Overview

URL www109.zippyshare.com/d/oc6swaoi/37047/revo.uninstaller.pro.v3.2.1.kuyhaa.me.rar
IP46.166.139.231
ASNNForce Entertainment B.V.
Location Netherlands
Report completed2022-06-10 15:53:19 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2022-06-10 2 aphycolourses.info/UzVpejAoFxoNbyZHBVgKcV0dDkAgD0ZVRyRCWEoJfU8ACkAqRgEbQjYb (...) Malware
mnemonic secure dns  No alerts detected
Quad9 DNS
Added / Verified Severity Host Comment
2022-06-10 2 unphionetor.com Sinkholed
2022-06-10 2 freychang.fun Sinkholed
2022-06-10 2 unphionetor.com Sinkholed
2022-06-10 2 freychang.fun Sinkholed
2022-06-10 2 freychang.fun Sinkholed
2022-06-10 2 freychang.fun Sinkholed


Files

No files detected



Passive DNS (29)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
[Mnemonic Passive DNS] content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-06-10 05:29:38 UTC 54.230.111.99
[Mnemonic Passive DNS] ocsp.pki.goog (3) 175 2017-06-14 07:23:31 UTC 2022-06-10 04:45:20 UTC 142.250.74.3
[Mnemonic Passive DNS] ds88pc0kw6cvc.cloudfront.net (2) 0 No data No data 54.230.245.114 Unknown ranking
[Mnemonic Passive DNS] d10lumateci472.cloudfront.net (2) 0 No data No data 54.230.245.49 Unknown ranking
[Mnemonic Passive DNS] blicatedlittle.xyz (2) 0 No data No data 107.22.28.167 Unknown ranking
[Mnemonic Passive DNS] www109.zippyshare.com (9) 0 No data No data 46.166.139.231 Domain (zippyshare.com) ranked at: 41031
[Mnemonic Passive DNS] push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-06-10 05:13:43 UTC 52.43.61.95
[Mnemonic Passive DNS] aphycolourses.info (1) 121151 No data No data 107.22.28.167
[Mnemonic Passive DNS] www.gstatic.com (1) 0 2015-06-20 09:50:55 UTC 2015-11-29 15:55:55 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
[Mnemonic Passive DNS] imatrk.net (1) 30003 No data No data 104.21.16.43
[Mnemonic Passive DNS] ocsp2.globalsign.com (1) 1544 2012-05-21 07:12:19 UTC 2022-06-10 05:02:23 UTC 104.18.20.226
[Mnemonic Passive DNS] contile.services.mozilla.com (1) 1114 No data No data 34.117.237.239
[Mnemonic Passive DNS] img-getpocket.cdn.mozilla.net (2) 1631 2017-09-01 03:40:57 UTC 2022-06-10 11:35:17 UTC 34.120.237.76
[Mnemonic Passive DNS] cdn.adx1.com (1) 10630 2018-05-29 09:13:29 UTC 2022-06-10 13:09:21 UTC 149.11.201.98
[Mnemonic Passive DNS] firefox.settings.services.mozilla.com (2) 867 2016-03-17 08:25:01 UTC 2020-05-25 20:01:47 UTC 54.230.111.7
[Mnemonic Passive DNS] rningserien.xyz (6) 0 No data No data 54.230.111.36 Unknown ranking
[Mnemonic Passive DNS] unphionetor.com (2) 54035 No data No data 139.45.197.236
[Mnemonic Passive DNS] www.maxonclick.com (3) 173326 2017-01-29 09:04:56 UTC 2022-06-10 07:35:08 UTC 35.190.68.123
[Mnemonic Passive DNS] quiremuken.xyz (3) 0 No data No data 104.21.29.224 Unknown ranking
[Mnemonic Passive DNS] ocsp.digicert.com (1) 86 2012-11-29 12:49:49 UTC 2022-06-10 12:34:43 UTC 93.184.220.29
[Mnemonic Passive DNS] toglooman.com (5) 144309 No data No data 139.45.197.239
[Mnemonic Passive DNS] interstitial-07.com (3) 36198 No data No data 139.45.197.151
[Mnemonic Passive DNS] icotrack.net (2) 67902 No data No data 109.206.168.17
[Mnemonic Passive DNS] ocsp.sectigo.com (6) 487 2018-12-17 11:31:55 UTC 2022-06-10 10:02:37 UTC 104.18.32.68
[Mnemonic Passive DNS] www.google.com (1) 7 2012-05-22 04:23:54 UTC 2022-06-09 17:27:23 UTC 142.250.74.164
[Mnemonic Passive DNS] my.rtmark.net (1) 9054 No data No data 139.45.195.8
[Mnemonic Passive DNS] clksite.com (1) 68288 2015-01-01 17:16:10 UTC 2019-11-27 09:37:42 UTC 173.192.101.24
[Mnemonic Passive DNS] r3.o.lencr.org (10) 344 2020-12-02 08:52:13 UTC 2022-06-10 04:46:31 UTC 23.36.77.32
[Mnemonic Passive DNS] freychang.fun (4) 20665 No data No data 172.67.218.221


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 46.166.139.231

Date UQ / IDS / BL URL IP
2022-06-26 16:17:44 +0000
0 - 0 - 4 www110.zippyshare.com/d/tzq4tpu5/7320/l3050ec (...) 46.166.139.231
2022-06-26 16:17:33 +0000
0 - 0 - 3 www110.zippyshare.com/d/tzq4tpu5/8683/l3050ec (...) 46.166.139.231
2022-06-24 08:02:11 +0000
0 - 0 - 8 www110.zippyshare.com/d/tzq4tpu5/17103/l3050e (...) 46.166.139.231
2022-06-24 07:25:56 +0000
0 - 0 - 9 www110.zippyshare.com/d/tzq4tpu5/30517/l3050e (...) 46.166.139.231
2022-06-17 19:40:33 +0000
0 - 0 - 9 https://www110.zippyshare.com/d/2HPetcoH/3583 (...) 46.166.139.231
2022-06-17 02:22:35 +0000
0 - 0 - 4 www109.zippyshare.com/d/oc6swaoi/16487/revo.u (...) 46.166.139.231
2022-06-17 02:22:17 +0000
0 - 0 - 12 www109.zippyshare.com/d/oc6swaoi/8755/revo.un (...) 46.166.139.231
2022-06-12 13:32:02 +0000
0 - 0 - 12 https://www110.zippyshare.com/d/YZENOK7Q/1825 (...) 46.166.139.231
2018-12-15 12:56:12 +0100
0 - 0 - 1 https://www110.zippyshare.com/d/u2mtbtGA/841/ (...) 46.166.139.231
2017-09-05 18:40:13 +0200
0 - 0 - 0 www109.zippyshare.com/v/5BA45I0d/file.html 46.166.139.231

Last 10 reports on ASN: NForce Entertainment B.V.

Date UQ / IDS / BL URL IP
2022-08-11 22:49:26 +0000
0 - 0 - 1 141.98.6.236/limetor/ZvfejoxpnLIMETORRENTS-1.exe 141.98.6.236
2022-08-11 22:48:36 +0000
0 - 0 - 1 141.98.6.236/newz2k/ZvfejoxpnZ2K-1.exe 141.98.6.236
2022-08-11 22:48:30 +0000
0 - 0 - 1 141.98.6.236/update/ZvfejoxpnTPB-1.exe 141.98.6.236
2022-08-11 22:48:24 +0000
0 - 0 - 1 141.98.6.236/Z2KNEW/ZvfejoxpnZ2K-1.exe 141.98.6.236
2022-08-11 22:48:17 +0000
0 - 0 - 1 141.98.6.236/1337New/ZvfejoxpnTORRENTOLD-1.exe 141.98.6.236
2022-08-11 22:48:11 +0000
0 - 0 - 1 141.98.6.236/1337Traget/Zvfejoxpn1337X-1.exe 141.98.6.236
2022-08-11 22:48:05 +0000
0 - 0 - 1 141.98.6.236/utorrent/ZvfejoxpnTPB-1.exe 141.98.6.236
2022-08-11 22:47:59 +0000
0 - 0 - 1 141.98.6.236/1337/zvfejoxpntorrentold-1.exe 141.98.6.236
2022-08-11 22:47:53 +0000
0 - 0 - 1 141.98.6.236/z2k/zvfejoxpnz2k-1.exe 141.98.6.236
2022-08-11 22:47:51 +0000
0 - 0 - 1 141.98.6.236/FreeApps/ZvfejoxpnFREEAPPS-1.exe 141.98.6.236

No other reports on domain: zippyshare.com



JavaScript

Executed Scripts (21)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (78)


Request Response
                                        
                                            GET /d/oc6swaoi/37047/revo.uninstaller.pro.v3.2.1.kuyhaa.me.rar HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         46.166.139.231
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Fri, 10 Jun 2022 15:53:02 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: JSESSIONID=EDEF6BFA97F39CFE5FE1EF62E4C5C280; Path=/; HttpOnly
Location: http://www109.zippyshare.com/v/oc6swaoi/file.html

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Retry-After, Backoff, Alert, Content-Type
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 10 Jun 2022 15:34:01 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: FCG6Jq0gIqbQzzsqF2-JLCfAPC_FDfE2E0fcQaV2K-qkSj8zhkvWEw==
Age: 1142


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    680f534bc29773f704a63c3e3af93c2e
Sha1:   f1002cea53ff52d1c926d929f80601353c43bb48
Sha256: 0e83ec9c78b140e17c61e7c0f67997b5227af6f7c283c412a087b10a825a69f8
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DD3EA6C574C57CBB10369822E6D0CB2032BDE481F6F01C461E96F3968ADD30E6"
Last-Modified: Thu, 09 Jun 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18808
Expires: Fri, 10 Jun 2022 21:06:31 GMT
Date: Fri, 10 Jun 2022 15:53:03 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-06-30-19-51-38.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.99
HTTP/2 200 OK
                                        
content-type: binary/octet-stream
content-length: 5348
last-modified: Wed, 11 May 2022 19:51:39 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 10 Jun 2022 05:56:38 GMT
etag: "48ca0beea419a9039591cf1aee5179e0"
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3jhF54enxyAbBdE7DsKM3aTB1CuZ2y6x9bSIjh9V7zjCfZThLyd25Q==
age: 49337
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    48ca0beea419a9039591cf1aee5179e0
Sha1:   9e92629f505fcc07aab51221e8fe62197a23e307
Sha256: 630a5f110337b4a4876aa85c21107d9e8f2550bcc60f023a4777d895b17399fd
                                        
                                            GET /v/oc6swaoi/file.html HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: JSESSIONID=EDEF6BFA97F39CFE5FE1EF62E4C5C280
Upgrade-Insecure-Requests: 1

                                         
                                         46.166.139.231
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 10 Jun 2022 15:53:03 GMT
Content-Length: 178
Connection: keep-alive
Location: https://www109.zippyshare.com/v/oc6swaoi/file.html


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   178
Md5:    cd2e0e43980a00fb6a2742d3afd803b8
Sha1:   81ffbd1712afe8cdf138b570c0fc9934742c33c1
Sha256: bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
                                        
                                            POST /gsalphasha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 10 Jun 2022 15:53:03 GMT
Content-Length: 1423
Connection: keep-alive
Expires: Tue, 14 Jun 2022 13:38:26 GMT
ETag: "07482a7d7b06fdebcfa7f253e9aab6b2e5347e87"
Last-Modified: Fri, 10 Jun 2022 13:38:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 80
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 71934713ff6c1c0a-OSL


--- Additional Info ---
Magic:  data
Size:   1423
Md5:    3116e86bf094206b2f738e0fa29febbb
Sha1:   07482a7d7b06fdebcfa7f253e9aab6b2e5347e87
Sha256: 2810276572a12aaa8fc054204c2b24d5936ee9cc194c868e1159d0ed24878adf
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 10 Jun 2022 15:53:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v/oc6swaoi/file.html HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: zippyadb=0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Server: nginx
Date: Fri, 10 Jun 2022 15:53:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: JSESSIONID=9F827D7338EA4A1B2E3360AC99CDBF08; Path=/; HttpOnly zippop=1; Domain=.zippyshare.com; Expires=Sat, 11-Jun-2022 03:53:03 GMT; Path=/
Content-Language: en
Expires: Fri, 10 Jun 2022 15:53:02 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (41973), with CRLF, CR, LF line terminators
Size:   39516
Md5:    f154a01593ebf79f6e48a27d297cf3f3
Sha1:   258e03898429418ef6cb83e7056d49cc716bd985
Sha256: bc41d19b86a977169c6ad4ad2c30cbf7e0c7b90837ca557d178d995dfff715cb
                                        
                                            GET /wro/viewjs-9c29d4e653e865831dc028fdac7e7dfff3be049e.css HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/v/oc6swaoi/file.html
Cookie: zippyadb=0; JSESSIONID=9F827D7338EA4A1B2E3360AC99CDBF08; zippop=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Fri, 10 Jun 2022 15:53:03 GMT
Content-Length: 66707
Connection: keep-alive
Cache-Control: public, max-age=259200000
Expires: Tue, 27 Aug 2030 15:53:03 GMT
Accept-Ranges: bytes
ETag: W/"207098-1654675203000"
Last-Modified: Wed, 08 Jun 2022 08:00:03 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text, with very long lines (38971)
Size:   66707
Md5:    7e0e3e48bd85cdf4041d04d6d265622a
Sha1:   06bd818fbba909a62546da78470bc01fd813076e
Sha256: b6f4ece3f288037b58e9803601d45e812775c0140f09d7860574f6c56781ec1c
                                        
                                            GET /ads.js HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/v/oc6swaoi/file.html
Cookie: zippyadb=0; JSESSIONID=9F827D7338EA4A1B2E3360AC99CDBF08; zippop=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Fri, 10 Jun 2022 15:53:03 GMT
Content-Length: 138
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"157-1654675202000"
Last-Modified: Wed, 08 Jun 2022 08:00:02 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text
Size:   138
Md5:    80ce0db0d04307c0a7e7bfbe492e329d
Sha1:   f8efbdda6799a957baa59e907d466dbc3fd7be90
Sha256: da32bd619e9f9cf48c390020230b751333e2a402fce01635102f340a39f88113
                                        
                                            GET /sw.js HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/v/oc6swaoi/file.html
Cookie: zippyadb=0; JSESSIONID=9F827D7338EA4A1B2E3360AC99CDBF08; zippop=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Fri, 10 Jun 2022 15:53:03 GMT
Content-Length: 36755
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"95651-1654675203000"
Last-Modified: Wed, 08 Jun 2022 08:00:03 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   36755
Md5:    9f3eb972e27d96787df56867ba104e59
Sha1:   e266af1162c320a8366da4487c3698c0db0ca354
Sha256: 5750d3ef81845bcf96250e0b2e66d4b21aec5ed0144822ca14a9491f70392ae3
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 10 Jun 2022 15:53:03 GMT
Cache-Control: public, max-age=18000
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 10 Jun 2022 15:53:03 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 10 Jun 2022 05:03:55 GMT
Expires: Fri, 17 Jun 2022 05:03:55 GMT
ETag: E7A4DF968F9C0DE34E5B7E2D9708655F9803EBE6
Cache-Control: max-age=565251,s-maxage=1800,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp14
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7193471688c9b4fd-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 10 Jun 2022 15:53:03 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 10 Jun 2022 05:03:55 GMT
Expires: Fri, 17 Jun 2022 05:03:55 GMT
ETag: E7A4DF968F9C0DE34E5B7E2D9708655F9803EBE6
Cache-Control: max-age=565251,s-maxage=1800,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp13
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 719347168b0d1c02-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 10 Jun 2022 15:53:03 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 10 Jun 2022 05:03:55 GMT
Expires: Fri, 17 Jun 2022 05:03:55 GMT
ETag: E7A4DF968F9C0DE34E5B7E2D9708655F9803EBE6
Cache-Control: max-age=565251,s-maxage=1800,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp12
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 719347168a990b65-OSL

                                        
                                            GET /wro/viewjs-5c4b087e763baf82dfed5e75dc71d50f709ecb00.js HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/v/oc6swaoi/file.html
Cookie: zippyadb=0; JSESSIONID=9F827D7338EA4A1B2E3360AC99CDBF08; zippop=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Fri, 10 Jun 2022 15:53:03 GMT
Content-Length: 147861
Connection: keep-alive
Cache-Control: public, max-age=259200000
Expires: Tue, 27 Aug 2030 15:53:03 GMT
Accept-Ranges: bytes
ETag: W/"478725-1654675203000"
Last-Modified: Wed, 08 Jun 2022 08:00:03 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text, with very long lines (65535)
Size:   147861
Md5:    1dd393cf506e088f2a0b45a37beabda7
Sha1:   384796f00e05bce54b4bcae1f2dd4e5d0c5c478a
Sha256: c9420067db3629caab61a3e5983ef9b303d24913f01c2a3307ee0e392cc87616
                                        
                                            GET /?kcpsd=843055 HTTP/1.1 
Host: ds88pc0kw6cvc.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.245.114
HTTP/2 200 OK
                                        
content-length: 49635
date: Fri, 10 Jun 2022 15:53:03 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7oFM0MEw6rzEZEGgPPAavrL0rXd-wkb5EcajdltYol9NxfZqoXWLTQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (15952)
Size:   49635
Md5:    832f5172fac53571f55f0d6f4249b594
Sha1:   e9171404cb339ce1b38c26b2148bc560017647a7
Sha256: cbf5a0692bb1ed64018269eb72b083a8816033aa6363b51287fb303a2d6b620f
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1DC3009A35ADB76FC951183C79624B6072ED8D9A99A9762187A5E74754F63C8E"
Last-Modified: Wed, 08 Jun 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18854
Expires: Fri, 10 Jun 2022 21:07:18 GMT
Date: Fri, 10 Jun 2022 15:53:04 GMT
Connection: keep-alive

                                        
                                            GET /?amuld=726474 HTTP/1.1 
Host: d10lumateci472.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.245.49
HTTP/2 200 OK
                                        
content-length: 35985
date: Fri, 10 Jun 2022 15:53:04 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fySjnRw_Wj5Zxr_A8zrdTNOanUhPq-XG1c-mGUtfA3L16z_Jees6CA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (15478)
Size:   35985
Md5:    66ec606128aee44c1608d8609891d264
Sha1:   bf02fb20557cdfea7403b75c0aa7b360676279f6
Sha256: 55e2e7cf8fbdeab5b80e2476f6866c5f8bdc20eeef45e3c77812e46746c7cfc8
                                        
                                            GET /recaptcha/api.js?render=explicit HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.164
HTTP/2 200 OK
                                        
expires: Fri, 10 Jun 2022 15:53:04 GMT
date: Fri, 10 Jun 2022 15:53:04 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 553
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (852), with no line terminators
Size:   553
Md5:    013320dc130924a71a1470eb603321d1
Sha1:   2e9070e8984ac6f155c22846a57051f10d267743
Sha256: a29630044d084c6ac28dd4a00eb827a388d31e84a16b7bc18cc97661193f8b84
                                        
                                            GET /images/favicon2.ico HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/v/oc6swaoi/file.html
Cookie: zippyadb=0; JSESSIONID=9F827D7338EA4A1B2E3360AC99CDBF08; zippop=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Fri, 10 Jun 2022 15:53:04 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: public, max-age=25920000
Expires: Thu, 06 Apr 2023 15:53:04 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 10 Jun 2022 15:53:04 GMT
Cache-Control: public, max-age=18000
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Content-Type, Content-Length, Expires, Alert, Backoff, Pragma, Retry-After, Cache-Control, Last-Modified
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Fri, 10 Jun 2022 15:32:44 GMT
Expires: Fri, 10 Jun 2022 16:31:39 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: bnDJ_SHE28Bch_wvPj5Lnn5TZ6slDpUisQI_9H8Q7b2Mc91dDDJq5Q==
Age: 1220


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /a/display.php?r=1142861 HTTP/1.1 
Host: www.maxonclick.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         35.190.68.123
HTTP/2 204 No Content
                                        
server: openresty
date: Fri, 10 Jun 2022 15:53:04 GMT
access-control-allow-origin: *
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

                                        
                                            GET /a/display.php?r=1142849 HTTP/1.1 
Host: www.maxonclick.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         35.190.68.123
HTTP/2 204 No Content
                                        
server: openresty
date: Fri, 10 Jun 2022 15:53:04 GMT
access-control-allow-origin: *
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

                                        
                                            GET /a/display.php?r=1142855 HTTP/1.1 
Host: www.maxonclick.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         35.190.68.123
HTTP/2 204 No Content
                                        
server: openresty
date: Fri, 10 Jun 2022 15:53:04 GMT
access-control-allow-origin: *
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 10 Jun 2022 15:53:04 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 10 Jun 2022 05:03:55 GMT
Expires: Fri, 17 Jun 2022 05:03:55 GMT
ETag: E7A4DF968F9C0DE34E5B7E2D9708655F9803EBE6
Cache-Control: max-age=565250,s-maxage=1800,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp3
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7193471abf55b4fd-OSL

                                        
                                            GET /N3pnTmYYRQQ9W1I8PX43YjwtFFZ1SQMLDlAoLypXZEghDwJvGUE6D1NHX3pVB09SaBZeHlp9VBEJEy8SQglaf0BeFAEhWxEMWn5ID1RfYFcRD1p/QEMKBilbBlwXOhJbR1Z4UwNCUHhVD05SeFA HTTP/1.1 
Host: quiremuken.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.29.224
HTTP/2 204 No Content
                                        
date: Fri, 10 Jun 2022 15:53:04 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dmnq%2Fiu8Ts9r8%2B2yUazxLQWvIXzuWYgLjeqwUxrDjpOYFB5drhMEKTAePH%2FUZJbqRnu8pYrIETGDFKVVFKbp7h34rSUFV7fLXd2c6XLIQbVQ6XtVklCH%2F85ORfh2jEzuSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7193471ad8e5b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /WE5PUEJ3cSwjfz0lNz4MDRwFNnMZDSkVNmgYOBo6CyA7BwAAG2kkKzxzeGJ0bHl7djIxKnJie349OzE2LT1yYWQxICk/f344cmFsaGB6aGxpaDptc346PzElZX9pIDYsInJhdG16d2d0a3Z7ZXdo HTTP/1.1 
Host: quiremuken.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.29.224
HTTP/2 204 No Content
                                        
date: Fri, 10 Jun 2022 15:53:04 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xsF%2FIPyAPF3Zx%2B9EFOdloFJCgccNrZhoxyTiGw1craL6LyuJTa7dmrv8NG72M6PuWsvKX1ps7khLzFfSCsKSalBMivdTPXU5Wl2w%2FPll4%2BdRhWkek23i9UIaJNuBKDsomg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7193471ad8f6b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /dGpKQUlbVSkydCAtOXEbMRJzFi42Ey8ZMRAoAgt9Els9ACo8BWw1IBBXcnV6RF9/ZzkdDndye1IZPiA9ARl3c3lEXWwoJxIFd3NvAld6b3FaUmRwbwFXe2c9BAstfHhSGj41JUlbfHR9TF18cnFAX31x HTTP/1.1 
Host: quiremuken.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.29.224
HTTP/2 204 No Content
                                        
date: Fri, 10 Jun 2022 15:53:04 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BaROhZ63yysCUqZwj5nK9RMDlg37OwHeANqh%2B3Yid6%2FQ6JHeghs%2FWn5Vlw8TiiUndZvVWb8%2BVbo0Gf%2Bl6X0bDJWLf%2Be8EQrGnfHz8KTf9L2%2FHQPspm7eoF%2FuDlWDF3K5sw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7193471ac8d7b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A13618D26E5E5DA0E4314272A190A0C7EA40CFE66C446C391967227D75E4F2AC"
Last-Modified: Fri, 10 Jun 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13797
Expires: Fri, 10 Jun 2022 19:43:01 GMT
Date: Fri, 10 Jun 2022 15:53:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4894
Cache-Control: max-age=149742
Date: Fri, 10 Jun 2022 15:53:04 GMT
Etag: "62a2fbb0-1d7"
Expires: Sun, 12 Jun 2022 09:28:46 GMT
Last-Modified: Fri, 10 Jun 2022 08:07:12 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /bXNPNWkMESxYVgxOLRMcHx9yEFsrVn1zDVxDI0AEDAcqVgBZRH0bCgEcOlEPHxwhQUcDFjsQWys+AnAvKSoXbz0hGn99OjgiIH9YFTEOWw1eJSR8PiYJDnouKDF3dj00Fi50MD8+DgAZJiIOeiAvKn56ODs/DnIKGzINXTELNBpwLis9d1YCDisZdidIQQ1jPy82AmYeJiB/XgInBBZsPi4ceXYoVSQBdiMONH4NXiYUf1Q8OiE3f1kgFixiMzkhJ1JcDh8NYSgaPSJgWTcQBHZZODcnYxMOCyN6KwVGfmM/IDcOBzM5ISR8WjcfBgYqNRc7YD9VJSwGRCA0CgQkHD8KZywJHQFPPCgqDlYhIyIaQiMVOR5SLDsgLEYuOz4Md1odKxh0KwM9I00hSxk8WgcdTgViATU0HWQRNBsMWj8 HTTP/1.1 
Host: rningserien.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.36
HTTP/2 200 OK
                                        
content-type: text/html
content-length: 1177
date: Fri, 10 Jun 2022 15:53:04 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0uui7VDGMfrfykH6aonX0c9vP14Djn9y3dp4H04tbgnzFZNvHIuSGg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3020), with no line terminators
Size:   1177
Md5:    ce8c88d9258392bb1be0ffd0a4770c8d
Sha1:   b894e1c55efac5a64e52ab4ba6cfd2e95e679302
Sha256: 3fe85dec548773bd23b5bfe2adb1ff3a2db6e892d68df2734d02d911336c5227
                                        
                                            GET /N1k2YUpWO1UMdVZkVEc/RTULRHhxfAQnLkRhDhEpBzJBVylBOhgCJlgsUgc4WDdCTyRSLRNTDFUNYSt+eA5RFA5lA1A3MFwVfiAYZjxgJwNzHwcTCXYtYSMgBj9xOQt1PEE4P1MKZyoHXWATUwh4a0U2C1toYAcfZgxhIBNGAQdUKXUwAwcZZWF8Kht1H3I0fgIcXgUZYQ1RLAJxLnkrC0A9bjR+AxgGNx91I1UtDHEMfAAMdnwEIw5yAw8zelgTZyUcYwpkGShzaVIqCWYIXSULBhtiOXNkGHcnL3I1ZCwCcSpmM3pYE3ELPn8KBQkYUmlOKA9yaBNTDGIxG1gpdCBvLxJmKkMHe30TdTciDwxdCilgNwYkD2IqeCo9Bxh+JyV7DgZVEmAeRTkYZj4QCzlYN0ZcK34wAAUcexVxMQ1wCg HTTP/1.1 
Host: rningserien.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.36
HTTP/2 200 OK
                                        
content-type: text/html
content-length: 1173
date: Fri, 10 Jun 2022 15:53:04 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bQKhhV1HKzxRvey1AWIdPaqL6FjXMxD2VyxVxUXxD6tVR1bCicrf7A==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3018), with no line terminators
Size:   1173
Md5:    5db40eb54064509dd7b8bcef0ac79fda
Sha1:   748fe28e9767bfa49e1dc37202583f50e3fd1788
Sha256: 8f169f2757dba07eb6b9645d5e5cd3456d1227fcba39f42b85b82b3f31a64ab5
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E89D5241FD8149C28DEF02F4435509C9B2BD96D7FA8CF03B7EB40101C0F07F12"
Last-Modified: Wed, 08 Jun 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17639
Expires: Fri, 10 Jun 2022 20:47:03 GMT
Date: Fri, 10 Jun 2022 15:53:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 10 Jun 2022 15:53:04 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 09 Jun 2022 18:25:19 GMT
Expires: Thu, 16 Jun 2022 18:25:19 GMT
ETag: 3AF629F020853F386A4C6C7C3FD731E2F657E4FE
Cache-Control: max-age=526934,s-maxage=1800,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp9
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7193471cbb460b65-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 10 Jun 2022 15:53:04 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 09 Jun 2022 23:32:37 GMT
Expires: Thu, 16 Jun 2022 23:32:37 GMT
ETag: 83EC2E9222514CC8DB6A4ED372FE51CE4880129F
Cache-Control: max-age=545372,s-maxage=1800,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp5
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7193471cba9d1c02-OSL

                                        
                                            GET /gid.js?userId=ab53d7a6c74242a78adbfbc0dc99e5d3 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www109.zippyshare.com
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Cookie: ID=ab53d7a6c74242a78adbfbc0dc99e5d3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.8
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 10 Jun 2022 15:53:04 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www109.zippyshare.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ab53d7a6c74242a78adbfbc0dc99e5d3; expires=Sat, 10 Jun 2023 15:53:04 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   65
Md5:    1a978248eb23e1b1a4d5f93ca4d80528
Sha1:   1934d9407e97f9eb644b30217f2b845f47ebee8a
Sha256: f367544fa6491762069de7d05ba94f13cb7b66204a7a1d56475830fe4ed19015
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: fO9A0CCZnq7clqWIPY1C3Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.43.61.95
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9oiCSAK09OQ0pqLBtkNrVVbw9sU=

                                        
                                            GET /42/38?z=3519989 HTTP/1.1 
Host: toglooman.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Cookie: OAID=bfb09acf47014381bf928d1d57c05730; oaidts=1654105504; scm=1; OAID=ab53d7a6c74242a78adbfbc0dc99e5d3; oaidts=1654105504; oaidvc=2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 10 Jun 2022 15:53:04 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 42f08691dfb5b85e3d789266255444d5
access-control-expose-headers: X-Sc
set-cookie: OAID=bfb09acf47014381bf928d1d57c05730; expires=Sat, 10 Jun 2023 15:53:04 GMT; secure; SameSite=None oaidts=1654105504; expires=Sat, 10 Jun 2023 15:53:04 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /bTWJ4OWguDRZfVzkLHARQeVFIDF1rCAtWBj1fGXABewYudSQKMj9+O2sWAl1VfUQUWAYqX15cBi5fSR8JKQBFDU45EhdSVTgMHFwOJAwdXU44A0VUBzcLFFUJaFA+DEZ9R0oJQDVTSRxbD0dKCQQkDA1BTX9SAAFeElRMHFsPR0oJGjtHS3hRe0xIEE1/Uh-9cCyYNXQsuf1JJCVh8UkkcWn0EEUsNKw0AHFoLW04XWGsXRQg HTTP/1.1 
Host: ds88pc0kw6cvc.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rningserien.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.245.114
HTTP/2 200 OK
                                        
content-length: 353
date: Fri, 10 Jun 2022 15:53:04 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Nelj4EKb0Vl0ELMXQ0cf-g14W7JJEkQmFfzr60hbR0gHVJB_VaAq6w==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (441), with no line terminators
Size:   353
Md5:    9f5db3dacd4c68b3dbc52161a76d1e22
Sha1:   08981ae2e267020151f989282168bd6166c66a16
Sha256: bb9610a0f72ba7c4098fc083998465bcda65c4e81890db92a027c6feb5fe218b
                                        
                                            GET /UzVpejAoFxoNbyZHBVgKcV0dDkAgD0ZVRyRCWEoJfU8ACkAqRgEbQjYbChVdfEYeVFogF0VYQz5TS0ABfxcdG1cMXA1YCnECW0sGYAJLVhIgQAslWTcHS0ASZgZcGQNrA1FXVmZQWlcEZlBQV1FgBw1XA2UGWUlSZgJZHlUyFxQ HTTP/1.1 
Host: aphycolourses.info
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         107.22.28.167
HTTP/2 200 OK
                                        
content-type: application/javascript; charset=utf-8
set-cookie: 45235628548f094cc475a9b3a69d05e1=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"e0fe-SSjqK9YK3p0uK0yDoH9wJfl+Quc"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (57598), with no line terminators
Size:   22903
Md5:    a25660540d7151537b843dbdbf7c94e6
Sha1:   d8ad342b05e05ca1cb9dd098e372a3b463d28efd
Sha256: eae2b2c6849e75ca21fbe867d2054cce89109653da7138efbd8cbe2bd998f921

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /1?z=3519989 HTTP/1.1 
Host: toglooman.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Cookie: scm=1; OAID=ab53d7a6c74242a78adbfbc0dc99e5d3; oaidts=1654105504; oaidvc=2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.239
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 10 Jun 2022 15:53:04 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 4394c8985f0cd8fa4946a5d2548b1348
access-control-expose-headers: X-Sc
set-cookie: OAID=ab53d7a6c74242a78adbfbc0dc99e5d3; expires=Sat, 10 Jun 2023 15:53:04 GMT; secure; SameSite=None oaidts=1654105504; expires=Sat, 10 Jun 2023 15:53:04 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (56877)
Size:   171547
Md5:    d154d1e0c9076ffc1f1f28b8e5452e15
Sha1:   3f133c851b2d0f1ac86849e4fa00bd7aa066ee80
Sha256: 729a58a42253947bbcfca925b6d6ea4680a02ff1875735f9837b86f9961c1a30
                                        
                                            GET /MMEFDYXZTLi0HSUQoJ1xBAnd3VkIWKzAOGEB8CTYeaAYRMA5pKQAOIBY1OQVLAGcvABhXfGUEGFN8ckcXVCN+VVBEMSwKS0kkJwYYWCo6CA8WNCJcG187Kg0aUWRxJ0MecWZTRhg5clBTAwNmU0ZcKC0UDhVzcxlOBh51VVMDA2ZTRkI3ZlI3CXdtUV8Vc3-MGE1MqLEREdnNzUEYAcHNQUwJxJQgEVScsGVMCB3pXWABnNlxH HTTP/1.1 
Host: d10lumateci472.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rningserien.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.245.49
HTTP/2 200 OK
                                        
content-length: 448
date: Fri, 10 Jun 2022 15:53:05 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Cv2ioC9raGyW7gmxwIMFeDDNzdkdfPTGG0MlKffJE0O0e3XniWrHXg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (577), with no line terminators
Size:   448
Md5:    7ba2d01ab91312f11cdfe32caaf0c167
Sha1:   cc79104c326f8076af7849e962296634acc4a240
Sha256: 653f9af06ae8119a6de6ca36a10dc6aae82b763610073491985524b3af6d4fe6
                                        
                                            OPTIONS /9?z=3519989&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww109.zippyshare.com%2Fv%2Foc6swaoi%2Ffile.html&wy=0&wx=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=921&wfc=2&sah=1024&drf=&hil=1&ist=0&oaid=ab53d7a6c74242a78adbfbc0dc99e5d3 HTTP/1.1 
Host: toglooman.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www109.zippyshare.com/
Origin: https://www109.zippyshare.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 204 No Content
                                        
server: nginx
date: Fri, 10 Jun 2022 15:53:05 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www109.zippyshare.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /static/advertisement.js HTTP/1.1 
Host: clksite.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         173.192.101.24
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 10 Jun 2022 15:53:04 GMT
content-type: application/javascript
last-modified: Mon, 12 Jun 2017 13:33:59 GMT
vary: Accept-Encoding
etag: W/"593e9847-1b"
expires: Sun, 12 Jun 2022 15:53:04 GMT
cache-control: max-age=172800
content-encoding: gzip
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 10 Jun 2022 15:53:05 GMT
Cache-Control: public, max-age=18000
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/recaptcha__en.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www109.zippyshare.com
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 146778
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 Jun 2022 16:11:20 GMT
expires: Tue, 06 Jun 2023 16:11:20 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 06 Jun 2022 04:02:41 GMT
content-type: text/javascript
age: 344505
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (570)
Size:   146778
Md5:    801190cdc0f65a502adfe207b259ec7c
Sha1:   3fe701ced40a4810164a5eabaf27ca1e88b77214
Sha256: 56635c02f642528859a0bec1974b3dd09fcb2326c002dad4cce8ef856e99cc1d
                                        
                                            GET /11?rnd=30390853&z=3519989&b=13464284&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=Kim64bLFEtJcmami0NpBeMJIo57oUXO8MR7W35dH6oPvk5VytkruT4L5v0xFilS6YCGsfK5yBtBxHZeVeUUH6mmUJJC4uDuCUqVW2gBgkhGpmMPtt49gqT6ut0r2mc5Jg7rV4aB94qU0k8e38CI1JaFEsLCDjLEKszqQeVRUguf0Is99aAcrbFdG1TwlSKBbZP_lpKCs1K_sum1NeE0Uk3VjktUDgrIkEz6M13_3cFgQU4xfwiOyxwiuE1IB6khZNppJI6FdVDftY_hsJMjuOuvoQNVSvZD33XRyWs8cpBuXIQDVftJDwp_9T2sja1zpThIkNRxqXb1FHKXRZ4_QieJHFLexhHFtz4QAwl7k8KAw_FxCmsgpKmgNennQw7Jq172WwifpGBvwxFPrhZqI6xCOM5OSgI_tpkMwcIbxW6O-XVnvMXDvcED36HhKWrRzSf9yOafzTdVerazejKTE_ArZXzEFhwnkofze2aS_Zgsmd9G927BM0pelQP32Q57NySKi7o5hsheJuDi1cEyg_-p10LWbMPL0BkcfhE4XQqSP4TNKxUmcQQ50kEBT-mXGQe-GZwpLciBUJmgCPDXtGw==&ruid=59788261-e4cf-4d4a-a236-b3e78808f314&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww109.zippyshare.com%2Fv%2Foc6swaoi%2Ffile.html&wy=0&wx=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=921&wfc=2&sah=1024&drf=&hil=1&ist=0&ot=139 HTTP/1.1 
Host: toglooman.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www109.zippyshare.com
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Cookie: scm=1; OAID=ab53d7a6c74242a78adbfbc0dc99e5d3; oaidts=1654105504; oaidvc=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 10 Jun 2022 15:53:05 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www109.zippyshare.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 0e8069ee2889c6c9bab1aab73d1fa0c0
access-control-expose-headers: X-Sc
set-cookie: OAID=ab53d7a6c74242a78adbfbc0dc99e5d3; expires=Sat, 10 Jun 2023 15:53:05 GMT; secure; SameSite=None oaidts=1654105504; expires=Sat, 10 Jun 2023 15:53:05 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: blicatedlittle.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 396
Origin: https://www109.zippyshare.com
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         107.22.28.167
HTTP/2 200 OK
                                        
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            GET /images/favicon.ico HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/v/oc6swaoi/file.html
Cookie: zippyadb=0; JSESSIONID=9F827D7338EA4A1B2E3360AC99CDBF08; zippop=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx
Date: Fri, 10 Jun 2022 15:53:05 GMT
Content-Length: 3611
Connection: keep-alive
Cache-Control: public, max-age=25920000
Expires: Thu, 06 Apr 2023 15:53:05 GMT
Accept-Ranges: bytes
ETag: W/"3611-1427651017000"
Last-Modified: Sun, 29 Mar 2015 17:43:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size:   3611
Md5:    b3bf18448d2e26f529500cb013975564
Sha1:   1b9d2cecad0cf85d336a24a0ccaa610c39a49f6a
Sha256: 968e719e5fbc1706a6db025adc28931e64fcf76c3ae80fa4ab6ff40b53b36b20
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEDBCD635577D29BB2526A055E100B055F8D44AE3D0DABDC00F61C82B3AD5499"
Last-Modified: Fri, 10 Jun 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6618
Expires: Fri, 10 Jun 2022 17:43:23 GMT
Date: Fri, 10 Jun 2022 15:53:05 GMT
Connection: keep-alive

                                        
                                            GET /utx?cb=RFvBQv7k87Di&top=www109.zippyshare.com&tid=726474 HTTP/1.1 
Host: rningserien.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www109.zippyshare.com
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.111.36
HTTP/2 204 No Content
                                        
date: Fri, 10 Jun 2022 15:53:05 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www109.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 10 Jun 2022 15:54:05 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: oHxLXAV3oAO6JJZYQ5m5HLWmmjEsL_jnW-UZ0l0WA1pcE92Hf6XVCw==
X-Firefox-Spdy: h2

                                        
                                            GET /utx?cb=60EJxDR3TUTk&top=www109.zippyshare.com&tid=843055 HTTP/1.1 
Host: rningserien.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www109.zippyshare.com
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.111.36
HTTP/2 204 No Content
                                        
date: Fri, 10 Jun 2022 15:53:05 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www109.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 10 Jun 2022 15:54:05 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KX5pSMXi2qiJjQYTZENG0OldNkAKUXX8Xt0HhmR-1ESJpgTFfPPH1g==
X-Firefox-Spdy: h2

                                        
                                            GET /multi?cs=WjkyeURpCgVOfGsBAk5xag4DSXU&abt=0&red=1&sm=76&k=zippyshare&v=1.0.58.1&sts=0&prn=0&emb=0&tid=726474&fs=1&ref=https%3A%2F%2Fwww109.zippyshare.com%2Fv%2Foc6swaoi%2Ffile.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_EbYB=1654876384796&crc=1 HTTP/1.1 
Host: rningserien.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www109.zippyshare.com
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.111.36
HTTP/2 200 OK
                                        
content-type: text/plain
content-length: 1453
date: Fri, 10 Jun 2022 15:53:05 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www109.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=515b7914-81f0-4d7f-a560-40190664e85c
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dlSO2EpTLcgFv27RaM8e32NNb1-l6oiIEt3d3Q_F1M9tcyO7fB1boQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3027), with no line terminators
Size:   1453
Md5:    fb16eab5a94265b2af0e7825d91f400a
Sha1:   9de11fb51034c6483880ffa2da831f90561c428e
Sha256: 059b360fbd05dde6ad9d4287d8bcca5f2b30745f85d6f880a63f2bd552b93277
                                        
                                            GET /contents/s/60/48/ab/089e4506ecc71cbde9b63bd282/01133461862456.jpeg HTTP/1.1 
Host: interstitial-07.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=s9CZbMZS2qcly1v&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2737089902%26z%3D3519989%26b%3D13464284%26c%3D5714898%26var%3D%26d%3Dhttps%253A%252F%252Fgamingonline.top%252Fbase.php%253Fc%253D1125%2526key%253Dbeb8791f5d3ca21932449f190ada4065%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DKim64bLFEtJcmami0NpBeMJIo57oUXO8MR7W35dH6oPvk5VytkruT4L5v0xFilS6YCGsfK5yBtBxHZeVeUUH6mmUJJC4uDuCUqVW2gBgkhGpmMPtt49gqT6ut0r2mc5Jg7rV4aB94qU0k8e38CI1JaFEsLCDjLEKszqQeVRUguf0Is99aAcrbFdG1TwlSKBbZP_lpKCs1K_sum1NeE0Uk3VjktUDgrIkEz6M13_3cFgQU4xfwiOyxwiuE1IB6khZNppJI6FdVDftY_hsJMjuOuvoQNVSvZD33XRyWs8cpBuXIQDVftJDwp_9T2sja1zpThIkNRxqXb1FHKXRZ4_QieJHFLexhHFtz4QAwl7k8KAw_FxCmsgpKmgNennQw7Jq172WwifpGBvwxFPrhZqI6xCOM5OSgI_tpkMwcIbxW6O-XVnvMXDvcED36HhKWrRzSf9yOafzTdVerazejKTE_ArZXzEFhwnkofze2aS_Zgsmd9G927BM0pelQP32Q57NySKi7o5hsheJuDi1cEyg_-p10LWbMPL0BkcfhE4XQqSP4TNKxUmcQQ50kEBT-mXGQe-GZwpLciBUJmgCPDXtGw%3D%3D%26bag%3DFWuOy7mVj9dFk3oo3jPRgA%3D%3D%26ruid%3D59788261-e4cf-4d4a-a236-b3e78808f314%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww109.zippyshare.com%252Fv%252Foc6swaoi%252Ffile.html%26wy%3D0%26wx%3D0%26ww%3D1152%26wh%3D921%26cw%3D1140%26wiw%3D1152%26wih%3D921%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         139.45.197.151
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 10 Jun 2022 15:53:05 GMT
content-type: image/jpeg
content-length: 18141
last-modified: Fri, 11 Feb 2022 02:19:06 GMT
etag: "6205c79a-46dd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Size:   18141
Md5:    6048ab089e4506ecc71cbde9b63bd282
Sha1:   bc5be072c017e9ca20da026f6660336c8b86c323
Sha256: 07b05fab74cfda2d008ee1613bd163e23565d63ed3b869371be00431fbb430ba
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5230AFCB0E9E370FC5C9EC6CEF9144088D7A2CE19AF654410F9C7ED20039E718"
Last-Modified: Thu, 09 Jun 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6640
Expires: Fri, 10 Jun 2022 17:43:45 GMT
Date: Fri, 10 Jun 2022 15:53:05 GMT
Connection: keep-alive

                                        
                                            GET /contents/s/ee/0f/75/a8aa87dc9dc59af6549bfea61b/0133134418233.jpeg HTTP/1.1 
Host: interstitial-07.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=s9CZbMZS2qcly1v&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2737089902%26z%3D3519989%26b%3D13464284%26c%3D5714898%26var%3D%26d%3Dhttps%253A%252F%252Fgamingonline.top%252Fbase.php%253Fc%253D1125%2526key%253Dbeb8791f5d3ca21932449f190ada4065%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DKim64bLFEtJcmami0NpBeMJIo57oUXO8MR7W35dH6oPvk5VytkruT4L5v0xFilS6YCGsfK5yBtBxHZeVeUUH6mmUJJC4uDuCUqVW2gBgkhGpmMPtt49gqT6ut0r2mc5Jg7rV4aB94qU0k8e38CI1JaFEsLCDjLEKszqQeVRUguf0Is99aAcrbFdG1TwlSKBbZP_lpKCs1K_sum1NeE0Uk3VjktUDgrIkEz6M13_3cFgQU4xfwiOyxwiuE1IB6khZNppJI6FdVDftY_hsJMjuOuvoQNVSvZD33XRyWs8cpBuXIQDVftJDwp_9T2sja1zpThIkNRxqXb1FHKXRZ4_QieJHFLexhHFtz4QAwl7k8KAw_FxCmsgpKmgNennQw7Jq172WwifpGBvwxFPrhZqI6xCOM5OSgI_tpkMwcIbxW6O-XVnvMXDvcED36HhKWrRzSf9yOafzTdVerazejKTE_ArZXzEFhwnkofze2aS_Zgsmd9G927BM0pelQP32Q57NySKi7o5hsheJuDi1cEyg_-p10LWbMPL0BkcfhE4XQqSP4TNKxUmcQQ50kEBT-mXGQe-GZwpLciBUJmgCPDXtGw%3D%3D%26bag%3DFWuOy7mVj9dFk3oo3jPRgA%3D%3D%26ruid%3D59788261-e4cf-4d4a-a236-b3e78808f314%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww109.zippyshare.com%252Fv%252Foc6swaoi%252Ffile.html%26wy%3D0%26wx%3D0%26ww%3D1152%26wh%3D921%26cw%3D1140%26wiw%3D1152%26wih%3D921%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         139.45.197.151
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 10 Jun 2022 15:53:05 GMT
content-type: image/jpeg
content-length: 43605
last-modified: Fri, 11 Feb 2022 11:45:56 GMT
etag: "62064c74-aa55"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Size:   43605
Md5:    ee0f75a8aa87dc9dc59af6549bfea61b
Sha1:   14570a6fb0841a69709f568c0982079016de4780
Sha256: d2adbe28365a0445023b878adf29ae3892d58073988c6a8128c74807174f9435
                                        
                                            GET /vctx?t=72747 HTTP/1.1 
Host: unphionetor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.236
HTTP/2 204 No Content
                                        
server: nginx
date: Fri, 10 Jun 2022 15:53:05 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 74d70fed3e9e661e4edbc18a0d2dbb94
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET / HTTP/1.1 
Host: freychang.fun
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www109.zippyshare.com/
Origin: https://www109.zippyshare.com
Connection: keep-alive
Cookie: csu=567044265112367@2@1654105504
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         172.67.218.221
HTTP/2 200 OK
                                        
date: Fri, 10 Jun 2022 15:53:05 GMT
content-type: text/plain
set-cookie: csu=567044265112367@3@1654105504; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www109.zippyshare.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qr3ZS%2FW%2BA9cgGVwThp4spN0amI4bXbEC28zUGJ7STRNnHg0rBbvPYHNRn6itV%2BF2ZZB9e15rspFXAVzwi9386k5wlR71uO%2BdewOO%2BF7HzYQhvZC4aUxpyUlTJmqxf7jz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 71934721b87eb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   27
Md5:    04be86dd4b0045638098c377d04b2238
Sha1:   47ebf9b126a74df93bea363f85fd4b7eb3ff61cc
Sha256: b6652b456b469b6ecce0d291add859f4b5daa1e7882f5cb159cf65c4d1a1d9b4

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /fv.js?t=72747&cb=523083613 HTTP/1.1 
Host: unphionetor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.236
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 10 Jun 2022 15:53:05 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 6a6d3cf847a81a0a2dfbecde0c21c70e
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5213), with no line terminators
Size:   2153
Md5:    0254fb1dad74628b7ad0f97d304fac92
Sha1:   35f7af13a08eb87023ec7df4d3c35c21b2cde79d
Sha256: 47fb6ce428ca80ea69b772e4f66e4e5c622a4005db601746033d04511bd27536

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /floater?cs=UHZMdGFhR3hCVGBAfEJVY0F4QFc&abt=0&red=1&sm=83&k=zippyshare&v=0.8.8.1&sts=0&prn=0&emb=0&tid=843055&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww109.zippyshare.com%2Fv%2Foc6swaoi%2Ffile.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_1do9=1654876384800&crc=1 HTTP/1.1 
Host: rningserien.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www109.zippyshare.com
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.111.36
HTTP/2 200 OK
                                        
content-type: text/plain
content-length: 6791
date: Fri, 10 Jun 2022 15:53:05 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www109.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=81dfc8c9-06eb-42fb-9438-907a2e1c5561
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: E_OZNAzUn24WpLzZe--CGOnxHC_nt4tZsLTx4wKRRkOKS4j1-KyZQg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (9983), with no line terminators
Size:   6791
Md5:    59e25ccf15548147c7b6a75459974951
Sha1:   d4c4d9673d14d711b2312273e39a962068ab1503
Sha256: 61f4842a7d61a6c039f50d1d499d6e2c81bee4b58fe378d8e779b92120233eed
                                        
                                            POST / HTTP/1.1 
Host: blicatedlittle.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www109.zippyshare.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://www109.zippyshare.com
Content-Length: 358
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         107.22.28.167
HTTP/2 200 OK
                                        
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D763C8858CC015B9F2A4CDBD389F37DE5CA4ABCDB6528414A4DF331ADEC62040"
Last-Modified: Thu, 09 Jun 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9508
Expires: Fri, 10 Jun 2022 18:31:34 GMT
Date: Fri, 10 Jun 2022 15:53:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D763C8858CC015B9F2A4CDBD389F37DE5CA4ABCDB6528414A4DF331ADEC62040"
Last-Modified: Thu, 09 Jun 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9508
Expires: Fri, 10 Jun 2022 18:31:34 GMT
Date: Fri, 10 Jun 2022 15:53:06 GMT
Connection: keep-alive

                                        
                                            GET /?l=s9CZbMZS2qcly1v&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2737089902%26z%3D3519989%26b%3D13464284%26c%3D5714898%26var%3D%26d%3Dhttps%253A%252F%252Fgamingonline.top%252Fbase.php%253Fc%253D1125%2526key%253Dbeb8791f5d3ca21932449f190ada4065%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DKim64bLFEtJcmami0NpBeMJIo57oUXO8MR7W35dH6oPvk5VytkruT4L5v0xFilS6YCGsfK5yBtBxHZeVeUUH6mmUJJC4uDuCUqVW2gBgkhGpmMPtt49gqT6ut0r2mc5Jg7rV4aB94qU0k8e38CI1JaFEsLCDjLEKszqQeVRUguf0Is99aAcrbFdG1TwlSKBbZP_lpKCs1K_sum1NeE0Uk3VjktUDgrIkEz6M13_3cFgQU4xfwiOyxwiuE1IB6khZNppJI6FdVDftY_hsJMjuOuvoQNVSvZD33XRyWs8cpBuXIQDVftJDwp_9T2sja1zpThIkNRxqXb1FHKXRZ4_QieJHFLexhHFtz4QAwl7k8KAw_FxCmsgpKmgNennQw7Jq172WwifpGBvwxFPrhZqI6xCOM5OSgI_tpkMwcIbxW6O-XVnvMXDvcED36HhKWrRzSf9yOafzTdVerazejKTE_ArZXzEFhwnkofze2aS_Zgsmd9G927BM0pelQP32Q57NySKi7o5hsheJuDi1cEyg_-p10LWbMPL0BkcfhE4XQqSP4TNKxUmcQQ50kEBT-mXGQe-GZwpLciBUJmgCPDXtGw%3D%3D%26bag%3DFWuOy7mVj9dFk3oo3jPRgA%3D%3D%26ruid%3D59788261-e4cf-4d4a-a236-b3e78808f314%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww109.zippyshare.com%252Fv%252Foc6swaoi%252Ffile.html%26wy%3D0%26wx%3D0%26ww%3D1152%26wh%3D921%26cw%3D1140%26wiw%3D1152%26wih%3D921%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1 
Host: interstitial-07.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.151
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 10 Jun 2022 15:53:05 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.26
set-cookie: reverse=_8K0KsxVG2T0BAtQqmqadPObWZ5Crf2mZg4AOr5IlPQ; expires=Fri, 10-Jun-2022 16:53:05 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   11624
Md5:    9c25df9f9efa67d1e8c5d30d1119e1d5
Sha1:   40c9b6008c2e3bb7736bf41563f445edd41b96de
Sha256: df944c518065a01785ba2cf6deca38b1fd7c774327c60f1862e85b927215bc20
                                        
                                            GET / HTTP/1.1 
Host: freychang.fun
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www109.zippyshare.com/
Origin: https://www109.zippyshare.com
Connection: keep-alive
Cookie: csu=567044265112367@2@1654105504
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.218.221
HTTP/2 200 OK
                                        
date: Fri, 10 Jun 2022 15:53:05 GMT
content-type: text/plain
set-cookie: csu=567044265112367@3@1654105504; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www109.zippyshare.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NI9Y7ZxMLaUlk%2B%2FHCrXE2k7lVE9p8EOWYMYjgSI%2BU4eQIadL08IgXYdeTFZgCyZNAMCMYj0m3KSkvxG9LGv%2B5CpUmC9b4%2BqmM%2Bcv%2BAwEg0azM6SI2D6mnrLxR%2BiuGnWM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 71934720dec3b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   9935
Md5:    4736542465a4b74480f8c488e2327f0c
Sha1:   5b33b76101fd59f48160eff2470bc2f6011f75b6
Sha256: 1f176aaafa5679402cb69965186bed5f71b5528f4c5e3c12b8454a31ed1a81ab

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /asd100.bin HTTP/1.1 
Host: freychang.fun
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www109.zippyshare.com/
Origin: https://www109.zippyshare.com
Connection: keep-alive
Cookie: csu=567044265112367@2@1654105504
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.67.218.221
HTTP/2 200 OK
                                        
date: Fri, 10 Jun 2022 15:53:05 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www109.zippyshare.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Fri, 10 Jun 2022 13:43:40 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B8PBvx6cTrSe7ySSuA29Z8kYQ%2F3PChkiuXi%2FCQzkZCdIBI3VXSu0vXVI1%2F%2Ba4AGt93s49m3%2FeTvyPg%2BYkVFU6GX95rtBylO8AzxoQPrGnslBfwEfsro4%2B9vc17TEJWiJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 71934720ceb3b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   108164
Md5:    2fd51cbfc753c4d62932b95a91317ce2
Sha1:   ea8177277e595775b62ad9db18d165c3cb77e25e
Sha256: 89d32e7d46f1f6faed3018666862e09e15ce42cea7d2ac4b03737364a586e2cb

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9e6d026-c1c1-4fa4-a000-772f080596fb.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 9013
x-amzn-requestid: b0266a56-52f5-4cb9-9aac-892b1551f669
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Teq4BHZnoAMFQHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a28b66-4ff266c5025514c11c3f37d8;Sampled=0
x-amzn-remapped-date: Fri, 10 Jun 2022 00:08:06 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: JsSs5rGG5HeOkwdqBWsB9OcXpvia6zKBd368jaRKjUsYteAsBeV5pg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Fri, 10 Jun 2022 01:01:20 GMT
etag: "7c8c7ad3d2508491fee95f317b7b4279dfbe130e"
content-type: image/jpeg
age: 53506
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9013
Md5:    18a45cb7b7b6eae6c0d8f2fa036af6a9
Sha1:   7c8c7ad3d2508491fee95f317b7b4279dfbe130e
Sha256: 057f8ed3ed233add23f2c1b443a0382c6ed4c1ba5dd47877a1e71f58bd835b62
                                        
                                            GET /asd100.bin HTTP/1.1 
Host: freychang.fun
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www109.zippyshare.com/
Origin: https://www109.zippyshare.com
Connection: keep-alive
Cookie: csu=567044265112367@2@1654105504
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.67.218.221
HTTP/2 200 OK
                                        
date: Fri, 10 Jun 2022 15:53:05 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www109.zippyshare.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Fri, 10 Jun 2022 13:43:40 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VkQbMzeuCyjJ4IxRcqExR%2FsUSqyfPTUP0qvw2OT5ofDS0Sp8XSQjPeVyAIaE1dD49EarANBvvbHAqzg0i2%2FiLPSTw8KuQz2C7BgdGkNXnw0zT6XX3FskdwxRre3wMltZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 71934720decab527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   109077
Md5:    75f90f752f06c77e0ebbe3f6dd996768
Sha1:   0842deb7e8e206bf69779cc7799f9092616dc8f0
Sha256: 3943b02edeaab6486e5cb28a07d54987dc9f3de62d09319a473ba61e4225072e

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ed39e94-1c6e-4282-94ae-d048feb399f4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 11431
x-amzn-requestid: 06279402-1196-45e5-b710-2ce1455223a6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: TesOOEipIAMFp8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a28d8e-503c9ef07a4374e960841c12;Sampled=0
x-amzn-remapped-date: Fri, 10 Jun 2022 00:17:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hsEMpmh1eZcXXHiFYQGnoumlRc2sVyL_CvdpJZCxI5rfD8V_irxEkw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 10 Jun 2022 00:29:25 GMT
age: 55421
etag: "ec7b52805877d2b5a3de9fcd3d53173003fdbec6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11431
Md5:    3490eaaa220f7cb7cdae7efec8332a58
Sha1:   ec7b52805877d2b5a3de9fcd3d53173003fdbec6
Sha256: b4580b7dfea053eb0ec31d4234daa9c202f464f433495d6a2e1bbab4eba58485
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BC1715E1D9A5D6F216A17552B4C7B3DA45F948B8B6A10125B182A2FA0B433117"
Last-Modified: Wed, 08 Jun 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10170
Expires: Fri, 10 Jun 2022 18:42:37 GMT
Date: Fri, 10 Jun 2022 15:53:07 GMT
Connection: keep-alive

                                        
                                            GET /b2/l/i/icon?cid=7&eid=419&n=99dc999b1c42e4bd8ccdf216&nid=1&sid=1bZc7SgoWNfUejfoFsEX5xFtGfpuV%2Bqnzw11JYAdkigsUIy9nXR%2FHTff8qjyoKqooSZB6g2pFrMOO6Ae%2FZphzKLius91p%2BBlkxBH%2FkbBan%2F3BsY%2FsEDruvanLUsY7T1%2Fkkju7oBVjYXBsyDy5U3dibg8k4l6sug8N1lP47OdA2qcNmgl7uTMYM%2FicfKQMLKsbxQAg4%2FOaEZLElWZR5oRmeO2pOAfLeT1hS0BRXH%2BFpxh7YzmniOelmXsNVPt7RSXkxe0v6uQ4K%2Baf3DL1llEjn1hjzSxiP0OPE4%2FXltaLh2fg%2B4N9cCB%2FzEEpzuLAJbtqWtmwY6SywiAR7AkYqeL1EknPE3MAIiyf%2FvXisNCN5%2FKd31gqUTeUjBDNZi6VJRraHBQg99rqxD%2BhEp6jUWzBh4jU9vqF5cFkIBX5%2B02piiBYAr5GdUrHU5OrJZ%2FRtuu7ljjoIzWP9pFZd%2BGFOcjqvk%2Bhqc%2FeS43GfaQMKyZfGOCrrM9lumNm1nppY%2FUmyBV3T8bjMD3O%2BNRDvHra%2Bqnv7wbtOqnUocQ5AxlMwUYPp48xUoeV4efoQM3duM0A4CfYAingma0k3s4pUulWG%2BSxPKXRXAVyxTA5BlG53vYGlY6h6%2BZ5oZACg6ySoWd1VW7O1wblwBLNQigZURFeLh%2FaWoMfmPxCC3%2FHFiB8niSABBMpxP7WFe0pewFiK3XZ06GW0RiPgLhdvfMFq79MkSPm2%2Bf6ZpD7PKby8kupg6N6KN44RbQcxseYr5abVX9ncOYzk1Au9a%2BtcMSqDvHxVAHvwNjXjqAdmUZvLKtb5FyLt2JG3o91GJVme3%2Bnww7SUR23%2FcRcYx9471orFAV6uJ6BELjbWuaM3CXHs7bYARhb7iH9zW%2FmJl%2F1gq%2F9MIezFmY35BSEKvhjyz9i12ZmHyCPkPDWsRPsT%2BmypTQYWxNvhhAD7CTa82W3DZhdmUv9HfTmnfvn0%2BxkWjcSJRkjPxIPC6EcjT1ogwWEbcvRiJ6jXNt7%2Bmt%2FM%2Bolz3QNyLkPpLLv5BqACnf%2FH4YjXRY%2FOozbQzy7CXzfXqM1W4q7fwlPI5ClL9pfFlhEvGOHAcP%2F2bOOknm98u32eZEqycPXyYFWPgZG81aM%2B8qNwxV%2Be0IsDx5HL%2BDxu8%2BqQApegMKD%2FILhabgRlsl4okBC%2Fflg3Lo7sO6XBEfRNOirxylkKGtfVRVJt2y9JJDhyp0JX3cQIDYWKnNH%2FXqL0Y3wwPUevbsl%2Ffo3oNqkyfJR9QKrEcvgvRPp5aVPaa9c85ZbJsEztKnwAypYypJEwElkGATi6I9Oovr3fyEoSMVsWynOu0FBS8vWB9uSXy8ZFplj6qf7rBueS%2BzOaPBnRNqodB4q6ir0CnruDWrI2gDanMXetTxt1rJBWJVcJugBsvUOTCrkj7tgsvYvpRFTbPz%2F%2FLVGLCawvkHZO7CtfHkHTL%2BE7ce6lamUDQZDzrR%2BnVXcKmhTXdtnUvl1w1HrDTSf2vi240NCrW%2FBcSzqLrbUzEEPNzLV89Wz8gacIq7oe7y%2FMYW%2FTW79UckaRnyQswBE5PFk8VV2tnXuztYBDxaE5EY5Atw7jc%2Bj0zrqcNf97F7n5LnqVvjDT42geo%2BWm%2F8hS9IN%2FV8ieh%2FntKz%2BzH%2BjJ%2FSwiiniTNx9w&ts=1654876385&ttl=3600&v=v5.3.2 HTTP/1.1 
Host: icotrack.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         109.206.168.17
HTTP/2 302 Found
                                        
server: dspclick-v3.7.9
date: Fri, 10 Jun 2022 15:53:07 GMT
content-length: 0
location: https://imatrk.net/znN7KuAMgv4VNtfgNQq8qHSsr6WtVgUo5ub57OU6.png
set-cookie: adcsid-i-3345120015geewqhvB=1; expires=Sat, 11 Jun 2022 15:53:07 GMT; path=/
X-Firefox-Spdy: h2

                                        
                                            GET /b2/l/i/icon?cid=7&eid=419&n=99dc999b1c42e4bd8ccdf216&nid=1&sid=1bZc7SgoWNfUejfoFsEX5xFtGfpuV%2Bqnzw11JYAdkigsUIy9nXR%2FHTff8qjyoKqooSZB6g2pFrMOO6Ae%2FZphzKLius91p%2BBlkxBH%2FkbBan%2F3BsY%2FsEDruvanLUsY7T1%2Fkkju7oBVjYXBsyDy5U3dibg8k4l6sug8N1lP47OdA2qcNmgl7uTMYM%2FicfKQMLKsbxQAg4%2FOaEZLElWZR5oRmeO2pOAfLeT1hS0BRXH%2BFpxh7YzmniOelmXsNVPt7RSXkxe0v6uQ4K%2Baf3DL1llEjn1hjzSxiP0OPE4%2FXltaLh2fg%2B4N9cCB%2FzEEpzuLAJbtqWtmwY6SywiAR7AkYqeL1EknPE3MAIiyf%2FvXisNCN5%2FKd31gqUTeUjBDNZi6VJRraHBQg99rqxD%2BhEp6jUWzBh4jU9vqF5cFkIBX5%2B02piiBYAr5GdUrHU5OrJZ%2FRtuu7ljjoIzWP9pFZd%2BGFOcjqvk%2Bhqc%2FeS43GfaQMKyZfGOCrrM9lumNm1nppY%2FUmyBV3T8bjMD3O%2BNRDvHra%2Bqnv7wbtOqnUocQ5AxlMwUYPp48xUoeV4efoQM3duM0A4CfYAingma0k3s4pUulWG%2BSxPKXRXAVyxTA5BlG53vYGlY6h6%2BZ5oZACg6ySoWd1VW7O1wblwBLNQigZURFeLh%2FaWoMfmPxCC3%2FHFiB8niSABBMpxP7WFe0pewFiK3XZ06GW0RiPgLhdvfMFq79MkSPm2%2Bf6ZpD7PKby8kupg6N6KN44RbQcxseYr5abVX9ncOYzk1Au9a%2BtcMSqDvHxVAHvwNjXjqAdmUZvLKtb5FyLt2JG3o91GJVme3%2Bnww7SUR23%2FcRcYx9471orFAV6uJ6BELjbWuaM3CXHs7bYARhb7iH9zW%2FmJl%2F1gq%2F9MIezFmY35BSEKvhjyz9i12ZmHyCPkPDWsRPsT%2BmypTQYWxNvhhAD7CTa82W3DZhdmUv9HfTmnfvn0%2BxkWjcSJRkjPxIPC6EcjT1ogwWEbcvRiJ6jXNt7%2Bmt%2FM%2Bolz3QNyLkPpLLv5BqACnf%2FH4YjXRY%2FOozbQzy7CXzfXqM1W4q7fwlPI5ClL9pfFlhEvGOHAcP%2F2bOOknm98u32eZEqycPXyYFWPgZG81aM%2B8qNwxV%2Be0IsDx5HL%2BDxu8%2BqQApegMKD%2FILhabgRlsl4okBC%2Fflg3Lo7sO6XBEfRNOirxylkKGtfVRVJt2y9JJDhyp0JX3cQIDYWKnNH%2FXqL0Y3wwPUevbsl%2Ffo3oNqkyfJR9QKrEcvgvRPp5aVPaa9c85ZbJsEztKnwAypYypJEwElkGATi6I9Oovr3fyEoSMVsWynOu0FBS8vWB9uSXy8ZFplj6qf7rBueS%2BzOaPBnRNqodB4q6ir0CnruDWrI2gDanMXetTxt1rJBWJVcJugBsvUOTCrkj7tgsvYvpRFTbPz%2F%2FLVGLCawvkHZO7CtfHkHTL%2BE7ce6lamUDQZDzrR%2BnVXcKmhTXdtnUvl1w1HrDTSf2vi240NCrW%2FBcSzqLrbUzEEPNzLV89Wz8gacIq7oe7y%2FMYW%2FTW79UckaRnyQswBE5PFk8VV2tnXuztYBDxaE5EY5Atw7jc%2Bj0zrqcNf97F7n5LnqVvjDT42geo%2BWm%2F8hS9IN%2FV8ieh%2FntKz%2BzH%2BjJ%2FSwiiniTNx9w&ts=1654876385&ttl=3600&v=v5.3.2 HTTP/1.1 
Host: icotrack.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         109.206.168.17
HTTP/2 302 Found
                                        
server: dspclick-v3.7.9
date: Fri, 10 Jun 2022 15:53:07 GMT
content-length: 0
location: https://imatrk.net/znN7KuAMgv4VNtfgNQq8qHSsr6WtVgUo5ub57OU6.png
set-cookie: adcsid-i-3345120015geewqhvB=1; expires=Sat, 11 Jun 2022 15:53:08 GMT; path=/
X-Firefox-Spdy: h2

                                        
                                            GET /znN7KuAMgv4VNtfgNQq8qHSsr6WtVgUo5ub57OU6.png HTTP/1.1 
Host: imatrk.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.16.43
HTTP/2 200 OK
                                        
date: Fri, 10 Jun 2022 15:53:08 GMT
content-type: image/webp
content-length: 8206
expires: Sat, 25 Jun 2022 09:01:19 GMT
cache-control: public, max-age=2592000
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin, Accept-Encoding
x-hw: 1650445354.dop124.am5.shc,1650445354.dop124.am5.t,1650445354.cds268.am5.pr
cf-cache-status: HIT
age: 1320709
last-modified: Thu, 26 May 2022 09:01:19 GMT
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TC25xocY%2Bztl9aMlundU7iyw0%2F8WuYHiVieUUp0ZFfbcIqvr9yTy90IH8i32qexgzn3SUFS6O7umXaAtOR0WwU5zxJReg82VwcCjNqqTG53Fy0UXwkI%2FLd4culaZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 719347318f43b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 492x328, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   8206
Md5:    7a4bf2d2066671ac2dcff1abf43be223
Sha1:   ad8e8398e33668fec1de52ba1f6411ed76e200e2
Sha256: 4c47ec6ab8edccea889b0e618d3512403057e5991f3104797132b4ae51c9a8f5
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9045F8807B7DAAE707C45629B061821E99FA46373EE7FCDFE55A86D2A8EDDF0B"
Last-Modified: Wed, 08 Jun 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10982
Expires: Fri, 10 Jun 2022 18:56:10 GMT
Date: Fri, 10 Jun 2022 15:53:08 GMT
Connection: keep-alive

                                        
                                            GET /2fbff8f1092de61dd54ec740aea4d094.jpeg HTTP/1.1 
Host: cdn.adx1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         149.11.201.98
HTTP/2 200 OK
                                        
server: openresty/1.15.8.3
date: Fri, 10 Jun 2022 15:53:08 GMT
content-type: image/jpeg
content-length: 18985
last-modified: Fri, 10 Jun 2022 13:52:13 GMT
etag: "62a34c8d-4a29"
expires: Fri, 24 Jun 2022 13:59:38 GMT
cache-control: max-age=1209600
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size:   18985
Md5:    e309b42dd49a8a9bb46779ebfaaac5d4
Sha1:   3df58426beaf5a04974cef19b40446405b4d944b
Sha256: 8a233b74b4776ccec44cba9f6e6742561770f03f2b1ff5cfee0ea06cb6aa72f9
                                        
                                            GET /11?rnd=30390853&z=3519989&b=13464284&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=Kim64bLFEtJcmami0NpBeMJIo57oUXO8MR7W35dH6oPvk5VytkruT4L5v0xFilS6YCGsfK5yBtBxHZeVeUUH6mmUJJC4uDuCUqVW2gBgkhGpmMPtt49gqT6ut0r2mc5Jg7rV4aB94qU0k8e38CI1JaFEsLCDjLEKszqQeVRUguf0Is99aAcrbFdG1TwlSKBbZP_lpKCs1K_sum1NeE0Uk3VjktUDgrIkEz6M13_3cFgQU4xfwiOyxwiuE1IB6khZNppJI6FdVDftY_hsJMjuOuvoQNVSvZD33XRyWs8cpBuXIQDVftJDwp_9T2sja1zpThIkNRxqXb1FHKXRZ4_QieJHFLexhHFtz4QAwl7k8KAw_FxCmsgpKmgNennQw7Jq172WwifpGBvwxFPrhZqI6xCOM5OSgI_tpkMwcIbxW6O-XVnvMXDvcED36HhKWrRzSf9yOafzTdVerazejKTE_ArZXzEFhwnkofze2aS_Zgsmd9G927BM0pelQP32Q57NySKi7o5hsheJuDi1cEyg_-p10LWbMPL0BkcfhE4XQqSP4TNKxUmcQQ50kEBT-mXGQe-GZwpLciBUJmgCPDXtGw==&ruid=59788261-e4cf-4d4a-a236-b3e78808f314&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww109.zippyshare.com%2Fv%2Foc6swaoi%2Ffile.html&wy=0&wx=0&ww=1152&wh=921&cw=1140&wiw=1152&wih=921&wfc=2&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1 
Host: toglooman.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www109.zippyshare.com
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Cookie: scm=1; OAID=ab53d7a6c74242a78adbfbc0dc99e5d3; oaidts=1654105504; oaidvc=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 10 Jun 2022 15:53:10 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www109.zippyshare.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 0827170f19c9bfa6ecb9278800671913
access-control-expose-headers: X-Sc
set-cookie: OAID=ab53d7a6c74242a78adbfbc0dc99e5d3; expires=Sat, 10 Jun 2023 15:53:10 GMT; secure; SameSite=None oaidts=1654105504; expires=Sat, 10 Jun 2023 15:53:10 GMT; secure; SameSite=None oaidvc=3; expires=Sat, 10 Jun 2023 15:53:10 GMT; secure; SameSite=None CNT=1_v1_3HLNAAEAAADRSjAw; expires=Fri, 10 Jun 2022 16:53:10 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2