Report - tv1337.buzz/hola.php?id=3/121

Report Overview

Submitted URL
tv1337.buzz/hola.php?id=3/121
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-04 20:38:28
Access
public
Website Title
3rd
Final URL
tv1337.buzz/hola.php?id=3/121
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.tv1337.buzz	unknown	unknown	No data	No data	1.7 kB	55 kB	104.21.95.101
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-04	338 B	942 B	3.164.222.26
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-03	463 B	744 B	139.45.195.8
swarm.video	126884	2018-11-05	2017-10-22	2024-04-27	410 B	161 kB	172.67.153.113
pl16725813.highcpmgate.com	unknown	unknown	No data	No data	447 B	85 kB	192.243.61.225
lol-foot.ru	unknown	unknown	No data	No data	505 B	69 kB	104.21.51.134
unanimousconsider.net	unknown	unknown	No data	No data	1.9 kB	236 kB	172.67.215.3
obediencechainednoun.com	unknown	2024-04-29	2024-04-30	2024-05-03	490 B	467 B	172.240.108.68
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-04	522 B	24 kB	216.58.207.227
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-05-03	416 B	329 B	192.243.59.20
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-04	440 B	2.1 kB	142.250.74.106
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-05-04	435 B	526 kB	151.101.1.229
awistats.com	unknown	2023-08-04	2023-08-06	2024-02-25	407 B	2.1 kB	188.114.96.1
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-03	431 B	422 B	52.29.105.35
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-03	410 B	29 kB	188.114.97.1
mordoops.com	unknown	2023-01-04	2023-01-04	2024-04-12	836 B	33 kB	139.45.197.244
tv1337.buzz	unknown	unknown	No data	No data	917 B	8.8 kB	188.114.97.1
jnhjpdayvpzj.com	unknown	unknown	No data	No data	428 B	64 kB	188.114.96.1
youradexchange.com	273384	2012-11-09	2013-02-04	2024-05-03	807 B	1.7 kB	104.21.91.188

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	swarm.video/j79z9kzty.js?v=1.1	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	obediencechainednoun.com	Sinkholed
2024-05-04	medium	highcpmgate.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (22)

	URL	Size	First Seen	Last Seen
	www.tv1337.buzz/go/3/121	66 kB	2024-04-23	2024-05-04
Pretty URL www.tv1337.buzz/go/3/121 IP 104.21.95.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-23 22:26:52 Last Seen2024-05-04 22:38:35 Times Seen5 Hash 4ed6f79bbaf76054bcdee8db2bfbe364 c9beadc899a03692e88ce5094bc76f3cbf2d3b1e 160835ccf7532b295ca779a2f2b8bcd938c73a52cb6463d9b06cc8c94081d8a2 Loading...

	unanimousconsider.net/embed/a7hfuuu11vri	44 B	2023-03-07	2024-05-18
Pretty URL unanimousconsider.net/embed/a7hfuuu11vri IP 172.67.215.3 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14:45 Last Seen2024-05-18 06:47:13 Times Seen83 Hash 8fb6e79a44a0c72402372ac295ca331a 3375b6cba22e95d2035a9eac246b4889b55a8ee9 e6dce9d47c5ff7badf344ff43d4394d35dc909cb3689651d044f388f28f7f96d Loading...

	cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js	525 kB	2023-03-07	2024-05-18
Pretty URL cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js IP 151.101.1.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:45 Last Seen2024-05-18 06:47:14 Times Seen629 Hash f55c6c796275a41ce7d97bd160e648ff 936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89 db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c Loading...

	unanimousconsider.net/embed/a7hfuuu11vri	1.7 kB	2024-05-04	2024-05-04
Pretty URL unanimousconsider.net/embed/a7hfuuu11vri IP 172.67.215.3 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 22:38:35 Last Seen2024-05-04 22:38:35 Times Seen1 Hash 4edcf76db184b1fc2297f8ccf94231cf 1fd03f2cfb8bc3a43585ce0dd3b4a2bc64062765 860add1239f6718473b89cdeeec3452fa8715008fc532205d8e03ccc32eed9c6 Loading...

	unanimousconsider.net/embed/a7hfuuu11vri	162 kB	2024-05-04	2024-05-04
Pretty URL unanimousconsider.net/embed/a7hfuuu11vri IP 172.67.215.3 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 22:38:35 Last Seen2024-05-04 22:38:35 Times Seen1 Hash 32183f0c58d5ae70701c44fcf6fa31ac c315bf84be9b0b09fd01715ff2d28a59aa69ba11 fe337234fdd63a9703b0a5eab51b2c70ab4c719096e0fbd06a02f775ab6a4bd5 Loading...

	capaciousdrewreligion.com/advertisers.js	0 B	2023-03-07	2024-05-18
Pretty URL capaciousdrewreligion.com/advertisers.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 12:59:56 Times Seen37785460 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unanimousconsider.net/embed/a7hfuuu11vri	230 B	2024-03-03	2024-05-18
Pretty URL unanimousconsider.net/embed/a7hfuuu11vri IP 172.67.215.3 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-03 21:21:56 Last Seen2024-05-18 06:47:13 Times Seen14 Hash 0e8c07adb622621fa0f09640cc1d2c93 35eedadc67026f4975b05556c134957b1e05aa67 624ba8f88c519c651b41d70f82e0cc16088ac3820dccfcd7f4a68aa101133ec6 Loading...

	pl16725813.highcpmgate.com/b7/75/68/b775685b834710599fa3b4d2786defa4.js	84 kB	2024-05-04	2024-05-04
Pretty URL pl16725813.highcpmgate.com/b7/75/68/b775685b834710599fa3b4d2786defa4.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 22:38:35 Last Seen2024-05-04 22:38:36 Times Seen2 Hash 1c562b72b74354cb4a4f26a54fed2fc4 9f9ff3b6d019722e9a53c4dca2106b1b57919081 62c18b5c36ac36f695aa5ade300b1e647c2a6943d22f31aaeaaae736a4605b5f Loading...

	www.tv1337.buzz/go/3/121	444 B	2024-04-23	2024-05-04
Pretty URL www.tv1337.buzz/go/3/121 IP 104.21.95.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-23 22:26:52 Last Seen2024-05-04 22:38:35 Times Seen5 Hash ed83280eaadd0079dcbc3577cb62de73 d6d759a750634e661835693388b6f889559dbd3b a51dcf88a71859bebbdf64e17fc05fd6baf283399ff268e7cecad81f7fed7a75 Loading...

	www.tv1337.buzz/go/3/121	424 B	2023-03-07	2024-05-10
Pretty URL www.tv1337.buzz/go/3/121 IP 104.21.95.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 15:57:16 Last Seen2024-05-10 09:56:16 Times Seen34 Hash b19aa03c9880f5ba3122a71f32058204 ce956ad843b1a7c7fd0b6bc686d460bc9867ebb4 83a6b284bde5a92531e56f1202980cc3c3b979670e466fd4c5672c6cb368fb60 Loading...

	mordoops.com/tag.min.js	90 kB	2024-05-04	2024-05-05
Pretty URL mordoops.com/tag.min.js IP 139.45.197.244 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 21:07:10 Last Seen2024-05-05 19:39:23 Times Seen57 Hash ae155af4fc0005bd4faab65e5c1cca00 4da21aabdd22446a02c50bded5c52d74ffa102d8 0c8f928eeb6c914b37b422cc7205f36aff66c2db7522e4ee20ec887606f4dc1c Loading...

	unanimousconsider.net/embed/a7hfuuu11vri	293 B	2024-05-04	2024-05-04
Pretty URL unanimousconsider.net/embed/a7hfuuu11vri IP 172.67.215.3 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 22:38:35 Last Seen2024-05-04 22:38:35 Times Seen1 Hash 938269b6fccbf5c3d50403b20d448999 fd9494909b6b13cae096ae81546bb6f49f92358c b6d6f6e79ff3eb72b858aaff0de584e0137f5dd8668f349bd38718e61bb89d69 Loading...

	unanimousconsider.net/deb.js	26 kB	2023-03-14	2024-05-18
Pretty URL unanimousconsider.net/deb.js IP 172.67.215.3 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 08:08:52 Last Seen2024-05-18 06:47:14 Times Seen106 Hash 4854629b2f59efbee5662790a405fa68 961af168c9029a8a3765356bd37631fa3941ccb2 00f55721ec6181d9c16cc365dfe2ca9aab2fb8008ffe22ded892085019fd33b5 Loading...

	unknown	34 B	2023-04-11	2024-05-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:16:40 Last Seen2024-05-18 12:18:42 Times Seen77515 Hash 572cb94037fffc2a0a53b465972e15f1 0d679b041a7c1ca45cc99e2d229fc2b86762838d 6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35 Loading...

	unanimousconsider.net/js/jquery.min.js	87 kB	2023-03-07	2024-05-18
Pretty URL unanimousconsider.net/js/jquery.min.js IP 172.67.215.3 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-18 12:55:45 Times Seen67770 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	unanimousconsider.net/embed/a7hfuuu11vri	1.6 kB	2024-05-04	2024-05-04
Pretty URL unanimousconsider.net/embed/a7hfuuu11vri IP 172.67.215.3 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 22:38:35 Last Seen2024-05-04 22:38:35 Times Seen1 Hash 83e6f86e18117337a1a51192473695a2 70402dcc761e50df007578895780829791917b86 b5128452d2634f233122e96527c1933851938163f64ff1c130843c2dd6624a6f Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	unanimousconsider.net/embed/a7hfuuu11vri	3.8 kB	2024-05-04	2024-05-04
Pretty URL unanimousconsider.net/embed/a7hfuuu11vri IP 172.67.215.3 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 22:38:35 Last Seen2024-05-04 22:38:35 Times Seen1 Hash c654b01ca01f72b693af99191ca49633 741275174a70ac5552fe10b54fe19a2309d03b1f 7ea58f53c1726f8d2203eaa781c3a311e76ec1912664aba2b038644d786bb17f Loading...

	unanimousconsider.net/embed/a7hfuuu11vri	160 B	2023-08-26	2024-05-18
Pretty URL unanimousconsider.net/embed/a7hfuuu11vri IP 172.67.215.3 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-26 23:38:43 Last Seen2024-05-18 06:47:13 Times Seen50 Hash 5a8804e294acad6c8bd29a7945808ddb 90ffa7ba6d41e154ce325aab134f732e62bed676 98f7e3a041cce30a75f5b01cbf7c1128760da4d9db44e8e2ed148a2154aa3bf8 Loading...

	swarm.video/j79z9kzty.js?v=1.1	544 kB	2023-03-14	2024-05-18
Pretty URL swarm.video/j79z9kzty.js?v=1.1 IP 172.67.153.113 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 06:05:11 Last Seen2024-05-18 06:47:13 Times Seen86 Hash 5bb4a2cc385c78f8f136804a7f9c099d 446deffaa8960d13ef52d28f9e27ade237b6e7b1 7c260f5e1dcb04331e9fb5ea2c0a5b82552133dd170d219384ec76afb1ec9b3d Loading...

		Size	First Seen	Last Seen
	#1 Eval - f8883cc22606b43b5e993c890871220a	1.4 kB	2024-05-04	2024-05-04
Pretty Observations First Seen2024-05-04 22:38:35 Last Seen2024-05-04 22:38:36 Times Seen1 Hash f8883cc22606b43b5e993c890871220a 8549ce0318d15ae518c1dbddc1fe4b9dd5722758 adddd3a473ab5e99c42ec98d6663ff848ce043f8c68c8cc21750f21d48e1d610 Loading...

	#2 Eval - e19ff1a8019bb3d115740fa93c4af6c7	6.0 kB	2024-05-04	2024-05-04
Pretty Observations First Seen2024-05-04 22:38:36 Last Seen2024-05-04 22:38:36 Times Seen1 Hash e19ff1a8019bb3d115740fa93c4af6c7 280550e6e687811235251156e105f46c37ebce56 0422557c023e4fa3642612d777210274584f28835116a931bd8c6d05822f3648 Loading...

HTTP Transactions (27)

URL IP Response Size

www.tv1337.buzz/go/3/121

104.21.95.101

200 OK

52 kB

URL GET HTTP/2
www.tv1337.buzz/go/3/121
IP
104.21.95.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tv1337.buzz/hola.php?id=3/121
Certificate
IssuerGoogle Trust Services LLC
Subjecttv1337.buzz
Fingerprint9D:4A:18:EB:19:04:19:E0:A9:01:28:87:BD:73:A6:1D:63:4C:E5:78
ValidityMon, 29 Apr 2024 00:24:21 GMT - Sun, 28 Jul 2024 00:24:20 GMT

File type
HTML document, ASCII text, with very long lines (65047), with CRLF line terminators
Size
52 kB (52342 bytes)
Hash
54d143eb4601cc83658067046992adfc
2064aa28340073e3cd08bf11b175fda9416051d9
05fc49cb5d65e959204f18e7c00f071ca372cf6eb72069d8b44c8a013e2a1476

HTTP Headers

GET /go/3/121 HTTP/1.1
Host: www.tv1337.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tv1337.buzz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 20:38:02 GMT
content-type: text/html; charset=UTF-8
x-proxy-cache: HIT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Psp%2BsmnqUCCSojSPx%2FWyeConoDTIE83HELDivvVF3%2B200g7JYvpoHG%2B1RSpSLuldlnHjyn9pYWr2eHJkZHYCmzIFDkK8ESZUA4avF7BgHBICgg8hd61Sn4947gGbDDDmvkU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb4aca7e33712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

3.164.222.26

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
3.164.222.26:0
ASN
#0

File type
data
Size
471 B (471 bytes)
Hash
691c3f87e4fe41a736328d3c71e2dbdc
fd76f455b38ba18f00a6fb81e3585201eb3c43f6
8ac709de568d48e4c9e64b75afa6cd3fed58e2cf0c21e823af01ab342e6794b9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 20:38:03 GMT
Last-Modified: Sat, 04 May 2024 20:12:35 GMT
Server: ECAcc (ska/F6A0)
X-Cache: Miss from cloudfront
Via: 1.1 5d44e22fe93ef8713c49e65bc8443112.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN53-P1
X-Amz-Cf-Id: xMDhGszL5EVK8pOVx8LWu5E4zOLPOeFbfM5MWGbPw4CaTNIAq_3KQg==
Age: 1528

www.tv1337.buzz/go/3/121

104.21.95.101

200 OK

0 B

URL GET HTTP/2
www.tv1337.buzz/go/3/121
IP
104.21.95.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tv1337.buzz/hola.php?id=3/121
Certificate
IssuerGoogle Trust Services LLC
Subjecttv1337.buzz
Fingerprint9D:4A:18:EB:19:04:19:E0:A9:01:28:87:BD:73:A6:1D:63:4C:E5:78
ValidityMon, 29 Apr 2024 00:24:21 GMT - Sun, 28 Jul 2024 00:24:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /go/3/121 HTTP/1.1
Host: www.tv1337.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tv1337.buzz/go/3/121
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 20:38:03 GMT
content-type: text/html; charset=UTF-8
x-proxy-cache: HIT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ltLEBk%2BVUWS18Hq2Pesg21gR%2F9vSegGUwVQPvIcu8lrjPaGoFYclfsOggg0Uk4XoD0Ytx62Ao%2B2h9mtcyu22EMvUcyLDH2uBrZVwLXGf8fo85DG4DUpzRe6VQzHs8te8C7k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb4ad0f8d95684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://www.tv1337.buzz/go/3/121
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
52f5093c8b2cb183717fd6f191014204
94c1f4f14aa5b830789ec0475b7d049358b0d79e
7e759a4cb62b7c7ee99c26cd043af70a2ca5e83d33c122dda423b5a020fdb923

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.tv1337.buzz
DNT: 1
Connection: keep-alive
Referer: https://www.tv1337.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 20:38:03 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.tv1337.buzz
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=80732e07-458d-4043-a700-f90f6a1a8830:2:1; expires=Tue, 02 May 2034 20:38:03 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

downstairsnegotiatebarren.com/sfp.js

188.114.97.1

200 OK

28 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.tv1337.buzz/go/3/121
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27964 bytes)
Hash
f4a2f8f9f99541c6f105bbd0a025bd40
1f8e3eff12168fdd9e719adfc098d24a45b6916a
b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tv1337.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 20:38:03 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 2fd6791df12c48874848cd7acbbd634c
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 20:38:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XskltNgB5n42ZtYuEZuDQGunwYSrtY%2FBZhLQbIPOyZnzCisiwUbcuNH3CspVP27Z%2FoR6f4aYOMdiKnmae2kNTab42bhzzLaj%2Bowdr48ZCjaUpoCLx%2BAMG0x8kkO7l1q2Fz2xJqU5wR5qM43UIyPVzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87eb4ad09b640b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mordoops.com/tag.min.js

139.45.197.244

200 OK

28 kB

URL GET HTTP/2
mordoops.com/tag.min.js
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://www.tv1337.buzz/go/3/121
Certificate
IssuerLet's Encrypt
Subjectmordoops.com
Fingerprint0B:32:D8:40:AB:56:05:9B:BD:33:D8:55:19:05:B0:A5:45:79:BA:1D
ValiditySun, 28 Apr 2024 05:23:29 GMT - Sat, 27 Jul 2024 05:23:28 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
28 kB (28334 bytes)
Hash
ae155af4fc0005bd4faab65e5c1cca00
4da21aabdd22446a02c50bded5c52d74ffa102d8
0c8f928eeb6c914b37b422cc7205f36aff66c2db7522e4ee20ec887606f4dc1c

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tv1337.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 20:38:03 GMT
content-type: text/javascript; charset=utf-8
content-length: 28334
content-encoding: br
x-trace-id: 10a8b0194d6e1e270fed0a538d0ccb8f
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Sat, 04 May 2024 16:53:32 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

unanimousconsider.net/js/jquery.min.js

172.67.215.3

200 OK

32 kB

URL GET HTTP/3
unanimousconsider.net/js/jquery.min.js
IP
172.67.215.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://unanimousconsider.net/embed/a7hfuuu11vri
Certificate
IssuerGoogle Trust Services LLC
Subjectunanimousconsider.net
FingerprintE6:BD:E7:18:29:F8:D9:53:13:32:FC:C2:6D:03:CC:2A:3F:49:52:BB
ValidityWed, 03 Apr 2024 15:23:09 GMT - Tue, 02 Jul 2024 15:23:08 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
32 kB (31760 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: unanimousconsider.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://unanimousconsider.net/embed/a7hfuuu11vri
Cookie: hf1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 20:38:04 GMT
content-type: application/javascript
last-modified: Mon, 09 Nov 2020 18:05:02 GMT
etag: W/"5fa984ce-15283"
expires: Tue, 07 May 2024 19:38:28 GMT
cache-control: max-age=608400
cf-cache-status: HIT
age: 352775
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FFcIj4zj1AcfnaBQJRgY7lIUR2a1OwT3hTYYPU7BAwRXqmE8KPvh5p3VEWpJI4iRMi1BcXbaQ%2BjcDMg3PqCJUsJh0L7KJt%2FJnJ1lOpQ%2BOTBRjZAWhCkhapo75TEtga8kApByLfnfb3A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87eb4ad2f95756b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

my.rtmark.net/gid.js?userId=008052d449d84357f4e923d31898886e

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=008052d449d84357f4e923d31898886e
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://www.tv1337.buzz/go/3/121
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
b713cf286b362ee5eac5e57f460f42ce
3b2381032290bc5fd3b6629593a54ccdd7c58262
87adc97194949bf276eabb59c7b0818aaa600dfc05ebe4b3c67d99c01ae58190

HTTP Headers

GET /gid.js?userId=008052d449d84357f4e923d31898886e HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.tv1337.buzz
DNT: 1
Connection: keep-alive
Referer: https://www.tv1337.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 20:38:04 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.tv1337.buzz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008052d449d84357f4e923d31898886e; expires=Sun, 04 May 2025 20:38:04 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

unanimousconsider.net/css/embed.min.css?v=0.5

172.67.215.3

200 OK

146 kB

URL GET HTTP/3
unanimousconsider.net/css/embed.min.css?v=0.5
IP
172.67.215.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://unanimousconsider.net/embed/a7hfuuu11vri
Certificate
IssuerGoogle Trust Services LLC
Subjectunanimousconsider.net
FingerprintE6:BD:E7:18:29:F8:D9:53:13:32:FC:C2:6D:03:CC:2A:3F:49:52:BB
ValidityWed, 03 Apr 2024 15:23:09 GMT - Tue, 02 Jul 2024 15:23:08 GMT

File type
ASCII text, with very long lines (1263)
Size
146 kB (145643 bytes)
Hash
47bdb127c8b9c6915ba4aea9205641ba
56554a3c0bd6785df1f1d18de5a07a495fb49270
2c7cf941b4eb9254e850875107ded812b5cf2da9de46f85919561f2a73876257

HTTP Headers

GET /css/embed.min.css?v=0.5 HTTP/1.1
Host: unanimousconsider.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://unanimousconsider.net/embed/a7hfuuu11vri
Cookie: hf1=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 20:38:03 GMT
content-type: text/css
last-modified: Thu, 09 Jun 2022 09:49:16 GMT
etag: W/"62a1c21c-4f0"
expires: Tue, 07 May 2024 18:27:42 GMT
cache-control: max-age=608400
cf-cache-status: HIT
age: 357021
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2BJIJO2nqYygkmVmWo1QeRsbMmLO3oH3Tz3EF2KKgk4oIR08HmpdNuJboYsp%2BXX8fXJ7MAnANFSKnsulf8zONvKAqeUty9BYYgTZ4HkAW43qMwExuVssBQ8hLshrQngnM5xBAJ2rxAU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87eb4ad2e95656b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

obediencechainednoun.com/pixel/purst?dl=0&th=0&sc=0&rs=1184&rd=1184&fd=778&bv=24.5.6485&tmpl=70

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
obediencechainednoun.com/pixel/purst?dl=0&th=0&sc=0&rs=1184&rd=1184&fd=778&bv=24.5.6485&tmpl=70
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://www.tv1337.buzz/go/3/121
Certificate
IssuerLet's Encrypt
Subjectobediencechainednoun.com
FingerprintD8:88:AB:F9:4D:93:61:FE:1F:18:63:97:F6:CC:1E:80:10:F1:3D:AB
ValidityMon, 29 Apr 2024 13:12:59 GMT - Sun, 28 Jul 2024 13:12:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1184&rd=1184&fd=778&bv=24.5.6485&tmpl=70 HTTP/1.1
Host: obediencechainednoun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tv1337.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 20:38:04 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

unanimousconsider.net/deb.js

172.67.215.3

200 OK

5.9 kB

URL GET HTTP/3
unanimousconsider.net/deb.js
IP
172.67.215.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://unanimousconsider.net/embed/a7hfuuu11vri
Certificate
IssuerGoogle Trust Services LLC
Subjectunanimousconsider.net
FingerprintE6:BD:E7:18:29:F8:D9:53:13:32:FC:C2:6D:03:CC:2A:3F:49:52:BB
ValidityWed, 03 Apr 2024 15:23:09 GMT - Tue, 02 Jul 2024 15:23:08 GMT

File type
JavaScript source, ASCII text, with very long lines (21359)
Size
5.9 kB (5886 bytes)
Hash
4854629b2f59efbee5662790a405fa68
961af168c9029a8a3765356bd37631fa3941ccb2
00f55721ec6181d9c16cc365dfe2ca9aab2fb8008ffe22ded892085019fd33b5

HTTP Headers

GET /deb.js HTTP/1.1
Host: unanimousconsider.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://unanimousconsider.net/embed/a7hfuuu11vri
Cookie: hf1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 20:38:04 GMT
content-type: application/javascript
last-modified: Wed, 22 Feb 2023 13:57:38 GMT
etag: W/"63f61f52-6450"
expires: Tue, 07 May 2024 18:27:43 GMT
cache-control: max-age=608400
cf-cache-status: HIT
age: 357021
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZcUJ2EgBBc%2BjipbXhTFbImdCBgYUtjfDvcsmFUVDtUlGEZWA84UZ8TbybLwZ4xiPmHdHQviF1aSgt%2F64DVE%2B%2FwSZ6PyJvd5HTm%2FPt8Wd2pR7ege5nmKgHkrhlzgtsgbWufUyYAw3Wpo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87eb4ad3198756b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

swarm.video/j79z9kzty.js?v=1.1

172.67.153.113

200 OK

160 kB

URL GET HTTP/2
swarm.video/j79z9kzty.js?v=1.1
IP
172.67.153.113:443
ASN
#13335 CLOUDFLARENET

Requested by
https://unanimousconsider.net/embed/a7hfuuu11vri
Certificate
IssuerGoogle Trust Services LLC
Subjectswarm.video
FingerprintAA:AF:58:D1:39:88:16:4B:A9:39:91:E7:C3:53:FA:D2:1E:CA:7C:7D
ValidityMon, 25 Mar 2024 06:38:08 GMT - Sun, 23 Jun 2024 06:38:07 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65207)
Size
160 kB (159761 bytes)
Hash
5bb4a2cc385c78f8f136804a7f9c099d
446deffaa8960d13ef52d28f9e27ade237b6e7b1
7c260f5e1dcb04331e9fb5ea2c0a5b82552133dd170d219384ec76afb1ec9b3d

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

HTTP Headers

GET /j79z9kzty.js?v=1.1 HTTP/1.1
Host: swarm.video
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://unanimousconsider.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 20:38:04 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-bgj: minify
cf-polished: origSize=545594
etag: W/"8533a-1893d1d213a"
last-modified: Mon, 10 Jul 2023 00:04:26 GMT
x-powered-by: Express
cf-cache-status: HIT
age: 357067
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BDhBfyBLlZ3dRINBGA7hWNrGlgI3g0kY4TGQEbWTO6%2BTV4H9Z4kL0NGoIRPGTYmT6rmHcqukQ2mLXG%2F4gapC9TULdc%2F9JAUYWLpPkzf%2BPN%2F7za7KqTfpt%2BccjaT9Pw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87eb4ad35caf0b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

unanimousconsider.net/embed/a7hfuuu11vri

172.67.215.3

200 OK

49 kB

URL GET HTTP/2
unanimousconsider.net/embed/a7hfuuu11vri
IP
172.67.215.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.tv1337.buzz/go/3/121
Certificate
IssuerGoogle Trust Services LLC
Subjectunanimousconsider.net
FingerprintE6:BD:E7:18:29:F8:D9:53:13:32:FC:C2:6D:03:CC:2A:3F:49:52:BB
ValidityWed, 03 Apr 2024 15:23:09 GMT - Tue, 02 Jul 2024 15:23:08 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (40966), with LF, NEL line terminators
Size
49 kB (49170 bytes)
Hash
a4109776989dc5075394590c699d5149
c8192d86a5e6d6dfc273d628665681046f944f3a
cebc65d01c4683d32a0d57e68fba5fee3ad9cf887dfdd95e835de6014eeab955

HTTP Headers

GET /embed/a7hfuuu11vri HTTP/1.1
Host: unanimousconsider.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tv1337.buzz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 20:38:03 GMT
content-type: text/html; charset=UTF-8
set-cookie: hf1=1; expires=Sat, 04-May-2024 21:08:03 GMT; Max-Age=1800; path=/; secure; HttpOnly; SameSite=None
hf2=1; expires=Sat, 04-May-2024 20:38:03 GMT; Max-Age=0; path=/; secure; HttpOnly; SameSite=None
hf3=1; expires=Sat, 04-May-2024 20:38:03 GMT; Max-Age=0; path=/; secure; HttpOnly; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UX62Vo0Vx%2BULfUPZ3IhTgnsyHlqNMz%2BSzrsKm3P2pHKDb%2FXwtSNGSvkFatqWC0bAHvil82TtYRyLCwh8%2FVJ7bvn%2F5xPvSrODVdMHaCNmk6dr8b0YwheLzsWCJssdCfGCCku9rG3nBgI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb4ad13e43b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tv1337.buzz/hola.php?id=3/121

188.114.97.1

200 OK

5.5 kB

URL User Request GET HTTP/2
tv1337.buzz/hola.php?id=3/121
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecttv1337.buzz
Fingerprint9D:4A:18:EB:19:04:19:E0:A9:01:28:87:BD:73:A6:1D:63:4C:E5:78
ValidityMon, 29 Apr 2024 00:24:21 GMT - Sun, 28 Jul 2024 00:24:20 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
5.5 kB (5525 bytes)
Hash
554cc20fbee302d4fac66abdb2ab9f0a
320bc2539f613baa64a71a7ebb454b111287f354
2a17749ee2440aad60f962032165d3e8f29b5fbf20b2d6a8259cfea1a6a32ab6

HTTP Headers

GET /hola.php?id=3/121 HTTP/1.1
Host: tv1337.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 20:38:02 GMT
content-type: text/html; charset=UTF-8
x-proxy-cache: HIT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6TZhKEn8TYBM0w9aWOi4YTiPOfkgK1vfU5dus4t8zWa2qS7dJW5ogzuyE4j2bz5q1ybQo7FKSbWFXUpR5CoYmL11891NVuPVfNomFRMXJe0piCb7rUaLEwwsNE7zrA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb4ac66c310b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

216.58.207.227

200 OK

24 kB

URL GET HTTP/2
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://unanimousconsider.net/embed/a7hfuuu11vri
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://unanimousconsider.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 13:49:40 GMT
expires: Fri, 02 May 2025 13:49:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
age: 197304
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

jnhjpdayvpzj.com/script/ut.js?cb=1714855084363

188.114.96.1

200 OK

63 kB

URL GET HTTP/2
jnhjpdayvpzj.com/script/ut.js?cb=1714855084363
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://unanimousconsider.net/embed/a7hfuuu11vri
Certificate
IssuerGoogle Trust Services LLC
Subjectjnhjpdayvpzj.com
Fingerprint5F:5C:CE:55:06:48:DF:2A:B4:EF:47:FA:03:62:7F:31:12:EE:49:2F
ValidityTue, 30 Apr 2024 15:32:39 GMT - Mon, 29 Jul 2024 15:32:38 GMT

File type

Size
63 kB (62975 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/ut.js?cb=1714855084363 HTTP/1.1
Host: jnhjpdayvpzj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://unanimousconsider.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 20:38:04 GMT
content-type: text/javascript
x-guploader-uploadid: ABPtcPrW83xwB4W8mzzRZJ09Xlc2CpXXkbQ03UfLiQzyROfKug36lcvO2cSft2dJ4tgb3ugAlD6A0Esqeg
x-goog-generation: 1714053300452258
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 62975
x-goog-hash: crc32c=f8d0YQ==, md5=vEgeNFwEtFNOCk5UoPLBxg==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
expires: Sat, 04 May 2024 20:27:39 GMT
cache-control: public, max-age=14400
age: 1372
last-modified: Thu, 25 Apr 2024 13:55:00 GMT
etag: W/"bc481e345c04b4534e0a4e54a0f2c1c6"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iCjkP%2FAocon4hkRjyVnH3eb0rkvv5D%2FjtG5SDFW58gO450Wmli61329wBQaSKEyf0j6raYCgpyi2vuP5PFXZP2N9OkSIfm0sCthuzj5LZraon6W%2FDZujJyW4dGdYYuAL2YCC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87eb4ad65e8b712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

youradexchange.com/script/suurl5.php?r=7108866&cbur=0.2946881518512713&cbiframe=1&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Fwww.tv1337.buzz%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=jnhjpdayvpzj.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1714855084370&srs=a1e8d6764be783474278945dde4d410a&atv=48.1&abtg=1&adbv=3-swat3-swf2

104.21.91.188

200 OK

955 B

URL GET HTTP/2
youradexchange.com/script/suurl5.php?r=7108866&cbur=0.2946881518512713&cbiframe=1&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Fwww.tv1337.buzz%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=jnhjpdayvpzj.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1714855084370&srs=a1e8d6764be783474278945dde4d410a&atv=48.1&abtg=1&adbv=3-swat3-swf2
IP
104.21.91.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://unanimousconsider.net/embed/a7hfuuu11vri
Certificate
IssuerGoogle Trust Services LLC
Subjectyouradexchange.com
FingerprintD5:0B:42:43:E8:69:FA:76:AA:C8:B3:28:9A:EB:33:C4:6F:62:7A:2B
ValiditySun, 14 Apr 2024 01:48:20 GMT - Sat, 13 Jul 2024 01:48:19 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (982), with no line terminators
Size
955 B (955 bytes)
Hash
48428fa3eb27ef9c7658abbc5053071e
d1be5db789a8d65d250a889c85c4c8b2e9151c54
1a538749865d7bc8535a2032476b15f83276fd9f51b96ee2f9163fa90eb324d1

HTTP Headers

GET /script/suurl5.php?r=7108866&cbur=0.2946881518512713&cbiframe=1&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Fwww.tv1337.buzz%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=jnhjpdayvpzj.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1714855084370&srs=a1e8d6764be783474278945dde4d410a&atv=48.1&abtg=1&adbv=3-swat3-swf2 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://unanimousconsider.net/
Origin: https://unanimousconsider.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 20:38:04 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D%2FUYElAzYqo48t4CbXLX2gZAihoiva%2B%2BXfskXKIiL%2BVoP9INH29vaMVNEe39DE4JWgjHxh4HJVePthsWsv%2BpON%2Fhc22IEaKcuTF82MNZx0EBhmmqGwV3DAr3OmlQmbvYCygJQWE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb4ad659de5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pl16725813.highcpmgate.com/b7/75/68/b775685b834710599fa3b4d2786defa4.js

192.243.61.225

200 OK

84 kB

URL GET HTTP/1.1
pl16725813.highcpmgate.com/b7/75/68/b775685b834710599fa3b4d2786defa4.js
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.tv1337.buzz/go/3/121
Certificate
IssuerLet's Encrypt
Subjecthighcpmgate.com
FingerprintE7:53:32:23:DA:D6:BE:EB:98:90:05:4B:AC:AC:8C:89:F2:4D:FB:2E
ValidityFri, 19 Apr 2024 10:31:16 GMT - Thu, 18 Jul 2024 10:31:15 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
84 kB (83941 bytes)
Hash
1c562b72b74354cb4a4f26a54fed2fc4
9f9ff3b6d019722e9a53c4dca2106b1b57919081
62c18b5c36ac36f695aa5ade300b1e647c2a6943d22f31aaeaaae736a4605b5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /b7/75/68/b775685b834710599fa3b4d2786defa4.js HTTP/1.1
Host: pl16725813.highcpmgate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tv1337.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 20:38:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b6713b1d05e5a32fb0726d7b8cac7a86
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

capaciousdrewreligion.com/advertisers.js

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.tv1337.buzz/go/3/121
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
Fingerprint53:B6:ED:C6:B5:B6:60:3E:6D:02:5A:92:2E:C3:12:74:64:A1:23:DC
ValidityWed, 06 Mar 2024 11:57:32 GMT - Tue, 04 Jun 2024 11:57:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tv1337.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 20:38:04 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8d096fdb029039f4d6a05c507241e2f4
Strict-Transport-Security: max-age=0; includeSubdomains

fonts.googleapis.com/css?family=Lato:400,700

142.250.74.106

200 OK

1.4 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Lato:400,700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://unanimousconsider.net/embed/a7hfuuu11vri
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (1474), with no line terminators
Size
1.4 kB (1442 bytes)
Hash
73d13bdd1ab78f594cb774a9319a64f2
b998b7afc14655aed45dbdd4120eda96a2aa4427
5645753d1916f250c3f7c8658a2616db7c616ae6ec7d1dc0e3f9f1a2bb7ab47a

HTTP Headers

GET /css?family=Lato:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://unanimousconsider.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 20:38:04 GMT
date: Sat, 04 May 2024 20:38:04 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js

151.101.1.229

200 OK

525 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://unanimousconsider.net/embed/a7hfuuu11vri
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type

Size
525 kB (525081 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /npm/clappr@latest/dist/clappr.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://unanimousconsider.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.3.13
x-jsd-version-type: version
etag: W/"80319-k2KF+cjIWnSaHvjPxNXoS36ivIk"
content-encoding: br
accept-ranges: bytes
date: Sat, 04 May 2024 20:38:04 GMT
age: 26725
x-served-by: cache-fra-etou8220029-FRA, cache-hel1410033-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 145133
X-Firefox-Spdy: h2

tv1337.buzz/favicon.ico

188.114.97.1

200 OK

2.0 kB

URL GET HTTP/3
tv1337.buzz/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tv1337.buzz/hola.php?id=3/121
Certificate
IssuerGoogle Trust Services LLC
Subjecttv1337.buzz
Fingerprint9D:4A:18:EB:19:04:19:E0:A9:01:28:87:BD:73:A6:1D:63:4C:E5:78
ValidityMon, 29 Apr 2024 00:24:21 GMT - Sun, 28 Jul 2024 00:24:20 GMT

File type
PNG image data, 36 x 34, 8-bit/color RGBA, non-interlaced
Size
2.0 kB (1992 bytes)
Hash
73ba79f24b56a0b965644213c761635d
442be67ca159de22822c8dc1d15874a2ee3a075f
cb136eca6edfeb5843fead65aebac6990f0bad0ab94e6eb95c83723a39472119

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: tv1337.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tv1337.buzz/hola.php?id=3/121
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 20:38:02 GMT
content-type: image/x-icon
last-modified: Tue, 24 Sep 2019 00:24:21 GMT
etag: W/"5d896235-7c8"
x-proxy-cache: HIT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2353
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ct6nY%2BGPwhH%2B0bdqckRIYdPmtiljPaJcEb3%2BvZBP3djOfAilOzeEBfoupxAeZd2rybxpeZUSBEP8aQcoqxCns9%2BTMvT4Lfk6okWeBSFyc3K9bUiADXNOdPfkFAsXMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87eb4ac91db8b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.tv1337.buzz/wcs.js?v=2

104.21.95.101

404 Not Found

162 B

URL GET HTTP/3
www.tv1337.buzz/wcs.js?v=2
IP
104.21.95.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.tv1337.buzz/go/3/121
Certificate
IssuerGoogle Trust Services LLC
Subjecttv1337.buzz
Fingerprint9D:4A:18:EB:19:04:19:E0:A9:01:28:87:BD:73:A6:1D:63:4C:E5:78
ValidityMon, 29 Apr 2024 00:24:21 GMT - Sun, 28 Jul 2024 00:24:20 GMT

File type
HTML document, ASCII text, with no line terminators
Size
162 B (162 bytes)
Hash
42b7c03ebcddafdb2aa3078e3a9ceb69
57570cf4712b36bce96f68228e6c72137c2156dd
a225bf8186e767cfb73fec2ac55678c083a3c2abd042bc1cf85f820bced5ec9f

HTTP Headers

GET /wcs.js?v=2 HTTP/1.1
Host: www.tv1337.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tv1337.buzz/go/3/121
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 04 May 2024 20:38:02 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u%2BDidrcgeHgltCAPvZ3EkLj0L2cKFWiMaRVkkGurP%2BPsruqNnJma5AOg4K8CSlL97F7B75x7Y6WT7pL9cpL1PNs%2FHFmbGRNi8eA4Y6WuPidkTbOlpx%2F7YOLZ1iYdg5Ei6SA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87eb4acb492a5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

awistats.com/js/script.js

188.114.96.1

200 OK

1.3 kB

URL GET HTTP/2
awistats.com/js/script.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://unanimousconsider.net/embed/a7hfuuu11vri
Certificate
IssuerGoogle Trust Services LLC
Subjectawistats.com
Fingerprint56:8B:C5:36:79:56:6E:4F:58:C1:9C:D7:9D:00:EE:0D:77:55:D7:15
ValidityWed, 27 Mar 2024 19:21:32 GMT - Tue, 25 Jun 2024 19:21:31 GMT

File type
ASCII text, with very long lines (1384), with no line terminators
Size
1.3 kB (1346 bytes)
Hash
16cfd1982a40489c41a52add24d36b85
344f1896d895c5d0a7c4caecafcf1942603cd026
72073aacecd145e525b16c4c845c07bff5798e813eeed702dff748a18b6186ce

HTTP Headers

GET /js/script.js HTTP/1.1
Host: awistats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://unanimousconsider.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 20:38:04 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15266
last-modified: Sat, 04 May 2024 16:23:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UzT1B7OU7XWk99lnvQxPmqyLRTy7rrAmDivWBkSwj7PWer1IQ6dPHU3KqOnBeS1L0UvuUlLhPZHjF9qvJRybKPdX47%2FrhW8yowLfxC8IgDQrpEXZpgmkHWohnf3KW0s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87eb4ad36e2f568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

lol-foot.ru/go/3/121

104.21.51.134

301 Moved Permanently

68 kB

URL GET HTTP/2
lol-foot.ru/go/3/121
IP
104.21.51.134:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tv1337.buzz/hola.php?id=3/121
Certificate
IssuerGoogle Trust Services LLC
Subjectlol-foot.ru
Fingerprint46:11:81:40:B2:08:13:A6:B9:86:6F:4B:5C:DB:83:09:8F:9E:79:08
ValidityTue, 09 Apr 2024 00:32:15 GMT - Mon, 08 Jul 2024 00:32:14 GMT

File type

Size
68 kB (68358 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /go/3/121 HTTP/1.1
Host: lol-foot.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tv1337.buzz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 04 May 2024 20:38:02 GMT
content-type: text/html
location: https://www.tv1337.buzz/go/3/121
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Aqe8%2FWjUj74epTlbbIidKTCG2VJEwGuIVDTfB9cVIxCojqjsAjL9Eex5mCrjXldUdZuQy82KZJXiT%2BbR8431OMJp1UwQZixihr%2F4OKfGeuuCUpZdSSxnnqKwkkziCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb4ac97fb1b4fd-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.tv1337.buzz/wcs.js?v=2

104.21.95.101

404 Not Found

162 B

URL GET HTTP/3
www.tv1337.buzz/wcs.js?v=2
IP
104.21.95.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.tv1337.buzz/go/3/121
Certificate
IssuerGoogle Trust Services LLC
Subjecttv1337.buzz
Fingerprint9D:4A:18:EB:19:04:19:E0:A9:01:28:87:BD:73:A6:1D:63:4C:E5:78
ValidityMon, 29 Apr 2024 00:24:21 GMT - Sun, 28 Jul 2024 00:24:20 GMT

File type
HTML document, ASCII text, with no line terminators
Size
162 B (162 bytes)
Hash
42b7c03ebcddafdb2aa3078e3a9ceb69
57570cf4712b36bce96f68228e6c72137c2156dd
a225bf8186e767cfb73fec2ac55678c083a3c2abd042bc1cf85f820bced5ec9f

HTTP Headers

GET /wcs.js?v=2 HTTP/1.1
Host: www.tv1337.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tv1337.buzz/go/3/121
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 04 May 2024 20:38:03 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: HIT
age: 1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0IWdRUe1j%2FrbTeJXy3s1Qgmj6QEhy9%2Fl0vv225b7Q60ZI4FzaK8d4czB66RxM3TXLG6LEvyjru%2BgcGpf5DNI4OP78EibgQW8dAIdXvaF1I9fjLueNmDuWzK312pjTwzX184%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87eb4ad1290b5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

mordoops.com/5/6555840/?oo=1&aab=1

139.45.197.244

200 OK

2.9 kB

URL GET HTTP/2
mordoops.com/5/6555840/?oo=1&aab=1
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://www.tv1337.buzz/go/3/121
Certificate
IssuerLet's Encrypt
Subjectmordoops.com
Fingerprint0B:32:D8:40:AB:56:05:9B:BD:33:D8:55:19:05:B0:A5:45:79:BA:1D
ValiditySun, 28 Apr 2024 05:23:29 GMT - Sat, 27 Jul 2024 05:23:28 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3097), with no line terminators
Size
2.9 kB (2853 bytes)
Hash
00c9da6c6dd7153d008208a9b9defc09
5d14928aaa33984f603acac3461a1f02841363c4
d145aac183871cbb7973e6aadacbeff2251c042682eed8f73267679704d92525

HTTP Headers

GET /5/6555840/?oo=1&aab=1 HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.tv1337.buzz
DNT: 1
Connection: keep-alive
Referer: https://www.tv1337.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 20:38:03 GMT
content-type: application/json
x-trace-id: c333fed1c00b89d3d9244939549e948e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.tv1337.buzz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008052d449d84357f4e923d31898886e; expires=Sun, 04 May 2025 20:38:03 GMT; path=/; secure; SameSite=None
oaidts=1714855083; expires=Sun, 04 May 2025 20:38:03 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML