Report - vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==

Report Overview

Submitted URL
vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
IP
172.67.199.60
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 23:27:50
Access
public
Website Title
[SallySubs] Mahouka Koukou no Rettousei - 01 [BD 1080p FLAC] [713722D5].mkv
Final URL
vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
vid142.site	unknown	2024-04-10	2024-04-10	2024-04-26	5.3 kB	802 kB	104.21.50.16
ewal.an3087959.site	unknown	unknown	No data	No data	1.3 kB	901 kB	188.114.96.1
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-04-25	410 B	327 B	172.240.253.132
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-04-25	731 B	423 B	192.243.61.225
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-04-25	408 B	87 kB	188.114.97.1
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-04-25	427 B	30 kB	104.17.25.14
valueslinear.com	unknown	unknown	No data	No data	431 B	17 kB	192.243.61.225
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-04-25	918 B	712 B	18.194.72.95

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	valueslinear.com	Sinkholed
2024-04-26	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	unknown	32 B	2023-03-07	2024-05-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:40 Last Seen2024-05-05 17:52:08 Times Seen29 Hash 16952761300c866b8cd44e2c66250ed3 b46eda62fd58298bac362e61042293f38304b3b9 7653f123e669cb603e8c8f870e9f02b9669d7af8780311e97f7dcdd3e895787a Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/1.9.0/jquery.min.js	93 kB	2023-03-07	2024-05-07
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/1.9.0/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:49 Last Seen2024-05-07 17:50:08 Times Seen1550 Hash 0652da382b6fceb033dfe2b6c06d4d11 002da8cbe90fcf32fbdebb72386125079e3805ee 7fa0d5c3f538c76f878e012ac390597faecaabfe6fb9d459b919258e76c5df8e Loading...

	vid142.site/assets/players/jwplayer-8.26.9/jwplayer.core.controls.js	324 kB	2023-04-01	2024-05-05
Pretty URL vid142.site/assets/players/jwplayer-8.26.9/jwplayer.core.controls.js IP 104.21.50.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 10:27:27 Last Seen2024-05-05 17:52:08 Times Seen89 Hash 3c5ff110bccc0950103d3f24d854eac2 0654337120a04acb6fe4e92484ba0db87b443777 35334400bec8f4c230e7b91c17c4cc96e17caebb6e144bf43dab0e57c4cf90e5 Loading...

	capaciousdrewreligion.com/advertisers.js	0 B	2023-03-07	2024-05-07
Pretty URL capaciousdrewreligion.com/advertisers.js IP 172.240.253.132 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 21:45:25 Times Seen37418954 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	vid142.site/futoken	257 B	2024-04-27	2024-04-27
Pretty URL vid142.site/futoken IP 104.21.50.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 01:27:56 Last Seen2024-04-27 01:27:57 Times Seen2 Hash c36849834f704b010ea9e0939cf5476e 5080b1a42583a74a936a2bfa250861152d9ebc35 a3a1418d68243ed8668061f45d864c4cbc6775144d9485121e50376958321c9a Loading...

	vid142.site/assets/mcloud/min/embed.js?v=661f2fa5	195 kB	2024-04-24	2024-04-30
Pretty URL vid142.site/assets/mcloud/min/embed.js?v=661f2fa5 IP 104.21.50.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 22:22:48 Last Seen2024-04-30 04:33:29 Times Seen10 Hash acb8b970d932c2a643dba5c09c83cbbd bb96e7f2aa06dd0f6acb68d28f5d46c83268df94 c3deb3814ee4baede6bb7c37e0de63be0bdaf0e7d79a038f5a16c4b917f11782 Loading...

	vid142.site/assets/players/jwplayer-8.26.9/jwplayer.js?v1	110 kB	2024-04-24	2024-05-05
Pretty URL vid142.site/assets/players/jwplayer-8.26.9/jwplayer.js?v1 IP 104.21.50.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 22:22:48 Last Seen2024-05-05 17:52:08 Times Seen17 Hash a27042e4168b8224e40c7f36c3a36d1e ba1f8b5fc524e8e96a57682a00bb689d174fb600 a37e9266fd7dad068329b7af30e5c3c4982611b2be7cceb649aa9b61f4fc68cf Loading...

	valueslinear.com/52/ba/41/52ba419ba307b72ff4090aea25de5317.js	41 kB	2024-04-27	2024-04-27
Pretty URL valueslinear.com/52/ba/41/52ba419ba307b72ff4090aea25de5317.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 01:27:56 Last Seen2024-04-27 01:27:56 Times Seen2 Hash cf45626526c7e763ee3a9deaa1e9f1d9 eeb15992590d3dcfb463cb09c38118b003a42b23 998c402cff6fab7644c5438ff65c09573c456a20b2b9c85057396bd7c361f05b Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-07
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-07 21:38:38 Times Seen2456 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	vid142.site/assets/players/jwplayer-8.26.9/provider.hlsjs.js	393 kB	2024-04-26	2024-05-05
Pretty URL vid142.site/assets/players/jwplayer-8.26.9/provider.hlsjs.js IP 104.21.50.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 04:39:28 Last Seen2024-05-05 17:52:08 Times Seen16 Hash 4e89bac040142aae140e0ccf7ba24ed7 bbe7a121360d2813a7cf0377ed9cb11571a6c765 2be492fddf54fbdc9ce3e72644feea311b579c77232ba0de3352cbd8aa4295ac Loading...

HTTP Transactions (19)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/1.9.0/jquery.min.js

104.17.25.14

200 OK

30 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/1.9.0/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32132)
Size
30 kB (29505 bytes)
Hash
0652da382b6fceb033dfe2b6c06d4d11
002da8cbe90fcf32fbdebb72386125079e3805ee
7fa0d5c3f538c76f878e012ac390597faecaabfe6fb9d459b919258e76c5df8e

HTTP Headers

GET /ajax/libs/jquery/1.9.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:27:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 29505
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-16b8c"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 68772
expires: Wed, 16 Apr 2025 23:27:24 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7a734VYSrOQj0nfaxtibubSstK2iWT44gNk4KpyYocHl88ETK2LFU1v4zwD48jYuhHunTKxHMynfixQJaFLnRz4%2Ft45dwAS96D7HoXdZSNq5ZKyvJnwJXwyxTBb7mpkvJjpqqJaV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87aa57dfbf4fb517-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

valueslinear.com/52/ba/41/52ba419ba307b72ff4090aea25de5317.js

192.243.61.225

200 OK

17 kB

URL GET HTTP/1.1
valueslinear.com/52/ba/41/52ba419ba307b72ff4090aea25de5317.js
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerLet's Encrypt
Subjectvalueslinear.com
Fingerprint1B:5F:42:9F:A7:B8:88:69:0E:18:50:43:65:11:E1:69:A0:24:C0:4E
ValidityTue, 02 Apr 2024 11:12:23 GMT - Mon, 01 Jul 2024 11:12:22 GMT

File type
JavaScript source, ASCII text, with very long lines (40622), with no line terminators
Size
17 kB (16678 bytes)
Hash
cf45626526c7e763ee3a9deaa1e9f1d9
eeb15992590d3dcfb463cb09c38118b003a42b23
998c402cff6fab7644c5438ff65c09573c456a20b2b9c85057396bd7c361f05b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /52/ba/41/52ba419ba307b72ff4090aea25de5317.js HTTP/1.1
Host: valueslinear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 23:27:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a4654d10ccdcb91713771bd15325a0f1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

18.194.72.95

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.194.72.95:443
ASN
#16509 AMAZON-02

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
29c738e2f4d2161ad71717b1e0d1ffef
0d0ef603cd5051fab9e959c2cc77201a487f8d46
31708f923327592730df806eed170c49fe65a325d9842a17e14fd30dddb66902

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vid142.site
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:27:24 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://vid142.site
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=21b5d4ee-cc30-4056-a71a-d79a94dc1ee8:3:1; expires=Mon, 24 Apr 2034 23:27:24 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.194.72.95

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.194.72.95:443
ASN
#16509 AMAZON-02

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
29c738e2f4d2161ad71717b1e0d1ffef
0d0ef603cd5051fab9e959c2cc77201a487f8d46
31708f923327592730df806eed170c49fe65a325d9842a17e14fd30dddb66902

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vid142.site
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/
Cookie: uid_id2=21b5d4ee-cc30-4056-a71a-d79a94dc1ee8:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:27:24 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://vid142.site
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

vid142.site/views/4128495

104.21.50.16

200 OK

7 B

URL GET HTTP/3
vid142.site/views/4128495
IP
104.21.50.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerGoogle Trust Services LLC
Subjectvid142.site
Fingerprint30:DB:E2:03:25:AC:A4:38:4A:78:31:91:FF:C7:16:43:11:A9:4C:DD
ValidityWed, 10 Apr 2024 03:06:57 GMT - Tue, 09 Jul 2024 03:06:56 GMT

File type
ASCII text
Size
7 B (7 bytes)
Hash
37a9aea1be8915f4998443873ec90db0
35bfc22420a7d20d27504a12743b4856fc0fedf9
ce516e29a2ccfe4bab40e4e6adab7661cd695680482c00b1faa738fc0df62698

HTTP Headers

GET /views/4128495 HTTP/1.1
Host: vid142.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:27:24 GMT
content-type: text/html
m-cache: BYPASS
x-cache: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fQy7CRi42yggjvhL0Wzv78bh%2F2d7XlW1jCNyiTpkLST%2FZMfv%2BZ6ZiKJ%2FMtWlst7eP2GlDI4aG9HUX5rBT7%2BCCkZJVJC%2F5al%2FCq1kNMFaKpAXm9e0I4iwdN88c8fffw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa57e47f3d1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

vid142.site/assets/players/jwplayer-8.26.9/jwplayer.core.controls.js

104.21.50.16

200 OK

86 kB

URL GET HTTP/3
vid142.site/assets/players/jwplayer-8.26.9/jwplayer.core.controls.js
IP
104.21.50.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerGoogle Trust Services LLC
Subjectvid142.site
Fingerprint30:DB:E2:03:25:AC:A4:38:4A:78:31:91:FF:C7:16:43:11:A9:4C:DD
ValidityWed, 10 Apr 2024 03:06:57 GMT - Tue, 09 Jul 2024 03:06:56 GMT

File type
JavaScript source, ASCII text, with very long lines (65143)
Size
86 kB (86011 bytes)
Hash
3c5ff110bccc0950103d3f24d854eac2
0654337120a04acb6fe4e92484ba0db87b443777
35334400bec8f4c230e7b91c17c4cc96e17caebb6e144bf43dab0e57c4cf90e5

HTTP Headers

GET /assets/players/jwplayer-8.26.9/jwplayer.core.controls.js HTTP/1.1
Host: vid142.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=21b5d4ee-cc30-4056-a71a-d79a94dc1ee8%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:27:25 GMT
content-type: application/javascript
last-modified: Mon, 18 Sep 2023 22:03:52 GMT
etag: W/"6508c948-4efa6"
m-cache: HIT
expires: Fri, 10 May 2024 04:14:39 GMT
cache-control: max-age=2678400
access-control-allow-origin: *
cf-cache-status: HIT
age: 1451566
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Isk%2BknU8vnTH23sdv48y%2Bvi4m1vqhLrmZt7yTz4%2B026vGl9oYRvk2iXOsDknMWs3D67UIpy5RDqqh5LLc3itDiKflJ2kbDl8FSRUcVX%2Fj%2BCy%2FcuK7g%2BQSro5FWRSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa57e63fda1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ewal.an3087959.site/_v2-mwxk/12a3c523fc105800ed8c394685aeeb0b952efe5c55bcbded4e1a7baea93ece832257df1a4b6125fcfa38c35da05dee86a6d39242d76ad3eadbbaa43b5376b485619912a45b0db85f4dc5f4ec3f117d1361649123140c6fd087c0a35c94a328ce2c10f54a4c76bb13ba/h/thumbnails.vtt

188.114.96.1

200 OK

453 kB

URL GET HTTP/2
ewal.an3087959.site/_v2-mwxk/12a3c523fc105800ed8c394685aeeb0b952efe5c55bcbded4e1a7baea93ece832257df1a4b6125fcfa38c35da05dee86a6d39242d76ad3eadbbaa43b5376b485619912a45b0db85f4dc5f4ec3f117d1361649123140c6fd087c0a35c94a328ce2c10f54a4c76bb13ba/h/thumbnails.vtt
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerLet's Encrypt
Subjectan3087959.site
Fingerprint36:8B:0E:21:67:9D:C8:7D:03:B6:CC:F7:65:61:39:2E:64:97:AC:44
ValidityTue, 12 Mar 2024 01:32:09 GMT - Mon, 10 Jun 2024 01:32:08 GMT

File type
data
Size
453 kB (453058 bytes)
Hash
35129f73274615891632c26b04d785b0
cc0fe4255db11ed4c34e2211828a6c5b8e2be46d
dcace5ead2f82e208d0b485f1b35014fd71530326e76bb5af483735ada5ddcff

HTTP Headers

GET /_v2-mwxk/12a3c523fc105800ed8c394685aeeb0b952efe5c55bcbded4e1a7baea93ece832257df1a4b6125fcfa38c35da05dee86a6d39242d76ad3eadbbaa43b5376b485619912a45b0db85f4dc5f4ec3f117d1361649123140c6fd087c0a35c94a328ce2c10f54a4c76bb13ba/h/thumbnails.vtt HTTP/1.1
Host: ewal.an3087959.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vid142.site
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:27:25 GMT
content-type: text/vtt
last-modified: Mon, 24 Jul 2023 16:38:39 GMT
etag: W/"64bea90f-19f3"
x-cache: HIT
x-proxy-cache: MISS
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-cache-status: HIT
age: 36030
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6raYnsAd63CtpWR4WhuxSJXC83SnloFPhCcMBr9QcsQxd9rorDYT7Lgi6ibABJdDVhhLB8Hb%2FdCPUu1TFO6xEEwYK5OKLPNrKd8UEFXWlna4Dzu%2BUiftUV%2BULs8hTjC%2By5qCMRH1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa57e7dfb156c7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

capaciousdrewreligion.com/advertisers.js

172.240.253.132

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
Fingerprint53:B6:ED:C6:B5:B6:60:3E:6D:02:5A:92:2E:C3:12:74:64:A1:23:DC
ValidityWed, 06 Mar 2024 11:57:32 GMT - Tue, 04 Jun 2024 11:57:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 23:27:25 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e20e3a16031f500a75d0340e2fd0b4a4
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=21b5d4ee-cc30-4056-a71a-d79a94dc1ee8&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=52ba419ba307b72ff4090aea25de5317&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23

192.243.61.225

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=21b5d4ee-cc30-4056-a71a-d79a94dc1ee8&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=52ba419ba307b72ff4090aea25de5317&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=21b5d4ee-cc30-4056-a71a-d79a94dc1ee8&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=52ba419ba307b72ff4090aea25de5317&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 23:27:25 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2a1781c74617e271a8f4515d48639c1f
Strict-Transport-Security: max-age=0; includeSubdomains

vid142.site/mediainfo/XXFPuqkC5oLQroElKbttTTTHIPwflw8=,209,158,119,148,192,218,173,168,121,192,186,180,157,213,186,187?autostart=true&t=4xjRDfQhB1wLxA==

104.21.50.16

200 OK

676 B

URL GET HTTP/3
vid142.site/mediainfo/XXFPuqkC5oLQroElKbttTTTHIPwflw8=,209,158,119,148,192,218,173,168,121,192,186,180,157,213,186,187?autostart=true&t=4xjRDfQhB1wLxA==
IP
104.21.50.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerGoogle Trust Services LLC
Subjectvid142.site
Fingerprint30:DB:E2:03:25:AC:A4:38:4A:78:31:91:FF:C7:16:43:11:A9:4C:DD
ValidityWed, 10 Apr 2024 03:06:57 GMT - Tue, 09 Jul 2024 03:06:56 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (708), with no line terminators
Size
676 B (676 bytes)
Hash
fd8ec9f62a7c7fbe282585a12b914acf
03e9b30c539930f260bcd5ede3dfa790702c68ea
5939c79a78cbad1f13fb8c0a9b46ef161c46e88efff4a2490dd3b3cfc5d75f76

HTTP Headers

GET /mediainfo/XXFPuqkC5oLQroElKbttTTTHIPwflw8=,209,158,119,148,192,218,173,168,121,192,186,180,157,213,186,187?autostart=true&t=4xjRDfQhB1wLxA== HTTP/1.1
Host: vid142.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:27:25 GMT
content-type: application/json
x-cache: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lUt4o%2B%2FYL%2B4t7m6k%2B7cyxdt16KKd%2BKi72rmAOSjuR%2BBnFeOhaneMbPBiuqQ3MNkMRZf898%2Bj4LfaSER6AQ%2ByDgr4BDrXdqF3F%2FjO4OxXKd9j5I%2F6DS3ohkWpaKkQ5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa57e4af4a1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

vid142.site/assets/players/jwplayer-8.26.9/provider.hlsjs.js

104.21.50.16

200 OK

393 kB

URL GET HTTP/3
vid142.site/assets/players/jwplayer-8.26.9/provider.hlsjs.js
IP
104.21.50.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerGoogle Trust Services LLC
Subjectvid142.site
Fingerprint30:DB:E2:03:25:AC:A4:38:4A:78:31:91:FF:C7:16:43:11:A9:4C:DD
ValidityWed, 10 Apr 2024 03:06:57 GMT - Tue, 09 Jul 2024 03:06:56 GMT

File type

Size
393 kB (393168 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /assets/players/jwplayer-8.26.9/provider.hlsjs.js HTTP/1.1
Host: vid142.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=21b5d4ee-cc30-4056-a71a-d79a94dc1ee8%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:27:25 GMT
content-type: application/javascript
last-modified: Mon, 18 Sep 2023 22:03:52 GMT
etag: W/"6508c948-5ffd0"
m-cache: HIT
expires: Fri, 10 May 2024 04:14:39 GMT
cache-control: max-age=2678400
access-control-allow-origin: *
cf-cache-status: HIT
age: 1451566
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LMBjvbqMMKXWnR6IpEcS87TTt7ptxcw87YjNwadurFRuM1izL7z2QYKBo2lV2lAAfcMTgb3r8HnLT77ELvaJNLjIe3go%2F4lEq8isC%2BErBsgWpio3xkZlIv%2BFkhd6%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa57e63fdb1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

188.114.96.1

200 OK

446 kB

URL GET HTTP/3
ewal.an3087959.site/_v2-mwxk/12a3c523fc105800ed8c394685aeeb0b952efe5c55bcbded4e1a7baea93ece832257df1a4b6125fcfa38c35da05dee86a6d39242d76ad3eadbbaa43b5376b485619912a45b0db85f4dc5f4ec3f117d1361649123140c6fd087c0a35c94a328ce2c10f54a4c76bb13ba/h/thumbnails.jpg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerLet's Encrypt
Subjectan3087959.site
Fingerprint36:8B:0E:21:67:9D:C8:7D:03:B6:CC:F7:65:61:39:2E:64:97:AC:44
ValidityTue, 12 Mar 2024 01:32:09 GMT - Mon, 10 Jun 2024 01:32:08 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 404x405, segment length 16, comment: "Lavc60.21.100", baseline, precision 8, 1620x1111, components 3
Size
446 kB (446415 bytes)
Hash
0f343fa3365a3ab52c3819a711557daa
2e3682c5c9c2ef198a766896bd65938b92096a1d
22b971a33c587dbda8ddaa130e2c9315083b91201360660455b04b256c049fb5

HTTP Headers

GET /_v2-mwxk/12a3c523fc105800ed8c394685aeeb0b952efe5c55bcbded4e1a7baea93ece832257df1a4b6125fcfa38c35da05dee86a6d39242d76ad3eadbbaa43b5376b485619912a45b0db85f4dc5f4ec3f117d1361649123140c6fd087c0a35c94a328ce2c10f54a4c76bb13ba/h/thumbnails.jpg HTTP/1.1
Host: ewal.an3087959.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:27:25 GMT
content-type: image/jpg
content-length: 446415
last-modified: Mon, 24 Jul 2023 16:38:39 GMT
etag: "64bea90f-6cfcf"
x-cache: HIT
x-proxy-cache: MISS
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-cache-status: HIT
age: 582763
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o1Mtz1dpmOezvdMuXCralRIOBr3NtEjUGeA4ErJUEjYPXlVrLK2aDHz7SbyXf9fsC%2BFzDlfXE%2FcyI8uF1qqy%2FU%2BH9DGJBB50N5N6q7JxLywL4pRhSsKERybTpX%2BrTwQoZcTxtksf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa57e8093f56a2-OSL
alt-svc: h3=":443"; ma=86400

vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==

104.21.50.16

200 OK

1.1 kB

URL User Request GET HTTP/2
vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
IP
104.21.50.16:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectvid142.site
Fingerprint30:DB:E2:03:25:AC:A4:38:4A:78:31:91:FF:C7:16:43:11:A9:4C:DD
ValidityWed, 10 Apr 2024 03:06:57 GMT - Tue, 09 Jul 2024 03:06:56 GMT

File type
HTML document, ASCII text, with very long lines (1110), with no line terminators
Size
1.1 kB (1062 bytes)
Hash
40870f0fdf7aa7731cbe6f558d8e264b
51282a623a22a384d2cc86091555602ea21ac908
05222a4c84a24e857363dfa1fd7eb722e977de2abf7e4bcaf466201b8249ee4f

HTTP Headers

GET /e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA== HTTP/1.1
Host: vid142.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:27:23 GMT
content-type: text/html; charset=UTF-8
m-cache: HIT
x-cache: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3aqy%2BIyBBpMDug0gNJvz1TDVxvWo5xgToChDk67Y1aTg8rEYlLgWwT84ihV%2B%2BhS9pvOOiIuu3Cc8dQEMuKIaXilYDiX3rag88H%2FJCBngYZN4AEG%2BgOfijRzRmlQuZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa57ddaa25b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

vid142.site/assets/mcloud/min/embed.js?v=661f2fa5

104.21.50.16

200 OK

195 kB

URL GET HTTP/3
vid142.site/assets/mcloud/min/embed.js?v=661f2fa5
IP
104.21.50.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerGoogle Trust Services LLC
Subjectvid142.site
Fingerprint30:DB:E2:03:25:AC:A4:38:4A:78:31:91:FF:C7:16:43:11:A9:4C:DD
ValidityWed, 10 Apr 2024 03:06:57 GMT - Tue, 09 Jul 2024 03:06:56 GMT

File type

Size
195 kB (195294 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /assets/mcloud/min/embed.js?v=661f2fa5 HTTP/1.1
Host: vid142.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:27:24 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 02:10:45 GMT
etag: W/"661f2fa5-2fade"
m-cache: HIT
expires: Fri, 17 May 2024 02:10:48 GMT
cache-control: max-age=2678400
access-control-allow-origin: *
cf-cache-status: HIT
age: 854196
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u0u1IcjORfdzzaN66w18hRg21Rk2jIUrAFOtC60AsVQLCtN4ksEiIgkAfgiqszSaQ%2F6XjQW973w5ycWe29jS3abgkXXeuJjIQqAbww%2FLMLOmk%2FuJqe896EcGvQGPmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa57df9da61c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

vid142.site/favicon.ico

104.21.50.16

200 OK

0 B

URL GET HTTP/3
vid142.site/favicon.ico
IP
104.21.50.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerGoogle Trust Services LLC
Subjectvid142.site
Fingerprint30:DB:E2:03:25:AC:A4:38:4A:78:31:91:FF:C7:16:43:11:A9:4C:DD
ValidityWed, 10 Apr 2024 03:06:57 GMT - Tue, 09 Jul 2024 03:06:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: vid142.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=21b5d4ee-cc30-4056-a71a-d79a94dc1ee8%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:27:25 GMT
content-type: image/x-icon
content-length: 0
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Fri, 26 Apr 2024 20:37:33 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MbGpk1o6%2FYJubSlfRT3VTjcP7fhMz4LDU798Ne%2FLQD1khjwLwlCerO9saVN2lpAw77YgRZ51OxVl0zG%2BotwANRAHlRWJKcLbbMuIF2zZDmyiQi579CZqeoBdMN%2BwHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa57e55f901c16-OSL
alt-svc: h3=":443"; ma=86400

vid142.site/assets/mcloud/min/embed.css?v=661f2fa5

104.21.50.16

200 OK

8.5 kB

URL GET HTTP/3
vid142.site/assets/mcloud/min/embed.css?v=661f2fa5
IP
104.21.50.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerGoogle Trust Services LLC
Subjectvid142.site
Fingerprint30:DB:E2:03:25:AC:A4:38:4A:78:31:91:FF:C7:16:43:11:A9:4C:DD
ValidityWed, 10 Apr 2024 03:06:57 GMT - Tue, 09 Jul 2024 03:06:56 GMT

File type
ASCII text, with very long lines (8532), with no line terminators
Size
8.5 kB (8530 bytes)
Hash
18049c2b04cd6ed86be6844b36b28b5e
422fb6b1b0335cbbd45c0f8495d70ef39ccfc696
83dd4a0a093dfe32c6ea13157c9479c3b76faded4a7ae38a38e3dff9d6541d7b

HTTP Headers

GET /assets/mcloud/min/embed.css?v=661f2fa5 HTTP/1.1
Host: vid142.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:27:24 GMT
content-type: text/css
last-modified: Mon, 08 Apr 2024 02:37:41 GMT
etag: W/"66135875-2152"
m-cache: HIT
expires: Fri, 17 May 2024 02:10:48 GMT
cache-control: max-age=2678400
access-control-allow-origin: *
cf-cache-status: HIT
age: 854196
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xVEolex6%2B6w5GML0Z8%2BH6iOeTtykqKRsyN04TXxg9EjmIdnotTXkM%2BJeU%2BP1UALtKVXf5otuu%2BUvr3H0j57ou0AXwxINgx0aREcDE%2FZTtbmiggmBmxoZlr5yv5RXbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa57df9da01c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

vid142.site/assets/players/jwplayer-8.26.9/jwplayer.js?v1

104.21.50.16

200 OK

110 kB

URL GET HTTP/3
vid142.site/assets/players/jwplayer-8.26.9/jwplayer.js?v1
IP
104.21.50.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerGoogle Trust Services LLC
Subjectvid142.site
Fingerprint30:DB:E2:03:25:AC:A4:38:4A:78:31:91:FF:C7:16:43:11:A9:4C:DD
ValidityWed, 10 Apr 2024 03:06:57 GMT - Tue, 09 Jul 2024 03:06:56 GMT

File type

Size
110 kB (109779 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /assets/players/jwplayer-8.26.9/jwplayer.js?v1 HTTP/1.1
Host: vid142.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:27:24 GMT
content-type: application/javascript
last-modified: Mon, 18 Sep 2023 22:03:52 GMT
etag: W/"6508c948-1acd3"
m-cache: HIT
expires: Fri, 10 May 2024 04:14:38 GMT
cache-control: max-age=2678400
access-control-allow-origin: *
cf-cache-status: HIT
age: 1451566
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ffMrZWAQrf%2BVdQfvNsnv9lQnsEoBALQmGiyt8zMV8ihvhhtNjt1mgE4OeWtZpXcoTzM83UQim8ar0TlJpikhwykyXvZ6VTfcRtoHywfJN9%2BoirL4mkH9tPDIGPO0oA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa57df9da51c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

downstairsnegotiatebarren.com/sfp.js

188.114.97.1

200 OK

86 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44
ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:27:24 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 73ca0261de9e439dad083fd1ac5f6448
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 26 Apr 2024 23:27:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2HNXCz6fthEBs9WkjUjhDW9IEYOPQChie2A3L7W1OBCmQ%2BtSrzpL7bMZF%2B%2FyReEn5Wh4dp6tlUqDS%2FvOdgSaLrMgk6%2BUskU%2FLu8%2FHv2jOxCTWsQ0NOfsMqA0oPt%2BN%2BthB%2FDfKrMiKlKvLvYc3aBUQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa57e36d237127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

vid142.site/futoken

104.21.50.16

200 OK

257 B

URL GET HTTP/3
vid142.site/futoken
IP
104.21.50.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Certificate
IssuerGoogle Trust Services LLC
Subjectvid142.site
Fingerprint30:DB:E2:03:25:AC:A4:38:4A:78:31:91:FF:C7:16:43:11:A9:4C:DD
ValidityWed, 10 Apr 2024 03:06:57 GMT - Tue, 09 Jul 2024 03:06:56 GMT

File type
JavaScript source, ASCII text, with no line terminators
Size
257 B (257 bytes)
Hash
c36849834f704b010ea9e0939cf5476e
5080b1a42583a74a936a2bfa250861152d9ebc35
a3a1418d68243ed8668061f45d864c4cbc6775144d9485121e50376958321c9a

HTTP Headers

GET /futoken HTTP/1.1
Host: vid142.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vid142.site/e/G6JOLM3L3J9O?autostart=true&t=4xjRDfQhB1wLxA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:27:24 GMT
m-cache: MISS
x-cache: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rbbHDZ2%2B1hpBWnt7br0TP8MUqb49Ixj%2B7tmib%2BZvvNwKaURV0e8qLN4sQeALYiWTTXlAxQ5zM%2BWTbnwczX39Uw7wbvr%2BC0iidiA0m11RTCj%2FC6UKTvMP4i6Ixwuf1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa57df9da11c16-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL