Report - d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg

Report Overview

Submitted URL
d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
IP
104.26.7.137
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-01 22:06:11
Access
public
Website Title
SCR-165-SEXTB NET-04202023 - DoodStream
Final URL
d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Tags
suspicious
urlquery detections
Suspicious - Anti-debugging code

Detections

urlquery
3
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
static.doodcdn.co	unknown	2022-04-23	2024-01-08	2024-04-28	399 B	114 kB	104.26.6.74
od.mucopussamkhya.com	unknown	2024-01-31	2024-01-31	2024-04-21	411 B	1.5 kB	23.109.170.29
iresandal.info	unknown	unknown	No data	No data	1.6 kB	1.8 kB	188.114.96.1
accounts.google.com	81	1997-09-15	2016-03-20	2024-04-30	3.7 kB	11 kB	74.125.131.84
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2024-04-30	2.2 kB	197 kB	172.67.141.24
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-01	1.0 kB	33 kB	216.58.207.227
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-01	1.7 kB	175 kB	104.17.25.14
lyappreciat.info	unknown	2024-03-31	2024-03-31	2024-03-31	947 B	1.8 kB	54.230.111.83
y577uags.video-delivery.net	unknown	2023-08-07	2023-08-13	2023-09-27	401 B	16 kB	162.19.19.62
pogothere.xyz	unknown	2022-08-22	2022-09-04	2024-04-30	826 B	152 kB	188.114.96.1
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-01	407 B	87 kB	104.21.35.227
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-04-30	732 B	424 B	192.243.59.12
d0000d.com	unknown	2024-02-02	2024-02-02	2024-04-18	1.6 kB	65 kB	104.26.6.137
d3eub2e21dc6h0.cloudfront.net	unknown	2008-04-25	2023-10-02	2024-04-22	1.8 kB	71 kB	54.230.241.62
rounddescribe.com	unknown	2024-02-09	2024-02-09	2024-04-21	431 B	15 kB	192.243.59.12
getrunkhomuto.info	unknown	2024-03-31	2024-03-31	2024-04-30	928 B	1.8 kB	143.204.55.23
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-01	421 B	417 B	18.198.227.187
cdn.barscreative1.com	25648	2021-09-08	2021-09-16	2024-05-01	478 B	12 kB	45.133.44.4
i.doodcdn.co	unknown	2022-04-23	2022-05-04	2024-04-28	4.0 kB	162 kB	104.26.6.74
h74v6kerf.com	unknown	2023-11-15	2023-11-15	2024-04-28	1.9 kB	112 kB	212.117.190.201
layeravowportent.com	unknown	2024-04-29	2024-04-30	2024-04-30	4.9 kB	11 kB	172.240.108.76
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-05-01	454 B	71 kB	45.133.44.10
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-01	418 B	7.6 kB	142.250.74.106
i.doodcdn.com	56705	2020-01-30	2020-04-06	2024-04-30	428 B	844 B	104.21.34.210
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-01	338 B	942 B	143.204.53.97

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-01	medium	mucopussamkhya.com	Sinkholed
2024-05-01	medium	layeravowportent.com	Sinkholed
2024-05-01	medium	layeravowportent.com	Sinkholed
2024-05-01	medium	layeravowportent.com	Sinkholed
2024-05-01	medium	layeravowportent.com	Sinkholed
2024-05-01	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (23)

	URL	Size	First Seen	Last Seen
	d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg	8.9 kB	2024-05-02	2024-05-02
Pretty URL d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg IP 104.26.6.137 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 00:06:19 Last Seen2024-05-02 00:06:19 Times Seen1 Hash 5f1664ac1cc59ac9cc1b60d0e3902409 dfadc15b3dabc054e1c720de792e06f53f39d24f 3412690ae680e9bd1410570d29d6c963cfa3fb39f71ea74bc5dcc19288666d4b Loading...

	od.mucopussamkhya.com/rpc2sB2YKJEFrJ/70849	0 B	2023-03-07	2024-05-15
Pretty URL od.mucopussamkhya.com/rpc2sB2YKJEFrJ/70849 IP 23.109.170.29 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-15 22:04:05 Times Seen37678775 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdnjs.cloudflare.com/ajax/libs/videojs-hotkeys/0.2.28/videojs.hotkeys.min.js	4.6 kB	2023-03-09	2024-05-15
Pretty URL cdnjs.cloudflare.com/ajax/libs/videojs-hotkeys/0.2.28/videojs.hotkeys.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:26:57 Last Seen2024-05-15 20:37:01 Times Seen454 Hash f2ecb2bd8a424c8e8cf507ce8bd933c2 3cbc08ca052ea25c3b0834b9291a3ca1e9122e26 4c0745052abbb26087a707bb0a043b43c393674055ba2d4452ac89e6923eb099 Loading...

	h74v6kerf.com/get/1999414?zoneid=1999414&jp=_cl7r4mlfnxiltv0p8jt5v2&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4053017774608896&eclog=0&im=1&uf=0	2.8 kB	2024-05-02	2024-05-02
Pretty URL h74v6kerf.com/get/1999414?zoneid=1999414&jp=_cl7r4mlfnxiltv0p8jt5v2&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4053017774608896&eclog=0&im=1&uf=0 IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 00:06:19 Last Seen2024-05-02 00:06:19 Times Seen1 Hash 79abe82ba6042b91b181b5b3d532a646 f41fc4820ae6a13706e5b48d486d6cd2cffe9a5b 3226e70f3b14dac12543add9fe2e5e8a6ce6bacb9e1c6e38997282b4ee2644d9 Loading...

	unknown	564 B	2024-04-18	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 14:22:53 Last Seen2024-05-10 22:18:36 Times Seen58 Hash 95dc6604ea8245c12739a72ddaa9dad5 50b0bcffc1298f5a240ceb88664e7655c5ee8e75 e3b31162220b53b9ca1fbf0a60ea0fc005f3096444979169573cd3c0fc63940a Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js	1.3 kB	2023-03-07	2024-05-15
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:34 Last Seen2024-05-15 20:37:01 Times Seen8822 Hash 4412bf8023109ee9eb1f1f226d391329 c273960aa874a87dd022b5e597887142f1b8e34f d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6 Loading...

	d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg	89 B	2023-03-07	2024-05-11
Pretty URL d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg IP 104.26.6.137 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:38:47 Last Seen2024-05-11 08:37:34 Times Seen205 Hash 8abe9eec1ba57b567ee2e31a4885617a 45ce82d218b59eb6ee37cb901c0176a411ee495b a65a6eae59fdb9f2da6741be68f499882bbd7f49e303d21c9b4b6aa29f6c3c72 Loading...

	rounddescribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js	40 kB	2024-05-02	2024-05-03
Pretty URL rounddescribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 00:06:19 Last Seen2024-05-03 23:42:48 Times Seen4 Hash c33ab6c22403e4347ca35901b561b317 e7ee9486ad2d4f2c82b6faf82e8eb38f23df2aa3 194baa2e09ae2814ae903e37bd210ff08e0dee9898977b9bbc36d6e4b2c66099 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-05-15
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-15 21:18:19 Times Seen144409 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg	3.6 kB	2024-05-02	2024-05-02
Pretty URL d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg IP 104.26.6.137 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 00:06:19 Last Seen2024-05-02 00:06:19 Times Seen1 Hash b40dcfb14f4d81a9a9595b7d53c42cd1 9aa247c272ff3115b6e5f9d986ee61dbe5899aed 7f2e51a5e0320168d693648aa3ac57458d97385f2f6071cf52cd099da985d378 Loading...

	d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg	474 B	2024-05-02	2024-05-02
Pretty URL d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg IP 104.26.6.137 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 00:06:19 Last Seen2024-05-02 00:06:19 Times Seen1 Hash 55e4a7d85d4f408b888caf4c01fa672a b2aa45daa9affc58b61dc0b08d4546a331692adb ad6f28faa1c43fc89e921157d438a1f7dc0786c7bd93f36cc45baf078d854ded Loading...

	cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js	90 kB	2023-03-07	2024-05-14
Pretty URL cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js IP 172.67.141.24 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2024-05-14 16:14:33 Times Seen4169 Hash 561acb3e541133bbdd2c0c19f8ee35a1 ffd1353cf3f77d25f801c84d8208613eb0d3d548 9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc Loading...

	d3eub2e21dc6h0.cloudfront.net/?ebued=1004075	210 kB	2024-05-02	2024-05-02
Pretty URL d3eub2e21dc6h0.cloudfront.net/?ebued=1004075 IP 54.230.241.62 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 00:06:19 Last Seen2024-05-02 00:06:19 Times Seen2 Hash 0ab7fc2d6c4a2edee5ab0e3f9d6b31cd 2f684c4b3c9646e55b8792b36c0f1c9e5ed29744 ebe34c285cb6562e5f7482578912b0b1757e81a42249a48ddb1926133661d8be Loading...

	d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg	92 kB	2024-05-02	2024-05-02
Pretty URL d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg IP 104.26.6.137 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 00:06:19 Last Seen2024-05-02 00:06:19 Times Seen1 Hash 57783460a88ec54847f4cb4c96c468a5 52eb256cdc6b43e0502100ebde080c5d43ba9551 38db09caa35aac1ad5e9052f8d005893f35934d97758787752343bff33843437 Loading...

	static.doodcdn.co/js/embed3.js	113 kB	2024-02-04	2024-05-15
Pretty URL static.doodcdn.co/js/embed3.js IP 104.26.6.74 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-04 21:01:01 Last Seen2024-05-15 20:37:01 Times Seen443 Hash 59698656a40921f7585e25a5bb347955 75de624e80155463ff8bb09090b712098eb74dd6 69e11aff34d69dbde839afd8e63b2a65e2cdf15c140f66fa55c477eeb6b33a34 Loading...

	d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg	7.4 kB	2024-05-02	2024-05-02
Pretty URL d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg IP 104.26.6.137 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 00:06:19 Last Seen2024-05-02 00:06:19 Times Seen1 Hash 92ca27d2154ebbb638dabab8ccfa5358 256a4e14ccc7e2f7e4ca5d9a54b5064f7b869cb9 f73450f5cf8b0e1df1fbf678298510cb40cd1fa73ffe88bc9af8aabd876ea04b Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-15
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 104.21.35.227 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-15 22:00:45 Times Seen3407 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	i.doodcdn.co/ads/ad.js	18 B	2023-03-07	2024-05-15
Pretty URL i.doodcdn.co/ads/ad.js IP 104.26.6.74 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:38:47 Last Seen2024-05-15 20:37:01 Times Seen2060 Hash 071c641b229d2bfadd243b8fa2a9c88d 4048ed3ad506f9bb9052c23283912d0cfea8bcc6 3716878d3ceb2042b22c092b31c6f43cc862f8464e92ddde416a49624b32716e Loading...

	cdnjs.cloudflare.com/ajax/libs/video.js/7.21.5/video.min.js	589 kB	2023-10-15	2024-05-15
Pretty URL cdnjs.cloudflare.com/ajax/libs/video.js/7.21.5/video.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-15 07:44:37 Last Seen2024-05-15 20:37:01 Times Seen467 Hash d7fdaaab43bc993b85290c713fd2d289 46bf3d27b2cf38b0e999d3b0a7613011181c87f9 c9535ea3a4e0af22e960ac1e32d363a71029f31aa96b29fc894e111fee49329e Loading...

	h74v6kerf.com/t/9/fret/meow4/1999414/cbf0f5d9.js	106 kB	2024-04-26	2024-05-11
Pretty URL h74v6kerf.com/t/9/fret/meow4/1999414/cbf0f5d9.js IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 05:30:15 Last Seen2024-05-11 08:37:36 Times Seen79 Hash dfbffc38bcd09966650b2735d57a25fe c67171dc358af78c02fa59832875c3b70104ebaa aabf5c8f7e0bbf0cf1851bbaaaaed113852e2e3e1a677cf166428ceed6e8e034 Loading...

	d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg	1.1 kB	2023-03-29	2024-05-15
Pretty URL d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg IP 104.26.6.137 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-29 21:39:55 Last Seen2024-05-15 20:37:01 Times Seen217 Hash 86245ddb205b0d537ad1e6134780076a 76d33d432096e340972d2ec6cac321ddf2296afe 1c835f95475788a5d4dc8337a3cee440ea8761542ca88f033007f24b42b082f9 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 1de5683f63232de1b70afb502b56fb62	213 B	2024-04-14	2024-05-14
Pretty Observations First Seen2024-04-14 21:20:17 Last Seen2024-05-14 21:37:54 Times Seen146 Hash 1de5683f63232de1b70afb502b56fb62 156337a5cbf8e537b40c2b1fd252dd5c21e4666e 7ee4ac6c6c3b359b368c149bd67af34b2524934bb128ee0fc6b8fe0c995a3752 Loading...

	#2 Eval - 7301cf470883898fe6d05b93b4984bd2	212 B	2024-04-14	2024-05-14
Pretty Observations First Seen2024-04-14 21:20:17 Last Seen2024-05-14 21:37:54 Times Seen147 Hash 7301cf470883898fe6d05b93b4984bd2 6b73bb0aa50c207f7cd5a9f784453e7b2bd4d4b3 8c120fdde579704ab82e80b833639719e51479f89b33f62f4007ea79d3b6873a Loading...

HTTP Transactions (58)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27958 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4343
expires: Mon, 21 Apr 2025 22:05:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=exvE1lAYmsr%2BBAE%2FAkqEPYgEosCeHH6LKh0XlocAkd%2FcgX%2FrDa5sMG%2FiBWJhqAu3kS2ppysTiGDN4HCyhKPE981Vp44Nu20vqV5Fetn%2FeVQ18TBr3O6bErBblnPRimYuF9bFlI6f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87d31324ece2569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js

104.17.25.14

200 OK

591 B

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1266)
Size
591 B (591 bytes)
Hash
4412bf8023109ee9eb1f1f226d391329
c273960aa874a87dd022b5e597887142f1b8e34f
d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6

HTTP Headers

GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 5722
expires: Mon, 21 Apr 2025 22:05:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AgOAOueGq5aBs9Z1CMXoPBDexN%2BKxXtC6GtYHDjHz2rf7zbrWvdIQ4T4oCdoWnv7GsJkrm04PZYf2YV%2Bq9gPxL62YMTpuCB1DFrsFCzaHHqW4Zr38ALEBU9ja42l1v1AmX1Hj8KH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87d31324fcf5569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.doodcdn.co/load-extn/i.ibb.co/4YVmY5V/cover-player.jpg

104.26.6.74

200 OK

22 kB

URL GET HTTP/3
i.doodcdn.co/load-extn/i.ibb.co/4YVmY5V/cover-player.jpg
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, progressive, precision 8, 800x536, components 3
Size
22 kB (21541 bytes)
Hash
99fdd3be7a8f35384ac471609be65a24
1b8e99a7d007b6f3d3b0cd4d29c23b0c42c07076
51eb020e626975896cbc0c6630a9b2d47d4be3a79c9ed8235152b921b63f3de8

HTTP Headers

GET /load-extn/i.ibb.co/4YVmY5V/cover-player.jpg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:45 GMT
content-type: image/jpeg
content-length: 21541
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=315360000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=27165
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Thu, 10 Aug 2023 00:21:17 GMT
cf-cache-status: HIT
age: 6230
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OvDEkn3ZpVj03KuylnWbuD7CddOa6fANgwxr6vwV8BIYL1QbeKHs8ZC9ycQnCUeDhbiiiaQ17Ah2Xr3J0V0QQyD%2BSUphBR5uP8M%2BzLfPa0QfRgEWRbIWTecUPu0%2BcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d313250d4b5685-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg

104.26.6.137

200 OK

48 kB

URL User Request GET HTTP/2
d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
IP
104.26.6.137:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectd0000d.com
FingerprintBD:90:21:00:88:3D:C8:E3:51:87:A1:6E:F2:99:0D:FC:98:3D:87:37
ValidityMon, 01 Apr 2024 12:55:14 GMT - Sun, 30 Jun 2024 12:55:13 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size
48 kB (47631 bytes)
Hash
2f8cda965b1487edf9941ba9b716122c
fbd393d3a815019200db2622db63fe55e3edbb87
2150254b2bdfda492b71c1929f43aa381bd5d1d7f0124353ecbf0db2311335be

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg HTTP/1.1
Host: d0000d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Tue, 30 Apr 2024 22:05:44 GMT
set-cookie: lang=1; domain=.d0000d.com; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZwUjLVk7Hx5rTtaRWBTf7uUeBaQoUedd%2FmR3AwiIFF5l%2Bo5t1y7CUkdZenAp9xU7rGky0E4UOcpCBhQJjeu4HRuJK2JqO6nmvfhyP1jC5tGo6d1UnxLhP2vp%2Fx8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d313226b810b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2

static.doodcdn.co/js/embed3.js

104.26.6.74

200 OK

113 kB

URL GET HTTP/2
static.doodcdn.co/js/embed3.js
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65494), with no line terminators
Size
113 kB (112790 bytes)
Hash
59698656a40921f7585e25a5bb347955
75de624e80155463ff8bb09090b712098eb74dd6
69e11aff34d69dbde839afd8e63b2a65e2cdf15c140f66fa55c477eeb6b33a34

HTTP Headers

GET /js/embed3.js HTTP/1.1
Host: static.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:45 GMT
content-type: application/javascript
content-length: 112790
access-control-allow-origin: *
cache-control: public, max-age=2592000, no-transform
cf-bgj: minify
cf-polished: origSize=112944
etag: "65bf48c8-1b930"
expires: Fri, 31 May 2024 18:35:50 GMT
last-modified: Sun, 04 Feb 2024 08:20:24 GMT
cf-cache-status: HIT
age: 12452
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wBRXiCxemHh6eYMw3R0995a%2BeSb4KMtYwbnI21urcT6Ae%2B1HDoDhzwFujGx%2FJkgsCRME3RTawfkMkgnu95DQYiqXCNwVPbhIGNgLtrL3jR4aGwMt3gctG2YA2WB9VSGsnRpW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3132518a2b4f4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/video.js/7.21.5/video.min.js

104.17.25.14

200 OK

137 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/video.js/7.21.5/video.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (48459)
Size
137 kB (137405 bytes)
Hash
d7fdaaab43bc993b85290c713fd2d289
46bf3d27b2cf38b0e999d3b0a7613011181c87f9
c9535ea3a4e0af22e960ac1e32d363a71029f31aa96b29fc894e111fee49329e

HTTP Headers

GET /ajax/libs/video.js/7.21.5/video.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 137405
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64bb5c88-218bd"
last-modified: Sat, 22 Jul 2023 04:35:20 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 93219
expires: Mon, 21 Apr 2025 22:05:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WQFf8mg53XeYggT6Vks0eS9hBXWT4v780RIJbkWik16NsHkkVSAKBl5alohXq%2FnZheDnYrWWg1370WJdD%2BzYc2A0848P3It5h3Rd3d6tck%2Bljwky8WHRpiAKicF3Nn2ePeVYWy49"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87d313251d13569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.doodcdn.co/img/no_video_3.svg

104.26.6.74

200 OK

2.8 kB

URL GET HTTP/2
i.doodcdn.co/img/no_video_3.svg
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
2.8 kB (2812 bytes)
Hash
077bfdaa49ae4877a42611b739ec4752
a2f9e1222b7af9abc05122411ab8902efcc08ead
70d6a17097a8c27edfaad6740e11359d9363f3f04bff1b93483e29c25609fa6c

HTTP Headers

GET /img/no_video_3.svg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:45 GMT
content-type: image/svg+xml
content-length: 2812
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-afc"
expires: Fri, 31 May 2024 18:35:50 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 12448
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NF0yJHFAECfDaEr%2BIsbimEx%2FBSfjV6eccaRoKUMf1QKp%2BWNXe10KwAkiHvSSUSgh5gndSZThTE5cQm4P2kdcIYGdKXhOXg6u94yx6pZd4a9iR6QDMxkY3uoBY9%2FZJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d313250d4d5685-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.doodcdn.co/ads/ad.js

104.26.6.74

200 OK

18 B

URL GET HTTP/2
i.doodcdn.co/ads/ad.js
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
071c641b229d2bfadd243b8fa2a9c88d
4048ed3ad506f9bb9052c23283912d0cfea8bcc6
3716878d3ceb2042b22c092b31c6f43cc862f8464e92ddde416a49624b32716e

HTTP Headers

GET /ads/ad.js HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:45 GMT
content-type: application/javascript
content-length: 18
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=20
expires: Thu, 01 May 2025 19:45:12 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
vary: User-Agent,Accept-Encoding
cf-cache-status: HIT
age: 6822
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RTS7tANGBILr8Euaagh4xCXogqUgre7ZAFzi0fnM0TNaE5FOD3h%2BFqbFmte054%2F01WsxJkDoXQvzMOOaHzXSdNbCJKjAdkh2SXykn9X1LrwjxzfzSyDejGVizzTo0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d313251d765685-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

od.mucopussamkhya.com/rpc2sB2YKJEFrJ/70849

23.109.170.29

200 OK

20 B

URL GET HTTP/1.1
od.mucopussamkhya.com/rpc2sB2YKJEFrJ/70849
IP
23.109.170.29:443
ASN
#7979 SERVERS-COM

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerLet's Encrypt
Subjectod.mucopussamkhya.com
Fingerprint14:A8:C5:6F:ED:B5:85:51:D2:31:84:8E:AD:07:7E:88:2A:D7:8F:BF
ValidityTue, 09 Apr 2024 23:05:08 GMT - Mon, 08 Jul 2024 23:05:07 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rpc2sB2YKJEFrJ/70849 HTTP/1.1
Host: od.mucopussamkhya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 May 2024 22:05:45 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://d0000d.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Thu, 02-May-2024 22:05:45 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Thu, 02-May-2024 22:05:45 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

d3eub2e21dc6h0.cloudfront.net/?ebued=1004075

54.230.241.62

200 OK

69 kB

URL GET HTTP/2
d3eub2e21dc6h0.cloudfront.net/?ebued=1004075
IP
54.230.241.62:443
ASN
#16509 AMAZON-02

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (15945)
Size
69 kB (69383 bytes)
Hash
0ab7fc2d6c4a2edee5ab0e3f9d6b31cd
2f684c4b3c9646e55b8792b36c0f1c9e5ed29744
ebe34c285cb6562e5f7482578912b0b1757e81a42249a48ddb1926133661d8be

HTTP Headers

GET /?ebued=1004075 HTTP/1.1
Host: d3eub2e21dc6h0.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 69383
date: Wed, 01 May 2024 22:05:45 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YdjQoPFxxZPbTTffLGaGvF0WOwKhX6hrQUPJJE577LKXc0TxhVe7Ug==
X-Firefox-Spdy: h2

i.doodcdn.co/load-extn/i.ibb.co/4YVmY5V/cover-player.jpg

104.26.6.74

200 OK

22 kB

URL GET HTTP/3
i.doodcdn.co/load-extn/i.ibb.co/4YVmY5V/cover-player.jpg
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, progressive, precision 8, 800x536, components 3
Size
22 kB (21541 bytes)
Hash
99fdd3be7a8f35384ac471609be65a24
1b8e99a7d007b6f3d3b0cd4d29c23b0c42c07076
51eb020e626975896cbc0c6630a9b2d47d4be3a79c9ed8235152b921b63f3de8

HTTP Headers

GET /load-extn/i.ibb.co/4YVmY5V/cover-player.jpg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://d0000d.com
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 22:05:45 GMT
content-type: image/jpeg
content-length: 21541
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=315360000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=27165
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Thu, 10 Aug 2023 00:21:17 GMT
cf-cache-status: HIT
age: 5398
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B63tQr4mVbyhwWve1Mu1X%2BxXcksQph5XWAKNKFIEhGRLInBLVxL8yzeSqpTSkMOyJbINM3%2BtMxJgd9RnV6BdCsk5V2grUvLVRaBPB%2F1Omffv93eoEl4y9Jh9C%2BbNIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d313283cc20b65-OSL
alt-svc: h3=":443"; ma=86400

i.doodcdn.co/fonts/avertastd-regular-webfont.woff2

104.26.6.74

200 OK

24 kB

URL GET HTTP/3
i.doodcdn.co/fonts/avertastd-regular-webfont.woff2
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23812, version 1.524
Size
24 kB (23812 bytes)
Hash
eb586e5a1b86dbf1c866e3ed80f9d18e
280ee78d19c017ab9335f769595e5157d3c4a343
714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf

HTTP Headers

GET /fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://d0000d.com
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.co/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 22:05:45 GMT
content-type: font/woff2
content-length: 23812
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
cache-control: max-age=2592000
expires: Fri, 31 May 2024 13:01:34 GMT
vary: User-Agent,Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 20871
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WEfY19VN%2FNbPGcjm1%2B%2BlAl21u%2BGnw7MliyV3F47N7176yZtUSvo6zQqF4q%2BHKB6BPoQ%2B2MisQIUBZ3Il%2FuiszuFmQrEDItQw54mU7Nru4L7I7WCcvi2czAin5qoS3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d313283cc40b65-OSL
alt-svc: h3=":443"; ma=86400

i.doodcdn.com/theme_2/img/loader.svg

104.21.34.210

301 Moved Permanently

167 B

URL GET HTTP/2
i.doodcdn.com/theme_2/img/loader.svg
IP
104.21.34.210:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectdoodcdn.com
FingerprintBF:BF:75:F1:F8:2C:6B:14:57:EF:04:47:A4:FC:01:46:C6:78:A6:CF
ValidityWed, 10 Apr 2024 07:21:20 GMT - Tue, 09 Jul 2024 07:21:19 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

HTTP Headers

GET /theme_2/img/loader.svg HTTP/1.1
Host: i.doodcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Wed, 01 May 2024 22:05:45 GMT
content-type: text/html
content-length: 167
location: https://i.doodcdn.co/theme_2/img/loader.svg
cache-control: max-age=3600
expires: Wed, 01 May 2024 23:05:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hQcPsGCp5lfAiKXkMjO7h6bWqpYfJXkQ%2Fn2ivZkySNQVD15UWGIIIxFhCygd3Gzn1Lg0RZFunUWgTGl37eBFdW3xPdynic03OpqZA4wh%2BJdRG3C9QhoPVaOq65DNDJB7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d313284f105684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.doodcdn.co/img/logo-s.png

104.26.6.74

200 OK

1.9 kB

URL GET HTTP/3
i.doodcdn.co/img/logo-s.png
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.9 kB (1932 bytes)
Hash
8211fb3cc137d3e1c1e399b86476f951
136d8ef228959aa0cee12e5ed463b6e6a4fcf720
2577866b9d26cd6a4be764910f0913ae5b737ed1d130d635048051ebe15ae680

HTTP Headers

GET /img/logo-s.png HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 22:05:45 GMT
content-type: image/webp
content-length: 1932
access-control-allow-origin: *
cache-control: public, max-age=2592000, no-transform
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=6212
content-disposition: inline; filename="logo-s.webp"
etag: "61d3187c-1844"
expires: Fri, 31 May 2024 02:33:36 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
vary: Accept
cf-cache-status: HIT
age: 12452
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NAq8wPgtTZWNkGTkTDS4OEJQY21gxfZWL8IjGnrJ87zRhPWTD8KHcrohV%2BSDud0z%2BEvO3NgAHoBhqWfehM5C0zpwrt4b01gEPJeiAVMEI1xp6hVII4txut%2FoMkdMVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d313285b221bfa-OSL
alt-svc: h3=":443"; ma=86400

h74v6kerf.com/solid.gif?z=1999414&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4053017774608896&eclog=0&im=1

212.117.190.201

200 OK

43 B

URL POST HTTP/2
h74v6kerf.com/solid.gif?z=1999414&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4053017774608896&eclog=0&im=1
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerBuypass AS-983163327
Subject
FingerprintB4:04:86:B7:6C:34:2D:3F:F3:83:58:A9:89:DF:83:A8:14:64:40:5D
ValidityTue, 09 Jan 2024 12:43:03 GMT - Sat, 06 Jul 2024 21:59:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

POST /solid.gif?z=1999414&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4053017774608896&eclog=0&im=1 HTTP/1.1
Host: h74v6kerf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://d0000d.com
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 01 May 2024 22:05:45 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
set-cookie: CHCK=1; Path=/; Expires=Wed, 04 Jun 2025 22:05:45 GMT; Secure; SameSite=None
UID=24050117051a41be7df14b4e9796afcad125; Path=/; Expires=Wed, 04 Jun 2025 22:05:45 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

rounddescribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js

192.243.59.12

200 OK

14 kB

URL GET HTTP/1.1
rounddescribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerLet's Encrypt
Subjectrounddescribe.com
Fingerprint44:78:C2:5E:BC:AB:0A:BF:62:2A:BB:A4:C5:12:C8:05:CB:82:9D:0C
ValidityWed, 10 Apr 2024 07:59:33 GMT - Tue, 09 Jul 2024 07:59:32 GMT

File type
JavaScript source, ASCII text, with very long lines (39493), with no line terminators
Size
14 kB (13876 bytes)
Hash
c33ab6c22403e4347ca35901b561b317
e7ee9486ad2d4f2c82b6faf82e8eb38f23df2aa3
194baa2e09ae2814ae903e37bd210ff08e0dee9898977b9bbc36d6e4b2c66099

HTTP Headers

GET /2c/03/60/2c0360ed33b0b4736859081c701f9a91.js HTTP/1.1
Host: rounddescribe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 01 May 2024 22:05:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 33fbc38a0b9cf2c40400f972d6e8bd93
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

lyappreciat.info/ZVdIc2MENSseXARqKlUWFzt1VlEjcno1B1YyPRFRAGV5FwBTP3hdAAk4PRcFFzgmB00LMjxWUSMUHkEHMjYeGFMmEy8jOQwaBz4PNzgSQgcMAB9GCjQEEREzIREpPg8JJxJCABwFMhxXJjkJNygPMAI5DzQOKgoMPB8aQwEkLXw/BRwaLD4PNycrIhBWFTJGEjQDBTssCCcfECICbgYlEwwDMUMNJhN5Ji4xGg46BBYiBwsyHx8ASwonOjs2LQxnBzwEMGMrHzY0DwAXDTQ6GikANm4fKVMdJg4mKQ4AHCZGVxULIC43MQ8lOyk7DgUgIxEhJyQKARkeTjcNAwolJg0bGwQ8AiQeMi0vJCUZIBoHGRQsNHkABT8BLB00MjslJVEBGilBACcHMABbKAYvBjciJBorDicfKSsmNjZ5FEUPJCcdE1gWcD4tERMEFwsH

54.230.111.83

200 OK

1.2 kB

URL GET HTTP/2
lyappreciat.info/ZVdIc2MENSseXARqKlUWFzt1VlEjcno1B1YyPRFRAGV5FwBTP3hdAAk4PRcFFzgmB00LMjxWUSMUHkEHMjYeGFMmEy8jOQwaBz4PNzgSQgcMAB9GCjQEEREzIREpPg8JJxJCABwFMhxXJjkJNygPMAI5DzQOKgoMPB8aQwEkLXw/BRwaLD4PNycrIhBWFTJGEjQDBTssCCcfECICbgYlEwwDMUMNJhN5Ji4xGg46BBYiBwsyHx8ASwonOjs2LQxnBzwEMGMrHzY0DwAXDTQ6GikANm4fKVMdJg4mKQ4AHCZGVxULIC43MQ8lOyk7DgUgIxEhJyQKARkeTjcNAwolJg0bGwQ8AiQeMi0vJCUZIBoHGRQsNHkABT8BLB00MjslJVEBGilBACcHMABbKAYvBjciJBorDicfKSsmNjZ5FEUPJCcdE1gWcD4tERMEFwsH
IP
54.230.111.83:443
ASN
#16509 AMAZON-02

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerAmazon
Subjectlyappreciat.info
Fingerprint36:2B:79:61:76:AB:5F:D6:D1:81:18:F5:38:E8:BC:C8:08:02:8E:9B
ValidityMon, 01 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (3036), with no line terminators
Size
1.2 kB (1190 bytes)
Hash
86871a241120bbd6ff7b4557a204ab8f
20ec8d4a28e40a6ef9f0e92c2dfac46b4aa40554
ae4a505b5c4a21685867b40f2eaeb7d97720c1c0e1d27c643263ddebf0f7713e

HTTP Headers

GET /ZVdIc2MENSseXARqKlUWFzt1VlEjcno1B1YyPRFRAGV5FwBTP3hdAAk4PRcFFzgmB00LMjxWUSMUHkEHMjYeGFMmEy8jOQwaBz4PNzgSQgcMAB9GCjQEEREzIREpPg8JJxJCABwFMhxXJjkJNygPMAI5DzQOKgoMPB8aQwEkLXw/BRwaLD4PNycrIhBWFTJGEjQDBTssCCcfECICbgYlEwwDMUMNJhN5Ji4xGg46BBYiBwsyHx8ASwonOjs2LQxnBzwEMGMrHzY0DwAXDTQ6GikANm4fKVMdJg4mKQ4AHCZGVxULIC43MQ8lOyk7DgUgIxEhJyQKARkeTjcNAwolJg0bGwQ8AiQeMi0vJCUZIBoHGRQsNHkABT8BLB00MjslJVEBGilBACcHMABbKAYvBjciJBorDicfKSsmNjZ5FEUPJCcdE1gWcD4tERMEFwsH HTTP/1.1
Host: lyappreciat.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1190
date: Wed, 01 May 2024 22:05:45 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: QyWDfi5n7pe3_RoIzSW-BStJX3poiL6rq8HZpMB6fzfbQEC9S8QKdg==
X-Firefox-Spdy: h2

iresandal.info/dzA5NzFYD1pEDCRkY1xnP0AcBXc2AXdQYkQIemF2NXpaZlUkaglcFwNZXQoARwANBwZCFkleVUoBH0RFFkRMRAxGFlBZVxgNH0EMRh4KAx9EBhcDFwINCBFFB1FeCgBRQE1DXUoBDgYFQQAIBgVCBg4P

188.114.96.1

204 No Content

0 B

URL GET HTTP/2
iresandal.info/dzA5NzFYD1pEDCRkY1xnP0AcBXc2AXdQYkQIemF2NXpaZlUkaglcFwNZXQoARwANBwZCFkleVUoBH0RFFkRMRAxGFlBZVxgNH0EMRh4KAx9EBhcDFwINCBFFB1FeCgBRQE1DXUoBDgYFQQAIBgVCBg4P
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectiresandal.info
FingerprintD9:9E:21:6F:70:F4:90:F2:B5:4A:CC:E5:AB:CD:07:D7:A8:09:59:3A
ValidityMon, 01 Apr 2024 07:01:50 GMT - Sun, 30 Jun 2024 07:01:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /dzA5NzFYD1pEDCRkY1xnP0AcBXc2AXdQYkQIemF2NXpaZlUkaglcFwNZXQoARwANBwZCFkleVUoBH0RFFkRMRAxGFlBZVxgNH0EMRh4KAx9EBhcDFwINCBFFB1FeCgBRQE1DXUoBDgYFQQAIBgVCBg4P HTTP/1.1
Host: iresandal.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Wed, 01 May 2024 22:05:45 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=my%2BGbnBBmYz6ZrRoRciLajVpwKXS%2Fvx6Gx%2FWoIrWhIukWvBgq2Mqkdz%2FMew74Dr%2B7C8%2BpygGn%2BiLiUN8zcxbpdt%2Fu7xTmbPyakEQWa6n6tEcW7j1tO8lKnW22Ni29%2FVKNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d31328cdaa0b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

iresandal.info/dGVKVGJbWiknXxAJBCAwHjcCDlMAVAtkLBgyeREsJlc+NQYTMGwgCxBYe2RSQFV9Y0QEDC5pU0xDOSADABA5aVNSDCQyDUlDPGlTWlVkZkxBQz9pU1IROjUFSVRsJBYACXdlVUVRfGRTRVF/YltG

188.114.96.1

204 No Content

0 B

URL GET HTTP/2
iresandal.info/dGVKVGJbWiknXxAJBCAwHjcCDlMAVAtkLBgyeREsJlc+NQYTMGwgCxBYe2RSQFV9Y0QEDC5pU0xDOSADABA5aVNSDCQyDUlDPGlTWlVkZkxBQz9pU1IROjUFSVRsJBYACXdlVUVRfGRTRVF/YltG
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectiresandal.info
FingerprintD9:9E:21:6F:70:F4:90:F2:B5:4A:CC:E5:AB:CD:07:D7:A8:09:59:3A
ValidityMon, 01 Apr 2024 07:01:50 GMT - Sun, 30 Jun 2024 07:01:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /dGVKVGJbWiknXxAJBCAwHjcCDlMAVAtkLBgyeREsJlc+NQYTMGwgCxBYe2RSQFV9Y0QEDC5pU0xDOSADABA5aVNSDCQyDUlDPGlTWlVkZkxBQz9pU1IROjUFSVRsJBYACXdlVUVRfGRTRVF/YltG HTTP/1.1
Host: iresandal.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Wed, 01 May 2024 22:05:45 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YcPewUwggaeZ9jesO1LYCW9rtRZLMPSqY8vdqpr5chcAT%2BP%2F5TR%2B7quA8JWdBCmEGU5PeY1Dh32Ia8KaQRLS4%2FkTk8YjB0uzfr8APNZN9Zc3NPx2xyT7be4sKvDBNW%2FO1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d313290dd00b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

getrunkhomuto.info/Q1BtaTIiMg4EDSJtD09HMTxQTAAFdV8vVnA1GAsAJmJcDVF1OF1HUS8/GA1UMT8DHRwtNRlMAAUjIzFkdjM6O2UEOA4xZXMVDiFnOwYvPGQNATskcRYnBi1zFR4kIWcFBS88ZycIGg1TBBZVC3RyPw8qZzQkNRMKGhIFI18HEl0DfhszPzFFFjU4PFoJBhoBZwQoWCRjLxEPLlk7BigRYycVXAJwFicaOGUVNwwoSiQZOjtgIAEUIHMUYAE8ZCQGCShnAQYoLGt0BiswdAQCLA93FmE8OgIGMyk8fy4CXChjEToZPGQkBSUtAxEICSxKEwhcOFEWFUAdcAJhLD53K2UvK0gNHDw/ZwUCOAFwFQIvIWERMyM7SgI2JQFFEgIXUHsWOBkvajQCNytzZToeBlwzbSQDeCInGzpLJwIkK1Y

143.204.55.23

200 OK

1.2 kB

URL GET HTTP/2
getrunkhomuto.info/Q1BtaTIiMg4EDSJtD09HMTxQTAAFdV8vVnA1GAsAJmJcDVF1OF1HUS8/GA1UMT8DHRwtNRlMAAUjIzFkdjM6O2UEOA4xZXMVDiFnOwYvPGQNATskcRYnBi1zFR4kIWcFBS88ZycIGg1TBBZVC3RyPw8qZzQkNRMKGhIFI18HEl0DfhszPzFFFjU4PFoJBhoBZwQoWCRjLxEPLlk7BigRYycVXAJwFicaOGUVNwwoSiQZOjtgIAEUIHMUYAE8ZCQGCShnAQYoLGt0BiswdAQCLA93FmE8OgIGMyk8fy4CXChjEToZPGQkBSUtAxEICSxKEwhcOFEWFUAdcAJhLD53K2UvK0gNHDw/ZwUCOAFwFQIvIWERMyM7SgI2JQFFEgIXUHsWOBkvajQCNytzZToeBlwzbSQDeCInGzpLJwIkK1Y
IP
143.204.55.23:443
ASN
#16509 AMAZON-02

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerAmazon
Subjectgetrunkhomuto.info
Fingerprint07:6C:15:28:EC:56:65:DE:8C:55:1C:BF:A5:DB:7B:96:8F:38:56:0E
ValidityMon, 01 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (3022), with no line terminators
Size
1.2 kB (1171 bytes)
Hash
635152cfc84ad0a90e2ad83bb972d4f9
1d7c816843d347aad8bc9cd60d3b4696f3c87ddc
9e5c27524f158131b149fc6e9d4beeebebedb5cd0a77d4da665d85b3361fce43

HTTP Headers

GET /Q1BtaTIiMg4EDSJtD09HMTxQTAAFdV8vVnA1GAsAJmJcDVF1OF1HUS8/GA1UMT8DHRwtNRlMAAUjIzFkdjM6O2UEOA4xZXMVDiFnOwYvPGQNATskcRYnBi1zFR4kIWcFBS88ZycIGg1TBBZVC3RyPw8qZzQkNRMKGhIFI18HEl0DfhszPzFFFjU4PFoJBhoBZwQoWCRjLxEPLlk7BigRYycVXAJwFicaOGUVNwwoSiQZOjtgIAEUIHMUYAE8ZCQGCShnAQYoLGt0BiswdAQCLA93FmE8OgIGMyk8fy4CXChjEToZPGQkBSUtAxEICSxKEwhcOFEWFUAdcAJhLD53K2UvK0gNHDw/ZwUCOAFwFQIvIWERMyM7SgI2JQFFEgIXUHsWOBkvajQCNytzZToeBlwzbSQDeCInGzpLJwIkK1Y HTTP/1.1
Host: getrunkhomuto.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1171
date: Wed, 01 May 2024 22:05:45 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Q1riGbvqPUZmBDxj0P4rrtvhSXQFj4HharPqA_8mtblwA3xXCI4QFA==
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
09638294065dde694b10517913ab1b46
1861c09ceabe3b8df13ff5e5efee5e9797c09927
ddb770c3d19de46cceb095c3098de856e984ea0b06563b48a93247751beacf09

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 01 May 2024 22:05:46 GMT
Last-Modified: Wed, 01 May 2024 20:28:23 GMT
Server: ECAcc (ska/F6E1)
X-Cache: Miss from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: n8QZBrJtMilKqMIT9IaLs6KH0iwSG4f5sTKOEhh1keizJyaTGBan5g==
Age: 5843

proftrafficcounter.com/stats

18.198.227.187

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.198.227.187:443
ASN
#16509 AMAZON-02

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
0dd9e0aaf0596ff3db6565b2e203f5f9
139310ad7f0c25806a53c21991021213a9586574
394815e4b47855ef91f5d884c00027b5f44af16bdb1127364755b3e331c8540e

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://d0000d.com
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:46 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://d0000d.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=bd56ec87-82dd-4a78-bed4-ff51c00c6129:1:1; expires=Sat, 29 Apr 2034 22:05:46 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

d0000d.com/favicon.ico

104.26.6.137

200 OK

15 kB

URL GET HTTP/2
d0000d.com/favicon.ico
IP
104.26.6.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerLet's Encrypt
Subjectd0000d.com
FingerprintBD:90:21:00:88:3D:C8:E3:51:87:A1:6E:F2:99:0D:FC:98:3D:87:37
ValidityMon, 01 Apr 2024 12:55:14 GMT - Sun, 30 Jun 2024 12:55:13 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15406 bytes)
Hash
30d3656f43c817e38c3e7d70b2bfbdad
1aa43b43755e7cba5e145d0978517f7bedad7da6
a558a4796f60f07743027eec96b538b2e7758cca8c544ed796ff745837478555

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: d0000d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Cookie: lang=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:46 GMT
content-type: image/x-icon
content-length: 15406
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-3c2e"
expires: Thu, 30 May 2024 17:27:38 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 103087
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oa53BSnvjwIt%2BI4EcP4%2FLmEj3L1vXq5j1Idb5JIMqkvesOwLLiVcZo80XfHV8ew4J5HZo7gbZyvQWIF2F9R7sHIQ%2Bu%2BsumTIACqhhaxoypQ32UYzHZUTRvMIeQ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3132be9860b3d-OSL
X-Firefox-Spdy: h2

y577uags.video-delivery.net/favicon.ico?i

162.19.19.62

200 OK

15 kB

URL GET HTTP/1.1
y577uags.video-delivery.net/favicon.ico?i
IP
162.19.19.62:443
ASN
#16276 OVH SAS

Requested by
moz-nullprincipal:{804ec268-3685-47a2-845e-c7af394727ad}?https://d0000d.com
Certificate
IssuerSectigo Limited
Subject*.video-delivery.net
FingerprintB2:D2:20:85:E7:38:3D:67:F7:C4:52:00:66:6C:CD:FE:DD:6D:7E:74
ValidityMon, 07 Aug 2023 00:00:00 GMT - Wed, 07 Aug 2024 23:59:59 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15406 bytes)
Hash
30d3656f43c817e38c3e7d70b2bfbdad
1aa43b43755e7cba5e145d0978517f7bedad7da6
a558a4796f60f07743027eec96b538b2e7758cca8c544ed796ff745837478555

HTTP Headers

GET /favicon.ico?i HTTP/1.1
Host: y577uags.video-delivery.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 May 2024 22:05:46 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 15406
Connection: keep-alive
Last-Modified: Sat, 29 Feb 2020 09:26:04 GMT
ETag: "3c2e-59fb38b06e300"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *

d3eub2e21dc6h0.cloudfront.net/CV2dWaVk0CDgPZiMOMlRoZ1diWW5iQSYbPDFaMllpZ1cyRzo4CnADKjgJJlQYbyoYHR0bAz4LfyMdMlRpcQs3Bz5qQTMHOmpWcAg9NVpiTy0nCD1UMTMFIgsuOxQzHH8iBmsENi0OOgU4clUQXHdnQmRZcS9WZ0xqFUJkWTU+CSMRfGVXLlFvCFFiTGoVQm-RZKyFCZShgYUlmQHxlVzEMOjwIc1sfZVdnWWlmV2dMa2cBPxs8MQguTGsRXmBHaXESa1g

54.230.241.62

580 B

URL
d3eub2e21dc6h0.cloudfront.net/CV2dWaVk0CDgPZiMOMlRoZ1diWW5iQSYbPDFaMllpZ1cyRzo4CnADKjgJJlQYbyoYHR0bAz4LfyMdMlRpcQs3Bz5qQTMHOmpWcAg9NVpiTy0nCD1UMTMFIgsuOxQzHH8iBmsENi0OOgU4clUQXHdnQmRZcS9WZ0xqFUJkWTU+CSMRfGVXLlFvCFFiTGoVQm-RZKyFCZShgYUlmQHxlVzEMOjwIc1sfZVdnWWlmV2dMa2cBPxs8MQguTGsRXmBHaXESa1g
IP
54.230.241.62:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with very long lines (842), with no line terminators
Size
580 B (580 bytes)
Hash
c081dc55312d1b5dc957c0bb107fdba3
0d21d625e9f4a7264365db9fdd66ca4e41e11986
0c77b360b89c4872684886f09912898f17b630a0ee72a4b4b9f2c6fe633777f1

HTTP Headers

GET /CV2dWaVk0CDgPZiMOMlRoZ1diWW5iQSYbPDFaMllpZ1cyRzo4CnADKjgJJlQYbyoYHR0bAz4LfyMdMlRpcQs3Bz5qQTMHOmpWcAg9NVpiTy0nCD1UMTMFIgsuOxQzHH8iBmsENi0OOgU4clUQXHdnQmRZcS9WZ0xqFUJkWTU+CSMRfGVXLlFvCFFiTGoVQm-RZKyFCZShgYUlmQHxlVzEMOjwIc1sfZVdnWWlmV2dMa2cBPxs8MQguTGsRXmBHaXESa1g HTTP/1.1
Host: d3eub2e21dc6h0.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyappreciat.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 580
date: Wed, 01 May 2024 22:05:46 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dHZX9m0k94Z0WHym9E8tzwSUgBBMzJ8jd-_rnuVzGQVPs7gf0haCnQ==
X-Firefox-Spdy: h2

d3eub2e21dc6h0.cloudfront.net/sNXV5cWRWGhcXW0EcHUxVBUVNQVMCUwkDAVNIHUFUBUUdXwdaGF8bF1obCUwtXz8YBhJmDB0jLXcRXwUeUUhJVwhUGx5MQlAbGkxVExQdE1kBUwwQWVgaAxgIWRRcQyIAW0lUVgVdAUBVEEY7VFYFGRAfEU1QS0EcDUMmR1AQRjtUVgUHD1RXdExPX1QcUE-tBA1AWEh5BBzNLQVUFRUhBVRBHSRcNRxAfHhwQRz9IUhtFXwRZBA

54.230.241.62

258 B

URL
d3eub2e21dc6h0.cloudfront.net/sNXV5cWRWGhcXW0EcHUxVBUVNQVMCUwkDAVNIHUFUBUUdXwdaGF8bF1obCUwtXz8YBhJmDB0jLXcRXwUeUUhJVwhUGx5MQlAbGkxVExQdE1kBUwwQWVgaAxgIWRRcQyIAW0lUVgVdAUBVEEY7VFYFGRAfEU1QS0EcDUMmR1AQRjtUVgUHD1RXdExPX1QcUE-tBA1AWEh5BBzNLQVUFRUhBVRBHSRcNRxAfHhwQRz9IUhtFXwRZBA
IP
54.230.241.62:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
258 B (258 bytes)
Hash
08a5047bd039511a56ebd68bd34d609a
fae69664ff6d193cc221dd6cdcc6b39646404254
8085a9e07b1ff13b6f217ee14d79783212786c7c7c366cf1174ee852ef21f11e

HTTP Headers

GET /sNXV5cWRWGhcXW0EcHUxVBUVNQVMCUwkDAVNIHUFUBUUdXwdaGF8bF1obCUwtXz8YBhJmDB0jLXcRXwUeUUhJVwhUGx5MQlAbGkxVExQdE1kBUwwQWVgaAxgIWRRcQyIAW0lUVgVdAUBVEEY7VFYFGRAfEU1QS0EcDUMmR1AQRjtUVgUHD1RXdExPX1QcUE-tBA1AWEh5BBzNLQVUFRUhBVRBHSRcNRxAfHhwQRz9IUhtFXwRZBA HTTP/1.1
Host: d3eub2e21dc6h0.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://getrunkhomuto.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 258
date: Wed, 01 May 2024 22:05:46 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yVM4B6D1OqmNtll8aZow4uduuWH2U9wfkIPVzRB4HfiDwDQi4nPLNQ==
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

74.125.131.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:udLO68FXcUuaoXPTTpHFL0C2cVY02Q:XZze7ULcxBdWQPyZ; Expires=Fri, 01-May-2026 22:05:46 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 May 2024 22:05:46 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQxCkYHKzntDvBEVgL61n5iPRia5nMG8WLOAx7INQivWJYU3L5HtiBh1xTd5e4bOm8CGWv4tbw
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'nonce-sJSJPR3Cs8nS_QLPaggo4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

74.125.131.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:sxpTClUG9_POpGpZhitHnsxovQHeIA:9IsKv96fJ6nGyNuL; Expires=Fri, 01-May-2026 22:05:46 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 May 2024 22:05:46 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQxCux3Toe3_OfkkmywA5ZlWxA4LwhBl3787UsmStsFbzDZI-hVuJgCTmCgonp68Pzsp48JsYQ
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-a7HC1pMM4gnIUJrtZ1wr8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQxCkYHKzntDvBEVgL61n5iPRia5nMG8WLOAx7INQivWJYU3L5HtiBh1xTd5e4bOm8CGWv4tbw

74.125.131.84

302 Found

423 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQxCkYHKzntDvBEVgL61n5iPRia5nMG8WLOAx7INQivWJYU3L5HtiBh1xTd5e4bOm8CGWv4tbw
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type
HTML document, ASCII text, with very long lines (404)
Size
423 B (423 bytes)
Hash
7ed17cfc5df78256dc0483f0aff46c9e
980c462da3c4f2bef5a4c902e6b06a0023f2a24e
7ec92786150a1e5a841ea767900f9f8b8d9b877725821fee40a296b2cb369ce3

HTTP Headers

GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQxCkYHKzntDvBEVgL61n5iPRia5nMG8WLOAx7INQivWJYU3L5HtiBh1xTd5e4bOm8CGWv4tbw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://d0000d.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:KlCGkQuexxaekKp3ZNnrpPktQ_Wpiw:GddqjaNdl3Ud-pA6;Path=/;Expires=Fri, 01-May-2026 22:05:46 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 May 2024 22:05:46 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxT5IDBTxY3XODH0roYp0hbck94hMzIn4G3xhRji2y5JxrF5SbEx2MuU8F24Lo3R4VMspM5fg&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1744744950%3A1714601146385322&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-cfp2tX7RR3kI8Zw0ZcpWqQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 423
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQxCux3Toe3_OfkkmywA5ZlWxA4LwhBl3787UsmStsFbzDZI-hVuJgCTmCgonp68Pzsp48JsYQ

74.125.131.84

302 Found

427 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQxCux3Toe3_OfkkmywA5ZlWxA4LwhBl3787UsmStsFbzDZI-hVuJgCTmCgonp68Pzsp48JsYQ
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type
HTML document, ASCII text, with very long lines (407)
Size
427 B (427 bytes)
Hash
fa62231381fb1baeabd1b450e50f3a54
31d74db64bcdc4647d3808d927ed7feee9b4bdc3
3348c35e83b4e2503d30354da03c195895f854bfe565aa432ea20ec08d783042

HTTP Headers

GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQxCux3Toe3_OfkkmywA5ZlWxA4LwhBl3787UsmStsFbzDZI-hVuJgCTmCgonp68Pzsp48JsYQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://d0000d.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:IqJXHzvkfxv9-gYeKV8R6-G_4KJ9gw:78L1sqv_1Rh15CsI;Path=/;Expires=Fri, 01-May-2026 22:05:46 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 May 2024 22:05:46 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzP0gp7rzyhxxE386p9oz4peZILPukBd0vWk8Vom4XkDtv7Ef8keUb6H6SGEcObSaQrFuicGQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1308802085%3A1714601146396901&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-2YX8sG9m9DLN07Rq96KO6g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 427
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

layeravowportent.com/sbar.json?key=2c0360ed33b0b4736859081c701f9a91&uuid=bd56ec87-82dd-4a78-bed4-ff51c00c6129%3A1%3A1

172.240.108.76

200 OK

7.5 kB

URL GET HTTP/1.1
layeravowportent.com/sbar.json?key=2c0360ed33b0b4736859081c701f9a91&uuid=bd56ec87-82dd-4a78-bed4-ff51c00c6129%3A1%3A1
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerLet's Encrypt
Subjectlayeravowportent.com
FingerprintE9:CB:6F:5C:6E:50:B1:84:A2:34:39:5B:96:74:1D:84:D3:FA:2A:38
ValidityMon, 29 Apr 2024 08:07:58 GMT - Sun, 28 Jul 2024 08:07:57 GMT

File type
JSON text data
Size
7.5 kB (7530 bytes)
Hash
694445384d643e8f7f2eec42e1c85a36
4694fc821a2fa1a868a80295ae08cfaaecc65f09
fbf51132a2e4455e13e36e226adcc6a58950a887ad8668ab6c6416b5d355df55

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=2c0360ed33b0b4736859081c701f9a91&uuid=bd56ec87-82dd-4a78-bed4-ff51c00c6129%3A1%3A1 HTTP/1.1
Host: layeravowportent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://d0000d.com
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 01 May 2024 22:05:46 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://d0000d.com
Access-Control-Allow-Origin: https://d0000d.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=19079684; expires=Thu, 02 May 2024 22:05:46 GMT; secure; SameSite=None
uid_id2=bd56ec87-82dd-4a78-bed4-ff51c00c6129:1:1; expires=Wed, 08 May 2024 22:05:46 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 02 May 2024 22:05:46 GMT; secure; SameSite=None
uncs=1; expires=Thu, 02 May 2024 22:05:46 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 02 May 2024 22:05:46 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 02 May 2024 22:05:46 GMT; secure; SameSite=None
slec2c0360ed33b0b4736859081c701f9a91=[5172670,5172671]; expires=Wed, 01 May 2024 22:05:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 748a9671352924622ba3eaece833381c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

layeravowportent.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuzgY8KMjK3kQY1AWFzaS7Z6Znxj0sxhgJxmTZVfQm1VXVkzLVXW1V9%2FQkp%2BCC7HHwpl463yQb1MUfV9EokwWRgJDxNAfzH3gS9iw9BkcfdL%2F36nsF3%2Fe9%2BvggvyA%2BcjpdfUvvSaXocqvu1l56z%2FNu1jZkkg9qg07wftC8WTP9V7pB3X259oZgO3rZdz3X9VyvtiaNiPRguQIh04ddr951602%2F7rWaGJj%2F9zZ3YKkD3r8gz0DyyeIj5xokGyOJv10VdifT6Y3X41zRTBv0%2BfE7yU6iiwTxvIyMgyg5vpyGtudrJ9DJ0YwudP%2FfwVBOiPPLCcLk%2BJIkwv7hjGeoIBKE%2FEkU%2FTGEGkPSMZi%2BB8nPCcA4NreQxA82tSno7j8ordAJWXz8F2QxIYt%2FXEMSf72i5KB2V6s8kzqxGEQl5GAM2RsjzU%2BR7S1AFqdg2UeQ%2FDey%2FHgDSXy4ZZWG5NMXQ94KBOu0lzo%2B50tN2u4shYI3l6Ko5THXZYHnd2cGSTmGjMZQYghqHeTVJx3kkYM8dRDzaY15ntd2OaNup8tYg7dFGHDXo%2B3Io54bdJCzSsMQWToEU0Mws4%2FU7GNHDmHyn2G3S1juwGYEfV6iEASFJSgoQSEJioyg6JdHXFnflg%2B4snnoXWb%2FMjfKkc56B%2FRIZz2REFAzhOHlQXpBrlYGOi88v4gdMa35zG0EruCNRuiGzXYj6LS6bsdjbdeLurTrwcoS0i7M5O7JCbn%2B4S2kckKe%2BvUqQnoKq07B5HXQ%2FDnQogTdLrGXfONxrbnNjKBxnekYXJdIs0Vku86BuiDPzra4%2BecJBDu7Nf20is%2FATInUlPhAPiLoqfujO7ogh3d0Ycl3W2kmY7lHqw3fzWgmrnz5ptgttOHrq3b4xausAqry4dvCZhs04TLpWfLViuRcmDVtmCA%2Frtt3RXg7t9sruUnydOP2a2vrcWqEtVInY1B5vlKpmZCnPz%2BcPd0bT0whzRgmLxHnZ%2BQyIPUpWLoPm87ZW01g1HwmTB0UeTkyfjg%2FVJJAiXlPwxL2P304r0eGVrepLA%2FsffTMAmh2D0lcom9K9FUJqoaw%2BZVRlpqzW783ZoFQLYxCZRYOQ2XUJzOTq99PsHJaazcaLg26La%2FdpqIdNv1OFHicUr8Z%2BEFAG8jsJPJ%2F%2BP5vAAAA%2F%2F8BAAD%2F%2FxVuDcyUBAAA

172.240.108.76

200 OK

7 B

URL GET HTTP/1.1
layeravowportent.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuzgY8KMjK3kQY1AWFzaS7Z6Znxj0sxhgJxmTZVfQm1VXVkzLVXW1V9%2FQkp%2BCC7HHwpl463yQb1MUfV9EokwWRgJDxNAfzH3gS9iw9BkcfdL%2F36nsF3%2Fe9%2BvggvyA%2BcjpdfUvvSaXocqvu1l56z%2FNu1jZkkg9qg07wftC8WTP9V7pB3X259oZgO3rZdz3X9VyvtiaNiPRguQIh04ddr951602%2F7rWaGJj%2F9zZ3YKkD3r8gz0DyyeIj5xokGyOJv10VdifT6Y3X41zRTBv0%2BfE7yU6iiwTxvIyMgyg5vpyGtudrJ9DJ0YwudP%2FfwVBOiPPLCcLk%2BJIkwv7hjGeoIBKE%2FEkU%2FTGEGkPSMZi%2BB8nPCcA4NreQxA82tSno7j8ordAJWXz8F2QxIYt%2FXEMSf72i5KB2V6s8kzqxGEQl5GAM2RsjzU%2BR7S1AFqdg2UeQ%2FDey%2FHgDSXy4ZZWG5NMXQ94KBOu0lzo%2B50tN2u4shYI3l6Ko5THXZYHnd2cGSTmGjMZQYghqHeTVJx3kkYM8dRDzaY15ntd2OaNup8tYg7dFGHDXo%2B3Io54bdJCzSsMQWToEU0Mws4%2FU7GNHDmHyn2G3S1juwGYEfV6iEASFJSgoQSEJioyg6JdHXFnflg%2B4snnoXWb%2FMjfKkc56B%2FRIZz2REFAzhOHlQXpBrlYGOi88v4gdMa35zG0EruCNRuiGzXYj6LS6bsdjbdeLurTrwcoS0i7M5O7JCbn%2B4S2kckKe%2BvUqQnoKq07B5HXQ%2FDnQogTdLrGXfONxrbnNjKBxnekYXJdIs0Vku86BuiDPzra4%2BecJBDu7Nf20is%2FATInUlPhAPiLoqfujO7ogh3d0Ycl3W2kmY7lHqw3fzWgmrnz5ptgttOHrq3b4xausAqry4dvCZhs04TLpWfLViuRcmDVtmCA%2Frtt3RXg7t9sruUnydOP2a2vrcWqEtVInY1B5vlKpmZCnPz%2BcPd0bT0whzRgmLxHnZ%2BQyIPUpWLoPm87ZW01g1HwmTB0UeTkyfjg%2FVJJAiXlPwxL2P304r0eGVrepLA%2FsffTMAmh2D0lcom9K9FUJqoaw%2BZVRlpqzW783ZoFQLYxCZRYOQ2XUJzOTq99PsHJaazcaLg26La%2FdpqIdNv1OFHicUr8Z%2BEFAG8jsJPJ%2F%2BP5vAAAA%2F%2F8BAAD%2F%2FxVuDcyUBAAA
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerLet's Encrypt
Subjectlayeravowportent.com
FingerprintE9:CB:6F:5C:6E:50:B1:84:A2:34:39:5B:96:74:1D:84:D3:FA:2A:38
ValidityMon, 29 Apr 2024 08:07:58 GMT - Sun, 28 Jul 2024 08:07:57 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuzgY8KMjK3kQY1AWFzaS7Z6Znxj0sxhgJxmTZVfQm1VXVkzLVXW1V9%2FQkp%2BCC7HHwpl463yQb1MUfV9EokwWRgJDxNAfzH3gS9iw9BkcfdL%2F36nsF3%2Fe9%2BvggvyA%2BcjpdfUvvSaXocqvu1l56z%2FNu1jZkkg9qg07wftC8WTP9V7pB3X259oZgO3rZdz3X9VyvtiaNiPRguQIh04ddr951602%2F7rWaGJj%2F9zZ3YKkD3r8gz0DyyeIj5xokGyOJv10VdifT6Y3X41zRTBv0%2BfE7yU6iiwTxvIyMgyg5vpyGtudrJ9DJ0YwudP%2FfwVBOiPPLCcLk%2BJIkwv7hjGeoIBKE%2FEkU%2FTGEGkPSMZi%2BB8nPCcA4NreQxA82tSno7j8ordAJWXz8F2QxIYt%2FXEMSf72i5KB2V6s8kzqxGEQl5GAM2RsjzU%2BR7S1AFqdg2UeQ%2FDey%2FHgDSXy4ZZWG5NMXQ94KBOu0lzo%2B50tN2u4shYI3l6Ko5THXZYHnd2cGSTmGjMZQYghqHeTVJx3kkYM8dRDzaY15ntd2OaNup8tYg7dFGHDXo%2B3Io54bdJCzSsMQWToEU0Mws4%2FU7GNHDmHyn2G3S1juwGYEfV6iEASFJSgoQSEJioyg6JdHXFnflg%2B4snnoXWb%2FMjfKkc56B%2FRIZz2REFAzhOHlQXpBrlYGOi88v4gdMa35zG0EruCNRuiGzXYj6LS6bsdjbdeLurTrwcoS0i7M5O7JCbn%2B4S2kckKe%2BvUqQnoKq07B5HXQ%2FDnQogTdLrGXfONxrbnNjKBxnekYXJdIs0Vku86BuiDPzra4%2BecJBDu7Nf20is%2FATInUlPhAPiLoqfujO7ogh3d0Ycl3W2kmY7lHqw3fzWgmrnz5ptgttOHrq3b4xausAqry4dvCZhs04TLpWfLViuRcmDVtmCA%2Frtt3RXg7t9sruUnydOP2a2vrcWqEtVInY1B5vlKpmZCnPz%2BcPd0bT0whzRgmLxHnZ%2BQyIPUpWLoPm87ZW01g1HwmTB0UeTkyfjg%2FVJJAiXlPwxL2P304r0eGVrepLA%2FsffTMAmh2D0lcom9K9FUJqoaw%2BZVRlpqzW783ZoFQLYxCZRYOQ2XUJzOTq99PsHJaazcaLg26La%2FdpqIdNv1OFHicUr8Z%2BEFAG8jsJPJ%2F%2BP5vAAAA%2F%2F8BAAD%2F%2FxVuDcyUBAAA HTTP/1.1
Host: layeravowportent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Cookie: u_pl=19079684; uid_id2=bd56ec87-82dd-4a78-bed4-ff51c00c6129:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec2c0360ed33b0b4736859081c701f9a91=[5172670,5172671]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 01 May 2024 22:05:47 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a8e3e7cf9856f76a9230f6962bee668d
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.barscreative1.com/sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html

45.133.44.4

200 OK

12 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html
IP
45.133.44.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3
ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT

File type
gzip compressed data, from Unix
Size
12 kB (11503 bytes)
Hash
57c6c4e63b3a2f4209ceb6f88995970d
3b60e63f49d641ad5f76f98485ed86cbb3a08086
280dc58925de5288979ee441dfdbc86f1809d3011312ccc5340855de9d78cf00

HTTP Headers

GET /sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://d0000d.com
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:47 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Tue, 29 Mar 2022 08:27:42 GMT
etag: W/"6242c2fe-ba1"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 01 May 2024 23:05:47 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

iresandal.info/popunder.gif

188.114.96.1

200 OK

36 B

URL GET HTTP/3
iresandal.info/popunder.gif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectiresandal.info
FingerprintD9:9E:21:6F:70:F4:90:F2:B5:4A:CC:E5:AB:CD:07:D7:A8:09:59:3A
ValidityMon, 01 Apr 2024 07:01:50 GMT - Sun, 30 Jun 2024 07:01:49 GMT

File type
GIF image data, version 89a, 1 x 1
Size
36 B (36 bytes)
Hash
ad6a6cb23b0391c6652e018b9ac3bfc7
d38bd8446c3505f9b4797660388a8d6e8fd3d450
be4f754acf2dd33169add8976c1264f647470efdc993927040e23c4d310a835f

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: iresandal.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 22:05:46 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 93230
last-modified: Tue, 30 Apr 2024 20:11:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6mdTAJdx6pczo1NckCJElYBkBuraIZH5K6gUw8twrWFZeSmlVnSgirTcoEjb3hbE5ATtWj6BXixxEaVKFIBV%2Bk4oY3qDybeAKTy0%2BKG7TcF1Q8dhLH3PCKWrVr2TCBxWAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3132d7ffd1c0a-OSL
alt-svc: h3=":443"; ma=86400

cdn.cloudimagesb.com/si/05/df/df/05dfdf1479fcdecf5cb0e1650af9d701/1712888890.png

45.133.44.10

200 OK

70 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/05/df/df/05dfdf1479fcdecf5cb0e1650af9d701/1712888890.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
70 kB (70321 bytes)
Hash
20e13b789cc58d0f36883ae6c91f2ca7
0a2801895b47935784acb30402525622743c3597
fbfb120ee38444011a9b1ac38721af490f157798ef489450595395603bce8f78

HTTP Headers

GET /si/05/df/df/05dfdf1479fcdecf5cb0e1650af9d701/1712888890.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:47 GMT
content-type: image/png
content-length: 70321
server: nginx/1.21.6
last-modified: Fri, 12 Apr 2024 02:28:18 GMT
etag: "66189c42-112b1"
expires: Fri, 03 May 2024 22:05:47 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/style.css

172.67.141.24

200 OK

18 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/style.css
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
18 kB (17514 bytes)
Hash
630f303dfe147dec2c4a226287393b69
3e9f8270b84e09595181bd55de6785a89f53ba10
967d085a33a12064d83cb38f582c3e418e021a2d523dd9597bb75dc00589fec7

HTTP Headers

GET /sb/chat/mob/ssp/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://d0000d.com
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:47 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 08:25:04 GMT
etag: W/"62134c60-1209"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 103018
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9J9YS9jQQ9VQyKqyBaVt5qt0UUmCqyqsw6LThpNs%2FeA0EkykzumAjf2gScYzFLKeBNU5A6BQ2Mbq23mi2JokcdYb3stOsV2kunFnFrQRWYHsJSI6BvZQ7a3LyiLdPTEIHfRGswnrLmfg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d31331e848b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/

188.114.96.1

200 OK

48 kB

URL GET HTTP/2
pogothere.xyz/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectpogothere.xyz
Fingerprint34:D3:33:F8:49:E2:1E:3E:44:A8:5D:74:68:9C:B8:A0:D5:F8:DD:0B
ValidityWed, 27 Mar 2024 02:15:30 GMT - Tue, 25 Jun 2024 02:15:29 GMT

File type
ASCII text, with no line terminators
Size
48 kB (48034 bytes)
Hash
754d10042f9412fdf918cb54e7ac7de8
c3f3d1112e1ee8fe3e3c7f93f78c7463c1266d0c
db74b2f6b4fbc900f935826b130b9f5c6c1286ae1331c13048ff3294c8c6a204

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://d0000d.com/
Origin: https://d0000d.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:46 GMT
content-type: text/plain
set-cookie: csu=1834271694427139@1@1714601146; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://d0000d.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iO%2BFIo4ylvemeXiX7fUrcB9cCDFjtx6FjWyywe%2FnwLkf%2BZ0jYvZ%2BMgljxG9ZDgRopT1KQlV9fUAC8jGsqBCnlPrmsDQoaSD%2BRXDTZZEpuGj5%2BAocqO%2B0PdmLhE2KWSpA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d3132c0f617130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

layeravowportent.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuzgY8KMjK3kQY1AWFzaR7fo97WIwxEozJsqvoTepXT8pUd7VV3dOTnIILssfBm3rpfJNsUBd%2FXEWjTBZEAkLG0xzMf%2BBJ2LP0GBx90P3eq%2B8VfN%2F36uOD7ILUkNHp6ltmT2lNl5tVv%2FLSe0Fws7Kh4mxQGXRa77caNyu2%2F0q3VfVfrrwh%2BY5ZrvmB7wd%2BUFlTVoZmsFyCUMnDblDt%2BtVGrRo0GxjY%2F%2Fcu8%2BCoB9G%2FIM9AicniI%2B8aFB8jjr5dlW4nNcmN16NM09RY9MXxO%2FFObPIY0bwMrYcwPr6chnHnaycw8dGMLkz%2F30GmJsT75QQsPr4kCdY%2FnPFkGjIGE08i748h9RiKjsHNPShxTgAusLmFOHqwaWxOd%2F9BaYlOyOLjv6DyCVn84xri6OsVrQaVu0ZnqTKxwyAsoAZjqN4YSXaKdG8BKj8FTz%2BCEr%2BR5ccbiKPDLacNlJi%2ByESzJXmnvdSpCbHUoO3OEpOisRSGzYD7Pm8Fte7MIKXGUOEYWg5BnYes%2FJSHLPSQJR4iMa3wIAjavuDU73Q5r4u2ZC3hB7QdBjTwWx1kvNQwRJoMwfUQ3O4jsfvYUUPY7Ge47QJOeHApQV8UyCVB7ghySpArgjwlyPvFkdCu5ooHQruMBZe5dpnrxcikvQN6ZNKejAmoHcKK4iC5IFdLA70Xnl%2FEjpxWatyvt3wp6nXms0a73uo0u34n4G0%2FCLu0G8CpAsotzOTuqQm5%2FuEtJGpCnvr1Khg9hdOn4Oo6aPYcaF6AbhfYi78JhDHCpVbSqMpNBGEKJOki0l3vQF%2BQZ2db3PzzBJKf3Zp%2BWsZn4LZAYgt8oB4R9PT90R2Tk8M7Jnfku60kVZHao%2BWG76Y0lVe%2BfFPu5saK9VU3%2FOJVXgJl%2BfBt6dINGgsV9xz5akUJIe2asVySH9fdu5Ldztz2SmbjLNm4%2FdraepRY6Zwy8RhUna%2BUaibk6c8PZ0%2F3xhNTKDuGzQpE2Rm5DChzCp7swyVz9s4QWD2fYYmHPCtGtsbmh1oRaDnvKSvg%2FtOzeT2ytLxNVXHg7qNnF0DTe4ijAn1boK8LUD2Ey66M0sSe3fq9PgswvTBi2i4cMm31JzOTy99PcGpaqfuizWQo20w2mo1QcsGaTebzkLO66HQ4UjcJaz98%2FzcAAAD%2F%2FwEAAP%2F%2FlbrYJJQEAAA%3D

172.240.108.76

200 OK

7 B

URL GET HTTP/1.1
layeravowportent.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuzgY8KMjK3kQY1AWFzaR7fo97WIwxEozJsqvoTepXT8pUd7VV3dOTnIILssfBm3rpfJNsUBd%2FXEWjTBZEAkLG0xzMf%2BBJ2LP0GBx90P3eq%2B8VfN%2F36uOD7ILUkNHp6ltmT2lNl5tVv%2FLSe0Fws7Kh4mxQGXRa77caNyu2%2F0q3VfVfrrwh%2BY5ZrvmB7wd%2BUFlTVoZmsFyCUMnDblDt%2BtVGrRo0GxjY%2F%2Fcu8%2BCoB9G%2FIM9AicniI%2B8aFB8jjr5dlW4nNcmN16NM09RY9MXxO%2FFObPIY0bwMrYcwPr6chnHnaycw8dGMLkz%2F30GmJsT75QQsPr4kCdY%2FnPFkGjIGE08i748h9RiKjsHNPShxTgAusLmFOHqwaWxOd%2F9BaYlOyOLjv6DyCVn84xri6OsVrQaVu0ZnqTKxwyAsoAZjqN4YSXaKdG8BKj8FTz%2BCEr%2BR5ccbiKPDLacNlJi%2ByESzJXmnvdSpCbHUoO3OEpOisRSGzYD7Pm8Fte7MIKXGUOEYWg5BnYes%2FJSHLPSQJR4iMa3wIAjavuDU73Q5r4u2ZC3hB7QdBjTwWx1kvNQwRJoMwfUQ3O4jsfvYUUPY7Ge47QJOeHApQV8UyCVB7ghySpArgjwlyPvFkdCu5ooHQruMBZe5dpnrxcikvQN6ZNKejAmoHcKK4iC5IFdLA70Xnl%2FEjpxWatyvt3wp6nXms0a73uo0u34n4G0%2FCLu0G8CpAsotzOTuqQm5%2FuEtJGpCnvr1Khg9hdOn4Oo6aPYcaF6AbhfYi78JhDHCpVbSqMpNBGEKJOki0l3vQF%2BQZ2db3PzzBJKf3Zp%2BWsZn4LZAYgt8oB4R9PT90R2Tk8M7Jnfku60kVZHao%2BWG76Y0lVe%2BfFPu5saK9VU3%2FOJVXgJl%2BfBt6dINGgsV9xz5akUJIe2asVySH9fdu5Ldztz2SmbjLNm4%2FdraepRY6Zwy8RhUna%2BUaibk6c8PZ0%2F3xhNTKDuGzQpE2Rm5DChzCp7swyVz9s4QWD2fYYmHPCtGtsbmh1oRaDnvKSvg%2FtOzeT2ytLxNVXHg7qNnF0DTe4ijAn1boK8LUD2Ey66M0sSe3fq9PgswvTBi2i4cMm31JzOTy99PcGpaqfuizWQo20w2mo1QcsGaTebzkLO66HQ4UjcJaz98%2FzcAAAD%2F%2FwEAAP%2F%2FlbrYJJQEAAA%3D
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerLet's Encrypt
Subjectlayeravowportent.com
FingerprintE9:CB:6F:5C:6E:50:B1:84:A2:34:39:5B:96:74:1D:84:D3:FA:2A:38
ValidityMon, 29 Apr 2024 08:07:58 GMT - Sun, 28 Jul 2024 08:07:57 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuzgY8KMjK3kQY1AWFzaR7fo97WIwxEozJsqvoTepXT8pUd7VV3dOTnIILssfBm3rpfJNsUBd%2FXEWjTBZEAkLG0xzMf%2BBJ2LP0GBx90P3eq%2B8VfN%2F36uOD7ILUkNHp6ltmT2lNl5tVv%2FLSe0Fws7Kh4mxQGXRa77caNyu2%2F0q3VfVfrrwh%2BY5ZrvmB7wd%2BUFlTVoZmsFyCUMnDblDt%2BtVGrRo0GxjY%2F%2Fcu8%2BCoB9G%2FIM9AicniI%2B8aFB8jjr5dlW4nNcmN16NM09RY9MXxO%2FFObPIY0bwMrYcwPr6chnHnaycw8dGMLkz%2F30GmJsT75QQsPr4kCdY%2FnPFkGjIGE08i748h9RiKjsHNPShxTgAusLmFOHqwaWxOd%2F9BaYlOyOLjv6DyCVn84xri6OsVrQaVu0ZnqTKxwyAsoAZjqN4YSXaKdG8BKj8FTz%2BCEr%2BR5ccbiKPDLacNlJi%2ByESzJXmnvdSpCbHUoO3OEpOisRSGzYD7Pm8Fte7MIKXGUOEYWg5BnYes%2FJSHLPSQJR4iMa3wIAjavuDU73Q5r4u2ZC3hB7QdBjTwWx1kvNQwRJoMwfUQ3O4jsfvYUUPY7Ge47QJOeHApQV8UyCVB7ghySpArgjwlyPvFkdCu5ooHQruMBZe5dpnrxcikvQN6ZNKejAmoHcKK4iC5IFdLA70Xnl%2FEjpxWatyvt3wp6nXms0a73uo0u34n4G0%2FCLu0G8CpAsotzOTuqQm5%2FuEtJGpCnvr1Khg9hdOn4Oo6aPYcaF6AbhfYi78JhDHCpVbSqMpNBGEKJOki0l3vQF%2BQZ2db3PzzBJKf3Zp%2BWsZn4LZAYgt8oB4R9PT90R2Tk8M7Jnfku60kVZHao%2BWG76Y0lVe%2BfFPu5saK9VU3%2FOJVXgJl%2BfBt6dINGgsV9xz5akUJIe2asVySH9fdu5Ldztz2SmbjLNm4%2FdraepRY6Zwy8RhUna%2BUaibk6c8PZ0%2F3xhNTKDuGzQpE2Rm5DChzCp7swyVz9s4QWD2fYYmHPCtGtsbmh1oRaDnvKSvg%2FtOzeT2ytLxNVXHg7qNnF0DTe4ijAn1boK8LUD2Ey66M0sSe3fq9PgswvTBi2i4cMm31JzOTy99PcGpaqfuizWQo20w2mo1QcsGaTebzkLO66HQ4UjcJaz98%2FzcAAAD%2F%2FwEAAP%2F%2FlbrYJJQEAAA%3D HTTP/1.1
Host: layeravowportent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Cookie: u_pl=19079684; uid_id2=bd56ec87-82dd-4a78-bed4-ff51c00c6129:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec2c0360ed33b0b4736859081c701f9a91=[5172670,5172671]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 01 May 2024 22:05:47 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bdf26cca370aa5a36ea187fc8ecb551e
Strict-Transport-Security: max-age=0; includeSubdomains

layeravowportent.com/pixel/sbs?c=1

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
layeravowportent.com/pixel/sbs?c=1
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerLet's Encrypt
Subjectlayeravowportent.com
FingerprintE9:CB:6F:5C:6E:50:B1:84:A2:34:39:5B:96:74:1D:84:D3:FA:2A:38
ValidityMon, 29 Apr 2024 08:07:58 GMT - Sun, 28 Jul 2024 08:07:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: layeravowportent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Cookie: u_pl=19079684; uid_id2=bd56ec87-82dd-4a78-bed4-ff51c00c6129:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec2c0360ed33b0b4736859081c701f9a91=[5172670,5172671]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 01 May 2024 22:05:47 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js

172.67.141.24

200 OK

90 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
90 kB (89492 bytes)
Hash
561acb3e541133bbdd2c0c19f8ee35a1
ffd1353cf3f77d25f801c84d8208613eb0d3d548
9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc

HTTP Headers

GET /sb/chat/mob/ssp/1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 01 May 2024 22:05:47 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 08:25:09 GMT
etag: W/"62134c65-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 107291
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iWntGB2pLK%2B0j%2FdccfSOR9GjL8%2BSnOOxDVS3OIrfmOePMz4xigB2P1%2B7F1rMxhRdMaecl1x%2F7slwM4QxGzEmilxbsAjRrEzV5CrENchAL3atSZqwWswp8%2BDF6YFANMNvllxs0AXHBuPt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d313325e2c0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

i.doodcdn.co/get_slides/6004/7guq4qsv91zg8cma.jpg

104.26.6.74

200 OK

3.2 kB

URL GET HTTP/3
i.doodcdn.co/get_slides/6004/7guq4qsv91zg8cma.jpg
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3268), with no line terminators
Size
3.2 kB (3158 bytes)
Hash
be0d5e9ac0ab177552fb6a2eee80a715
e1c38bd925853b4d522467d85718ac85d395c397
7cf6a612edfb8847bdad05b2e105744c554cdec3a58ba84e4939a06bd5347664

HTTP Headers

GET /get_slides/6004/7guq4qsv91zg8cma.jpg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://d0000d.com
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 01 May 2024 22:05:45 GMT
content-type: text/vtt
access-control-allow-origin: *
last-modified: Wed, 01 May 2024 04:56:09 GMT
cache-control: max-age=86400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yGxzT3b67SceqjNUC8m0qp0l2OKCMjuY4o08jBPBZwxJrNubRougrSKBsRnElLKheuyRm6Zx7bTIcXGZ62nXFjiyaGgwaOQn9GSpiwa%2Bx01MRr3gjov8IUoAtvskjg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d313285cd80b65-OSL
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/chat/mob/ssp/1/img/close.png

172.67.141.24

200 OK

6.0 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/chat/mob/ssp/1/img/close.png
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced
Size
6.0 kB (5982 bytes)
Hash
c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd

HTTP Headers

GET /sb/chat/mob/ssp/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 01 May 2024 22:05:47 GMT
content-type: image/png
content-length: 5982
last-modified: Mon, 21 Feb 2022 08:25:06 GMT
etag: "62134c62-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 98843
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T13qRYJgRpMY8Cq7Ai1DLbquD4L9oIDG1eOErquHQA7AuNiCbaA3SRNsUjS0QPiSuVkJT6mIoagLwg6vKyxZEj1yGS2qTjHgzCHGsAzvET8Ybv28s54IUgH1sWbiEbHIQ%2Fk9iLXQHJ%2BB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d313325e2b0b41-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33
ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://d0000d.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Apr 2024 00:31:40 GMT
expires: Wed, 30 Apr 2025 00:31:40 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 164047
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

d0000d.com/pass_md5/96653365-91-90-1714601144-b6403d51ae4549e910557272c20aca5e/ljt15j7rcf6fzg6ooz3awqnx

104.26.6.137

200 OK

108 B

URL GET HTTP/2
d0000d.com/pass_md5/96653365-91-90-1714601144-b6403d51ae4549e910557272c20aca5e/ljt15j7rcf6fzg6ooz3awqnx
IP
104.26.6.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerLet's Encrypt
Subjectd0000d.com
FingerprintBD:90:21:00:88:3D:C8:E3:51:87:A1:6E:F2:99:0D:FC:98:3D:87:37
ValidityMon, 01 Apr 2024 12:55:14 GMT - Sun, 30 Jun 2024 12:55:13 GMT

File type
ASCII text, with no line terminators
Size
108 B (108 bytes)
Hash
c8c0d133a6729158505579e31863342c
73f94fdb2068bd61cba6f3801e1bcec5b03299d2
c3b35a35f2ad01e7379c4e2fcf8e2410b0e31516c9a588a9b5450e4345b1bcc0

HTTP Headers

GET /pass_md5/96653365-91-90-1714601144-b6403d51ae4549e910557272c20aca5e/ljt15j7rcf6fzg6ooz3awqnx HTTP/1.1
Host: d0000d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Cookie: lang=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GV%2Beuv5OoAZCm8vZ5WEmZCee2uGnPE9LvvhD6r9ZovqFbjIqpXV2XLQ4z4goejUOHsLStI6r4HjqXqWE6Bm7PHblWzkLXU7ls9%2BOHmVx2GukiaGN8v5rNsd1%2F5Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d313281f0c0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33
ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://d0000d.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 06:02:10 GMT
expires: Sat, 26 Apr 2025 06:02:10 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 489817
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

188.114.96.1

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectpogothere.xyz
Fingerprint34:D3:33:F8:49:E2:1E:3E:44:A8:5D:74:68:9C:B8:A0:D5:F8:DD:0B
ValidityWed, 27 Mar 2024 02:15:30 GMT - Tue, 25 Jun 2024 02:15:29 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://d0000d.com/
Origin: https://d0000d.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:46 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://d0000d.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 6428
last-modified: Wed, 01 May 2024 20:18:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q7ui5Yqv5LWZVUhy6xLHlkV%2BDUKzz2wS2yzqFRa7CV4qQ23s1UPXDjBBiaCypvXghKPFKJQ8psHgjY5AW6iH7q0OCEqvpi869wd520q8kUrqWNaqte2BO1u5t2ewQjbx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3132c0f5f7130-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.doodcdn.co/css/embed.css

104.26.6.74

200 OK

80 kB

URL GET HTTP/2
i.doodcdn.co/css/embed.css
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
80 kB (79720 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /css/embed.css HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:45 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2592000, no-transform
cf-bgj: minify
cf-polished: origSize=79890
etag: W/"61d3187c-13812"
expires: Thu, 30 May 2024 16:19:22 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 20885
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VWEFnfy%2F82xkjDWW3uHCWRrRWHLJpRaaZum6L0ovVdCHjhsryDyWn7pNwZ%2FweIlkZPYqiSaX4I%2F6vSX39h7bVclc%2BtSiv58LKsg0LAGrdOFyDicgxfyzxEtwZFW5BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d313250d485685-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.doodcdn.co/theme_2/img/loader.svg

104.26.6.74

200 OK

694 B

URL GET HTTP/3
i.doodcdn.co/theme_2/img/loader.svg
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (750), with no line terminators
Size
694 B (694 bytes)
Hash
e0c38124a46835a055de826afbf33d9b
255567da0faa3de6c4bcef1780e9990ba7c9c0ff
e186e235e7552b286f217c94c747abdd5a8df8279c2334a61202817f937ea960

HTTP Headers

GET /theme_2/img/loader.svg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://i.doodcdn.co/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 01 May 2024 22:05:45 GMT
content-type: image/svg+xml
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: max-age=2592000
expires: Thu, 30 May 2024 17:27:20 GMT
access-control-allow-origin: *
cf-cache-status: HIT
age: 16720
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v6L01StRQ1fZlqtWWZiH%2BNCkTTk1dwhBjvpP5ifVkQ3JUAYKm1xBwYcOWr3Gu6E76byh7a%2Bp72anqkubqOnnbEMFVzUWQGEP6Dv8OgX%2FeKOjyWnNZuAGrf5ztA3MCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d313294bee1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

downstairsnegotiatebarren.com/sfp.js

104.21.35.227

200 OK

86 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
104.21.35.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44
ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:46 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: c325099f325a0fa9ecb653cf564450fb
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 01 May 2024 22:05:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FTkA5SCRp1lSRdNlRFAGGwTuAIUICuPwirXpZsDeEaD3jlYiyHz28SDlhncMH5H0Zdboepk8wHo5V1dxwUfl6BhSBUnngZ%2BzWPYUSyFvFMXBEe3ZWozquFFWWVKcy1CZywvkQBY4rQMv34ax%2FIYVPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3132aeda3b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=bd56ec87-82dd-4a78-bed4-ff51c00c6129&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=2c0360ed33b0b4736859081c701f9a91&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22

192.243.59.12

200 OK

0 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=bd56ec87-82dd-4a78-bed4-ff51c00c6129&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=2c0360ed33b0b4736859081c701f9a91&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=bd56ec87-82dd-4a78-bed4-ff51c00c6129&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=2c0360ed33b0b4736859081c701f9a91&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 01 May 2024 22:05:47 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f225e4335db9dc8d01c9e621b43f51d0
Strict-Transport-Security: max-age=0; includeSubdomains

h74v6kerf.com/get/1999414?zoneid=1999414&jp=_cl7r4mlfnxiltv0p8jt5v2&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4053017774608896&eclog=0&im=1&uf=0

212.117.190.201

200 OK

2.8 kB

URL GET HTTP/2
h74v6kerf.com/get/1999414?zoneid=1999414&jp=_cl7r4mlfnxiltv0p8jt5v2&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4053017774608896&eclog=0&im=1&uf=0
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerBuypass AS-983163327
Subject
FingerprintB4:04:86:B7:6C:34:2D:3F:F3:83:58:A9:89:DF:83:A8:14:64:40:5D
ValidityTue, 09 Jan 2024 12:43:03 GMT - Sat, 06 Jul 2024 21:59:00 GMT

File type
ASCII text, with very long lines (3098), with no line terminators
Size
2.8 kB (2762 bytes)
Hash
d886854d712a17803f5d32a5e781b6e7
39d69cc4f80ec85d6f58049115edbbf7ca733986
8090313ef2f3884cd1c3d367f71a6d50628e21b5d0d175565753401a1b5a86da

HTTP Headers

GET /get/1999414?zoneid=1999414&jp=_cl7r4mlfnxiltv0p8jt5v2&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4053017774608896&eclog=0&im=1&uf=0 HTTP/1.1
Host: h74v6kerf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 01 May 2024 22:05:45 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2405011705700573bc8bb84d1ba79d434f39; Path=/; Expires=Wed, 04 Jun 2025 22:05:45 GMT; Secure; SameSite=None
CHCK=1; Path=/; Expires=Wed, 04 Jun 2025 22:05:45 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzP0gp7rzyhxxE386p9oz4peZILPukBd0vWk8Vom4XkDtv7Ef8keUb6H6SGEcObSaQrFuicGQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1308802085%3A1714601146396901&theme=mn&ddm=0

74.125.131.84

403 Forbidden

0 B

URL GET HTTP/2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzP0gp7rzyhxxE386p9oz4peZILPukBd0vWk8Vom4XkDtv7Ef8keUb6H6SGEcObSaQrFuicGQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1308802085%3A1714601146396901&theme=mn&ddm=0
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzP0gp7rzyhxxE386p9oz4peZILPukBd0vWk8Vom4XkDtv7Ef8keUb6H6SGEcObSaQrFuicGQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1308802085%3A1714601146396901&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://d0000d.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 May 2024 22:05:46 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-HI1KyXjZi55hCppgtMHS1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/animate.css

172.67.141.24

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/animate.css
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
79 kB (79313 bytes)
Hash
fc638645a938f69e69360c75335ffd1a
143132fb8361c3ad0acf88cb70bf0b07c0ecc2d4
7ef76aab275d0221c68602d18f81b4285b280756f0f71d535ed8b5b889bc2f90

HTTP Headers

GET /sb/chat/mob/ssp/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://d0000d.com
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:47 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 08:25:04 GMT
etag: W/"62134c60-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 93018
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sWtyst5UiZJgQHz4JzHHXYbn81JIFUQ5i1ZK5v3bZ03O8te3zskoCaOrNOzIsvqrQKMm2H%2B2AK0xHb6Zem3hSOBWO22VZxb2oz4VRXH%2BGzCVFRhmFZ5aOWNs4Plq0sko79tIbpy1Ft2c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d31331e84cb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/script.js

172.67.141.24

200 OK

382 B

URL GET HTTP/3
cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/script.js
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (411), with no line terminators
Size
382 B (382 bytes)
Hash
9ffae600059bf4e6adb35ebb274ae385
6130e466c04551baa2a5d650e6bd5a87daba73a7
a7d15e051fb3d3c31494683306bb7752478354894825b110d26d333cbeaaeb39

HTTP Headers

GET /sb/chat/mob/ssp/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://d0000d.com
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 01 May 2024 22:05:47 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 08:25:08 GMT
etag: W/"62134c64-17e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 92974
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GLqE3%2BLg325DZfdEBGaSVB6EJF5nSYUC56I7SUHdstHeU1MhDDIXa4seNd%2B6vtJrvXn876FWd%2F%2BqcEJtSb85ypApT5MOsFA6vGlZTRcH3Mei9nEF8JM62q3igtRoCpRtzR5ZaBbRE%2FN9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d31332ae590b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxT5IDBTxY3XODH0roYp0hbck94hMzIn4G3xhRji2y5JxrF5SbEx2MuU8F24Lo3R4VMspM5fg&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1744744950%3A1714601146385322&theme=mn&ddm=0

74.125.131.84

403 Forbidden

0 B

URL GET HTTP/2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxT5IDBTxY3XODH0roYp0hbck94hMzIn4G3xhRji2y5JxrF5SbEx2MuU8F24Lo3R4VMspM5fg&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1744744950%3A1714601146385322&theme=mn&ddm=0
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxT5IDBTxY3XODH0roYp0hbck94hMzIn4G3xhRji2y5JxrF5SbEx2MuU8F24Lo3R4VMspM5fg&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1744744950%3A1714601146385322&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://d0000d.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 May 2024 22:05:46 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-S-P4JBK7lo4pGvzZvRDKuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/videojs-hotkeys/0.2.28/videojs.hotkeys.min.js

104.17.25.14

200 OK

4.6 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/videojs-hotkeys/0.2.28/videojs.hotkeys.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (4667), with no line terminators
Size
4.6 kB (4580 bytes)
Hash
e399faf84e0dbbe853b9975d63c4b766
f74c437be50d68a49654d89bfd4f1634cee2e0d4
1d6ffaedf10af97364100f8ed817c84135a8d5f5273d9e2e03c19bc3311d0398

HTTP Headers

GET /ajax/libs/videojs-hotkeys/0.2.28/videojs.hotkeys.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 22:05:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 1571
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "630ad3e5-623"
last-modified: Sun, 28 Aug 2022 02:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 5810
expires: Mon, 21 Apr 2025 22:05:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EIpe07CM125M%2Fo07cvaWEwYNGjSw%2FdotON3%2FAkR%2FSpNMtsGnltnTaSfPItsoa32Cy69SH7NK4FCAT2OjxB36ZWYWGtWytFYSys%2F%2BsRZcDOoBPEpRQKH9c3evcNBCvJtKFSoZ6TI5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87d313250d09569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

h74v6kerf.com/t/9/fret/meow4/1999414/cbf0f5d9.js

212.117.190.201

200 OK

106 kB

URL GET HTTP/2
h74v6kerf.com/t/9/fret/meow4/1999414/cbf0f5d9.js
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerBuypass AS-983163327
Subject
FingerprintB4:04:86:B7:6C:34:2D:3F:F3:83:58:A9:89:DF:83:A8:14:64:40:5D
ValidityTue, 09 Jan 2024 12:43:03 GMT - Sat, 06 Jul 2024 21:59:00 GMT

File type
JavaScript source, ASCII text, with very long lines (65106)
Size
106 kB (106460 bytes)
Hash
dfbffc38bcd09966650b2735d57a25fe
c67171dc358af78c02fa59832875c3b70104ebaa
aabf5c8f7e0bbf0cf1851bbaaaaed113852e2e3e1a677cf166428ceed6e8e034

HTTP Headers

GET /t/9/fret/meow4/1999414/cbf0f5d9.js HTTP/1.1
Host: h74v6kerf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0000d.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 01 May 2024 22:05:45 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 17:06:20 GMT
vary: Accept-Encoding
etag: W/"662a8d8c-1a022"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

7.0 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://d0000d.com/e/usqr5czs2fzd?c_poster=https://i.ibb.co/4YVmY5V/cover-player.jpg
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
ASCII text, with very long lines (7193), with no line terminators
Size
7.0 kB (7004 bytes)
Hash
16b49a99486594c0b42d9bd7821deb2c
2fb46e5e86d6b37d4497cc04bfd89b3cb33a276a
3f3540952441e06ef81189cf63d46bac242804e386779dbb0cdd78ed10025c21

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 01 May 2024 22:05:47 GMT
date: Wed, 01 May 2024 22:05:47 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL