ocsp.pki.goog/s/gts1d4/4hzDDNhMf2w
471 B URL ocsp.pki.goog/s/gts1d4/4hzDDNhMf2w
IP
Hash 1dc9874235dd9d1ec7fbd937bdfa4a2a
59db37c761692112cc85c63b983fb6f65073a362
65e3805311a58dbdb5c4f5a50fd0a5d144dc653b43af70926b4a09e8ad98b8d9
POST /s/gts1d4/4hzDDNhMf2w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:07 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
200 OK 37 kB URL User Request GET HTTP/2 www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
IP
Certificate IssuerGoogle Trust Services LLC
Subjectwww.deatusa.com
Fingerprint06:33:9E:EC:8E:15:57:67:91:8D:7E:B4:F1:AD:A7:B2:F0:A9:60:66
ValidityTue, 03 Oct 2023 11:15:07 GMT - Mon, 01 Jan 2024 12:02:38 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (851)
Hash 983f615924eb62bb5dc39f9314ccc7e3
0148b750357739ea1f4bf953db7725581389bafa
ec7840e59f631c125f1fd9cab9c0a3c920a04fe68648ecce08066dd42cb1011d
GET /2023/10/barcelona-vs-athletic.html?m=1 HTTP/1.1
Host: www.deatusa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Sun, 22 Oct 2023 20:09:07 GMT
date: Sun, 22 Oct 2023 20:09:07 GMT
cache-control: private, max-age=0
last-modified: Sun, 22 Oct 2023 19:57:14 GMT
etag: W/"257d6c4bd155e3745cddd37703fd5c93dc7fc70e5ce3ffd6a2c4bac5bfdd4c08"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 36847
server: GSE
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/fontawesome.min.css
10 kB URL cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/fontawesome.min.css
IP
File type ASCII text, with very long lines (57726)
Hash 3df0b27b3e75de7efd800af1d77d56cc
e8138ee186548f18db7642d80860124b86809446
f8d00356859998784bda26e1d14f2d981515921b96ded50d5d6f6f0e75bac15c
GET /ajax/libs/font-awesome/5.15.1/css/fontawesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:07 GMT
content-type: text/css; charset=utf-8
content-length: 10265
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942a3b-2819"
last-modified: Thu, 22 Jun 2023 11:02:19 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4512130
expires: Fri, 11 Oct 2024 20:09:07 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q4AMHNXP9s1XeSHd%2FbdyoStPKVtfMh88nHPkHZ0gdX%2BhIR0PFitnQIvL048mG9ipOtutyZ5HlQc65fT%2FPE%2BwtB0ME2o1PWHSzOErERKo%2BemfDv%2F7fIJ3TjL66rXfu6eu9fDBYso8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 81a46050eaefb50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
200 OK 28 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65451)
Hash dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 28007
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942b1e-6d67"
last-modified: Thu, 22 Jun 2023 11:06:06 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3974811
expires: Fri, 11 Oct 2024 20:09:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BJh0d6ZUCQ%2FHr1ie6gJINhMMnejh8kF2XOm1705MUqkoUaHqHz3SQXkgzwopWR9F5yythpof0CWiR7%2FpH%2FLg23qQSUu8be0EIji65CNu%2FnL%2FdWUFDHKsEGshnXeWLBxVd1aehp9u"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 81a460512b3fb50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.deatusa.com/js/cookienotice.js
200 OK 2.0 kB URL GET HTTP/2 www.deatusa.com/js/cookienotice.js
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subjectwww.deatusa.com
Fingerprint06:33:9E:EC:8E:15:57:67:91:8D:7E:B4:F1:AD:A7:B2:F0:A9:60:66
ValidityTue, 03 Oct 2023 11:15:07 GMT - Mon, 01 Jan 2024 12:02:38 GMT
Hash a705132a2174f88e196ec3610d68faa8
3bad57a48d973a678fec600d45933010f6edc659
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
GET /js/cookienotice.js HTTP/1.1
Host: www.deatusa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
date: Sun, 22 Oct 2023 20:09:08 GMT
expires: Sun, 29 Oct 2023 20:09:08 GMT
cache-control: public, max-age=604800
last-modified: Sun, 22 Oct 2023 14:52:46 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
X-Firefox-Spdy: h2
jwpsrv.com/library/dvlGEDvMEeSLyCIACtqXBA.js
200 OK 44 kB URL GET HTTP/1.1 jwpsrv.com/library/dvlGEDvMEeSLyCIACtqXBA.js
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerAmazon
Subjectjwpsrv.com
FingerprintBB:B4:29:95:E8:2A:1E:5C:61:CA:77:5E:76:EC:77:05:49:6D:82:AA
ValidityMon, 20 Mar 2023 00:00:00 GMT - Tue, 16 Apr 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65143)
Hash 15fc93d766ada0dc5c477ade4d179bc9
b95b354d45f1b4568ad3da654617deb5d57ae09f
1a66d757bd8313170a34cc982158f2ee80345ca34227846e42bd9c999ef07785
GET /library/dvlGEDvMEeSLyCIACtqXBA.js HTTP/1.1
Host: jwpsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Content-Length: 44517
Connection: keep-alive
access-control-allow-origin: *
Cache-Control: max-age=180
Content-Encoding: gzip
Date: Sun, 22 Oct 2023 20:08:48 GMT
Server: openresty
x-robots-tag: noindex, indexifembedded
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: hF1b15IwNKrwLEm8Y1NBeg8LuIA2uQ2UT-m6x37-oqDvIWzAbNdWbQ==
Age: 20
ocsp.pki.goog/gts1c3
472 B IP
Hash 6101552df1511ad32229552ec3782c03
2549a317108c7bcdbd7bafb681b09d41d3336a8e
6bc32cbaf642297496cda000e1402b68bbb6ea497173cf4199bf5b6c39fdfcfc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 6101552df1511ad32229552ec3782c03
2549a317108c7bcdbd7bafb681b09d41d3336a8e
6bc32cbaf642297496cda000e1402b68bbb6ea497173cf4199bf5b6c39fdfcfc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 842c53c1f875724c897106d6749cadb3
635472886244b7951fa18e2b2f9c14235365b839
4f9208f4063043d6875cfae9633ccbf55ab54d022a764ae7f7ae9721f08fcb72
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-181670863-2
200 OK 69 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-181670863-2
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89
ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT
File type ASCII text, with very long lines (4179)
Hash 3a9f6c14d9fc0abea7f53c9604a86476
f7cf1b51d21714cd1d4edc1ff39317acbfa1b8c1
6ed2337aa0dd9918ec39b5f41fcfbd2c233fc4dcbf12eb630c6d0753f4e9b282
GET /gtag/js?id=UA-181670863-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 22 Oct 2023 20:09:08 GMT
expires: Sun, 22 Oct 2023 20:09:08 GMT
cache-control: private, max-age=900
last-modified: Sun, 22 Oct 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 69235
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.blogger.com/static/v1/widgets/872616150-widgets.js
200 OK 58 kB URL GET HTTP/2 www.blogger.com/static/v1/widgets/872616150-widgets.js
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subject*.blogger.com
Fingerprint22:E0:95:88:AE:09:30:46:B5:F5:FB:91:76:99:8C:EF:9C:5D:0B:50
ValidityThu, 28 Sep 2023 05:25:59 GMT - Thu, 21 Dec 2023 05:25:58 GMT
File type ASCII text, with very long lines (2215)
Hash aaf53aa7138020d2c2d438bac97add16
929a6d0dea1aa4a66dd5b9229a657157e04925b3
6a4b7664b8ac5c6fed73579023d5121e2d06c488d89f0b4b17d999c76401e3b9
GET /static/v1/widgets/872616150-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 57945
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 16 Oct 2023 02:11:04 GMT
expires: Tue, 15 Oct 2024 02:11:04 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 01:52:03 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 583084
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-F4GVHT6GPJ
200 OK 90 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-F4GVHT6GPJ
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89
ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT
File type ASCII text, with very long lines (5788)
Hash fe0327eeb38be9a0f69abfac61a2a572
3920ce772c309f778243f470a853cc1c90cfa11c
63cfab81b52f2423c3b1cd938cdd8b21abfc69c588ee57d109f224ce34c23c04
GET /gtag/js?id=G-F4GVHT6GPJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 22 Oct 2023 20:09:08 GMT
expires: Sun, 22 Oct 2023 20:09:08 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90059
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/webfonts/fa-solid-900.woff2
200 OK 80 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/webfonts/fa-solid-900.woff2
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 80300, version 331.-31392\012- data
Hash 8e1ed89b6ccb8ce41faf5cb672677105
9b592048b9062b00f0b2dd782d70a95b7dc69b83
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7
GET /ajax/libs/font-awesome/5.15.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.deatusa.com
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 22 Oct 2023 20:09:08 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 80300
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "64942a3b-139ac"
last-modified: Thu, 22 Jun 2023 11:02:19 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4517812
expires: Fri, 11 Oct 2024 20:09:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ktI9IXWpA%2B5x81mZ0a%2B7JVq68kJbdWzv0HsNpIdOC%2BnvzxaSnm2qkVJTEZlZoHH%2BQJkdLrQsaj5ts5BgwCm10gDOC8UpWD8cg1Bmu4AB0WUwMlbQCfov4y008UJV08JROxZVUwAf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 81a46053bba1b4f1-OSL
alt-svc: h3=":443"; ma=86400
ocsp.pki.goog/gts1c3
471 B IP
Hash d62d26bfdc78b03095b3b1ed71acbb77
8b17c7417306c2f5bfce55e5f4ca4cd0efab3284
7f23891dee43724ec01fae6da9ce6e6ea0d4dc3034e4f9a2bf43dd30da1a4646
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 6101552df1511ad32229552ec3782c03
2549a317108c7bcdbd7bafb681b09d41d3336a8e
6bc32cbaf642297496cda000e1402b68bbb6ea497173cf4199bf5b6c39fdfcfc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
471 B IP
Hash d62d26bfdc78b03095b3b1ed71acbb77
8b17c7417306c2f5bfce55e5f4ca4cd0efab3284
7f23891dee43724ec01fae6da9ce6e6ea0d4dc3034e4f9a2bf43dd30da1a4646
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 842c53c1f875724c897106d6749cadb3
635472886244b7951fa18e2b2f9c14235365b839
4f9208f4063043d6875cfae9633ccbf55ab54d022a764ae7f7ae9721f08fcb72
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
471 B IP
Hash d62d26bfdc78b03095b3b1ed71acbb77
8b17c7417306c2f5bfce55e5f4ca4cd0efab3284
7f23891dee43724ec01fae6da9ce6e6ea0d4dc3034e4f9a2bf43dd30da1a4646
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/inter/v2/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
200 OK 37 kB URL GET HTTP/2 fonts.gstatic.com/s/inter/v2/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT
File type Web Open Font Format (Version 2), TrueType, length 36740, version 1.0\012- data
Hash 0e55b8050e2050493eea30393bd5165c
dbfa3bd5e8777f148f44a3747a0b3b92b061a849
5f2ff871cd7f284064ca188d22dd0b8f2abb173b4f3cb03a7487d23717273021
GET /s/inter/v2/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.deatusa.com
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 36740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Oct 2023 01:01:34 GMT
expires: Sat, 19 Oct 2024 01:01:34 GMT
cache-control: public, max-age=31536000
age: 241654
last-modified: Fri, 26 Jun 2020 02:37:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/inter/v2/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
200 OK 37 kB URL GET HTTP/2 fonts.gstatic.com/s/inter/v2/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT
File type Web Open Font Format (Version 2), TrueType, length 36740, version 1.0\012- data
Hash 0e55b8050e2050493eea30393bd5165c
dbfa3bd5e8777f148f44a3747a0b3b92b061a849
5f2ff871cd7f284064ca188d22dd0b8f2abb173b4f3cb03a7487d23717273021
GET /s/inter/v2/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.deatusa.com
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 36740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Oct 2023 01:01:34 GMT
expires: Sat, 19 Oct 2024 01:01:34 GMT
cache-control: public, max-age=31536000
age: 241654
last-modified: Fri, 26 Jun 2020 02:37:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/inter/v2/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
200 OK 37 kB URL GET HTTP/2 fonts.gstatic.com/s/inter/v2/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT
File type Web Open Font Format (Version 2), TrueType, length 36740, version 1.0\012- data
Hash 0e55b8050e2050493eea30393bd5165c
dbfa3bd5e8777f148f44a3747a0b3b92b061a849
5f2ff871cd7f284064ca188d22dd0b8f2abb173b4f3cb03a7487d23717273021
GET /s/inter/v2/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.deatusa.com
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 36740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Oct 2023 01:01:34 GMT
expires: Sat, 19 Oct 2024 01:01:34 GMT
cache-control: public, max-age=31536000
age: 241654
last-modified: Fri, 26 Jun 2020 02:37:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ssl.p.jwpcdn.com/player/v/8.29.0/jwplayer.core.controls.js
200 OK 85 kB URL GET HTTP/2 ssl.p.jwpcdn.com/player/v/8.29.0/jwplayer.core.controls.js
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGlobalSign nv-sa
Subject*.jwplayer.com
FingerprintAB:15:C6:40:38:53:10:D6:CD:12:E9:B3:27:A9:9A:A9:79:8D:B2:9A
ValidityWed, 30 Aug 2023 18:09:48 GMT - Mon, 30 Sep 2024 18:09:47 GMT
File type ASCII text, with very long lines (65143)
Hash 5f1aa3e16060fbd8fe0bd3918d8a43e3
3cd758e77bc601985f1685c09ef1ee2f4ef5c9ff
9c4716092f12c43127bde81ec43d177867923da7a413316d9d0a1c8459943c1d
GET /player/v/8.29.0/jwplayer.core.controls.js HTTP/1.1
Host: ssl.p.jwpcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=31536000, immutable
last-modified: Mon, 02 Oct 2023 22:03:18 GMT
etag: "5f1aa3e16060fbd8fe0bd3918d8a43e3"
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 22 Oct 2023 20:09:08 GMT
via: 1.1 varnish
age: 1638358
x-served-by: cache-bma1683-BMA
x-cache: HIT
x-cache-hits: 197477
x-timer: S1698005349.764378,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 85285
X-Firefox-Spdy: h2
ssl.p.jwpcdn.com/player/v/8.29.0/jwpsrv.js
200 OK 20 kB URL GET HTTP/2 ssl.p.jwpcdn.com/player/v/8.29.0/jwpsrv.js
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGlobalSign nv-sa
Subject*.jwplayer.com
FingerprintAB:15:C6:40:38:53:10:D6:CD:12:E9:B3:27:A9:9A:A9:79:8D:B2:9A
ValidityWed, 30 Aug 2023 18:09:48 GMT - Mon, 30 Sep 2024 18:09:47 GMT
File type ASCII text, with very long lines (65290)
Hash 3ce929563cdc089513e92ce60145673b
69097cd01f706d022c2bd9923b718ea2247027d6
cce768cee839e01c304a426f0dbce4298f6024d856d1abe69efe450ac35863b4
GET /player/v/8.29.0/jwpsrv.js HTTP/1.1
Host: ssl.p.jwpcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=900, immutable
last-modified: Mon, 02 Oct 2023 22:03:26 GMT
etag: "3ce929563cdc089513e92ce60145673b"
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 22 Oct 2023 20:09:08 GMT
via: 1.1 varnish
age: 572
x-served-by: cache-bma1683-BMA
x-cache: HIT
x-cache-hits: 349
x-timer: S1698005349.769591,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 19606
X-Firefox-Spdy: h2
ssl.p.jwpcdn.com/player/v/8.29.0/provider.hlsjs.js
200 OK 126 kB URL GET HTTP/2 ssl.p.jwpcdn.com/player/v/8.29.0/provider.hlsjs.js
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGlobalSign nv-sa
Subject*.jwplayer.com
FingerprintAB:15:C6:40:38:53:10:D6:CD:12:E9:B3:27:A9:9A:A9:79:8D:B2:9A
ValidityWed, 30 Aug 2023 18:09:48 GMT - Mon, 30 Sep 2024 18:09:47 GMT
File type ASCII text, with very long lines (65143)
Size 126 kB (126154 bytes)
Hash 8c1d575c2d94e44fc03052842279a635
570011f4ea65ad5fa9970809d2b22bf13e3058c6
0d76cb17b3bd9640de472967669e9fd1fc906ff36dad542c4ba7fbda863dd0e8
GET /player/v/8.29.0/provider.hlsjs.js HTTP/1.1
Host: ssl.p.jwpcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=31536000, immutable
last-modified: Mon, 02 Oct 2023 22:03:21 GMT
etag: "8c1d575c2d94e44fc03052842279a635"
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 22 Oct 2023 20:09:08 GMT
via: 1.1 varnish
age: 1638359
x-served-by: cache-bma1683-BMA
x-cache: HIT
x-cache-hits: 125571
x-timer: S1698005349.769334,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 126154
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-KQ50CSGZB5&l=dataLayer&cx=c
200 OK 81 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-KQ50CSGZB5&l=dataLayer&cx=c
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89
ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT
File type ASCII text, with very long lines (5788)
Hash cc0e395a7f17fde8f1c12c38dd3e9f87
8a9d41683e3a33d8ea7707fba6a6128e050b92bb
d05f7e381688944ad7b25e3cc6c6a25fd7f20c6475ac292d98388bb018813e4d
GET /gtag/js?id=G-KQ50CSGZB5&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 22 Oct 2023 20:09:08 GMT
expires: Sun, 22 Oct 2023 20:09:08 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81228
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.googletagmanager.com/gtag/js?id=G-F4GVHT6GPJ&l=dataLayer&cx=c
200 OK 90 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-F4GVHT6GPJ&l=dataLayer&cx=c
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89
ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT
File type ASCII text, with very long lines (5788)
Hash f7fdb5bfab78904df69b607602a79e10
b6fddfcedc8b87ad5aecca6a409f270275dbab73
9110178ffea649cb7c9dd6faa7410aaa6ce648142bc02d47f570589e67360ac3
GET /gtag/js?id=G-F4GVHT6GPJ&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 22 Oct 2023 20:09:08 GMT
expires: Sun, 22 Oct 2023 20:09:08 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90173
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ocsp.pki.goog/gts1c3
471 B IP
Hash d62d26bfdc78b03095b3b1ed71acbb77
8b17c7417306c2f5bfce55e5f4ca4cd0efab3284
7f23891dee43724ec01fae6da9ce6e6ea0d4dc3034e4f9a2bf43dd30da1a4646
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/jquery.min.js
200 OK 27 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/jquery.min.js
IP
Requested by https://voodc.com/embed/85899a8f998484938799838595899886869a.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65447)
Hash e6c2415c0ace414e5153670314ce99a9
5a9eeac34d86e92e5660e0f4f87204f1ed0c8ff6
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
GET /ajax/libs/jquery/3.7.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://voodc.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 22 Oct 2023 20:09:09 GMT
content-type: application/javascript; charset=utf-8
content-length: 27437
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64c93eb8-6b2d"
last-modified: Tue, 01 Aug 2023 17:19:52 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 6924272
expires: Fri, 11 Oct 2024 20:09:09 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2N%2BznlhysEVgCUzKTaVIYWNGI5cMFc0%2FDa5rKdgG%2FDgcWie8QCaWJlRmZ4%2BSmpzIErIP5M%2FDxbUlVAmotMXCfI8Jufy%2BBExcufWIwf5iOmUH2AHKJrSFSlY%2BMwNqgZo66zV9rdOH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 81a46057d9f7b4f1-OSL
alt-svc: h3=":443"; ma=86400
deeperhundredpassion.com/c8/5d/0d/c85d0daf87842044d502962676be3222.js
200 OK 14 kB URL GET HTTP/1.1 deeperhundredpassion.com/c8/5d/0d/c85d0daf87842044d502962676be3222.js
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerLet's Encrypt
Subjectdeeperhundredpassion.com
Fingerprint92:20:28:1C:72:CF:24:69:2F:06:B3:44:B0:0E:C1:0E:FD:EE:00:6B
ValiditySat, 16 Sep 2023 15:19:56 GMT - Fri, 15 Dec 2023 15:19:55 GMT
File type ASCII text, with very long lines (40567), with no line terminators
Hash d12ed22e303c0d07247e2a4d4b3fa2d9
1747d7e2477f2b4b9cb72641f765ab20ebdc64e2
43a3472915ef90787009a906e22ebe1e0e7907ed595b7ada562751b3d6ea5d4f
GET /c8/5d/0d/c85d0daf87842044d502962676be3222.js HTTP/1.1
Host: deeperhundredpassion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 22 Oct 2023 20:09:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9a06501300402b9a885e633057236625
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
deeperhundredpassion.com/cc/f4/d0/ccf4d0ab5e3f26b60014d07829c8427c.js
200 OK 18 kB URL GET HTTP/1.1 deeperhundredpassion.com/cc/f4/d0/ccf4d0ab5e3f26b60014d07829c8427c.js
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerLet's Encrypt
Subjectdeeperhundredpassion.com
Fingerprint92:20:28:1C:72:CF:24:69:2F:06:B3:44:B0:0E:C1:0E:FD:EE:00:6B
ValiditySat, 16 Sep 2023 15:19:56 GMT - Fri, 15 Dec 2023 15:19:55 GMT
File type ASCII text, with very long lines (43211), with no line terminators
Hash e4fe46955e73ca0be3b83caa48d9b5a8
abf3ebca0817b992a49b759fc46d8d4b5bd47893
228b3382463b6bf6a32459a2db2bdf58feee9a1a54ba06a2ba6c1077933037c4
GET /cc/f4/d0/ccf4d0ab5e3f26b60014d07829c8427c.js HTTP/1.1
Host: deeperhundredpassion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 22 Oct 2023 20:09:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-2814-3-layer=0; expires=Thu, 26 Oct 2023 20:09:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4fed3f9ea16f80d090041db644768723
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.r2m03.amazontrust.com/
471 B URL ocsp.r2m03.amazontrust.com/
IP
Hash ed2e24057f1333d118418b86288bf5c0
a569a908e714e5609438d5eae0553e60ae3fe342
1c562f3476b94ff38282c60a24cbd0cc3276048ae02fce4047e923dd7d76db6d
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sun, 22 Oct 2023 20:09:09 GMT
Last-Modified: Sun, 22 Oct 2023 18:55:41 GMT
Server: ECAcc (ska/F7AF)
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: WodplpXmnXx1t9TcRaN4jPVmj3VE2Hq-mb0W3dNpe5F3PDrqyb4L7w==
Age: 4408
ocsp.r2m03.amazontrust.com/
471 B URL ocsp.r2m03.amazontrust.com/
IP
Hash ed2e24057f1333d118418b86288bf5c0
a569a908e714e5609438d5eae0553e60ae3fe342
1c562f3476b94ff38282c60a24cbd0cc3276048ae02fce4047e923dd7d76db6d
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sun, 22 Oct 2023 20:09:09 GMT
Last-Modified: Sun, 22 Oct 2023 18:55:42 GMT
Server: ECAcc (ska/F78F)
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: fN7JEH0_bwIoE40mB49IzLmUpMnu8AiAKXQE6A0zlvNJ-VqiygIJEQ==
Age: 4408
professionalswebcheck.com/stats
200 OK 40 B URL GET HTTP/2 professionalswebcheck.com/stats
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash c5fe98fce15cb7c4fea9cbdd68cf493d
a6f8fdaa3b170dbc4d63615c00184390dba770d2
25d2a83eaf95409aa9ff517feabc4d6855ccb76f27bcfe01cd3d99671c2df1b6
GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.deatusa.com
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.deatusa.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=b5b413a1-b6bd-466a-9ab4-cb579780c37f:1:1; expires=Wed, 19 Oct 2033 20:09:09 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
professionalswebcheck.com/stats
200 OK 40 B URL GET HTTP/2 professionalswebcheck.com/stats
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 7314f1d9e672cbaa54c0fe60911cee88
be8a658863d3a72a1c56b7890850bec8504cba1b
5b307449fd8035eeae2eca31f8b487099c506c217d268b70729494c3f212f560
GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.deatusa.com
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.deatusa.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=23691106-994c-4323-af4b-7fd3de86cd6f:3:1; expires=Wed, 19 Oct 2033 20:09:09 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
471 B IP
Hash fa55b458b70439715adb6056193091f3
aa0da8b9242445d50d16669a5d4474a83966a479
0e01c30bf09e08fc4f9c71f2c97352e99520d60980b278cf634da49e8d2c8588
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
471 B IP
Hash fa55b458b70439715adb6056193091f3
aa0da8b9242445d50d16669a5d4474a83966a479
0e01c30bf09e08fc4f9c71f2c97352e99520d60980b278cf634da49e8d2c8588
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
voodc.com/embed/85899a8f998484938799838595899886869a.html
200 OK 2.7 kB URL GET HTTP/2 voodc.com/embed/85899a8f998484938799838595899886869a.html
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subjectvoodc.com
Fingerprint45:E5:93:C6:9D:8A:E6:3B:CB:13:8B:61:08:72:65:59:D9:F3:78:8F
ValidityTue, 19 Sep 2023 22:32:33 GMT - Mon, 18 Dec 2023 22:32:32 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ba92e5faf22f40e6f92a5400d856a8eb
c0ab13a127b54848a1a64efb7ab0f342d062951d
e4954bbe5dd321bc41377d5d93462d8944cddd41690dd742e78402ef17455de0
GET /embed/85899a8f998484938799838595899886869a.html HTTP/1.1
Host: voodc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:08 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.0.27
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-xss-protection: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eUx%2BToo1fP74OQvgFS3439eiHgE5QyrfYtaQFrGQ91T0Cv%2FoLkPWZmVOrsuBxSmwiTWMNKwTzsbj3cnzbs1RkRXDkSDhCuMyOql3%2F8LNJVY9JJONv%2F8UwmEr2y8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81a460538d72b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
4.bp.blogspot.com/-eALXtf-Ljts/WrQYAbzcPUI/AAAAAAAABjY/vptx-N2H46oFbiCqbSe2JgVSlHhyl0MwQCK4BGAYYCw/w108-h72-p-k-no-nu/nth-ify.png
200 OK 858 B URL GET HTTP/2 4.bp.blogspot.com/-eALXtf-Ljts/WrQYAbzcPUI/AAAAAAAABjY/vptx-N2H46oFbiCqbSe2JgVSlHhyl0MwQCK4BGAYYCw/w108-h72-p-k-no-nu/nth-ify.png
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
Fingerprint7E:F7:94:DE:9C:42:10:E9:37:2B:CC:C1:49:E0:23:64:26:27:99:5D
ValidityThu, 28 Sep 2023 05:31:33 GMT - Thu, 21 Dec 2023 05:31:32 GMT
File type PNG image data, 108 x 72, 8-bit/color RGB, non-interlaced\012- data
Hash fff880a26583d47d059f453c43be5432
693a3b06b7c512cb3761a09c5acf8359c9ed93b6
78b93b31063c4d239c9139bd0ad0e3ef7a700c12ba47e9fe60db64f373c4aae2
GET /-eALXtf-Ljts/WrQYAbzcPUI/AAAAAAAABjY/vptx-N2H46oFbiCqbSe2JgVSlHhyl0MwQCK4BGAYYCw/w108-h72-p-k-no-nu/nth-ify.png HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="nth-ify.png"
x-content-type-options: nosniff
server: fife
content-length: 858
x-xss-protection: 0
date: Sun, 22 Oct 2023 18:52:46 GMT
expires: Mon, 23 Oct 2023 18:52:46 GMT
cache-control: public, max-age=86400, no-transform
age: 4583
etag: "v638"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
471 B IP
Hash fa55b458b70439715adb6056193091f3
aa0da8b9242445d50d16669a5d4474a83966a479
0e01c30bf09e08fc4f9c71f2c97352e99520d60980b278cf634da49e8d2c8588
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
banquetunarmedgrater.com/advertisers.js
200 OK 0 B URL GET HTTP/2 banquetunarmedgrater.com/advertisers.js
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subjectbanquetunarmedgrater.com
Fingerprint77:2B:76:51:D0:51:70:02:2E:BF:B7:9B:02:8B:5A:A4:91:FA:0B:9E
ValidityMon, 11 Sep 2023 08:34:11 GMT - Sun, 10 Dec 2023 08:34:10 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:10 GMT
content-type: application/javascript
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=172800
x-request-id: a4c157d22b47dcdc0aa6cc284798be33
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 22 Oct 2023 20:09:10 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L94I1%2B5k%2BXCWkiL%2FvQXfLk3EMB9ilB6ZSqcvmoRjdOyAycNJb0e%2BCePG782fvZjdJhXa8GFyvjGMfjHABtmJ0FzmF6sZHKibTXRF1ZpyOAe3Mx2Cztj4LW9zqHLjIpehbue%2FmKV%2BFKToifs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a4605e9ff35690-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cuttingdemeanoursuperintend.com/pixel/purst?dl=0&th=0&sc=0&rs=2795&rd=2795&fd=1881&bv=23.10.v.1&tmpl=70
200 OK 0 B URL GET HTTP/1.1 cuttingdemeanoursuperintend.com/pixel/purst?dl=0&th=0&sc=0&rs=2795&rd=2795&fd=1881&bv=23.10.v.1&tmpl=70
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerLet's Encrypt
Subjectcuttingdemeanoursuperintend.com
FingerprintB0:ED:AB:27:8A:BB:17:5C:C2:53:C3:A6:76:9B:CD:C1:34:7C:72:55
ValidityWed, 27 Sep 2023 00:54:00 GMT - Tue, 26 Dec 2023 00:53:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2795&rd=2795&fd=1881&bv=23.10.v.1&tmpl=70 HTTP/1.1
Host: cuttingdemeanoursuperintend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 22 Oct 2023 20:09:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
472 B IP
Hash 02754940f7c1398e31406fc4d4af4ae1
3fcadda9a80fbb1078a8fb62c0dc26a8623a2ce2
839efa034f2cd6caa9263e830f0ee63a50f253c27feda432df49df9ad2ca88b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 02754940f7c1398e31406fc4d4af4ae1
3fcadda9a80fbb1078a8fb62c0dc26a8623a2ce2
839efa034f2cd6caa9263e830f0ee63a50f253c27feda432df49df9ad2ca88b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/dyn-css/authorization.css?targetBlogID=4697489808513190629&zx=4a524d9d-441d-4374-babf-5700793704e4
200 OK 21 B URL GET HTTP/3 www.blogger.com/dyn-css/authorization.css?targetBlogID=4697489808513190629&zx=4a524d9d-441d-4374-babf-5700793704e4
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subject*.blogger.com
Fingerprint22:E0:95:88:AE:09:30:46:B5:F5:FB:91:76:99:8C:EF:9C:5D:0B:50
ValidityThu, 28 Sep 2023 05:25:59 GMT - Thu, 21 Dec 2023 05:25:58 GMT
File type very short file (no magic)
Hash 68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
GET /dyn-css/authorization.css?targetBlogID=4697489808513190629&zx=4a524d9d-441d-4374-babf-5700793704e4 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 22 Oct 2023 20:09:10 GMT
last-modified: Sun, 22 Oct 2023 20:09:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.deatusa.com/favicon.ico
200 OK 412 B URL GET HTTP/2 www.deatusa.com/favicon.ico
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subjectwww.deatusa.com
Fingerprint06:33:9E:EC:8E:15:57:67:91:8D:7E:B4:F1:AD:A7:B2:F0:A9:60:66
ValidityTue, 03 Oct 2023 11:15:07 GMT - Mon, 01 Jan 2024 12:02:38 GMT
File type MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel\012- data
Hash 59a0c7b6e4848ccdabcea0636efda02b
30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340
a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f
GET /favicon.ico HTTP/1.1
Host: www.deatusa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Cookie: _ga_F4GVHT6GPJ=GS1.1.1698005349.1.0.1698005349.0.0.0; _ga=GA1.1.58780730.1698005349; _ga_KQ50CSGZB5=GS1.1.1698005349.1.0.1698005349.0.0.0; dom3ic8zudi28v8lr6fgphwffqoz0j6c=23691106-994c-4323-af4b-7fd3de86cd6f%3A3%3A1; ppu_main_ccf4d0ab5e3f26b60014d07829c8427c=1; sb_main_c85d0daf87842044d502962676be3222=1; sb_count_c85d0daf87842044d502962676be3222=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon; charset=UTF-8
expires: Sun, 22 Oct 2023 20:09:10 GMT
date: Sun, 22 Oct 2023 20:09:10 GMT
cache-control: private, max-age=86400
last-modified: Sun, 22 Oct 2023 19:57:14 GMT
etag: W/"257d6c4bd155e3745cddd37703fd5c93dc7fc70e5ce3ffd6a2c4bac5bfdd4c08"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvaBscu_pL1reGpSqWq_K9TGiKWIUlXvlPhbmlU2ku5HQF2KLTmi_eLJD6y55u_JuyKfK_jxMZsWMRK3lx8BwC8a_BXEx5GfSRCXDmip9KxQEvRvw68IbGqvc9o-qyKpe1PYfW09CpzAtw8B7m5t7V0WK576RGUhLDwp7-Zjf3IDePbkJsa4N5knrdRgut/s320/IMG_4203.jpeg
200 OK 20 kB URL GET HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvaBscu_pL1reGpSqWq_K9TGiKWIUlXvlPhbmlU2ku5HQF2KLTmi_eLJD6y55u_JuyKfK_jxMZsWMRK3lx8BwC8a_BXEx5GfSRCXDmip9KxQEvRvw68IbGqvc9o-qyKpe1PYfW09CpzAtw8B7m5t7V0WK576RGUhLDwp7-Zjf3IDePbkJsa4N5knrdRgut/s320/IMG_4203.jpeg
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintDA:D8:5E:BA:1B:2A:A0:28:30:87:96:D5:85:D1:6B:DC:48:BA:1E:C1
ValidityThu, 28 Sep 2023 05:31:43 GMT - Thu, 21 Dec 2023 05:31:42 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x180, components 3\012- data
Hash c45efefe80b3b23b87a46d3ec9d0e325
1dd409e4d93061664844d1c791f9a45db16bd217
8d6d67e0069bada2b8dd4ef0bf04d67fc1db19f52ed9c4f89d086736674d4e16
GET /img/b/R29vZ2xl/AVvXsEgvaBscu_pL1reGpSqWq_K9TGiKWIUlXvlPhbmlU2ku5HQF2KLTmi_eLJD6y55u_JuyKfK_jxMZsWMRK3lx8BwC8a_BXEx5GfSRCXDmip9KxQEvRvw68IbGqvc9o-qyKpe1PYfW09CpzAtw8B7m5t7V0WK576RGUhLDwp7-Zjf3IDePbkJsa4N5knrdRgut/s320/IMG_4203.jpeg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v3537"
expires: Mon, 23 Oct 2023 20:09:10 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="IMG_4203.jpeg"
x-content-type-options: nosniff
date: Sun, 22 Oct 2023 20:09:10 GMT
server: fife
content-length: 20549
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash 02754940f7c1398e31406fc4d4af4ae1
3fcadda9a80fbb1078a8fb62c0dc26a8623a2ce2
839efa034f2cd6caa9263e830f0ee63a50f253c27feda432df49df9ad2ca88b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-OPhPRdHyyA0qOLJ8qAMoofjZ_6hzzu73n8ZD-SKQC5WaW78mfH1ISsPCn-w-Mr7-7buoD7BdAmbyg7KTfVNEOJ2J-34JxNp3mHla_ccifRZlKZ2o3OvZTf0WLeiY0ATwU2Ep_vZCNghXbEUiiWu8hF8yH2fJS9K7jLaHWORQS3pdw_tXxPHFydcoEm7a/w108-h72-p-k-no-nu/IMG_3826.jpeg
200 OK 4.5 kB URL GET HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-OPhPRdHyyA0qOLJ8qAMoofjZ_6hzzu73n8ZD-SKQC5WaW78mfH1ISsPCn-w-Mr7-7buoD7BdAmbyg7KTfVNEOJ2J-34JxNp3mHla_ccifRZlKZ2o3OvZTf0WLeiY0ATwU2Ep_vZCNghXbEUiiWu8hF8yH2fJS9K7jLaHWORQS3pdw_tXxPHFydcoEm7a/w108-h72-p-k-no-nu/IMG_3826.jpeg
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintDA:D8:5E:BA:1B:2A:A0:28:30:87:96:D5:85:D1:6B:DC:48:BA:1E:C1
ValidityThu, 28 Sep 2023 05:31:43 GMT - Thu, 21 Dec 2023 05:31:42 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 108x72, components 3\012- data
Hash 0ae72342e156f09248c735cf05f86712
a5c2b9a92891832add269b56d421b97b9a05ddd9
e197ef859fd666517ba289114434c5e389402f76fe2b163b0f768cb0c2e3a224
GET /img/b/R29vZ2xl/AVvXsEh-OPhPRdHyyA0qOLJ8qAMoofjZ_6hzzu73n8ZD-SKQC5WaW78mfH1ISsPCn-w-Mr7-7buoD7BdAmbyg7KTfVNEOJ2J-34JxNp3mHla_ccifRZlKZ2o3OvZTf0WLeiY0ATwU2Ep_vZCNghXbEUiiWu8hF8yH2fJS9K7jLaHWORQS3pdw_tXxPHFydcoEm7a/w108-h72-p-k-no-nu/IMG_3826.jpeg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v3453"
expires: Mon, 23 Oct 2023 20:09:11 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="IMG_3826.jpeg"
x-content-type-options: nosniff
date: Sun, 22 Oct 2023 20:09:11 GMT
server: fife
content-length: 4494
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
trustworthyturnstileboyfriend.com/sbar.json?key=c85d0daf87842044d502962676be3222&uuid=b5b413a1-b6bd-466a-9ab4-cb579780c37f%3A1%3A1
200 OK 2.8 kB URL GET HTTP/1.1 trustworthyturnstileboyfriend.com/sbar.json?key=c85d0daf87842044d502962676be3222&uuid=b5b413a1-b6bd-466a-9ab4-cb579780c37f%3A1%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerLet's Encrypt
Subjecttrustworthyturnstileboyfriend.com
FingerprintFB:9B:6B:AB:A9:A1:C8:09:CA:05:5D:D9:B9:1E:7A:7A:3B:86:B8:0D
ValidityMon, 25 Sep 2023 09:05:42 GMT - Sun, 24 Dec 2023 09:05:41 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6572), with no line terminators
Hash f886b56528e43a5e6fcaf50c6a7a3401
7631bc491b20c91b1bf5ab6e1e5a1e07da80e596
4fe71272cc31beebabe27946f5eb49d411c127c9700ba1f0d7dd209d902732d3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sbar.json?key=c85d0daf87842044d502962676be3222&uuid=b5b413a1-b6bd-466a-9ab4-cb579780c37f%3A1%3A1 HTTP/1.1
Host: trustworthyturnstileboyfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.deatusa.com
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Oct 2023 20:09:11 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.deatusa.com
Access-Control-Allow-Origin: https://www.deatusa.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17615035; expires=Mon, 23 Oct 2023 20:09:11 GMT; secure; SameSite=None
uid_id2=b5b413a1-b6bd-466a-9ab4-cb579780c37f:1:1; expires=Sun, 29 Oct 2023 20:09:11 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 23 Oct 2023 20:09:11 GMT; secure; SameSite=None
uncs=1; expires=Mon, 23 Oct 2023 20:09:11 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 23 Oct 2023 20:09:11 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 23 Oct 2023 20:09:11 GMT; secure; SameSite=None
slecc85d0daf87842044d502962676be3222=[4663322]; expires=Sun, 22 Oct 2023 20:09:16 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c51763ae0094b09fafeb8689c1bbe41c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
trustworthyturnstileboyfriend.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscRRytjnsIag5GL0oCc%2FAjgjPb3dPzZQ7RGDcE1yQkiuJF66tny63paqr6Y7KnmIAEvGz%2Bg9432QR1CfEsfjCrEFgQMnqZg3sQPHgTArmIKDO7uPiD4vereu%2Fwfu%2FVpxv5LvGR0%2BnS22ZNaU0XWw2%2FduL9IDhZW1ZJPqwNu%2B0P29HJmi1eDfxew3%2B5dlbyVbMY%2BoHvB35QW1JWxma4GARBw4dKt3pBo%2Bc3orARtCIM7f%2FvLvfgqAdR7JKjUGLy%2BNbdCIqPkQzunZFuNTPpK28Ock0zY1GIO%2B8mq4kpEwwOxth6iJM7%2B2wY92DpW5hkcy4YpviPyNSEeL%2F%2FBpbc2VcJVmzuCWUaMgETT6AsxpB6DEXH4OY6lHhAAC5w%2FgKSwe3zxpb0yh5KZ%2BiELDx6CFVOyMKvzyAZ3D2t1bB22eg8UyZxGMYV1HAM1R8jzbeRrR2CKrfBs2tQ4iey%2BGgZyeDWBacNlJg%2Bz1osCpo0qLM2E%2FWo3ab1HmVRnbNWp9fp%2BrzZiecOKTWGisfQch3UechnR3nIYw956mEgprUOj7pd0W0JKjkPWRx04yiOepT7MfebvRA5n%2B2wjixdB9fr4PYqUnsVq%2Brmg9ZR2Px7uJUKTnhwGUEhKpSSoHQEJSUoFUGZEZRFtSm0C111W2iXs2C%2Fh%2Fu9WY1M1t%2Bgmybry4RspLvkqZl33pP3v8aqnNZ4tyV8QeNupxuFfhSJlh%2F22mG702ayGYYhnKqg3KH5pmtqQo7%2FNUWqJuTw09fA6Dac3gZXx0Dz46DlqBP6oCujqOtjLZm%2BEOcZM7ouk3qhClNfEfW%2BpZlyDaZN36Uma3AzgDAV0mwB2RVvQ%2B%2BSZ%2Bfpnj3xHCTfec27uWLv1X4EtxVSW%2BFj9QNBX98YXTIluXXJlI58dSHN1ECt0VnylzOayYUv3pJXSmPFuTNu%2FfPX%2BQyYjVvvSJct00SopO%2FIl6eVENIuGcsl%2Beace0%2Byi7lbOZ3bJE%2BXL76xdG6QWumcMskYVE0IGT0EVxNy5LOP5r%2F6pfgIlB3D5hUG%2BQ7ZLyizDZ5ehUt3Tv0jPji2dTiAMwRWH3BY6qHMq5EN2cGjVhMSPrwMLXdO3Q9e%2FGP4y9%2BgrIKTB0YwufPdn3v8DXcDfeuBZteRDCoUtkKhK1C9Dpc%2FNspSu3Pq5%2Ba8wLQ3Ytp6t5i2%2BuaewU5Na7Ij271e5Ecd4fssEmEYtCSnzYj2aBjGHWRuIluf9P8FAAD%2F%2FwEAAP%2F%2Ff6PleqYEAAA%3D
200 OK 7 B URL GET HTTP/1.1 trustworthyturnstileboyfriend.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscRRytjnsIag5GL0oCc%2FAjgjPb3dPzZQ7RGDcE1yQkiuJF66tny63paqr6Y7KnmIAEvGz%2Bg9432QR1CfEsfjCrEFgQMnqZg3sQPHgTArmIKDO7uPiD4vereu%2Fwfu%2FVpxv5LvGR0%2BnS22ZNaU0XWw2%2FduL9IDhZW1ZJPqwNu%2B0P29HJmi1eDfxew3%2B5dlbyVbMY%2BoHvB35QW1JWxma4GARBw4dKt3pBo%2Bc3orARtCIM7f%2FvLvfgqAdR7JKjUGLy%2BNbdCIqPkQzunZFuNTPpK28Ock0zY1GIO%2B8mq4kpEwwOxth6iJM7%2B2wY92DpW5hkcy4YpviPyNSEeL%2F%2FBpbc2VcJVmzuCWUaMgETT6AsxpB6DEXH4OY6lHhAAC5w%2FgKSwe3zxpb0yh5KZ%2BiELDx6CFVOyMKvzyAZ3D2t1bB22eg8UyZxGMYV1HAM1R8jzbeRrR2CKrfBs2tQ4iey%2BGgZyeDWBacNlJg%2Bz1osCpo0qLM2E%2FWo3ab1HmVRnbNWp9fp%2BrzZiecOKTWGisfQch3UechnR3nIYw956mEgprUOj7pd0W0JKjkPWRx04yiOepT7MfebvRA5n%2B2wjixdB9fr4PYqUnsVq%2Brmg9ZR2Px7uJUKTnhwGUEhKpSSoHQEJSUoFUGZEZRFtSm0C111W2iXs2C%2Fh%2Fu9WY1M1t%2Bgmybry4RspLvkqZl33pP3v8aqnNZ4tyV8QeNupxuFfhSJlh%2F22mG702ayGYYhnKqg3KH5pmtqQo7%2FNUWqJuTw09fA6Dac3gZXx0Dz46DlqBP6oCujqOtjLZm%2BEOcZM7ouk3qhClNfEfW%2BpZlyDaZN36Uma3AzgDAV0mwB2RVvQ%2B%2BSZ%2Bfpnj3xHCTfec27uWLv1X4EtxVSW%2BFj9QNBX98YXTIluXXJlI58dSHN1ECt0VnylzOayYUv3pJXSmPFuTNu%2FfPX%2BQyYjVvvSJct00SopO%2FIl6eVENIuGcsl%2Beace0%2Byi7lbOZ3bJE%2BXL76xdG6QWumcMskYVE0IGT0EVxNy5LOP5r%2F6pfgIlB3D5hUG%2BQ7ZLyizDZ5ehUt3Tv0jPji2dTiAMwRWH3BY6qHMq5EN2cGjVhMSPrwMLXdO3Q9e%2FGP4y9%2BgrIKTB0YwufPdn3v8DXcDfeuBZteRDCoUtkKhK1C9Dpc%2FNspSu3Pq5%2Ba8wLQ3Ytp6t5i2%2BuaewU5Na7Ij271e5Ecd4fssEmEYtCSnzYj2aBjGHWRuIluf9P8FAAD%2F%2FwEAAP%2F%2Ff6PleqYEAAA%3D
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerLet's Encrypt
Subjecttrustworthyturnstileboyfriend.com
FingerprintFB:9B:6B:AB:A9:A1:C8:09:CA:05:5D:D9:B9:1E:7A:7A:3B:86:B8:0D
ValidityMon, 25 Sep 2023 09:05:42 GMT - Sun, 24 Dec 2023 09:05:41 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscRRytjnsIag5GL0oCc%2FAjgjPb3dPzZQ7RGDcE1yQkiuJF66tny63paqr6Y7KnmIAEvGz%2Bg9432QR1CfEsfjCrEFgQMnqZg3sQPHgTArmIKDO7uPiD4vereu%2Fwfu%2FVpxv5LvGR0%2BnS22ZNaU0XWw2%2FduL9IDhZW1ZJPqwNu%2B0P29HJmi1eDfxew3%2B5dlbyVbMY%2BoHvB35QW1JWxma4GARBw4dKt3pBo%2Bc3orARtCIM7f%2FvLvfgqAdR7JKjUGLy%2BNbdCIqPkQzunZFuNTPpK28Ock0zY1GIO%2B8mq4kpEwwOxth6iJM7%2B2wY92DpW5hkcy4YpviPyNSEeL%2F%2FBpbc2VcJVmzuCWUaMgETT6AsxpB6DEXH4OY6lHhAAC5w%2FgKSwe3zxpb0yh5KZ%2BiELDx6CFVOyMKvzyAZ3D2t1bB22eg8UyZxGMYV1HAM1R8jzbeRrR2CKrfBs2tQ4iey%2BGgZyeDWBacNlJg%2Bz1osCpo0qLM2E%2FWo3ab1HmVRnbNWp9fp%2BrzZiecOKTWGisfQch3UechnR3nIYw956mEgprUOj7pd0W0JKjkPWRx04yiOepT7MfebvRA5n%2B2wjixdB9fr4PYqUnsVq%2Brmg9ZR2Px7uJUKTnhwGUEhKpSSoHQEJSUoFUGZEZRFtSm0C111W2iXs2C%2Fh%2Fu9WY1M1t%2Bgmybry4RspLvkqZl33pP3v8aqnNZ4tyV8QeNupxuFfhSJlh%2F22mG702ayGYYhnKqg3KH5pmtqQo7%2FNUWqJuTw09fA6Dac3gZXx0Dz46DlqBP6oCujqOtjLZm%2BEOcZM7ouk3qhClNfEfW%2BpZlyDaZN36Uma3AzgDAV0mwB2RVvQ%2B%2BSZ%2Bfpnj3xHCTfec27uWLv1X4EtxVSW%2BFj9QNBX98YXTIluXXJlI58dSHN1ECt0VnylzOayYUv3pJXSmPFuTNu%2FfPX%2BQyYjVvvSJct00SopO%2FIl6eVENIuGcsl%2Beace0%2Byi7lbOZ3bJE%2BXL76xdG6QWumcMskYVE0IGT0EVxNy5LOP5r%2F6pfgIlB3D5hUG%2BQ7ZLyizDZ5ehUt3Tv0jPji2dTiAMwRWH3BY6qHMq5EN2cGjVhMSPrwMLXdO3Q9e%2FGP4y9%2BgrIKTB0YwufPdn3v8DXcDfeuBZteRDCoUtkKhK1C9Dpc%2FNspSu3Pq5%2Ba8wLQ3Ytp6t5i2%2BuaewU5Na7Ij271e5Ecd4fssEmEYtCSnzYj2aBjGHWRuIluf9P8FAAD%2F%2FwEAAP%2F%2Ff6PleqYEAAA%3D HTTP/1.1
Host: trustworthyturnstileboyfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Cookie: u_pl=17615035; uid_id2=b5b413a1-b6bd-466a-9ab4-cb579780c37f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecc85d0daf87842044d502962676be3222=[4663322]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Oct 2023 20:09:11 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5334886e67878d9038d0e7e160d716ef
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png
200 OK 591 B URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash 9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae
GET /sb/ssp/vpn/classic-push/big1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:11 GMT
content-type: image/png
content-length: 591
last-modified: Mon, 21 Feb 2022 10:06:44 GMT
etag: "62136434-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5024270
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jEp8D8h4YWiMsAjbECtOm7pahO%2Bot749Z0F8Ob8IebRloD0p4EDJxiUTWTSlNPiyWdQ9ADRT58sAxddAQ9RIb0fjGSHMVqN4TeEgxNBgCjFW6KhGhOxx%2FUkP65LLGV5Aa3SriIv0xkOq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a460693a11731e-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash a6c3f88afc668807113b9548a21e9919
61be67550851957676e6086ee66e2c042cb279f7
d1c259a69c7bdd21b31a891ea65e92a0f0644150b7f10079c5a16fc5a0410636
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js
200 OK 31 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type ASCII text, with very long lines (32025)
Hash 4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
GET /sb/ssp/vpn/classic-push/big1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:11 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 21471431
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UOjV7V8YLrn6OuppqAD7%2B57zmvCBx%2BMK7sUMAdHPPFlgsP5zUB45GvyxL4tQWbYfVsSgElhvZlexQRkyCgrRQllOUx0HikUXr%2BckmrkWkyEAN2bCHBR%2BL4BzPTyuJmvbYBlkZQ%2B2VoA7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a460694a18731e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash a6c3f88afc668807113b9548a21e9919
61be67550851957676e6086ee66e2c042cb279f7
d1c259a69c7bdd21b31a891ea65e92a0f0644150b7f10079c5a16fc5a0410636
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.cloudimagesb.com/si/d2/37/65/d23765ffe89ea2849f1cc1ac5370c439/1697199722.png
200 OK 36 kB URL GET HTTP/2 cdn.cloudimagesb.com/si/d2/37/65/d23765ffe89ea2849f1cc1ac5370c439/1697199722.png
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint62:DE:BA:BA:30:E9:EE:15:E9:24:B9:C5:BF:E1:7E:39:8B:20:E5:42
ValiditySun, 24 Sep 2023 23:04:02 GMT - Sat, 23 Dec 2023 23:04:01 GMT
File type PNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 393c8e39211e41c25bb34edc1bce3d22
b0970d5bd74d77e040736ec9a69e6d2e721aee21
1b803a9cc659ab634aca26cfd069bafe7b62fe395e9927233fff30c598312743
GET /si/d2/37/65/d23765ffe89ea2849f1cc1ac5370c439/1697199722.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:12 GMT
content-type: image/png
content-length: 36072
server: nginx/1.21.6
last-modified: Fri, 13 Oct 2023 12:22:10 GMT
etag: "65293672-8ce8"
expires: Tue, 24 Oct 2023 20:09:12 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html
200 OK 12 kB URL GET HTTP/2 cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintCB:0F:87:85:B0:83:8B:5C:86:E5:81:91:9D:F5:ED:C4:A2:B6:B1:BE
ValidityTue, 12 Sep 2023 01:01:21 GMT - Mon, 11 Dec 2023 01:01:20 GMT
File type gzip compressed data, from Unix\012- data
Hash f09ea9fc7db4c5f3b75f72ceca816a68
d1191fe3e4055785a6ffff347ab498b496c31fc1
16d3e61a51a2880c5d52660ff2df8eb10b3d67170d06b2206cb9f4fe3b03a149
GET /sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.deatusa.com
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:11 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Tue, 29 Mar 2022 08:27:10 GMT
etag: W/"6242c2de-602"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 22 Oct 2023 21:09:11 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
trustworthyturnstileboyfriend.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fcss%2Fstyle.css&l=4168&fd=388
200 OK 0 B URL GET HTTP/1.1 trustworthyturnstileboyfriend.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fcss%2Fstyle.css&l=4168&fd=388
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerLet's Encrypt
Subjecttrustworthyturnstileboyfriend.com
FingerprintFB:9B:6B:AB:A9:A1:C8:09:CA:05:5D:D9:B9:1E:7A:7A:3B:86:B8:0D
ValidityMon, 25 Sep 2023 09:05:42 GMT - Sun, 24 Dec 2023 09:05:41 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fcss%2Fstyle.css&l=4168&fd=388 HTTP/1.1
Host: trustworthyturnstileboyfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Cookie: u_pl=17615035; uid_id2=b5b413a1-b6bd-466a-9ab4-cb579780c37f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecc85d0daf87842044d502962676be3222=[4663322]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Oct 2023 20:09:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/style.css
200 OK 1.0 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/style.css
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
Hash aae84ccade4cab86c1afdf4c4532762a
b08de856858a730e980fb2a0ca2f0e1442c03d46
6e45c9c8dba52c75144c153e63a04d055f15e5f39897ab3f2413154c9cf2e91f
GET /sb/ssp/vpn/classic-push/big1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.deatusa.com
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:12 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:59:09 GMT
etag: W/"6213707d-1048"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bntAtxj5naWhY94G0zRUN7hXhZc5Bvf5WX%2BE5X0H1SjNgg11Tdia0PGPrpU%2F%2FZouNH%2FhXIN2uxYFKs8AwtZXzKiBDSUaJpM5P7jFMfqfcQ%2B0Z2KE%2F8H3bLvJcEkhS2OUrophLlJAjZg7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a4606909f6731e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
trustworthyturnstileboyfriend.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fcss%2Fanimate.css&l=79249&fd=391
200 OK 0 B URL GET HTTP/1.1 trustworthyturnstileboyfriend.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fcss%2Fanimate.css&l=79249&fd=391
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerLet's Encrypt
Subjecttrustworthyturnstileboyfriend.com
FingerprintFB:9B:6B:AB:A9:A1:C8:09:CA:05:5D:D9:B9:1E:7A:7A:3B:86:B8:0D
ValidityMon, 25 Sep 2023 09:05:42 GMT - Sun, 24 Dec 2023 09:05:41 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fcss%2Fanimate.css&l=79249&fd=391 HTTP/1.1
Host: trustworthyturnstileboyfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Cookie: u_pl=17615035; uid_id2=b5b413a1-b6bd-466a-9ab4-cb579780c37f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecc85d0daf87842044d502962676be3222=[4663322]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 22 Oct 2023 20:09:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.deatusa.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Oct 2023 10:05:24 GMT
expires: Sat, 19 Oct 2024 10:05:24 GMT
cache-control: public, max-age=31536000
age: 209028
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.deatusa.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Oct 2023 02:00:44 GMT
expires: Sat, 19 Oct 2024 02:00:44 GMT
cache-control: public, max-age=31536000
age: 238108
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
trustworthyturnstileboyfriend.com/pixel/sbs?c=1
200 OK 0 B URL GET HTTP/1.1 trustworthyturnstileboyfriend.com/pixel/sbs?c=1
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerLet's Encrypt
Subjecttrustworthyturnstileboyfriend.com
FingerprintFB:9B:6B:AB:A9:A1:C8:09:CA:05:5D:D9:B9:1E:7A:7A:3B:86:B8:0D
ValidityMon, 25 Sep 2023 09:05:42 GMT - Sun, 24 Dec 2023 09:05:41 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: trustworthyturnstileboyfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Cookie: u_pl=17615035; uid_id2=b5b413a1-b6bd-466a-9ab4-cb579780c37f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecc85d0daf87842044d502962676be3222=[4663322]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 22 Oct 2023 20:09:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
trustworthyturnstileboyfriend.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscRRytjnsIag5GL0oCc%2FAjgjPb3dPzZQ7RGDcE1yQkiuJF66tny63paqr6Y7KnmIAEvGz%2Bg9432QR1CfEsfjCrEFgQMnqZg3sQPHgTArmIKDO7uPiD4vereu%2Fwfu%2FVpxv5LvGR0%2BnS22ZNaU0XWw2%2FduL9IDhZW1ZJPqwNu%2B0P29HJmi1eDfxew3%2B5dlbyVbMY%2BoHvB35QW1JWxma4GARBw4dKt3pBo%2Bc3orARtCIM7f%2FvLvfgqAdR7JKjUGLy%2BNbdCIqPkQzunZFuNTPpK28Ock0zY1GIO%2B8mq4kpEwwOxth6iJM7%2B2wY92DpW5hkcy4YpviPyNSEeL%2F%2FBpbc2VcJVmzuCWUaMgETT6AsxpB6DEXH4OY6lHhAAC5w%2FgKSwe3zxpb0yh5KZ%2BiELDx6CFVOyMKvzyAZ3D2t1bB22eg8UyZxGMYV1HAM1R8jzbeRrR2CKrfBs2tQ4iey%2BGgZyeDWBacNlJg%2Bz1osCpo0qLM2E%2FWo3ab1HmVRnbNWp9fp%2BrzZiecOKTWGisfQch3UechnR3nIYw956mEgprUOj7pd0W0JKjkPWRx04yiOepT7MfebvRA5n%2B2wjixdB9fr4PYqUnsVq%2Brmg9ZR2Px7uJUKTnhwGUEhKpSSoHQEJSUoFUGZEZRFtSm0C111W2iXs2C%2Fh%2Fu9WY1M1t%2Bgmybry4RspLvkqZl33pP3v8aqnNZ4tyV8QeNupxuFfhSJlh%2F22mG702ayGYYhnKqg3KH5pmtqQo7%2FNUWqJuTw09fA6Dac3gZXx0Dz46DlqBP6oCujqOtjLZm%2BEOcZM7ouk3qhClNfEfW%2BpZlyDaZN36Uma3AzgDAV0mwB2RVvQ%2B%2BSZ%2Bfpnj3xHCTfec27uWLv1X4EtxVSW%2BFj9QNBX98YXTIluXXJlI58dSHN1ECt0VnylzOayYUv3pJXSmPFuTNu%2FfPX%2BQyYjVvvSJct00SopO%2FIl6eVENIuGcsl%2Beace0%2Byi7lbOZ3bJE%2BXL76xdG6QWumcMskYVE0IGT0EVxNy5LOP5r%2F6pfgIlB3D5hUG%2BQ7ZLyizDZ5ehUt3Tv0jPji2dTiAMwRWH3BY6qHMq5EN2cGjVhMSPrwMLXdO3Q9e%2FGP4y9%2BgrIKTB0YwufPdn3v8DXcDfeuBZteRDCoUtkKhK1C9Dpc%2FNspSu3Pq5%2Ba8wLQ3Ytp6t5i2%2BuaewU5Na5z7kgasE0gpZKvJedTmXdaOm1FHdluihcxNZOuT%2Fr8AAAD%2F%2FwEAAP%2F%2FgIRNaqYEAAA%3D
200 OK 7 B URL GET HTTP/1.1 trustworthyturnstileboyfriend.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscRRytjnsIag5GL0oCc%2FAjgjPb3dPzZQ7RGDcE1yQkiuJF66tny63paqr6Y7KnmIAEvGz%2Bg9432QR1CfEsfjCrEFgQMnqZg3sQPHgTArmIKDO7uPiD4vereu%2Fwfu%2FVpxv5LvGR0%2BnS22ZNaU0XWw2%2FduL9IDhZW1ZJPqwNu%2B0P29HJmi1eDfxew3%2B5dlbyVbMY%2BoHvB35QW1JWxma4GARBw4dKt3pBo%2Bc3orARtCIM7f%2FvLvfgqAdR7JKjUGLy%2BNbdCIqPkQzunZFuNTPpK28Ock0zY1GIO%2B8mq4kpEwwOxth6iJM7%2B2wY92DpW5hkcy4YpviPyNSEeL%2F%2FBpbc2VcJVmzuCWUaMgETT6AsxpB6DEXH4OY6lHhAAC5w%2FgKSwe3zxpb0yh5KZ%2BiELDx6CFVOyMKvzyAZ3D2t1bB22eg8UyZxGMYV1HAM1R8jzbeRrR2CKrfBs2tQ4iey%2BGgZyeDWBacNlJg%2Bz1osCpo0qLM2E%2FWo3ab1HmVRnbNWp9fp%2BrzZiecOKTWGisfQch3UechnR3nIYw956mEgprUOj7pd0W0JKjkPWRx04yiOepT7MfebvRA5n%2B2wjixdB9fr4PYqUnsVq%2Brmg9ZR2Px7uJUKTnhwGUEhKpSSoHQEJSUoFUGZEZRFtSm0C111W2iXs2C%2Fh%2Fu9WY1M1t%2Bgmybry4RspLvkqZl33pP3v8aqnNZ4tyV8QeNupxuFfhSJlh%2F22mG702ayGYYhnKqg3KH5pmtqQo7%2FNUWqJuTw09fA6Dac3gZXx0Dz46DlqBP6oCujqOtjLZm%2BEOcZM7ouk3qhClNfEfW%2BpZlyDaZN36Uma3AzgDAV0mwB2RVvQ%2B%2BSZ%2Bfpnj3xHCTfec27uWLv1X4EtxVSW%2BFj9QNBX98YXTIluXXJlI58dSHN1ECt0VnylzOayYUv3pJXSmPFuTNu%2FfPX%2BQyYjVvvSJct00SopO%2FIl6eVENIuGcsl%2Beace0%2Byi7lbOZ3bJE%2BXL76xdG6QWumcMskYVE0IGT0EVxNy5LOP5r%2F6pfgIlB3D5hUG%2BQ7ZLyizDZ5ehUt3Tv0jPji2dTiAMwRWH3BY6qHMq5EN2cGjVhMSPrwMLXdO3Q9e%2FGP4y9%2BgrIKTB0YwufPdn3v8DXcDfeuBZteRDCoUtkKhK1C9Dpc%2FNspSu3Pq5%2Ba8wLQ3Ytp6t5i2%2BuaewU5Na5z7kgasE0gpZKvJedTmXdaOm1FHdluihcxNZOuT%2Fr8AAAD%2F%2FwEAAP%2F%2FgIRNaqYEAAA%3D
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerLet's Encrypt
Subjecttrustworthyturnstileboyfriend.com
FingerprintFB:9B:6B:AB:A9:A1:C8:09:CA:05:5D:D9:B9:1E:7A:7A:3B:86:B8:0D
ValidityMon, 25 Sep 2023 09:05:42 GMT - Sun, 24 Dec 2023 09:05:41 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscRRytjnsIag5GL0oCc%2FAjgjPb3dPzZQ7RGDcE1yQkiuJF66tny63paqr6Y7KnmIAEvGz%2Bg9432QR1CfEsfjCrEFgQMnqZg3sQPHgTArmIKDO7uPiD4vereu%2Fwfu%2FVpxv5LvGR0%2BnS22ZNaU0XWw2%2FduL9IDhZW1ZJPqwNu%2B0P29HJmi1eDfxew3%2B5dlbyVbMY%2BoHvB35QW1JWxma4GARBw4dKt3pBo%2Bc3orARtCIM7f%2FvLvfgqAdR7JKjUGLy%2BNbdCIqPkQzunZFuNTPpK28Ock0zY1GIO%2B8mq4kpEwwOxth6iJM7%2B2wY92DpW5hkcy4YpviPyNSEeL%2F%2FBpbc2VcJVmzuCWUaMgETT6AsxpB6DEXH4OY6lHhAAC5w%2FgKSwe3zxpb0yh5KZ%2BiELDx6CFVOyMKvzyAZ3D2t1bB22eg8UyZxGMYV1HAM1R8jzbeRrR2CKrfBs2tQ4iey%2BGgZyeDWBacNlJg%2Bz1osCpo0qLM2E%2FWo3ab1HmVRnbNWp9fp%2BrzZiecOKTWGisfQch3UechnR3nIYw956mEgprUOj7pd0W0JKjkPWRx04yiOepT7MfebvRA5n%2B2wjixdB9fr4PYqUnsVq%2Brmg9ZR2Px7uJUKTnhwGUEhKpSSoHQEJSUoFUGZEZRFtSm0C111W2iXs2C%2Fh%2Fu9WY1M1t%2Bgmybry4RspLvkqZl33pP3v8aqnNZ4tyV8QeNupxuFfhSJlh%2F22mG702ayGYYhnKqg3KH5pmtqQo7%2FNUWqJuTw09fA6Dac3gZXx0Dz46DlqBP6oCujqOtjLZm%2BEOcZM7ouk3qhClNfEfW%2BpZlyDaZN36Uma3AzgDAV0mwB2RVvQ%2B%2BSZ%2Bfpnj3xHCTfec27uWLv1X4EtxVSW%2BFj9QNBX98YXTIluXXJlI58dSHN1ECt0VnylzOayYUv3pJXSmPFuTNu%2FfPX%2BQyYjVvvSJct00SopO%2FIl6eVENIuGcsl%2Beace0%2Byi7lbOZ3bJE%2BXL76xdG6QWumcMskYVE0IGT0EVxNy5LOP5r%2F6pfgIlB3D5hUG%2BQ7ZLyizDZ5ehUt3Tv0jPji2dTiAMwRWH3BY6qHMq5EN2cGjVhMSPrwMLXdO3Q9e%2FGP4y9%2BgrIKTB0YwufPdn3v8DXcDfeuBZteRDCoUtkKhK1C9Dpc%2FNspSu3Pq5%2Ba8wLQ3Ytp6t5i2%2BuaewU5Na5z7kgasE0gpZKvJedTmXdaOm1FHdluihcxNZOuT%2Fr8AAAD%2F%2FwEAAP%2F%2FgIRNaqYEAAA%3D HTTP/1.1
Host: trustworthyturnstileboyfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Cookie: u_pl=17615035; uid_id2=b5b413a1-b6bd-466a-9ab4-cb579780c37f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecc85d0daf87842044d502962676be3222=[4663322]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Oct 2023 20:09:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 921d4d00fd535f65991e14d1abab6831
Strict-Transport-Security: max-age=0; includeSubdomains
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/jquery.min.js
200 OK 27 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/jquery.min.js
IP
Requested by https://voodc.com/embed/85899a8f998484938799838595899886869a.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65447)
Hash e6c2415c0ace414e5153670314ce99a9
5a9eeac34d86e92e5660e0f4f87204f1ed0c8ff6
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
GET /ajax/libs/jquery/3.7.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://voodc.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 22 Oct 2023 20:09:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 27437
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64c93eb8-6b2d"
last-modified: Tue, 01 Aug 2023 17:19:52 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 6924277
expires: Fri, 11 Oct 2024 20:09:14 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3MHjcWQ048tL6mMP1V2nSr%2F7r0IpZ6ngTeqPdl%2BPN%2BGE8A04jaRHkkSyQ3CyZlAkhVJgNudnbwPmSwhcU2ORAwggXJNKNueRIzdpZXGMjpQue%2FjKAhFn05xSM0L2y7KjJgs8Dnbk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 81a4607a6d00b4f1-OSL
alt-svc: h3=":443"; ma=86400
voodc.com/player/d/jYSah52GhJaLtsPNysPVtYiRr5qFjq3A18nL2Y-fs4mVktvKhJGQmZu4xMLYhoOSh5mFg5Kd0sa4x8bhhYSShw__/w8KOiZbLq46Lm4GEl5ChhIOXiZ2EgLen
200 OK 136 kB URL GET HTTP/3 voodc.com/player/d/jYSah52GhJaLtsPNysPVtYiRr5qFjq3A18nL2Y-fs4mVktvKhJGQmZu4xMLYhoOSh5mFg5Kd0sa4x8bhhYSShw__/w8KOiZbLq46Lm4GEl5ChhIOXiZ2EgLen
IP
Requested by https://voodc.com/embed/85899a8f998484938799838595899886869a.html
Certificate IssuerGoogle Trust Services LLC
Subjectvoodc.com
Fingerprint45:E5:93:C6:9D:8A:E6:3B:CB:13:8B:61:08:72:65:59:D9:F3:78:8F
ValidityTue, 19 Sep 2023 22:32:33 GMT - Mon, 18 Dec 2023 22:32:32 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1102)
Size 136 kB (136123 bytes)
Hash fc75e7935124f2ddc0027cc07abdd8b7
04047a3264077b98890edc26d9d7416fa38db80d
a2d014c25e6bde7b468abb8749d60300f01fa242ebe680cd2947538405f73198
GET /player/d/jYSah52GhJaLtsPNysPVtYiRr5qFjq3A18nL2Y-fs4mVktvKhJGQmZu4xMLYhoOSh5mFg5Kd0sa4x8bhhYSShw__/w8KOiZbLq46Lm4GEl5ChhIOXiZ2EgLen HTTP/1.1
Host: voodc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://voodc.com/embed/85899a8f998484938799838595899886869a.html
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 22 Oct 2023 20:09:21 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.0.27
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-xss-protection: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VMmGHW415NfsI7seXLEpsK0dA4kSbTkJHNLjs89ApnYlQOdqnTEuA%2Fuf7CgMz%2B1wE0QHie0gsMyVMEVZBMk2%2BjBhr8ccyE%2BSrvFdeR8lXdrwpb5d16AOhq2lTGE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81a46094e889b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
ocsp.pki.goog/s/gts1p5/QEicYaLOPJo
472 B URL ocsp.pki.goog/s/gts1p5/QEicYaLOPJo
IP
Hash 7f66a89418cd779b34a537317621e241
69e1946e1d69d0fd682ca61112d31f291cc897b8
9162844ed981bd1889c8114d2fed18af595cbfd49bd3dc5cf99f69ffc80ab45e
POST /s/gts1p5/QEicYaLOPJo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:22 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
youradexchange.com/ut/hb.php?cb=0.1322133276945915
0 B URL youradexchange.com/ut/hb.php?cb=0.1322133276945915
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ut/hb.php?cb=0.1322133276945915 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 842
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 22 Oct 2023 20:09:22 GMT
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OxhrY2Jgte4RBi3a3dXg4GXKNwJ1iboim7bNA9ZpgrIuOnuBs6%2Bf4o4JdNRUxg9uE%2FJpRd%2Bm2E%2FQ9SnzvaYaC8JNUvTpVFZKAuREmaL58zCloAx%2BhJosBzPVYiOcyeRniNMj764%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81a460add9137309-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/QEicYaLOPJo
472 B URL ocsp.pki.goog/s/gts1p5/QEicYaLOPJo
IP
Hash 7f66a89418cd779b34a537317621e241
69e1946e1d69d0fd682ca61112d31f291cc897b8
9162844ed981bd1889c8114d2fed18af595cbfd49bd3dc5cf99f69ffc80ab45e
POST /s/gts1p5/QEicYaLOPJo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:09:23 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
a4.dlive.click/key_208497b422d34893a35ffcf30be69a4a_111ea8a489c34bb78f7d88ec42f0a3a4_d.key
16 B URL a4.dlive.click/key_208497b422d34893a35ffcf30be69a4a_111ea8a489c34bb78f7d88ec42f0a3a4_d.key
IP
File type Non-ISO extended-ASCII text, with no line terminators, with overstriking
Hash 540ca1d5144889847bf8a7158ec96721
51b8cf08874ce7601bec0f2366d73ccc30f5b813
6d7148050cd854114fbd4492ad3a3694f59678c5964b076e611c2b361b609964
GET /key_208497b422d34893a35ffcf30be69a4a_111ea8a489c34bb78f7d88ec42f0a3a4_d.key HTTP/1.1
Host: a4.dlive.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://embed.mycraft.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:23 GMT
content-type: application/octet-stream
content-length: 16
last-modified: Sun, 22 Oct 2023 18:56:03 GMT
etag: "65357043-10"
access-control-allow-origin: *
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UcZfGi0%2B0UtQ4jmMF9D3kOGsOuIZU%2BUnGILhzdQCYxkgDFec%2FQSSCYv6ZsQDNuu2A3L4x7I0G%2FahKI9xYkifKzjP27ONA2VoGYxEpJrIFrKxPNA%2FG14EjaCs80mWlDm%2FXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81a460b038cf6545-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
x-default-stgec.uplynk.com/ause/slices/208/d09b16c953aa40c98dd8c513526aca5a/208497b422d34893a35ffcf30be69a4a/D0000042B.ts
873 kB URL x-default-stgec.uplynk.com/ause/slices/208/d09b16c953aa40c98dd8c513526aca5a/208497b422d34893a35ffcf30be69a4a/D0000042B.ts
IP
Size 873 kB (873264 bytes)
Hash 6552221f4148abe01e1469288de64653
3fb1f72e620e59c606d45bd9812bc8121a22369b
92897b2b0bac06a59fd9e0f373d345882822a797da48d541f6799b5802875412
GET /ause/slices/208/d09b16c953aa40c98dd8c513526aca5a/208497b422d34893a35ffcf30be69a4a/D0000042B.ts HTTP/1.1
Host: x-default-stgec.uplynk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://embed.mycraft.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 3001
age: 31
cache-control: no-cache
cdn-request-id: 163717814030516862856143673069050436168
content-type: application/octet-stream
date: Sun, 22 Oct 2023 20:09:23 GMT
etag: "6552221f4148abe01e1469288de64653"
expires: Sun, 22 Oct 2023 20:09:22 GMT
last-modified: Sun, 22 Oct 2023 20:08:33 GMT
server: ECAcc (ska/F6A7)
x-amz-id-2: 0eG/r6x8J/VCP1yZpRvf7/ykVqchm2yHA1oS/uxqbFwdyL3Xl4JPZvnQ9KYKrlkX35njmdvUybM=
x-amz-request-id: R8ESK8H4NHP1G1C6
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 873264
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=23691106-994c-4323-af4b-7fd3de86cd6f&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=ccf4d0ab5e3f26b60014d07829c8427c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=20
1 B URL unseenreport.com/pxf.gif?uuid=23691106-994c-4323-af4b-7fd3de86cd6f&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=ccf4d0ab5e3f26b60014d07829c8427c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=20
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pxf.gif?uuid=23691106-994c-4323-af4b-7fd3de86cd6f&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=ccf4d0ab5e3f26b60014d07829c8427c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Oct 2023 20:09:24 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8b20852809ec3df946269c8b6da1eb57
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=23691106-994c-4323-af4b-7fd3de86cd6f&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c85d0daf87842044d502962676be3222&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=20
1 B URL unseenreport.com/pxf.gif?uuid=23691106-994c-4323-af4b-7fd3de86cd6f&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c85d0daf87842044d502962676be3222&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=20
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pxf.gif?uuid=23691106-994c-4323-af4b-7fd3de86cd6f&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c85d0daf87842044d502962676be3222&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Oct 2023 20:09:24 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fa60bceebd4caca20317e10a67a3eae4
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/animate.css
200 OK 79 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/animate.css
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
Hash e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a
GET /sb/ssp/vpn/classic-push/big1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.deatusa.com
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:12 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:06:42 GMT
etag: W/"62136432-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D0MhA3hQMe5LVWFtXrAJ2Z6DNJ2TeUrfh%2B0Z3%2FmW3HVkm8magfo%2BnAsD9UyMSTRmJbAC2%2FShmTJZGSGUNms9SX%2BXKnJHIqlyVym%2BlMiZ9fia5SldxQaECSs2O28nRGs8n1hTeENZvJtB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a4606909f4731e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
200 OK 6.8 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint28:23:2B:8B:2D:09:6C:BB:06:7A:35:80:95:BB:F8:03:41:C8:99:2C
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT
File type ASCII text, with very long lines (7013), with no line terminators
Hash 49475c425d6c00477bb339179326c49b
bd97deeb753f44f43a21feafa92d98239fa511bd
598841a98ad357d2896d2f093ea3e4e1d44e24b3351268ffd45e61ff8c1d0e09
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 22 Oct 2023 20:09:11 GMT
date: Sun, 22 Oct 2023 20:09:11 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
4.bp.blogspot.com/-eALXtf-Ljts/WrQYAbzcPUI/AAAAAAAABjY/vptx-N2H46oFbiCqbSe2JgVSlHhyl0MwQCK4BGAYYCw/w330-h196-p-k-no-nu/nth-ify.png
200 OK 2.0 kB URL GET HTTP/2 4.bp.blogspot.com/-eALXtf-Ljts/WrQYAbzcPUI/AAAAAAAABjY/vptx-N2H46oFbiCqbSe2JgVSlHhyl0MwQCK4BGAYYCw/w330-h196-p-k-no-nu/nth-ify.png
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
Fingerprint7E:F7:94:DE:9C:42:10:E9:37:2B:CC:C1:49:E0:23:64:26:27:99:5D
ValidityThu, 28 Sep 2023 05:31:33 GMT - Thu, 21 Dec 2023 05:31:32 GMT
File type PNG image data, 330 x 196, 8-bit/color RGB, non-interlaced\012- data
Hash 65829159131a811aa32f16d48eb1b066
daceb729b7d20df42c86c07d1fc659bbf9f9585f
d6152d2c4e1bc05a0f8760672311ba6c4ace777adbe97d07b92d038806fa08bf
GET /-eALXtf-Ljts/WrQYAbzcPUI/AAAAAAAABjY/vptx-N2H46oFbiCqbSe2JgVSlHhyl0MwQCK4BGAYYCw/w330-h196-p-k-no-nu/nth-ify.png HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="nth-ify.png"
x-content-type-options: nosniff
server: fife
content-length: 2033
x-xss-protection: 0
date: Sun, 22 Oct 2023 18:58:32 GMT
expires: Mon, 23 Oct 2023 18:58:32 GMT
cache-control: public, max-age=86400, no-transform
etag: "v638"
content-type: image/png
vary: Origin
age: 4237
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
200 OK 86 kB URL GET HTTP/2 friendshipmale.com/sfp.js
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:10 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 7f941d03d58582c3f772cb73d100424d
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 22 Oct 2023 20:09:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=We0srwi8MwxQaD7SpLy6xAQo3hZ0JxkJRrLDb0fMj4I73YiP4Ga%2BaGj%2BXaPua0lss%2BthDGA4f%2FAXQb4LDK3Ny6Q7MmTUPA3N1UUhCbo9uLJek9ux1SILVzc1XXAzZUCgkD6VUT0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a4605cbff423b1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
200 OK 86 kB URL GET HTTP/2 friendshipmale.com/sfp.js
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:10 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 724094c5163a913f995b7781f08dbde3
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 22 Oct 2023 20:09:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jj3cw5AIMwrYzn6JVinClEdok9p8GSk%2BvQn0Md4AfodFyY6tHfPDU7mi8MYVp0ILZ%2FMHhYpB0bpoUeVa04iMdnkkAkmwVnEAwtCQpKkkN8NOkcRwBmIXD6c7p3oVTVRYfWf0XK0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a4605cbfe123b1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
mcdn.mrgamingstreams.com/mrgamingsoccer1.m3u8
200 OK 231 B URL GET HTTP/2 mcdn.mrgamingstreams.com/mrgamingsoccer1.m3u8
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subjectmrgamingstreams.com
Fingerprint2F:EB:AA:7E:18:99:67:F0:FD:9F:75:BC:0B:14:82:E8:77:9A:14:C3
ValidityMon, 25 Sep 2023 12:22:04 GMT - Sun, 24 Dec 2023 12:22:03 GMT
File type M3U playlist, ASCII text, with no line terminators
Hash b0daeecf0af2f186493f499e8754d7b4
7c90426b0b2f0765d1259fd2601faca0cdc8e3ad
d338703eb716dde5394828b72b8a16935d93be73c1bd4bb730ce5ecb590e47bc
GET /mrgamingsoccer1.m3u8 HTTP/1.1
Host: mcdn.mrgamingstreams.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.deatusa.com
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:09 GMT
content-type: application/vnd.apple.mpegurl
last-modified: Sun, 22 Oct 2023 20:09:04 GMT
etag: W/"e7-60853ad5e5238"
access-control-allow-origin: *
cache-control: max-age=1
cf-cache-status: HIT
age: 1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O0tBqQnBh7SMz71%2BY6nEDibUiq7RlrLPjsz%2BUIvHfMa7LD029btMz2Hobvc07y2m6C%2Bdod%2FRf5Jm2bpFGguD4MddIhtf8u1mwAx9SC05GZN8ZYSHqUYHDpUZn2HFnWskoQKqsBH7e7r0yy0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a4605a2b82dc7f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js
200 OK 958 B URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js
IP
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type ASCII text, with very long lines (1009), with no line terminators
Hash 04835fd7dd7f8cfbad901bee8cff2170
38e9ed1e93f8f0beba9447a99afe3995e63b6f3e
be63bbd38c66ca9a9ee1c8abfed042fd5fc090c40b91ad561e922744ece47c41
GET /sb/ssp/vpn/classic-push/big1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.deatusa.com
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:12 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-3be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kzjF%2FzUo9VqaPzWtY7Zp2121kxDcoMIV4Hkg4GYtAx%2B1wfhCa3nfAw%2F4IGJ4soGaz7wvr9w2%2BvsSVKAKIkA%2B6EEpsYH3j%2FafNb6Oe%2BL%2FV9vv35Dr68ppAMnmCbPIHfTE1OhEWLZtPi4n"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a4606a3b1b731e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
live.mycraft.click/embedred2.js?v2
1.2 kB URL GET live.mycraft.click/embedred2.js?v2
IP
Requested by https://voodc.com/player/d/jYSah52GhJaLtsPNysPVtYiRr5qFjq3A18nL2Y-fs4mVktvKhJGQmZu4xMLYhoOSh5mFg5Kd0sa4x8bhhYSShw__/w8KOiZbLq46Lm4GEl5ChhIOXiZ2EgLen
Certificate IssuerGoogle Trust Services LLC
Subjectmycraft.click
FingerprintDA:54:5B:6C:C4:27:E6:4B:9E:A1:B0:27:EE:55:1C:79:B3:ED:E2:4F
ValidityFri, 22 Sep 2023 21:02:58 GMT - Thu, 21 Dec 2023 21:02:57 GMT
File type ASCII text, with very long lines (1270), with no line terminators
Hash adcfea3d9462753286e8a584a51397da
ff7d3691322d10bb10bd5a66ea152f3b07dc0de6
a3d1ec28073b3d09069ad4271beb6c0cc984a788ea37a4a47074384b03f360ce
GET /embedred2.js?v2 HTTP/1.1
Host: live.mycraft.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:22 GMT
content-type: application/javascript
last-modified: Sun, 24 Sep 2023 13:04:27 GMT
etag: W/"651033db-4c0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6219
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bjqJr1wX9uEqg3Anb2oefE7IzVLO6ix2uqPHubjZenrIUGTI1FgKEFz0bvs3JwQQ6QYVEpLXOjDJ5l1Hq8MXbcfUtCWVdf%2B7Y9AcocGXZP9qxCqIyBUnm70ddn%2F3PsmorwN0vJs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a460a8fc8056bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/bb/8f/55/bb8f559a2bb12d6d6e7d67f443176e76/1686846286.png
200 OK 11 kB URL GET HTTP/2 cdn.cloudimagesb.com/si/bb/8f/55/bb8f559a2bb12d6d6e7d67f443176e76/1686846286.png
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint62:DE:BA:BA:30:E9:EE:15:E9:24:B9:C5:BF:E1:7E:39:8B:20:E5:42
ValiditySun, 24 Sep 2023 23:04:02 GMT - Sat, 23 Dec 2023 23:04:01 GMT
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash f0ccba8be07296564ea5c3ce0a3dc8e1
e6f83b5be04683c793055718a59666268c98a77f
9e77cb37b2774c2ed298366221a67bbc0e01eb7e32fb6d93cedbb6a334337366
GET /si/bb/8f/55/bb8f559a2bb12d6d6e7d67f443176e76/1686846286.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:09:12 GMT
content-type: image/png
content-length: 11192
server: nginx/1.21.6
last-modified: Thu, 15 Jun 2023 16:24:54 GMT
etag: "648b3b56-2bb8"
expires: Tue, 24 Oct 2023 20:09:12 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
trustworthyturnstileboyfriend.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fjs%2Fscript.js&l=958&fd=309
200 OK 0 B URL GET HTTP/1.1 trustworthyturnstileboyfriend.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fjs%2Fscript.js&l=958&fd=309
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.deatusa.com/2023/10/barcelona-vs-athletic.html?m=1
Certificate IssuerLet's Encrypt
Subjecttrustworthyturnstileboyfriend.com
FingerprintFB:9B:6B:AB:A9:A1:C8:09:CA:05:5D:D9:B9:1E:7A:7A:3B:86:B8:0D
ValidityMon, 25 Sep 2023 09:05:42 GMT - Sun, 24 Dec 2023 09:05:41 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fjs%2Fscript.js&l=958&fd=309 HTTP/1.1
Host: trustworthyturnstileboyfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.deatusa.com/
Cookie: u_pl=17615035; uid_id2=b5b413a1-b6bd-466a-9ab4-cb579780c37f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecc85d0daf87842044d502962676be3222=[4663322]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Oct 2023 20:09:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
superfastcdn.com/script/ut.js?cb=1698005363223
82 kB URL GET superfastcdn.com/script/ut.js?cb=1698005363223
IP
Requested by https://voodc.com/player/d/jYSah52GhJaLtsPNysPVtYiRr5qFjq3A18nL2Y-fs4mVktvKhJGQmZu4xMLYhoOSh5mFg5Kd0sa4x8bhhYSShw__/w8KOiZbLq46Lm4GEl5ChhIOXiZ2EgLen
Certificate IssuerGoogle Trust Services LLC
Subjectsuperfastcdn.com
Fingerprint84:19:78:2C:D7:33:B4:0C:B3:11:E4:5E:3D:F7:57:60:C2:18:19:03
ValiditySun, 27 Aug 2023 02:29:17 GMT - Sat, 25 Nov 2023 02:29:16 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /script/ut.js?cb=1698005363223 HTTP/1.1
Host: superfastcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 22 Oct 2023 20:09:22 GMT
content-type: application/javascript
x-guploader-uploadid: ABPtcPoPD3ft5ksqAgeTQmTpa7lMagw8LQdw1QLpdw65EVGTKMmKNGWXjvy6wZg1sNOMINu4Dxvy_Z0MFsTKDmetyf2JeHonaQqf
x-goog-generation: 1696846022267412
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 82120
x-goog-hash: crc32c=b724KA==, md5=BeZ2NJB783MH8aUOpLQsyg==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
expires: Sun, 22 Oct 2023 20:33:26 GMT
cache-control: public, max-age=14400
last-modified: Mon, 09 Oct 2023 10:07:02 GMT
etag: W/"05e67634907bf37307f1a50ea4b42cca"
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FmhXG62jmhk42gi%2FHpLmdzix%2BbngddQNyMpijAqt3CKJ5jwmUH0KYskBGJs68yi6n8DuRRgOCrEmxqTtHxjLZzNfaEHQ%2BLInVb%2BO7u%2FmvqeIPlyL%2Fc9nr1Uu0yEAVG2bPb8i"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a460ac0f82d188-LHR
content-encoding: br
voodc.com/embed/0/0/w8KOiZbLq46Lm4GEl5ChhIOXiZ2EgLen/jYSah52GhJaLtsPNysPVtYiRr5qFjq3A18nL2Y-fs4mVktvKhJGQmZu4xMLYhoOSh5mFg5Kd0sa4x8bhhYSShw__
200 OK 2.4 kB URL GET HTTP/3 voodc.com/embed/0/0/w8KOiZbLq46Lm4GEl5ChhIOXiZ2EgLen/jYSah52GhJaLtsPNysPVtYiRr5qFjq3A18nL2Y-fs4mVktvKhJGQmZu4xMLYhoOSh5mFg5Kd0sa4x8bhhYSShw__
IP
Requested by https://voodc.com/embed/85899a8f998484938799838595899886869a.html
Certificate IssuerGoogle Trust Services LLC
Subjectvoodc.com
Fingerprint45:E5:93:C6:9D:8A:E6:3B:CB:13:8B:61:08:72:65:59:D9:F3:78:8F
ValidityTue, 19 Sep 2023 22:32:33 GMT - Mon, 18 Dec 2023 22:32:32 GMT
File type ASCII text, with very long lines (2538), with no line terminators
Hash ea2778434ae6b26ab9805f0d7f70b5fe
ac271d8a29855fddf82a1b3af026245a114a8bf8
4e25a73cf4e9fc3d2d7a88f406c80c964a7bd6af49b269fe64c7f7d43fbbca27
GET /embed/0/0/w8KOiZbLq46Lm4GEl5ChhIOXiZ2EgLen/jYSah52GhJaLtsPNysPVtYiRr5qFjq3A18nL2Y-fs4mVktvKhJGQmZu4xMLYhoOSh5mFg5Kd0sa4x8bhhYSShw__ HTTP/1.1
Host: voodc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://voodc.com/embed/85899a8f998484938799838595899886869a.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 22 Oct 2023 20:09:18 GMT
content-type: application/javascript
x-powered-by: PHP/8.0.27
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-xss-protection: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wzshIUHw78cXXUCM6ln1N09T8r%2FQDydGsrCJPQTogcGWzT4WjDGlGkLBtTxQnYzu%2BnR73oDRFJDKHqOhPpmSzOCLCI5eHudD%2BgqDCShmU5DhzSjI%2FImXRXRDocY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81a4607a6f06b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
142.250.74.83
104.17.24.14
3.73.202.184
0.0.0.0