Report - forcedcinema.net/

Report Overview

Submitted URL
forcedcinema.net/
IP
104.21.74.240
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-03 23:39:11
Access
public
Website Title
ForcedCinema - Abuse Scenes From Movies and TV Series
Final URL
forcedcinema.net/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-02	879 B	170 kB	142.250.74.168
2b6b88fc7b.a1bbcd100e.com	unknown	2024-04-03	2024-05-03	2024-05-03	833 B	320 B	45.133.44.53
nereserv.com	40015	2020-12-21	2020-12-21	2024-05-03	595 B	320 B	157.90.84.246
43b71e837e.d8388cd984.com	unknown	unknown	No data	No data	7.5 kB	5.6 kB	168.119.25.102
accounts.google.com	81	1997-09-15	2016-03-20	2024-05-02	1.8 kB	6.1 kB	64.233.164.84
static.bookmsg.com	47495	2020-09-15	2020-11-24	2024-05-03	1.1 kB	2.2 kB	45.133.44.24
storage.multstorage.com	unknown	2023-09-22	2023-09-22	2024-05-03	526 B	10 kB	104.21.30.242
0afc4c07a9.9fbdc30642.com	unknown	2024-04-03	2024-05-03	2024-05-03	1.9 kB	629 kB	45.133.44.52
js.capndr.com	316718	2021-08-30	2021-08-30	2024-05-02	403 B	374 B	45.133.44.53
imgsdn.com	unknown	2024-02-12	2024-02-12	2024-05-03	993 B	182 B	162.55.246.161
forcedcinema.net	unknown	2022-01-12	2022-01-13	2023-11-22	13 kB	476 kB	172.67.164.165
68aq8q352.com	unknown	2024-04-27	2024-04-28	2024-05-01	1.9 kB	51 kB	212.117.190.210
fp.metricswpsh.com	unknown	2021-10-29	2022-04-22	2024-05-03	1.0 kB	818 B	157.90.84.242
img.vmmcdn.com	36292	2019-11-26	2019-11-26	2024-05-02	806 B	38 kB	138.201.51.142

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-03	medium	68aq8q352.com	Sinkholed
2024-05-03	medium	a1bbcd100e.com	Sinkholed
2024-05-03	medium	d8388cd984.com	Sinkholed
2024-05-03	medium	d8388cd984.com	Sinkholed
2024-05-03	medium	d8388cd984.com	Sinkholed
2024-05-03	medium	68aq8q352.com	Sinkholed
2024-05-03	medium	68aq8q352.com	Sinkholed
2024-05-03	medium	d8388cd984.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (19)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=UA-217778743-1	197 kB	2024-05-04	2024-05-04
Pretty URL www.googletagmanager.com/gtag/js?id=UA-217778743-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 01:39:18 Last Seen2024-05-04 01:39:19 Times Seen2 Hash d104e26dcb0b50fafc232b2a39c66036 725c11dbd061964c34ef8cce384cd5f89fb32a8c c3dabd995ffa9f6dc40dd692df2a44d0620c047abffe090afc934d0ce731f035 Loading...

	68aq8q352.com/get/2010857?zoneid=2010857&jp=_cl9k4p5rkb8v7orahzuzd1&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=675329744361984&eclog=0&im=1&uf=0	3.0 kB	2024-05-04	2024-05-04
Pretty URL 68aq8q352.com/get/2010857?zoneid=2010857&jp=_cl9k4p5rkb8v7orahzuzd1&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=675329744361984&eclog=0&im=1&uf=0 IP 212.117.190.210 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 01:39:18 Last Seen2024-05-04 01:39:18 Times Seen1 Hash fed75374c8704cb6933b0e03d396a712 8b0e6dd53eca8dcee801fd0adab13808bad2b698 f73ac55ad61715e178d7d4fafd53fc39d300fa7c5978c24e23733540982ab2f4 Loading...

	www.googletagmanager.com/gtag/js?id=G-Y0NEW6B0B0&l=dataLayer&cx=c	288 kB	2024-05-04	2024-05-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-Y0NEW6B0B0&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 01:39:18 Last Seen2024-05-04 01:39:19 Times Seen2 Hash 454dc6df1b9c507cf35ee5700adb7139 1ed1e0abd79170be8887d4849cf83261d323d79f 4ac15650d166109cbd12a91e179beec267a85c96dc461c3d0815880f9dc7618b Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-18
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-18 03:29:19 Times Seen349612 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	0afc4c07a9.9fbdc30642.com/0d8e53bb591d5ef2550211d14bd7c209.js	470 kB	2024-04-16	2024-05-18
Pretty URL 0afc4c07a9.9fbdc30642.com/0d8e53bb591d5ef2550211d14bd7c209.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:37:10 Last Seen2024-05-18 00:06:50 Times Seen1362 Hash 2902e331e5e735ad63e7510dfc434c5b 8f276d26159f74561fb370144b8cafba8bcc8bd3 26106440376cfc59241a9ef152d26483d436f1c155744bda92a41d3906e60ba2 Loading...

	storage.multstorage.com/log/count.html	718 B	2023-09-18	2024-05-18
Pretty URL storage.multstorage.com/log/count.html IP 104.21.30.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 17:19:52 Last Seen2024-05-18 03:25:12 Times Seen5382 Hash 1f697a0f2411e463adbc1211493fe5a6 93c154152bda427938543b8efbd8d3b594abbac7 08a5735f5232b651af89f552e8d0fb7b21d6605fba48f335318699d80d12703e Loading...

	forcedcinema.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.1	90 kB	2023-03-08	2024-05-18
Pretty URL forcedcinema.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.1 IP 172.67.164.165 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:46 Last Seen2024-05-18 00:25:09 Times Seen32138 Hash 17738318d61d394f1de8890d589afaec f6d0c4dc1399cf02d53f5753ad46573a8bbc2ac3 cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981 Loading...

	forcedcinema.net/	155 B	2023-11-22	2024-05-04
Pretty URL forcedcinema.net/ IP 172.67.164.165 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-22 16:12:31 Last Seen2024-05-04 01:39:18 Times Seen3 Hash ccffa538f7610bc872d86b42ff14eedd 2f8fe5af48b0d72d0a09388a6ddfdfb7b7f38c7c 07d61f79496d12950e5ac65a197b5837c27810be724355a6d4d6dfe2d25034d3 Loading...

	forcedcinema.net/wp-content/themes/retrotube/assets/js/skip-link-focus-fix.js?ver=1.0.0	426 B	2023-03-07	2024-05-17
Pretty URL forcedcinema.net/wp-content/themes/retrotube/assets/js/skip-link-focus-fix.js?ver=1.0.0 IP 172.67.164.165 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:32 Last Seen2024-05-17 20:08:24 Times Seen1171 Hash fa2ce987f8db7686a86e81d3407acb43 2c0e064be7f6d1d273749ddaa289d09a0f7470c1 405a5e4943b97243440d632a958bb6e79f1d1929666745000a22ebaa5fa2d819 Loading...

	forcedcinema.net/sandbox%20eval%20code	147 B	2023-04-11	2024-05-18
Pretty URL forcedcinema.net/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-18 03:29:19 Times Seen350123 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	0afc4c07a9.9fbdc30642.com/79c7e8dad32f8bc2b158100c803052e7.js	169 kB	2024-04-25	2024-05-16
Pretty URL 0afc4c07a9.9fbdc30642.com/79c7e8dad32f8bc2b158100c803052e7.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 17:48:27 Last Seen2024-05-16 08:49:21 Times Seen1042 Hash e164f0fc509991890121aa763019689d 16f901a89a57f87c90d6cea80cff9f8bd32756dc fdd439b2c8d28676c5e03847afc19252a3d6d88a670ba48db4ac020866c6b6ec Loading...

	forcedcinema.net/	330 B	2024-05-04	2024-05-04
Pretty URL forcedcinema.net/ IP 172.67.164.165 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 01:39:19 Last Seen2024-05-04 01:39:19 Times Seen1 Hash 8c341b25644d4cd44cfeeab3b1f1d502 f0348e4c2d829c717149cf52bc8630f3601b89f4 ebc9d5c9ef07e8524eae300499af043f5fafebcbeac227e81d088b5a41442d33 Loading...

	68aq8q352.com/aas/r45d/vki/2010857/3dba8911.js	106 kB	2024-05-04	2024-05-04
Pretty URL 68aq8q352.com/aas/r45d/vki/2010857/3dba8911.js IP 212.117.190.210 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 01:39:19 Last Seen2024-05-04 01:39:19 Times Seen1 Hash 009d53b9f065c121f85a104bb0739d83 159ea560edb238cbb36db7b1363c8d414acf3dfd d91873f06ca8865d94443a92f737113ea0e286a73dcbd86a3c7f988c95e28b93 Loading...

	0afc4c07a9.9fbdc30642.com/345572815f3b6726ddc5ccee20a9f4a8.js	109 kB	2024-04-24	2024-05-07
Pretty URL 0afc4c07a9.9fbdc30642.com/345572815f3b6726ddc5ccee20a9f4a8.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 00:00:34 Last Seen2024-05-07 11:41:50 Times Seen663 Hash 41230c1446cb19310867b6c3e10f8bec f600745dccd0143bbd1d83d44bd776c74f69866b 713bc0015ac5ef37f48ad9f49aa4521912b705cf01bf19409f98235b28d41dfe Loading...

	js.capndr.com/advertising.js	0 B	2023-03-07	2024-05-18
Pretty URL js.capndr.com/advertising.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 03:59:44 Times Seen37767464 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	forcedcinema.net/wp-content/themes/retrotube/assets/js/lazyload.js?ver=1.0.3	5.8 kB	2023-03-07	2024-05-09
Pretty URL forcedcinema.net/wp-content/themes/retrotube/assets/js/lazyload.js?ver=1.0.3 IP 172.67.164.165 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:16 Last Seen2024-05-09 19:49:44 Times Seen231 Hash d903cb4445303adfacbde57ac5f74732 8600b059e84106e6f257fac5e527fd144163028f 5f8a5a2aa4a053bd70bb8af4c22e9cd3850236a5d6700bb3353f9a25187a3e15 Loading...

	forcedcinema.net/wp-content/themes/retrotube/assets/js/main.min.js?ver=1.7.3.8.1678187099	23 kB	2023-05-19	2024-05-04
Pretty URL forcedcinema.net/wp-content/themes/retrotube/assets/js/main.min.js?ver=1.7.3.8.1678187099 IP 172.67.164.165 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-19 01:01:02 Last Seen2024-05-04 01:39:19 Times Seen7 Hash 8de56c63db67ac6f625626e3ac7d8058 cb39c1b23507d92581313fed89464a371db4864d 2d7c51907ce47714099833dcb138ec307f1761c4aeaee160e51cee8fe12af364 Loading...

	forcedcinema.net/	6.4 kB	2024-03-30	2024-05-04
Pretty URL forcedcinema.net/ IP 172.67.164.165 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 22:26:16 Last Seen2024-05-04 01:39:19 Times Seen2 Hash 625461430cfd7a3def23a1fbabfb89bd 4c269ba72cf9282ee7a414a0eb046e89bde067e1 8ab4e564a89a8191ba1cb921da90d6af075d88af05fa8ba4df0c5cc4b1dbc005 Loading...

	forcedcinema.net/	12 kB	2024-05-04	2024-05-04
Pretty URL forcedcinema.net/ IP 172.67.164.165 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 01:39:19 Last Seen2024-05-04 01:39:19 Times Seen1 Hash 2b51ab33b04bf6f63cde249aee836068 c2feeeae59b490fc07aa290adb938dd971992164 17bfc61737c2e0567d4fe6ae671158551bab48beba479bb489348b2d15efe0b9 Loading...

HTTP Transactions (54)

URL IP Response Size

forcedcinema.net/wp-content/themes/retrotube/assets/stylesheets/font-awesome/webfonts/fa-solid-900.woff2

172.67.164.165

200 OK

11 kB

URL GET HTTP/3
forcedcinema.net/wp-content/themes/retrotube/assets/stylesheets/font-awesome/webfonts/fa-solid-900.woff2
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
Web Open Font Format (Version 2), TrueType, length 10596, version 1.0
Size
11 kB (10596 bytes)
Hash
20135c62c0cc5718c6f09ca19d0096f0
d6e6f3d491319dd4ea6be4ab730858e40853597b
fc42879535a793258664b6f8525e48ab3ef1496115d004da1538fb60db917bdc

HTTP Headers

GET /wp-content/themes/retrotube/assets/stylesheets/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forcedcinema.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: font/woff2
content-length: 10596
last-modified: Mon, 13 Mar 2023 07:28:40 GMT
etag: "640ed0a8-2964"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 4733
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L8kxPKF%2FkIUrH%2BGlsmLTeoVjw5SC3ojdf1yHEFLYtJrJaIavhLiqaLVTca8tVbR%2BZHr2tpn98zotKvlDpV3PwDkO%2BATxcamiwXAYFIZHJnLD7L6QPuYDeeL1Mk8IAFP42tfz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41618fb0a1c0a-OSL
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/uploads/2023/03/fclogo.png

172.67.164.165

200 OK

12 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2023/03/fclogo.png
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
PNG image data, 429 x 42, 8-bit/color RGBA, non-interlaced
Size
12 kB (12208 bytes)
Hash
386e3b009b324ac7a4f11da1bf6e7bab
4eade616cb82dd9315f08c53676c4e0d9a190a91
92c3818507e9140e57ce9d95c3c1821d639c36cf946a0e8b2420bc36252dd405

HTTP Headers

GET /wp-content/uploads/2023/03/fclogo.png HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/png
content-length: 12208
last-modified: Tue, 14 Mar 2023 11:28:10 GMT
etag: "64105a4a-2fb0"
expires: Sun, 27 Oct 2024 16:18:30 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 285614
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6azhKcXY1mVRgC408GyN9EWmdxcmhTS2MS8gbNjY%2FaiyT1on8PasHOytWonXD463pZJXrUBaAg63kgMIA9c%2BiHUMzHXzxGyltBzvLqBcDrRaBJgWfB4Nm6CFLIj9JbZnIixb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41618fb111c0a-OSL
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/themes/retrotube/assets/stylesheets/font-awesome/css/fontawesome.min.css?ver=6.3.0.2

172.67.164.165

200 OK

2.4 kB

URL GET HTTP/3
forcedcinema.net/wp-content/themes/retrotube/assets/stylesheets/font-awesome/css/fontawesome.min.css?ver=6.3.0.2
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
ASCII text, with very long lines (836)
Size
2.4 kB (2422 bytes)
Hash
ddc62e40593ac34031a5e8bd894d3b5e
ee34e551ee99b26ce9c60fc7c94192715894cd5f
eff363513d715c7bc73711df0138df4237f3a20081a800cb00d96b181fa74fd9

HTTP Headers

GET /wp-content/themes/retrotube/assets/stylesheets/font-awesome/css/fontawesome.min.css?ver=6.3.0.2 HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: text/css
last-modified: Tue, 07 Mar 2023 10:39:19 GMT
vary: Accept-Encoding
etag: W/"64071457-72f"
expires: Sun, 27 Oct 2024 17:30:11 GMT
cache-control: max-age=15552000
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 281313
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iejQc0n4WBJ%2Bwmhn1DMZcv%2B%2B3gjnwJyZ1tvBp9C7bQrMm7HHIgq86wWmSkCMr2aASsB4ODSeStAtGHjrCs0PkfCGlU7JKzrJM3aoNtadhKURUz%2BXLaHKU8177bKVDZ3Ybbi9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41618fb0e1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=UA-217778743-1

142.250.74.168

200 OK

72 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-217778743-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (1822)
Size
72 kB (71458 bytes)
Hash
d104e26dcb0b50fafc232b2a39c66036
725c11dbd061964c34ef8cce384cd5f89fb32a8c
c3dabd995ffa9f6dc40dd692df2a44d0620c047abffe090afc934d0ce731f035

HTTP Headers

GET /gtag/js?id=UA-217778743-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 03 May 2024 23:38:44 GMT
expires: Fri, 03 May 2024 23:38:44 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 71458
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

forcedcinema.net/wp-content/uploads/2022/02/TR-380x214.jpg

172.67.164.165

200 OK

7.2 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2022/02/TR-380x214.jpg
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 380x214, components 3
Size
7.2 kB (7163 bytes)
Hash
73f9cca6160b7aad680d7b8573d7af41
a07f0e591816488435550995b07c048f614ab169
2866a0c0ebd2ee3ab25894c59d048ef861adc6ea7bb8f8f53b793824b10e714e

HTTP Headers

GET /wp-content/uploads/2022/02/TR-380x214.jpg HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/jpeg
content-length: 7163
last-modified: Sun, 05 Mar 2023 13:32:09 GMT
etag: "640499d9-1bfb"
expires: Sun, 27 Oct 2024 19:10:44 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 275280
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tyM95I6M2aXf7UCgw8oaboFOYI8TfDmjDi389hn1s1z5R2D696FJ71a3dFmLeodW9QpGNuWRSFUqh7OMbLmiIjKdOqf1zVtO4aNewRuy83xz0q9vsxd4A8WiL4Tsi%2FJDt77U"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161a9bb41c0a-OSL
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/uploads/2022/11/raped-woman-has-flashbacks-of-the-rape-380x214.jpg

172.67.164.165

200 OK

6.2 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2022/11/raped-woman-has-flashbacks-of-the-rape-380x214.jpg
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 380x214, components 3
Size
6.2 kB (6231 bytes)
Hash
fc3483f8d2a3bd1b42da924213ef7ab1
43cbebe8e33b05071c4f2e9b5e49656ae0153d9f
d2c8b92f6729e9eb10053a25a10353cf93ead8af12663bf1d70b721b33defeff

HTTP Headers

GET /wp-content/uploads/2022/11/raped-woman-has-flashbacks-of-the-rape-380x214.jpg HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/jpeg
content-length: 6231
last-modified: Sun, 05 Mar 2023 13:12:20 GMT
etag: "64049534-1857"
expires: Sun, 27 Oct 2024 17:54:05 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 279879
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mvXagIyYT7WKDOZOwwFhB%2Bv2b2e%2B00qZMXsSGjzSW1U9gJL%2FXqp0KPwjNlsLzP1kSalYoU8Sb6NqRHZznbFOmbG1gSVG2XbmcU6C9%2F53kaRV1r3lzM3j4N7cElaVb8sHKiRH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161a9bb31c0a-OSL
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/uploads/2023/08/girl-chained-to-bed-and-gang-raped-380x214.jpg

172.67.164.165

200 OK

8.8 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2023/08/girl-chained-to-bed-and-gang-raped-380x214.jpg
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 380x214, components 3
Size
8.8 kB (8750 bytes)
Hash
36d867b8d6685101fc752c142dc7d29d
21438ada9203ac1504107fc8aa58f639d1bd606d
3c4383b3fda69191fac542d25804f432995c6de6d1131a7f783f0b02a933638c

HTTP Headers

GET /wp-content/uploads/2023/08/girl-chained-to-bed-and-gang-raped-380x214.jpg HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/jpeg
content-length: 8750
last-modified: Sun, 06 Aug 2023 09:27:11 GMT
etag: "64cf676f-222e"
expires: Sun, 27 Oct 2024 19:02:30 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 275774
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=edHH%2B3YaH8QHiQd5nu%2FoQw1WZdoxfdgb9tRshmB54t%2BlaV4xLjA7WtmJ2Y4u2lrKO5JEIkXxuesCoGbQLe2y6G3oa3qVNBh2E6mEzyPs6%2FAyaGstttt5aXD7F9LeQBw1kSZ8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161a9bb51c0a-OSL
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/uploads/2022/01/puss-380x214.jpg

172.67.164.165

200 OK

11 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2022/01/puss-380x214.jpg
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 380x214, components 3
Size
11 kB (10814 bytes)
Hash
1f232e04fa927bac2073ebdd365b9d46
fdcb8d8fec5165798010f13c029cc4b3daa16dc9
da39df783e036c4b63a9c04d2ff0b6c7960c564c9a0c5fa37ed3fed3a8c6cb07

HTTP Headers

GET /wp-content/uploads/2022/01/puss-380x214.jpg HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/jpeg
content-length: 10814
last-modified: Sun, 05 Mar 2023 13:37:03 GMT
etag: "64049aff-2a3e"
expires: Sun, 27 Oct 2024 17:55:00 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 279824
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YASBR1bT6nOJGldEboMD0gA0EyQbsyI8jgvy%2Fl9FkYCIu4u4Qh8yh57IbNdfYpubB%2FaFK%2FJgGCp9a1C6IlShseh3f5Dfb1GApulAKwaNMQtG%2BP9OiA8h9rSswahANy4RDaes"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161a9bb61c0a-OSL
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/uploads/2022/02/10-4-380x214.jpg

172.67.164.165

200 OK

8.0 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2022/02/10-4-380x214.jpg
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 380x214, components 3
Size
8.0 kB (8012 bytes)
Hash
bbde86d402d12492f5a2551956f57a2e
16b9fc3f512094025fa3a8961304187376335359
1e0331b349bbb84ed73dcb6a43b225dc00b1a59adc80736084e669481fa625ef

HTTP Headers

GET /wp-content/uploads/2022/02/10-4-380x214.jpg HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/jpeg
content-length: 8012
last-modified: Sun, 05 Mar 2023 13:31:51 GMT
etag: "640499c7-1f4c"
expires: Sun, 27 Oct 2024 21:26:22 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 267142
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0WXzDpWCz2NXWyhotsLdkgTz1SfSYVaEh3THYCRdYzLvScEwa053avaQaWEAjoRvVi62JgFB53DytdtLTmJlf4Jb%2BRdhuEEh%2B%2Bd5ppDxgh%2By6156u1ZlG7gFp%2ByCub4g2yCu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161a9bb71c0a-OSL
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/uploads/2022/07/asian-schoolgirl-gang-raped-by-fellows-380x214.jpg

172.67.164.165

200 OK

7.0 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2022/07/asian-schoolgirl-gang-raped-by-fellows-380x214.jpg
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 380x214, components 3
Size
7.0 kB (6990 bytes)
Hash
2d88ed4e7fb287e1408fc4dae2e9b34f
dcd1bbf4df6b609a0dfdc936b37f8199ceffa80a
bd75d7f41b354a74ed763d735e4b6224e79d5cb518e2e1f41b36de1a471c328a

HTTP Headers

GET /wp-content/uploads/2022/07/asian-schoolgirl-gang-raped-by-fellows-380x214.jpg HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/jpeg
content-length: 6990
last-modified: Sun, 05 Mar 2023 13:23:41 GMT
etag: "640497dd-1b4e"
expires: Sun, 27 Oct 2024 19:30:00 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 274124
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WJC%2Bq5SPoqpbSc45jKppPdPhepQJrT9gF0jfhrcFjJ10rQ8j8kJN%2FUmBkpgWCeoK3H4H2BbrKcLF%2FcUnNdRxZ9ZdFLe98%2FwEw9F87ErGXXUuWzEbxPFS8iGGhzTgcwDtBjRP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161a9bb91c0a-OSL
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/uploads/2022/04/tied-and-raped-380x214.jpg

172.67.164.165

200 OK

10 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2022/04/tied-and-raped-380x214.jpg
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 380x214, components 3
Size
10 kB (10005 bytes)
Hash
d147c771f41573501d947443ce391c53
711153d9d39a832ffd845165681a6c729e19cdd1
9fdea34452a159d5b1d5f07ac8e2e20e862cdeaf05d3b7ae9954d1ee528f4fb5

HTTP Headers

GET /wp-content/uploads/2022/04/tied-and-raped-380x214.jpg HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/jpeg
content-length: 10005
last-modified: Sun, 05 Mar 2023 13:28:06 GMT
etag: "640498e6-2715"
expires: Sun, 27 Oct 2024 19:24:48 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 274436
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H4XLsvqzFYfzEa0XvLAGTKGQnmw8ksXl7kVhIn%2FHcVYShsPxijpXxY6TX8x%2F4AADklx0xBPwq%2F%2BoExPJK9dmGkfM%2Fr5H1pxUVttt%2BfViGhDuP3eHTz%2B0EsXzG3uNNYrnoIvx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161aabba1c0a-OSL
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/uploads/2023/09/rich-whore-gets-what-she-deserves-in-prison-380x214.jpg

172.67.164.165

200 OK

13 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2023/09/rich-whore-gets-what-she-deserves-in-prison-380x214.jpg
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 380x214, components 3
Size
13 kB (12655 bytes)
Hash
6f4270d03435caf163eefd4d58b2aab9
87af80d971dd8f82151c478e6eb0018df16e1b50
9bfffad4c2933b351b4c7ec93beda05034dbf8ecf51b93074a2cb4a020e53ef8

HTTP Headers

GET /wp-content/uploads/2023/09/rich-whore-gets-what-she-deserves-in-prison-380x214.jpg HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/jpeg
content-length: 12655
last-modified: Fri, 01 Sep 2023 05:37:55 GMT
etag: "64f178b3-316f"
expires: Sun, 27 Oct 2024 19:08:16 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 275428
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E%2F4E9b%2Fyvza9WWYKitY%2BuxyorAqg8Vg2i2WEEzg3ZdGD1JgZnyBupA7PRLU9ztGG1Cu4UmLbAGazoomOSPAgoLLM07%2BEFJPm9zsIRm8jERVb23EaPILzYSeb05y6lj2zFR%2Fc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161aabbc1c0a-OSL
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/uploads/2024/05/ioana-bugarin-rape-miracle-2021-380x214.jpg

172.67.164.165

200 OK

7.7 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2024/05/ioana-bugarin-rape-miracle-2021-380x214.jpg
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 380x214, components 3
Size
7.7 kB (7655 bytes)
Hash
4dbc2276c4499db568c303ab798116fd
a76458c991bb802ab3a1e4572b9c3bbf4eaf10ca
b34add35c6de3e38fd5e87788114fc08cb8a1417f8dfb1cc085b92254dda88a4

HTTP Headers

GET /wp-content/uploads/2024/05/ioana-bugarin-rape-miracle-2021-380x214.jpg HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/jpeg
content-length: 7655
last-modified: Wed, 01 May 2024 20:41:46 GMT
etag: "6632a90a-1de7"
expires: Mon, 28 Oct 2024 22:31:50 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 176814
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ScGGUaiFS9Ab8MD%2Fyx8CBzmSdmubicTNY%2FtwgYh9hGUS%2FbGvZYLqL8HlaqrRAos3ML1ZobRrH5jD5r%2FF1NhtnlrSBPqnvOqKDsOYjgl8gs521wKKPmj%2FfY7GRFy5Wm5SZJnf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161aabbe1c0a-OSL
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/uploads/2023/12/cinzia-bonfantini-rape-in-front-of-husband-lultimo-guerriero-aka-the-final-executioner-380x214.jpg

172.67.164.165

200 OK

14 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2023/12/cinzia-bonfantini-rape-in-front-of-husband-lultimo-guerriero-aka-the-final-executioner-380x214.jpg
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 380x214, components 3
Size
14 kB (13558 bytes)
Hash
1ee86f7b7db075cc8f6e1b79b60b7fa1
a8b9bd935394618a1785772c186f3d24e7b02d58
23b2c37cadc859bff036dbf032e32fa359a15a6f9254005f97ff19166f14010c

HTTP Headers

GET /wp-content/uploads/2023/12/cinzia-bonfantini-rape-in-front-of-husband-lultimo-guerriero-aka-the-final-executioner-380x214.jpg HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/jpeg
content-length: 13558
last-modified: Fri, 08 Dec 2023 00:54:27 GMT
etag: "65726943-34f6"
expires: Sun, 27 Oct 2024 18:42:12 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 276992
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8kGgY7Qhf9Ge%2BwpGrbj2hpPodXIO5xm8GkM6S0b85t2jD3E0qZmPjShm1WtHv25k%2FpvPmem6JvkjlFdprL5F1TCigAd%2FL8jtRT%2Bsqp7eFei1btUCBfNvliNzvsINmTMId%2BCd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161aabc01c0a-OSL
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/uploads/2023/01/nephew-wants-his-hot-aunt-380x214.jpg

172.67.164.165

200 OK

9.2 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2023/01/nephew-wants-his-hot-aunt-380x214.jpg
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 380x214, components 3
Size
9.2 kB (9213 bytes)
Hash
a741361f69f1060a31701d2c7a93d317
46087a4848923b6236ded32e09ffcf2a5c6775c9
92782b7bd8942703bc5aff0ef92fba70fce06149641bb140758590f828459844

HTTP Headers

GET /wp-content/uploads/2023/01/nephew-wants-his-hot-aunt-380x214.jpg HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/jpeg
content-length: 9213
last-modified: Sun, 05 Mar 2023 13:07:07 GMT
etag: "640493fb-23fd"
expires: Sun, 27 Oct 2024 20:19:00 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 271184
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fl1UHqx9KGYGQQ86wslP%2FtSwTY51rWnXXWJRWaAEzHr5NZLkzlcmLD4oXYMxUVxTK9wUQee1NPi42F0dSyxFDeqQaQZX%2F39WgZxiNoCOP6cFbrxjdqjBKTTwsCV6LdGOtOyK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161aabc21c0a-OSL
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/uploads/2022/10/violent-spanking-scene-380x214.jpg

172.67.164.165

200 OK

11 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2022/10/violent-spanking-scene-380x214.jpg
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 380x214, components 3
Size
11 kB (10893 bytes)
Hash
eadb04a2061d89d3ca26515c699210a5
005a9f713fc8e2c88cba650e710f27b5ac6501e2
91931cd8d4bd0ad4f859b4ec791ac8366061783a53d5f3e3eaf0e49ef5a83643

HTTP Headers

GET /wp-content/uploads/2022/10/violent-spanking-scene-380x214.jpg HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/jpeg
content-length: 10893
last-modified: Sun, 05 Mar 2023 13:16:55 GMT
etag: "64049647-2a8d"
expires: Sun, 27 Oct 2024 18:44:09 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 276875
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j4G2jvP%2Fv3t1zksoZy0w7TLsASQMhx85jObYbKoFaGT16M4Y0sITHoRJZtQSKhHPl7qNrbOdGb8nBhGFT3TrZNv9bbLM4RUAd3kq62ijzRmY5hIk3gOTt1w5ipuY%2F%2BDfBwZQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161abbc61c0a-OSL
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/uploads/2022/10/virgin-teen-raped-380x214.jpg

172.67.164.165

200 OK

6.1 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2022/10/virgin-teen-raped-380x214.jpg
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 380x214, components 3
Size
6.1 kB (6068 bytes)
Hash
048ec036fb54768c33ec959744350188
6eaec7baff996a288b3d63c8be03d173d95129ce
61194bc4f11ce76994a47aa498ca82a001423ad6fb408a743b341cb6d219f712

HTTP Headers

GET /wp-content/uploads/2022/10/virgin-teen-raped-380x214.jpg HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/jpeg
content-length: 6068
last-modified: Sun, 05 Mar 2023 13:14:07 GMT
etag: "6404959f-17b4"
expires: Sun, 27 Oct 2024 17:30:41 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 281283
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tB00dJ2E%2FJq2vfquHXKtRsxcgVgzbv%2FKNqMyOotKCfxHSm3XpqQnBjtodYbfB45QIvF1EuhC4yUFIcO8howahyXsnhggR68MEjYCzCVCqmxudQQ5xMjVMhHHgaVfLLXgUwEM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161abbc31c0a-OSL
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/uploads/2022/08/anally-rape-by-husband-380x214.jpg

172.67.164.165

200 OK

9.3 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2022/08/anally-rape-by-husband-380x214.jpg
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 380x214, components 3
Size
9.3 kB (9270 bytes)
Hash
ccc619ebdf442bf9541c98f8dc3ff065
643d062b786952ac208a2fe5bb3da802f070266d
c468f2d56c486de5d6017877ec931f3a87cbe511d398f84e4871f04ff3b3db08

HTTP Headers

GET /wp-content/uploads/2022/08/anally-rape-by-husband-380x214.jpg HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/jpeg
content-length: 9270
last-modified: Sun, 05 Mar 2023 13:20:20 GMT
etag: "64049714-2436"
expires: Sun, 27 Oct 2024 18:44:10 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 276874
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B19zBWS72rkdK0CzPDi39DhxO7gpSosbObZ7kRIJwu61SVItZmx%2FLrMUpU%2BDNlDDd9d2tJZKQDQf0EaBBSZfNy2er5XoyYXs5g3UGSTqE72%2BjyXvqaLqRh3zDu5CZxna0gp9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161abbc81c0a-OSL
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/uploads/2024/01/man-raped-by-transexual-380x214.jpg

172.67.164.165

200 OK

14 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2024/01/man-raped-by-transexual-380x214.jpg
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 380x214, components 3
Size
14 kB (13730 bytes)
Hash
8c2e12265557654a50a8d2bdde7c741d
459483143cdec7004afed9800764812920bf7d11
39ecf8c639593021d06c48006c3f3ed47b65be19809c68399fa752812508ae0f

HTTP Headers

GET /wp-content/uploads/2024/01/man-raped-by-transexual-380x214.jpg HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/jpeg
content-length: 13730
last-modified: Wed, 31 Jan 2024 11:40:10 GMT
etag: "65ba319a-35a2"
expires: Sun, 27 Oct 2024 18:44:09 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 276875
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oA%2FZ7T%2Bux4tOtsH71mmJ2zQUZsTBeNXwkSvpHXvoK%2FWW%2FImkqikjZFymUPsDVHBzoqVtRxXV0p%2BY7xF9bwIdpI1%2F0IVQeZ3%2BBcY6KDRv2sLsC8kiWZPWmi7bEzjif4SUDUKm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161abbc71c0a-OSL
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/uploads/2022/01/oneway-380x214.jpg

172.67.164.165

200 OK

9.6 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2022/01/oneway-380x214.jpg
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 380x214, components 3
Size
9.6 kB (9621 bytes)
Hash
9fb698298d269c31204ac60a583d8b31
4df54d6237e18ee1466347cdc9ab39aaa0402c0b
6182e5002dd6567b4526f3cbc6d92328fbe21f889a70ad2b61e29a1bc15bb58a

HTTP Headers

GET /wp-content/uploads/2022/01/oneway-380x214.jpg HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/jpeg
content-length: 9621
last-modified: Sun, 05 Mar 2023 13:37:23 GMT
etag: "64049b13-2595"
expires: Sun, 27 Oct 2024 20:19:50 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 271134
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xHc9iP1NqUs%2BYrh8GwyO%2BOC834EqpWXLjYRSzHOaqCLR6YEuQYjJDWTRPYSlgmqPjH0JyUvEfopyQhfJg2CCmFAbweUdOXipWh8YINZXybZ9hv9rtP39Gujh0CbAxPZsiwnc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161abbc41c0a-OSL
alt-svc: h3=":443"; ma=86400

68aq8q352.com/solid.gif?z=2010857&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=675329744361984&eclog=0&im=1

212.117.190.210

200 OK

43 B

URL POST HTTP/2
68aq8q352.com/solid.gif?z=2010857&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=675329744361984&eclog=0&im=1
IP
212.117.190.210:443
ASN
#7979 SERVERS-COM

Requested by
https://forcedcinema.net/
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint0C:9E:BB:D9:DA:B8:74:37:CB:65:CD:13:B0:1B:DD:DF:B2:8F:61:74
ValiditySat, 27 Apr 2024 13:01:17 GMT - Wed, 23 Oct 2024 21:59:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /solid.gif?z=2010857&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=675329744361984&eclog=0&im=1 HTTP/1.1
Host: 68aq8q352.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://forcedcinema.net
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
set-cookie: UID=2405031838d9db5e3943d14d458379348c62; Path=/; Expires=Fri, 06 Jun 2025 23:38:44 GMT; Secure; SameSite=None
CHCK=1; Path=/; Expires=Fri, 06 Jun 2025 23:38:44 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

forcedcinema.net/wp-content/uploads/2023/03/fc-favicon-32.png

172.67.164.165

200 OK

2.7 kB

URL GET HTTP/3
forcedcinema.net/wp-content/uploads/2023/03/fc-favicon-32.png
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
2.7 kB (2652 bytes)
Hash
776482bc193bf07ba77825adc81ca881
ec4534959f4e2d51138bf43b3207e6154c0fca59
5b6a546b1a997b4aaaa81da6e31d8df24709cd0d32a72c6092eed41c12cce550

HTTP Headers

GET /wp-content/uploads/2023/03/fc-favicon-32.png HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: image/png
content-length: 2652
last-modified: Sun, 05 Mar 2023 09:30:33 GMT
etag: "64046139-a5c"
expires: Sun, 27 Oct 2024 20:12:41 GMT
cache-control: max-age=15552000
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 271563
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H4jMBiqTvlxcUH%2BOqzkqsKHTO5JOyWjZNMfWWiljHYya8BSAoUl%2F0NiGtiB0Phl3pJ%2Ft0br%2FU5KF9FV6um2hi64N3gcKY3hwFI6Rd%2FT5pMwCoYOr%2FpWeV9YE%2FA17VL4HvjZ8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161cacdb1c0a-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-Y0NEW6B0B0&l=dataLayer&cx=c

142.250.74.168

200 OK

98 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-Y0NEW6B0B0&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
98 kB (97871 bytes)
Hash
454dc6df1b9c507cf35ee5700adb7139
1ed1e0abd79170be8887d4849cf83261d323d79f
4ac15650d166109cbd12a91e179beec267a85c96dc461c3d0815880f9dc7618b

HTTP Headers

GET /gtag/js?id=G-Y0NEW6B0B0&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 03 May 2024 23:38:44 GMT
expires: Fri, 03 May 2024 23:38:44 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 97871
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

0afc4c07a9.9fbdc30642.com/5014ec36976a0c921ff879617422392b/164737?version_name=b

45.133.44.52

200 OK

1.4 kB

URL GET HTTP/2
0afc4c07a9.9fbdc30642.com/5014ec36976a0c921ff879617422392b/164737?version_name=b
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subject0afc4c07a9.9fbdc30642.com
Fingerprint9D:0F:4E:A7:C3:AC:A0:6E:EF:F4:56:62:CC:83:32:E6:02:20:E0:CB
ValidityTue, 30 Apr 2024 02:20:22 GMT - Mon, 29 Jul 2024 02:20:21 GMT

File type
JSON text data
Size
1.4 kB (1371 bytes)
Hash
b2fd95cf8035250ee25ec7b55793d54e
15fbd1dabbf1b14f92e8b38be14243d8ae75bb62
13cdae1ae3d16d6c69cff7bb6169b69a13bea04608cc9a215156d8ce3abd5525

HTTP Headers

GET /5014ec36976a0c921ff879617422392b/164737?version_name=b HTTP/1.1
Host: 0afc4c07a9.9fbdc30642.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://forcedcinema.net
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: application/json
content-length: 1371
server: nginx/1.18.0
cache-control: max-age=300
expires: Fri, 03 May 2024 23:43:44 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

js.capndr.com/advertising.js

45.133.44.53

200 OK

0 B

URL GET HTTP/2
js.capndr.com/advertising.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subjectjs.capndr.com
Fingerprint0D:30:A1:FB:7E:A0:EC:89:85:17:27:67:37:21:DA:E0:CB:E3:26:06
ValiditySun, 21 Apr 2024 03:00:41 GMT - Sat, 20 Jul 2024 03:00:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertising.js HTTP/1.1
Host: js.capndr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 14 Jul 2023 08:23:25 GMT
etag: "64b105fd-0"
expires: Fri, 03 May 2024 23:43:44 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

0afc4c07a9.9fbdc30642.com/79c7e8dad32f8bc2b158100c803052e7.js

45.133.44.52

200 OK

47 kB

URL GET HTTP/2
0afc4c07a9.9fbdc30642.com/79c7e8dad32f8bc2b158100c803052e7.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subject0afc4c07a9.9fbdc30642.com
Fingerprint9D:0F:4E:A7:C3:AC:A0:6E:EF:F4:56:62:CC:83:32:E6:02:20:E0:CB
ValidityTue, 30 Apr 2024 02:20:22 GMT - Mon, 29 Jul 2024 02:20:21 GMT

File type
gzip compressed data, from Unix
Size
47 kB (47037 bytes)
Hash
e90a66e431ad911d5e004d9f48b45a71
4f07875d8f3fa8dbaae7a57aa95dace92a10fb0c
7995fc4248a5b43faccbea4d896fc790ef4273c2c9ab34f2cb19ac2e20863455

HTTP Headers

GET /79c7e8dad32f8bc2b158100c803052e7.js HTTP/1.1
Host: 0afc4c07a9.9fbdc30642.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 03 May 2024 23:38:45 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 25 Apr 2024 13:18:02 GMT
etag: W/"662a580a-29278"
content-encoding: gzip
expires: Fri, 03 May 2024 23:43:45 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=164737

157.90.84.242

204 No Content

0 B

URL OPTIONS HTTP/1.1
fp.metricswpsh.com/fp?tag_id=164737
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=164737 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://forcedcinema.net/
Origin: https://forcedcinema.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 03 May 2024 23:38:45 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://forcedcinema.net
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

2b6b88fc7b.a1bbcd100e.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMDA2MTYyMzc3ODQxMTc1MTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxNjQ3MzcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==

45.133.44.53

200 OK

0 B

URL GET HTTP/2
2b6b88fc7b.a1bbcd100e.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMDA2MTYyMzc3ODQxMTc1MTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxNjQ3MzcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subject2b6b88fc7b.a1bbcd100e.com
Fingerprint64:1D:A5:1D:1F:41:28:42:D3:AE:BA:C2:6B:8E:03:48:D1:46:28:08
ValidityTue, 30 Apr 2024 02:50:36 GMT - Mon, 29 Jul 2024 02:50:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMDA2MTYyMzc3ODQxMTc1MTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxNjQ3MzcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== HTTP/1.1
Host: 2b6b88fc7b.a1bbcd100e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://forcedcinema.net
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:38:45 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=164737

157.90.84.242

204 No Content

58 B

URL OPTIONS HTTP/1.1
fp.metricswpsh.com/fp?tag_id=164737
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type
JSON text data
Size
58 B (58 bytes)
Hash
87385fcd2a67fc74d2fa67366ba68ea2
a604cdbb1d31ce257e8643eee9219c9c724c200c
9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995

HTTP Headers

POST /fp?tag_id=164737 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1836
Origin: https://forcedcinema.net
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 03 May 2024 23:38:45 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://forcedcinema.net
Set-Cookie: id=5026191474031389143; Expires=Sat, 03 May 2025 23:38:45 GMT; Secure; SameSite=None
Vary: Origin

nereserv.com/in/dip?site=native-push&wl=1&event_id=e819a99a-a74b-4bb2-8cf2-0d1fe459485b&subid=1534263736&sid=750722425&spot_id=534258&created_at=2024-05-03&timezone=0&ver=8.159.0&is_native=1

157.90.84.246

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?site=native-push&wl=1&event_id=e819a99a-a74b-4bb2-8cf2-0d1fe459485b&subid=1534263736&sid=750722425&spot_id=534258&created_at=2024-05-03&timezone=0&ver=8.159.0&is_native=1
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=e819a99a-a74b-4bb2-8cf2-0d1fe459485b&subid=1534263736&sid=750722425&spot_id=534258&created_at=2024-05-03&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://forcedcinema.net
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 03 May 2024 23:38:45 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

43b71e837e.d8388cd984.com/in/multy

168.119.25.102

200 OK

0 B

URL POST HTTP/2
43b71e837e.d8388cd984.com/in/multy
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subjectd8388cd984.com
Fingerprint5C:36:8D:99:1A:7F:F6:92:44:F7:B8:16:AD:0F:53:77:A8:09:E9:AD
ValidityMon, 29 Apr 2024 14:01:57 GMT - Sun, 28 Jul 2024 14:01:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: 43b71e837e.d8388cd984.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://forcedcinema.net/
Origin: https://forcedcinema.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.18.0
date: Fri, 03 May 2024 23:38:45 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

64.233.164.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
64.233.164.84:443
ASN
#15169 GOOGLE

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:Kj_j1En-dpCjRoohhZNtC0jsHNgTpQ:VDPhd4pH4XXVfnip; Expires=Sun, 03-May-2026 23:38:45 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 23:38:45 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz7DaL_ElS4wuDI_9_eM7ZqtW0ds-wCUE8t7Bp9pXwfb6xxfarfjO6pGW4YXqf2b9b3c48-Vg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-MWqVzisQ0i2LHIdOejk42A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz7DaL_ElS4wuDI_9_eM7ZqtW0ds-wCUE8t7Bp9pXwfb6xxfarfjO6pGW4YXqf2b9b3c48-Vg

64.233.164.84

302 Found

428 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz7DaL_ElS4wuDI_9_eM7ZqtW0ds-wCUE8t7Bp9pXwfb6xxfarfjO6pGW4YXqf2b9b3c48-Vg
IP
64.233.164.84:443
ASN
#15169 GOOGLE

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type
HTML document, ASCII text, with very long lines (406)
Size
428 B (428 bytes)
Hash
d8762fa357e2eea3973133f0a3aa4edb
6b45f1d3f0f002edfc481de787c1ec0d5f36036a
55a6b6426d50a01757e18969f48d67a37918a667b38db2c779458953ffee136a

HTTP Headers

GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz7DaL_ElS4wuDI_9_eM7ZqtW0ds-wCUE8t7Bp9pXwfb6xxfarfjO6pGW4YXqf2b9b3c48-Vg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:KswVcf9cU65ncfrniSyDEuk5zPR-kA:NpivzqYTNYcEVAuF;Path=/;Expires=Sun, 03-May-2026 23:38:45 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 23:38:45 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwzaHBshXr-eidFKJH6JP5IxxHlkm1ykNYrrK-_2F2eRq1nSH77XIpx5hA_h5-BlA5yRHnmzw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1778042743%3A1714779525810022&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-k1rFxfux0KMD21BH_XfmRg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 428
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

43b71e837e.d8388cd984.com/in/multy

168.119.25.102

200 OK

4.2 kB

URL POST HTTP/2
43b71e837e.d8388cd984.com/in/multy
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subjectd8388cd984.com
Fingerprint5C:36:8D:99:1A:7F:F6:92:44:F7:B8:16:AD:0F:53:77:A8:09:E9:AD
ValidityMon, 29 Apr 2024 14:01:57 GMT - Sun, 28 Jul 2024 14:01:56 GMT

File type
JSON text data
Size
4.2 kB (4232 bytes)
Hash
a3722be97606098984f77d70bda155d0
d74f7bf01487543ac52824001722d9c956bfb3bc
5aa22ef1445715a535c5a1b9b02c202812c5c678c23a33ba811246dc8e2be07a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /in/multy HTTP/1.1
Host: 43b71e837e.d8388cd984.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 2464
Origin: https://forcedcinema.net
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 May 2024 23:38:46 GMT
content-type: application/json
content-length: 4232
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwzaHBshXr-eidFKJH6JP5IxxHlkm1ykNYrrK-_2F2eRq1nSH77XIpx5hA_h5-BlA5yRHnmzw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1778042743%3A1714779525810022&theme=mn&ddm=0

64.233.164.84

403 Forbidden

806 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwzaHBshXr-eidFKJH6JP5IxxHlkm1ykNYrrK-_2F2eRq1nSH77XIpx5hA_h5-BlA5yRHnmzw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1778042743%3A1714779525810022&theme=mn&ddm=0
IP
64.233.164.84:443
ASN
#15169 GOOGLE

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators
Size
806 B (806 bytes)
Hash
02bf714743d9a44493deb1ad571d74bf
0756dbbc0fedbfff4ed81f94c00de48f858bb696
27bbafb71f64b98588b9217a3c5b651c6c4ef7375cc095261d55ee219f07c69f

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwzaHBshXr-eidFKJH6JP5IxxHlkm1ykNYrrK-_2F2eRq1nSH77XIpx5hA_h5-BlA5yRHnmzw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1778042743%3A1714779525810022&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 23:38:45 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-nQlleIy91W7uzAo40jsFSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

43b71e837e.d8388cd984.com/in/show/?tag_ab=b&site_id=31534258&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fforcedcinema.net%2F&refdom=forcedcinema.net&auction_time=1714779525&subid=1534263736&sid=750722425&tcid=0&ver=8.159.0&ver_c=&spot_id=534258&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=teens,adult&user_fp=13734950386773246760&score=50.200738050705304&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1534263736%26spot_id%3D534258%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fforcedcinema.net%252F%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DVZIPT_y-YIg5t9YlKEANI1cyjKaE-DATOt-iVr-aXT8xQlro4VBnwCS_hLyEiR46yyEQ-TdOqwanqd4OBBan3YszigA1GqX3pz2AvZMsmswY3kp9fLYsisHKXrh1xUrJYgbqWuyS9D7scKQeh-cQCPB416nCdO2ZZwwBvQMGd2FFA6ofHkJwzFf2Q3j64-QoJVln4bDuIWBANQpIqgtJixrnOfU0NGitbIWZLx98n6gNj9xbTyGOhTX5uKqUjU7UxbndvnEkc-DVYTlrKc2pcMraKNbJgJWu-nRMb5DoQSE9Fo7Hu9jpxOUp_CN90nw5NHSPDHY387npvY1EdwaScvO0r84Zfy_pJeVB_6l80_YIZc90SU7zXv4sdk8wXVy5y6Zhz4IQ_GxWNveEkFGyVi5v-ptqVi0g2NEGIlTuYTPzhR88L51O6lCyM09pxcyy4m45UR-X3tNeh293ZTJVcQm09VXWcttwkzROTAMaNiAcY11t_U76CCikGtqoy3bUaEkS_TzIRAESvTyrJmZm2-OpcPGKywXN-9FLh_XqStXGc80h8xxWSUCdL2yvCMZ9bHcQkBRr&icons=_KDT2Bwx79a0vQrMI5SnfLlTDKgQq679QNbQZq_ty6x6gfAY7txEANQ8M__1-q8xllE5rIJoU5Y4yuN5cAVOwOHl7y0KG2OFfeyhf255sqfyffVFH9Sa_11-OPF6WSK2Eqyt5xiLGuXlR-cEypn89gu-ywd0lyQk1VeSFNG8PJ6JBZGXfRlRkC4dv8bgn07xgFD5Liy1xbpM0nqJp6JNERJY4-rFgfcIS62cnQPmyYUpY7fqv-D0wQmJrskuzZgrK4ibpq2BLnISU5YQyJK0W6O6pA1l4stxTfjuxw-Ieu5YbxB124ZnAAsPBLZNOks5fm2mbox5DZJ_X2BiN7kTea663fdKSmqES010_aP7XWrhJZiZ6QaX3COmsKMLmNyXYSZdqlQgAydhtoRLCy1kbqGzXYD3U4SQ4Dp-frLXVrZfg3O3a4THVPkP2xqUtXPXjJ4z2iQDLgAFLO5LXJ86KDWrhP0sxuPoSs59sBJohy6yvlzUfVDgIs7iuGwMMeiw4qzHk1ve8ZAUc4hIKAkEA4SLip_etCK4AnIzJ-07G4A0wl-jsB-LSlRIFAbcPlBzht5hd_rUP52ZnNk7ZadZOgIETrmuCpCX-Z-CjFqx86rlatLIZqll2TjJrvEbIXF9B0HmfYphgkvrz0s6WBKqlf-jz4jGNBz00e24HGMjKhT9F1xBdeIgm7SuuALpBB5FQA&ext_cid=0&px_id=31534258&min_cpm=0.07522242545087786&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=511063008595097268&skin_id=2&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.11310434284586976&cpm=0&verify_hash=35175e51fa4608f467a874cfe910a7b1&is_native=1&real_bid=0.0032313749939203123&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=11,93,101,4&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1714837125&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F68957372%2F551817_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-11-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.02&cpa=f9ed8b47-4a27-4a56-90ae-4a8e01f7877d&prev_step_diff=734

168.119.25.102

200 OK

0 B

URL GET HTTP/2
43b71e837e.d8388cd984.com/in/show/?tag_ab=b&site_id=31534258&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fforcedcinema.net%2F&refdom=forcedcinema.net&auction_time=1714779525&subid=1534263736&sid=750722425&tcid=0&ver=8.159.0&ver_c=&spot_id=534258&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=teens,adult&user_fp=13734950386773246760&score=50.200738050705304&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1534263736%26spot_id%3D534258%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fforcedcinema.net%252F%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DVZIPT_y-YIg5t9YlKEANI1cyjKaE-DATOt-iVr-aXT8xQlro4VBnwCS_hLyEiR46yyEQ-TdOqwanqd4OBBan3YszigA1GqX3pz2AvZMsmswY3kp9fLYsisHKXrh1xUrJYgbqWuyS9D7scKQeh-cQCPB416nCdO2ZZwwBvQMGd2FFA6ofHkJwzFf2Q3j64-QoJVln4bDuIWBANQpIqgtJixrnOfU0NGitbIWZLx98n6gNj9xbTyGOhTX5uKqUjU7UxbndvnEkc-DVYTlrKc2pcMraKNbJgJWu-nRMb5DoQSE9Fo7Hu9jpxOUp_CN90nw5NHSPDHY387npvY1EdwaScvO0r84Zfy_pJeVB_6l80_YIZc90SU7zXv4sdk8wXVy5y6Zhz4IQ_GxWNveEkFGyVi5v-ptqVi0g2NEGIlTuYTPzhR88L51O6lCyM09pxcyy4m45UR-X3tNeh293ZTJVcQm09VXWcttwkzROTAMaNiAcY11t_U76CCikGtqoy3bUaEkS_TzIRAESvTyrJmZm2-OpcPGKywXN-9FLh_XqStXGc80h8xxWSUCdL2yvCMZ9bHcQkBRr&icons=_KDT2Bwx79a0vQrMI5SnfLlTDKgQq679QNbQZq_ty6x6gfAY7txEANQ8M__1-q8xllE5rIJoU5Y4yuN5cAVOwOHl7y0KG2OFfeyhf255sqfyffVFH9Sa_11-OPF6WSK2Eqyt5xiLGuXlR-cEypn89gu-ywd0lyQk1VeSFNG8PJ6JBZGXfRlRkC4dv8bgn07xgFD5Liy1xbpM0nqJp6JNERJY4-rFgfcIS62cnQPmyYUpY7fqv-D0wQmJrskuzZgrK4ibpq2BLnISU5YQyJK0W6O6pA1l4stxTfjuxw-Ieu5YbxB124ZnAAsPBLZNOks5fm2mbox5DZJ_X2BiN7kTea663fdKSmqES010_aP7XWrhJZiZ6QaX3COmsKMLmNyXYSZdqlQgAydhtoRLCy1kbqGzXYD3U4SQ4Dp-frLXVrZfg3O3a4THVPkP2xqUtXPXjJ4z2iQDLgAFLO5LXJ86KDWrhP0sxuPoSs59sBJohy6yvlzUfVDgIs7iuGwMMeiw4qzHk1ve8ZAUc4hIKAkEA4SLip_etCK4AnIzJ-07G4A0wl-jsB-LSlRIFAbcPlBzht5hd_rUP52ZnNk7ZadZOgIETrmuCpCX-Z-CjFqx86rlatLIZqll2TjJrvEbIXF9B0HmfYphgkvrz0s6WBKqlf-jz4jGNBz00e24HGMjKhT9F1xBdeIgm7SuuALpBB5FQA&ext_cid=0&px_id=31534258&min_cpm=0.07522242545087786&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=511063008595097268&skin_id=2&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.11310434284586976&cpm=0&verify_hash=35175e51fa4608f467a874cfe910a7b1&is_native=1&real_bid=0.0032313749939203123&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=11,93,101,4&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1714837125&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F68957372%2F551817_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-11-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.02&cpa=f9ed8b47-4a27-4a56-90ae-4a8e01f7877d&prev_step_diff=734
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subjectd8388cd984.com
Fingerprint5C:36:8D:99:1A:7F:F6:92:44:F7:B8:16:AD:0F:53:77:A8:09:E9:AD
ValidityMon, 29 Apr 2024 14:01:57 GMT - Sun, 28 Jul 2024 14:01:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31534258&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fforcedcinema.net%2F&refdom=forcedcinema.net&auction_time=1714779525&subid=1534263736&sid=750722425&tcid=0&ver=8.159.0&ver_c=&spot_id=534258&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=teens,adult&user_fp=13734950386773246760&score=50.200738050705304&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1534263736%26spot_id%3D534258%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fforcedcinema.net%252F%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DVZIPT_y-YIg5t9YlKEANI1cyjKaE-DATOt-iVr-aXT8xQlro4VBnwCS_hLyEiR46yyEQ-TdOqwanqd4OBBan3YszigA1GqX3pz2AvZMsmswY3kp9fLYsisHKXrh1xUrJYgbqWuyS9D7scKQeh-cQCPB416nCdO2ZZwwBvQMGd2FFA6ofHkJwzFf2Q3j64-QoJVln4bDuIWBANQpIqgtJixrnOfU0NGitbIWZLx98n6gNj9xbTyGOhTX5uKqUjU7UxbndvnEkc-DVYTlrKc2pcMraKNbJgJWu-nRMb5DoQSE9Fo7Hu9jpxOUp_CN90nw5NHSPDHY387npvY1EdwaScvO0r84Zfy_pJeVB_6l80_YIZc90SU7zXv4sdk8wXVy5y6Zhz4IQ_GxWNveEkFGyVi5v-ptqVi0g2NEGIlTuYTPzhR88L51O6lCyM09pxcyy4m45UR-X3tNeh293ZTJVcQm09VXWcttwkzROTAMaNiAcY11t_U76CCikGtqoy3bUaEkS_TzIRAESvTyrJmZm2-OpcPGKywXN-9FLh_XqStXGc80h8xxWSUCdL2yvCMZ9bHcQkBRr&icons=_KDT2Bwx79a0vQrMI5SnfLlTDKgQq679QNbQZq_ty6x6gfAY7txEANQ8M__1-q8xllE5rIJoU5Y4yuN5cAVOwOHl7y0KG2OFfeyhf255sqfyffVFH9Sa_11-OPF6WSK2Eqyt5xiLGuXlR-cEypn89gu-ywd0lyQk1VeSFNG8PJ6JBZGXfRlRkC4dv8bgn07xgFD5Liy1xbpM0nqJp6JNERJY4-rFgfcIS62cnQPmyYUpY7fqv-D0wQmJrskuzZgrK4ibpq2BLnISU5YQyJK0W6O6pA1l4stxTfjuxw-Ieu5YbxB124ZnAAsPBLZNOks5fm2mbox5DZJ_X2BiN7kTea663fdKSmqES010_aP7XWrhJZiZ6QaX3COmsKMLmNyXYSZdqlQgAydhtoRLCy1kbqGzXYD3U4SQ4Dp-frLXVrZfg3O3a4THVPkP2xqUtXPXjJ4z2iQDLgAFLO5LXJ86KDWrhP0sxuPoSs59sBJohy6yvlzUfVDgIs7iuGwMMeiw4qzHk1ve8ZAUc4hIKAkEA4SLip_etCK4AnIzJ-07G4A0wl-jsB-LSlRIFAbcPlBzht5hd_rUP52ZnNk7ZadZOgIETrmuCpCX-Z-CjFqx86rlatLIZqll2TjJrvEbIXF9B0HmfYphgkvrz0s6WBKqlf-jz4jGNBz00e24HGMjKhT9F1xBdeIgm7SuuALpBB5FQA&ext_cid=0&px_id=31534258&min_cpm=0.07522242545087786&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=511063008595097268&skin_id=2&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.11310434284586976&cpm=0&verify_hash=35175e51fa4608f467a874cfe910a7b1&is_native=1&real_bid=0.0032313749939203123&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=11,93,101,4&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1714837125&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F68957372%2F551817_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-11-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.02&cpa=f9ed8b47-4a27-4a56-90ae-4a8e01f7877d&prev_step_diff=734 HTTP/1.1
Host: 43b71e837e.d8388cd984.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 May 2024 23:38:46 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.02&cpa=09d7b26a-3979-4e90-9deb-61c8c5094c84&prev_step_diff=735

45.133.44.24

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.02&cpa=09d7b26a-3979-4e90-9deb-61c8c5094c84&prev_step_diff=735
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.02&cpa=09d7b26a-3979-4e90-9deb-61c8c5094c84&prev_step_diff=735 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:38:46 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sat, 03 May 2025 23:38:46 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp

45.133.44.24

200 OK

1.1 kB

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.1 kB (1066 bytes)
Hash
2a11e13b2bd67bb9a6cb347d7c73df13
b85460a33f9b229f42c08a6a94ae433a4d5c32ab
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:38:46 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sat, 03 May 2025 23:38:46 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

68aq8q352.com/aas/r45d/vki/2010857/3dba8911.js

212.117.190.210

200 OK

46 kB

URL GET HTTP/2
68aq8q352.com/aas/r45d/vki/2010857/3dba8911.js
IP
212.117.190.210:443
ASN
#7979 SERVERS-COM

Requested by
https://forcedcinema.net/
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint0C:9E:BB:D9:DA:B8:74:37:CB:65:CD:13:B0:1B:DD:DF:B2:8F:61:74
ValiditySat, 27 Apr 2024 13:01:17 GMT - Wed, 23 Oct 2024 21:59:00 GMT

File type
gzip compressed data, max speed, from Unix
Size
46 kB (45881 bytes)
Hash
e5f35bdf94375a5b577f39d96aaca3d0
f364a8d886760920f631319c2a7df42a45b4a6ed
31a185bb80b6399ac5811e8f17a8dc3347b756065b8d587bc7c336d48cabf6af

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aas/r45d/vki/2010857/3dba8911.js HTTP/1.1
Host: 68aq8q352.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 23:38:44 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 17:06:20 GMT
vary: Accept-Encoding
etag: W/"662a8d8c-1a022"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

imgsdn.com/ie?v=4&c=54bgVYWDiCkVv82_er03GcaRWrOHsp1dWI7FrPUtqvjkK24brgWMIHGRmLEtYq94xrgWn1nPSQ0V0jZWa_L74wha-WXTGeZ5JjVzkmLRg0Ic8xYaedsxTmFQrhSx6uTnzgse9SdMN6nWeQnL4wq5qXNE5Mkm24ZbiZzpL4QbsulTCQdPxAE6hZb8I3mUqmKnNs6rXtmbop6PquWx2Pgiqf4QuM9Rus9_PRzQmz83bAWCaILmQmQliy4Cac_bEHxAp-MEuUITqM-kjCpUSIer7kYLYE9vAUa8JAl_BskSzRXhhpvbjq3FY6Xi7sYVY3Jbby3mKqNEfJCyX4wjl0laKOE8bsAHe9tnmtRnFs8uw2GrtZicz1p8SUSbhInOH6KzZG1z7H3FUaKLa5Vk61Xc3aDyISngicf4dlsDbrXi-eXqeZFiPzPmNOHYHSvb&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.02&cpa=26d3468e-7928-4547-abb8-87b8520aa3b4&prev_step_diff=734

162.55.246.161

301 Moved Permanently

0 B

URL GET HTTP/1.1
imgsdn.com/ie?v=4&c=54bgVYWDiCkVv82_er03GcaRWrOHsp1dWI7FrPUtqvjkK24brgWMIHGRmLEtYq94xrgWn1nPSQ0V0jZWa_L74wha-WXTGeZ5JjVzkmLRg0Ic8xYaedsxTmFQrhSx6uTnzgse9SdMN6nWeQnL4wq5qXNE5Mkm24ZbiZzpL4QbsulTCQdPxAE6hZb8I3mUqmKnNs6rXtmbop6PquWx2Pgiqf4QuM9Rus9_PRzQmz83bAWCaILmQmQliy4Cac_bEHxAp-MEuUITqM-kjCpUSIer7kYLYE9vAUa8JAl_BskSzRXhhpvbjq3FY6Xi7sYVY3Jbby3mKqNEfJCyX4wjl0laKOE8bsAHe9tnmtRnFs8uw2GrtZicz1p8SUSbhInOH6KzZG1z7H3FUaKLa5Vk61Xc3aDyISngicf4dlsDbrXi-eXqeZFiPzPmNOHYHSvb&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.02&cpa=26d3468e-7928-4547-abb8-87b8520aa3b4&prev_step_diff=734
IP
162.55.246.161:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subjectnimrute.com
FingerprintFE:11:FD:FB:69:FC:E9:22:01:AE:4B:9D:F5:85:C9:1C:FF:4D:44:D4
ValidityMon, 12 Feb 2024 14:13:04 GMT - Sun, 12 May 2024 14:13:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ie?v=4&c=54bgVYWDiCkVv82_er03GcaRWrOHsp1dWI7FrPUtqvjkK24brgWMIHGRmLEtYq94xrgWn1nPSQ0V0jZWa_L74wha-WXTGeZ5JjVzkmLRg0Ic8xYaedsxTmFQrhSx6uTnzgse9SdMN6nWeQnL4wq5qXNE5Mkm24ZbiZzpL4QbsulTCQdPxAE6hZb8I3mUqmKnNs6rXtmbop6PquWx2Pgiqf4QuM9Rus9_PRzQmz83bAWCaILmQmQliy4Cac_bEHxAp-MEuUITqM-kjCpUSIer7kYLYE9vAUa8JAl_BskSzRXhhpvbjq3FY6Xi7sYVY3Jbby3mKqNEfJCyX4wjl0laKOE8bsAHe9tnmtRnFs8uw2GrtZicz1p8SUSbhInOH6KzZG1z7H3FUaKLa5Vk61Xc3aDyISngicf4dlsDbrXi-eXqeZFiPzPmNOHYHSvb&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.02&cpa=26d3468e-7928-4547-abb8-87b8520aa3b4&prev_step_diff=734 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 03 May 2024 23:38:46 GMT
content-length: 0
location: https://img.vmmcdn.com/get/5547812/551817_icon.png
x-app-id: 11

img.vmmcdn.com/get/68957372/551817_image.jpg

138.201.51.142

200 OK

12 kB

URL GET HTTP/1.1
img.vmmcdn.com/get/68957372/551817_image.jpg
IP
138.201.51.142:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subjectimg.vmmcdn.com
FingerprintA8:37:00:E2:01:F9:B8:25:04:DA:47:64:57:0E:0B:64:E3:8A:0B:C7
ValidityFri, 12 Apr 2024 20:58:24 GMT - Thu, 11 Jul 2024 20:58:23 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3
Size
12 kB (12075 bytes)
Hash
ee921bcd225785444d8ab128ca1d0941
e92f5588c738df6912e3658d883aeb66b486560b
4da4a312766a4b2e3cb69b5d7188a4b073e757ae350687ac22b3dfa81fccf15c

HTTP Headers

GET /get/68957372/551817_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 03 May 2024 23:38:46 GMT
Content-Type: image/jpeg
Content-Length: 12075
Connection: keep-alive
Last-Modified: Wed, 27 Mar 2024 08:33:26 GMT
Cache-Control: public, max-age=604800
ETag: "6603d9d6-2f2b"
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Request-Headers: x-requested-with
Access-Control-Allow-Headers: x-requested-with
Accept-Ranges: bytes

img.vmmcdn.com/get/5547812/551817_icon.png

138.201.51.142

200 OK

25 kB

URL GET HTTP/1.1
img.vmmcdn.com/get/5547812/551817_icon.png
IP
138.201.51.142:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subjectimg.vmmcdn.com
FingerprintA8:37:00:E2:01:F9:B8:25:04:DA:47:64:57:0E:0B:64:E3:8A:0B:C7
ValidityFri, 12 Apr 2024 20:58:24 GMT - Thu, 11 Jul 2024 20:58:23 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
25 kB (25410 bytes)
Hash
883783cd48dc393c2392934e24de3541
0ce725f07cc64b22ce1f2c2c39319223e77efe73
56c61149f8e44313af0ebe436c53911aecf9131b08c1fbb434b69bf562bccf48

HTTP Headers

GET /get/5547812/551817_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 03 May 2024 23:38:46 GMT
Content-Type: image/png
Content-Length: 25410
Connection: keep-alive
Last-Modified: Wed, 27 Mar 2024 08:33:26 GMT
Cache-Control: public, max-age=604800
ETag: "6603d9d6-6342"
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Request-Headers: x-requested-with
Access-Control-Allow-Headers: x-requested-with
Accept-Ranges: bytes

storage.multstorage.com/log/count.html

104.21.30.242

200 OK

9.3 kB

URL GET HTTP/2
storage.multstorage.com/log/count.html
IP
104.21.30.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectmultstorage.com
Fingerprint63:F0:24:29:21:22:E5:42:33:61:B5:20:05:1B:EF:36:81:F5:7B:0A
ValiditySun, 17 Mar 2024 08:38:54 GMT - Sat, 15 Jun 2024 08:38:53 GMT

File type
HTML document, ASCII text, with very long lines (700)
Size
9.3 kB (9321 bytes)
Hash
b728ca9cd183d1b7c3f72116b19b22a3
c1fd73f6b02cf00b8bc60b09cc99495e8494b739
8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:38:45 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: eda9bd8f57b9b95b7b1a77484886d50b
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BNmkUnFps%2B89E5v68d6HfFpzv8uDy9zFU9v5%2BUvvGis5Q4VuNM874zslpqBCA6AdfHPbjXvIaeoZlm4Qlw74%2BbKtNyrjnUEN5%2BJG99VmsNkb%2BAKFdXGUKzk%2BqQtvi3HIVZdMUktBCzJKMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4161f7a6456c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

forcedcinema.net/wp-content/themes/retrotube/assets/js/main.min.js?ver=1.7.3.8.1678187099

172.67.164.165

200 OK

23 kB

URL GET HTTP/3
forcedcinema.net/wp-content/themes/retrotube/assets/js/main.min.js?ver=1.7.3.8.1678187099
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JavaScript source, ASCII text, with very long lines (21150)
Size
23 kB (23381 bytes)
Hash
8de56c63db67ac6f625626e3ac7d8058
cb39c1b23507d92581313fed89464a371db4864d
2d7c51907ce47714099833dcb138ec307f1761c4aeaee160e51cee8fe12af364

HTTP Headers

GET /wp-content/themes/retrotube/assets/js/main.min.js?ver=1.7.3.8.1678187099 HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: application/javascript
last-modified: Tue, 07 Mar 2023 11:04:59 GMT
vary: Accept-Encoding
etag: W/"64071a5b-5b55"
expires: Sun, 27 Oct 2024 18:39:35 GMT
cache-control: max-age=15552000
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 277149
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W2ifdqZvR7XzJ%2FrmSZXEYPH641r%2FZL05xts63Au3zjXtpm8pViCkmmoi5hX0k8wQSeC4MkZISnkLoC0Vyo0AH4e01MqaP4F3ArKp%2B5PRcXOUoWusZpnxoIP6JL9T7vZdzRpn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e416190b1b1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

68aq8q352.com/get/2010857?zoneid=2010857&jp=_cl9k4p5rkb8v7orahzuzd1&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=675329744361984&eclog=0&im=1&uf=0

212.117.190.210

200 OK

3.0 kB

URL GET HTTP/2
68aq8q352.com/get/2010857?zoneid=2010857&jp=_cl9k4p5rkb8v7orahzuzd1&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=675329744361984&eclog=0&im=1&uf=0
IP
212.117.190.210:443
ASN
#7979 SERVERS-COM

Requested by
https://forcedcinema.net/
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint0C:9E:BB:D9:DA:B8:74:37:CB:65:CD:13:B0:1B:DD:DF:B2:8F:61:74
ValiditySat, 27 Apr 2024 13:01:17 GMT - Wed, 23 Oct 2024 21:59:00 GMT

File type
ASCII text, with very long lines (3330), with no line terminators
Size
3.0 kB (2994 bytes)
Hash
627de6048544d438882189f254198810
fabcd271e04d37825667bbe879ec715d243f32b0
8ee82ac6f50a6db58d47550d3f415062a91ffac784edf02788405a85b951647e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /get/2010857?zoneid=2010857&jp=_cl9k4p5rkb8v7orahzuzd1&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=675329744361984&eclog=0&im=1&uf=0 HTTP/1.1
Host: 68aq8q352.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 23:38:44 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Fri, 06 Jun 2025 23:38:44 GMT; Secure; SameSite=None
UID=240503183861310b745e5d47f5ac5d45985e; Path=/; Expires=Fri, 06 Jun 2025 23:38:44 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

forcedcinema.net/wp-includes/css/classic-themes.min.css?ver=1

172.67.164.165

200 OK

217 B

URL GET HTTP/3
forcedcinema.net/wp-includes/css/classic-themes.min.css?ver=1
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
ASCII text, with no line terminators
Size
217 B (217 bytes)
Hash
723bbab25ceea9dadba405ab02269a2d
ca26599ff3d31e01e2215965e790ec4f270c0343
18aa9922624232656ab2f2239fa490a6b75e3e99bbdfff63f95a4b7ec376834d

HTTP Headers

GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: text/css
last-modified: Mon, 13 Mar 2023 08:19:02 GMT
etag: W/"640edc76-d9"
expires: Sun, 27 Oct 2024 16:18:30 GMT
cache-control: max-age=15552000
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 285614
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tOZuWkB74l%2F0Ko7dtR3AgkKHAJT7hQB7WqJ%2BBmGyq%2F82r%2FUZBCIzYQgv%2Ff%2FFh%2F%2FJepO1QhIeHGuMThSgBcOHIpJ5m7L9ie1jrtOKrhOfeRb0YsJ9XK3tpiJe91vsX%2FdRAy9b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41618fb0c1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

forcedcinema.net/

172.67.164.165

200 OK

105 kB

URL User Request GET HTTP/2
forcedcinema.net/
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type

Size
105 kB (105066 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:38:43 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
link: <https://forcedcinema.net/wp-json/>; rel="https://api.w.org/"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-cache: HIT From forcedcinema.net
cache-control: max-age=0
nginx-cache: HIT
last-modified: Friday, 03-May-2024 23:38:43 GMT
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MGXBapoafmr04DwMR5hUOvfv2P9COtSe144BMboinynjLluovNaOZuSn1%2F2JkaJy05qW3E7N1Jy%2BTnpdotGAYt2fCRIrNDxD3Yz9F0xzlZRwXn7GIPg6gde8PadeHhC4vSrI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e416168fbfb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

43b71e837e.d8388cd984.com/in/show/?tag_ab=b&site_id=31534258&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fforcedcinema.net%2F&refdom=forcedcinema.net&auction_time=1714779525&subid=1534263736&sid=750722425&tcid=0&ver=8.159.0&ver_c=&spot_id=534258&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=teens,adult&user_fp=13734950386773246760&score=50.200738050705304&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1534263736%26spot_id%3D534258%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fforcedcinema.net%252F%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1534263736%26spot_id%3D534258%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fforcedcinema.net%252F%26idzone%3D0%26sid%3D1886&icons=E4dQLd_ttFbNTk0AWgrgEiJNSqSgK4_GT9dFWLJFokXMqa3rS0ts-MS_5yrGLU75CIcm7apjOCfuVnDYfM3zZ0bess7maEgWYOSe_Yh3ewkhXnk7MlhfuizrvmgpxyfjnJkOuaXJ7stNL608c9Tii77TK7i8SipioMU3f1qlHsgOngwD-w&ext_cid=0&px_id=534258&min_cpm=0.17744957736454878&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=511063008595097268&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09918406422370428&cpm=0&verify_hash=50ab1710b0529b35e40867f3a2481604&is_native=4&real_bid=0.001201219413900741&original_bid_usd=0.002149094&original_bid=0.002149094&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002149094&hostname=auc-inpage-hz-11-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000021490939999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.02&cpa=f530ea42-d8dd-4553-82f6-cd95211ed848&prev_step_diff=735

168.119.25.102

200 OK

0 B

URL GET HTTP/2
43b71e837e.d8388cd984.com/in/show/?tag_ab=b&site_id=31534258&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fforcedcinema.net%2F&refdom=forcedcinema.net&auction_time=1714779525&subid=1534263736&sid=750722425&tcid=0&ver=8.159.0&ver_c=&spot_id=534258&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=teens,adult&user_fp=13734950386773246760&score=50.200738050705304&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1534263736%26spot_id%3D534258%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fforcedcinema.net%252F%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1534263736%26spot_id%3D534258%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fforcedcinema.net%252F%26idzone%3D0%26sid%3D1886&icons=E4dQLd_ttFbNTk0AWgrgEiJNSqSgK4_GT9dFWLJFokXMqa3rS0ts-MS_5yrGLU75CIcm7apjOCfuVnDYfM3zZ0bess7maEgWYOSe_Yh3ewkhXnk7MlhfuizrvmgpxyfjnJkOuaXJ7stNL608c9Tii77TK7i8SipioMU3f1qlHsgOngwD-w&ext_cid=0&px_id=534258&min_cpm=0.17744957736454878&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=511063008595097268&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09918406422370428&cpm=0&verify_hash=50ab1710b0529b35e40867f3a2481604&is_native=4&real_bid=0.001201219413900741&original_bid_usd=0.002149094&original_bid=0.002149094&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002149094&hostname=auc-inpage-hz-11-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000021490939999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.02&cpa=f530ea42-d8dd-4553-82f6-cd95211ed848&prev_step_diff=735
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subjectd8388cd984.com
Fingerprint5C:36:8D:99:1A:7F:F6:92:44:F7:B8:16:AD:0F:53:77:A8:09:E9:AD
ValidityMon, 29 Apr 2024 14:01:57 GMT - Sun, 28 Jul 2024 14:01:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31534258&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fforcedcinema.net%2F&refdom=forcedcinema.net&auction_time=1714779525&subid=1534263736&sid=750722425&tcid=0&ver=8.159.0&ver_c=&spot_id=534258&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=teens,adult&user_fp=13734950386773246760&score=50.200738050705304&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1534263736%26spot_id%3D534258%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fforcedcinema.net%252F%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1534263736%26spot_id%3D534258%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fforcedcinema.net%252F%26idzone%3D0%26sid%3D1886&icons=E4dQLd_ttFbNTk0AWgrgEiJNSqSgK4_GT9dFWLJFokXMqa3rS0ts-MS_5yrGLU75CIcm7apjOCfuVnDYfM3zZ0bess7maEgWYOSe_Yh3ewkhXnk7MlhfuizrvmgpxyfjnJkOuaXJ7stNL608c9Tii77TK7i8SipioMU3f1qlHsgOngwD-w&ext_cid=0&px_id=534258&min_cpm=0.17744957736454878&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=511063008595097268&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09918406422370428&cpm=0&verify_hash=50ab1710b0529b35e40867f3a2481604&is_native=4&real_bid=0.001201219413900741&original_bid_usd=0.002149094&original_bid=0.002149094&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002149094&hostname=auc-inpage-hz-11-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000021490939999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.02&cpa=f530ea42-d8dd-4553-82f6-cd95211ed848&prev_step_diff=735 HTTP/1.1
Host: 43b71e837e.d8388cd984.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 May 2024 23:38:46 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

0afc4c07a9.9fbdc30642.com/345572815f3b6726ddc5ccee20a9f4a8.js

45.133.44.52

200 OK

109 kB

URL GET HTTP/2
0afc4c07a9.9fbdc30642.com/345572815f3b6726ddc5ccee20a9f4a8.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subject0afc4c07a9.9fbdc30642.com
Fingerprint9D:0F:4E:A7:C3:AC:A0:6E:EF:F4:56:62:CC:83:32:E6:02:20:E0:CB
ValidityTue, 30 Apr 2024 02:20:22 GMT - Mon, 29 Jul 2024 02:20:21 GMT

File type

Size
109 kB (109340 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /345572815f3b6726ddc5ccee20a9f4a8.js HTTP/1.1
Host: 0afc4c07a9.9fbdc30642.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://forcedcinema.net
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 23 Apr 2024 09:45:19 GMT
etag: W/"6627832f-1ab1c"
content-encoding: gzip
expires: Fri, 03 May 2024 23:43:44 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

0afc4c07a9.9fbdc30642.com/0d8e53bb591d5ef2550211d14bd7c209.js

45.133.44.52

200 OK

470 kB

URL GET HTTP/2
0afc4c07a9.9fbdc30642.com/0d8e53bb591d5ef2550211d14bd7c209.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://forcedcinema.net/
Certificate
IssuerLet's Encrypt
Subject0afc4c07a9.9fbdc30642.com
Fingerprint9D:0F:4E:A7:C3:AC:A0:6E:EF:F4:56:62:CC:83:32:E6:02:20:E0:CB
ValidityTue, 30 Apr 2024 02:20:22 GMT - Mon, 29 Jul 2024 02:20:21 GMT

File type

Size
470 kB (470121 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /0d8e53bb591d5ef2550211d14bd7c209.js HTTP/1.1
Host: 0afc4c07a9.9fbdc30642.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:38:45 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 12:49:54 GMT
etag: W/"661e73f2-72c69"
content-encoding: gzip
expires: Fri, 03 May 2024 23:43:45 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

forcedcinema.net/wp-content/themes/retrotube/assets/js/skip-link-focus-fix.js?ver=1.0.0

172.67.164.165

200 OK

426 B

URL GET HTTP/3
forcedcinema.net/wp-content/themes/retrotube/assets/js/skip-link-focus-fix.js?ver=1.0.0
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JavaScript source, ASCII text, with very long lines (428), with no line terminators
Size
426 B (426 bytes)
Hash
e01bac902517921ed76abe5a3ec230df
c824331eb416223813e6abfe753568dd321b2ced
b821227c719f6f8c59596e23e16e8c6abb38132ce9708cb9ee48635594d85ca8

HTTP Headers

GET /wp-content/themes/retrotube/assets/js/skip-link-focus-fix.js?ver=1.0.0 HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: application/javascript
cache-control: max-age=15552000
cf-bgj: minify
cf-polished: origSize=683
etag: W/"6404200b-2ab"
expires: Sun, 27 Oct 2024 18:39:35 GMT
last-modified: Sun, 05 Mar 2023 04:52:27 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 277149
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hZ427X66%2BNFzs5x%2FXPqV2GMiucTLF1OdX7DpkhHTlhIunXt2ygPjWW4wxu2z3TpN7mJ%2BCE8LL02fyTEeNIn9liBDrnnEKRnaRpFV7NhBQb68AnZGkAgLiuHcmZxIHBxh6%2Fhg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e416190b1c1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.1

172.67.164.165

200 OK

90 kB

URL GET HTTP/3
forcedcinema.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89684 bytes)
Hash
17738318d61d394f1de8890d589afaec
f6d0c4dc1399cf02d53f5753ad46573a8bbc2ac3
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: application/javascript
last-modified: Mon, 13 Mar 2023 08:19:03 GMT
vary: Accept-Encoding
etag: W/"640edc77-15e54"
expires: Sun, 27 Oct 2024 16:18:30 GMT
cache-control: max-age=15552000
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 285614
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3LlyqzlJLSsLgiX7CUM%2FDf9%2BzZgVxN2DOplcZW0wEy9YHewSS55aJLfrorHSU77%2Bv4YPcHsuWGrPv87QESG1ajlXbhn4YNFdAiNv1AScdKu%2B2Ykjv6sBzHB8B10z4151eS%2B0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41618fb171c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/themes/retrotube/style.css?ver=1.7.3.8.1678016267

172.67.164.165

200 OK

53 kB

URL GET HTTP/3
forcedcinema.net/wp-content/themes/retrotube/style.css?ver=1.7.3.8.1678016267
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
ASCII text, with very long lines (52558), with no line terminators
Size
53 kB (52558 bytes)
Hash
3c24e682773ca847d742e14739e64c3b
685a4d53cf502d7c3717c084fc961ad9c5c92012
7fe40fd874469f2c48681e92c37e097148bef77918b6ed85ab5cacc46eedc571

HTTP Headers

GET /wp-content/themes/retrotube/style.css?ver=1.7.3.8.1678016267 HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: text/css
cache-control: max-age=15552000
cf-bgj: minify
cf-polished: origSize=53188
etag: W/"6422bb62-cfc4"
expires: Sun, 27 Oct 2024 16:18:30 GMT
last-modified: Tue, 28 Mar 2023 10:03:14 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cf-cache-status: HIT
age: 285614
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zwBnInya0vqm3usmXwubA%2B8U4Uk%2FxmHlh76%2B%2FyiSfnHJXJj07aTN2hL5WEB1Vr1ICsqdAr5rWy7x2deeuKo9Aq4VrTz%2B5ZAvGaETqPd8aRrySUQlD6j0%2BhhChMZwWMNDdrVN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41618fb101c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

forcedcinema.net/wp-content/themes/retrotube/assets/js/lazyload.js?ver=1.0.3

172.67.164.165

200 OK

5.8 kB

URL GET HTTP/3
forcedcinema.net/wp-content/themes/retrotube/assets/js/lazyload.js?ver=1.0.3
IP
172.67.164.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://forcedcinema.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectforcedcinema.net
Fingerprint7B:5A:5D:10:68:F9:D7:B7:F6:20:DE:95:6D:42:F6:19:6E:16:37:21
ValiditySun, 10 Mar 2024 02:44:14 GMT - Sat, 08 Jun 2024 02:44:13 GMT

File type
JavaScript source, ASCII text, with very long lines (5897), with no line terminators
Size
5.8 kB (5753 bytes)
Hash
df6d1e6c2c8f32d0d77c43c6498df5c4
24376f92d546b43949b30261656f2aa5e15657b5
5bb298cb36c3785b2a1d28ca6db6c30403eb7690c440dd4f3c25f6cbfeb3101b

HTTP Headers

GET /wp-content/themes/retrotube/assets/js/lazyload.js?ver=1.0.3 HTTP/1.1
Host: forcedcinema.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forcedcinema.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 03 May 2024 23:38:44 GMT
content-type: application/javascript
cache-control: max-age=15552000
cf-bgj: minify
cf-polished: origSize=5755
etag: W/"6410c2ed-167b"
expires: Sun, 27 Oct 2024 20:12:37 GMT
last-modified: Tue, 14 Mar 2023 18:54:37 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cf-cache-status: HIT
age: 271567
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TovQ2BAkfeeGPDrQ02OGUEttSAkXI6oz4veJiPxZmmLnGQWyoBcEtT20Ta5pCdcMPIZRjko0sYkcQnLO2Oh68wETlcmV1T%2Fy7RUGm%2B7WLQ4oL3vnFsnmoVwFrQPKz68d4h%2Bl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41618fb141c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (19)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML