Report - princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/

Report Overview

Submitted URL
princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
IP
185.197.162.157
ASN
#60144 3W Infra B.V.
Submitted
2024-05-07 22:47:05
Access
public
Website Title
Download Princess Chelsea – Cigarette Duet | Download mp3 free, listen music online - Hydr0.org
Final URL
princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-05-07	1.1 kB	1.1 kB	139.45.197.250
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-06	512 B	1.2 kB	35.244.181.201
zuhempih.com	unknown	2024-01-22	2024-01-22	2024-03-30	1.7 kB	98 kB	139.45.197.245
princess-chelsea.hydr0.org	unknown	unknown	No data	No data	1.6 kB	11 kB	185.197.162.157
hydr0.org	unknown	2020-01-26	2020-01-26	2023-09-16	3.6 kB	53 kB	185.197.162.157
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	462 B	1.9 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-07	1.7 kB	47 kB	216.58.207.227
omoonsih.net	148361	2021-08-03	2021-08-03	2024-02-24	1.1 kB	30 kB	172.66.43.183
jouteetu.net	260109	2021-07-08	2021-07-15	2024-05-07	1.4 kB	1.9 kB	139.45.197.251
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-06	485 B	755 B	139.45.195.8

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	amunfezanttor.com	Sinkholed
2024-05-07	medium	amunfezanttor.com	Sinkholed
2024-05-07	medium	zuhempih.com	Sinkholed
2024-05-07	medium	zuhempih.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	hydr0.org/i/js/_main_min.js?bd267116	16 kB	2023-09-16	2024-05-08
Pretty URL hydr0.org/i/js/_main_min.js?bd267116 IP 185.197.162.157 ASN #60144 3W Infra B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-16 21:38:51 Last Seen2024-05-08 00:47:11 Times Seen4 Hash 88660846b8b0fc8da079a8bdc8c9eb39 71f3167c514309e4549c79f010f79063a5e9bff9 696a51361838c68fb295f2976eccad548d5cd02177a40b5cb4e1748fb47a6958 Loading...

	princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/	366 B	2023-09-16	2024-05-08
Pretty URL princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ IP 185.197.162.157 ASN #60144 3W Infra B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-16 21:38:51 Last Seen2024-05-08 00:47:11 Times Seen3 Hash ce2e299c45cac45500d2b844ae5d0ba9 135864845b10ff0a0e77dacd28804e049a560a48 4204eeef9b3d2dca4ce20070002d3b9b3319cb973b5302286ea50993b4a842d1 Loading...

	omoonsih.net/pfe/current/micro.tag.min.js?z=6444282&sw=/sw-check-permissions.js	37 kB	2024-04-25	2024-05-15
Pretty URL omoonsih.net/pfe/current/micro.tag.min.js?z=6444282&sw=/sw-check-permissions.js IP 172.66.43.183 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 13:01:48 Last Seen2024-05-15 20:42:51 Times Seen2522 Hash 32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de Loading...

	zuhempih.com/5/7149369	94 kB	2024-05-08	2024-05-08
Pretty URL zuhempih.com/5/7149369 IP 139.45.197.245 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 00:47:11 Last Seen2024-05-08 00:47:11 Times Seen2 Hash 23f68308da3aec5ea1734244376166be 285b843a7be08b72c2cbbeca267ac63ed56c1e37 1dac8f12208e6da27a9d0b640f441bc3c6965da7b4490fe6ab0bce8521f54045 Loading...

	princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/sandbox%20eval%20code	148 B	2023-04-11	2024-05-19
Pretty URL princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:38:13 Last Seen2024-05-19 21:21:47 Times Seen21035 Hash 64fe6fe97a487c82c5be70158b71aa87 b93ba17d1796e404b0ca1ef6f262bbbb0c427366 3ec8a12103cf9c2e91b9be1329d1e9f1c53043e38a641070650d1b8d07dbbcd2 Loading...

	ssl.google-analytics.com/ga.js	3.4 kB	2023-04-11	2024-05-19
Pretty URL ssl.google-analytics.com/ga.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:38:13 Last Seen2024-05-19 21:21:47 Times Seen20977 Hash b6f6d7efd99960ab916ee096e061f2e7 e21f1b5b99444ed4e4f62308cf616edd93ee852e bbb1ca9c206e0ed72478ea72f3ca038cf739fd540d5d1c2da19620c942e4c4f4 Loading...

HTTP Transactions (26)

URL IP Response Size

princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/

185.197.162.157

200 OK

8.7 kB

URL User Request GET HTTP/2
princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
IP
185.197.162.157:443
ASN
#60144 3W Infra B.V.

Certificate
IssuerLet's Encrypt
Subjecthydr0.org
Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3
ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (963)
Size
8.7 kB (8748 bytes)
Hash
22977756c52ece1f6426e939d920dea1
6ca7630fd9b1066043ea86c604c9c2e9ac32b714
43327200ccc2192d6ed07715edba0f47fdaa06397967b6d44e0209aae047cd63

HTTP Headers

GET /t/13736209121606227426-princess-chelsea-cigarette-duet/ HTTP/1.1
Host: princess-chelsea.hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:39 GMT
content-type: text/html; charset=utf-8
content-length: 8748
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

hydr0.org/i/js/_main_min.js?bd267116

185.197.162.157

200 OK

6.8 kB

URL GET HTTP/2
hydr0.org/i/js/_main_min.js?bd267116
IP
185.197.162.157:443
ASN
#60144 3W Infra B.V.

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjecthydr0.org
Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3
ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT

File type
gzip compressed data, from Unix
Size
6.8 kB (6754 bytes)
Hash
77f43b68f714440b0bf16af924bc635e
4c88c8b1c03581d732ee94a56cc1416201f902ad
b7f399432d6371eb7c713233483f650f09711c4778a2ef42d6158b2a71ddea58

HTTP Headers

GET /i/js/_main_min.js?bd267116 HTTP/1.1
Host: hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:39 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Sun, 06 Dec 2020 12:25:14 GMT
vary: Accept-Encoding
etag: W/"5fcccdaa-4029"
expires: Wed, 15 May 2024 22:46:39 GMT
cache-control: max-age=691200
content-encoding: gzip
X-Firefox-Spdy: h2

hydr0.org/i/assets/css/main.min.css

185.197.162.157

200 OK

2.5 kB

URL GET HTTP/2
hydr0.org/i/assets/css/main.min.css
IP
185.197.162.157:443
ASN
#60144 3W Infra B.V.

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjecthydr0.org
Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3
ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT

File type
gzip compressed data, from Unix
Size
2.5 kB (2489 bytes)
Hash
938391e95fa6ce218978399a91be9ae4
3e3a5bc7b082aea49d3b16e4d14b5fc75edf59ba
32be7853bdee489a77a0c7f1d67afed44d4509571412d942ca71787e68896050

HTTP Headers

GET /i/assets/css/main.min.css HTTP/1.1
Host: hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:39 GMT
content-type: text/css
last-modified: Mon, 24 Sep 2018 21:22:06 GMT
vary: Accept-Encoding
etag: W/"5ba9557e-1b5d"
expires: Wed, 15 May 2024 22:46:39 GMT
cache-control: max-age=691200
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700

142.250.74.106

200 OK

1.2 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
1.2 kB (1247 bytes)
Hash
7cfc42577705ae611949363333c14b62
5bd1619fae9afb6718d536ff55c68fa7d99d307b
db64462e4c203e6ebef44c63115a38a6bdd2460c99fe791772c59ada7844137e

HTTP Headers

GET /css?family=Source+Sans+Pro:300,400,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 22:46:40 GMT
date: Tue, 07 May 2024 22:46:40 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

hydr0.org/i/img/tw-icon.png

185.197.162.157

200 OK

224 B

URL GET HTTP/2
hydr0.org/i/img/tw-icon.png
IP
185.197.162.157:443
ASN
#60144 3W Infra B.V.

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjecthydr0.org
Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3
ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT

File type
PNG image data, 16 x 14, 8-bit/color RGBA, non-interlaced
Size
224 B (224 bytes)
Hash
e2cee1c943433546bb4480f554de127a
ed743bf22f75ebac80022eef1dca0deefb1c1fe0
f379291652866713bf1f5569751bec9f5cb86df654c64d6ce56e22b58cfb01a2

HTTP Headers

GET /i/img/tw-icon.png HTTP/1.1
Host: hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hydr0.org/i/css/_main_min.css?07e7a71b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: image/png
content-length: 224
last-modified: Sun, 22 Apr 2018 18:52:38 GMT
etag: "5adcd9f6-e0"
expires: Wed, 15 May 2024 22:46:40 GMT
cache-control: max-age=691200
accept-ranges: bytes
X-Firefox-Spdy: h2

hydr0.org/i/img/vk-icon.png

185.197.162.157

200 OK

227 B

URL GET HTTP/2
hydr0.org/i/img/vk-icon.png
IP
185.197.162.157:443
ASN
#60144 3W Infra B.V.

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjecthydr0.org
Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3
ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT

File type
PNG image data, 18 x 12, 8-bit/color RGBA, non-interlaced
Size
227 B (227 bytes)
Hash
02a6c41a891f99dfd543ba1cb2f6236f
4dee5f8812755c8fbb1dd1b261067aaf59bae749
b16afc6cf638c1a017697c56889bd640044df1618146e7ed5e40f2189bab785a

HTTP Headers

GET /i/img/vk-icon.png HTTP/1.1
Host: hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hydr0.org/i/css/_main_min.css?07e7a71b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: image/png
content-length: 227
last-modified: Sun, 22 Apr 2018 18:52:38 GMT
etag: "5adcd9f6-e3"
expires: Wed, 15 May 2024 22:46:40 GMT
cache-control: max-age=691200
accept-ranges: bytes
X-Firefox-Spdy: h2

hydr0.org/i/assets/img/play-button.svg

185.197.162.157

200 OK

872 B

URL GET HTTP/2
hydr0.org/i/assets/img/play-button.svg
IP
185.197.162.157:443
ASN
#60144 3W Infra B.V.

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjecthydr0.org
Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3
ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT

File type
SVG Scalable Vector Graphics image
Size
872 B (872 bytes)
Hash
9d78dd199dec98e2b4b0ec81437d6c88
ec05c5717c55461b5ab474e5f301d11a0a9d7bbf
1c3dc095e4636fefe4a91bf18f9988eae51f08766d56cfd40bfe1caa8690de34

HTTP Headers

GET /i/assets/img/play-button.svg HTTP/1.1
Host: hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hydr0.org/i/css/_main_min.css?07e7a71b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: image/svg+xml
content-length: 872
last-modified: Sun, 23 Sep 2018 09:56:11 GMT
etag: "5ba7633b-368"
expires: Wed, 15 May 2024 22:46:40 GMT
cache-control: max-age=691200
accept-ranges: bytes
X-Firefox-Spdy: h2

hydr0.org/i/assets/img/download.svg

185.197.162.157

200 OK

1.1 kB

URL GET HTTP/2
hydr0.org/i/assets/img/download.svg
IP
185.197.162.157:443
ASN
#60144 3W Infra B.V.

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjecthydr0.org
Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3
ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1135 bytes)
Hash
18498919aa46e36a2909abb492263545
640f1fd7d6714c6b96a372028fd5fa1ae001aed4
41fc339bf1a098172ef993c03574dcbfd88cc2e4490eee62f3e889f3e132ca3e

HTTP Headers

GET /i/assets/img/download.svg HTTP/1.1
Host: hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hydr0.org/i/css/_main_min.css?07e7a71b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: image/svg+xml
content-length: 1135
last-modified: Sun, 23 Sep 2018 10:25:32 GMT
etag: "5ba76a1c-46f"
expires: Wed, 15 May 2024 22:46:40 GMT
cache-control: max-age=691200
accept-ranges: bytes
X-Firefox-Spdy: h2

hydr0.org/i/img/fixplayer.png

185.197.162.157

200 OK

4.2 kB

URL GET HTTP/2
hydr0.org/i/img/fixplayer.png
IP
185.197.162.157:443
ASN
#60144 3W Infra B.V.

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjecthydr0.org
Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3
ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT

File type
PNG image data, 500 x 200, 8-bit/color RGBA, non-interlaced
Size
4.2 kB (4200 bytes)
Hash
7e86d3366c2cb8883fc258e5d43ef6ae
433163ca9d6addfcf52c216879f1bccd003b056d
e704f5b237151eeb6afa59feba454f91dbaa04e8794e91296903958883974b7a

HTTP Headers

GET /i/img/fixplayer.png HTTP/1.1
Host: hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hydr0.org/i/css/_main_min.css?07e7a71b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: image/png
content-length: 4200
last-modified: Sun, 23 Sep 2018 19:17:36 GMT
etag: "5ba7e6d0-1068"
expires: Wed, 15 May 2024 22:46:40 GMT
cache-control: max-age=691200
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

216.58.207.227

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14892, version 1.0
Size
15 kB (14892 bytes)
Hash
9ec6deaf6bada919e20b98f9f7b718b1
501d36403ad8205e4644532600019ecb10f5cb0a
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

HTTP Headers

GET /s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14892
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 10:17:48 GMT
expires: Sat, 03 May 2025 10:17:48 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
content-type: font/woff2
age: 390532
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

omoonsih.net/pfe/current/micro.tag.min.js?z=6444282&sw=/sw-check-permissions.js

172.66.43.183

200 OK

28 kB

URL GET HTTP/2
omoonsih.net/pfe/current/micro.tag.min.js?z=6444282&sw=/sw-check-permissions.js
IP
172.66.43.183:443
ASN
#13335 CLOUDFLARENET

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint64:19:B1:75:F5:EE:20:B6:3B:9F:48:90:E4:C0:BC:4E:12:5B:60:4B
ValidityFri, 09 Jun 2023 00:00:00 GMT - Sat, 08 Jun 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (37142), with no line terminators
Size
28 kB (28288 bytes)
Hash
32d6dbd00a639e2cd10d1704b9159bd5
0dab4c95675393f1d0e13d20f13d80ee12e41d95
9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=6444282&sw=/sw-check-permissions.js HTTP/1.1
Host: omoonsih.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-9116"
access-control-allow-credentials: true
cache-control: max-age=14400
pragma: no-cache
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=snSjuAJPm7CPi63a0m6jAV6V7%2BDexsM8a%2BCWq7wFIn3tcr7NtKwIB75KwLVJ%2F%2F74xPYZ%2BTRlJK29epLkFdrLXThl4Iao2a0bGOa3WneDnweLfawVdr8xHEmxOY9g7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804bf53dd3d56b9-OSL
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2

216.58.207.227

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14712, version 1.0
Size
15 kB (14712 bytes)
Hash
3afeae0d768769f5e5f30ac9805c5b70
3ada17c2b462db3e7a1fd85c3f4670dfe7704f4d
0d0a6262c545e8bbc895116e5afb22579c468d7abb77e378f377d6fed57c1dce

HTTP Headers

GET /s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14712
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 18:02:35 GMT
expires: Fri, 02 May 2025 18:02:35 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 01 Jun 2023 22:52:57 GMT
content-type: font/woff2
age: 449045
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

omoonsih.net/zone?&pub=0&zone_id=6444282&is_mobile=false&domain=princess-chelsea.hydr0.org&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=e73e3734-4125-4af0-a454-69419ec3d25e&action=prerequest

172.66.43.183

200 OK

0 B

URL POST HTTP/2
omoonsih.net/zone?&pub=0&zone_id=6444282&is_mobile=false&domain=princess-chelsea.hydr0.org&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=e73e3734-4125-4af0-a454-69419ec3d25e&action=prerequest
IP
172.66.43.183:443
ASN
#13335 CLOUDFLARENET

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint64:19:B1:75:F5:EE:20:B6:3B:9F:48:90:E4:C0:BC:4E:12:5B:60:4B
ValidityFri, 09 Jun 2023 00:00:00 GMT - Sat, 08 Jun 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=6444282&is_mobile=false&domain=princess-chelsea.hydr0.org&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=e73e3734-4125-4af0-a454-69419ec3d25e&action=prerequest HTTP/1.1
Host: omoonsih.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 22:46:40 GMT
content-length: 0
x-trace-id: 30fd623347b9f867fdb1b60af14c85d6
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://princess-chelsea.hydr0.org
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S32dTdcocU5YEn0KGZnZCwsFNsuEeYn1rIJMytLY4k3GyzhyIipUd1iOuYI4QAwuz4cezS7aW2%2FzQXKqjZx8IiaqhEu%2B9jglJrb9AwDdp1yaK29%2F%2F8yRAUJfdaoJVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804bf565f9e56b9-OSL
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 322
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 34b655a781b6a1a8f3718b61923ac384
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://princess-chelsea.hydr0.org
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 325
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: d0403732713facbc92b2a76c9a15222a
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://princess-chelsea.hydr0.org
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 324
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 4565b50db4f3fb03d209fd0396149209
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://princess-chelsea.hydr0.org
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://princess-chelsea.hydr0.org/
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://princess-chelsea.hydr0.org
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

princess-chelsea.hydr0.org/sw-check-permissions.js?zoneId=6444282

185.197.162.157

200 OK

503 B

URL GET HTTP/2
princess-chelsea.hydr0.org/sw-check-permissions.js?zoneId=6444282
IP
185.197.162.157:443
ASN
#60144 3W Infra B.V.

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjecthydr0.org
Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3
ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT

File type
Java source, ASCII text
Size
503 B (503 bytes)
Hash
d05dbf65f2e2534405a9bfdef85ea2f5
6eaedd77ecd6883166136377e31a2678c93f490c
27da5d1029d8f9022b772da59bf5cd9a8daa82b7d70330c2d923e5de926ad9b4

HTTP Headers

GET /sw-check-permissions.js?zoneId=6444282 HTTP/1.1
Host: princess-chelsea.hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/javascript; charset=UTF-8
content-length: 503
last-modified: Tue, 10 Oct 2023 08:44:41 GMT
etag: "65250ef9-1f7"
expires: Wed, 15 May 2024 22:46:40 GMT
cache-control: max-age=691200
accept-ranges: bytes
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=008055d700f4494df57a97946484441f

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=008055d700f4494df57a97946484441f
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
7c66ca9449b92bff8145ee60033b8ff6
c1f7368ea14e123ec429f1ab1a97e7fdaa80beb0
c94b8e79dc5a6135bc12857ed79ece1d089b689015d7dd25bd013c970eb21957

HTTP Headers

GET /gid.js?userId=008055d700f4494df57a97946484441f HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://princess-chelsea.hydr0.org
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008055d700f4494df57a97946484441f; expires=Wed, 07 May 2025 22:46:40 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
39a91582eae10095b42acfb9fba29df7
31fd99163ed7779db91705db40f777a43fe4ea2c
acd8bb8d6ee80207b866f658ce6cbf7d5c502248170090d2b61c50d3ece9f3cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://princess-chelsea.hydr0.org/
Content-Type: application/json
Content-Length: 904
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://princess-chelsea.hydr0.org
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

princess-chelsea.hydr0.org/favicon.ico

185.197.162.157

200 OK

1.2 kB

URL GET HTTP/2
princess-chelsea.hydr0.org/favicon.ico
IP
185.197.162.157:443
ASN
#60144 3W Infra B.V.

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjecthydr0.org
Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3
ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
77a5802ef2306252acd37d624e83da69
7c48978777ac45d4d615c93a3d1cac8c0ebd111d
2f23bc10aef4196b073237193f296340a225a133c5bf9c0dbc6ffd336991da33

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: princess-chelsea.hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Cookie: prefetchAd_7149369=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: image/vnd.microsoft.icon
content-length: 1150
last-modified: Sun, 23 Sep 2018 10:22:36 GMT
etag: "47e-57687405c3300"
accept-ranges: bytes
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=kJn7tPOKk5BJZaWIemkuBuAp7QJqLhLcqgpipnEP2brJTNZDZ4JzNW02utmAkAfXZYyr_Z7Y6cqEDldf3aVsITix0ItV_mVEgp4FF1Rmsioumxh3ewiSMAdlaQWbdOlA
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Tue, 07 May 2024 22:45:16 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 102
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

zuhempih.com/5/7149369

139.45.197.245

200 OK

94 kB

URL GET HTTP/2
zuhempih.com/5/7149369
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjectzuhempih.com
Fingerprint97:B7:D0:6C:8B:16:1C:15:92:B9:BF:26:3C:FC:CD:84:BF:52:AF:7D
ValidityThu, 11 Apr 2024 05:08:18 GMT - Wed, 10 Jul 2024 05:08:17 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
94 kB (93603 bytes)
Hash
23f68308da3aec5ea1734244376166be
285b843a7be08b72c2cbbeca267ac63ed56c1e37
1dac8f12208e6da27a9d0b640f441bc3c6965da7b4490fe6ab0bce8521f54045

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/7149369 HTTP/1.1
Host: zuhempih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/javascript
x-trace-id: ee4a6beac0e80ae8c49f312dbdec63df
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008055d700f4494df57a97946484441f; expires=Wed, 07 May 2025 22:46:40 GMT; path=/; secure; SameSite=None
oaidts=1715122000; expires=Wed, 07 May 2025 22:46:40 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

hydr0.org/i/css/_main_min.css?07e7a71b

185.197.162.157

200 OK

35 kB

URL GET HTTP/2
hydr0.org/i/css/_main_min.css?07e7a71b
IP
185.197.162.157:443
ASN
#60144 3W Infra B.V.

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjecthydr0.org
Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3
ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT

File type
ASCII text, with very long lines (5499)
Size
35 kB (34669 bytes)
Hash
81385d0061739851378acb21c21bdbdf
05fe763d67de00f8b85cb109bb60c5c7fbc6a2fd
32d4f879ec70f3608e7cccfa4e7bb3e469564fdcca5b5fc28594ac415044f0e4

HTTP Headers

GET /i/css/_main_min.css?07e7a71b HTTP/1.1
Host: hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:39 GMT
content-type: text/css
last-modified: Tue, 27 Aug 2019 20:39:38 GMT
vary: Accept-Encoding
etag: W/"5d65950a-876d"
expires: Wed, 15 May 2024 22:46:39 GMT
cache-control: max-age=691200
content-encoding: gzip
X-Firefox-Spdy: h2

zuhempih.com/?rb=YPIW2G4zYoH1hjlb8I44zklq7R9fifhTX_mlQXmuIXyJQEnZF7Y4K_taV2NmwOeEi539NsvzvM1bhTfuxYIdOwbLVB3KQQaOh1paUTQ3aFM5DKsYsosoczoj53VhxCszA4a1nTCJ-Js9KgoZ_AFJmtL-1s7Sraa05ntPdY0bQrqL1rpKRZyozz4j-3lm3hpRfxyBKo7rc_EghCib032YeLiS-2PB0nueLxFmOSRKfrQBXbKKcDNBgYugnE70nyPB9x5ywRD168ApeejaiQFqeWMowsc%3D&request_ab2=0&zoneid=7149369&js_build=iclick-v1.788.10-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fprincess-chelsea.hydr0.org%2Ft%2F13736209121606227426-princess-chelsea-cigarette-duet%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.10-auto&navlng=en-US&pnt=0&pnrc=0&bs=94d8869f-cac8-418f-a1a5-f9da19bbfca0&wasm=1&userId=008055d700f4494df57a97946484441f&m=link

139.45.197.245

200 OK

2.4 kB

URL GET HTTP/2
zuhempih.com/?rb=YPIW2G4zYoH1hjlb8I44zklq7R9fifhTX_mlQXmuIXyJQEnZF7Y4K_taV2NmwOeEi539NsvzvM1bhTfuxYIdOwbLVB3KQQaOh1paUTQ3aFM5DKsYsosoczoj53VhxCszA4a1nTCJ-Js9KgoZ_AFJmtL-1s7Sraa05ntPdY0bQrqL1rpKRZyozz4j-3lm3hpRfxyBKo7rc_EghCib032YeLiS-2PB0nueLxFmOSRKfrQBXbKKcDNBgYugnE70nyPB9x5ywRD168ApeejaiQFqeWMowsc%3D&request_ab2=0&zoneid=7149369&js_build=iclick-v1.788.10-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fprincess-chelsea.hydr0.org%2Ft%2F13736209121606227426-princess-chelsea-cigarette-duet%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.10-auto&navlng=en-US&pnt=0&pnrc=0&bs=94d8869f-cac8-418f-a1a5-f9da19bbfca0&wasm=1&userId=008055d700f4494df57a97946484441f&m=link
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerLet's Encrypt
Subjectzuhempih.com
Fingerprint97:B7:D0:6C:8B:16:1C:15:92:B9:BF:26:3C:FC:CD:84:BF:52:AF:7D
ValidityThu, 11 Apr 2024 05:08:18 GMT - Wed, 10 Jul 2024 05:08:17 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2440), with no line terminators
Size
2.4 kB (2417 bytes)
Hash
1e43046e7d7642e1feb07aafe17fe49e
54bf6d3cb9e5821f84ace5e42f4328f515adc862
5e4180cd54366d311bc953b368c2b2ac5e69b3dad0edbca27f2bf8636be7652b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=YPIW2G4zYoH1hjlb8I44zklq7R9fifhTX_mlQXmuIXyJQEnZF7Y4K_taV2NmwOeEi539NsvzvM1bhTfuxYIdOwbLVB3KQQaOh1paUTQ3aFM5DKsYsosoczoj53VhxCszA4a1nTCJ-Js9KgoZ_AFJmtL-1s7Sraa05ntPdY0bQrqL1rpKRZyozz4j-3lm3hpRfxyBKo7rc_EghCib032YeLiS-2PB0nueLxFmOSRKfrQBXbKKcDNBgYugnE70nyPB9x5ywRD168ApeejaiQFqeWMowsc%3D&request_ab2=0&zoneid=7149369&js_build=iclick-v1.788.10-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fprincess-chelsea.hydr0.org%2Ft%2F13736209121606227426-princess-chelsea-cigarette-duet%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.10-auto&navlng=en-US&pnt=0&pnrc=0&bs=94d8869f-cac8-418f-a1a5-f9da19bbfca0&wasm=1&userId=008055d700f4494df57a97946484441f&m=link HTTP/1.1
Host: zuhempih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://princess-chelsea.hydr0.org/
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Cookie: OAID=008055d700f4494df57a97946484441f; oaidts=1715122000
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/json
x-trace-id: cc06465a61fe4d029fa7c3a8776533f4
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://princess-chelsea.hydr0.org
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008055d700f4494df57a97946484441f; expires=Wed, 07 May 2025 22:46:40 GMT; path=/; secure; SameSite=None
oaidts=1715122000; expires=Wed, 07 May 2025 22:46:40 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Tue, 14 May 2024 22:46:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2

216.58.207.227

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14780, version 1.0
Size
15 kB (14780 bytes)
Hash
8dae809192c44690275a3624133293e7
969c98c4d7eb00386ebbd61a63288972d138ecb8
c3de27b2cbd6deda629c9b442700cf54c0dda74e494b1c75a57d822068a047f8

HTTP Headers

GET /s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14780
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:03:54 GMT
expires: Fri, 02 May 2025 02:03:54 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 01 Jun 2023 22:52:58 GMT
content-type: font/woff2
age: 506566
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (26)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN