Report - 18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-

Report Overview

Submitted URL
18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-
IP
104.21.235.34
ASN
#13335 CLOUDFLARENET
Submitted
2022-12-02 13:12:08
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
nanouwho.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.3 kB	40 kB	139.45.197.242
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	454 B	10 kB	142.250.74.106
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	371 B	21 kB	216.58.207.206
betotodilea.com	52465	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	36 kB	139.45.197.237
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	172 kB	34.120.237.76
cdn.itskiddien.club	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	56 kB	139.45.197.236
offerimage.com	304078	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	417 B	44 kB	104.22.33.172
region1.google-analytics.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	725 B	558 B	216.239.32.36
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	7.0 kB	142.250.74.131
1.bp.blogspot.com	8403	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	478 B	7.5 kB	142.250.74.161
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	964 B	172.64.155.188
ninjastream.to	309873	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12 kB	747 kB	45.141.58.32
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
ssl.p.jwpcdn.com	2512	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	784 B	116 kB	151.101.194.114
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	44.240.57.100
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	382 B	743 B	139.45.195.8
ipp.littlecdn.com	109716	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	742 B	13 kB	104.22.24.116
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	5.5 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
interstitial-07.com	36198	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.7 kB	118 kB	139.45.197.155
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.1 kB	17 kB	23.36.76.226
cdn.jsdelivr.net	439	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	54 kB	104.16.86.20
t80.pixhost.to	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	151 kB	94.229.45.2
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	763 B	123 kB	142.250.74.40
unphionetor.com	54035	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	7.2 kB	139.45.197.236
tzegilo.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	356 B	6.3 kB	104.21.84.149
belickitungchan.com	813914	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	365 B	514 B	139.45.197.239
cdn.uponelectabuzzor.club	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.9 kB	2.2 kB	139.45.197.239
static.cloudflareinsights.com	1294	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	447 B	393 B	104.16.56.101
18korea.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	83 kB	104.21.235.33
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	1.2 kB	142.250.74.164
www.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	439 B	164 kB	142.250.74.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-02	medium	belickitungchan.com	Sinkholed
2022-12-02	medium	nanouwho.com	Sinkholed
2022-12-02	medium	nanouwho.com	Sinkholed
2022-12-02	medium	nanouwho.com	Sinkholed
2022-12-02	medium	nanouwho.com	Sinkholed
2022-12-02	medium	unphionetor.com	Sinkholed
2022-12-02	medium	unphionetor.com	Sinkholed
2022-12-02	medium	nanouwho.com	Sinkholed
2022-12-02	medium	unphionetor.com	Sinkholed
2022-12-02	medium	unphionetor.com	Sinkholed
2022-12-02	medium	nanouwho.com	Sinkholed

JavaScript (55)

	URL	Size	First Seen	Last Seen
	ninjastream.to/js/provider.hlsjs.js	290 kB	2023-03-08	2023-03-11
Pretty URL ninjastream.to/js/provider.hlsjs.js IP 45.141.58.32 ASN #213373 IP Connect Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-11 22:08:48 Times Seen1 Hash 3ea034a45891d1c48b2b961d3b8fb54b 96cda7abe038b68f8190727455534c2c570de302 1f5046b6d2ae0d5366f5b12225d7be8bae9c659de90368159eea352cf0fdcd8f Loading...

	ninjastream.to/js/vendor.js?id=0377102bb3b10e0efbde	1.2 MB	2023-03-07	2023-07-02
Pretty URL ninjastream.to/js/vendor.js?id=0377102bb3b10e0efbde IP 45.141.58.32 ASN #213373 IP Connect Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:11:22 Last Seen2023-07-02 20:51:10 Times Seen5 Hash 0377102bb3b10e0efbdefc41d766e29c e92d9fee5ca1c2abae6076e2be1a0e3832fbd879 c4bac7858ee586b67636fde21f4bf5b62e1007c58c445d490b00c63a8767da1c Loading...

	cdn.itskiddien.club/apu.php?zoneid=4455878	67 kB	2023-03-08	2023-03-08
Pretty URL cdn.itskiddien.club/apu.php?zoneid=4455878 IP 139.45.197.236 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash d47f3e1ef2ff8807051cb7f02326f23d fa8092fb23c0f99ada74715d85f52dd2b0d377e9 ee38049da49a1cc60773fde20b4c1469f0b8d31b7ae79d8a61f12acdd8a359e4 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LffbWcbAAAAAFt-RKdFNiYD_F24wum1z2kwreeR&co=aHR0cHM6Ly9uaW5qYXN0cmVhbS50bzo0NDM.&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=invisible&cb=iv4sjgv8rec	69 B	2023-03-07	2024-05-11
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LffbWcbAAAAAFt-RKdFNiYD_F24wum1z2kwreeR&co=aHR0cHM6Ly9uaW5qYXN0cmVhbS50bzo0NDM.&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=invisible&cb=iv4sjgv8rec IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-05-11 01:48:15 Times Seen101484 Hash 45ecf7458f42da80ac248ad42d610372 a5b3edf8328769bc754e6e616a957ceed4fdadd7 75867e75b209895995014b43c3d711476e3437481e5fbec91a4da674302558bf Loading...

	18korea.net/wp-content/plugins/wp-smush-pro/app/assets/js/smush-lazy-load.min.js?ver=3.7.0	8.5 kB	2023-03-08	2024-03-04
Pretty URL 18korea.net/wp-content/plugins/wp-smush-pro/app/assets/js/smush-lazy-load.min.js?ver=3.7.0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:29:27 Last Seen2024-03-04 16:51:39 Times Seen92 Hash 416e800224a47145229b2c3a6e70ae08 8a52b70a7b5f65e85ba60905b87f24faa37259a3 f3b9ef807d3988e8ce73d3012e2f19cab12503a411c79719959f42cb8728f566 Loading...

	18korea.net/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b	1.8 kB	2023-03-07	2024-05-11
Pretty URL 18korea.net/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:32 Last Seen2024-05-11 00:02:46 Times Seen6771 Hash cd0eb3406096ff80266e7c9d7d419186 0e3709691bf96233766de30e2fd473b84166c5b6 c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25 Loading...

	www.googletagmanager.com/gtag/js?id=G-BNGW6L3J0E	224 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=G-BNGW6L3J0E IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash 941f34d4752d0b430bc7bc902b84a64b 44d1024daab7d6443f2b8f4152c902fe7615b3c8 f06d3744053de4597180995a2d2b948161df25d530a4928937c07ad05da3a373 Loading...

	static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993	17 kB	2023-03-08	2024-02-28
Pretty URL static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 IP 104.16.56.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:25:00 Last Seen2024-02-28 12:44:37 Times Seen1362 Hash 33100f2355611b2375f05486299abf05 0b2d1b75f6695e67b884bee2eb72165d6e881a26 0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3 Loading...

	18korea.net/wp-includes/js/wp-emoji-release.min.js?ver=5.5.3	14 kB	2023-03-08	2024-05-05
Pretty URL 18korea.net/wp-includes/js/wp-emoji-release.min.js?ver=5.5.3 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2024-05-05 17:44:42 Times Seen5 Hash 7bb228fc7af6b8594b034c6870235aa6 e9f8dc63fae686105f71a0a04b1fd21e160c4054 b8b81502fe5b2a873dc2b1803670cfd9452ffc8f41f02b5143cb7991f812232e Loading...

	nanouwho.com/27/1ead059fa749da4c72410ffa55976f24	378 kB	2023-03-08	2023-03-08
Pretty URL nanouwho.com/27/1ead059fa749da4c72410ffa55976f24 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:35:07 Last Seen2023-03-08 20:42:03 Times Seen1 Hash 0b37e612c098521516914072fa16c7c7 6fec216f8411caa41343bb7dbb07c04428f1032a 1a6741dfc2e7f89ed84dc85f08cac840d76295c1a4e695300cd04da4a6fe87ec Loading...

	www.googletagmanager.com/gtag/js?id=UA-175515999-1	112 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=UA-175515999-1 IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash 1df44022e987430c66ebc4e6a775f22f def4d0f4b0dc1f5e1d9756d43c8b9379b22bc6a6 6a89a59e3d45e2ec00b700f078aa90e8074186e1e221589067b89e2c304cb83e Loading...

	ninjastream.to/watch/Ng9QnBwE6QVKb	187 B	2023-03-08	2023-03-08
Pretty URL ninjastream.to/watch/Ng9QnBwE6QVKb IP 45.141.58.32 ASN #213373 IP Connect Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash 5038f748727e4d21ac593f00a4765e77 7f7c16c143a00de2095817712e2aab64243a7400 eb117c1260d3f3c4c41879d7f46c7b36372e3fe91ed94eae94ec71f3a087d4f5 Loading...

	ipp.littlecdn.com/web/static/play.js	11 kB	2023-03-08	2023-12-01
Pretty URL ipp.littlecdn.com/web/static/play.js IP 104.22.24.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-12-01 23:15:37 Times Seen89 Hash 5d961b087a3e1ae750063b955af0c50a c6a64e6e7831a89c492110410b260db8bfbe658a fadbd220e91c144be2c63135e327ba8c34ca3303ee5ca2fcb6d4445c5c6b9cf8 Loading...

	nanouwho.com/1?z=4455918	17 kB	2023-03-08	2023-03-08
Pretty URL nanouwho.com/1?z=4455918 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash c84e8f0265e6d002b26e90a854863900 338ace5afc6cafdf3fd825a5a295f1937a9c5494 34efa6f0afdcae7f46d72421edcbb452a5d6aa5bea57b340ed718d6749adc017 Loading...

	18korea.net/ads/ads.js	395 B	2023-03-08	2023-03-08
Pretty URL 18korea.net/ads/ads.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash 6728fce36d946c4a79ee3995bf0f1470 6e11aed8d2e93c531ac9ab7ff68d48824d219dd7 9d27e1b6734004360765b667581f06d6110c8b2f2d5bac0dc7d3b540b1ffad70 Loading...

	18korea.net/wp-includes/js/imagesloaded.min.js?ver=4.1.4	5.6 kB	2023-03-07	2024-05-10
Pretty URL 18korea.net/wp-includes/js/imagesloaded.min.js?ver=4.1.4 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:40 Last Seen2024-05-10 18:21:16 Times Seen31136 Hash 3a56752b736635bf69cb069b8818cbfd 42e0951fe74bb3f56a30f51291823bcd4a84d76e ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869 Loading...

	18korea.net/wp-includes/js/comment-reply.min.js?ver=5.5.3	3.0 kB	2023-03-07	2024-01-04
Pretty URL 18korea.net/wp-includes/js/comment-reply.min.js?ver=5.5.3 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:28:41 Last Seen2024-01-04 14:51:03 Times Seen124 Hash 6d5632a96b45b575263b8ca1751babd7 a541258e96f7824506b1186b6f69c6e8e2484db3 a16df2f75e04129b12a5fde7311c7ea9131418080fd3f6bcb2b28ce1faa2fe8e Loading...

	ninjastream.to/watch/Ng9QnBwE6QVKb	80 B	2023-03-08	2023-03-11
Pretty URL ninjastream.to/watch/Ng9QnBwE6QVKb IP 45.141.58.32 ASN #213373 IP Connect Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-11 22:08:48 Times Seen1 Hash 5cd12ee3f29947b039197ea234ef46b2 b2c1dd8f37a9d50df3ecfed92fa2051f0ae22211 0e12bc012f964251a3cedd6fb15b6dd666b5aa5dcd4a6ea987a1d468b673ef24 Loading...

	betotodilea.com/400/5096878	84 kB	2023-03-08	2023-03-08
Pretty URL betotodilea.com/400/5096878 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash a75d61e3fe772be1d0e4f0181a22dbda 728c657aa1c14a28e1b496715af2ace1c4238649 2fee0b93c8213fc981632ce9326e806200e7721d39a31e05d8b812da38f3fc4a Loading...

	18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-	206 B	2023-03-08	2023-03-08
Pretty URL 18korea.net/watch/young-aunt-3-co-gi-tre-chung-3- IP 104.21.235.33 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash c54e48a3d0c0285ad35a1739648161c4 99fb48da5234debd9a8c0308c288eb4f58e35c1e 5296608c3c8a756177285534af1041687ae5a2f6701cb33fc3c0006b40099524 Loading...

	18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-	153 B	2023-03-08	2023-03-08
Pretty URL 18korea.net/watch/young-aunt-3-co-gi-tre-chung-3- IP 104.21.235.33 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash be62d6a1cdf8cc9203ddbf24992df3e8 3cc78b48f0c508fba4899866f398853bba11b41d 23a507056d1e7d8bcb4accc8fb29af4d7aeb554dff8de5acbaaddfcfa779b03e Loading...

	cdn.uponelectabuzzor.club/1?z=5096881	17 kB	2023-03-08	2023-03-08
Pretty URL cdn.uponelectabuzzor.club/1?z=5096881 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash d161c827319c9dbb272a56f9fd61852c d78d76d30841f78b0902f0646b396fa27b2b4fb9 6e27bdeec7285bcd80f55fffda1d6d34500c9fb58d4d890ff1e691ea73bce8b2 Loading...

	ninjastream.to/js/lib.js?id=08a4644732538fbccb68	36 kB	2023-03-07	2023-07-02
Pretty URL ninjastream.to/js/lib.js?id=08a4644732538fbccb68 IP 45.141.58.32 ASN #213373 IP Connect Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:11:22 Last Seen2023-07-02 20:51:10 Times Seen5 Hash 08a4644732538fbccb68ad97834edb4a 340287072f94315c51fcc9d6169fce4927b50d86 57f655feacb058cff1ca509d6d5c379e4523b14a72efd26fa50d7e76708a436a Loading...

	www.google.com/recaptcha/api.js?render=6LffbWcbAAAAAFt-RKdFNiYD_F24wum1z2kwreeR	884 B	2023-03-08	2023-03-11
Pretty URL www.google.com/recaptcha/api.js?render=6LffbWcbAAAAAFt-RKdFNiYD_F24wum1z2kwreeR IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-11 22:08:48 Times Seen1 Hash 6c9d1c06e73c7587ce8f6437081eb2e8 1304f58884bcb6d29d228cf239a08e8a19af335e e643d8b5ecaa52fb6c0eac9159a289910438b1b98cd3646393d9bec24d3f4bcf Loading...

	ninjastream.to/js/app.js?id=c6a3a872706c3e2d3cba	976 kB	2023-03-07	2023-07-02
Pretty URL ninjastream.to/js/app.js?id=c6a3a872706c3e2d3cba IP 45.141.58.32 ASN #213373 IP Connect Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:11:22 Last Seen2023-07-02 20:51:10 Times Seen5 Hash c6a3a872706c3e2d3cbaad912636b3cd 9b265ef1837bfb08c1ae52757d8deac0f388eeff 3dc4039d2066b16971d0209c7bd7ad3c4ce407e597d4e59be13462ece43336f7 Loading...

	betotodilea.com/400/4455000	84 kB	2023-03-08	2023-03-08
Pretty URL betotodilea.com/400/4455000 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash e3856ade856a997ccb176400c0458117 bf7d814299350882f393d3be13a8b86f5d4a39e5 3579ae369edbb8ef55eabaceabd594ed7ddaa54194bd3fd17d32b1ed2c3ba279 Loading...

	18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-	224 B	2023-03-08	2023-03-08
Pretty URL 18korea.net/watch/young-aunt-3-co-gi-tre-chung-3- IP 104.21.235.33 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash 556e085a33b9e665f3cf6de3ceacacc4 4ca8a6334eb41b5c5de8dca2f61195b32da68590 fa29c9cc417df3bcc8c3cb6e6803614a691731f16fe8e64739a8004376bfb784 Loading...

	18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-	3.3 kB	2023-03-08	2023-03-08
Pretty URL 18korea.net/watch/young-aunt-3-co-gi-tre-chung-3- IP 104.21.235.33 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash 90d4ce84fc8b18f09e89077eb171ff35 9c551bac81958df2f57077c649bd7da168f44e9b 7555b723edd8ab81c825112b95b8d1c7e84e14c40e4006d63f3dde116db8e0fe Loading...

	18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-	109 B	2023-03-08	2024-05-09
Pretty URL 18korea.net/watch/young-aunt-3-co-gi-tre-chung-3- IP 104.21.235.33 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2024-05-09 11:45:19 Times Seen15 Hash 0c14aaa84e900deabc3552ad7f782631 5ca60cb6b1f6f1725c380de97eecdfd6c45f17d4 867588e4e30ed8ce304e08546fcb09f18632bca0d4e3b8b4c02cc4ef51f3d359 Loading...

	ssl.p.jwpcdn.com/player/v/8.18.4/jwplayer.js	115 kB	2023-03-08	2023-09-26
Pretty URL ssl.p.jwpcdn.com/player/v/8.18.4/jwplayer.js IP 151.101.194.114 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-09-26 13:18:50 Times Seen5 Hash 6505a92df4a2368b1b7d5e34d60a1240 cb92d819d444e50905fc2962cea5700aa5a25980 929ad20bec867ac8b707cab1390cd2af02c4dde55d0967a6050ccddc29c696fa Loading...

	interstitial-07.com/?l=xmPosaU4na8EynY&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2153250558%26z%3D4455918%26b%3D15950248%26c%3D6382289%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DN0x8OPYGH64FUmc_TWICyNyP_YBq-CTcvJy1iOpmf2R6XT4Oj8lIGZ6kIitpdQMnScppdWs1e4RzYM_KV8Ykb92n5_YjVb7ai2nRSYGTwYULzlVKEFAr95T5ztV_rGMOvNUotHJKJnYs6niTlHmdH4xWn7IcDalC6wZ3-e_wtEei3x31sU-F17ANdIZbSRfK9b5WjWnTbMECWBgBznLySAbm37HcLwD5b9F5FnHLROVfSQdv_AcKhqBie-DnMGUyoaOgLMPUfk90xuh_Jcnh5Xb9BB3Q8LW-gdzYEKe5GHdSdrwuj8liQmKAVnsuN5OPJo3y0aBPPMV9f-GEk5lDC9TqwZ18rGAcQ0agu5yQw_UF_Z5YaswChF87hjyURH2v_PvIpvndHKASc5qc0hBeZkxBaVZHRqZPw8D6pMmO35zXY7q8_S2O9XLd_NqCYot4h86WuzHaf-0TxGl4Ux9EVUmToTQl_1kjsN1hMcCyCh-ojvtLgOwkcBxHmqpE6cO27Tvu4mkpd0yhVaEScsUe09UOLW1sNvKedWjvqJ-Iya8P-n4Hidq4JqwzJTZB0ul8qgYqprErQT0Z7y577mgebXYPpA8JZdi9hmBzMzb-T7DAp0-W_yRuF74XeuDpqejGZHlJwKXOIoTRD7aVv7aUtQ%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3Dc851dcc6-47c0-44ab-b4fb-c83f7c999324%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fninjastream.to%252Fwatch%252FNg9QnBwE6QVKb%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D970%26wiw%3D970%26wih%3D546%26wfc%3D3%26sah%3D1002%26drf%3Dhttps%253A%252F%252F18korea.net%252F%26hil%3D1%26ist%3D0%26tbc%3D0	1.4 kB	2023-03-08	2023-03-08
Pretty URL interstitial-07.com/?l=xmPosaU4na8EynY&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2153250558%26z%3D4455918%26b%3D15950248%26c%3D6382289%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DN0x8OPYGH64FUmc_TWICyNyP_YBq-CTcvJy1iOpmf2R6XT4Oj8lIGZ6kIitpdQMnScppdWs1e4RzYM_KV8Ykb92n5_YjVb7ai2nRSYGTwYULzlVKEFAr95T5ztV_rGMOvNUotHJKJnYs6niTlHmdH4xWn7IcDalC6wZ3-e_wtEei3x31sU-F17ANdIZbSRfK9b5WjWnTbMECWBgBznLySAbm37HcLwD5b9F5FnHLROVfSQdv_AcKhqBie-DnMGUyoaOgLMPUfk90xuh_Jcnh5Xb9BB3Q8LW-gdzYEKe5GHdSdrwuj8liQmKAVnsuN5OPJo3y0aBPPMV9f-GEk5lDC9TqwZ18rGAcQ0agu5yQw_UF_Z5YaswChF87hjyURH2v_PvIpvndHKASc5qc0hBeZkxBaVZHRqZPw8D6pMmO35zXY7q8_S2O9XLd_NqCYot4h86WuzHaf-0TxGl4Ux9EVUmToTQl_1kjsN1hMcCyCh-ojvtLgOwkcBxHmqpE6cO27Tvu4mkpd0yhVaEScsUe09UOLW1sNvKedWjvqJ-Iya8P-n4Hidq4JqwzJTZB0ul8qgYqprErQT0Z7y577mgebXYPpA8JZdi9hmBzMzb-T7DAp0-W_yRuF74XeuDpqejGZHlJwKXOIoTRD7aVv7aUtQ%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3Dc851dcc6-47c0-44ab-b4fb-c83f7c999324%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fninjastream.to%252Fwatch%252FNg9QnBwE6QVKb%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D970%26wiw%3D970%26wih%3D546%26wfc%3D3%26sah%3D1002%26drf%3Dhttps%253A%252F%252F18korea.net%252F%26hil%3D1%26ist%3D0%26tbc%3D0 IP 139.45.197.155 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash e840f61a29e7a23bf0b5767053112380 2a6d74520089ef344d22a5299445aac2b11743a3 263d2ab7528ff412068f199af7126b2e2ad69174242f2b39ea11d2a52d72c7e7 Loading...

	18korea.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-05-11
Pretty URL 18korea.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 104.21.235.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-11 02:13:00 Times Seen56587 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	unknown	0 B	2023-03-07	2024-05-11
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-11 03:22:08 Times Seen37534259 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ninjastream.to/watch/Ng9QnBwE6QVKb	8.8 kB	2023-03-07	2023-05-23
Pretty URL ninjastream.to/watch/Ng9QnBwE6QVKb IP 45.141.58.32 ASN #213373 IP Connect Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:11:22 Last Seen2023-05-23 06:11:17 Times Seen2 Hash 07f7216c65e5cbf7be7577676aa49cd3 6e15701590a6ded25e26b54019e26c06a29392b2 6a6a26f403638baff7514120383eb2589b04c42172b5dde12cf4b2dc538f3ab5 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-05-10
Pretty URL www.google-analytics.com/analytics.js IP 216.58.207.206 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-05-10 19:48:26 Times Seen1646 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	tzegilo.com/stattag.js	13 kB	2023-03-08	2023-03-12
Pretty URL tzegilo.com/stattag.js IP 104.21.84.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:59 Last Seen2023-03-12 10:48:49 Times Seen1 Hash d0de06f954f7dedba242231b0ec4052d 188d75bb9077832384f889dd15584845790bc146 efae63871ebdeb69e7d64c6782924f72584f962d540b8c55237cba93c026af16 Loading...

	www.googletagmanager.com/gtag/js?id=UA-64285162-3	112 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=UA-64285162-3 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash 27d964f28ff3f808dd08169ca5bf7f4d e307e370cba46635184e8edcea9094a14153135c ff7277d3e9a9d3561b96340e4dadbbf96495029a7ada5e0a20c007426c1fb8c0 Loading...

	18korea.net/js/code.min.js	30 kB	2023-03-08	2023-03-08
Pretty URL 18korea.net/js/code.min.js IP 104.21.235.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash e52bba9d6fe91d2a427925b7245847fd ff007ee64ed43849027cae2d411faa2f3e324a46 13c641230cdcb4725a7d919cd6c9b924728caf78bd9b4719616ad25369e7a9e5 Loading...

	18korea.net/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp	97 kB	2023-03-07	2024-05-11
Pretty URL 18korea.net/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:37 Last Seen2024-05-11 01:54:50 Times Seen683 Hash 233c7d5dea90dffee999afd6891aeb4d 28dcf912a37d855a5072b83aa78e7c432b728717 8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919 Loading...

	18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-	6.9 kB	2023-03-08	2023-03-08
Pretty URL 18korea.net/watch/young-aunt-3-co-gi-tre-chung-3- IP 104.21.235.33 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash 755c4e436874e74a8b0306b6311e6aec 32502123e94102e19497476d58dfde7ed13c6940 bfddc3ad5666dffb8f5d6e9802f0fa730c8e905604d7feadd82fd795f861b815 Loading...

	18korea.net/wp-includes/js/wp-embed.min.js?ver=5.5.3	1.4 kB	2023-03-07	2024-05-10
Pretty URL 18korea.net/wp-includes/js/wp-embed.min.js?ver=5.5.3 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:17 Last Seen2024-05-10 21:03:54 Times Seen1482 Hash 8ed6038a5dbf62380de72a681340afd3 1b7f829b844eaa1a3e2d05f51fa81d6579d76738 6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0 Loading...

	interstitial-07.com/?l=ZLNffCnc9jNppQ6&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fcdn.uponelectabuzzor.club%2F12%3Frnd%3D1943011066%26z%3D5096881%26b%3D15950250%26c%3D6382289%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D2q1uXKeBfRrjAGY4djTZrXkxAIffCgiCaUNcg_Hk3o2ZRjr41w4FJ9VrPokqlxaNU2Px1ao34ATV1t7PObjkpgYl9IPFg641bQBUOuu2PLbteldwa08bOgYDdKah-8VGLgtFVd7US2Y0XCaIw0fe9vR90YCDe7celXYLNAnTqxn0EpdKJQ_SAk5sOQXwch8RTy_LRQqv4eGg2-CWL0XH3nxE97U9mQ43ulhepM9iOgY10MwV6_XdDM3fn0DbO5193CO9TQPloLKIGu29BN7QaDuV-viFZoyNYuoPXWbM94K1kcx1ONAMh-3qUnTLla4AVlL0F7t89rsL24GH0RBSmIRnyGlZo-aM8ntBnBR12wkJCk3tEbVHMUqjqVH_G6a8tDa-UlHvHdD-YIZp852mjuaYDicHF1nd3zMHBXeZNyIeRkZnU8EdzWSQlZYS4Qxifz1qgQJ_8668YOVqzmw3uXNrl4ENMI476SjHIlZ0T2pCc0CiauX9ZjULD40VIleUTlsSzptVUBVjPUjsiHYtlCsd6xHCSrt0a-QZLgv3DDsh-mnmPYXsTE9_s7KxWfpKRVXsN088_0RY35_Gxy7kGkyFN8SsfSsNNiqXR_LpLVM0RVlmsc1ogTEo796HzGsDR-ecIzpBoosASVvm5xzyCA%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D2ed21b21-3c9d-434d-8536-d750be93db91%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fninjastream.to%252Fwatch%252FNg9QnBwE6QVKb%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D970%26wiw%3D970%26wih%3D546%26wfc%3D2%26sah%3D1002%26drf%3Dhttps%253A%252F%252F18korea.net%252F%26hil%3D1%26ist%3D0%26tbc%3D0	1.5 kB	2023-03-08	2023-03-08
Pretty URL interstitial-07.com/?l=ZLNffCnc9jNppQ6&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fcdn.uponelectabuzzor.club%2F12%3Frnd%3D1943011066%26z%3D5096881%26b%3D15950250%26c%3D6382289%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D2q1uXKeBfRrjAGY4djTZrXkxAIffCgiCaUNcg_Hk3o2ZRjr41w4FJ9VrPokqlxaNU2Px1ao34ATV1t7PObjkpgYl9IPFg641bQBUOuu2PLbteldwa08bOgYDdKah-8VGLgtFVd7US2Y0XCaIw0fe9vR90YCDe7celXYLNAnTqxn0EpdKJQ_SAk5sOQXwch8RTy_LRQqv4eGg2-CWL0XH3nxE97U9mQ43ulhepM9iOgY10MwV6_XdDM3fn0DbO5193CO9TQPloLKIGu29BN7QaDuV-viFZoyNYuoPXWbM94K1kcx1ONAMh-3qUnTLla4AVlL0F7t89rsL24GH0RBSmIRnyGlZo-aM8ntBnBR12wkJCk3tEbVHMUqjqVH_G6a8tDa-UlHvHdD-YIZp852mjuaYDicHF1nd3zMHBXeZNyIeRkZnU8EdzWSQlZYS4Qxifz1qgQJ_8668YOVqzmw3uXNrl4ENMI476SjHIlZ0T2pCc0CiauX9ZjULD40VIleUTlsSzptVUBVjPUjsiHYtlCsd6xHCSrt0a-QZLgv3DDsh-mnmPYXsTE9_s7KxWfpKRVXsN088_0RY35_Gxy7kGkyFN8SsfSsNNiqXR_LpLVM0RVlmsc1ogTEo796HzGsDR-ecIzpBoosASVvm5xzyCA%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D2ed21b21-3c9d-434d-8536-d750be93db91%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fninjastream.to%252Fwatch%252FNg9QnBwE6QVKb%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D970%26wiw%3D970%26wih%3D546%26wfc%3D2%26sah%3D1002%26drf%3Dhttps%253A%252F%252F18korea.net%252F%26hil%3D1%26ist%3D0%26tbc%3D0 IP 139.45.197.155 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash 8695906d4310a4cc777df53f8e88ab94 d8fa8846f03a07341199768f97a0031349dddbcd e497d9149956d05ee25566a2734b9d394d193d2c2b22a04c8ae826e1ed713843 Loading...

	ninjastream.to/js/manifest.js?id=40c2d5f3fcd584aa2799	2.3 kB	2023-03-07	2023-07-02
Pretty URL ninjastream.to/js/manifest.js?id=40c2d5f3fcd584aa2799 IP 45.141.58.32 ASN #213373 IP Connect Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:11:22 Last Seen2023-07-02 20:51:10 Times Seen5 Hash 40c2d5f3fcd584aa27999b5a33b8fa4d dabcad4b5d443069a617f2e902579863d5132c9c 9ed62c2279a2b3963b8c3d82e748371ad15c7de2a77a9881604eafeb8dfa2fc5 Loading...

	cdn.jsdelivr.net/npm/p2p-media-loader-hlsjs@latest/build/p2p-media-loader-hlsjs.min.js	27 kB	2023-03-07	2024-05-10
Pretty URL cdn.jsdelivr.net/npm/p2p-media-loader-hlsjs@latest/build/p2p-media-loader-hlsjs.min.js IP 104.16.86.20 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:07 Last Seen2024-05-10 20:34:24 Times Seen881 Hash 835f1f7feab838f171c6334abc3d14da 68b97b433d37600647338e57f4344e5e1faf6246 189334d0a898e2aa16794cdd1ea47a0e7c1750578173b25033049fafdf55f2a4 Loading...

	ninjastream.to/watch/Ng9QnBwE6QVKb	208 B	2023-03-07	2023-03-11
Pretty URL ninjastream.to/watch/Ng9QnBwE6QVKb IP 45.141.58.32 ASN #213373 IP Connect Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:11:22 Last Seen2023-03-11 22:08:48 Times Seen1 Hash 1839bcb4c385b1daa80266bda43612c8 5f982d139230dbbada113bb67813bde1ee7527b7 e0ea60288ac2ba945bb8f20574455297e02245ae80724892e27892fd0068cfd1 Loading...

	www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js	409 kB	2023-03-08	2023-03-17
Pretty URL www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:03 Last Seen2023-03-17 23:14:58 Times Seen1 Hash b2507198388fcc94ca9e94ed4c5561c5 8853fc86f1c616bd20a73e3e24442036fd90fd2f 02c7565a86d6d3a80295b85161d78fc88d8c79a0e314c0c7777570237a365ed0 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LffbWcbAAAAAFt-RKdFNiYD_F24wum1z2kwreeR&co=aHR0cHM6Ly9uaW5qYXN0cmVhbS50bzo0NDM.&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=invisible&cb=iv4sjgv8rec	35 kB	2023-03-08	2023-03-08
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LffbWcbAAAAAFt-RKdFNiYD_F24wum1z2kwreeR&co=aHR0cHM6Ly9uaW5qYXN0cmVhbS50bzo0NDM.&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=invisible&cb=iv4sjgv8rec IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash 907d70a7ff621c6e4fa48189582371b9 361aa920d83fcedeb6b304d92074e7a049951b4b ac50a752b4ea6df21b851721d483bc05d750113c3faeceed009c6b440b718427 Loading...

	18korea.net/wp-includes/js/masonry.min.js?ver=4.2.2	24 kB	2023-03-07	2024-05-11
Pretty URL 18korea.net/wp-includes/js/masonry.min.js?ver=4.2.2 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:57 Last Seen2024-05-11 00:02:47 Times Seen15519 Hash 3b3fc826e58fc554108e4a651c9c7848 76778fd446e2ff2377588a7b4ac4d79f258427c9 e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb Loading...

	unphionetor.com/fv.js?t=72747&cb=395070695	5.2 kB	2023-03-07	2024-05-11
Pretty URL unphionetor.com/fv.js?t=72747&cb=395070695 IP 139.45.197.236 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-05-11 00:17:31 Times Seen2378 Hash 563d777535ce88943a94a6be86f378c8 8753745424d367275e3fe55a5661fe51b1e1fb72 0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a Loading...

	18korea.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	12 kB	2023-03-07	2024-05-11
Pretty URL 18korea.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 104.21.235.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-05-11 03:01:56 Times Seen43985 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 5bd210fff45cf96ffcf0bb9123070d51	16 kB	2023-03-08	2023-11-04
Pretty Observations First Seen2023-03-08 14:33:54 Last Seen2023-11-04 16:55:45 Times Seen3 Hash 5bd210fff45cf96ffcf0bb9123070d51 09f3615c3096b1c7b413dbe39439be8f82d1eeef 0d4559ba47020dfb3d3229a79fae241152a0337f86a9c8a01bd5add41c1753b7 Loading...

	#2 Eval - a67bad065c725f1d42d6eb83f626f676	64 B	2023-03-08	2023-11-04
Pretty Observations First Seen2023-03-08 14:33:54 Last Seen2023-11-04 16:55:45 Times Seen3 Hash a67bad065c725f1d42d6eb83f626f676 ecd1fed4bbaacbf771ba634b4616d2bebcba57cb cc158dc49db31ac40a09769c14f1e96ce12d8ee44ddb54a5321c32cd0536ef78 Loading...

	#3 Eval - e1cdc5b1bc95b7f4c650dd527de925df	22 kB	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 14:38:33 Last Seen2023-03-08 14:38:33 Times Seen1 Hash e1cdc5b1bc95b7f4c650dd527de925df 391d962dc92ed0dbd8cc6521fa19417abfe38fc3 01a0a819d406e732a449bcb4975d9d8a2b853fddc4c37fef4adb915f4d1cbf77 Loading...

	#4 Eval - c9257e927ccf8069f3dcfb01c9234d09	22 B	2023-03-08	2023-11-04
Pretty Observations First Seen2023-03-08 14:33:54 Last Seen2023-11-04 16:55:45 Times Seen3 Hash c9257e927ccf8069f3dcfb01c9234d09 921955c8df691f30a12542510f33856a4cb972cb 9bb0c662c12831d4a6a9d504b2534e28f08b91591da1303a05ad2b3e12a6e49e Loading...

	#5 Eval - 0d2fca76a746941a17fa7dcf80dfc0c2	22 B	2023-03-08	2023-11-04
Pretty Observations First Seen2023-03-08 14:33:54 Last Seen2023-11-04 16:55:45 Times Seen3 Hash 0d2fca76a746941a17fa7dcf80dfc0c2 a4d2a22237d8b10b7b611764266911ef1933bbd7 2ed176c7f9d5b3c8ca6ccdb0e994b6ddc34944c41fc4db7451fd7a3d27fed6f1 Loading...

HTTP Transactions (115)

URL IP Response Size

18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-

104.21.235.33

301 Moved Permanently

0 B

URL HTTP/1.1
18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-
IP
104.21.235.33:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch/young-aunt-3-co-gi-tre-chung-3- HTTP/1.1
Host: 18korea.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Fri, 02 Dec 2022 13:11:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 02 Dec 2022 14:11:55 GMT
Location: https://18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-
Server-Timing: cf-q-config;dur=6.9999987317715e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RJvFwLxUbRu76HxcAtPju89sCnW2X%2Bc6M7ylu8mq0gleOEH73H%2BZNLwgxmrMQxgenUnqaNkX84R6a9VeHUFx11dcZ5ISIUTVx4yvEsnLxT5dv24ki2K3%2BpXvXczing%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77344fac8d137326-LHR
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2403
Expires: Fri, 02 Dec 2022 13:51:58 GMT
Date: Fri, 02 Dec 2022 13:11:55 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6595
Cache-Control: max-age=169755
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:55 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 12:21:10 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7681
Expires: Fri, 02 Dec 2022 15:19:56 GMT
Date: Fri, 02 Dec 2022 13:11:55 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 12:19:56 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3119
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: ANULuujFhCsUMKfDokaJCN1q4UXZUNuc6aoiQePJDXRyRPaObOSIZNxnNBWTKUm45cPMFZ+rKvU=
x-amz-request-id: NPBJSKHZ5D11RGWX
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 12:46:07 GMT
age: 1548
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:55 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
a4b8ad385dedf0aba53035515dd5af25
c4cd8ef92f55b89b2b7868e3bcdb82f600bcd700
9a5871d001a026a4914c7feb0074346ba12916af2236a8017c9e7bb261c58fd4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=129648
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:56 GMT
Etag: "6389510c-118"
Expires: Sun, 04 Dec 2022 01:12:44 GMT
Last-Modified: Fri, 02 Dec 2022 01:12:44 GMT
Server: nginx
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
a4b8ad385dedf0aba53035515dd5af25
c4cd8ef92f55b89b2b7868e3bcdb82f600bcd700
9a5871d001a026a4914c7feb0074346ba12916af2236a8017c9e7bb261c58fd4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=129648
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:56 GMT
Etag: "6389510c-118"
Expires: Sun, 04 Dec 2022 01:12:44 GMT
Last-Modified: Fri, 02 Dec 2022 01:12:44 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 280

18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-

104.21.235.34

200 OK

8.9 kB

URL HTTP/2
18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-
IP
104.21.235.34:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2545), with CRLF, LF line terminators
Size
8.9 kB (8935 bytes)
Hash
56798fd0bc76e9ffd65ab861e801e695
d5e22fe60c2a89bda18f366fd003e2ad36b7cdbd
74cebc42447a5c06b4a7d54e8c9aa76674dfce21706248bac09b3858aadd224c

HTTP Headers

GET /watch/young-aunt-3-co-gi-tre-chung-3- HTTP/1.1
Host: 18korea.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:11:56 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: X_CACHE_KEY=a474c2dac1d6041d1c95faaca1aac622; path=/; Expires=Fri, 31-Dec-9999 23:59:59 GMT
PHPSESSID=7d9bhi5k0qlr19inrsvjorlaru; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MBX05hKItzUwAzZTglElV0%2BCyGdpNMjsBdReqW0vaoq%2Fl2LDMDBc05AE0xxxnoQ1d996Fxne6%2BZ62PpQBwMpmOWB2HrcxQRbCjzWMqDD3YHuLFneQ5nYhUDGuPeRbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77344fb04aa371da-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
9bd806cca07dea834ae8e19fe9681b03
2177d482712d52a37e8c40a647b18ca18cceb3e1
bc838e9f2fb696c917c7132e05d99914472c6b06336202b072902ade707a6ffd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
05917f7542a781275c12d43562be1507
1ea730e7e2b5a84fb0341ef9a64b141a4dd469b3
2f24492a077b583bd9dfe049c16c60b219d950712879f187ff2160214df9bd0e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ed3a6d341a858f44e17dcf25b498c97b
f1a5d87d7dca15d9018771eecf4bf5b5fdd5abb0
7bb1c63b4ec991f9c76848aeeff9465c6ee8d07272801690eaff83dc77f94dfd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7BB1C63B4EC991F9C76848AEEFF9465C6EE8D07272801690EAFF83DC77F94DFD"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17325
Expires: Fri, 02 Dec 2022 18:00:41 GMT
Date: Fri, 02 Dec 2022 13:11:56 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
05917f7542a781275c12d43562be1507
1ea730e7e2b5a84fb0341ef9a64b141a4dd469b3
2f24492a077b583bd9dfe049c16c60b219d950712879f187ff2160214df9bd0e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ninjastream.to/watch/Ng9QnBwE6QVKb

45.141.58.32

200 OK

4.5 kB

URL HTTP/1.1
ninjastream.to/watch/Ng9QnBwE6QVKb
IP
45.141.58.32:0
ASN
#213373 IP Connect Inc

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5241)
Size
4.5 kB (4504 bytes)
Hash
394c5e663862391922e57b8a93cff568
f393d88f75c0ea30b4832f447d0ee1bdff818d7c
6809917aa5fad7475b86a4d24542eb83ff0891aa35b48afb4dbef0d507b64030

HTTP Headers

GET /watch/Ng9QnBwE6QVKb HTTP/1.1
Host: ninjastream.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18korea.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 13:11:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.15
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
Set-Cookie: XSRF-TOKEN=eyJpdiI6Ikh5aDFiY3A0d3lBRkw3dDQ1ak1aZmc9PSIsInZhbHVlIjoiaytzWEpxeVNwY3pHWjFGR211QXYydFNhb2NqUXd1Q3UxenF3UjJ1TytZdWFySnViQkUyL0hHMkFWOXpLY0ZoQ1ZGdDVIWWlibm9mRWEwY2RBYVpnRTNJUUo2OEpYLzZ1eWxQNXQxU29BdlJ2SE93bmNHc3RnMjJSYnVBck9EZDAiLCJtYWMiOiI0Y2VmMGY3ZWY1NGE5NTM4NGY0ODU0NWFjMGRhYjg4ZjY4YTUzMjMxMGMyMWIzNjkyZTBmZWYxMDM0NWIwYWU5In0%3D; expires=Fri, 02-Dec-2022 15:11:56 GMT; Max-Age=7200; path=/; secure; samesite=none
ninjastream_session=eyJpdiI6IkZEQ2l0TUZpWUs5MDVYNnJXMFhaS1E9PSIsInZhbHVlIjoiK1Axei9HRTZIYTJibFhwTDlSZlQ1MFhOY3RMRDRxSzdFN2dwRUFLNnZYWE1SR2JQOVQzMzNQV28vRFEvU2c2bERXWTNPQTdlUW9ScTZRdVdncUYzeUd6Sk1XZ0lMQVRhckVLNlY2WE04RjdnVzNHdFlQR29qQ0d0R0p1Y1AvVXoiLCJtYWMiOiJkODNhYjI4YzIzYWNkZWZmOTVkMDBkYTEwZTM3MTQyMTM2YjE5Nzc5NzNmZWM4MTZiOWE3MWY4MTAyZDI4MTk5In0%3D; expires=Fri, 02-Dec-2022 15:11:56 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
Content-Encoding: gzip

fonts.googleapis.com/css?family=Arimo%3A400%2C700%7CDroid+Serif%3A400%2C700%7COpen+Sans%3A600%2C700&ver=5.5.3

142.250.74.106

200 OK

9.7 kB

URL HTTP/2
fonts.googleapis.com/css?family=Arimo%3A400%2C700%7CDroid+Serif%3A400%2C700%7COpen+Sans%3A600%2C700&ver=5.5.3
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
9.7 kB (9670 bytes)
Hash
1f432fb2c7f52eb50d38e70489d56fca
ed7eb4394c8c08e2f766160791ff3ec32bc899f6
a4c3647777cf68c653241356311626e4af5a126e198b788acb35f13d8c081a1a

HTTP Headers

GET /css?family=Arimo%3A400%2C700%7CDroid+Serif%3A400%2C700%7COpen+Sans%3A600%2C700&ver=5.5.3 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18korea.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 02 Dec 2022 13:11:56 GMT
date: Fri, 02 Dec 2022 13:11:56 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 13:11:15 GMT
cache-control: public,max-age=3600
age: 41
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ninjastream.to/videojs-plus/videojs-plus.css

45.141.58.32

200 OK

11 kB

URL HTTP/1.1
ninjastream.to/videojs-plus/videojs-plus.css
IP
45.141.58.32:0
ASN
#213373 IP Connect Inc

File type
ASCII text, with very long lines (7368)
Size
11 kB (11024 bytes)
Hash
3b50d36de8d697843cdf0dd25bdcd56c
bd35a4741b76facba2562d05ce438c128d6ae366
a0958ecaca048b442e4900cc590f71a8ee04fadc4459af0ff76450d81846b4f6

HTTP Headers

GET /videojs-plus/videojs-plus.css HTTP/1.1
Host: ninjastream.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninjastream.to/watch/Ng9QnBwE6QVKb
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ikh5aDFiY3A0d3lBRkw3dDQ1ak1aZmc9PSIsInZhbHVlIjoiaytzWEpxeVNwY3pHWjFGR211QXYydFNhb2NqUXd1Q3UxenF3UjJ1TytZdWFySnViQkUyL0hHMkFWOXpLY0ZoQ1ZGdDVIWWlibm9mRWEwY2RBYVpnRTNJUUo2OEpYLzZ1eWxQNXQxU29BdlJ2SE93bmNHc3RnMjJSYnVBck9EZDAiLCJtYWMiOiI0Y2VmMGY3ZWY1NGE5NTM4NGY0ODU0NWFjMGRhYjg4ZjY4YTUzMjMxMGMyMWIzNjkyZTBmZWYxMDM0NWIwYWU5In0%3D; ninjastream_session=eyJpdiI6IkZEQ2l0TUZpWUs5MDVYNnJXMFhaS1E9PSIsInZhbHVlIjoiK1Axei9HRTZIYTJibFhwTDlSZlQ1MFhOY3RMRDRxSzdFN2dwRUFLNnZYWE1SR2JQOVQzMzNQV28vRFEvU2c2bERXWTNPQTdlUW9ScTZRdVdncUYzeUd6Sk1XZ0lMQVRhckVLNlY2WE04RjdnVzNHdFlQR29qQ0d0R0p1Y1AvVXoiLCJtYWMiOiJkODNhYjI4YzIzYWNkZWZmOTVkMDBkYTEwZTM3MTQyMTM2YjE5Nzc5NzNmZWM4MTZiOWE3MWY4MTAyZDI4MTk5In0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 13:11:56 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 16 Apr 2021 18:06:55 GMT
ETag: W/"6079d23f-99ce"
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
315873c315af2be891e63f8b421bae65
5277bb0c4fea2b036c6faf28d66395c96166ffd2
3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6595
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:56 GMT
Last-Modified: Fri, 02 Dec 2022 11:22:01 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

1.bp.blogspot.com/-pBkIy9A1gEE/YOUjXNE3saI/AAAAAAAAAAQ/oVy0Gd7wx6YrmKkIM8KKunroDQYHOadBgCLcBGAsYHQ/s475/logo.jpg

142.250.74.161

200 OK

6.9 kB

URL HTTP/2
1.bp.blogspot.com/-pBkIy9A1gEE/YOUjXNE3saI/AAAAAAAAAAQ/oVy0Gd7wx6YrmKkIM8KKunroDQYHOadBgCLcBGAsYHQ/s475/logo.jpg
IP
142.250.74.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 475 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
6.9 kB (6889 bytes)
Hash
1cfaf0f0d6cf0d3273e53c9b2507e772
381570415485effdda4091fb3239c622d47ff0e6
6623a912f4967c5635a12cf8e779ae87ebbfd484a300e0926f2c87a78bb7255a

HTTP Headers

GET /-pBkIy9A1gEE/YOUjXNE3saI/AAAAAAAAAAQ/oVy0Gd7wx6YrmKkIM8KKunroDQYHOadBgCLcBGAsYHQ/s475/logo.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18korea.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="logo.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 6889
x-xss-protection: 0
date: Fri, 02 Dec 2022 13:11:56 GMT
expires: Fri, 25 Nov 2022 00:04:21 GMT
cache-control: public, max-age=86400, no-transform
etag: "v6"
content-type: image/png
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
ae01e9c9ce33c4ea869985f4fcfe506a
a84241a9245bd6e1aec944a0cae885b23f1e9a89
673565e0b32ac1e9480c51249b0a09ff58146a6f3aaed0ae2da35414010719e5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6539
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:56 GMT
Last-Modified: Fri, 02 Dec 2022 11:22:57 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
ae01e9c9ce33c4ea869985f4fcfe506a
a84241a9245bd6e1aec944a0cae885b23f1e9a89
673565e0b32ac1e9480c51249b0a09ff58146a6f3aaed0ae2da35414010719e5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6539
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:56 GMT
Last-Modified: Fri, 02 Dec 2022 11:22:57 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 280

www.googletagmanager.com/gtag/js?id=G-BNGW6L3J0E

142.250.74.40

200 OK

78 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=G-BNGW6L3J0E
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (22462)
Size
78 kB (77826 bytes)
Hash
974ef523fd141b993a40c76263475010
1e89ebc419c714d5af584fd4e256ff78e46f3db9
920e5b633fb26b593a09a19116632eeffb259e831928e9efb861492edcab922c

HTTP Headers

GET /gtag/js?id=G-BNGW6L3J0E HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18korea.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Dec 2022 13:11:56 GMT
expires: Fri, 02 Dec 2022 13:11:56 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77826
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js?render=6LffbWcbAAAAAFt-RKdFNiYD_F24wum1z2kwreeR

142.250.74.164

200 OK

583 B

URL HTTP/2
www.google.com/recaptcha/api.js?render=6LffbWcbAAAAAFt-RKdFNiYD_F24wum1z2kwreeR
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (884), with no line terminators
Size
583 B (583 bytes)
Hash
f7213dfda61f807c83a3a442b1a1495d
da47d414828dfb09e64e8f1083375fc2fb9cd331
36d1ffa568233f869753144eb421b07cc83c2e3f0e09ef5ccca7d3a4648618d2

HTTP Headers

GET /recaptcha/api.js?render=6LffbWcbAAAAAFt-RKdFNiYD_F24wum1z2kwreeR HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Fri, 02 Dec 2022 13:11:56 GMT
date: Fri, 02 Dec 2022 13:11:56 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 583
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-175515999-1

142.250.74.40

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-175515999-1
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (43580 bytes)
Hash
a16295aaa97e3d9ee1b265da8d1cfa04
240f77f2e73cfbbd3b490ae280af9a14822d9c6e
243b0ddaaa5787c67d8742f0ad2b6138dded91ad7a286ca66cf9f15ea130ab76

HTTP Headers

GET /gtag/js?id=UA-175515999-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Dec 2022 13:11:56 GMT
expires: Fri, 02 Dec 2022 13:11:56 GMT
cache-control: private, max-age=900
last-modified: Fri, 02 Dec 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43580
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ninjastream.to/videojs-plus/plugins/subtitles/style.css

45.141.58.32

200 OK

244 B

URL HTTP/1.1
ninjastream.to/videojs-plus/plugins/subtitles/style.css
IP
45.141.58.32:0
ASN
#213373 IP Connect Inc

File type
ASCII text
Size
244 B (244 bytes)
Hash
5dbed91fb4747c21b2e1d1e8e0fc652e
cead04658da24a40e3e6c157e82915a31e0daa39
e739bb81805dfffd8f592069910e1e93370bfbf66997f78b4f6a6ea1975ac3ad

HTTP Headers

GET /videojs-plus/plugins/subtitles/style.css HTTP/1.1
Host: ninjastream.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninjastream.to/watch/Ng9QnBwE6QVKb
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ikh5aDFiY3A0d3lBRkw3dDQ1ak1aZmc9PSIsInZhbHVlIjoiaytzWEpxeVNwY3pHWjFGR211QXYydFNhb2NqUXd1Q3UxenF3UjJ1TytZdWFySnViQkUyL0hHMkFWOXpLY0ZoQ1ZGdDVIWWlibm9mRWEwY2RBYVpnRTNJUUo2OEpYLzZ1eWxQNXQxU29BdlJ2SE93bmNHc3RnMjJSYnVBck9EZDAiLCJtYWMiOiI0Y2VmMGY3ZWY1NGE5NTM4NGY0ODU0NWFjMGRhYjg4ZjY4YTUzMjMxMGMyMWIzNjkyZTBmZWYxMDM0NWIwYWU5In0%3D; ninjastream_session=eyJpdiI6IkZEQ2l0TUZpWUs5MDVYNnJXMFhaS1E9PSIsInZhbHVlIjoiK1Axei9HRTZIYTJibFhwTDlSZlQ1MFhOY3RMRDRxSzdFN2dwRUFLNnZYWE1SR2JQOVQzMzNQV28vRFEvU2c2bERXWTNPQTdlUW9ScTZRdVdncUYzeUd6Sk1XZ0lMQVRhckVLNlY2WE04RjdnVzNHdFlQR29qQ0d0R0p1Y1AvVXoiLCJtYWMiOiJkODNhYjI4YzIzYWNkZWZmOTVkMDBkYTEwZTM3MTQyMTM2YjE5Nzc5NzNmZWM4MTZiOWE3MWY4MTAyZDI4MTk5In0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 13:11:56 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 16 Apr 2021 01:11:10 GMT
ETag: W/"6078e42e-274"
Content-Encoding: gzip

ninjastream.to/videojs-plus/plugins/chromecast/style.css

45.141.58.32

200 OK

564 B

URL HTTP/1.1
ninjastream.to/videojs-plus/plugins/chromecast/style.css
IP
45.141.58.32:0
ASN
#213373 IP Connect Inc

File type
ASCII text, with very long lines (1932)
Size
564 B (564 bytes)
Hash
9554f0cf0e2500ce23ce22a39b92f6ff
25f157157f52777a7d2aa13fc2cb60e8a21884f2
b1f1965b2d45b0ea643853ca44b3c3859ac1b8a0124018e579a5499ddaf61526

HTTP Headers

GET /videojs-plus/plugins/chromecast/style.css HTTP/1.1
Host: ninjastream.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninjastream.to/watch/Ng9QnBwE6QVKb
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ikh5aDFiY3A0d3lBRkw3dDQ1ak1aZmc9PSIsInZhbHVlIjoiaytzWEpxeVNwY3pHWjFGR211QXYydFNhb2NqUXd1Q3UxenF3UjJ1TytZdWFySnViQkUyL0hHMkFWOXpLY0ZoQ1ZGdDVIWWlibm9mRWEwY2RBYVpnRTNJUUo2OEpYLzZ1eWxQNXQxU29BdlJ2SE93bmNHc3RnMjJSYnVBck9EZDAiLCJtYWMiOiI0Y2VmMGY3ZWY1NGE5NTM4NGY0ODU0NWFjMGRhYjg4ZjY4YTUzMjMxMGMyMWIzNjkyZTBmZWYxMDM0NWIwYWU5In0%3D; ninjastream_session=eyJpdiI6IkZEQ2l0TUZpWUs5MDVYNnJXMFhaS1E9PSIsInZhbHVlIjoiK1Axei9HRTZIYTJibFhwTDlSZlQ1MFhOY3RMRDRxSzdFN2dwRUFLNnZYWE1SR2JQOVQzMzNQV28vRFEvU2c2bERXWTNPQTdlUW9ScTZRdVdncUYzeUd6Sk1XZ0lMQVRhckVLNlY2WE04RjdnVzNHdFlQR29qQ0d0R0p1Y1AvVXoiLCJtYWMiOiJkODNhYjI4YzIzYWNkZWZmOTVkMDBkYTEwZTM3MTQyMTM2YjE5Nzc5NzNmZWM4MTZiOWE3MWY4MTAyZDI4MTk5In0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 13:11:56 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sun, 09 May 2021 21:52:45 GMT
ETag: W/"609859ad-78d"
Content-Encoding: gzip

ninjastream.to/js/manifest.js?id=40c2d5f3fcd584aa2799

45.141.58.32

200 OK

1.1 kB

URL HTTP/1.1
ninjastream.to/js/manifest.js?id=40c2d5f3fcd584aa2799
IP
45.141.58.32:0
ASN
#213373 IP Connect Inc

File type
ASCII text, with very long lines (2256), with no line terminators
Size
1.1 kB (1116 bytes)
Hash
1806a8ceb4a991135f73c362e69eedc7
7b8f99f622a9a03ea8f2bc1cafbc029ed4b21f3f
a939d7f7c0a0696861e4aa87cec081768c0c8af33f2d565acfa8fa900907fb5b

HTTP Headers

GET /js/manifest.js?id=40c2d5f3fcd584aa2799 HTTP/1.1
Host: ninjastream.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninjastream.to/watch/Ng9QnBwE6QVKb
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ikh5aDFiY3A0d3lBRkw3dDQ1ak1aZmc9PSIsInZhbHVlIjoiaytzWEpxeVNwY3pHWjFGR211QXYydFNhb2NqUXd1Q3UxenF3UjJ1TytZdWFySnViQkUyL0hHMkFWOXpLY0ZoQ1ZGdDVIWWlibm9mRWEwY2RBYVpnRTNJUUo2OEpYLzZ1eWxQNXQxU29BdlJ2SE93bmNHc3RnMjJSYnVBck9EZDAiLCJtYWMiOiI0Y2VmMGY3ZWY1NGE5NTM4NGY0ODU0NWFjMGRhYjg4ZjY4YTUzMjMxMGMyMWIzNjkyZTBmZWYxMDM0NWIwYWU5In0%3D; ninjastream_session=eyJpdiI6IkZEQ2l0TUZpWUs5MDVYNnJXMFhaS1E9PSIsInZhbHVlIjoiK1Axei9HRTZIYTJibFhwTDlSZlQ1MFhOY3RMRDRxSzdFN2dwRUFLNnZYWE1SR2JQOVQzMzNQV28vRFEvU2c2bERXWTNPQTdlUW9ScTZRdVdncUYzeUd6Sk1XZ0lMQVRhckVLNlY2WE04RjdnVzNHdFlQR29qQ0d0R0p1Y1AvVXoiLCJtYWMiOiJkODNhYjI4YzIzYWNkZWZmOTVkMDBkYTEwZTM3MTQyMTM2YjE5Nzc5NzNmZWM4MTZiOWE3MWY4MTAyZDI4MTk5In0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 13:11:56 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 19 Apr 2021 03:03:47 GMT
ETag: W/"607cf313-8d0"
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
ae01e9c9ce33c4ea869985f4fcfe506a
a84241a9245bd6e1aec944a0cae885b23f1e9a89
673565e0b32ac1e9480c51249b0a09ff58146a6f3aaed0ae2da35414010719e5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6535
Cache-Control: max-age=108461
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:56 GMT
Etag: "6388e4c2-118"
Expires: Sat, 03 Dec 2022 19:19:37 GMT
Last-Modified: Thu, 01 Dec 2022 17:30:42 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280

18korea.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

104.21.235.34

200 OK

48 kB

URL HTTP/2
18korea.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
104.21.235.34:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
48 kB (47537 bytes)
Hash
49e3ce9f038507ce81324d43e28129e4
011e50b41c0d23fcdcfec912967c8d8f5741d982
ad01653f60a016a6e7bc7d8d0b160d3aaa83ccbbd2f5f240af498d7dcf2026f0

HTTP Headers

GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: 18korea.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-
Cookie: X_CACHE_KEY=a474c2dac1d6041d1c95faaca1aac622; PHPSESSID=7d9bhi5k0qlr19inrsvjorlaru
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:11:56 GMT
content-type: application/javascript
last-modified: Wed, 30 Nov 2022 18:31:41 GMT
etag: W/"6387a18d-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BzY%2Bvz0OckkScoEra4gbbwIHXyr%2BLLeXj7KE%2FG%2F8gpiCf45YA0NmLbJ63Qc3jU0xHjqMuB8LXv2jmz5BEQRFbf%2Ffg3K2ztOsqxMk09uyLbzj4tHAtZihI3jUWzyz3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77344fb19ca071da-LHR
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sun, 04 Dec 2022 13:11:56 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2

ssl.p.jwpcdn.com/player/v/8.18.4/jwplayer.js

151.101.194.114

200 OK

37 kB

URL HTTP/2
ssl.p.jwpcdn.com/player/v/8.18.4/jwplayer.js
IP
151.101.194.114:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (65143)
Size
37 kB (37354 bytes)
Hash
f345ce8f190da2477d308758296a5bf0
f0cc5931d315331902f46e24214a072d4d7e3fdf
1aa3c41e2873ad70d8fe31f1eea745cdc25ab6493ec7422309102889287cf8f8

HTTP Headers

GET /player/v/8.18.4/jwplayer.js HTTP/1.1
Host: ssl.p.jwpcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: max-age=31536000, immutable
last-modified: Fri, 15 Jan 2021 21:39:07 GMT
etag: "6505a92df4a2368b1b7d5e34d60a1240"
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 13:11:56 GMT
via: 1.1 varnish
age: 134222
x-served-by: cache-bma1620-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669986717.941269,VS0,VE1
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 37354
X-Firefox-Spdy: h2

ninjastream.to/css/app.css?id=05d6f9ead44ec2fda7e8

45.141.58.32

200 OK

35 kB

URL HTTP/1.1
ninjastream.to/css/app.css?id=05d6f9ead44ec2fda7e8
IP
45.141.58.32:0
ASN
#213373 IP Connect Inc

File type
ASCII text, with very long lines (65262)
Size
35 kB (35094 bytes)
Hash
1a21374b4ef15907ac307dd6c091d551
f564d4f2580419538380f9e21dc0659490a08b28
1e3ce1cbfeb4b0d4cdf61f588c40df2dbaa6b3da580714060d4400ef73fdd14b

HTTP Headers

GET /css/app.css?id=05d6f9ead44ec2fda7e8 HTTP/1.1
Host: ninjastream.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninjastream.to/watch/Ng9QnBwE6QVKb
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ikh5aDFiY3A0d3lBRkw3dDQ1ak1aZmc9PSIsInZhbHVlIjoiaytzWEpxeVNwY3pHWjFGR211QXYydFNhb2NqUXd1Q3UxenF3UjJ1TytZdWFySnViQkUyL0hHMkFWOXpLY0ZoQ1ZGdDVIWWlibm9mRWEwY2RBYVpnRTNJUUo2OEpYLzZ1eWxQNXQxU29BdlJ2SE93bmNHc3RnMjJSYnVBck9EZDAiLCJtYWMiOiI0Y2VmMGY3ZWY1NGE5NTM4NGY0ODU0NWFjMGRhYjg4ZjY4YTUzMjMxMGMyMWIzNjkyZTBmZWYxMDM0NWIwYWU5In0%3D; ninjastream_session=eyJpdiI6IkZEQ2l0TUZpWUs5MDVYNnJXMFhaS1E9PSIsInZhbHVlIjoiK1Axei9HRTZIYTJibFhwTDlSZlQ1MFhOY3RMRDRxSzdFN2dwRUFLNnZYWE1SR2JQOVQzMzNQV28vRFEvU2c2bERXWTNPQTdlUW9ScTZRdVdncUYzeUd6Sk1XZ0lMQVRhckVLNlY2WE04RjdnVzNHdFlQR29qQ0d0R0p1Y1AvVXoiLCJtYWMiOiJkODNhYjI4YzIzYWNkZWZmOTVkMDBkYTEwZTM3MTQyMTM2YjE5Nzc5NzNmZWM4MTZiOWE3MWY4MTAyZDI4MTk5In0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 13:11:56 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 30 Jun 2021 12:34:12 GMT
ETag: W/"60dc64c4-3930f"
Content-Encoding: gzip

ninjastream.to/js/lib.js?id=08a4644732538fbccb68

45.141.58.32

200 OK

10 kB

URL HTTP/1.1
ninjastream.to/js/lib.js?id=08a4644732538fbccb68
IP
45.141.58.32:0
ASN
#213373 IP Connect Inc

File type
HTML document, ASCII text, with very long lines (35900), with no line terminators
Size
10 kB (10080 bytes)
Hash
3cc3fd13f7977da4856e5a1fedb26467
1fec972746a74420712217269ef9b234c0da58c6
6a7bcb845bff536fc29fcc342cd9c4fc6381af8f25e49dde2761d0afefa92b7a

HTTP Headers

GET /js/lib.js?id=08a4644732538fbccb68 HTTP/1.1
Host: ninjastream.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninjastream.to/watch/Ng9QnBwE6QVKb
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ikh5aDFiY3A0d3lBRkw3dDQ1ak1aZmc9PSIsInZhbHVlIjoiaytzWEpxeVNwY3pHWjFGR211QXYydFNhb2NqUXd1Q3UxenF3UjJ1TytZdWFySnViQkUyL0hHMkFWOXpLY0ZoQ1ZGdDVIWWlibm9mRWEwY2RBYVpnRTNJUUo2OEpYLzZ1eWxQNXQxU29BdlJ2SE93bmNHc3RnMjJSYnVBck9EZDAiLCJtYWMiOiI0Y2VmMGY3ZWY1NGE5NTM4NGY0ODU0NWFjMGRhYjg4ZjY4YTUzMjMxMGMyMWIzNjkyZTBmZWYxMDM0NWIwYWU5In0%3D; ninjastream_session=eyJpdiI6IkZEQ2l0TUZpWUs5MDVYNnJXMFhaS1E9PSIsInZhbHVlIjoiK1Axei9HRTZIYTJibFhwTDlSZlQ1MFhOY3RMRDRxSzdFN2dwRUFLNnZYWE1SR2JQOVQzMzNQV28vRFEvU2c2bERXWTNPQTdlUW9ScTZRdVdncUYzeUd6Sk1XZ0lMQVRhckVLNlY2WE04RjdnVzNHdFlQR29qQ0d0R0p1Y1AvVXoiLCJtYWMiOiJkODNhYjI4YzIzYWNkZWZmOTVkMDBkYTEwZTM3MTQyMTM2YjE5Nzc5NzNmZWM4MTZiOWE3MWY4MTAyZDI4MTk5In0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 13:11:56 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 25 Sep 2021 00:30:04 GMT
ETag: W/"614e6d8c-8c3c"
Content-Encoding: gzip

cdn.jsdelivr.net/npm/videojs-seek-buttons@1.6.0/dist/videojs-seek-buttons.css

104.16.86.20

200 OK

659 B

URL HTTP/2
cdn.jsdelivr.net/npm/videojs-seek-buttons@1.6.0/dist/videojs-seek-buttons.css
IP
104.16.86.20:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2978)
Size
659 B (659 bytes)
Hash
b90b64692ee002528e15235af4e08b34
ca03a2663b6bb082b65a0df716c8eb7c21e8b74c
16c847af367d456f447eaa16e5f49060d55ece9a4ccafb1b6fb535771b8aceb1

HTTP Headers

GET /npm/videojs-seek-buttons@1.6.0/dist/videojs-seek-buttons.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:11:56 GMT
content-type: text/css; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 1.6.0
x-jsd-version-type: version
etag: W/"be7-n+MIWMDkRCcpCpdRpp4vdpUVX18"
x-served-by: cache-fra19175-FRA, cache-itm18834-ITM
x-cache: HIT, HIT
vary: Accept-Encoding
cf-cache-status: HIT
age: 9955634
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=muUHNYUlliOqc%2B3iOD%2BqRsY5heV1JSPPZQfxRW2dyDtyQDzMKBfTaLIUCXkvxbAM65CakW%2BL8S9zedy91GqmQDiMl9lLuM4M9pm8UBTbXQqLAxA21EZGTxLH6%2FI32JVaXRI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77344fb4dac5b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/p2p-media-loader-hlsjs@latest/build/p2p-media-loader-hlsjs.min.js

104.16.86.20

200 OK

8.3 kB

URL HTTP/2
cdn.jsdelivr.net/npm/p2p-media-loader-hlsjs@latest/build/p2p-media-loader-hlsjs.min.js
IP
104.16.86.20:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (26814)
Size
8.3 kB (8341 bytes)
Hash
7c7e2e1402814cc41070b12f1ac400f7
51dabf6bdb46f2ff3127ccca97e56f886cd373d4
646bc6d5c7db3564f0afdc1b35df9e6eaf7499995997764e3dcc9b23b48c185f

HTTP Headers

GET /npm/p2p-media-loader-hlsjs@latest/build/p2p-media-loader-hlsjs.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:11:56 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 0.6.2
x-jsd-version-type: version
etag: W/"68bf-aLl7Qz03YAZHM45X9DROXh+vYkY"
x-served-by: cache-fra19148-FRA, cache-bma1659-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
cf-cache-status: HIT
age: 39968
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=79iUXQtVh5ZYMsIZAXaNMQ%2BNtDJu%2Bx%2FpPrd79HMQSxGitN0BsSy1%2BWH0xkx6F187NiHmRBVcWQ2r8v9lNQqm1esd%2FCIXbSnHBYp5WXwrLrOQG3sOdbJE%2F20diFjXueXMZ2Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77344fb4dac4b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.jsdelivr.net/npm/p2p-media-loader-core@latest/build/p2p-media-loader-core.min.js

104.16.86.20

200 OK

41 kB

URL HTTP/2
cdn.jsdelivr.net/npm/p2p-media-loader-core@latest/build/p2p-media-loader-core.min.js
IP
104.16.86.20:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
41 kB (41273 bytes)
Hash
d4ce05453d1ddd2d8ae4deb32f51ec82
f6e8a6724f35dd3d4c787fb36cef4d196c8409e0
ccff50e85d3a4b7989e3f86b3b62208ecd756c3b8b67edd9f68f035e16a10ea0

HTTP Headers

GET /npm/p2p-media-loader-core@latest/build/p2p-media-loader-core.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:11:56 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 0.6.2
x-jsd-version-type: version
etag: W/"23187-cy5ZTaquM+MUHEQB7rAOJNYlVIk"
x-served-by: cache-fra19137-FRA, cache-yyz4538-YYZ
x-cache: HIT, HIT
vary: Accept-Encoding
cf-cache-status: HIT
age: 18928
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uOUo0dju3iVCJ4fsmos2X9n%2FqcMkMMP%2BduHdnrGcK0bIVuKBtaLrAqb%2FEMn8drFX5t4tNwExGLLJwjYKIPa8OPohhTG1PkgAzuqKjG4rcCFjIEQ37OzMFEgxoYmMxlSi5HI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77344fb52b31b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ninjastream.to/js/provider.hlsjs.js

45.141.58.32

200 OK

87 kB

URL HTTP/1.1
ninjastream.to/js/provider.hlsjs.js
IP
45.141.58.32:0
ASN
#213373 IP Connect Inc

File type
ASCII text, with very long lines (65536), with no line terminators
Size
87 kB (87386 bytes)
Hash
864f9c1048a0ae85ff84b50a922b50c4
15c276186c0c07c8a76b99b17b669749443adb95
0eb31aa9193c735be07828a58c7619cf280045800e8d0390e9aef9effe0b238b

HTTP Headers

GET /js/provider.hlsjs.js HTTP/1.1
Host: ninjastream.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninjastream.to/watch/Ng9QnBwE6QVKb
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ikh5aDFiY3A0d3lBRkw3dDQ1ak1aZmc9PSIsInZhbHVlIjoiaytzWEpxeVNwY3pHWjFGR211QXYydFNhb2NqUXd1Q3UxenF3UjJ1TytZdWFySnViQkUyL0hHMkFWOXpLY0ZoQ1ZGdDVIWWlibm9mRWEwY2RBYVpnRTNJUUo2OEpYLzZ1eWxQNXQxU29BdlJ2SE93bmNHc3RnMjJSYnVBck9EZDAiLCJtYWMiOiI0Y2VmMGY3ZWY1NGE5NTM4NGY0ODU0NWFjMGRhYjg4ZjY4YTUzMjMxMGMyMWIzNjkyZTBmZWYxMDM0NWIwYWU5In0%3D; ninjastream_session=eyJpdiI6IkZEQ2l0TUZpWUs5MDVYNnJXMFhaS1E9PSIsInZhbHVlIjoiK1Axei9HRTZIYTJibFhwTDlSZlQ1MFhOY3RMRDRxSzdFN2dwRUFLNnZYWE1SR2JQOVQzMzNQV28vRFEvU2c2bERXWTNPQTdlUW9ScTZRdVdncUYzeUd6Sk1XZ0lMQVRhckVLNlY2WE04RjdnVzNHdFlQR29qQ0d0R0p1Y1AvVXoiLCJtYWMiOiJkODNhYjI4YzIzYWNkZWZmOTVkMDBkYTEwZTM3MTQyMTM2YjE5Nzc5NzNmZWM4MTZiOWE3MWY4MTAyZDI4MTk5In0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 13:11:56 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 25 Feb 2021 12:56:39 GMT
ETag: W/"60379e87-46d8e"
Content-Encoding: gzip

ninjastream.to/js/vendor.js?id=0377102bb3b10e0efbde

45.141.58.32

200 OK

307 kB

URL HTTP/1.1
ninjastream.to/js/vendor.js?id=0377102bb3b10e0efbde
IP
45.141.58.32:0
ASN
#213373 IP Connect Inc

File type
Unicode text, UTF-8 text, with very long lines (65470)
Size
307 kB (307180 bytes)
Hash
6b7800af7ddd6b1014f12f6013755d2d
12b7c9598a3cab51afb0c36d43f68c29248e0305
0c411dde912e44f031685029652fe0dcc72a71060a1c1b0ddbb1dd81b0720c57

HTTP Headers

GET /js/vendor.js?id=0377102bb3b10e0efbde HTTP/1.1
Host: ninjastream.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninjastream.to/watch/Ng9QnBwE6QVKb
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ikh5aDFiY3A0d3lBRkw3dDQ1ak1aZmc9PSIsInZhbHVlIjoiaytzWEpxeVNwY3pHWjFGR211QXYydFNhb2NqUXd1Q3UxenF3UjJ1TytZdWFySnViQkUyL0hHMkFWOXpLY0ZoQ1ZGdDVIWWlibm9mRWEwY2RBYVpnRTNJUUo2OEpYLzZ1eWxQNXQxU29BdlJ2SE93bmNHc3RnMjJSYnVBck9EZDAiLCJtYWMiOiI0Y2VmMGY3ZWY1NGE5NTM4NGY0ODU0NWFjMGRhYjg4ZjY4YTUzMjMxMGMyMWIzNjkyZTBmZWYxMDM0NWIwYWU5In0%3D; ninjastream_session=eyJpdiI6IkZEQ2l0TUZpWUs5MDVYNnJXMFhaS1E9PSIsInZhbHVlIjoiK1Axei9HRTZIYTJibFhwTDlSZlQ1MFhOY3RMRDRxSzdFN2dwRUFLNnZYWE1SR2JQOVQzMzNQV28vRFEvU2c2bERXWTNPQTdlUW9ScTZRdVdncUYzeUd6Sk1XZ0lMQVRhckVLNlY2WE04RjdnVzNHdFlQR29qQ0d0R0p1Y1AvVXoiLCJtYWMiOiJkODNhYjI4YzIzYWNkZWZmOTVkMDBkYTEwZTM3MTQyMTM2YjE5Nzc5NzNmZWM4MTZiOWE3MWY4MTAyZDI4MTk5In0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 13:11:56 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 19 Apr 2021 07:23:30 GMT
ETag: W/"607d2ff2-126ad1"
Content-Encoding: gzip

push.services.mozilla.com/

44.240.57.100

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.240.57.100:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nr8PC4S/gfYNiqnt9Qnllw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ET1TEOCayujHDvPNhxIVPivLEXY=

ninjastream.to/js/app.js?id=c6a3a872706c3e2d3cba

45.141.58.32

200 OK

284 kB

URL HTTP/1.1
ninjastream.to/js/app.js?id=c6a3a872706c3e2d3cba
IP
45.141.58.32:0
ASN
#213373 IP Connect Inc

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
284 kB (284298 bytes)
Hash
2c9af4b575e45e716457744fc6a7d656
0bdea1ce1b76a61da263ebaf980fa60f3b0369c2
197f0c9d89b617aa42134958070974c2309539735eeb1fb1084ef1c9d7821dfc

HTTP Headers

GET /js/app.js?id=c6a3a872706c3e2d3cba HTTP/1.1
Host: ninjastream.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninjastream.to/watch/Ng9QnBwE6QVKb
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ikh5aDFiY3A0d3lBRkw3dDQ1ak1aZmc9PSIsInZhbHVlIjoiaytzWEpxeVNwY3pHWjFGR211QXYydFNhb2NqUXd1Q3UxenF3UjJ1TytZdWFySnViQkUyL0hHMkFWOXpLY0ZoQ1ZGdDVIWWlibm9mRWEwY2RBYVpnRTNJUUo2OEpYLzZ1eWxQNXQxU29BdlJ2SE93bmNHc3RnMjJSYnVBck9EZDAiLCJtYWMiOiI0Y2VmMGY3ZWY1NGE5NTM4NGY0ODU0NWFjMGRhYjg4ZjY4YTUzMjMxMGMyMWIzNjkyZTBmZWYxMDM0NWIwYWU5In0%3D; ninjastream_session=eyJpdiI6IkZEQ2l0TUZpWUs5MDVYNnJXMFhaS1E9PSIsInZhbHVlIjoiK1Axei9HRTZIYTJibFhwTDlSZlQ1MFhOY3RMRDRxSzdFN2dwRUFLNnZYWE1SR2JQOVQzMzNQV28vRFEvU2c2bERXWTNPQTdlUW9ScTZRdVdncUYzeUd6Sk1XZ0lMQVRhckVLNlY2WE04RjdnVzNHdFlQR29qQ0d0R0p1Y1AvVXoiLCJtYWMiOiJkODNhYjI4YzIzYWNkZWZmOTVkMDBkYTEwZTM3MTQyMTM2YjE5Nzc5NzNmZWM4MTZiOWE3MWY4MTAyZDI4MTk5In0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 13:11:56 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 25 Sep 2021 00:30:04 GMT
ETag: W/"614e6d8c-ee276"
Content-Encoding: gzip

ninjastream.to/api/video/get

45.141.58.32

200 OK

312 B

URL HTTP/1.1
ninjastream.to/api/video/get
IP
45.141.58.32:0
ASN
#213373 IP Connect Inc

File type
JSON data\012- , ASCII text, with very long lines (347), with no line terminators
Size
312 B (312 bytes)
Hash
42af22486488bdd33da5e845e00de2b7
f012427dc87c1d915708e6246c35d6e98e8194f6
2d9029345a93990981b24927626416dced9e0c692a5afffc61fe789694a6005d

HTTP Headers

POST /api/video/get HTTP/1.1
Host: ninjastream.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninjastream.to/watch/Ng9QnBwE6QVKb
X-Requested-With: XMLHttpRequest
X-CSRF-TOKEN: UXPS2LpheACl64aA4akYLSYpW6nHZ8c3jvqaQNi6
Content-Type: application/json;charset=utf-8
X-XSRF-TOKEN: eyJpdiI6Ikh5aDFiY3A0d3lBRkw3dDQ1ak1aZmc9PSIsInZhbHVlIjoiaytzWEpxeVNwY3pHWjFGR211QXYydFNhb2NqUXd1Q3UxenF3UjJ1TytZdWFySnViQkUyL0hHMkFWOXpLY0ZoQ1ZGdDVIWWlibm9mRWEwY2RBYVpnRTNJUUo2OEpYLzZ1eWxQNXQxU29BdlJ2SE93bmNHc3RnMjJSYnVBck9EZDAiLCJtYWMiOiI0Y2VmMGY3ZWY1NGE5NTM4NGY0ODU0NWFjMGRhYjg4ZjY4YTUzMjMxMGMyMWIzNjkyZTBmZWYxMDM0NWIwYWU5In0=
Content-Length: 22
Origin: https://ninjastream.to
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ikh5aDFiY3A0d3lBRkw3dDQ1ak1aZmc9PSIsInZhbHVlIjoiaytzWEpxeVNwY3pHWjFGR211QXYydFNhb2NqUXd1Q3UxenF3UjJ1TytZdWFySnViQkUyL0hHMkFWOXpLY0ZoQ1ZGdDVIWWlibm9mRWEwY2RBYVpnRTNJUUo2OEpYLzZ1eWxQNXQxU29BdlJ2SE93bmNHc3RnMjJSYnVBck9EZDAiLCJtYWMiOiI0Y2VmMGY3ZWY1NGE5NTM4NGY0ODU0NWFjMGRhYjg4ZjY4YTUzMjMxMGMyMWIzNjkyZTBmZWYxMDM0NWIwYWU5In0%3D; ninjastream_session=eyJpdiI6IkZEQ2l0TUZpWUs5MDVYNnJXMFhaS1E9PSIsInZhbHVlIjoiK1Axei9HRTZIYTJibFhwTDlSZlQ1MFhOY3RMRDRxSzdFN2dwRUFLNnZYWE1SR2JQOVQzMzNQV28vRFEvU2c2bERXWTNPQTdlUW9ScTZRdVdncUYzeUd6Sk1XZ0lMQVRhckVLNlY2WE04RjdnVzNHdFlQR29qQ0d0R0p1Y1AvVXoiLCJtYWMiOiJkODNhYjI4YzIzYWNkZWZmOTVkMDBkYTEwZTM3MTQyMTM2YjE5Nzc5NzNmZWM4MTZiOWE3MWY4MTAyZDI4MTk5In0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 13:11:57 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.15
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
Access-Control-Allow-Origin: *
Set-Cookie: XSRF-TOKEN=eyJpdiI6IlNmSjA0NnczNktSbHVYei9WVFc2cVE9PSIsInZhbHVlIjoieGtOR3VlSkNUekJZTEVGMVFFcmd6VFdCM3pFNGpsb052NENRK2crTVNmalJLNWFvcFdDcFJHN0V1ZDZiOXk2Lzk4RUR6VVYzL2cwYXlqcWxvNk9oQWtwakRKWVoreEV6Um5hUU91R2dRUmRIVC9YZ0Y3LzNlZjc2TFkwcTgvUjkiLCJtYWMiOiJiODUyMWMxYTQ3NDkxYzBkOWE2NWRiYjk4MDVmYWMwY2EzYWFiZThjMTJhNWM3NTBlOTUyMzRmZDkwNDY3OTU0In0%3D; expires=Fri, 02-Dec-2022 15:11:57 GMT; Max-Age=7200; path=/; secure; samesite=none
ninjastream_session=eyJpdiI6IkVRWWpSdW1QY3FtZzdzSjBEbm84QWc9PSIsInZhbHVlIjoicW5hQXhhZWwza3FMVGlaWUNZYy90Q2FsdlQ1N3JqZnQvUUVEa2hBRWErTDg1MGVDbWVzNFdMOGp0TjFJT3VxeDdndW9JckdBMXpjTGhDNFBFR2pEUkM1eW4xVEFLbkc5Ky9IeGV5Mm9DdktLcy9xcjhGSXB1c3gxd0E0L1hmdU8iLCJtYWMiOiIzZDEwNWI4MjVlZGQzYTczMzYyMGU5YWM5OTZlYzdjZTQyMDhiNDEzZTY3MjhhOGVkMzEzMzUzNWE3M2IzYzg0In0%3D; expires=Fri, 02-Dec-2022 15:11:57 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
Content-Encoding: gzip

r3.o.lencr.org/

23.36.76.226

200 OK

994 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
gzip compressed data, max compression\012- data
Size
994 B (994 bytes)
Hash
a884832f9aff926c71ef88e1ad87d85a
9a740be4f0bc065f109799e405f80179a2b0f8b0
c25e615c8d80a81b73cdfcb0f030be7262d19125ad968aa8694e9b70b1382602

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2051B04E443CC064016EFE3A543D2E395BDEFDCF9A59A95ABAEE6390A3566D97"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4947
Expires: Fri, 02 Dec 2022 14:34:24 GMT
Date: Fri, 02 Dec 2022 13:11:57 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js

142.250.74.35

200 OK

163 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (730)
Size
163 kB (162976 bytes)
Hash
79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6

HTTP Headers

GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ninjastream.to
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 19:09:57 GMT
expires: Tue, 28 Nov 2023 19:09:57 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 324120
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google-analytics.com/analytics.js

216.58.207.206

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
216.58.207.206:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 02 Dec 2022 12:41:08 GMT
expires: Fri, 02 Dec 2022 14:41:08 GMT
cache-control: public, max-age=7200
age: 1849
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tzegilo.com/stattag.js

104.21.84.149

200 OK

5.5 kB

URL HTTP/2
tzegilo.com/stattag.js
IP
104.21.84.149:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (12966), with no line terminators
Size
5.5 kB (5510 bytes)
Hash
b8d1c6f584455a67ff9199ea755f7dbe
82a25206c899e59b1505c7cac2211ab22a945e82
6eca01023b17159ae76243bbc3c38f4492bdf77092e8d60b70c5fb49c903e6bc

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:11:58 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:42 GMT
etag: W/"637e373e-32a6"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 3253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZU4h0HyULszB6ptW0FZCSQMXQ%2FixnCOBBermrVlk8kubtCMGlQBcxOFOa7UGefUdVMzLWgnJXIeFZQno%2F9bS6LYTyHyrmAtoBWty99qsda93YwNKWTdkNbt%2B98eQg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77344fbbae86b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

1.2 kB

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
1.2 kB (1180 bytes)
Hash
36d1df0970656a27d7b9570c988b0b6a
247dc1848a2bc9168ae7531bf527ddbe577f0957
0848ee12091fffd2d93d051e1c7e13c1abe662bffbd278a9927cf385695a8c37

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D7CE8C2D5A18473D7F9424A3C00FB09796790B9C59B088489B595EA83A5845F3"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4875
Expires: Fri, 02 Dec 2022 14:33:13 GMT
Date: Fri, 02 Dec 2022 13:11:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
86a12dbe6ec4108e05854b5760fb131b
6d1abccdbeb8536890093cb7eb60b65be31b1ec0
4f59b344c88d910835173a70f7d07c40488573c03fa0274d9b4d6cc66567c423

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4F59B344C88D910835173A70F7D07C40488573C03FA0274D9B4D6CC66567C423"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6076
Expires: Fri, 02 Dec 2022 14:53:14 GMT
Date: Fri, 02 Dec 2022 13:11:58 GMT
Connection: keep-alive

ssl.p.jwpcdn.com/player/v/8.18.4/jwplayer.core.controls.js

151.101.194.114

200 OK

78 kB

URL HTTP/2
ssl.p.jwpcdn.com/player/v/8.18.4/jwplayer.core.controls.js
IP
151.101.194.114:0
ASN
#54113 FASTLY

File type
HTML document, Unicode text, UTF-8 text, with very long lines (65135)
Size
78 kB (78129 bytes)
Hash
647ed298ce7712d18903a5def28c5c74
e121ccae87bcd1f188ae9b0f4c53e87c6ed2e192
fc5c0f2c0072655f59536fdcece33ac83c5f77cbd694849e2bb352caf0e189a2

HTTP Headers

GET /player/v/8.18.4/jwplayer.core.controls.js HTTP/1.1
Host: ssl.p.jwpcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: max-age=31536000, immutable
last-modified: Fri, 15 Jan 2021 21:39:06 GMT
etag: "bce8a935003a2164805362d8ad7026a6"
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 13:11:58 GMT
via: 1.1 varnish
age: 15164299
x-served-by: cache-bma1620-BMA
x-cache: HIT
x-cache-hits: 1773
x-timer: S1669986718.163300,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 78129
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
e7f182bc423c8e0b694072f316dfbf3c
cea3572598e1b5c8c5249cabf5ea99e56dc7e02d
02b4ac24bfa51f27fc2e507fb5d923751a9f6566eb98f3b8255a7d05f42d85c5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 13:11:58 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 12:52:22 GMT
Expires: Thu, 08 Dec 2022 12:52:21 GMT
Etag: "cea3572598e1b5c8c5249cabf5ea99e56dc7e02d"
Cache-Control: max-age=516622,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77344fbcdc53b4ed-OSL

betotodilea.com/400/5096878

139.45.197.237

200 OK

33 kB

URL HTTP/2
betotodilea.com/400/5096878
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
data
Size
33 kB (32716 bytes)
Hash
df3887255e2fd52345eac5fb6d0801e3
72290cc6338a56f24f3649112214b732d9c53ceb
ee48c3924fbd5cca09ef988e209f7d7b022521be2013db779af42b40f9f8ab6a

HTTP Headers

GET /400/5096878 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Cookie: OAID=2a9fd7ad489b4f9e90cd6d15bb692de8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:58 GMT
content-type: application/javascript
x-trace-id: 57378f23b307d2329b597cb7a9c263d5
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=2a9fd7ad489b4f9e90cd6d15bb692de8; expires=Sat, 02 Dec 2023 13:11:58 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

18korea.net/wp-content/cache/autoptimize/css/autoptimize_eafbce0e7b442a73a8d37a456bf9e0bc.css

104.21.235.34

200 OK

21 kB

URL HTTP/2
18korea.net/wp-content/cache/autoptimize/css/autoptimize_eafbce0e7b442a73a8d37a456bf9e0bc.css
IP
104.21.235.34:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65175)
Size
21 kB (20928 bytes)
Hash
d32f87877d61760fe37cc3e3cb71c413
67172bdda759056b328b5b2cd27424120cc9d0e8
77f4ef0507e490c7961b85a68f70431ce20e222d4f64de7bc41b56563e0bf7c8

HTTP Headers

GET /wp-content/cache/autoptimize/css/autoptimize_eafbce0e7b442a73a8d37a456bf9e0bc.css HTTP/1.1
Host: 18korea.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-
Cookie: X_CACHE_KEY=a474c2dac1d6041d1c95faaca1aac622; PHPSESSID=7d9bhi5k0qlr19inrsvjorlaru
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:11:56 GMT
content-type: text/css
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=141469
etag: W/"5fea9ddc-2289d"
expires: Fri, 02 Dec 2022 14:23:22 GMT
last-modified: Tue, 29 Dec 2020 03:09:16 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4864
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tpzer%2Bd8vwLrE8RZc5ynot1JI4xLfSo50IalzIBFhlIkRjjbPK9vfh2JzkBSxJYSDZhHk7cmjCwQCr%2FOFQ8WO2ddmyfDFnrfjEVZq%2F4idEptouu7%2F%2FTK7pi7S6Rmcg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77344fb18c9071da-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9caeefc49be26de4b50c14df1aace81f
ef836496e49f843f0e4c2dc991c314aad13f0f2e
83203278dadec9319a72ccb142c413696d8bd09a25f1b6c8d1edef20405e90f0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "83203278DADEC9319A72CCB142C413696D8BD09A25F1B6C8D1EDEF20405E90F0"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4270
Expires: Fri, 02 Dec 2022 14:23:08 GMT
Date: Fri, 02 Dec 2022 13:11:58 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
02bb7e76626dc115e126b8d7e0dc1183
a080f073bb97254ee9df27685d34ada77e0a57aa
ccb1df6f071eeb4707538b0f4052bb3af92af23723ad208d1132775bb0204686

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2830
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:58 GMT
Last-Modified: Fri, 02 Dec 2022 12:24:48 GMT
Server: ECS (amb/6B8A)
X-Cache: HIT
Content-Length: 280

belickitungchan.com/400/5096889

139.45.197.239

403 Forbidden

22 B

URL HTTP/2
belickitungchan.com/400/5096889
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
b5e50d07b6b24e1e105e6e4fceb97bf6
95d7e8119b8befc7153b44b4c7be59f26bd6ad33
61c3148fba3befcce5b4636c4209a440913a136138bf62005df97386827f2ae2

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /400/5096889 HTTP/1.1
Host: belickitungchan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 403 Forbidden
server: nginx
date: Fri, 02 Dec 2022 13:11:58 GMT
content-type: text/plain; charset=utf-8
content-length: 22
x-trace-id: 9df4b9aa58bd7b4904b87f9b0e6d51c9
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
timing-allow-origin: *
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16522
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 13:11:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f096767caf45bd69af30f68d8c507657
d34449c54e15bd807141acda4b2ff56cf7448c8d
ac7763b62b265227a3004fc9ccaac8affe202e4556de67d649869f061fb75558

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC7763B62B265227A3004FC9CCAAC8AFFE202E4556DE67D649869F061FB75558"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1184
Expires: Fri, 02 Dec 2022 13:31:42 GMT
Date: Fri, 02 Dec 2022 13:11:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16522
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 13:11:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16522
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 13:11:58 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4803 bytes)
Hash
cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: ad2d9243-5e32-4faf-8ff3-b9abd3af1e89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1_hEJJIAMF4Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d063-596f5833509112ee6cbedf54;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:51:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PIC-TIeTFK_Y2AiqowYT4_8tMuzIKO23lAwx18fYepTf4PIWkmLqkQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 05:20:15 GMT
age: 28303
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

132 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max speed, from Unix\012- data
Size
132 kB (132300 bytes)
Hash
41e47274ff2e32528e0f8b5216048020
53d84a085930bf139bd11c6bed777963231b6bc4
680106cd741b62c00ae17bc570e8d008e29f4ba6ffc9063082b173cc9abb9648

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: r_0F64VpyutAOJ9IcTWrs3Sv--fhKiwKsV1FW0fOMSRt1QLLPxvJzg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 13:21:56 GMT
age: 85802
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
abefdd8bec857aeb9a7bdb1064524aa8
bfb37ed930bf4e27853b40ada539478d347253fd
2d9534d11db2568fda64cf34366ba5697cf0b13f60746912a5a273c9cb0c1ffc

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ninjastream.to
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:58 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://ninjastream.to
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=fb9ae91e70c44b5c80b967e6fe9949ad; expires=Sat, 02 Dec 2023 13:11:58 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11402 bytes)
Hash
1c80b8025242ddfcc816ec612456b99e
aa944d10fe4a44b790b01ef62edc0f85a6d558e3
a9f060bc15738a3fe257e0c81a29e4611a89c273bcbb2765ce856d4e854a5f1f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11402
x-amzn-requestid: 20c2c359-1e43-40c0-885d-1c90e76ea12b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGzJHu-IAMFbYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e7a-1d89722e767daa014b174a39;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OJBnbjJB_kvPuJcePGnno3zI0CTWAzV-Osb2L1hPZZhlNYhFHWmLsA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:51:33 GMT
age: 55225
etag: "aa944d10fe4a44b790b01ef62edc0f85a6d558e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10270 bytes)
Hash
4c7113338bc3310b13d23ca415c177e2
2cb4edc6b161c6d2d5b47aa498ae54e677966466
3a83adce869dd7eb064c583bf7ff93c57fabd7ea2da872f7d1f7d868b8a492e9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10270
x-amzn-requestid: ac2d2825-2ec4-435e-9921-3ea6524df1dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfG1nEvYoAMFliA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e8a-4419423112b5723e3dba46ea;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2ihxuuXiECC4oX11t_vswhnLF0UpqDuboPLkrhpWwp-vfCR5pxGGxw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:53:50 GMT
age: 55088
etag: "2cb4edc6b161c6d2d5b47aa498ae54e677966466"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb30f254-1327-487b-a297-00361bfd5c02.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7722 bytes)
Hash
cd78aa69439c995167f32b8a41a1f4f6
d07d6145182f312f3ed86ecf96b4ffa175416fa0
3b08cf3fad31ee0cf3ee25abc2484fb4283543865a42dfc568b14f9856fd3bb5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb30f254-1327-487b-a297-00361bfd5c02.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7722
x-amzn-requestid: 8d7c4800-6c06-43ed-afa1-94840d42f591
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGy2Gr1IAMFWeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e78-429ae3135d47e3b020c4c7a1;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Z8thSamrCRejcAcQEGAp4WpSMzMEvstuZtVpKAjiCH4dyJyf1yihBA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:50:11 GMT
age: 55307
etag: "d07d6145182f312f3ed86ecf96b4ffa175416fa0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

cdn.itskiddien.club/apu.php?zoneid=4455878

139.45.197.236

200 OK

30 kB

URL HTTP/2
cdn.itskiddien.club/apu.php?zoneid=4455878
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type
data
Size
30 kB (30525 bytes)
Hash
715c0846d34c0bd22a3dc761e07920dc
1104fa5d98e65b49cf02cffa06da542069cb3cdd
8ccbdbc7415a7eac431cb7fcf7e5da1d102eb3e3a301db45e144291e821c61dd

HTTP Headers

GET /apu.php?zoneid=4455878 HTTP/1.1
Host: cdn.itskiddien.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:58 GMT
content-type: application/javascript
x-trace-id: 94e98291b64a14f89e6bd111c45184e7
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=84a6af5f0d3348edbdb82b063ca1eef4; expires=Sat, 02 Dec 2023 13:11:58 GMT; path=/; secure; SameSite=None
oaidts=1669986718; expires=Sat, 02 Dec 2023 13:11:58 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

ipp.littlecdn.com/web/static/play.png

104.22.24.116

200 OK

8.4 kB

URL HTTP/2
ipp.littlecdn.com/web/static/play.png
IP
104.22.24.116:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
8.4 kB (8389 bytes)
Hash
58cb864700d640ef12664041a72a8ad3
dfe28fd490bbed3db2922f18e7caa072d9bb076f
b837d3ac9c69da6acd0221c4956d6202fea25c364f7f19729b2cda84ecea71db

HTTP Headers

GET /web/static/play.png HTTP/1.1
Host: ipp.littlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:11:58 GMT
content-type: image/png
content-length: 8389
last-modified: Thu, 29 Apr 2021 08:51:30 GMT
etag: "58cb864700d640ef12664041a72a8ad3"
expires: Sat, 03 Dec 2022 12:24:23 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 2855
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 77344fbfeb2b0b02-OSL
X-Firefox-Spdy: h2

betotodilea.com/500/4455000?excludes=&oaid=fb9ae91e70c44b5c80b967e6fe9949ad&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=1&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&drf=https%3A%2F%2F18korea.net%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/4455000?excludes=&oaid=fb9ae91e70c44b5c80b967e6fe9949ad&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=1&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&drf=https%3A%2F%2F18korea.net%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/4455000?excludes=&oaid=fb9ae91e70c44b5c80b967e6fe9949ad&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=1&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&drf=https%3A%2F%2F18korea.net%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://ninjastream.to/
Origin: https://ninjastream.to
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:59 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://ninjastream.to
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

cdn.uponelectabuzzor.club/9?z=5096881&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&wy=0&wx=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=2&sah=1002&drf=https%3A%2F%2F18korea.net%2F&hil=1&ist=0&oaid=fb9ae91e70c44b5c80b967e6fe9949ad

139.45.197.239

204 No Content

0 B

URL HTTP/2
cdn.uponelectabuzzor.club/9?z=5096881&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&wy=0&wx=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=2&sah=1002&drf=https%3A%2F%2F18korea.net%2F&hil=1&ist=0&oaid=fb9ae91e70c44b5c80b967e6fe9949ad
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /9?z=5096881&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&wy=0&wx=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=2&sah=1002&drf=https%3A%2F%2F18korea.net%2F&hil=1&ist=0&oaid=fb9ae91e70c44b5c80b967e6fe9949ad HTTP/1.1
Host: cdn.uponelectabuzzor.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ninjastream.to/
Origin: https://ninjastream.to
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 02 Dec 2022 13:11:59 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://ninjastream.to
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

nanouwho.com/9?z=4455918&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&wy=0&wx=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=3&sah=1002&drf=https%3A%2F%2F18korea.net%2F&hil=1&ist=0&oaid=fb9ae91e70c44b5c80b967e6fe9949ad

139.45.197.242

204 No Content

0 B

URL HTTP/2
nanouwho.com/9?z=4455918&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&wy=0&wx=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=3&sah=1002&drf=https%3A%2F%2F18korea.net%2F&hil=1&ist=0&oaid=fb9ae91e70c44b5c80b967e6fe9949ad
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /9?z=4455918&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&wy=0&wx=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=3&sah=1002&drf=https%3A%2F%2F18korea.net%2F&hil=1&ist=0&oaid=fb9ae91e70c44b5c80b967e6fe9949ad HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ninjastream.to/
Origin: https://ninjastream.to
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 02 Dec 2022 13:11:59 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://ninjastream.to
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

ipp.littlecdn.com/web/static/play.js

104.22.24.116

200 OK

4.2 kB

URL HTTP/2
ipp.littlecdn.com/web/static/play.js
IP
104.22.24.116:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (11154), with no line terminators
Size
4.2 kB (4205 bytes)
Hash
c4fb3a3284682df94dc2b343e221c8cd
e4b5ce6f219630fb55fe2db0d0acc8856474fdda
62c54ea2b1c2f7efcd54aafbeca123968f41e873e68797520d92327d8e231def

HTTP Headers

GET /web/static/play.js HTTP/1.1
Host: ipp.littlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:11:58 GMT
content-type: application/javascript
last-modified: Thu, 24 Nov 2022 12:40:14 GMT
etag: W/"5d961b087a3e1ae750063b955af0c50a"
expires: Sat, 03 Dec 2022 12:24:23 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 2855
vary: Accept-Encoding
server: cloudflare
cf-ray: 77344fbf3a900b02-OSL
content-encoding: br
X-Firefox-Spdy: h2

nanouwho.com/11?rnd=966218931&z=4455918&b=15950248&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=N0x8OPYGH64FUmc_TWICyNyP_YBq-CTcvJy1iOpmf2R6XT4Oj8lIGZ6kIitpdQMnScppdWs1e4RzYM_KV8Ykb92n5_YjVb7ai2nRSYGTwYULzlVKEFAr95T5ztV_rGMOvNUotHJKJnYs6niTlHmdH4xWn7IcDalC6wZ3-e_wtEei3x31sU-F17ANdIZbSRfK9b5WjWnTbMECWBgBznLySAbm37HcLwD5b9F5FnHLROVfSQdv_AcKhqBie-DnMGUyoaOgLMPUfk90xuh_Jcnh5Xb9BB3Q8LW-gdzYEKe5GHdSdrwuj8liQmKAVnsuN5OPJo3y0aBPPMV9f-GEk5lDC9TqwZ18rGAcQ0agu5yQw_UF_Z5YaswChF87hjyURH2v_PvIpvndHKASc5qc0hBeZkxBaVZHRqZPw8D6pMmO35zXY7q8_S2O9XLd_NqCYot4h86WuzHaf-0TxGl4Ux9EVUmToTQl_1kjsN1hMcCyCh-ojvtLgOwkcBxHmqpE6cO27Tvu4mkpd0yhVaEScsUe09UOLW1sNvKedWjvqJ-Iya8P-n4Hidq4JqwzJTZB0ul8qgYqprErQT0Z7y577mgebXYPpA8JZdi9hmBzMzb-T7DAp0-W_yRuF74XeuDpqejGZHlJwKXOIoTRD7aVv7aUtQ==&ruid=c851dcc6-47c0-44ab-b4fb-c83f7c999324&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&wy=0&wx=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=3&sah=1002&drf=https%3A%2F%2F18korea.net%2F&hil=1&ist=0&ot=151

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/11?rnd=966218931&z=4455918&b=15950248&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=N0x8OPYGH64FUmc_TWICyNyP_YBq-CTcvJy1iOpmf2R6XT4Oj8lIGZ6kIitpdQMnScppdWs1e4RzYM_KV8Ykb92n5_YjVb7ai2nRSYGTwYULzlVKEFAr95T5ztV_rGMOvNUotHJKJnYs6niTlHmdH4xWn7IcDalC6wZ3-e_wtEei3x31sU-F17ANdIZbSRfK9b5WjWnTbMECWBgBznLySAbm37HcLwD5b9F5FnHLROVfSQdv_AcKhqBie-DnMGUyoaOgLMPUfk90xuh_Jcnh5Xb9BB3Q8LW-gdzYEKe5GHdSdrwuj8liQmKAVnsuN5OPJo3y0aBPPMV9f-GEk5lDC9TqwZ18rGAcQ0agu5yQw_UF_Z5YaswChF87hjyURH2v_PvIpvndHKASc5qc0hBeZkxBaVZHRqZPw8D6pMmO35zXY7q8_S2O9XLd_NqCYot4h86WuzHaf-0TxGl4Ux9EVUmToTQl_1kjsN1hMcCyCh-ojvtLgOwkcBxHmqpE6cO27Tvu4mkpd0yhVaEScsUe09UOLW1sNvKedWjvqJ-Iya8P-n4Hidq4JqwzJTZB0ul8qgYqprErQT0Z7y577mgebXYPpA8JZdi9hmBzMzb-T7DAp0-W_yRuF74XeuDpqejGZHlJwKXOIoTRD7aVv7aUtQ==&ruid=c851dcc6-47c0-44ab-b4fb-c83f7c999324&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&wy=0&wx=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=3&sah=1002&drf=https%3A%2F%2F18korea.net%2F&hil=1&ist=0&ot=151
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /11?rnd=966218931&z=4455918&b=15950248&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=N0x8OPYGH64FUmc_TWICyNyP_YBq-CTcvJy1iOpmf2R6XT4Oj8lIGZ6kIitpdQMnScppdWs1e4RzYM_KV8Ykb92n5_YjVb7ai2nRSYGTwYULzlVKEFAr95T5ztV_rGMOvNUotHJKJnYs6niTlHmdH4xWn7IcDalC6wZ3-e_wtEei3x31sU-F17ANdIZbSRfK9b5WjWnTbMECWBgBznLySAbm37HcLwD5b9F5FnHLROVfSQdv_AcKhqBie-DnMGUyoaOgLMPUfk90xuh_Jcnh5Xb9BB3Q8LW-gdzYEKe5GHdSdrwuj8liQmKAVnsuN5OPJo3y0aBPPMV9f-GEk5lDC9TqwZ18rGAcQ0agu5yQw_UF_Z5YaswChF87hjyURH2v_PvIpvndHKASc5qc0hBeZkxBaVZHRqZPw8D6pMmO35zXY7q8_S2O9XLd_NqCYot4h86WuzHaf-0TxGl4Ux9EVUmToTQl_1kjsN1hMcCyCh-ojvtLgOwkcBxHmqpE6cO27Tvu4mkpd0yhVaEScsUe09UOLW1sNvKedWjvqJ-Iya8P-n4Hidq4JqwzJTZB0ul8qgYqprErQT0Z7y577mgebXYPpA8JZdi9hmBzMzb-T7DAp0-W_yRuF74XeuDpqejGZHlJwKXOIoTRD7aVv7aUtQ==&ruid=c851dcc6-47c0-44ab-b4fb-c83f7c999324&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&wy=0&wx=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=3&sah=1002&drf=https%3A%2F%2F18korea.net%2F&hil=1&ist=0&ot=151 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ninjastream.to
Connection: keep-alive
Referer: https://ninjastream.to/
Cookie: scm=1; OAID=fb9ae91e70c44b5c80b967e6fe9949ad; oaidts=1669986718
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:59 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://ninjastream.to
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 68d8aca46e0c2e34076c2232391385f3
access-control-expose-headers: X-Sc
set-cookie: OAID=fb9ae91e70c44b5c80b967e6fe9949ad; expires=Sat, 02 Dec 2023 13:11:59 GMT; secure; SameSite=None
oaidts=1669986718; expires=Sat, 02 Dec 2023 13:11:59 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

139.45.197.242

200 OK

3.2 kB

URL HTTP/2
nanouwho.com/9?z=4455918&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&wy=0&wx=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=3&sah=1002&drf=https%3A%2F%2F18korea.net%2F&hil=1&ist=0&oaid=fb9ae91e70c44b5c80b967e6fe9949ad
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
data
Size
3.2 kB (3158 bytes)
Hash
53c3cb108650f1080d62ea6de753e81f
969b65a62f8a5d32202f684005dc3ee41c7e2ba3
930ee7c2ebe5697eefd4af7731c79f575a52b326d637cafd02382e9ec2e4a6f6

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /9?z=4455918&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&wy=0&wx=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=3&sah=1002&drf=https%3A%2F%2F18korea.net%2F&hil=1&ist=0&oaid=fb9ae91e70c44b5c80b967e6fe9949ad HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 43
Origin: https://ninjastream.to
Connection: keep-alive
Referer: https://ninjastream.to/
Cookie: scm=1; OAID=7907174b8ba24497ad174971967ffcaa; oaidts=1669986718
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:59 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://ninjastream.to
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: ad1eac188423c3930e43bca80fd3cc69
access-control-expose-headers: X-Sc
set-cookie: OAID=fb9ae91e70c44b5c80b967e6fe9949ad; expires=Sat, 02 Dec 2023 13:11:59 GMT; secure; SameSite=None
oaidts=1669986718; expires=Sat, 02 Dec 2023 13:11:59 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfc7f92e60ce50c48fb0ccde8afe0594
5fc75e30e9c6982fb95259afa7bef71a596d7acb
12f95435514be3d5bdecc32c7610ba2e6c1be840d816edd987f3bb054f9fc7ff

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12F95435514BE3D5BDECC32C7610BA2E6C1BE840D816EDD987F3BB054F9FC7FF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9192
Expires: Fri, 02 Dec 2022 15:45:11 GMT
Date: Fri, 02 Dec 2022 13:11:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfc7f92e60ce50c48fb0ccde8afe0594
5fc75e30e9c6982fb95259afa7bef71a596d7acb
12f95435514be3d5bdecc32c7610ba2e6c1be840d816edd987f3bb054f9fc7ff

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12F95435514BE3D5BDECC32C7610BA2E6C1BE840D816EDD987F3BB054F9FC7FF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9192
Expires: Fri, 02 Dec 2022 15:45:11 GMT
Date: Fri, 02 Dec 2022 13:11:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfc7f92e60ce50c48fb0ccde8afe0594
5fc75e30e9c6982fb95259afa7bef71a596d7acb
12f95435514be3d5bdecc32c7610ba2e6c1be840d816edd987f3bb054f9fc7ff

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12F95435514BE3D5BDECC32C7610BA2E6C1BE840D816EDD987F3BB054F9FC7FF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9192
Expires: Fri, 02 Dec 2022 15:45:11 GMT
Date: Fri, 02 Dec 2022 13:11:59 GMT
Connection: keep-alive

139.45.197.237

200 OK

1.2 kB

URL HTTP/2
betotodilea.com/500/4455000?excludes=&oaid=fb9ae91e70c44b5c80b967e6fe9949ad&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=1&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&drf=https%3A%2F%2F18korea.net%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (1462), with no line terminators
Size
1.2 kB (1173 bytes)
Hash
b8f9d7a8fdda32472889dc56d80595bb
50fc140c11739367e86cac91010f21533a3452b0
3c4717f7bf52dbd49dcb8bbebbd88bb2bc8c61fea46d23b4dd129975bce15f7d

HTTP Headers

GET /500/4455000?excludes=&oaid=fb9ae91e70c44b5c80b967e6fe9949ad&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=1&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&drf=https%3A%2F%2F18korea.net%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://ninjastream.to
Connection: keep-alive
Referer: https://ninjastream.to/
Cookie: OAID=2a9fd7ad489b4f9e90cd6d15bb692de8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:59 GMT
content-type: application/javascript
x-trace-id: 613e4559123780025e5ed988df126a2c
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://ninjastream.to
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=fb9ae91e70c44b5c80b967e6fe9949ad; expires=Sat, 02 Dec 2023 13:11:59 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
2493dbbe263359830a920dc8d1cba77f
cd02937f68bf929c4b66d8be5e18e89dac426e15
228a59817ef96a923684372317b6bfb838124c43708ff21c588edd67ce44dae5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6451
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:11:59 GMT
Etag: "63894fb0-118"
Last-Modified: Fri, 02 Dec 2022 11:24:28 GMT
Server: ECS (amb/6B99)
X-Cache: HIT
Content-Length: 280

offerimage.com/www/images/e27e78d3b01907b714b7d939d7eed85d.png

104.22.33.172

200 OK

43 kB

URL HTTP/2
offerimage.com/www/images/e27e78d3b01907b714b7d939d7eed85d.png
IP
104.22.33.172:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
43 kB (43157 bytes)
Hash
e27e78d3b01907b714b7d939d7eed85d
2d4aa0d84925e5031861258c341788450ba8b43c
37024bac32f0cc3299c2492471b40e6beb2fd7b3cb73b172d68207e87cdfd6e6

HTTP Headers

GET /www/images/e27e78d3b01907b714b7d939d7eed85d.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:11:59 GMT
content-type: image/png
content-length: 43157
last-modified: Sun, 27 Sep 2020 15:59:04 GMT
etag: "5f70b6c8-a895"
expires: Sat, 03 Dec 2022 09:20:18 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 13901
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 77344fc44c789938-ARN
X-Firefox-Spdy: h2

nanouwho.com/1?z=4455918

139.45.197.242

200 OK

32 kB

URL HTTP/2
nanouwho.com/1?z=4455918
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
data
Size
32 kB (31839 bytes)
Hash
7e65d956d12d1ededc4bec12231455a3
57b4787564a259749500c7ca90490df924b68544
579a9047f413f200232bf431bc7b8aa0035d752bc6ff5c2ac4ea8dc966763950

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /1?z=4455918 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:58 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 46a0af5724e49f5a9646f9fbdcc178d8
access-control-expose-headers: X-Sc
x-sc: ZPtxbI8PJNk51ySkxN66a0I3KH7We-1UZ3bBSKhbrFMrdWBpEzGRg7AeuLodNSQELQ75iNHOx8DnYperzP9y5li8TfA=
set-cookie: scm=1; expires=Sat, 02 Dec 2023 13:11:58 GMT; secure; SameSite=None
OAID=7907174b8ba24497ad174971967ffcaa; expires=Sat, 02 Dec 2023 13:11:58 GMT; secure; SameSite=None
oaidts=1669986718; expires=Sat, 02 Dec 2023 13:11:58 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

t80.pixhost.to/thumbs/92/321339335_streaming-things-i-love-to-do-2022-erotic-movie-18-online-free.jpg

94.229.45.2

200 OK

29 kB

URL HTTP/1.1
t80.pixhost.to/thumbs/92/321339335_streaming-things-i-love-to-do-2022-erotic-movie-18-online-free.jpg
IP
94.229.45.2:0
ASN
#48326 DataNetworks s.r.o.

File type
data
Size
29 kB (28957 bytes)
Hash
233f3b2464d9d829ba2174fc5b692606
a4edb339f6ff3bdc6c979f0eeb7dfddcef7121f8
da1df5dacd5236f89d24948e0aa1e9acb7c6e56c37f3ea50adb5b40ba41ac617

HTTP Headers

GET /thumbs/92/321339335_streaming-things-i-love-to-do-2022-erotic-movie-18-online-free.jpg HTTP/1.1
Host: t80.pixhost.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18korea.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 02 Dec 2022 13:11:59 GMT
Content-Type: image/jpeg
Content-Length: 24376
Last-Modified: Wed, 30 Nov 2022 14:39:54 GMT
Connection: keep-alive
ETag: "63876b3a-5f38"
Cache-Control: max-age=604800, public
Accept-Ranges: bytes

cdn.itskiddien.club/?rb=RZoClUCdXhBOZnzGcKERB3pPm92I1qMx3m8WQWZgEXxolafblV4ul34HXpZGh_XCDjEal60gHFQKJcYyyUEAquIPquFysGIh1fayeb70d6-7oxXei3baJacqmenTdt_YVjFwsa0pMFFDk7WfoIIb4eLtnTRuInlvEupsTbCmx8lQR3Vpj4RBkwU2JICLHRs60BqyEvG4K4qiGMsJINyXbFLut7Dnv66XT2q70oPyCsCiZMfZ&request_ab2=96003&zoneid=4455878&js_build=iclick-v1.458.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=970&wih=546&wiw=970&wfc=1&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&drf=https%3A%2F%2F18korea.net%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false&js_build=iclick-v1.458.0&bs=76d9c10d-cbd0-4d4f-9885-d89a4963cce1&userId=fb9ae91e70c44b5c80b967e6fe9949ad&m=link

139.45.197.236

200 OK

24 kB

URL HTTP/2
cdn.itskiddien.club/?rb=RZoClUCdXhBOZnzGcKERB3pPm92I1qMx3m8WQWZgEXxolafblV4ul34HXpZGh_XCDjEal60gHFQKJcYyyUEAquIPquFysGIh1fayeb70d6-7oxXei3baJacqmenTdt_YVjFwsa0pMFFDk7WfoIIb4eLtnTRuInlvEupsTbCmx8lQR3Vpj4RBkwU2JICLHRs60BqyEvG4K4qiGMsJINyXbFLut7Dnv66XT2q70oPyCsCiZMfZ&request_ab2=96003&zoneid=4455878&js_build=iclick-v1.458.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=970&wih=546&wiw=970&wfc=1&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&drf=https%3A%2F%2F18korea.net%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false&js_build=iclick-v1.458.0&bs=76d9c10d-cbd0-4d4f-9885-d89a4963cce1&userId=fb9ae91e70c44b5c80b967e6fe9949ad&m=link
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type
data
Size
24 kB (23826 bytes)
Hash
5b59d750abf080467fae55d23f5533fe
3eb08f6e77872ce2d58df18e3d2ec16463424f06
36fe1acf998ecbd5e90783c5ac6693d990a03e885abe6d56fbf0d798f979e0e9

HTTP Headers

GET /?rb=RZoClUCdXhBOZnzGcKERB3pPm92I1qMx3m8WQWZgEXxolafblV4ul34HXpZGh_XCDjEal60gHFQKJcYyyUEAquIPquFysGIh1fayeb70d6-7oxXei3baJacqmenTdt_YVjFwsa0pMFFDk7WfoIIb4eLtnTRuInlvEupsTbCmx8lQR3Vpj4RBkwU2JICLHRs60BqyEvG4K4qiGMsJINyXbFLut7Dnv66XT2q70oPyCsCiZMfZ&request_ab2=96003&zoneid=4455878&js_build=iclick-v1.458.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=970&wih=546&wiw=970&wfc=1&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&drf=https%3A%2F%2F18korea.net%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false&js_build=iclick-v1.458.0&bs=76d9c10d-cbd0-4d4f-9885-d89a4963cce1&userId=fb9ae91e70c44b5c80b967e6fe9949ad&m=link HTTP/1.1
Host: cdn.itskiddien.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ninjastream.to
Connection: keep-alive
Referer: https://ninjastream.to/
Cookie: OAID=84a6af5f0d3348edbdb82b063ca1eef4; oaidts=1669986718
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:59 GMT
content-type: application/json
x-trace-id: 42618c66d5d99f81bb08c9214ad10690
access-control-allow-origin: https://ninjastream.to
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=fb9ae91e70c44b5c80b967e6fe9949ad; expires=Sat, 02 Dec 2023 13:11:59 GMT; path=/; secure; SameSite=None
oaidts=1669986719; expires=Sat, 02 Dec 2023 13:11:59 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 09 Dec 2022 13:11:59 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

t80.pixhost.to/thumbs/92/321339331_32-year-old-female-lawyer-sexual-assault-case-erotic-movie-18-free.jpg

94.229.45.2

200 OK

18 kB

URL HTTP/1.1
t80.pixhost.to/thumbs/92/321339331_32-year-old-female-lawyer-sexual-assault-case-erotic-movie-18-free.jpg
IP
94.229.45.2:0
ASN
#48326 DataNetworks s.r.o.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality", baseline, precision 8, 500x281, components 3\012- data
Size
18 kB (17749 bytes)
Hash
a0923086766b68a9c562e6a90c171700
6be72e58a7d1c48596a4930f222aff8f519a7ee8
873e793e259d393abb3b4efcbcb41bc92b0b04a081aad7f3f5906fcb9a228a74

HTTP Headers

GET /thumbs/92/321339331_32-year-old-female-lawyer-sexual-assault-case-erotic-movie-18-free.jpg HTTP/1.1
Host: t80.pixhost.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18korea.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 02 Dec 2022 13:11:59 GMT
Content-Type: image/jpeg
Content-Length: 17749
Last-Modified: Wed, 30 Nov 2022 14:39:53 GMT
Connection: keep-alive
ETag: "63876b39-4555"
Cache-Control: max-age=604800, public
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b411ab32a7dfa1bf6aca3fcf51cf70fc
29e86fbbc654609a3f7344e580895b49a67d26cc
78fe5f94cb20f53d0e16f581ce11602e59356be6770d626ec237b343058fba15

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78FE5F94CB20F53D0E16F581CE11602E59356BE6770D626EC237B343058FBA15"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7329
Expires: Fri, 02 Dec 2022 15:14:08 GMT
Date: Fri, 02 Dec 2022 13:11:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b411ab32a7dfa1bf6aca3fcf51cf70fc
29e86fbbc654609a3f7344e580895b49a67d26cc
78fe5f94cb20f53d0e16f581ce11602e59356be6770d626ec237b343058fba15

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78FE5F94CB20F53D0E16F581CE11602E59356BE6770D626EC237B343058FBA15"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2532
Expires: Fri, 02 Dec 2022 13:54:11 GMT
Date: Fri, 02 Dec 2022 13:11:59 GMT
Connection: keep-alive

t80.pixhost.to/thumbs/92/321339313_streaming-drenched-friend-girlfriend-2021-erotic-movie-18-online-free.jpg

94.229.45.2

200 OK

19 kB

URL HTTP/1.1
t80.pixhost.to/thumbs/92/321339313_streaming-drenched-friend-girlfriend-2021-erotic-movie-18-online-free.jpg
IP
94.229.45.2:0
ASN
#48326 DataNetworks s.r.o.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality", baseline, precision 8, 500x281, components 3\012- data
Size
19 kB (18921 bytes)
Hash
56e29a61801d36980060579fd8ccb00a
f6ad02350a64cc99279620160b8af10bafa34628
c1b2de94f2d394bf10358fac9603f181de0d1d8a6c1e10698ac709f337c3f209

HTTP Headers

GET /thumbs/92/321339313_streaming-drenched-friend-girlfriend-2021-erotic-movie-18-online-free.jpg HTTP/1.1
Host: t80.pixhost.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18korea.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 02 Dec 2022 13:11:59 GMT
Content-Type: image/jpeg
Content-Length: 18921
Last-Modified: Wed, 30 Nov 2022 14:39:47 GMT
Connection: keep-alive
ETag: "63876b33-49e9"
Cache-Control: max-age=604800, public
Accept-Ranges: bytes

t80.pixhost.to/thumbs/92/321339317_an-affair-old-lady-in-her-40s-who-can-do-it-inside-erotic-movie-18-free.jpg

94.229.45.2

200 OK

24 kB

URL HTTP/1.1
t80.pixhost.to/thumbs/92/321339317_an-affair-old-lady-in-her-40s-who-can-do-it-inside-erotic-movie-18-free.jpg
IP
94.229.45.2:0
ASN
#48326 DataNetworks s.r.o.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality", baseline, precision 8, 500x281, components 3\012- data
Size
24 kB (23554 bytes)
Hash
b332ccfbc4be76a05094786cabc35bb0
3127347390433c7d9a80f0b76a594de002f3ae72
38e129fd67d152b060ac6e10c0aebc0efa4c7a69b0d20911dccd43663c921536

HTTP Headers

GET /thumbs/92/321339317_an-affair-old-lady-in-her-40s-who-can-do-it-inside-erotic-movie-18-free.jpg HTTP/1.1
Host: t80.pixhost.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18korea.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 02 Dec 2022 13:11:59 GMT
Content-Type: image/jpeg
Content-Length: 23554
Last-Modified: Wed, 30 Nov 2022 14:39:48 GMT
Connection: keep-alive
ETag: "63876b34-5c02"
Cache-Control: max-age=604800, public
Accept-Ranges: bytes

t80.pixhost.to/thumbs/92/321339320_streaming-nerisa-2021-erotic-movie-18-online-free.jpg

94.229.45.2

200 OK

36 kB

URL HTTP/1.1
t80.pixhost.to/thumbs/92/321339320_streaming-nerisa-2021-erotic-movie-18-online-free.jpg
IP
94.229.45.2:0
ASN
#48326 DataNetworks s.r.o.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality", baseline, precision 8, 500x281, components 3\012- data
Size
36 kB (36400 bytes)
Hash
2c23c81adb00151568227f404dcf1b27
b2681053b51a191fcc0e6f5149f8584a5cbcb23b
c0dde6458b289ef5fafb05c9682d9a2c00fcacc52302dacea43f7d4e547a272b

HTTP Headers

GET /thumbs/92/321339320_streaming-nerisa-2021-erotic-movie-18-online-free.jpg HTTP/1.1
Host: t80.pixhost.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18korea.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 02 Dec 2022 13:11:59 GMT
Content-Type: image/jpeg
Content-Length: 36400
Last-Modified: Wed, 30 Nov 2022 14:39:50 GMT
Connection: keep-alive
ETag: "63876b36-8e30"
Cache-Control: max-age=604800, public
Accept-Ranges: bytes

interstitial-07.com/?l=xmPosaU4na8EynY&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2153250558%26z%3D4455918%26b%3D15950248%26c%3D6382289%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DN0x8OPYGH64FUmc_TWICyNyP_YBq-CTcvJy1iOpmf2R6XT4Oj8lIGZ6kIitpdQMnScppdWs1e4RzYM_KV8Ykb92n5_YjVb7ai2nRSYGTwYULzlVKEFAr95T5ztV_rGMOvNUotHJKJnYs6niTlHmdH4xWn7IcDalC6wZ3-e_wtEei3x31sU-F17ANdIZbSRfK9b5WjWnTbMECWBgBznLySAbm37HcLwD5b9F5FnHLROVfSQdv_AcKhqBie-DnMGUyoaOgLMPUfk90xuh_Jcnh5Xb9BB3Q8LW-gdzYEKe5GHdSdrwuj8liQmKAVnsuN5OPJo3y0aBPPMV9f-GEk5lDC9TqwZ18rGAcQ0agu5yQw_UF_Z5YaswChF87hjyURH2v_PvIpvndHKASc5qc0hBeZkxBaVZHRqZPw8D6pMmO35zXY7q8_S2O9XLd_NqCYot4h86WuzHaf-0TxGl4Ux9EVUmToTQl_1kjsN1hMcCyCh-ojvtLgOwkcBxHmqpE6cO27Tvu4mkpd0yhVaEScsUe09UOLW1sNvKedWjvqJ-Iya8P-n4Hidq4JqwzJTZB0ul8qgYqprErQT0Z7y577mgebXYPpA8JZdi9hmBzMzb-T7DAp0-W_yRuF74XeuDpqejGZHlJwKXOIoTRD7aVv7aUtQ%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3Dc851dcc6-47c0-44ab-b4fb-c83f7c999324%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fninjastream.to%252Fwatch%252FNg9QnBwE6QVKb%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D970%26wiw%3D970%26wih%3D546%26wfc%3D3%26sah%3D1002%26drf%3Dhttps%253A%252F%252F18korea.net%252F%26hil%3D1%26ist%3D0%26tbc%3D0

139.45.197.155

200 OK

16 kB

URL HTTP/2
interstitial-07.com/?l=xmPosaU4na8EynY&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2153250558%26z%3D4455918%26b%3D15950248%26c%3D6382289%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DN0x8OPYGH64FUmc_TWICyNyP_YBq-CTcvJy1iOpmf2R6XT4Oj8lIGZ6kIitpdQMnScppdWs1e4RzYM_KV8Ykb92n5_YjVb7ai2nRSYGTwYULzlVKEFAr95T5ztV_rGMOvNUotHJKJnYs6niTlHmdH4xWn7IcDalC6wZ3-e_wtEei3x31sU-F17ANdIZbSRfK9b5WjWnTbMECWBgBznLySAbm37HcLwD5b9F5FnHLROVfSQdv_AcKhqBie-DnMGUyoaOgLMPUfk90xuh_Jcnh5Xb9BB3Q8LW-gdzYEKe5GHdSdrwuj8liQmKAVnsuN5OPJo3y0aBPPMV9f-GEk5lDC9TqwZ18rGAcQ0agu5yQw_UF_Z5YaswChF87hjyURH2v_PvIpvndHKASc5qc0hBeZkxBaVZHRqZPw8D6pMmO35zXY7q8_S2O9XLd_NqCYot4h86WuzHaf-0TxGl4Ux9EVUmToTQl_1kjsN1hMcCyCh-ojvtLgOwkcBxHmqpE6cO27Tvu4mkpd0yhVaEScsUe09UOLW1sNvKedWjvqJ-Iya8P-n4Hidq4JqwzJTZB0ul8qgYqprErQT0Z7y577mgebXYPpA8JZdi9hmBzMzb-T7DAp0-W_yRuF74XeuDpqejGZHlJwKXOIoTRD7aVv7aUtQ%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3Dc851dcc6-47c0-44ab-b4fb-c83f7c999324%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fninjastream.to%252Fwatch%252FNg9QnBwE6QVKb%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D970%26wiw%3D970%26wih%3D546%26wfc%3D3%26sah%3D1002%26drf%3Dhttps%253A%252F%252F18korea.net%252F%26hil%3D1%26ist%3D0%26tbc%3D0
IP
139.45.197.155:0
ASN
#9002 RETN Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1481)
Size
16 kB (15648 bytes)
Hash
bb30bee0569b8ea8ba4b0aa811e3782c
5163c62ed2c91d9f3258b20f480a769b8d1851b2
fabbfdabe3d0633dda12b15a924c8951225e175aac9057a7dc370256f36f5dd1

HTTP Headers

GET /?l=xmPosaU4na8EynY&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2153250558%26z%3D4455918%26b%3D15950248%26c%3D6382289%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DN0x8OPYGH64FUmc_TWICyNyP_YBq-CTcvJy1iOpmf2R6XT4Oj8lIGZ6kIitpdQMnScppdWs1e4RzYM_KV8Ykb92n5_YjVb7ai2nRSYGTwYULzlVKEFAr95T5ztV_rGMOvNUotHJKJnYs6niTlHmdH4xWn7IcDalC6wZ3-e_wtEei3x31sU-F17ANdIZbSRfK9b5WjWnTbMECWBgBznLySAbm37HcLwD5b9F5FnHLROVfSQdv_AcKhqBie-DnMGUyoaOgLMPUfk90xuh_Jcnh5Xb9BB3Q8LW-gdzYEKe5GHdSdrwuj8liQmKAVnsuN5OPJo3y0aBPPMV9f-GEk5lDC9TqwZ18rGAcQ0agu5yQw_UF_Z5YaswChF87hjyURH2v_PvIpvndHKASc5qc0hBeZkxBaVZHRqZPw8D6pMmO35zXY7q8_S2O9XLd_NqCYot4h86WuzHaf-0TxGl4Ux9EVUmToTQl_1kjsN1hMcCyCh-ojvtLgOwkcBxHmqpE6cO27Tvu4mkpd0yhVaEScsUe09UOLW1sNvKedWjvqJ-Iya8P-n4Hidq4JqwzJTZB0ul8qgYqprErQT0Z7y577mgebXYPpA8JZdi9hmBzMzb-T7DAp0-W_yRuF74XeuDpqejGZHlJwKXOIoTRD7aVv7aUtQ%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3Dc851dcc6-47c0-44ab-b4fb-c83f7c999324%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fninjastream.to%252Fwatch%252FNg9QnBwE6QVKb%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D970%26wiw%3D970%26wih%3D546%26wfc%3D3%26sah%3D1002%26drf%3Dhttps%253A%252F%252F18korea.net%252F%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.24
set-cookie: reverse=P5uSGlpL7N6J2Bq5lerEprtn5BxMT02dtSyg6cQ-Osw; expires=Fri, 02-Dec-2022 14:11:59 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

t80.pixhost.to/thumbs/92/321339324_streaming-sexy-tutor-2021-erotic-movie-18-online-free.jpg

94.229.45.2

200 OK

23 kB

URL HTTP/1.1
t80.pixhost.to/thumbs/92/321339324_streaming-sexy-tutor-2021-erotic-movie-18-online-free.jpg
IP
94.229.45.2:0
ASN
#48326 DataNetworks s.r.o.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality", baseline, precision 8, 500x281, components 3\012- data
Size
23 kB (23415 bytes)
Hash
7b4738e6f7c1577bd37689a38068a53d
a63836cdc1c9876d68469fd1a25764ab3f9d3264
76adcb5e30a613e28504c90533fb576c4e712f68c626cb6ad94b7f688699b337

HTTP Headers

GET /thumbs/92/321339324_streaming-sexy-tutor-2021-erotic-movie-18-online-free.jpg HTTP/1.1
Host: t80.pixhost.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18korea.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 02 Dec 2022 13:11:59 GMT
Content-Type: image/jpeg
Content-Length: 23415
Last-Modified: Wed, 30 Nov 2022 14:39:51 GMT
Connection: keep-alive
ETag: "63876b37-5b77"
Cache-Control: max-age=604800, public
Accept-Ranges: bytes

interstitial-07.com/?l=ZLNffCnc9jNppQ6&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fcdn.uponelectabuzzor.club%2F12%3Frnd%3D1943011066%26z%3D5096881%26b%3D15950250%26c%3D6382289%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D2q1uXKeBfRrjAGY4djTZrXkxAIffCgiCaUNcg_Hk3o2ZRjr41w4FJ9VrPokqlxaNU2Px1ao34ATV1t7PObjkpgYl9IPFg641bQBUOuu2PLbteldwa08bOgYDdKah-8VGLgtFVd7US2Y0XCaIw0fe9vR90YCDe7celXYLNAnTqxn0EpdKJQ_SAk5sOQXwch8RTy_LRQqv4eGg2-CWL0XH3nxE97U9mQ43ulhepM9iOgY10MwV6_XdDM3fn0DbO5193CO9TQPloLKIGu29BN7QaDuV-viFZoyNYuoPXWbM94K1kcx1ONAMh-3qUnTLla4AVlL0F7t89rsL24GH0RBSmIRnyGlZo-aM8ntBnBR12wkJCk3tEbVHMUqjqVH_G6a8tDa-UlHvHdD-YIZp852mjuaYDicHF1nd3zMHBXeZNyIeRkZnU8EdzWSQlZYS4Qxifz1qgQJ_8668YOVqzmw3uXNrl4ENMI476SjHIlZ0T2pCc0CiauX9ZjULD40VIleUTlsSzptVUBVjPUjsiHYtlCsd6xHCSrt0a-QZLgv3DDsh-mnmPYXsTE9_s7KxWfpKRVXsN088_0RY35_Gxy7kGkyFN8SsfSsNNiqXR_LpLVM0RVlmsc1ogTEo796HzGsDR-ecIzpBoosASVvm5xzyCA%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D2ed21b21-3c9d-434d-8536-d750be93db91%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fninjastream.to%252Fwatch%252FNg9QnBwE6QVKb%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D970%26wiw%3D970%26wih%3D546%26wfc%3D2%26sah%3D1002%26drf%3Dhttps%253A%252F%252F18korea.net%252F%26hil%3D1%26ist%3D0%26tbc%3D0

139.45.197.155

200 OK

57 kB

URL HTTP/2
interstitial-07.com/?l=ZLNffCnc9jNppQ6&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fcdn.uponelectabuzzor.club%2F12%3Frnd%3D1943011066%26z%3D5096881%26b%3D15950250%26c%3D6382289%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D2q1uXKeBfRrjAGY4djTZrXkxAIffCgiCaUNcg_Hk3o2ZRjr41w4FJ9VrPokqlxaNU2Px1ao34ATV1t7PObjkpgYl9IPFg641bQBUOuu2PLbteldwa08bOgYDdKah-8VGLgtFVd7US2Y0XCaIw0fe9vR90YCDe7celXYLNAnTqxn0EpdKJQ_SAk5sOQXwch8RTy_LRQqv4eGg2-CWL0XH3nxE97U9mQ43ulhepM9iOgY10MwV6_XdDM3fn0DbO5193CO9TQPloLKIGu29BN7QaDuV-viFZoyNYuoPXWbM94K1kcx1ONAMh-3qUnTLla4AVlL0F7t89rsL24GH0RBSmIRnyGlZo-aM8ntBnBR12wkJCk3tEbVHMUqjqVH_G6a8tDa-UlHvHdD-YIZp852mjuaYDicHF1nd3zMHBXeZNyIeRkZnU8EdzWSQlZYS4Qxifz1qgQJ_8668YOVqzmw3uXNrl4ENMI476SjHIlZ0T2pCc0CiauX9ZjULD40VIleUTlsSzptVUBVjPUjsiHYtlCsd6xHCSrt0a-QZLgv3DDsh-mnmPYXsTE9_s7KxWfpKRVXsN088_0RY35_Gxy7kGkyFN8SsfSsNNiqXR_LpLVM0RVlmsc1ogTEo796HzGsDR-ecIzpBoosASVvm5xzyCA%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D2ed21b21-3c9d-434d-8536-d750be93db91%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fninjastream.to%252Fwatch%252FNg9QnBwE6QVKb%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D970%26wiw%3D970%26wih%3D546%26wfc%3D2%26sah%3D1002%26drf%3Dhttps%253A%252F%252F18korea.net%252F%26hil%3D1%26ist%3D0%26tbc%3D0
IP
139.45.197.155:0
ASN
#9002 RETN Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1494)
Size
57 kB (56787 bytes)
Hash
5e58b4c0a267ee3e774d2669ce0ccb91
fbb00123d15e534a86d9d92072e199ce8fcbc96d
cdbb254cdac04328087043f62b8176891c0d68d4e00256565b409350ab5c6214

HTTP Headers

GET /?l=ZLNffCnc9jNppQ6&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fcdn.uponelectabuzzor.club%2F12%3Frnd%3D1943011066%26z%3D5096881%26b%3D15950250%26c%3D6382289%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D2q1uXKeBfRrjAGY4djTZrXkxAIffCgiCaUNcg_Hk3o2ZRjr41w4FJ9VrPokqlxaNU2Px1ao34ATV1t7PObjkpgYl9IPFg641bQBUOuu2PLbteldwa08bOgYDdKah-8VGLgtFVd7US2Y0XCaIw0fe9vR90YCDe7celXYLNAnTqxn0EpdKJQ_SAk5sOQXwch8RTy_LRQqv4eGg2-CWL0XH3nxE97U9mQ43ulhepM9iOgY10MwV6_XdDM3fn0DbO5193CO9TQPloLKIGu29BN7QaDuV-viFZoyNYuoPXWbM94K1kcx1ONAMh-3qUnTLla4AVlL0F7t89rsL24GH0RBSmIRnyGlZo-aM8ntBnBR12wkJCk3tEbVHMUqjqVH_G6a8tDa-UlHvHdD-YIZp852mjuaYDicHF1nd3zMHBXeZNyIeRkZnU8EdzWSQlZYS4Qxifz1qgQJ_8668YOVqzmw3uXNrl4ENMI476SjHIlZ0T2pCc0CiauX9ZjULD40VIleUTlsSzptVUBVjPUjsiHYtlCsd6xHCSrt0a-QZLgv3DDsh-mnmPYXsTE9_s7KxWfpKRVXsN088_0RY35_Gxy7kGkyFN8SsfSsNNiqXR_LpLVM0RVlmsc1ogTEo796HzGsDR-ecIzpBoosASVvm5xzyCA%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D2ed21b21-3c9d-434d-8536-d750be93db91%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fninjastream.to%252Fwatch%252FNg9QnBwE6QVKb%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D970%26wiw%3D970%26wih%3D546%26wfc%3D2%26sah%3D1002%26drf%3Dhttps%253A%252F%252F18korea.net%252F%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.24
set-cookie: reverse=uKfXlPZvHGObYcKWyoZA4vQfpqZzNqoYVqTELGOUjuI; expires=Fri, 02-Dec-2022 14:11:59 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

interstitial-07.com/contents/s/f2/ea/94/2045b6191cf4e8883f945577d6/01419289930266.jpeg

139.45.197.155

200 OK

9.4 kB

URL HTTP/2
interstitial-07.com/contents/s/f2/ea/94/2045b6191cf4e8883f945577d6/01419289930266.jpeg
IP
139.45.197.155:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
9.4 kB (9383 bytes)
Hash
f2ea942045b6191cf4e8883f945577d6
f217ff303ef16d92e04767b99b50fab13fc5f0fa
270098f429a4d4715596182e3ad7a1da6862c10c12fc3a104be6ffcd8a649c0d

HTTP Headers

GET /contents/s/f2/ea/94/2045b6191cf4e8883f945577d6/01419289930266.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=xmPosaU4na8EynY&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2153250558%26z%3D4455918%26b%3D15950248%26c%3D6382289%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DN0x8OPYGH64FUmc_TWICyNyP_YBq-CTcvJy1iOpmf2R6XT4Oj8lIGZ6kIitpdQMnScppdWs1e4RzYM_KV8Ykb92n5_YjVb7ai2nRSYGTwYULzlVKEFAr95T5ztV_rGMOvNUotHJKJnYs6niTlHmdH4xWn7IcDalC6wZ3-e_wtEei3x31sU-F17ANdIZbSRfK9b5WjWnTbMECWBgBznLySAbm37HcLwD5b9F5FnHLROVfSQdv_AcKhqBie-DnMGUyoaOgLMPUfk90xuh_Jcnh5Xb9BB3Q8LW-gdzYEKe5GHdSdrwuj8liQmKAVnsuN5OPJo3y0aBPPMV9f-GEk5lDC9TqwZ18rGAcQ0agu5yQw_UF_Z5YaswChF87hjyURH2v_PvIpvndHKASc5qc0hBeZkxBaVZHRqZPw8D6pMmO35zXY7q8_S2O9XLd_NqCYot4h86WuzHaf-0TxGl4Ux9EVUmToTQl_1kjsN1hMcCyCh-ojvtLgOwkcBxHmqpE6cO27Tvu4mkpd0yhVaEScsUe09UOLW1sNvKedWjvqJ-Iya8P-n4Hidq4JqwzJTZB0ul8qgYqprErQT0Z7y577mgebXYPpA8JZdi9hmBzMzb-T7DAp0-W_yRuF74XeuDpqejGZHlJwKXOIoTRD7aVv7aUtQ%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3Dc851dcc6-47c0-44ab-b4fb-c83f7c999324%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fninjastream.to%252Fwatch%252FNg9QnBwE6QVKb%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D970%26wiw%3D970%26wih%3D546%26wfc%3D3%26sah%3D1002%26drf%3Dhttps%253A%252F%252F18korea.net%252F%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:59 GMT
content-type: image/jpeg
content-length: 9383
last-modified: Thu, 20 Oct 2022 03:21:16 GMT
vary: Accept-Encoding
etag: "6350beac-24a7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

interstitial-07.com/contents/s/48/9d/aa/767e850f7adee87656c9c618d6/0805769566320.jpeg

139.45.197.155

200 OK

33 kB

URL HTTP/2
interstitial-07.com/contents/s/48/9d/aa/767e850f7adee87656c9c618d6/0805769566320.jpeg
IP
139.45.197.155:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Size
33 kB (33145 bytes)
Hash
489daa767e850f7adee87656c9c618d6
f33d685ca860065daa3d42786e875c4f72c47376
420d07a28fd9eb7996feb6e3bc78a230b321be622551a6427d9eb7d4e43d7585

HTTP Headers

GET /contents/s/48/9d/aa/767e850f7adee87656c9c618d6/0805769566320.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=xmPosaU4na8EynY&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2153250558%26z%3D4455918%26b%3D15950248%26c%3D6382289%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DN0x8OPYGH64FUmc_TWICyNyP_YBq-CTcvJy1iOpmf2R6XT4Oj8lIGZ6kIitpdQMnScppdWs1e4RzYM_KV8Ykb92n5_YjVb7ai2nRSYGTwYULzlVKEFAr95T5ztV_rGMOvNUotHJKJnYs6niTlHmdH4xWn7IcDalC6wZ3-e_wtEei3x31sU-F17ANdIZbSRfK9b5WjWnTbMECWBgBznLySAbm37HcLwD5b9F5FnHLROVfSQdv_AcKhqBie-DnMGUyoaOgLMPUfk90xuh_Jcnh5Xb9BB3Q8LW-gdzYEKe5GHdSdrwuj8liQmKAVnsuN5OPJo3y0aBPPMV9f-GEk5lDC9TqwZ18rGAcQ0agu5yQw_UF_Z5YaswChF87hjyURH2v_PvIpvndHKASc5qc0hBeZkxBaVZHRqZPw8D6pMmO35zXY7q8_S2O9XLd_NqCYot4h86WuzHaf-0TxGl4Ux9EVUmToTQl_1kjsN1hMcCyCh-ojvtLgOwkcBxHmqpE6cO27Tvu4mkpd0yhVaEScsUe09UOLW1sNvKedWjvqJ-Iya8P-n4Hidq4JqwzJTZB0ul8qgYqprErQT0Z7y577mgebXYPpA8JZdi9hmBzMzb-T7DAp0-W_yRuF74XeuDpqejGZHlJwKXOIoTRD7aVv7aUtQ%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3Dc851dcc6-47c0-44ab-b4fb-c83f7c999324%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fninjastream.to%252Fwatch%252FNg9QnBwE6QVKb%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D970%26wiw%3D970%26wih%3D546%26wfc%3D3%26sah%3D1002%26drf%3Dhttps%253A%252F%252F18korea.net%252F%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:59 GMT
content-type: image/jpeg
content-length: 33145
last-modified: Thu, 20 Oct 2022 03:21:11 GMT
vary: Accept-Encoding
etag: "6350bea7-8179"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ce4664ff78f43f330fe8110c920f96c8
8d95283944a9217b18b8aeb68c17992b79ab5638
a855f987a1c193780de746a84c4693da05cbc5b3dd9d97d769918441be33ea9b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A855F987A1C193780DE746A84C4693DA05CBC5B3DD9D97D769918441BE33EA9B"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=62
Expires: Fri, 02 Dec 2022 13:13:01 GMT
Date: Fri, 02 Dec 2022 13:11:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ce4664ff78f43f330fe8110c920f96c8
8d95283944a9217b18b8aeb68c17992b79ab5638
a855f987a1c193780de746a84c4693da05cbc5b3dd9d97d769918441be33ea9b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A855F987A1C193780DE746A84C4693DA05CBC5B3DD9D97D769918441BE33EA9B"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=62
Expires: Fri, 02 Dec 2022 13:13:01 GMT
Date: Fri, 02 Dec 2022 13:11:59 GMT
Connection: keep-alive

unphionetor.com/fv.js?t=72747&cb=2089599589

139.45.197.236

200 OK

2.2 kB

URL HTTP/2
unphionetor.com/fv.js?t=72747&cb=2089599589
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (5213), with no line terminators
Size
2.2 kB (2153 bytes)
Hash
0254fb1dad74628b7ad0f97d304fac92
35f7af13a08eb87023ec7df4d3c35c21b2cde79d
47fb6ce428ca80ea69b772e4f66e4e5c622a4005db601746033d04511bd27536

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /fv.js?t=72747&cb=2089599589 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:59 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 45338026f3bb17b0a55105a05d9c075c
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

unphionetor.com/fv.js?t=72747&cb=395070695

139.45.197.236

200 OK

2.2 kB

URL HTTP/2
unphionetor.com/fv.js?t=72747&cb=395070695
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (5213), with no line terminators
Size
2.2 kB (2153 bytes)
Hash
0254fb1dad74628b7ad0f97d304fac92
35f7af13a08eb87023ec7df4d3c35c21b2cde79d
47fb6ce428ca80ea69b772e4f66e4e5c622a4005db601746033d04511bd27536

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /fv.js?t=72747&cb=395070695 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:59 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 67feec79b4b5a79213dd9fd78a0fcc40
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

nanouwho.com/11?rnd=966218931&z=4455918&b=15950248&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=N0x8OPYGH64FUmc_TWICyNyP_YBq-CTcvJy1iOpmf2R6XT4Oj8lIGZ6kIitpdQMnScppdWs1e4RzYM_KV8Ykb92n5_YjVb7ai2nRSYGTwYULzlVKEFAr95T5ztV_rGMOvNUotHJKJnYs6niTlHmdH4xWn7IcDalC6wZ3-e_wtEei3x31sU-F17ANdIZbSRfK9b5WjWnTbMECWBgBznLySAbm37HcLwD5b9F5FnHLROVfSQdv_AcKhqBie-DnMGUyoaOgLMPUfk90xuh_Jcnh5Xb9BB3Q8LW-gdzYEKe5GHdSdrwuj8liQmKAVnsuN5OPJo3y0aBPPMV9f-GEk5lDC9TqwZ18rGAcQ0agu5yQw_UF_Z5YaswChF87hjyURH2v_PvIpvndHKASc5qc0hBeZkxBaVZHRqZPw8D6pMmO35zXY7q8_S2O9XLd_NqCYot4h86WuzHaf-0TxGl4Ux9EVUmToTQl_1kjsN1hMcCyCh-ojvtLgOwkcBxHmqpE6cO27Tvu4mkpd0yhVaEScsUe09UOLW1sNvKedWjvqJ-Iya8P-n4Hidq4JqwzJTZB0ul8qgYqprErQT0Z7y577mgebXYPpA8JZdi9hmBzMzb-T7DAp0-W_yRuF74XeuDpqejGZHlJwKXOIoTRD7aVv7aUtQ==&ruid=c851dcc6-47c0-44ab-b4fb-c83f7c999324&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&wy=0&wx=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=3&sah=1002&drf=https%3A%2F%2F18korea.net%2F&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/11?rnd=966218931&z=4455918&b=15950248&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=N0x8OPYGH64FUmc_TWICyNyP_YBq-CTcvJy1iOpmf2R6XT4Oj8lIGZ6kIitpdQMnScppdWs1e4RzYM_KV8Ykb92n5_YjVb7ai2nRSYGTwYULzlVKEFAr95T5ztV_rGMOvNUotHJKJnYs6niTlHmdH4xWn7IcDalC6wZ3-e_wtEei3x31sU-F17ANdIZbSRfK9b5WjWnTbMECWBgBznLySAbm37HcLwD5b9F5FnHLROVfSQdv_AcKhqBie-DnMGUyoaOgLMPUfk90xuh_Jcnh5Xb9BB3Q8LW-gdzYEKe5GHdSdrwuj8liQmKAVnsuN5OPJo3y0aBPPMV9f-GEk5lDC9TqwZ18rGAcQ0agu5yQw_UF_Z5YaswChF87hjyURH2v_PvIpvndHKASc5qc0hBeZkxBaVZHRqZPw8D6pMmO35zXY7q8_S2O9XLd_NqCYot4h86WuzHaf-0TxGl4Ux9EVUmToTQl_1kjsN1hMcCyCh-ojvtLgOwkcBxHmqpE6cO27Tvu4mkpd0yhVaEScsUe09UOLW1sNvKedWjvqJ-Iya8P-n4Hidq4JqwzJTZB0ul8qgYqprErQT0Z7y577mgebXYPpA8JZdi9hmBzMzb-T7DAp0-W_yRuF74XeuDpqejGZHlJwKXOIoTRD7aVv7aUtQ==&ruid=c851dcc6-47c0-44ab-b4fb-c83f7c999324&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&wy=0&wx=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=3&sah=1002&drf=https%3A%2F%2F18korea.net%2F&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /11?rnd=966218931&z=4455918&b=15950248&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=N0x8OPYGH64FUmc_TWICyNyP_YBq-CTcvJy1iOpmf2R6XT4Oj8lIGZ6kIitpdQMnScppdWs1e4RzYM_KV8Ykb92n5_YjVb7ai2nRSYGTwYULzlVKEFAr95T5ztV_rGMOvNUotHJKJnYs6niTlHmdH4xWn7IcDalC6wZ3-e_wtEei3x31sU-F17ANdIZbSRfK9b5WjWnTbMECWBgBznLySAbm37HcLwD5b9F5FnHLROVfSQdv_AcKhqBie-DnMGUyoaOgLMPUfk90xuh_Jcnh5Xb9BB3Q8LW-gdzYEKe5GHdSdrwuj8liQmKAVnsuN5OPJo3y0aBPPMV9f-GEk5lDC9TqwZ18rGAcQ0agu5yQw_UF_Z5YaswChF87hjyURH2v_PvIpvndHKASc5qc0hBeZkxBaVZHRqZPw8D6pMmO35zXY7q8_S2O9XLd_NqCYot4h86WuzHaf-0TxGl4Ux9EVUmToTQl_1kjsN1hMcCyCh-ojvtLgOwkcBxHmqpE6cO27Tvu4mkpd0yhVaEScsUe09UOLW1sNvKedWjvqJ-Iya8P-n4Hidq4JqwzJTZB0ul8qgYqprErQT0Z7y577mgebXYPpA8JZdi9hmBzMzb-T7DAp0-W_yRuF74XeuDpqejGZHlJwKXOIoTRD7aVv7aUtQ==&ruid=c851dcc6-47c0-44ab-b4fb-c83f7c999324&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&wy=0&wx=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=3&sah=1002&drf=https%3A%2F%2F18korea.net%2F&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ninjastream.to
Connection: keep-alive
Referer: https://ninjastream.to/
Cookie: scm=1; OAID=fb9ae91e70c44b5c80b967e6fe9949ad; oaidts=1669986718
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:59 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://ninjastream.to
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 7183c9974333b650d23ce81210702556
access-control-expose-headers: X-Sc
set-cookie: OAID=fb9ae91e70c44b5c80b967e6fe9949ad; expires=Sat, 02 Dec 2023 13:11:59 GMT; secure; SameSite=None
oaidts=1669986718; expires=Sat, 02 Dec 2023 13:11:59 GMT; secure; SameSite=None
oaidvc=1; expires=Sat, 02 Dec 2023 13:11:59 GMT; secure; SameSite=None
CNT=1_v1_qGHzAAEAAACAS2lk; expires=Fri, 02 Dec 2022 14:11:59 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 02 Dec 2022 13:11:59 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 0946f18be0afefe1362014b96451b7ad
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 02 Dec 2022 13:11:59 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 24e3552ba71eeb758f34298fa7a0a2f2
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-BNGW6L3J0E&gtm=2oebu0&_p=850443743&cid=1778038652.1669986718&ul=en-us&sr=1280x1024&_s=1&sid=1669986717&sct=1&seg=0&dl=https%3A%2F%2F18korea.net%2Fwatch%2Fyoung-aunt-3-co-gi-tre-chung-3-&dt=Young%20Aunt%203%20(%20C%C3%B4%20G%C3%AC%20tr%E1%BA%BB%20chung%203%20)&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-BNGW6L3J0E&gtm=2oebu0&_p=850443743&cid=1778038652.1669986718&ul=en-us&sr=1280x1024&_s=1&sid=1669986717&sct=1&seg=0&dl=https%3A%2F%2F18korea.net%2Fwatch%2Fyoung-aunt-3-co-gi-tre-chung-3-&dt=Young%20Aunt%203%20(%20C%C3%B4%20G%C3%AC%20tr%E1%BA%BB%20chung%203%20)&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-BNGW6L3J0E&gtm=2oebu0&_p=850443743&cid=1778038652.1669986718&ul=en-us&sr=1280x1024&_s=1&sid=1669986717&sct=1&seg=0&dl=https%3A%2F%2F18korea.net%2Fwatch%2Fyoung-aunt-3-co-gi-tre-chung-3-&dt=Young%20Aunt%203%20(%20C%C3%B4%20G%C3%AC%20tr%E1%BA%BB%20chung%203%20)&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://18korea.net
Connection: keep-alive
Referer: https://18korea.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://18korea.net
date: Fri, 02 Dec 2022 13:12:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

18korea.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

104.21.235.34

200 OK

0 B

URL HTTP/2
18korea.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
104.21.235.34:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: 18korea.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-
Cookie: X_CACHE_KEY=a474c2dac1d6041d1c95faaca1aac622; PHPSESSID=7d9bhi5k0qlr19inrsvjorlaru
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:11:56 GMT
content-type: application/javascript
last-modified: Wed, 30 Nov 2022 18:31:41 GMT
etag: W/"6387a18d-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lcq4m97tsetj4lWIn5cndKzv57yingSilH6l3Jfe%2BesdbLAmQ3EFE8CrnUJpbFM7I0yby8vCvasEvD7krOKHUUcrrzLJLoT%2BVt9u2EAaJJHiAbORAppwAOt0OlzS%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77344fb19c9d71da-LHR
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sun, 04 Dec 2022 13:11:56 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2

nanouwho.com/27/1ead059fa749da4c72410ffa55976f24

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/27/1ead059fa749da4c72410ffa55976f24
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /27/1ead059fa749da4c72410ffa55976f24 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Cookie: scm=1; OAID=7907174b8ba24497ad174971967ffcaa; oaidts=1669986718
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:58 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Fri, 02 Dec 2022 03:31:44 GMT
expires: Fri, 01 Jan 2083 03:31:44 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.uponelectabuzzor.club/1?z=5096881

139.45.197.239

200 OK

0 B

URL HTTP/2
cdn.uponelectabuzzor.club/1?z=5096881
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /1?z=5096881 HTTP/1.1
Host: cdn.uponelectabuzzor.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:58 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: c001b2f229ad6a1ffd07985ddb3127f5
access-control-expose-headers: X-Sc
x-sc: w_WRE6SVBHrieZ2Ezj8Nvp_s4N9cQGgcgiczUJDH8LmaR6MsJjtfheZwikurHeMt4IfcBt8TdInpZI3jUKLhIQXaE7E=
set-cookie: scm=1; expires=Sat, 02 Dec 2023 13:11:58 GMT; secure; SameSite=None
OAID=849342e80ba84413b1673a7308c49edb; expires=Sat, 02 Dec 2023 13:11:58 GMT; secure; SameSite=None
oaidts=1669986718; expires=Sat, 02 Dec 2023 13:11:58 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

18korea.net/js/code.min.js

104.21.235.34

200 OK

0 B

URL HTTP/2
18korea.net/js/code.min.js
IP
104.21.235.34:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/code.min.js HTTP/1.1
Host: 18korea.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-
Cookie: X_CACHE_KEY=a474c2dac1d6041d1c95faaca1aac622; PHPSESSID=7d9bhi5k0qlr19inrsvjorlaru
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:11:56 GMT
content-type: application/javascript
last-modified: Tue, 29 Dec 2020 02:57:50 GMT
vary: Accept-Encoding
etag: W/"5fea9b2e-739c"
expires: Fri, 02 Dec 2022 18:49:36 GMT
cache-control: max-age=43200
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2FbEkyBA8KVnA0VA5YiD8thcaD46Au1uyxRBcRhzT9XzbJFLjVDy%2FEOmsi5OCYRpAcoJS6U4jTI4LtGIrpITXVxXt2b%2BIvy4M1NY3%2FSflbn9yaYORKW8s8BMid%2FRGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77344fb19c9a71da-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

betotodilea.com/400/4455000

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/400/4455000
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /400/4455000 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ninjastream.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:57 GMT
content-type: application/javascript
x-trace-id: 1241479bde4f94b350798c1bf40c47f3
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=2a9fd7ad489b4f9e90cd6d15bb692de8; expires=Sat, 02 Dec 2023 13:11:57 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

18korea.net/sever/player?v=young-aunt-3-co-gi-tre-chung-3-

104.21.235.34

200 OK

0 B

URL HTTP/2
18korea.net/sever/player?v=young-aunt-3-co-gi-tre-chung-3-
IP
104.21.235.34:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sever/player?v=young-aunt-3-co-gi-tre-chung-3- HTTP/1.1
Host: 18korea.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18korea.net/watch/young-aunt-3-co-gi-tre-chung-3-
Cookie: X_CACHE_KEY=a474c2dac1d6041d1c95faaca1aac622; PHPSESSID=7d9bhi5k0qlr19inrsvjorlaru
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:11:56 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sv7rKRL3ZVQVHGrxZ6NGTtXXUzzt2uNy276rv5wZvNYd7PkVzgqCgPj4bYxmswEeP42CAd%2FseP54ShCHkhl%2BWyoeLOXoeNwytCoy78SaCxgeR%2FnQT6yTfxUrPseX9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77344fb18c7971da-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993

104.16.56.101

200 OK

0 B

URL HTTP/2
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP
104.16.56.101:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://18korea.net
Connection: keep-alive
Referer: https://18korea.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:11:56 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 77344fb1dd9fb529-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

139.45.197.239

200 OK

0 B

URL HTTP/2
cdn.uponelectabuzzor.club/9?z=5096881&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&wy=0&wx=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=2&sah=1002&drf=https%3A%2F%2F18korea.net%2F&hil=1&ist=0&oaid=fb9ae91e70c44b5c80b967e6fe9949ad
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /9?z=5096881&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fninjastream.to%2Fwatch%2FNg9QnBwE6QVKb&wy=0&wx=0&ww=1280&wh=1024&cw=970&wiw=970&wih=546&wfc=2&sah=1002&drf=https%3A%2F%2F18korea.net%2F&hil=1&ist=0&oaid=fb9ae91e70c44b5c80b967e6fe9949ad HTTP/1.1
Host: cdn.uponelectabuzzor.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 43
Origin: https://ninjastream.to
Connection: keep-alive
Referer: https://ninjastream.to/
Cookie: scm=1; OAID=849342e80ba84413b1673a7308c49edb; oaidts=1669986718
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:11:59 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://ninjastream.to
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: d4e0fa49a45e5ec2f9874a64ffcc2761
access-control-expose-headers: X-Sc
set-cookie: OAID=fb9ae91e70c44b5c80b967e6fe9949ad; expires=Sat, 02 Dec 2023 13:11:59 GMT; secure; SameSite=None
oaidts=1669986718; expires=Sat, 02 Dec 2023 13:11:59 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (55)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations