sat, 26 Nov 2022 09:04:15 GMT
Connection: keep-alive
unphionetor.com/fv.js?t=72747&cb=326300375
139.45.197.236200 OK 2.2 kB URL HTTP/2 unphionetor.com/fv.js?t=72747&cb=326300375
IP 139.45.197.236:0
File type ASCII text, with very long lines (5213), with no line terminators
Hash 0254fb1dad74628b7ad0f97d304fac92
35f7af13a08eb87023ec7df4d3c35c21b2cde79d
47fb6ce428ca80ea69b772e4f66e4e5c622a4005db601746033d04511bd27536
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=72747&cb=326300375 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: fe40a79c90cf23ff84da2d36bc28dce4
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/2d/9e/b6/76e0506cb972be8f733670b56e/0608729096397.png
139.45.197.155200 OK 305 kB URL HTTP/2 interstitial-07.com/contents/s/2d/9e/b6/76e0506cb972be8f733670b56e/0608729096397.png
IP 139.45.197.155:0
File type PNG image data, 900 x 600, 8-bit/color RGBA, non-interlaced\012- data
Size 305 kB (304949 bytes)
Hash 2d9eb676e0506cb972be8f733670b56e
c57066b5d1d94149fd2f0366aa0c050d0e3a92ea
e1653da23a414e20d328695a1fbfcf347dd2392f9c5132652d9404ac7c372a2e
GET /contents/s/2d/9e/b6/76e0506cb972be8f733670b56e/0608729096397.png HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=Q8m1zw0DFUIrvfv&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D523227711%26z%3D5493119%26b%3D15699230%26c%3D6316018%26var%3D%26d%3Dhttps%253A%252F%252Fwww.bybit.com%252Fen-US%252Fregister%253Faffiliate_id%253D46217%2526group_id%253D0%2526group_type%253D1%26cln%3D1%26btp%3D7%26rb%3DUcvWXM3bwAF7G2mgs5p36td8Cu-OPkBqJgXcIKqMxyNt8AtF_IvjqjcYgLG7ko22_mdGHLZfsu6y7xBHjPs4Lhm_QJbYG0v8eEnd_g-YO08xxNzXn_an2_C2pevkYLY5w7zABW3-eZjV9iDQNbIpPI1_Zgby9qQDtQAa8Gl4bPJqGiaO3cjt28_XPZIY3CGOgtsYaKcI8SeWDvmiqXh9S-8ktjljGMzWp3CCb107hjRH6ygba_ZT095w2ZbSK02dQTdV657QUX1DjhMfwk1mZS-GU_w7Xpy22BT-R4A0uz0JWEk9wGtPrh0u0z9eXZwNfd7ebe353wkRMYEE3zHpYF-a40tNRvfCVw7VYWefRNsYQA9cI0c-StlHDOyzKKF-Kw9EkOaHST5uVR5104Ag9SE0TRNA4MIRDFtCAm5gX5XkwMUg2j5kgHbKdFGgn18OTdaC3ZA6zvR7UvJzUl4fZt7X7xnCoCy1x5r3zZgcrPeWXYwYy4yGslxRvP9oOS4yZ-cDN66eBYIeHHHm3YE5CbwrhR4Pq3Ol7W_ZrVrWgeACwnSqlwu9r19C2jHgVo0A8cgJ8TU_t-RDDOGuShcfkK4exZBInLtYzAqkRkkeqruxHyqjjaMTysvvRrPmFi0k1HLDZ06I5QfMJRsuIjOWRErSo_cgE4DwNtSrdK9pQWd3xlj71ExtSDQ6FfTOsfqOaITVcd6vbsxqQimkyog9bchRntyusu6nVathAtndcN4JwgEQ%26bag%3D2Vtk9xF_Ft9oNvl2qEPeRQ%3D%3D%26ruid%3D41506aaf-095f-4952-826e-4e95fd3ef3bc%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.zoomnews1.com%252F2022%252F11%252F2022.html%253Fm%253D1%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D4%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
content-type: image/png
content-length: 304949
last-modified: Fri, 11 Nov 2022 17:13:26 GMT
vary: Accept-Encoding
etag: "636e82b6-4a735"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/index_rt.html
144.217.67.42200 OK 1.5 kB URL HTTP/1.1 mediasama.com/starharem/01/s/index_rt.html
IP 144.217.67.42:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 30597b59f3cb1eadf603fcfb21952340
baca3a552764959edd4fc56947acc9a4f33822de
6ac92da5b37d94c53f231a18bb88be006ae20f1724a63151a97ed918d86cb25d
Analyzer Verdict Alert fortinet Phishing
GET /starharem/01/s/index_rt.html HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:15 GMT
Server: Apache
Last-Modified: Wed, 20 Jul 2022 09:11:51 GMT
ETag: "17a0-5e438fdce23c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1525
Content-Type: text/html
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: d0cb40b96237cd6c660ceb6636e759b2
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.74200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 06:32:03 GMT
expires: Thu, 23 Nov 2023 06:32:03 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 268332
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 94f5b4b3f987f2b817c568e62d3f69f9
6da3f123391e582e91df0122547c497faef97c7b
097d077958617672c574147caf1ed26ba7ca07d1f0b548eb8e2befbfb52b6b9c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "097D077958617672C574147CAF1ED26BA7CA07D1F0B548EB8E2BEFBFB52B6B9C"
Last-Modified: Thu, 24 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18860
Expires: Sat, 26 Nov 2022 14:18:35 GMT
Date: Sat, 26 Nov 2022 09:04:15 GMT
Connection: keep-alive
mediasama.com/starharem/01/s/index_rt.html
144.217.67.42200 OK 1.5 kB URL HTTP/1.1 mediasama.com/starharem/01/s/index_rt.html
IP 144.217.67.42:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 30597b59f3cb1eadf603fcfb21952340
baca3a552764959edd4fc56947acc9a4f33822de
6ac92da5b37d94c53f231a18bb88be006ae20f1724a63151a97ed918d86cb25d
Analyzer Verdict Alert fortinet Phishing
GET /starharem/01/s/index_rt.html HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:15 GMT
Server: Apache
Last-Modified: Wed, 20 Jul 2022 09:11:51 GMT
ETag: "17a0-5e438fdce23c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1525
Content-Type: text/html
mediasama.com/starharem/01/s/styles.css
144.217.67.42200 OK 2.4 kB URL HTTP/1.1 mediasama.com/starharem/01/s/styles.css
IP 144.217.67.42:0
File type ASCII text, with very long lines (420)
Hash 8e7117f5f47cb6cde0a8e8eb38b16dbb
617fd3f0d3f420ee1967a20fb0b0af4ac34eca03
794f8aa66b6afcf9b7d9bfe5952860436dcfee6bf82e4368af6bc838ce89be98
GET /starharem/01/s/styles.css HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:15 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:29 GMT
ETag: "2638-5dc0be6400e82-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2406
Content-Type: text/css
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash dd86f74f70857f4c57092a6969efa22f
523156349f85fd9110e7430985b86940d52e2756
3749606c88a4a7096c98073f459f16f6d8cdfde94a0ece5f8a97aafd98b3b348
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 26 Nov 2022 09:04:15 GMT
Etag: "63812ba2-1d7"
Last-Modified: Sat, 26 Nov 2022 08:44:02 GMT
Server: ECS (bsa/EB19)
X-Cache: Miss from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: qzmdnuDLpjjL6xn9JRP6JYIavpLasUj2yaHFFfp98xvBfCqT4nkFDA==
Age: 1213
mediasama.com/starharem/01/s/js/main.js
144.217.67.42200 OK 549 B URL HTTP/1.1 mediasama.com/starharem/01/s/js/main.js
IP 144.217.67.42:0
Hash d8fa8e233a4db9fbce0c20d9a57a06fe
2366b2969771aa164bfdca6b5baf916806f6758a
f496e19ead804367daa801860cd95a7ec6854965a7c5cf2c49dda71532c19932
Analyzer Verdict Alert fortinet Phishing
GET /starharem/01/s/js/main.js HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:15 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:50 GMT
ETag: "516-5dc0be78000b5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 549
Content-Type: application/javascript
fonts.gstatic.com/s/luckiestguy/v18/_gP_1RrxsjcxVyin9l9n_j2hTd52.woff2
216.58.207.195200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/luckiestguy/v18/_gP_1RrxsjcxVyin9l9n_j2hTd52.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 17360, version 1.0\012- data
Hash 70322c317b1f4e2e17dbc6b672f95f5f
f3dff7c50e1aea33814c6aeeca177ae3ff900bfc
3877b522181765adf66ba89bd68d288ecb9f2483b441baab3424646b0c7aaa0a
GET /s/luckiestguy/v18/_gP_1RrxsjcxVyin9l9n_j2hTd52.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mediasama.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17360
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 07:02:56 GMT
expires: Fri, 24 Nov 2023 07:02:56 GMT
cache-control: public, max-age=31536000
age: 180079
last-modified: Tue, 19 Apr 2022 18:58:03 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mediasama.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:53:49 GMT
expires: Thu, 23 Nov 2023 18:53:49 GMT
cache-control: public, max-age=31536000
age: 223826
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/index_rt.html
144.217.67.42200 OK 1.5 kB URL HTTP/1.1 mediasama.com/starharem/01/s/index_rt.html
IP 144.217.67.42:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 30597b59f3cb1eadf603fcfb21952340
baca3a552764959edd4fc56947acc9a4f33822de
6ac92da5b37d94c53f231a18bb88be006ae20f1724a63151a97ed918d86cb25d
Analyzer Verdict Alert fortinet Phishing
GET /starharem/01/s/index_rt.html HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:15 GMT
Server: Apache
Last-Modified: Wed, 20 Jul 2022 09:11:51 GMT
ETag: "17a0-5e438fdce23c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1525
Content-Type: text/html
asian-movies-online.com/?pa=PR7O624C2E?clickid=620295354350309376
190.124.47.74301 Moved Permanently 0 B URL HTTP/2 asian-movies-online.com/?pa=PR7O624C2E?clickid=620295354350309376
IP 190.124.47.74:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?pa=PR7O624C2E?clickid=620295354350309376 HTTP/1.1
Host: asian-movies-online.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
x-powered-by: PHP/7.4.16
content-type: text/html; charset=UTF-8
x-pingback: https://asian-movies-online.com/xmlrpc.php
set-cookie: pmpro_visit=1; path=/; secure; HttpOnly
expires: Sat, 26 Nov 2022 10:04:15 GMT
cache-control: max-age=3600
x-redirect-by: WordPress
location: https://asian-movies-online.com/?pa=PR7O624C2E%3Fclickid%3D620295354350309376
content-length: 0
date: Sat, 26 Nov 2022 09:04:15 GMT
server: LiteSpeed
vary: User-Agent,User-Agent
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
b6f71hwqomrafu683pz507uj2g.hop.clickbank.net/?tid=go1&clickid=620295354379677697
34.218.122.96307 Temporary Redirect 0 B URL HTTP/2 b6f71hwqomrafu683pz507uj2g.hop.clickbank.net/?tid=go1&clickid=620295354379677697
IP 34.218.122.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?tid=go1&clickid=620295354379677697 HTTP/1.1
Host: b6f71hwqomrafu683pz507uj2g.hop.clickbank.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Sat, 26 Nov 2022 09:04:15 GMT
content-length: 0
location: http://futmillionaire.com?hop=prsanko&clickid=620295354379677697
set-cookie: q=01.342D3DF63FBD6E8ED1239A7CEEECE04FC19512ABFAE422288BF552AB9E99E1CC2F9B35728894FEB0794C87AFFCB9272B8D57DB16; Path=/; Domain=.clickbank.net; Max-Age=31536000; Expires=Sun, 26 Nov 2023 09:04:15 GMT
p=Yuu9zTRUrFiPE39GYb-fnxFd8igxYisBhZ1MJD3nf72i4IRQxVjzpHjDUKwbmz7FnMcYmzbuBeS19mqWbeezGRZwl-jI4BYMvSy3L6T5wAoZHH0o8q8TQeSbjeSLbawN1u5kd_MPgDLcDbFqHTCvxRbFA0qpF2JQYUIZtxNE5XxSFOTNSuw7KktW_u9zra6F32TYqUHIV2TsWZUoSAdPsEyONGI%3D; Path=/; Domain=.clickbank.net; Max-Age=15552000; Expires=Thu, 25 May 2023 09:04:15 GMT
server-timing: traceparent;desc="00-8590922e23be3359909e95cb27dba8de-0fa226ffced0a4e4-01"
access-control-expose-headers: Server-Timing
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/audio/btn_1.mp3
144.217.67.42206 Partial Content 20 kB URL HTTP/1.1 mediasama.com/starharem/01/s/audio/btn_1.mp3
IP 144.217.67.42:0
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 192 kbps, 44.1 kHz, JntStereo\012- data
Hash d857acaef2cdf5ec88ea6128c1ceb7b3
5f67419243f34232a4da8cb1a1eaecfc192ff1a7
df83bc888086ae84b5d532a39023b0db17e8f3ccd3ffdcd6f35c8d4f39558d24
Analyzer Verdict Alert fortinet Phishing
GET /starharem/01/s/audio/btn_1.mp3 HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Date: Sat, 26 Nov 2022 09:04:15 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:31 GMT
ETag: "4f61-5dc0be65fcb81"
Accept-Ranges: bytes
Content-Length: 20321
Content-Range: bytes 0-20320/20321
Content-Type: audio/mpeg
mediasama.com/starharem/01/s/audio/btn_1.mp3
144.217.67.42206 Partial Content 20 kB URL HTTP/1.1 mediasama.com/starharem/01/s/audio/btn_1.mp3
IP 144.217.67.42:0
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 192 kbps, 44.1 kHz, JntStereo\012- data
Hash d857acaef2cdf5ec88ea6128c1ceb7b3
5f67419243f34232a4da8cb1a1eaecfc192ff1a7
df83bc888086ae84b5d532a39023b0db17e8f3ccd3ffdcd6f35c8d4f39558d24
Analyzer Verdict Alert fortinet Phishing
GET /starharem/01/s/audio/btn_1.mp3 HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Date: Sat, 26 Nov 2022 09:04:16 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:31 GMT
ETag: "4f61-5dc0be65fcb81"
Accept-Ranges: bytes
Content-Length: 20321
Content-Range: bytes 0-20320/20321
Content-Type: audio/mpeg
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 94f5b4b3f987f2b817c568e62d3f69f9
6da3f123391e582e91df0122547c497faef97c7b
097d077958617672c574147caf1ed26ba7ca07d1f0b548eb8e2befbfb52b6b9c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "097D077958617672C574147CAF1ED26BA7CA07D1F0B548EB8E2BEFBFB52B6B9C"
Last-Modified: Thu, 24 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18859
Expires: Sat, 26 Nov 2022 14:18:35 GMT
Date: Sat, 26 Nov 2022 09:04:16 GMT
Connection: keep-alive
mediasama.com/starharem/01/s/audio/btn_1.mp3
144.217.67.42206 Partial Content 20 kB URL HTTP/1.1 mediasama.com/starharem/01/s/audio/btn_1.mp3
IP 144.217.67.42:0
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 192 kbps, 44.1 kHz, JntStereo\012- data
Hash d857acaef2cdf5ec88ea6128c1ceb7b3
5f67419243f34232a4da8cb1a1eaecfc192ff1a7
df83bc888086ae84b5d532a39023b0db17e8f3ccd3ffdcd6f35c8d4f39558d24
Analyzer Verdict Alert fortinet Phishing
GET /starharem/01/s/audio/btn_1.mp3 HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Date: Sat, 26 Nov 2022 09:04:16 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:31 GMT
ETag: "4f61-5dc0be65fcb81"
Accept-Ranges: bytes
Content-Length: 20321
Content-Range: bytes 0-20320/20321
Content-Type: audio/mpeg
mediasama.com/starharem/01/s/img/2.jpg
144.217.67.42200 OK 369 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/2.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 369 kB (369239 bytes)
Hash b7d3bd4ae3d5f8477e040e6410517866
2b255c9583c47e5da4069d9c055d3430a0c1e03a
7bb68d5a9a92a500956397e156beb117a0ef605b6747800cacf9c9440b6fc7e4
GET /starharem/01/s/img/2.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:15 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:41 GMT
ETag: "5a257-5dc622e1424eb"
Accept-Ranges: bytes
Content-Length: 369239
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/7.jpg
144.217.67.42200 OK 327 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/7.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 327 kB (326553 bytes)
Hash c67c9fb0268eea7d188c4c9bc54a0bf4
216b83374ba6f011041b31dd381f22e99ea7a8c1
95ae6eba3fad2ff05cadc95b27fc79a198a9e873371ab5fb7bb97c1661cd4654
GET /starharem/01/s/img/7.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:16 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:45 GMT
ETag: "4fb99-5dc622e5033f2"
Accept-Ranges: bytes
Content-Length: 326553
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/1.jpg
144.217.67.42200 OK 398 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/1.jpg
IP 144.217.67.42:0
File type gzip compressed data, max compression\012- data
Size 398 kB (397761 bytes)
Hash 426e688f4ccc94a0ca7dd86b65a807de
b20226ad01f832724a09b3fb5ad720c7555379e6
5e28f31192ed17c9bcd62fb9d2bfc14d306886c1a0b463c1007015d54d459ce6
GET /starharem/01/s/img/1.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:15 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:39 GMT
ETag: "60f29-5dc622dfac0e8"
Accept-Ranges: bytes
Content-Length: 397097
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/3.jpg
144.217.67.42200 OK 375 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/3.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 375 kB (375159 bytes)
Hash 84c5f704120f28ad7bcde2ebab7442a0
fd2745300ba7ad59ff8044c7e9f76b1326ddd120
6227de9cf2198a85639d3808c134b85dc1e6a5ee5ee5709189c5e58d1b91b7c2
GET /starharem/01/s/img/3.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:15 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:41 GMT
ETag: "5b977-5dc622e17edac"
Accept-Ranges: bytes
Content-Length: 375159
Content-Type: image/jpeg
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e388353a642bc503beff27c23339e2b5
7849301df8cbfa3f9c019b1d4033b66e0f44c4bd
5e595e9ce96c6147c3ff79ebba0068ddb0d997237a671936cb05d9575c59a424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mediasama.com/starharem/01/s/img/9.jpg
144.217.67.42200 OK 342 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/9.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 342 kB (341673 bytes)
Hash a3a888cf217de9be2aa727dd1cc64757
b7bd361dfdceecfc5775d0ed32e5798abd271d5e
2fd4025336ad8a5edd704651a216cf6b9739089ad1c204bd1ea8e114d11770b9
GET /starharem/01/s/img/9.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:16 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:47 GMT
ETag: "536a9-5dc622e6fb276"
Accept-Ranges: bytes
Content-Length: 341673
Content-Type: image/jpeg
asian-movies-online.com/?pa=PR7O624C2E%3Fclickid%3D620295354350309376
190.124.47.74200 OK 99 kB URL HTTP/2 asian-movies-online.com/?pa=PR7O624C2E%3Fclickid%3D620295354350309376
IP 190.124.47.74:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10658)
Hash 864bdb66558c96140fee6e62cfd5bbcc
6a3c75ed1d87f606aaca6ae3bf553c21e6efdf99
ed70ed1144b7a410c60a08c4ab8e0898472e018ad3d3cf91aca410d5bcfac85a
GET /?pa=PR7O624C2E%3Fclickid%3D620295354350309376 HTTP/1.1
Host: asian-movies-online.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-powered-by: PHP/7.4.16
content-type: text/html; charset=UTF-8
x-pingback: https://asian-movies-online.com/xmlrpc.php
set-cookie: pmpro_visit=1; path=/; secure; HttpOnly
link: <https://asian-movies-online.com/wp-json/>; rel="https://api.w.org/", <https://asian-movies-online.com/wp-json/wp/v2/pages/2>; rel="alternate"; type="application/json", <https://asian-movies-online.com/>; rel=shortlink
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
date: Sat, 26 Nov 2022 09:04:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/img/5.jpg
144.217.67.42200 OK 461 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/5.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 461 kB (461412 bytes)
Hash 42ad3cffde2e4081df94ded8a30a1dc5
7b064f0fcb96e5b5c498c0c03bcbb9ab15e999b0
be788428faee6157125228734e5510d4f49212766eff23a1a1b178e456f153d1
GET /starharem/01/s/img/5.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:16 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:43 GMT
ETag: "70a64-5dc622e35f52f"
Accept-Ranges: bytes
Content-Length: 461412
Content-Type: image/jpeg
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e388353a642bc503beff27c23339e2b5
7849301df8cbfa3f9c019b1d4033b66e0f44c4bd
5e595e9ce96c6147c3ff79ebba0068ddb0d997237a671936cb05d9575c59a424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mediasama.com/starharem/01/s/img/8.jpg
144.217.67.42200 OK 682 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/8.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 0-3584, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 211035008.000000\012- data
Size 682 kB (682050 bytes)
Hash cedcd46e956dee6a28f87198962b0477
7b38f1de654971e436983fb6a34a71540ba526c9
08c08ef6f1ed9da65259719bbcc97e9aec700d3b486a9f0a741cb5800be34db5
GET /starharem/01/s/img/8.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:16 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:47 GMT
ETag: "a6842-5dc622e757ed6"
Accept-Ranges: bytes
Content-Length: 682050
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/6.jpg
144.217.67.42200 OK 261 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/6.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 261 kB (261364 bytes)
Hash 4b7cf78d93f3f009f850bedb6829d7f6
cc55cad898df47a2f089946aee9398fea7fa2ae6
44d0a6f8e7f7fe0354c05417445137070431686d671c51e9f3d3869867f2448f
GET /starharem/01/s/img/6.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:16 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:44 GMT
ETag: "3fcf4-5dc622e471bd1"
Accept-Ranges: bytes
Content-Length: 261364
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/4.jpg
144.217.67.42200 OK 325 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/4.jpg
IP 144.217.67.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 325 kB (325446 bytes)
Hash ec18d276822ab5772f3458da7dbedfbc
f7a38f944aaba3e6b848f496bf4b8fee50b58161
da6b7082767f0ddffbec031c7f84b859c7a1f20624445bb26aa93895b75d7c09
GET /starharem/01/s/img/4.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:16 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:43 GMT
ETag: "4f746-5dc622e2da82e"
Accept-Ranges: bytes
Content-Length: 325446
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/11.jpg
144.217.67.42200 OK 403 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/11.jpg
IP 144.217.67.42:0
File type JPEG image data, baseline, precision 8, 1920x1080, components 3\012- data
Size 403 kB (402740 bytes)
Hash c10654a068f849e614885c983ac9ab02
8d69da78045560f1c2de7bafc47b2c8a12e86424
3a864743d27da3ef1cea10d293532f84f9d564a98b34afef2a8f4b380472dfc2
GET /starharem/01/s/img/11.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:16 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 09:18:06 GMT
ETag: "62534-5dc5d6c134c3d"
Accept-Ranges: bytes
Content-Length: 402740
Content-Type: image/jpeg
fonts.googleapis.com/css?family=Lobster
142.250.74.10200 OK 19 kB URL HTTP/2 fonts.googleapis.com/css?family=Lobster
IP 142.250.74.10:0
Hash 2d2d8c6d9e9132ee57ca189589b1a49e
a6608c9459c4f0efd02263d052c47034119cd31a
ae7ecbeda120092768ba84c28944b735a83ea7465221237c0438aa51cb8ba99c
GET /css?family=Lobster HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 26 Nov 2022 09:04:13 GMT
date: Sat, 26 Nov 2022 09:04:13 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Shadows+Into+Light
142.250.74.10200 OK 3.5 kB URL HTTP/2 fonts.googleapis.com/css?family=Shadows+Into+Light
IP 142.250.74.10:0
Hash fdd929bd931c02285a295b0c4b1d69b9
4a54019ba23488f63704ff13efe9a6c6ed537aaf
5a2c0d31a30bd55ed1dbf85b300072424c74f8a0a9a81882a9d0343034c65287
GET /css?family=Shadows+Into+Light HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 26 Nov 2022 09:04:13 GMT
date: Sat, 26 Nov 2022 09:04:13 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 407ca8387c360d434a53812c03688310
90e74fa4928adcf8ae410f2eea7956b6ae7f687b
5690f667c20ba6c6daf71668a7c02c6d50383b585521e6f3e7a0ddcf895358d3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1714
Cache-Control: max-age=160993
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:17 GMT
Etag: "6381a1c1-1d7"
Expires: Mon, 28 Nov 2022 05:47:30 GMT
Last-Modified: Sat, 26 Nov 2022 05:18:57 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/sdk.js
31.13.72.12200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (1957)
Hash de389206962dd9e2a6b93e023a0141f5
649be2a96a77044c559f11b7dd5089da51967f8e
989d555e7729d8433f1fc82002115397b2fb2e6e2c26605c0fc2ef61c7e599f7
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://asian-movies-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: bae186558c1ad60eb8a71f0474934256
etag: "d87bbf241e5caa41b780a3c528cd884a"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sat, 26 Nov 2022 09:21:28 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: 3jiSBpYt2eKmuT4COgFB9Q==
x-fb-debug: D2y/sw0pTVKuiHiWsGqf2ZmOKN4yYUJcdWdTPmTUPRg/tE40Tpitbb/xJ2lTvZVkDtAvKesr1w98PySJ9HNiwA==
priority: u=3,i
content-length: 1687
x-fb-trip-id: 1904183273
date: Sat, 26 Nov 2022 09:04:17 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 407ca8387c360d434a53812c03688310
90e74fa4928adcf8ae410f2eea7956b6ae7f687b
5690f667c20ba6c6daf71668a7c02c6d50383b585521e6f3e7a0ddcf895358d3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1714
Cache-Control: max-age=160993
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 09:04:17 GMT
Etag: "6381a1c1-1d7"
Expires: Mon, 28 Nov 2022 05:47:30 GMT
Last-Modified: Sat, 26 Nov 2022 05:18:57 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/sdk.js?hash=cf19896a696f7565b33309ae0d4f0c9c
31.13.72.12200 OK 87 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=cf19896a696f7565b33309ae0d4f0c9c
IP 31.13.72.12:0
File type ASCII text, with very long lines (13192)
Hash cd824cdeec57bdfe5852a0981b06980e
56d06b97e62c231913a2a3b5b9fd247a90690349
d889487aa1d9f32734c2ca53b56d054ae50a6d65a6cd8c30d2630e7ca48e9336
GET /en_US/sdk.js?hash=cf19896a696f7565b33309ae0d4f0c9c HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://asian-movies-online.com
Connection: keep-alive
Referer: https://asian-movies-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 9fa25ae76ab89315233a903510143959
etag: "d206249edc230599dfe38cba0ab83f15"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sun, 26 Nov 2023 08:22:42 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: zYJM3uxXvf5YUqCYGwaYDg==
x-fb-debug: dxd1rbMzVyBXWLMbRQdhSWuzJcXI4w89964lp119aA25kJ2X81UO9sqPiPphwO96lmm2QS+Lc23/vRHG/zBi6Q==
content-length: 86898
x-fb-trip-id: 1904183273
date: Sat, 26 Nov 2022 09:04:17 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=337135700017199&ev=fb_page_view&dl=https%3A%2F%2Fasian-movies-online.com%2F%3Fpa%3DPR7O624C2E%253Fclickid%253D620295354350309376&rl=&if=true&ts=1669453456534&sw=1280&sh=1024&at=
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=337135700017199&ev=fb_page_view&dl=https%3A%2F%2Fasian-movies-online.com%2F%3Fpa%3DPR7O624C2E%253Fclickid%253D620295354350309376&rl=&if=true&ts=1669453456534&sw=1280&sh=1024&at=
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=337135700017199&ev=fb_page_view&dl=https%3A%2F%2Fasian-movies-online.com%2F%3Fpa%3DPR7O624C2E%253Fclickid%253D620295354350309376&rl=&if=true&ts=1669453456534&sw=1280&sh=1024&at= HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://asian-movies-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sat, 26 Nov 2022 09:04:17 GMT
X-Firefox-Spdy: h2
vaugroar.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert quad9 Sinkholed
POST /custom HTTP/1.1
Host: vaugroar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.zoomnews1.com/
Content-Type: application/json
Origin: https://www.zoomnews1.com
Content-Length: 757
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:17 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 4c7c7afaeb85b1731f731a30eb6790c4
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yk/l/0,cross/lkNcWOjl-U9.css?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 3.3 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yk/l/0,cross/lkNcWOjl-U9.css?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (3040)
Hash b27f6cab20a6eda1d9b3030c9a09660d
3169ce97a78df1ed950dc27623c191485d3107ee
2b3945a951059474536dcbb24070db0e476148aa79db35e2431f49b5b93231da
GET /rsrc.php/v3/yk/l/0,cross/lkNcWOjl-U9.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 25 Nov 2023 17:51:29 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: sn9sqyCm7aHZswMMmglmDQ==
x-fb-debug: 3wrVtekQ/y7wS/2reIF/EwjJOawLhsjiLIMJy7/ZtA2A0fE2/nfgpyG+o6iqKOHalByy7AI5gFrrVw4T9r7XmA==
priority: u=2
content-length: 3292
x-fb-trip-id: 1904183273
date: Sat, 26 Nov 2022 09:04:17 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 830 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (724)
Hash d63a02ce87c07ffcfa869fef7fc5f233
cae745fef84088abe3525bb77f75c55cd1d4cc2c
bf9d4d71541a0a1f31b10be351add847ee935da6de355756314c8ca96512444d
GET /rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 18 Nov 2023 18:18:38 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-fb-rlafr: 0
content-md5: 1joCzofAf/z6hp/vf8XyMw==
x-fb-debug: vKrIT7bDcuELxUQABfykTxFSmykRoUCEVhYV4TgDJd5oiZgsEJBZyhiv20JBlkWsTGEVyts+Yz2c1cL+WGyqLQ==
priority: u=2
content-length: 830
x-fb-trip-id: 1904183273
date: Sat, 26 Nov 2022 09:04:17 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y8/r/qc0dVyw0ZD0.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 91 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y8/r/qc0dVyw0ZD0.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (18622)
Hash 151e87d38f4f425e44d9c851c9aecf05
762111e5095f5354be95b98ad476f6e7161ce6b1
f236f289f38c8081b496e0537ed3b2c66822e7a743f5d9d4959f955c64b0b2b0
GET /rsrc.php/v3/y8/r/qc0dVyw0ZD0.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 18 Nov 2023 00:22:04 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: FR6H049PQl5E2chRya7PBQ==
x-fb-debug: 41mNogUMqbYJMwkqhJK5x6mP9W7KKPLBIwPJVTu8zy/nNnO3VPGXxBg0uCe8l34+TTDgnWz4SKygMETC77RVXw==
priority: u=3,i
content-length: 91088
x-fb-trip-id: 1904183273
date: Sat, 26 Nov 2022 09:04:17 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 1.7 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (1984)
Hash 16f083b23b565db9d2f20d1ad75933c1
6d74ad139c96b1e3fc9d541419788b5b4893ec9a
36b909cd9132a8996a1bbb221d05217c31506a6951bb408deeea6aa612dc4200
GET /rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 16 Nov 2023 22:24:40 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: FvCDsjtWXbnS8g0a11kzwQ==
x-fb-debug: DPBbprD+WR1JkQp8+12RV5L7aPu0l9wEhB+zyXXmLLBejlnOoB6/sW7YTAqPr0a+bmM8AnZbmMS0hVd638ZZKw==
content-length: 1657
x-fb-trip-id: 1904183273
date: Sat, 26 Nov 2022 09:04:17 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 12 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (5542)
Hash 0765d76d746716156d53d36ee6f80836
17e1546f87cc6417615caa10dcbbcb699c59471a
f1e6af63ae9ff0385126b72a492b0d34709514dd4c00074a1be28272c253d4f8
GET /rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 15 Nov 2023 02:03:07 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: B2XXbXRnFhVtU9Nu5vgINg==
x-fb-debug: 0xPHDYvZge8swk7JhsZ5ELIEYcud4qPBQV2E2zQxSjSHT+wOY2wY+EXO4Me6uhdgl3HPef3XHIK9yshvgmDJ/Q==
priority: u=3,i
content-length: 12369
x-fb-trip-id: 1904183273
date: Sat, 26 Nov 2022 09:04:17 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yt/l/en_US/JGSM2yXjSKh.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 24 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iEpO4/yt/l/en_US/JGSM2yXjSKh.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (42048)
Hash 3051900d03a657ddbbc9afa8ac11cdbd
557f26734897e137a6678f6d2a81672fc6a34ad2
038035ce01be57324c7e251c8834229b4910f27e3a042912fd7276947e5750df
GET /rsrc.php/v3iEpO4/yt/l/en_US/JGSM2yXjSKh.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 14 Nov 2023 04:19:31 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: MFGQDQOmV927ya+orBHNvQ==
x-fb-debug: /0Pz55NIiUn/cvYU+yfhqdIUstVvGBjhB3o6xBCg6YLbu5z3E4bj/phElq/tOEXBC1yT2SO31t4LXKWfL41W7A==
content-length: 23455
x-fb-trip-id: 1904183273
date: Sat, 26 Nov 2022 09:04:17 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
vaugroar.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert quad9 Sinkholed
POST /custom HTTP/1.1
Host: vaugroar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.zoomnews1.com/
Content-Type: application/json
Origin: https://www.zoomnews1.com
Content-Length: 400
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:22 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: d301f29f4ff12d7763f96237b2aa0744
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=d6867fe93ca44e62b9bb27d1a8460566&zoneId=5493521&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=d6867fe93ca44e62b9bb27d1a8460566&zoneId=5493521&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash d9e90fb269beb4bc7a58e0d4836d45ac
939c8617a4e1436230d86347963ad03d4f4ec3e2
f62ce4abe9a6f8e451ba811f36e837df9ceb79c6c96f2c3e5f4cc35f5032af60
GET /gid.js?pub=0&userId=d6867fe93ca44e62b9bb27d1a8460566&zoneId=5493521&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.zoomnews1.com/
Origin: https://www.zoomnews1.com
Connection: keep-alive
Cookie: ID=7a4cba7df116406aa2569040c00b7260
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:22 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=7a4cba7df116406aa2569040c00b7260; expires=Sun, 26 Nov 2023 09:04:22 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
arsnivyr.com/1?z=5493119
139.45.197.242200 OK 0 B IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5493119 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Cookie: scm=1; OAID=84b6b5c4fed547f782c89ca34a3c8949; oaidts=1669453453
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:13 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 47faaff3a06f248f00f5ac5ee47a506c
access-control-expose-headers: X-Sc
set-cookie: OAID=84b6b5c4fed547f782c89ca34a3c8949; expires=Sun, 26 Nov 2023 09:04:13 GMT; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:13 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
woafoame.net/?rb=mLziLlAUxIXJ87WQGBSJHq3s-V10NX__rGk_RJSF3wH1zdLMn5_FjYd9H_f77zgK1Uev8YDsvnPoVBlPYZlk4rmShX_rXo61gWRO197FBeitiCp6BLG5rIhUu8eTxQbFGA71143RFbkINknblyzBKW7cI8bKrU1yo060opz5CaocFtPF6UgfrbS5c8PgHuT1OWHNPxfghh-tHgnvxX8-J_UXKC5w1kdEpbPtyCsEEOj36TT5j7hasA%3D%3D&request_ab2=96003&zoneid=5493122&js_build=iclick-v1.454.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=4&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.454.0&bs=8d5aab44-1693-45e8-bfd8-7516e1bfb3f8&userId=7a4cba7df116406aa2569040c00b7260&m=link
139.45.197.239200 OK 0 B URL HTTP/2 woafoame.net/?rb=mLziLlAUxIXJ87WQGBSJHq3s-V10NX__rGk_RJSF3wH1zdLMn5_FjYd9H_f77zgK1Uev8YDsvnPoVBlPYZlk4rmShX_rXo61gWRO197FBeitiCp6BLG5rIhUu8eTxQbFGA71143RFbkINknblyzBKW7cI8bKrU1yo060opz5CaocFtPF6UgfrbS5c8PgHuT1OWHNPxfghh-tHgnvxX8-J_UXKC5w1kdEpbPtyCsEEOj36TT5j7hasA%3D%3D&request_ab2=96003&zoneid=5493122&js_build=iclick-v1.454.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=4&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.454.0&bs=8d5aab44-1693-45e8-bfd8-7516e1bfb3f8&userId=7a4cba7df116406aa2569040c00b7260&m=link
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /?rb=mLziLlAUxIXJ87WQGBSJHq3s-V10NX__rGk_RJSF3wH1zdLMn5_FjYd9H_f77zgK1Uev8YDsvnPoVBlPYZlk4rmShX_rXo61gWRO197FBeitiCp6BLG5rIhUu8eTxQbFGA71143RFbkINknblyzBKW7cI8bKrU1yo060opz5CaocFtPF6UgfrbS5c8PgHuT1OWHNPxfghh-tHgnvxX8-J_UXKC5w1kdEpbPtyCsEEOj36TT5j7hasA%3D%3D&request_ab2=96003&zoneid=5493122&js_build=iclick-v1.454.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=4&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.454.0&bs=8d5aab44-1693-45e8-bfd8-7516e1bfb3f8&userId=7a4cba7df116406aa2569040c00b7260&m=link HTTP/1.1
Host: woafoame.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.zoomnews1.com/
Origin: https://www.zoomnews1.com
Connection: keep-alive
Cookie: OAID=4a1340d3af2042639ebcf727665590d5; oaidts=1669453453
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:14 GMT
content-type: application/json
x-trace-id: 0c17d0f8b292b7aef166dbb966747938
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=7a4cba7df116406aa2569040c00b7260; expires=Sun, 26 Nov 2023 09:04:14 GMT; path=/; secure; SameSite=None
oaidts=1669453454; expires=Sun, 26 Nov 2023 09:04:14 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 03 Dec 2022 09:04:14 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
arsnivyr.com/9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
139.45.197.242200 OK 0 B URL HTTP/2 arsnivyr.com/9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 156
Origin: https://www.zoomnews1.com
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Cookie: scm=1; OAID=84b6b5c4fed547f782c89ca34a3c8949; oaidts=1669453453
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: c84140b7710b3ec558e9f230719d5faa
access-control-expose-headers: X-Sc
set-cookie: OAID=7a4cba7df116406aa2569040c00b7260; expires=Sun, 26 Nov 2023 09:04:15 GMT; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:15 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
arsnivyr.com/9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
139.45.197.242200 OK 0 B URL HTTP/2 arsnivyr.com/9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 156
Origin: https://www.zoomnews1.com
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Cookie: scm=1; OAID=84b6b5c4fed547f782c89ca34a3c8949; oaidts=1669453453
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 88b5424e827871298f947cf28a3fc983
access-control-expose-headers: X-Sc
set-cookie: OAID=7a4cba7df116406aa2569040c00b7260; expires=Sun, 26 Nov 2023 09:04:14 GMT; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:14 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
stats.wp.com/s-202247.js
192.0.76.3200 OK 0 B IP 192.0.76.3:0
GET /s-202247.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://asian-movies-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:16 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6197c5cf-2494"
content-encoding: br
expires: Mon, 20 Nov 2023 12:08:34 GMT
cache-control: max-age=31536000
x-nc: HIT arn
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Droid+Sans:bold
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Droid+Sans:bold
IP 142.250.74.10:0
GET /css?family=Droid+Sans:bold HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 26 Nov 2022 09:04:13 GMT
date: Sat, 26 Nov 2022 09:04:13 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
arsnivyr.com/1?z=5493119
139.45.197.242200 OK 0 B IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5493119 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Cookie: scm=1; OAID=84b6b5c4fed547f782c89ca34a3c8949; oaidts=1669453453
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:13 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 4d248af6899b94debbe27b996c2ed8b0
access-control-expose-headers: X-Sc
set-cookie: OAID=84b6b5c4fed547f782c89ca34a3c8949; expires=Sun, 26 Nov 2023 09:04:13 GMT; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:13 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
arsnivyr.com/1?z=5491106
139.45.197.242200 OK 0 B IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5491106 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:13 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 29843ccf4404b541bff418a063fac4d0
access-control-expose-headers: X-Sc
x-sc: 9lq4FybOwzhYNJ_Xubl8Mx-WlAvy1RAS6tWXN90F_ytn4MosO2jgeun3cb4sdPHluT6zaF5xVMlHQkGgHQrsexegoG8=
set-cookie: scm=1; expires=Sun, 26 Nov 2023 09:04:13 GMT; secure; SameSite=None
OAID=b087a5ac7e4b406bb18aa8e67d1fe682; expires=Sun, 26 Nov 2023 09:04:13 GMT; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:13 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/earlyaccess/droidarabickufi.css
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/earlyaccess/droidarabickufi.css
IP 142.250.74.10:0
GET /earlyaccess/droidarabickufi.css HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
expires: Sat, 26 Nov 2022 09:04:13 GMT
date: Sat, 26 Nov 2022 09:04:13 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
arsnivyr.com/1?z=5493119
139.45.197.242200 OK 0 B IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5493119 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Cookie: scm=1; OAID=84b6b5c4fed547f782c89ca34a3c8949; oaidts=1669453453
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:13 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 5800630066ae008189ffaccc4010fcc1
access-control-expose-headers: X-Sc
set-cookie: OAID=84b6b5c4fed547f782c89ca34a3c8949; expires=Sun, 26 Nov 2023 09:04:13 GMT; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:13 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
vaugroar.com/ntfc.php?p=5493521
139.45.197.250200 OK 0 B URL HTTP/2 vaugroar.com/ntfc.php?p=5493521
IP 139.45.197.250:0
Analyzer Verdict Alert quad9 Sinkholed
GET /ntfc.php?p=5493521 HTTP/1.1
Host: vaugroar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:13 GMT
content-type: application/javascript
last-modified: Thu, 24 Nov 2022 15:53:54 GMT
etag: W/"637f9392-38a8"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
arsnivyr.com/1?z=5493119
139.45.197.242200 OK 0 B IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5493119 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:13 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 4de96d7e7dd9573a0aabb7bdd21bc9d6
access-control-expose-headers: X-Sc
x-sc: gkyTCiiBUK5XzuNnaM-HVDMdeJaKB1ti-uOX54La1Yghau5KfgTPGkwS3DHlcdJZKe1I5CbqIfy9TYudY85mMZ0H-bw=
set-cookie: scm=1; expires=Sun, 26 Nov 2023 09:04:13 GMT; secure; SameSite=None
OAID=84b6b5c4fed547f782c89ca34a3c8949; expires=Sun, 26 Nov 2023 09:04:13 GMT; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:13 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 0 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
GET /rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 18 Nov 2023 00:17:10 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: yS75TjCi3ZRz/Z/lM0crcw==
x-fb-debug: ihdwMQcRol5sHtSRXmEMFB/YIW9cI3nuMWAo6wo5s4uAg1qPZip0MHf6ehCCUUAy0ohw6m2pcOM5THzisKxOvg==
priority: u=3,i
content-length: 16232
x-fb-trip-id: 1904183273
date: Sat, 26 Nov 2022 09:04:17 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/img/10.jpg
144.217.67.42200 OK 0 B URL HTTP/1.1 mediasama.com/starharem/01/s/img/10.jpg
IP 144.217.67.42:0
GET /starharem/01/s/img/10.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:04:16 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:39 GMT
ETag: "39dae-5dc622df755e8"
Accept-Ranges: bytes
Content-Length: 236974
Content-Type: image/jpeg
fonts.googleapis.com/css?family=Raleway:100
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Raleway:100
IP 142.250.74.10:0
GET /css?family=Raleway:100 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 26 Nov 2022 09:04:13 GMT
date: Sat, 26 Nov 2022 09:04:13 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
woafoame.net/5/5493122/?oo=1&aab=1
139.45.197.239200 OK 0 B URL HTTP/2 woafoame.net/5/5493122/?oo=1&aab=1
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /5/5493122/?oo=1&aab=1 HTTP/1.1
Host: woafoame.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.zoomnews1.com
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:13 GMT
content-type: application/json
x-trace-id: 81658d9bc79cbffa6cb50c03dc5b8df3
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=87d7daa3b2104cf2bfaf2fef33b2fd5a; expires=Sun, 26 Nov 2023 09:04:13 GMT; path=/; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:13 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
arsnivyr.com/9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
139.45.197.242200 OK 0 B URL HTTP/2 arsnivyr.com/9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260
IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5493119&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.zoomnews1.com%2F2022%2F11%2F2022.html%3Fm%3D1&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&sah=1002&drf=&hil=1&ist=0&oaid=7a4cba7df116406aa2569040c00b7260 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 156
Origin: https://www.zoomnews1.com
Connection: keep-alive
Referer: https://www.zoomnews1.com/
Cookie: scm=1; OAID=84b6b5c4fed547f782c89ca34a3c8949; oaidts=1669453453
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 09:04:15 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://www.zoomnews1.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 27f06722bf0be5b5db67fea3a2b2bfb5
access-control-expose-headers: X-Sc
set-cookie: OAID=7a4cba7df116406aa2569040c00b7260; expires=Sun, 26 Nov 2023 09:04:15 GMT; secure; SameSite=None
oaidts=1669453453; expires=Sun, 26 Nov 2023 09:04:15 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2