| js.2mp4.xyz/AV4.us.jpg | 188.114.97.1 | 200 OK | 8.7 kB |
IP188.114.97.1:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGoogle Trust Services LLC Subject2mp4.xyz FingerprintED:E7:E0:E1:A9:53:73:B5:DC:2D:51:FA:D6:F6:F6:7B:04:99:02:28 ValidityThu, 02 May 2024 12:01:28 GMT - Wed, 31 Jul 2024 12:01:27 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 307x82, components 3 Hashedfe007a6e5b3d268b2528f564b60b43 1644c8ef97c871079e07e5079d613af5cb94052f bf5bb657f5e788af0c02b9b437d3f15bec91e27175e5a654e3d431fb6d063390
GET /AV4.us.jpg HTTP/1.1
Host: js.2mp4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:07 GMT
content-type: image/jpeg
content-length: 8741
etag: "2225-614075c7eff6b"
access-control-allow-origin: *
access-control-allow-headers: Cake
cache-control: public, max-age=360000
cf-cache-status: HIT
age: 306444
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7CU54XaYkzhWwHTCu5bm2c6bMcqIeAOLj0yDHnewVvkRJgY454houxGoIh4UoObCDDQsGMdw%2Fa3ZbWsQY0524FbSoQQyRnwhX%2BUV6VyEa4TFGzAefjkO0R3tp349MA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e6e00b3890b500-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js | 104.17.25.14 | 200 OK | 4.0 kB |
URL GET HTTP/3cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js IP104.17.25.14:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (10613) Hashea77f824de2ef57acb12e7cb6596365e 10bad0dbdf30a0471c2c786b349daeb1dd19180e 2b19d92ce83bf3b498f73103ba1240f09c84798b1f92aedf1491ccf0aa6f5e4c
GET /ajax/libs/nosleep/0.11.0/NoSleep.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 3953
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ed16b69-29bf"
last-modified: Fri, 29 May 2020 20:07:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 314861
expires: Thu, 24 Apr 2025 07:46:07 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IlKTO4CVQJyI%2BtvtTkWVDWnVJiv5a%2BnmuK62x5PibgCfhB9KiwCUIfqTuQCvJINeye7qQ3aCyfJjKiecpiK%2FAwkiSb2NMPfSejw5LAXa4N%2FZPnc27Nyl%2Fq5xm%2ByjGQNiL6Gp34%2Fq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87e6e00e0f6a56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js | 151.101.1.229 | 200 OK | 75 kB |
URL GET HTTP/3cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js IP151.101.1.229:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (563) Hash6e03b01f1b5a43c6aed614fc777eba49 5bcda76ab147e4e722143d58035368a889519fbd 6e0dd9005b931440353e4bdb651477d168f8a7081c1834042468de9febd97342
GET /npm/yandex-metrica-watch/watch.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.325.0
x-jsd-version-type: version
etag: W/"2c0ab-W82narFH5OciFD1YA1NoqIlRn70"
content-encoding: br
accept-ranges: bytes
date: Sat, 04 May 2024 07:46:07 GMT
age: 31602
x-served-by: cache-fra-eddf8230153-FRA, cache-hel1410025-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 75372
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=UA-620120-3 | 142.250.74.168 | 200 OK | 71 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=UA-620120-3 IP142.250.74.168:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (1822) Hash322bede6ce5a77f2459af0689ad84e67 61b7ce099d67ef1b2ae7402f357bbedd169f969e b8bb78c1498b68ad67a1aa002c6dc4220cf3d44f5020a2b12359db73296d852c
GET /gtag/js?id=UA-620120-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 07:46:07 GMT
expires: Sat, 04 May 2024 07:46:07 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 May 2024 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 70765
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js | 104.17.25.14 | 200 OK | 4.0 kB |
URL GET HTTP/3cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js IP104.17.25.14:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (10613) Hashea77f824de2ef57acb12e7cb6596365e 10bad0dbdf30a0471c2c786b349daeb1dd19180e 2b19d92ce83bf3b498f73103ba1240f09c84798b1f92aedf1491ccf0aa6f5e4c
GET /ajax/libs/nosleep/0.11.0/NoSleep.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 07:46:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 3953
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ed16b69-29bf"
last-modified: Fri, 29 May 2020 20:07:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 314862
expires: Thu, 24 Apr 2025 07:46:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GwMDwgEia%2F4UnklzqqSR4c3KMHnUPVR0aT1QVkQcyKGBkWkQ89GVEWaRcB5I3l22XiVOlC%2FrJeTtYKW8uNp20%2BxhwB9l%2B2CXCFn6L1%2FeP%2FNGQm74b%2B05bmrLWsYIQBh4V9UAChgF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87e6e012faf0b515-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js | 151.101.1.229 | 200 OK | 75 kB |
URL GET HTTP/3cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js IP151.101.1.229:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (563) Hash6e03b01f1b5a43c6aed614fc777eba49 5bcda76ab147e4e722143d58035368a889519fbd 6e0dd9005b931440353e4bdb651477d168f8a7081c1834042468de9febd97342
GET /npm/yandex-metrica-watch/watch.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-length: 75372
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.325.0
x-jsd-version-type: version
etag: W/"2c0ab-W82narFH5OciFD1YA1NoqIlRn70"
content-encoding: br
accept-ranges: bytes
date: Sat, 04 May 2024 07:46:08 GMT
age: 31603
x-served-by: cache-fra-eddf8230153-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
|
|
| www.googletagmanager.com/gtag/js?id=UA-620120-3 | 142.250.74.168 | 200 OK | 71 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=UA-620120-3 IP142.250.74.168:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (1822) Hash1a2db2dba2cf0c839050a3214dc874a3 33e2351433a28feef342b09cbe2a0fcd5fa52381 d7b5d1765ab824765bce8e55949af9d987ab560d55442ea7ecca580fabe501dd
GET /gtag/js?id=UA-620120-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 07:46:08 GMT
expires: Sat, 04 May 2024 07:46:08 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 May 2024 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 70767
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| jsjs.4jpg.top/index.php?js=av4&advertisement& | 188.114.97.1 | | 70 kB |
URL GET jsjs.4jpg.top/index.php?js=av4&advertisement& IP188.114.97.1:0
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGoogle Trust Services LLC Subject4jpg.top Fingerprint19:3C:A7:CB:6C:A2:7F:AC:A7:F8:06:02:93:BD:6D:64:17:BD:D5:58 ValidityThu, 07 Mar 2024 14:29:37 GMT - Wed, 05 Jun 2024 14:29:36 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (6529), with CRLF line terminators Hash1310c77b13f2af79a1f4586b156f3adc 338dd9055153c5eca0f1c528b356ca664688b8ce 9aaa103bd4981c8f912aa3821d70c60b54debb6f999756564debaa4f33ecb68a
GET /index.php?js=av4&advertisement& HTTP/1.1
Host: jsjs.4jpg.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 07:46:08 GMT
content-type: text/html; charset=UTF-8
imghost: 17296161209-h-jsjs4jpgtopmh--SE-rm16215822256/index.php?js=av4&advertisement&
56nloadrate: 1.2928125
cache-control: public, max-age=14400, s-max-age=1800
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Cake
cf-cache-status: HIT
age: 803
last-modified: Sat, 04 May 2024 07:32:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z%2F1LJOD7nhCeE%2BvI6YNyedTuY3ANng3L3nhU4qbIWvGJGvEi5Sy5xeH6n5tIroreXeR6tXKZK%2FuuRwRJRoz20Rv5tskFh5lKjJL9QbN3AwJVQAneIA5fHQ%2BBLrkdXuLi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e6e0117b7cb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| da7b22a400.13199960a1.com/0ae085698cad0960a86703ca969164ab.js | 45.133.44.52 | 200 OK | 46 kB |
URL GET HTTP/2da7b22a400.13199960a1.com/0ae085698cad0960a86703ca969164ab.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subjectda7b22a400.13199960a1.com Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT
File typegzip compressed data, from Unix Hash17eaf878319fd9487e9cc4a644fe262a 1de042dfeeccb8cd6c142bc36eb0c6b9c5f23495 a210d92bc84584177082566947166edb5bae8f3d2ee249afef63d12ae6ead881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /0ae085698cad0960a86703ca969164ab.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://av.tube2.top
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:07 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 23 Apr 2024 09:45:19 GMT
etag: W/"6627832f-1ab1c"
content-encoding: gzip
expires: Sat, 04 May 2024 07:51:07 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| comments.4jpg.top/comments/embed.js?37 | 188.114.97.1 | 302 Found | 30 kB |
URL GET HTTP/3comments.4jpg.top/comments/embed.js?37 IP188.114.97.1:443
Requested byhttps://css.4jpg.top/tagjpa.php?noself=1&url=av.av4us.top/tags/6 CertificateIssuerGoogle Trust Services LLC Subject4jpg.top Fingerprint19:3C:A7:CB:6C:A2:7F:AC:A7:F8:06:02:93:BD:6D:64:17:BD:D5:58 ValidityThu, 07 Mar 2024 14:29:37 GMT - Wed, 05 Jun 2024 14:29:36 GMT
Hash7a065410ab3db49d664e20484347d9b1 7b03937e6f8d2018b5c91be5b1dd2aa10657b316 6061203a0092be431ab9327383ef64b8427b29ec0d343809bd5e83a6d58b8051
GET /comments/embed.js?37 HTTP/1.1
Host: comments.4jpg.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Sat, 04 May 2024 07:46:08 GMT
content-type: text/html
location: http://av.tub4us.top/1
x-proxy-cache-5950: MISS
xkey-5950: jcomments./comments/embed.js?37-A-comments.4jpg.top-comments.4jpg.top-myzone---no
x-proxy-cache-hd-la: HIT
xkey-hd-la: comments.4jpg.top/comments/embed.js?37--comments.4jpg.top--my_zone
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=olj131VA8uJ7c4%2FTwjwDTYxn304zzmWuJXyV2bRRmGDnl3ClhO2HVfCO9jgIiA5P6VhL1W0GKkjUGsiA6b1YVrzdYo6oop%2BeAzjXhVZKTmJBVrs5Knnm4orCd%2B9GORvFZiWg%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e6e0131cf6b527-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cacrz.4jpg.top/AV4.us.jpg | 188.114.97.1 | 200 OK | 8.7 kB |
URL GET HTTP/3cacrz.4jpg.top/AV4.us.jpg IP188.114.97.1:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGoogle Trust Services LLC Subject4jpg.top Fingerprint19:3C:A7:CB:6C:A2:7F:AC:A7:F8:06:02:93:BD:6D:64:17:BD:D5:58 ValidityThu, 07 Mar 2024 14:29:37 GMT - Wed, 05 Jun 2024 14:29:36 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 307x82, components 3 Hashedfe007a6e5b3d268b2528f564b60b43 1644c8ef97c871079e07e5079d613af5cb94052f bf5bb657f5e788af0c02b9b437d3f15bec91e27175e5a654e3d431fb6d063390
GET /AV4.us.jpg HTTP/1.1
Host: cacrz.4jpg.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 07:46:09 GMT
content-type: image/jpeg
content-length: 8741
etag: "2225-5499bcea176c0"
access-control-allow-origin: *
access-control-allow-headers: Cake
ahost: RZ
cache-control: public, max-age=3600000
cf-cache-status: HIT
age: 314884
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ORdwZObU5F1doQKe2LuqOalR8L14Q206RUDjv%2F8LDRXpTll3mtPNcADfWq%2BY6hQRk3g9amIm9pWs5a2rTOaNwE9vRfH38A5VnX2blG5Em19q%2B8PCMtj9e3%2BvZL%2B%2FkUhkOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e6e016a84eb527-OSL
alt-svc: h3=":443"; ma=86400
|
|
| jsjs.4jpg.top/index.php?js=very | 188.114.97.1 | 200 OK | 39 kB |
URL GET HTTP/3jsjs.4jpg.top/index.php?js=very IP188.114.97.1:443
Requested byhttps://css.4jpg.top/tagjpa.php?noself=1&url=av.av4us.top/tags/6 CertificateIssuerGoogle Trust Services LLC Subject4jpg.top Fingerprint19:3C:A7:CB:6C:A2:7F:AC:A7:F8:06:02:93:BD:6D:64:17:BD:D5:58 ValidityThu, 07 Mar 2024 14:29:37 GMT - Wed, 05 Jun 2024 14:29:36 GMT
File typeASCII text, with no line terminators Hash77542f8a3ada1bb8b45eb9139c5e69ef 08556fa802dce18bec90fc57d62c7caaa4dbbdd0 4a12c40c3eb9ed0e055519dbd5be4cb7e88ee707739484aa38e3e3284c0bdc46
GET /index.php?js=very HTTP/1.1
Host: jsjs.4jpg.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:07 GMT
content-type: text/html; charset=UTF-8
imghost: 17296161209-h-jsjs4jpgtopmh--NO-rm162158222116/index.php?js=very
56nloadrate: 1.201875
cache-control: max-age=360000, private
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Cake
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vXZQtW%2FQuuiFIyUC3gGwNdWedP0V5vQ0Ikw3oaErZtrtvJhYQqn8PyrKdokCq3sfWHfmpO%2FePnH%2FvzpfB2xeFCrMLmxVC6y3jXAT0EARsgsh6pWRMzfMFVoqerLjfUz8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e6e00b2b2c56cc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| av.tube2.top/contact/----6rMwPUbnBOWpDTXd | 172.67.210.71 | 200 OK | 9.0 kB |
URL User Request GET HTTP/3av.tube2.top/contact/----6rMwPUbnBOWpDTXd IP172.67.210.71:443
CertificateIssuerGoogle Trust Services LLC Subjecttube2.top Fingerprint96:EB:F5:53:EF:CF:7C:C6:25:32:41:45:F7:C2:C3:D8:D6:C6:79:E3 ValidityThu, 14 Mar 2024 14:21:36 GMT - Wed, 12 Jun 2024 14:21:35 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (1329), with CRLF, LF line terminators Hash7a1004ffaca4219c823c5b3669c7eebb 15c77d32993e2770ae1f84e144418fd08b46f57b d0ff1197e027562d599897c6bb1849e76f23695a44e403a24ca9763eaa4a271b
GET /contact/----6rMwPUbnBOWpDTXd HTTP/1.1
Host: av.tube2.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/6rMwPUbnBOWpDTXd
Cookie: lctcfck=NO
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 07:46:07 GMT
content-type: text/html; charset=UTF-8
pdojs-line8: host-av.tube2.top127.0.0.1-myhost-av.tube2.top127.0.0.1/contact/----v/s:/www.coolsexnew.com/de/29599705-junge-nackte-hei%C3%9Fe-jungs-aus-dem-polnischen-film-get-in-on-the-bareback-action.html
phost: av.tube2.top
pdojs-line1052: notjp--myhost-av.tube2.top-filteron-
line2128: notjp--myhost-av.tube2.top-filteron-/contact/----v/s:/www.coolsexnew.com/de/29599705-junge-nackte-hei%C3%9Fe-jungs-aus-dem-polnischen-film-get-in-on-the-bareback-action.html
line2131: notjp--myhost-av.tube2.top-filteron-
line2428: notjp-/contact/----v/s:/www.coolsexnew.com/de/29599705-junge-nackte-hei%C3%9Fe-jungs-aus-dem-polnischen-film-get-in-on-the-bareback-action.html-myhost-av.tube2.top-filteron-
cache-control: public, max-age=19460
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Cake
x-proxy-cache-5950: MISS
xkey-5950: av/contact/----v/s:/www.coolsexnew.com/de/29599705-junge-nackte-hei%C3%9Fe-jungs-aus-dem-polnischen-film-get-in-on-the-bareback-action.html-A-av.tube2.top-av.tube2.top-myzone---yes
x-proxy-cache-hd-la: HIT
xkey-hd-la: contactav.tube2.top-A-av.tube2.top--my_zone
cf-cache-status: MISS
last-modified: Sat, 04 May 2024 07:46:07 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Iw2l9iz76ZG%2B1Nz3LbgAF3iHuFv2kzU7JVqr8%2BT0bEeSEk%2FkDVSiKYcXn9yHSTcuhhZQXWCi9iJbPAEKiuVZDQ67WP1W3LcA0loiDoVravEdvh2FEha0FtwuM6Gz6gA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e6e00dcedc0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| js.capndr.com/advertising.js | 45.133.44.53 | 200 OK | 0 B |
URL GET HTTP/2js.capndr.com/advertising.js IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subjectjs.capndr.com Fingerprint0D:30:A1:FB:7E:A0:EC:89:85:17:27:67:37:21:DA:E0:CB:E3:26:06 ValiditySun, 21 Apr 2024 03:00:41 GMT - Sat, 20 Jul 2024 03:00:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertising.js HTTP/1.1
Host: js.capndr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:09 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 14 Jul 2023 08:23:25 GMT
etag: "64b105fd-0"
expires: Sat, 04 May 2024 07:51:09 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| da7b22a400.13199960a1.com/22802538876b351854c895125b33cfd1/23782?version_name=c | 45.133.44.52 | 200 OK | 5.3 kB |
URL GET HTTP/2da7b22a400.13199960a1.com/22802538876b351854c895125b33cfd1/23782?version_name=c IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subjectda7b22a400.13199960a1.com Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT
File typeNew Line Delimited JSON text data Hash5e7b7a0c4d18b70d507a5d1e0ec9692a e6cd44b613412ada2fca858b59ab83ffbac00804 2ccb175320a07854adaf71060df19e91824b87d0c4c60cddc717dfa197fbd05e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /22802538876b351854c895125b33cfd1/23782?version_name=c HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://av.tube2.top
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:08 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Sat, 04 May 2024 07:51:08 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| notification.tubecup.net/tags?tag_id=23782&timezone_olson=UTC&version_name=c&med_script_id=82&page=https%3A//av.tube2.top/contact/----6rMwPUbnBOWpDTXd | 138.201.237.88 | 204 No Content | 0 B |
URL GET HTTP/2notification.tubecup.net/tags?tag_id=23782&timezone_olson=UTC&version_name=c&med_script_id=82&page=https%3A//av.tube2.top/contact/----6rMwPUbnBOWpDTXd IP138.201.237.88:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tags?tag_id=23782&timezone_olson=UTC&version_name=c&med_script_id=82&page=https%3A//av.tube2.top/contact/----6rMwPUbnBOWpDTXd HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://av.tube2.top
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.20.2
date: Sat, 04 May 2024 07:46:09 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js | 142.250.74.106 | 200 OK | 30 kB |
URL GET HTTP/2ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP142.250.74.106:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hasha09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://css.4jpg.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 00:40:41 GMT
expires: Sat, 03 May 2025 00:40:41 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 111928
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js | 104.17.25.14 | 200 OK | 4.0 kB |
URL GET HTTP/3cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js IP104.17.25.14:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (10613) Hashea77f824de2ef57acb12e7cb6596365e 10bad0dbdf30a0471c2c786b349daeb1dd19180e 2b19d92ce83bf3b498f73103ba1240f09c84798b1f92aedf1491ccf0aa6f5e4c
GET /ajax/libs/nosleep/0.11.0/NoSleep.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://css.4jpg.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 07:46:09 GMT
content-type: application/javascript; charset=utf-8
content-length: 3953
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ed16b69-29bf"
last-modified: Fri, 29 May 2020 20:07:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 314863
expires: Thu, 24 Apr 2025 07:46:09 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=533Jkn5yb%2F0Y09hMjwAV6l%2FyU0u%2Btl%2FRiATelmGrwU6UqVPAeg7sQHbUVflD%2FiaaczaFuQIMY1aC1NXO1Shknui0ePYPX%2FIuVG6EEUGDNjJy%2BUF68%2B4t9BwPdWyJ33RDF8RKY8Zb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87e6e01bad1bb515-OSL
alt-svc: h3=":443"; ma=86400
|
|
| jsjs.4jpg.top/index.php?js=very | 188.114.97.1 | 200 OK | 73 B |
URL GET HTTP/3jsjs.4jpg.top/index.php?js=very IP188.114.97.1:443
Requested byhttps://css.4jpg.top/tagjpa.php?noself=1&url=av.av4us.top/tags/6 CertificateIssuerGoogle Trust Services LLC Subject4jpg.top Fingerprint19:3C:A7:CB:6C:A2:7F:AC:A7:F8:06:02:93:BD:6D:64:17:BD:D5:58 ValidityThu, 07 Mar 2024 14:29:37 GMT - Wed, 05 Jun 2024 14:29:36 GMT
File typeASCII text, with no line terminators Hash77542f8a3ada1bb8b45eb9139c5e69ef 08556fa802dce18bec90fc57d62c7caaa4dbbdd0 4a12c40c3eb9ed0e055519dbd5be4cb7e88ee707739484aa38e3e3284c0bdc46
GET /index.php?js=very HTTP/1.1
Host: jsjs.4jpg.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://css.4jpg.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 07:46:09 GMT
content-type: text/html; charset=UTF-8
imghost: 17296161209-h-jsjs4jpgtopmh--NO-rm162158222116/index.php?js=very
56nloadrate: 1.180625
cache-control: max-age=360000, private
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Cake
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JX2Eb2SWPgscMOXr3qazZHsENDn5Gt0OijNeHo5iFUegZcOsigsTkkeK%2F0jooUo0j3LIIbVodp7FJftdZGuht2%2F667bZrUkd8eJLRdRQVPLCP70UTASddUIeNd3f8bcJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e6e019eb56b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 3fb4026cec.ffbd26c481.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI0MDU0MzM4MjMzOTcyMTI1NzAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjAiLCJ0YWdfaWQiOjIzNzgyLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuNjUsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6MH0= | 45.133.44.52 | 200 OK | 0 B |
URL GET HTTP/23fb4026cec.ffbd26c481.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI0MDU0MzM4MjMzOTcyMTI1NzAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjAiLCJ0YWdfaWQiOjIzNzgyLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuNjUsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6MH0= IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subject3fb4026cec.ffbd26c481.com Fingerprint27:04:EE:66:BA:5B:49:EF:14:C8:8F:A8:F2:D9:35:3D:F6:0F:40:6A ValidityWed, 01 May 2024 02:50:26 GMT - Tue, 30 Jul 2024 02:50:25 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI0MDU0MzM4MjMzOTcyMTI1NzAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjAiLCJ0YWdfaWQiOjIzNzgyLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuNjUsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6MH0= HTTP/1.1
Host: 3fb4026cec.ffbd26c481.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://av.tube2.top
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:09 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| fp.metricswpsh.com/fp?tag_id=23782 | 157.90.84.242 | 200 OK | 58 B |
URL POST HTTP/1.1fp.metricswpsh.com/fp?tag_id=23782 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hash87385fcd2a67fc74d2fa67366ba68ea2 a604cdbb1d31ce257e8643eee9219c9c724c200c 9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995
POST /fp?tag_id=23782 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1837
Origin: https://av.tube2.top
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 May 2024 07:46:09 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://av.tube2.top
Set-Cookie: id=9774579056814399816; Expires=Sun, 04 May 2025 07:46:09 GMT; Secure; SameSite=None
Vary: Origin
|
|
| nereserv.com/in/dip?site=native-push&wl=1&event_id=aac1f2fd-7b08-42ed-b495-39261e5a3bef&subid=809032184&sid=3447660721&spot_id=17050&created_at=2024-05-04&timezone=0&ver=8.159.0&is_native=1 | 157.90.84.246 | 200 OK | 0 B |
URL GET HTTP/2nereserv.com/in/dip?site=native-push&wl=1&event_id=aac1f2fd-7b08-42ed-b495-39261e5a3bef&subid=809032184&sid=3447660721&spot_id=17050&created_at=2024-05-04&timezone=0&ver=8.159.0&is_native=1 IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=aac1f2fd-7b08-42ed-b495-39261e5a3bef&subid=809032184&sid=3447660721&spot_id=17050&created_at=2024-05-04&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://av.tube2.top
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 07:46:10 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js | 142.250.74.106 | 200 OK | 30 kB |
URL GET HTTP/2ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP142.250.74.106:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hasha09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://css.4jpg.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 00:40:41 GMT
expires: Sat, 03 May 2025 00:40:41 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 111929
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| av.av4us.top//js.2mp4.xyz/AV4.us.jpg | 172.67.200.220 | | 17 kB |
URL GET av.av4us.top//js.2mp4.xyz/AV4.us.jpg IP172.67.200.220:0
Requested byhttps://css.4jpg.top/tagjpa.php?noself=1&url=av.av4us.top/tags/6 CertificateIssuerGoogle Trust Services LLC Subjectav4us.top Fingerprint56:FA:73:53:8D:88:3B:88:25:AC:A2:68:BB:37:3C:27:E7:03:12:D2 ValidityFri, 08 Mar 2024 11:54:50 GMT - Thu, 06 Jun 2024 11:54:49 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (1310), with CRLF, LF line terminators Hashc347692fd02f4ef9e3289dd3e9a7aeb7 910b028a369b8f195ddc8e1579a1bbc7f75f0b3e 806f0276e5d3b865f8b4a645857b37b8600776c05e3ba6f906fb152e2e746c3e
GET //js.2mp4.xyz/AV4.us.jpg HTTP/1.1
Host: av.av4us.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:09 GMT
content-type: text/html; charset=UTF-8
pdojs-line8: host-av.av4us.top96.161.209-myhost-av.av4us.top.12.53.113//js.2mp4.xyz/AV4.us.jpg
phost: av.av4us.top
pdojs-line1051: notjp--myhost-av.av4us.top-filteron-
line2125: notjp--myhost-av.av4us.top-filteron-//js.2mp4.xyz/AV4.us.jpg
line2128: notjp--myhost-av.av4us.top-filteron-
line2425: notjp-//js.2mp4.xyz/AV4.us.jpg-myhost-av.av4us.top-filteron-
cache-control: public, max-age=709165
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Cake
x-proxy-cache-hd-la: HIT
xkey-hd-la: av.//js.2mp4.xyz/AV4.us.jpg-A-av.av4us.top--my_zone
cf-cache-status: HIT
age: 310734
last-modified: Tue, 30 Apr 2024 17:27:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HCJP%2BT%2BqyMQx%2BLLIJIsW72LHeewGHFvJjPIRgWTnIPvZhRzIUnERHip5kujVDbiYvQWnbFoenAI2LcgStUsZaVlCMMG9RUJ3Eg8qIYqpdjbY7fAOsj%2FOCXUFWiP%2Bjmw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e6e01a3fbcb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube | 74.125.131.84 | 302 Found | 0 B |
URL GET HTTP/2accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube IP74.125.131.84:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGoogle Trust Services LLC Subjectaccounts.google.com Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67 ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:vEj4TaAcZIRCYsIp29qqR7JLQZWjJg:xtMOYJcEvwkc31E_; Expires=Mon, 04-May-2026 07:46:10 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 07:46:10 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQx6N-yVImbfrJxboupL61kdcS1Ba4z1Ugl8dlP5ibSUXXRwjiR6YF36VVtpcOptyuhXrcaoHQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-8TmBLFdHennt4mAzgb-Ztw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQx6N-yVImbfrJxboupL61kdcS1Ba4z1Ugl8dlP5ibSUXXRwjiR6YF36VVtpcOptyuhXrcaoHQ | 74.125.131.84 | 302 Found | 427 B |
URL GET HTTP/2accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQx6N-yVImbfrJxboupL61kdcS1Ba4z1Ugl8dlP5ibSUXXRwjiR6YF36VVtpcOptyuhXrcaoHQ IP74.125.131.84:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGoogle Trust Services LLC Subjectaccounts.google.com Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67 ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT
File typeHTML document, ASCII text, with very long lines (405) Hash61206e27f55bbf8ecd60fd0387d29ffa 889ca3f6390152b0487fdcba385136c91b42a42a 178c0c8b1732b1584466c416320583cb02fd561d18ea8eb070cb4fb5d34134a8
GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQx6N-yVImbfrJxboupL61kdcS1Ba4z1Ugl8dlP5ibSUXXRwjiR6YF36VVtpcOptyuhXrcaoHQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:M1e9RiAKErIniy01ajs0d6mBHb9M7w:Skl4AyJNgx4O-CNP;Path=/;Expires=Mon, 04-May-2026 07:46:10 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 07:46:10 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQx0gUZre3Fuq3U9xACSdaNIgWbqFvAHHmGfZ794wj5utb-Gy5FpUsVnfRWGyIScqy5VlePDMg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-385628834%3A1714808770517579&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-cjCX_bd1px67TUIJSFPdpQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 427
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQx0gUZre3Fuq3U9xACSdaNIgWbqFvAHHmGfZ794wj5utb-Gy5FpUsVnfRWGyIScqy5VlePDMg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-385628834%3A1714808770517579&theme=mn&ddm=0 | 74.125.131.84 | 403 Forbidden | 6.1 kB |
URL GET HTTP/3accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQx0gUZre3Fuq3U9xACSdaNIgWbqFvAHHmGfZ794wj5utb-Gy5FpUsVnfRWGyIScqy5VlePDMg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-385628834%3A1714808770517579&theme=mn&ddm=0 IP74.125.131.84:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (1706) Hashf38a5830dd8261e947a1e68d8ee171c2 5b478e23250d81583e9747dbfabbe4c18f8135ab 90c85948d37887c66529331fda29466646d409e14efbd555886541968d69f8f3
GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQx0gUZre3Fuq3U9xACSdaNIgWbqFvAHHmGfZ794wj5utb-Gy5FpUsVnfRWGyIScqy5VlePDMg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-385628834%3A1714808770517579&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 07:46:10 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: script-src 'nonce-kU--p9DoyQsRAK0m0K09ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 5d39fe7c75.2ac4fce9b8.com/in/multy | 167.235.163.216 | 200 OK | 4.9 kB |
URL POST HTTP/25d39fe7c75.2ac4fce9b8.com/in/multy IP167.235.163.216:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subject2ac4fce9b8.com Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1 ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hash5a11ed02a7f7b0848101777fcd0c93eb 4a27fc7e80abfd851a7088ef90fccd51139ff174 6144995ff7bb614148f4a8b2a3a1c70b39e5dcfdea5f23dae53b6a793c9d8658
POST /in/multy HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1737
Origin: https://av.tube2.top
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 07:46:10 GMT
content-type: application/json
content-length: 4855
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=c&site_id=3117050&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=av.tube2.top&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fav.tube2.top%2Fcontact%2F----6rMwPUbnBOWpDTXd&refdom=av.tube2.top&auction_time=1714808770&subid=809032184&sid=3447660721&tcid=0&ver=8.159.0&ver_c=&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=13.79912569716383&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fav.tube2.top%252Fcontact%252F----6rMwPUbnBOWpDTXd%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=54175&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fimp%3Fauth%3Dn25uq8%26c%3DbDEnPZPoPPw6D8NnO20T2z5UhrZHHdnBNtHYSqoL-mtDumgrBa29MnfThJAbDfwJYfp_mowLbJbhPNhpooniSNvWbtzk9_H-aK1o_zGgGVQ3dJNTplUBRjnnuqF8ZpSppjieZ9Hizea2zg2TjQL0G4_-t8K7ln-uofckMnOG1dGA8xSXFm2cqZKpOF6VIt3XkL-f5rbzjJTKiDJrvWgBFdRVFtQu3-4H0ojYfKHrHIqq5LQIIrqhnSNjuo0_Aw6iIIg7g0wKdIxh0IXETfmB4zsWEVyS3BDH4oXV3FbJipa8vwAVrOIg3uTbYsVWPBZSFYqHoBb6w6s_Al96fUFtMhWKpl5DJAKmt0OMCrB1_Fv_Sx1Lq4U16CgzQ3Iv3Q_c5nwiDkCVrcL3Jc35YFAg8Vh4qpY7ZFaBgqAN7rnOwvolWu-5JgS0iC1A0zvFCMM-GEbTgyv32f7JVLKfcWG3ve5M729btT6HGsD9XMvP52JZ1fkYAeUVJxQwqBhRjYT_79t0SPhJhbhgc94OYc9OwqpeEJ1B6uDMJnKKm78Km2rd0fNYKfTqMEJiLwOo8qFaZ2PX3mTHSsxcsFBXI97BxQ_UVqPAQA-UMx3cjys48Uett1BNv0FoT2nwJz5hiSknLSVqGCX55Wy2Xi26p8jNdlVJJ1k3wLPvLiEw5w&icons=RipoWtqlPNvNHEHNVyw7XTl5PRlnkcdD7KIkFgU8Bcp0pe-ULk6u-kiidwmMM4b4TeENoQKVDB1rHAwX5leJAzXMRRrdYyjX1B7oqnMi9KPf3yxo9netqcgMV7VW-zxlozGvWMj44c-C7OzbfVDbN4kvDVRhkkbY_MDOku5QddBoM8_5CQ&ext_cid=175&px_id=5317050&min_cpm=0.05393810632723861&out_id=1&campaign_type=lq-pop&aid=3780&cid=16324&uniq=&mid=3010857490106602857&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.06434910723932866&cpm=0&verify_hash=71147b17cd1b1bf68470bdafbbfa8896&is_native=2&real_bid=0.0031140000820160003&original_bid_usd=0.004&original_bid=0.004&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=20,27,108,0,83,89,4&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.004&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000004000000000000001&ext_campaign_id_str=175&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.05&cpa=4efbb364-9850-427c-8af7-dbb81873c59f&prev_step_diff=965 | 167.235.163.216 | 200 OK | 0 B |
URL GET HTTP/25d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=c&site_id=3117050&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=av.tube2.top&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fav.tube2.top%2Fcontact%2F----6rMwPUbnBOWpDTXd&refdom=av.tube2.top&auction_time=1714808770&subid=809032184&sid=3447660721&tcid=0&ver=8.159.0&ver_c=&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=13.79912569716383&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fav.tube2.top%252Fcontact%252F----6rMwPUbnBOWpDTXd%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=54175&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fimp%3Fauth%3Dn25uq8%26c%3DbDEnPZPoPPw6D8NnO20T2z5UhrZHHdnBNtHYSqoL-mtDumgrBa29MnfThJAbDfwJYfp_mowLbJbhPNhpooniSNvWbtzk9_H-aK1o_zGgGVQ3dJNTplUBRjnnuqF8ZpSppjieZ9Hizea2zg2TjQL0G4_-t8K7ln-uofckMnOG1dGA8xSXFm2cqZKpOF6VIt3XkL-f5rbzjJTKiDJrvWgBFdRVFtQu3-4H0ojYfKHrHIqq5LQIIrqhnSNjuo0_Aw6iIIg7g0wKdIxh0IXETfmB4zsWEVyS3BDH4oXV3FbJipa8vwAVrOIg3uTbYsVWPBZSFYqHoBb6w6s_Al96fUFtMhWKpl5DJAKmt0OMCrB1_Fv_Sx1Lq4U16CgzQ3Iv3Q_c5nwiDkCVrcL3Jc35YFAg8Vh4qpY7ZFaBgqAN7rnOwvolWu-5JgS0iC1A0zvFCMM-GEbTgyv32f7JVLKfcWG3ve5M729btT6HGsD9XMvP52JZ1fkYAeUVJxQwqBhRjYT_79t0SPhJhbhgc94OYc9OwqpeEJ1B6uDMJnKKm78Km2rd0fNYKfTqMEJiLwOo8qFaZ2PX3mTHSsxcsFBXI97BxQ_UVqPAQA-UMx3cjys48Uett1BNv0FoT2nwJz5hiSknLSVqGCX55Wy2Xi26p8jNdlVJJ1k3wLPvLiEw5w&icons=RipoWtqlPNvNHEHNVyw7XTl5PRlnkcdD7KIkFgU8Bcp0pe-ULk6u-kiidwmMM4b4TeENoQKVDB1rHAwX5leJAzXMRRrdYyjX1B7oqnMi9KPf3yxo9netqcgMV7VW-zxlozGvWMj44c-C7OzbfVDbN4kvDVRhkkbY_MDOku5QddBoM8_5CQ&ext_cid=175&px_id=5317050&min_cpm=0.05393810632723861&out_id=1&campaign_type=lq-pop&aid=3780&cid=16324&uniq=&mid=3010857490106602857&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.06434910723932866&cpm=0&verify_hash=71147b17cd1b1bf68470bdafbbfa8896&is_native=2&real_bid=0.0031140000820160003&original_bid_usd=0.004&original_bid=0.004&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=20,27,108,0,83,89,4&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.004&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000004000000000000001&ext_campaign_id_str=175&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.05&cpa=4efbb364-9850-427c-8af7-dbb81873c59f&prev_step_diff=965 IP167.235.163.216:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subject2ac4fce9b8.com Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1 ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=c&site_id=3117050&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=av.tube2.top&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fav.tube2.top%2Fcontact%2F----6rMwPUbnBOWpDTXd&refdom=av.tube2.top&auction_time=1714808770&subid=809032184&sid=3447660721&tcid=0&ver=8.159.0&ver_c=&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=13.79912569716383&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fav.tube2.top%252Fcontact%252F----6rMwPUbnBOWpDTXd%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=54175&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fimp%3Fauth%3Dn25uq8%26c%3DbDEnPZPoPPw6D8NnO20T2z5UhrZHHdnBNtHYSqoL-mtDumgrBa29MnfThJAbDfwJYfp_mowLbJbhPNhpooniSNvWbtzk9_H-aK1o_zGgGVQ3dJNTplUBRjnnuqF8ZpSppjieZ9Hizea2zg2TjQL0G4_-t8K7ln-uofckMnOG1dGA8xSXFm2cqZKpOF6VIt3XkL-f5rbzjJTKiDJrvWgBFdRVFtQu3-4H0ojYfKHrHIqq5LQIIrqhnSNjuo0_Aw6iIIg7g0wKdIxh0IXETfmB4zsWEVyS3BDH4oXV3FbJipa8vwAVrOIg3uTbYsVWPBZSFYqHoBb6w6s_Al96fUFtMhWKpl5DJAKmt0OMCrB1_Fv_Sx1Lq4U16CgzQ3Iv3Q_c5nwiDkCVrcL3Jc35YFAg8Vh4qpY7ZFaBgqAN7rnOwvolWu-5JgS0iC1A0zvFCMM-GEbTgyv32f7JVLKfcWG3ve5M729btT6HGsD9XMvP52JZ1fkYAeUVJxQwqBhRjYT_79t0SPhJhbhgc94OYc9OwqpeEJ1B6uDMJnKKm78Km2rd0fNYKfTqMEJiLwOo8qFaZ2PX3mTHSsxcsFBXI97BxQ_UVqPAQA-UMx3cjys48Uett1BNv0FoT2nwJz5hiSknLSVqGCX55Wy2Xi26p8jNdlVJJ1k3wLPvLiEw5w&icons=RipoWtqlPNvNHEHNVyw7XTl5PRlnkcdD7KIkFgU8Bcp0pe-ULk6u-kiidwmMM4b4TeENoQKVDB1rHAwX5leJAzXMRRrdYyjX1B7oqnMi9KPf3yxo9netqcgMV7VW-zxlozGvWMj44c-C7OzbfVDbN4kvDVRhkkbY_MDOku5QddBoM8_5CQ&ext_cid=175&px_id=5317050&min_cpm=0.05393810632723861&out_id=1&campaign_type=lq-pop&aid=3780&cid=16324&uniq=&mid=3010857490106602857&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.06434910723932866&cpm=0&verify_hash=71147b17cd1b1bf68470bdafbbfa8896&is_native=2&real_bid=0.0031140000820160003&original_bid_usd=0.004&original_bid=0.004&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=20,27,108,0,83,89,4&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.004&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000004000000000000001&ext_campaign_id_str=175&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.05&cpa=4efbb364-9850-427c-8af7-dbb81873c59f&prev_step_diff=965 HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 07:46:11 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| mcpuwpsh.com/get/ | 94.130.197.240 | 200 OK | 1.9 kB |
IP94.130.197.240:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subjectpuwpush.com Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92 ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT
Hash2345c0b805c3d4aa24570653e4c69bc3 ede6ad1f274d07c0400d63f06e624ca9e246a76d 5a064f35e999a1a47f87b5614c25226642a377c4ebc4553f1ebd12a877be0dce
POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://av.tube2.top/
Content-Type: text/plain;charset=UTF-8
Content-Length: 964
Origin: https://av.tube2.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 04 May 2024 07:46:11 GMT
content-type: application/json
content-length: 1887
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=c&site_id=3117050&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=av.tube2.top&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fav.tube2.top%2Fcontact%2F----6rMwPUbnBOWpDTXd&refdom=av.tube2.top&auction_time=1714808770&subid=809032184&sid=3447660721&tcid=0&ver=8.159.0&ver_c=&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=13.79912569716383&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fav.tube2.top%252Fcontact%252F----6rMwPUbnBOWpDTXd%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=54175&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fimp%3Fauth%3Dn25uq8%26c%3DbDEnPZPoPPw6D8NnO20T2z5UhrZHHdnBNtHYSqoL-mtDumgrBa29MnfThJAbDfwJYfp_mowLbJbhPNhpooniSNvWbtzk9_H-aK1o_zGgGVQ3dJNTplUBRjnnuqF8ZpSppjieZ9Hizea2zg2TjQL0G4_-t8K7ln-uofckMnOG1dGA8xSXFm2cqZKpOF6VIt3XkL-f5rbzjJTKiDJrvWgBFdRVFtQu3-4H0ojYfKHrHIqq5LQIIrqhnSNjuo0_Aw6iIIg7g0wKdIxh0IXETfmB4zsWEVyS3BDH4oXV3FbJipa8vwAVrOIg3uTbYsVWPBZSFYqHoBb6w6s_Al96fUFtMhWKpl5DJAKmt0OMCrB1_Fv_Sx1Lq4U16CgzQ3Iv3Q_c5nwiDkCVrcL3Jc35YFAg8Vh4qpY7ZFaBgqAN7rnOwvolWu-5JgS0iC1A0zvFCMM-GEbTgyv32f7JVLKfcWG3ve5M729btT6HGsD9XMvP52JZ1fkYAeUVJxQwqBhRjYT_79t0SPhJhbhgc94OYc9OwqpeEJ1B6uDMJnKKm78Km2rd0fNYKfTqMEJiLwOo8qFaZ2PX3mTHSsxcsFBXI97BxQ_UVqPAQA-UMx3cjys48Uett1BNv0FoT2nwJz5hiSknLSVqGCX55Wy2Xi26p8jNdlVJJ1k3wLPvLiEw5w&icons=lynLc5W5SJXqdJdPtoGFj86vmLUP3p5S1PJn6EOThXlt60ge2txGYIbqvmWtTz4KQjvJxrgKml2nGK7GzhbWU1KR_YRlPMHFuS-5rX6o4wl3a_LseF-Z8BybNvKmKsLrvs7qe1Jfx1psUP_Jap6yTIaArCK9Q5OEu4UmldNwaM96TXVpbQ&ext_cid=175&px_id=5317050&min_cpm=0.03548748286236166&out_id=0&campaign_type=lq-pop&aid=3780&cid=16324&uniq=&mid=3010857490106602857&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.04233718971351321&cpm=0&verify_hash=5eacd099bf802bed4cca7528983c6bb8&is_native=2&real_bid=0.0031140000820160003&original_bid_usd=0.004&original_bid=0.004&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,4,83,89,20,27,108&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.004&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000004000000000000001&ext_campaign_id_str=175&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&st=0.05&cpa=a109d7e3-0a24-49b9-a430-7bc40b457d4e&prev_step_diff=964 | 167.235.163.216 | 200 OK | 0 B |
URL GET HTTP/25d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=c&site_id=3117050&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=av.tube2.top&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fav.tube2.top%2Fcontact%2F----6rMwPUbnBOWpDTXd&refdom=av.tube2.top&auction_time=1714808770&subid=809032184&sid=3447660721&tcid=0&ver=8.159.0&ver_c=&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=13.79912569716383&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fav.tube2.top%252Fcontact%252F----6rMwPUbnBOWpDTXd%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=54175&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fimp%3Fauth%3Dn25uq8%26c%3DbDEnPZPoPPw6D8NnO20T2z5UhrZHHdnBNtHYSqoL-mtDumgrBa29MnfThJAbDfwJYfp_mowLbJbhPNhpooniSNvWbtzk9_H-aK1o_zGgGVQ3dJNTplUBRjnnuqF8ZpSppjieZ9Hizea2zg2TjQL0G4_-t8K7ln-uofckMnOG1dGA8xSXFm2cqZKpOF6VIt3XkL-f5rbzjJTKiDJrvWgBFdRVFtQu3-4H0ojYfKHrHIqq5LQIIrqhnSNjuo0_Aw6iIIg7g0wKdIxh0IXETfmB4zsWEVyS3BDH4oXV3FbJipa8vwAVrOIg3uTbYsVWPBZSFYqHoBb6w6s_Al96fUFtMhWKpl5DJAKmt0OMCrB1_Fv_Sx1Lq4U16CgzQ3Iv3Q_c5nwiDkCVrcL3Jc35YFAg8Vh4qpY7ZFaBgqAN7rnOwvolWu-5JgS0iC1A0zvFCMM-GEbTgyv32f7JVLKfcWG3ve5M729btT6HGsD9XMvP52JZ1fkYAeUVJxQwqBhRjYT_79t0SPhJhbhgc94OYc9OwqpeEJ1B6uDMJnKKm78Km2rd0fNYKfTqMEJiLwOo8qFaZ2PX3mTHSsxcsFBXI97BxQ_UVqPAQA-UMx3cjys48Uett1BNv0FoT2nwJz5hiSknLSVqGCX55Wy2Xi26p8jNdlVJJ1k3wLPvLiEw5w&icons=lynLc5W5SJXqdJdPtoGFj86vmLUP3p5S1PJn6EOThXlt60ge2txGYIbqvmWtTz4KQjvJxrgKml2nGK7GzhbWU1KR_YRlPMHFuS-5rX6o4wl3a_LseF-Z8BybNvKmKsLrvs7qe1Jfx1psUP_Jap6yTIaArCK9Q5OEu4UmldNwaM96TXVpbQ&ext_cid=175&px_id=5317050&min_cpm=0.03548748286236166&out_id=0&campaign_type=lq-pop&aid=3780&cid=16324&uniq=&mid=3010857490106602857&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.04233718971351321&cpm=0&verify_hash=5eacd099bf802bed4cca7528983c6bb8&is_native=2&real_bid=0.0031140000820160003&original_bid_usd=0.004&original_bid=0.004&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,4,83,89,20,27,108&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.004&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000004000000000000001&ext_campaign_id_str=175&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&st=0.05&cpa=a109d7e3-0a24-49b9-a430-7bc40b457d4e&prev_step_diff=964 IP167.235.163.216:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subject2ac4fce9b8.com Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1 ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=c&site_id=3117050&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=av.tube2.top&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fav.tube2.top%2Fcontact%2F----6rMwPUbnBOWpDTXd&refdom=av.tube2.top&auction_time=1714808770&subid=809032184&sid=3447660721&tcid=0&ver=8.159.0&ver_c=&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=13.79912569716383&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fav.tube2.top%252Fcontact%252F----6rMwPUbnBOWpDTXd%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=54175&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fimp%3Fauth%3Dn25uq8%26c%3DbDEnPZPoPPw6D8NnO20T2z5UhrZHHdnBNtHYSqoL-mtDumgrBa29MnfThJAbDfwJYfp_mowLbJbhPNhpooniSNvWbtzk9_H-aK1o_zGgGVQ3dJNTplUBRjnnuqF8ZpSppjieZ9Hizea2zg2TjQL0G4_-t8K7ln-uofckMnOG1dGA8xSXFm2cqZKpOF6VIt3XkL-f5rbzjJTKiDJrvWgBFdRVFtQu3-4H0ojYfKHrHIqq5LQIIrqhnSNjuo0_Aw6iIIg7g0wKdIxh0IXETfmB4zsWEVyS3BDH4oXV3FbJipa8vwAVrOIg3uTbYsVWPBZSFYqHoBb6w6s_Al96fUFtMhWKpl5DJAKmt0OMCrB1_Fv_Sx1Lq4U16CgzQ3Iv3Q_c5nwiDkCVrcL3Jc35YFAg8Vh4qpY7ZFaBgqAN7rnOwvolWu-5JgS0iC1A0zvFCMM-GEbTgyv32f7JVLKfcWG3ve5M729btT6HGsD9XMvP52JZ1fkYAeUVJxQwqBhRjYT_79t0SPhJhbhgc94OYc9OwqpeEJ1B6uDMJnKKm78Km2rd0fNYKfTqMEJiLwOo8qFaZ2PX3mTHSsxcsFBXI97BxQ_UVqPAQA-UMx3cjys48Uett1BNv0FoT2nwJz5hiSknLSVqGCX55Wy2Xi26p8jNdlVJJ1k3wLPvLiEw5w&icons=lynLc5W5SJXqdJdPtoGFj86vmLUP3p5S1PJn6EOThXlt60ge2txGYIbqvmWtTz4KQjvJxrgKml2nGK7GzhbWU1KR_YRlPMHFuS-5rX6o4wl3a_LseF-Z8BybNvKmKsLrvs7qe1Jfx1psUP_Jap6yTIaArCK9Q5OEu4UmldNwaM96TXVpbQ&ext_cid=175&px_id=5317050&min_cpm=0.03548748286236166&out_id=0&campaign_type=lq-pop&aid=3780&cid=16324&uniq=&mid=3010857490106602857&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.04233718971351321&cpm=0&verify_hash=5eacd099bf802bed4cca7528983c6bb8&is_native=2&real_bid=0.0031140000820160003&original_bid_usd=0.004&original_bid=0.004&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,4,83,89,20,27,108&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.004&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000004000000000000001&ext_campaign_id_str=175&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&st=0.05&cpa=a109d7e3-0a24-49b9-a430-7bc40b457d4e&prev_step_diff=964 HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 07:46:11 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.05&cpa=780920c4-c292-4f4d-8311-66cb6ef07f6c&prev_step_diff=965 | 45.133.44.24 | 200 OK | 486 B |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.05&cpa=780920c4-c292-4f4d-8311-66cb6ef07f6c&prev_step_diff=965 IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashceeb4e8840c24621c0e0352b42b38a5b 03cbceb0134a39267014595938705e2916580644 50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.05&cpa=780920c4-c292-4f4d-8311-66cb6ef07f6c&prev_step_diff=965 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:11 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sun, 04 May 2025 07:46:11 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp | 45.133.44.24 | 200 OK | 1.1 kB |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp Hash2a11e13b2bd67bb9a6cb347d7c73df13 b85460a33f9b229f42c08a6a94ae433a4d5c32ab 1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:11 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sun, 04 May 2025 07:46:11 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&st=0.05&cpa=b639f7c0-f9e8-459e-9702-80289f275e3c&prev_step_diff=964 | 45.133.44.24 | 200 OK | 486 B |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&st=0.05&cpa=b639f7c0-f9e8-459e-9702-80289f275e3c&prev_step_diff=964 IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashceeb4e8840c24621c0e0352b42b38a5b 03cbceb0134a39267014595938705e2916580644 50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&st=0.05&cpa=b639f7c0-f9e8-459e-9702-80289f275e3c&prev_step_diff=964 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:11 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sun, 04 May 2025 07:46:11 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp | 45.133.44.24 | 200 OK | 1.1 kB |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp Hash2a11e13b2bd67bb9a6cb347d7c73df13 b85460a33f9b229f42c08a6a94ae433a4d5c32ab 1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:11 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sun, 04 May 2025 07:46:11 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| mc.webvisor.org/watch/48140495/1?wmode=7&page-url=https%3A%2F%2Fav.tube2.top%2Fcontact%2F----6rMwPUbnBOWpDTXd&page-ref=https%3A%2F%2Fav.tube2.top%2F6rMwPUbnBOWpDTXd&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a1il64u1scsxvruylb%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1331%3Acn%3A1%3Adp%3A0%3Als%3A455268307636%3Ahid%3A936607459%3Az%3A0%3Ai%3A20240504074608%3Aet%3A1714808769%3Ac%3A1%3Arn%3A889987808%3Arqn%3A2%3Au%3A1714808768992075819%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C0%2C343%2C1%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1714808767615%3Aadb%3A1%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-0ed8ce9e1e39cec802dafc59181dfc61-a81f3b9bcdd80a361c14af38dc09b309-08cddc828a0a4cecdead9052886a5778-4335742423629acc806791d3e9f585f3-b3a4b0ac1b44d5bc13e6d73ffb506aad-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-861578da3666aba98730162cd5ac0199%3Arqnl%3A1%3Ast%3A1714808769%3At%3AContact%20%26%20Abuse%20%E5%8B%95%E7%94%BB%40AV4.us&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%283441412%29fip%281%29ti%281%29&redirnss=1 | 93.158.134.119 | 200 OK | 448 B |
URL GET HTTP/2mc.webvisor.org/watch/48140495/1?wmode=7&page-url=https%3A%2F%2Fav.tube2.top%2Fcontact%2F----6rMwPUbnBOWpDTXd&page-ref=https%3A%2F%2Fav.tube2.top%2F6rMwPUbnBOWpDTXd&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a1il64u1scsxvruylb%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1331%3Acn%3A1%3Adp%3A0%3Als%3A455268307636%3Ahid%3A936607459%3Az%3A0%3Ai%3A20240504074608%3Aet%3A1714808769%3Ac%3A1%3Arn%3A889987808%3Arqn%3A2%3Au%3A1714808768992075819%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C0%2C343%2C1%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1714808767615%3Aadb%3A1%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-0ed8ce9e1e39cec802dafc59181dfc61-a81f3b9bcdd80a361c14af38dc09b309-08cddc828a0a4cecdead9052886a5778-4335742423629acc806791d3e9f585f3-b3a4b0ac1b44d5bc13e6d73ffb506aad-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-861578da3666aba98730162cd5ac0199%3Arqnl%3A1%3Ast%3A1714808769%3At%3AContact%20%26%20Abuse%20%E5%8B%95%E7%94%BB%40AV4.us&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%283441412%29fip%281%29ti%281%29&redirnss=1 IP93.158.134.119:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGlobalSign nv-sa Subjectmc.webvisor.com Fingerprint2A:A0:A6:9C:1E:F9:C0:FD:36:75:E2:D3:32:B9:34:8F:EE:3B:81:11 ValidityFri, 19 Apr 2024 21:07:47 GMT - Fri, 11 Oct 2024 20:59:59 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (500), with no line terminators Hash232980ea9ec4da0cee533be191bc3190 7df9fc94066c2024cd2fd7171e4f11da7197d63d f79e808cb2fbf550204105471612ca064461e02e1c7cbb3d37993683feed9ab7
GET /watch/48140495/1?wmode=7&page-url=https%3A%2F%2Fav.tube2.top%2Fcontact%2F----6rMwPUbnBOWpDTXd&page-ref=https%3A%2F%2Fav.tube2.top%2F6rMwPUbnBOWpDTXd&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a1il64u1scsxvruylb%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1331%3Acn%3A1%3Adp%3A0%3Als%3A455268307636%3Ahid%3A936607459%3Az%3A0%3Ai%3A20240504074608%3Aet%3A1714808769%3Ac%3A1%3Arn%3A889987808%3Arqn%3A2%3Au%3A1714808768992075819%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C0%2C343%2C1%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1714808767615%3Aadb%3A1%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-0ed8ce9e1e39cec802dafc59181dfc61-a81f3b9bcdd80a361c14af38dc09b309-08cddc828a0a4cecdead9052886a5778-4335742423629acc806791d3e9f585f3-b3a4b0ac1b44d5bc13e6d73ffb506aad-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-861578da3666aba98730162cd5ac0199%3Arqnl%3A1%3Ast%3A1714808769%3At%3AContact%20%26%20Abuse%20%E5%8B%95%E7%94%BB%40AV4.us&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%283441412%29fip%281%29ti%281%29&redirnss=1 HTTP/1.1
Host: mc.webvisor.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://av.tube2.top
Referer: https://av.tube2.top/
DNT: 1
Connection: keep-alive
Cookie: yabs-sid=1518661131714808769; i=S2VbaPlIfGLLUBLT/uv/zIuceaGaRkO6DfPx810n0rui8lSND99WZ5QfAp2SRkCiSb9/9zNBOUNROQ91tRovUHUShyA=; yandexuid=9959191691714808769; yuidss=9959191691714808769; ymex=1746344769.yrts.1714808769#1746344769.yrtsi.1714808769
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 448
date: Sat, 04 May 2024 07:46:09 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://av.tube2.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 04-May-2024 07:46:09 GMT
last-modified: Sat, 04-May-2024 07:46:09 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
|
| js.2mp4.xyz/?vidjs=51uad-5vq | 0.0.0.0 | | 0 B |
URL GET js.2mp4.xyz/?vidjs=51uad-5vq IP0.0.0.0:0
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGoogle Trust Services LLC Subject2mp4.xyz FingerprintED:E7:E0:E1:A9:53:73:B5:DC:2D:51:FA:D6:F6:F6:7B:04:99:02:28 ValidityThu, 02 May 2024 12:01:28 GMT - Wed, 31 Jul 2024 12:01:27 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?vidjs=51uad-5vq HTTP/1.1
Host: js.2mp4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 07:46:08 GMT
content-type: text/html; charset=UTF-8
pdo-line12: host-js.2mp4.xyz96.161.209-myhost-158.222.66/?vidjs=51uad-5vq
phost:
pdo-line55: host-js.2mp4.xyz96.161.209-myhost-158.222.66/?vidjs=51uad-5vq
cache-control: public, max-age=86400
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Cake
cf-cache-status: HIT
age: 65779
last-modified: Fri, 03 May 2024 13:29:49 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vl%2FHJEGMyp6o0PpCmC4a%2BC6lMLQAhbDdjnopLUoV35VQEgXsGGPGPgMi72SpNh%2FjmkkN3ELYTqp96H3fdsgrTdqSswxvbG6rmWeElKHE7S7wBLTzPSZF3GXMJvRMSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e6e012de4c1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| css.4jpg.top/mycss/av4.css?3 | 188.114.97.1 | 200 OK | 3.8 kB |
URL GET HTTP/3css.4jpg.top/mycss/av4.css?3 IP188.114.97.1:443
Requested byhttps://css.4jpg.top/tagjpa.php?noself=1&url=av.av4us.top/tags/6 CertificateIssuerGoogle Trust Services LLC Subject4jpg.top Fingerprint19:3C:A7:CB:6C:A2:7F:AC:A7:F8:06:02:93:BD:6D:64:17:BD:D5:58 ValidityThu, 07 Mar 2024 14:29:37 GMT - Wed, 05 Jun 2024 14:29:36 GMT
File typeUnicode text, UTF-8 text, with very long lines (4145), with no line terminators Hash632229e131d295fe4f9a0bf73260d8c7 6a026881304a0ca059d5778fead6af759d0bacad c2b0ff53f6e3c34914c3de2a5d3de4120f0af66f43d47e8df680b1f8c9e80016
GET /mycss/av4.css?3 HTTP/1.1
Host: css.4jpg.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://css.4jpg.top/tagjpa.php?noself=1&url=av.av4us.top/tags/6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 07:46:09 GMT
content-type: text/css
etag: W/"ef8-615968e3e7700"
access-control-allow-origin: *
access-control-allow-headers: Cake
cache-control: public, max-age=360000
cf-cache-status: HIT
age: 300624
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F9yqNlvxwofLU8dDBKYy3%2F9EFLSlr0Vq6nkm2YN2rcsx5AV2hBObjhsBWxfZt0ha0OJWxsdKuup%2B%2F1yU68FXGRDhirFeuPOAUHutkPuQA%2Fas3Fvgb4aFhcDJD1x0zbY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e6e01b9d49b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| page.phic4.top/myda.php | 172.67.190.9 | 200 OK | 0 B |
IP172.67.190.9:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subjectphic4.top Fingerprint97:7B:53:56:9D:D4:88:D2:B6:C7:77:A9:FB:30:54:BA:5F:88:E8:B2 ValidityThu, 14 Mar 2024 14:09:59 GMT - Wed, 12 Jun 2024 14:09:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /myda.php HTTP/1.1
Host: page.phic4.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:08 GMT
content-type: text/html; charset=utf-8
vary: User-Agent, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 495
last-modified: Sat, 04 May 2024 07:37:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FGbyuW94lI9eN4S0EJ0TN8WWgjIMa%2Fp5olwyhKvYSJdaJMGWGNBgquks%2BVGaTtTbXxSBYFDwfACaPno%2FILojgWoXkxQ88UO7QKyxs3JGrnlZEaNagzWrcz5fxyLBgjxmSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e6e015b98f0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| storage.multstorage.com/log/count.html | 104.21.30.242 | 200 OK | 882 B |
URL GET HTTP/2storage.multstorage.com/log/count.html IP104.21.30.242:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGoogle Trust Services LLC Subjectmultstorage.com Fingerprint63:F0:24:29:21:22:E5:42:33:61:B5:20:05:1B:EF:36:81:F5:7B:0A ValiditySun, 17 Mar 2024 08:38:54 GMT - Sat, 15 Jun 2024 08:38:53 GMT
File typeHTML document, ASCII text, with very long lines (919), with no line terminators Hash053b1fe641da8057571d40ebaf1624ab 09b2648b7d08c84621298f0b939cea5170a65022 6606334874a3edb8295831f41d3684433e4553ffe0a72e58c90926e00f39c6a4
GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:09 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: 3d4fc6bb99e8457345d80c575a848bb3
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4aTGF01CBTj53Z3%2F0xk%2FHqs22GqIbccBzbt33W2qx%2Fvxsz%2FhZ%2B2CEzgKZcbLWQ7aK1b51lrmeCzeTpbdxo6HOsobQ3HO%2Fop8VSy7MIn7Bjhv3Rb64apVjW95d%2BqdiM1eKp3ciC%2BPwjBzOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e6e01b6978712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| da7b22a400.13199960a1.com/69e850fd67f4bef7c987ce894adc6a8e.js | 45.133.44.52 | 200 OK | 97 kB |
URL GET HTTP/2da7b22a400.13199960a1.com/69e850fd67f4bef7c987ce894adc6a8e.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subjectda7b22a400.13199960a1.com Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /69e850fd67f4bef7c987ce894adc6a8e.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:09 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 14:24:01 GMT
etag: W/"661e8a01-17ae8"
content-encoding: gzip
expires: Sat, 04 May 2024 07:51:09 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| js.2mp4.xyz/?vidjs=51uad-5vq | 0.0.0.0 | | 0 B |
URL GET js.2mp4.xyz/?vidjs=51uad-5vq IP0.0.0.0:0
Requested byhttps://css.4jpg.top/tagjpa.php?noself=1&url=av.av4us.top/tags/6 CertificateIssuerGoogle Trust Services LLC Subject2mp4.xyz FingerprintED:E7:E0:E1:A9:53:73:B5:DC:2D:51:FA:D6:F6:F6:7B:04:99:02:28 ValidityThu, 02 May 2024 12:01:28 GMT - Wed, 31 Jul 2024 12:01:27 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?vidjs=51uad-5vq HTTP/1.1
Host: js.2mp4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://css.4jpg.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 07:46:09 GMT
content-type: text/html; charset=UTF-8
pdo-line12: host-js.2mp4.xyz96.161.209-myhost-158.222.66/?vidjs=51uad-5vq
phost:
pdo-line55: host-js.2mp4.xyz96.161.209-myhost-158.222.66/?vidjs=51uad-5vq
cache-control: public, max-age=86400
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Cake
cf-cache-status: HIT
age: 65780
last-modified: Fri, 03 May 2024 13:29:49 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u48s2xD2XhDvGYkAZCK4ariD6a12OKlri2X4FY4LRIkrMQaQ1QoQEMFELqtS8iCArfh3jxrRBlW5kLsr5uEltF99Maq0jhVKC6gsxJ%2F0cK9YrbrILuARNAbOwYV15A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e6e01b9cde1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| page.phic4.top/myda.php | 172.67.190.9 | 200 OK | 0 B |
IP172.67.190.9:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subjectphic4.top Fingerprint97:7B:53:56:9D:D4:88:D2:B6:C7:77:A9:FB:30:54:BA:5F:88:E8:B2 ValidityThu, 14 Mar 2024 14:09:59 GMT - Wed, 12 Jun 2024 14:09:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /myda.php HTTP/1.1
Host: page.phic4.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:08 GMT
content-type: text/html; charset=utf-8
vary: User-Agent, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 495
last-modified: Sat, 04 May 2024 07:37:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ro6DPey2OZMVtuo04LEzdCzPFHxQDbfYstWb6u%2B0e6ZjhN%2B%2FCVZj0%2Bhh7jdKBSW3FZFNUZxl8qP%2FbW%2BFMARnuP9AcO71nl96%2F5UkDbw4tlefYOBH%2BmavCgfczxR3EKpeuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e6e015b9950b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| page.phic4.top/myda.php | 172.67.190.9 | 200 OK | 0 B |
IP172.67.190.9:443
Requested byhttps://css.4jpg.top/tagjpa.php?noself=1&url=av.av4us.top/tags/6 CertificateIssuerLet's Encrypt Subjectphic4.top Fingerprint97:7B:53:56:9D:D4:88:D2:B6:C7:77:A9:FB:30:54:BA:5F:88:E8:B2 ValidityThu, 14 Mar 2024 14:09:59 GMT - Wed, 12 Jun 2024 14:09:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /myda.php HTTP/1.1
Host: page.phic4.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://css.4jpg.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 07:46:09 GMT
content-type: text/html; charset=utf-8
vary: User-Agent, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 496
last-modified: Sat, 04 May 2024 07:37:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oKem9qwa5q%2FpZQVHhvR7Zk5tXvjLU1NRWeJYHVWzjzFYzAgwtNrJ92cErmlFPPVkV1DJRtY1GWjoXmM8oFMkzDEVvNGD7i%2BAhjicbHE7Utd4s6YTKWzJMMW5%2BmdjDHD69w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e6e01c5be356cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| js.wpshsdk.com/npc/sdk/push.m.js?v=1 | 45.133.44.53 | 200 OK | 34 kB |
URL GET HTTP/2js.wpshsdk.com/npc/sdk/push.m.js?v=1 IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subjectjs.wpshsdk.com Fingerprint7C:0A:CB:08:AD:6F:60:55:9E:07:7C:F7:07:AC:DD:CF:DF:AB:01:FD ValidityWed, 20 Mar 2024 05:01:38 GMT - Tue, 18 Jun 2024 05:01:37 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:09 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Sat, 27 Apr 2024 11:13:42 GMT
etag: W/"662cdde6-845a"
content-encoding: gzip
expires: Sat, 04 May 2024 07:51:09 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| css.4jpg.top/tagjpa.php?noself=1&url=av.av4us.top/tags/6 | 188.114.97.1 | 200 OK | 85 kB |
URL GET HTTP/3css.4jpg.top/tagjpa.php?noself=1&url=av.av4us.top/tags/6 IP188.114.97.1:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGoogle Trust Services LLC Subject4jpg.top Fingerprint19:3C:A7:CB:6C:A2:7F:AC:A7:F8:06:02:93:BD:6D:64:17:BD:D5:58 ValidityThu, 07 Mar 2024 14:29:37 GMT - Wed, 05 Jun 2024 14:29:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tagjpa.php?noself=1&url=av.av4us.top/tags/6 HTTP/1.1
Host: css.4jpg.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 07:46:09 GMT
content-type: text/html; charset=UTF-8
8tagproxuri: /tagjpa.php?noself=1&url=av.av4us.top/tags/6
x-frame-options: ALLOWALL
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=72000
594tagproxuri: /tagjpa.php?noself=1&url=av.av4us.top/tags/6
access-control-allow-origin: *
access-control-allow-headers: Cake
cf-cache-status: HIT
age: 12575
last-modified: Sat, 04 May 2024 04:16:34 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0KPoyeX3PE84Z9PC2RreWwVyZai5%2BAQ42SMB5vjG82iuoX2veusAXYm3PozkULN5sF7ksorVEJYBwysxXdDFCvni5HY4K57h8Bqn%2FW4Ry1u6B1otnGFGJGgq5QjZMtk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e6e0192a84b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| da7b22a400.13199960a1.com/b736a0aa40f2bd510763079b8249450f.js | 45.133.44.52 | 200 OK | 169 kB |
URL GET HTTP/2da7b22a400.13199960a1.com/b736a0aa40f2bd510763079b8249450f.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subjectda7b22a400.13199960a1.com Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT
Size169 kB (168568 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /b736a0aa40f2bd510763079b8249450f.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:09 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 25 Apr 2024 13:18:02 GMT
etag: W/"662a580a-29278"
content-encoding: gzip
expires: Sat, 04 May 2024 07:51:09 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| www.w3schools.com/w3css/4/w3.css | 192.229.133.221 | 200 OK | 23 kB |
URL GET HTTP/2www.w3schools.com/w3css/4/w3.css IP192.229.133.221:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerDigiCert Inc Subject*.w3schools.com Fingerprint20:AF:FF:E1:FC:DB:58:C8:05:B7:D2:97:1F:8F:A1:C6:AD:ED:59:3A ValidityWed, 03 Apr 2024 00:00:00 GMT - Sun, 04 May 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /w3css/4/w3.css HTTP/1.1
Host: www.w3schools.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
age: 1709
cache-control: public,max-age=14400,public
content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
content-type: text/css
date: Sat, 04 May 2024 07:46:10 GMT
etag: "0cc16d559dda1:0+gzip"
last-modified: Fri, 03 May 2024 12:28:40 GMT
server: ECS (ska/F716)
vary: Accept-Encoding
x-cache: HIT
x-content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
x-powered-by: ASP.NET
content-length: 5256
X-Firefox-Spdy: h2
|
|
| page.phic4.top/myda.php | 172.67.190.9 | 200 OK | 0 B |
IP172.67.190.9:443
Requested byhttps://css.4jpg.top/tagjpa.php?noself=1&url=av.av4us.top/tags/6 CertificateIssuerLet's Encrypt Subjectphic4.top Fingerprint97:7B:53:56:9D:D4:88:D2:B6:C7:77:A9:FB:30:54:BA:5F:88:E8:B2 ValidityThu, 14 Mar 2024 14:09:59 GMT - Wed, 12 Jun 2024 14:09:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /myda.php HTTP/1.1
Host: page.phic4.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://css.4jpg.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 07:46:09 GMT
content-type: text/html; charset=utf-8
vary: User-Agent, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 496
last-modified: Sat, 04 May 2024 07:37:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h5up93kBfrn5pwB2DBeQQVg2hh4i%2FsWbycVeEwuoB6fA6OvXUNUQOPIYS7OPNjY1x1xB5PAMO8UaMSfaxzZ5%2B8wdDO0%2FXdyfEGfwlvyqrIRASlTGgl58Yl0QhN6lkka%2BrA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e6e01c5be656cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| mc.webvisor.org/watch/48140495?wmode=7&page-url=https%3A%2F%2Fav.tube2.top%2Fcontact%2F----6rMwPUbnBOWpDTXd&page-ref=https%3A%2F%2Fav.tube2.top%2F6rMwPUbnBOWpDTXd&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a1il64u1scsxvruylb%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1331%3Acn%3A1%3Adp%3A0%3Als%3A455268307636%3Ahid%3A936607459%3Az%3A0%3Ai%3A20240504074608%3Aet%3A1714808769%3Ac%3A1%3Arn%3A889987808%3Arqn%3A2%3Au%3A1714808768992075819%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C0%2C343%2C1%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1714808767615%3Aadb%3A1%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-0ed8ce9e1e39cec802dafc59181dfc61-a81f3b9bcdd80a361c14af38dc09b309-08cddc828a0a4cecdead9052886a5778-4335742423629acc806791d3e9f585f3-b3a4b0ac1b44d5bc13e6d73ffb506aad-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-861578da3666aba98730162cd5ac0199%3Arqnl%3A1%3Ast%3A1714808769%3At%3AContact%20%26%20Abuse%20%E5%8B%95%E7%94%BB%40AV4.us&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(3441412)fip(1)ti(1) | 93.158.134.119 | 302 Found | 448 B |
URL GET HTTP/2mc.webvisor.org/watch/48140495?wmode=7&page-url=https%3A%2F%2Fav.tube2.top%2Fcontact%2F----6rMwPUbnBOWpDTXd&page-ref=https%3A%2F%2Fav.tube2.top%2F6rMwPUbnBOWpDTXd&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a1il64u1scsxvruylb%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1331%3Acn%3A1%3Adp%3A0%3Als%3A455268307636%3Ahid%3A936607459%3Az%3A0%3Ai%3A20240504074608%3Aet%3A1714808769%3Ac%3A1%3Arn%3A889987808%3Arqn%3A2%3Au%3A1714808768992075819%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C0%2C343%2C1%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1714808767615%3Aadb%3A1%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-0ed8ce9e1e39cec802dafc59181dfc61-a81f3b9bcdd80a361c14af38dc09b309-08cddc828a0a4cecdead9052886a5778-4335742423629acc806791d3e9f585f3-b3a4b0ac1b44d5bc13e6d73ffb506aad-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-861578da3666aba98730162cd5ac0199%3Arqnl%3A1%3Ast%3A1714808769%3At%3AContact%20%26%20Abuse%20%E5%8B%95%E7%94%BB%40AV4.us&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(3441412)fip(1)ti(1) IP93.158.134.119:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGlobalSign nv-sa Subjectmc.webvisor.com Fingerprint2A:A0:A6:9C:1E:F9:C0:FD:36:75:E2:D3:32:B9:34:8F:EE:3B:81:11 ValidityFri, 19 Apr 2024 21:07:47 GMT - Fri, 11 Oct 2024 20:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /watch/48140495?wmode=7&page-url=https%3A%2F%2Fav.tube2.top%2Fcontact%2F----6rMwPUbnBOWpDTXd&page-ref=https%3A%2F%2Fav.tube2.top%2F6rMwPUbnBOWpDTXd&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a1il64u1scsxvruylb%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1331%3Acn%3A1%3Adp%3A0%3Als%3A455268307636%3Ahid%3A936607459%3Az%3A0%3Ai%3A20240504074608%3Aet%3A1714808769%3Ac%3A1%3Arn%3A889987808%3Arqn%3A2%3Au%3A1714808768992075819%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C0%2C343%2C1%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1714808767615%3Aadb%3A1%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-0ed8ce9e1e39cec802dafc59181dfc61-a81f3b9bcdd80a361c14af38dc09b309-08cddc828a0a4cecdead9052886a5778-4335742423629acc806791d3e9f585f3-b3a4b0ac1b44d5bc13e6d73ffb506aad-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-861578da3666aba98730162cd5ac0199%3Arqnl%3A1%3Ast%3A1714808769%3At%3AContact%20%26%20Abuse%20%E5%8B%95%E7%94%BB%40AV4.us&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(3441412)fip(1)ti(1) HTTP/1.1
Host: mc.webvisor.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://av.tube2.top/
Origin: https://av.tube2.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: /watch/48140495/1?wmode=7&page-url=https%3A%2F%2Fav.tube2.top%2Fcontact%2F----6rMwPUbnBOWpDTXd&page-ref=https%3A%2F%2Fav.tube2.top%2F6rMwPUbnBOWpDTXd&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a1il64u1scsxvruylb%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1331%3Acn%3A1%3Adp%3A0%3Als%3A455268307636%3Ahid%3A936607459%3Az%3A0%3Ai%3A20240504074608%3Aet%3A1714808769%3Ac%3A1%3Arn%3A889987808%3Arqn%3A2%3Au%3A1714808768992075819%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C0%2C343%2C1%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1714808767615%3Aadb%3A1%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-0ed8ce9e1e39cec802dafc59181dfc61-a81f3b9bcdd80a361c14af38dc09b309-08cddc828a0a4cecdead9052886a5778-4335742423629acc806791d3e9f585f3-b3a4b0ac1b44d5bc13e6d73ffb506aad-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-861578da3666aba98730162cd5ac0199%3Arqnl%3A1%3Ast%3A1714808769%3At%3AContact%20%26%20Abuse%20%E5%8B%95%E7%94%BB%40AV4.us&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%283441412%29fip%281%29ti%281%29&redirnss=1
date: Sat, 04 May 2024 07:46:09 GMT
access-control-allow-origin: https://av.tube2.top
set-cookie: yabs-sid=1518661131714808769; Path=/; SameSite=None; Secure
i=S2VbaPlIfGLLUBLT/uv/zIuceaGaRkO6DfPx810n0rui8lSND99WZ5QfAp2SRkCiSb9/9zNBOUNROQ91tRovUHUShyA=; Expires=Tue, 02-May-2034 07:46:08 GMT; Domain=.webvisor.org; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=9959191691714808769; Expires=Tue, 02-May-2034 07:46:08 GMT; Domain=.webvisor.org; Path=/; Secure; SameSite=None
yuidss=9959191691714808769; Expires=Sun, 04-May-2025 07:46:09 GMT; Domain=.webvisor.org; Path=/; SameSite=None; Secure
ymex=1746344769.yrts.1714808769#1746344769.yrtsi.1714808769; Expires=Sun, 04-May-2025 07:46:09 GMT; Domain=.webvisor.org; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 04-May-2024 07:46:09 GMT
last-modified: Sat, 04-May-2024 07:46:09 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
|
| css.4jpg.top/mycss/av4.css?3 | 188.114.97.1 | 200 OK | 3.8 kB |
URL GET HTTP/3css.4jpg.top/mycss/av4.css?3 IP188.114.97.1:443
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerGoogle Trust Services LLC Subject4jpg.top Fingerprint19:3C:A7:CB:6C:A2:7F:AC:A7:F8:06:02:93:BD:6D:64:17:BD:D5:58 ValidityThu, 07 Mar 2024 14:29:37 GMT - Wed, 05 Jun 2024 14:29:36 GMT
File typeUnicode text, UTF-8 text, with very long lines (4145), with no line terminators Hash632229e131d295fe4f9a0bf73260d8c7 6a026881304a0ca059d5778fead6af759d0bacad c2b0ff53f6e3c34914c3de2a5d3de4120f0af66f43d47e8df680b1f8c9e80016
GET /mycss/av4.css?3 HTTP/1.1
Host: css.4jpg.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 07:46:08 GMT
content-type: text/css
etag: W/"ef8-615968e3e7700"
access-control-allow-origin: *
access-control-allow-headers: Cake
cache-control: public, max-age=360000
cf-cache-status: HIT
age: 300623
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YEklpmCdO0GTuloYCeG%2Bgft9WxOxdZ2H4M%2B7Cu64rPukWHxeNlVLJxwOZ4A9sN3MkT2Td%2FWGCnknUX%2BDrX1%2FjpiI411fSbkiIO2Mm3Pb3XGavTPT%2FezVXAayRVd4sy0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e6e0139da6b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| da7b22a400.13199960a1.com/ff6ddfd6b5896d5fdafafcb5019ea553.js | 45.133.44.52 | 200 OK | 470 kB |
URL GET HTTP/2da7b22a400.13199960a1.com/ff6ddfd6b5896d5fdafafcb5019ea553.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://av.tube2.top/contact/----6rMwPUbnBOWpDTXd CertificateIssuerLet's Encrypt Subjectda7b22a400.13199960a1.com Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT
Size470 kB (470121 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ff6ddfd6b5896d5fdafafcb5019ea553.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://av.tube2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:46:10 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 12:49:54 GMT
etag: W/"661e73f2-72c69"
content-encoding: gzip
expires: Sat, 04 May 2024 07:51:10 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|