32 kB IP
ASN #34665 Petersburg Internet Network ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1257), with CRLF, LF line terminators
Hash 2ee0ab6c03e95ce2bc6aede5618f76b4
0a21db05df2927e364a36b86b0ba230f9971a50c
934b3343f11b19e80a5e15ef4404718d5c11149a41338770ee32371982ab6c07
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET / HTTP/1.1
Host: candylil.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 28 Nov 2023 03:33:17 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.33
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Wed, 17 Aug 2005 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 5ebd637faec883c93d952d9910b06e6d=231872f17c03274a222637cb151237d4; path=/; HttpOnly
candylil.line.pm/templates/angio.su/js/menu.js
200 OK 343 B URL GET HTTP/1.1 candylil.line.pm/templates/angio.su/js/menu.js
IP
ASN #34665 Petersburg Internet Network ltd.
File type ASCII text, with CRLF line terminators
Hash d29d3d0c6aa67a8a9eb50c33549e1ee9
195c5afb5c66a1a67be65233341a072eb15688f3
4452ce4ff06f3f81cff4aa0fa9aa0bf0d792568df61506c0c1aeb73ef9d5d2a2
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /templates/angio.su/js/menu.js HTTP/1.1
Host: candylil.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Cookie: 5ebd637faec883c93d952d9910b06e6d=231872f17c03274a222637cb151237d4
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 28 Nov 2023 03:33:17 GMT
Content-Type: application/javascript
Content-Length: 343
Last-Modified: Sat, 23 Jan 2021 16:24:58 GMT
Connection: keep-alive
ETag: "600c4dda-157"
Accept-Ranges: bytes
candylil.line.pm/media/jui/js/jquery-noconflict.js?3771584f1cacb63de500ff47c587e01d
200 OK 21 B URL GET HTTP/1.1 candylil.line.pm/media/jui/js/jquery-noconflict.js?3771584f1cacb63de500ff47c587e01d
IP
ASN #34665 Petersburg Internet Network ltd.
Hash e2060c4e5e5955c824723b13a212d3ec
18420ce484978f8ba3d7371febf1638828bb7a67
5b6cf4e6eda02f7c90b60b3c32413c0851915f8f80a268a913b92929085132a6
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /media/jui/js/jquery-noconflict.js?3771584f1cacb63de500ff47c587e01d HTTP/1.1
Host: candylil.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Cookie: 5ebd637faec883c93d952d9910b06e6d=231872f17c03274a222637cb151237d4
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 28 Nov 2023 03:33:17 GMT
Content-Type: application/javascript
Content-Length: 21
Last-Modified: Mon, 11 Jan 2021 17:46:12 GMT
Connection: keep-alive
ETag: "5ffc8ee4-15"
Accept-Ranges: bytes
candylil.line.pm/media/jui/js/jquery-migrate.min.js?3771584f1cacb63de500ff47c587e01d
200 OK 10 kB URL GET HTTP/1.1 candylil.line.pm/media/jui/js/jquery-migrate.min.js?3771584f1cacb63de500ff47c587e01d
IP
ASN #34665 Petersburg Internet Network ltd.
File type ASCII text, with very long lines (9959)
Hash 7121994eec5320fbe6586463bf9651c2
90532aff6d4121954254cdf04994d834f7ec169b
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /media/jui/js/jquery-migrate.min.js?3771584f1cacb63de500ff47c587e01d HTTP/1.1
Host: candylil.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Cookie: 5ebd637faec883c93d952d9910b06e6d=231872f17c03274a222637cb151237d4
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 28 Nov 2023 03:33:17 GMT
Content-Type: application/javascript
Content-Length: 10056
Last-Modified: Mon, 11 Jan 2021 17:46:12 GMT
Connection: keep-alive
ETag: "5ffc8ee4-2748"
Accept-Ranges: bytes
candylil.line.pm/media/system/js/caption.js?3771584f1cacb63de500ff47c587e01d
200 OK 491 B URL GET HTTP/1.1 candylil.line.pm/media/system/js/caption.js?3771584f1cacb63de500ff47c587e01d
IP
ASN #34665 Petersburg Internet Network ltd.
File type ASCII text, with very long lines (413)
Hash 27e0e11b572de3bc44be960d25d65570
9c431113357e1a7147388978bde9b70a3ff6114a
20f7c83ab9dfdc1e88f4c3fafc0712492200ab738fb30660526bad9dcb7282dc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /media/system/js/caption.js?3771584f1cacb63de500ff47c587e01d HTTP/1.1
Host: candylil.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Cookie: 5ebd637faec883c93d952d9910b06e6d=231872f17c03274a222637cb151237d4
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 28 Nov 2023 03:33:17 GMT
Content-Type: application/javascript
Content-Length: 491
Last-Modified: Mon, 11 Jan 2021 17:46:12 GMT
Connection: keep-alive
ETag: "5ffc8ee4-1eb"
Accept-Ranges: bytes
candylil.line.pm/components/com_jcomments/tpl/default/style.css?v=3002
200 OK 15 kB URL GET HTTP/1.1 candylil.line.pm/components/com_jcomments/tpl/default/style.css?v=3002
IP
ASN #34665 Petersburg Internet Network ltd.
File type ASCII text, with very long lines (317), with CRLF line terminators
Hash 325d60174a3f37e1f426b64f0392c06d
6fdb4963cfddcb42ccb6c981f85f65dd597d8616
ac298b00d29375f8f3edde75240eff7ce0ff8ab168ab36f227cd5ce0f5a0ec1f
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /components/com_jcomments/tpl/default/style.css?v=3002 HTTP/1.1
Host: candylil.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Cookie: 5ebd637faec883c93d952d9910b06e6d=231872f17c03274a222637cb151237d4
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 28 Nov 2023 03:33:17 GMT
Content-Type: text/css
Content-Length: 15386
Last-Modified: Mon, 25 Jan 2021 10:55:22 GMT
Connection: keep-alive
ETag: "600ea39a-3c1a"
Accept-Ranges: bytes
candylil.line.pm/templates/angio.su/css/template.css
200 OK 21 kB URL GET HTTP/1.1 candylil.line.pm/templates/angio.su/css/template.css
IP
ASN #34665 Petersburg Internet Network ltd.
File type ASCII text, with very long lines (381), with CRLF line terminators
Hash cfc86d4049d28a6fbc6b800ce055a633
fc68099a5033b05cd16b0180ec80142318e6d223
1b0e8fca024e4a532189351e41a1d4ff428e384ecabd7c5f50b42133b3605b07
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /templates/angio.su/css/template.css HTTP/1.1
Host: candylil.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Cookie: 5ebd637faec883c93d952d9910b06e6d=231872f17c03274a222637cb151237d4
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 28 Nov 2023 03:33:17 GMT
Content-Type: text/css
Content-Length: 20576
Last-Modified: Mon, 25 Jan 2021 11:01:04 GMT
Connection: keep-alive
ETag: "600ea4f0-5060"
Accept-Ranges: bytes
candylil.line.pm/media/jui/js/jquery.min.js?3771584f1cacb63de500ff47c587e01d
200 OK 98 kB URL GET HTTP/1.1 candylil.line.pm/media/jui/js/jquery.min.js?3771584f1cacb63de500ff47c587e01d
IP
ASN #34665 Petersburg Internet Network ltd.
File type ASCII text, with very long lines (65462)
Hash 48a197817927a6eda6f531064f1dba71
5ba19dcca2e2d7ac659af0fbc97dc99e505c498b
05d31c760df3e6f0c64e3da1cd299e5f73df51c974c6528a60d0685859bbc1ba
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /media/jui/js/jquery.min.js?3771584f1cacb63de500ff47c587e01d HTTP/1.1
Host: candylil.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Cookie: 5ebd637faec883c93d952d9910b06e6d=231872f17c03274a222637cb151237d4
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 28 Nov 2023 03:33:17 GMT
Content-Type: application/javascript
Content-Length: 97646
Last-Modified: Mon, 11 Jan 2021 17:46:12 GMT
Connection: keep-alive
ETag: "5ffc8ee4-17d6e"
Accept-Ranges: bytes
fonts.googleapis.com/css?family=PT+Sans:400,400italic,700,700italic|PT+Sans+Narrow:400,700&subset=cyrillic-ext,latin-ext,latin,cyrillic
200 OK 726 B URL GET HTTP/1.1 fonts.googleapis.com/css?family=PT+Sans:400,400italic,700,700italic|PT+Sans+Narrow:400,700&subset=cyrillic-ext,latin-ext,latin,cyrillic
IP
Hash 164c50906fa99985b4d0910c4b50e08d
d72fd265375c9e6ceb33a9e3fd699d42b5e62264
8fd7c5008c74c5ba56a614788824de76f911ddff642c974ca71f3d61ce8fb897
GET /css?family=PT+Sans:400,400italic,700,700italic|PT+Sans+Narrow:400,700&subset=cyrillic-ext,latin-ext,latin,cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Tue, 28 Nov 2023 03:33:17 GMT
Date: Tue, 28 Nov 2023 03:33:17 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
200 OK 33 kB URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
IP
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (32089)
Hash 397754ba49e9e0cf4e7c190da78dda05
ae49e56999d82802727455f0ba83b63acd90a22b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
GET /ajax/libs/jquery/1.9.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33018
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 22 Nov 2023 21:36:56 GMT
expires: Thu, 21 Nov 2024 21:36:56 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 453381
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
yastatic.net/share/share.js
200 OK 15 kB URL GET HTTP/1.1 yastatic.net/share/share.js
IP
File type Unicode text, UTF-8 text, with very long lines (32058)
Hash db7132f94e4730c128b638f72b46c899
4af3ebc52a01e5becd92d3f3d59f21c019e62519
944979b576ee52348d5c63d35f566c11df26f70ed15d2ceba61180662a49b114
GET /share/share.js HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 28 Nov 2023 03:33:17 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=216013
Content-Encoding: gzip
Etag: W/"db7132f94e4730c128b638f72b46c899"
Expires: Thu, 30 Nov 2023 15:30:32 GMT
Last-Modified: Wed, 24 Oct 2018 16:00:42 GMT
NEL: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
Report-To: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
Strict-Transport-Security: max-age=43200000; includeSubDomains;
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Nginx-Request-Id: 076755093f4d8e6c
candylil.line.pm/images/angio_logo.png
200 OK 23 kB URL GET HTTP/1.1 candylil.line.pm/images/angio_logo.png
IP
ASN #34665 Petersburg Internet Network ltd.
File type PNG image data, 380 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash fc0f282a3c0dc0504dc0cef7e4722571
5f06b889b2274806e594a057703b823c754216b2
c686100f67f4c2ac89c5bfc6888b63bb6d999c3fbf315f54e240fe0a3c49eecb
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /images/angio_logo.png HTTP/1.1
Host: candylil.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Cookie: 5ebd637faec883c93d952d9910b06e6d=231872f17c03274a222637cb151237d4
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 28 Nov 2023 03:33:17 GMT
Content-Type: image/png
Content-Length: 22696
Last-Modified: Sat, 23 Jan 2021 16:24:06 GMT
Connection: keep-alive
ETag: "600c4da6-58a8"
Accept-Ranges: bytes
candylil.line.pm/images/face.jpg
200 OK 66 kB URL GET HTTP/1.1 candylil.line.pm/images/face.jpg
IP
ASN #34665 Petersburg Internet Network ltd.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 290x210, components 3\012- data
Hash 19aa1f3645cdc21d5b337502db31ef0f
c2779eddb584f9c30dbdd163e15b58fa5674c2d8
eb5da5cf230b828f5fdf29211f13cdea9e073675b53e5225ff04fb0ea92bdf40
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /images/face.jpg HTTP/1.1
Host: candylil.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Cookie: 5ebd637faec883c93d952d9910b06e6d=231872f17c03274a222637cb151237d4
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 28 Nov 2023 03:33:17 GMT
Content-Type: image/jpeg
Content-Length: 65753
Last-Modified: Sat, 23 Jan 2021 16:24:06 GMT
Connection: keep-alive
ETag: "600c4da6-100d9"
Accept-Ranges: bytes
candylil.line.pm/templates/angio.su/images/menu.jpg
200 OK 356 B URL GET HTTP/1.1 candylil.line.pm/templates/angio.su/images/menu.jpg
IP
ASN #34665 Petersburg Internet Network ltd.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x46, components 3\012- data
Hash 3ed1efeb31deee3ebb37bbb2ad916735
f2af06ce9f179c88b21b566131705e0f03bcad61
86c2401c33c0b942936b58ec89a2018063c6727e5a175197fef8c86ccab63ed5
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /templates/angio.su/images/menu.jpg HTTP/1.1
Host: candylil.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/templates/angio.su/css/template.css
Cookie: 5ebd637faec883c93d952d9910b06e6d=231872f17c03274a222637cb151237d4
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 28 Nov 2023 03:33:18 GMT
Content-Type: image/jpeg
Content-Length: 356
Last-Modified: Sat, 23 Jan 2021 16:24:58 GMT
Connection: keep-alive
ETag: "600c4dda-164"
Accept-Ranges: bytes
candylil.line.pm/templates/angio.su/images/left1.jpg
200 OK 5.9 kB URL GET HTTP/1.1 candylil.line.pm/templates/angio.su/images/left1.jpg
IP
ASN #34665 Petersburg Internet Network ltd.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 360x60, components 3\012- data
Hash 6e70a04ed66ac5314404927dbc660471
a4e623c7de8c3a50444b2b026c400847e20a2491
e016cab947ae6d0bbef29a0ceb89f9bba721abf18f841002b3546c17733d08d4
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /templates/angio.su/images/left1.jpg HTTP/1.1
Host: candylil.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/templates/angio.su/css/template.css
Cookie: 5ebd637faec883c93d952d9910b06e6d=231872f17c03274a222637cb151237d4
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 28 Nov 2023 03:33:18 GMT
Content-Type: image/jpeg
Content-Length: 5947
Last-Modified: Sat, 23 Jan 2021 16:24:58 GMT
Connection: keep-alive
ETag: "600c4dda-173b"
Accept-Ranges: bytes
candylil.line.pm/templates/angio.su/images/left2.jpg
200 OK 4.6 kB URL GET HTTP/1.1 candylil.line.pm/templates/angio.su/images/left2.jpg
IP
ASN #34665 Petersburg Internet Network ltd.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 360x40, components 3\012- data
Hash b3b8d762793b8af239fef6ffa2c63817
b0445b36c9fec411a09fb3bb2fd6a8c94c1aa900
256ec9d5a8e557d4cfd629b456092e26545a6ba7ff828a7d36dfec7a10acb11b
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /templates/angio.su/images/left2.jpg HTTP/1.1
Host: candylil.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/templates/angio.su/css/template.css
Cookie: 5ebd637faec883c93d952d9910b06e6d=231872f17c03274a222637cb151237d4
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 28 Nov 2023 03:33:18 GMT
Content-Type: image/jpeg
Content-Length: 4600
Last-Modified: Sat, 23 Jan 2021 16:24:58 GMT
Connection: keep-alive
ETag: "600c4dda-11f8"
Accept-Ranges: bytes
fonts.gstatic.com/s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLQ.woff2
200 OK 47 kB URL GET HTTP/1.1 fonts.gstatic.com/s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLQ.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 47048, version 1.0\012- data
Hash 87a1556b696ae2cb1a726bd8c4584a2f
1be0f6f39e0cf316f9827f945eeeaef8294cc37b
141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1
GET /s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://candylil.line.pm
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 47048
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 23 Nov 2023 04:50:38 GMT
Expires: Fri, 22 Nov 2024 04:50:38 GMT
Cache-Control: public, max-age=31536000
Age: 427360
Last-Modified: Wed, 27 Apr 2022 16:55:54 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2
200 OK 45 kB URL GET HTTP/1.1 fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 45300, version 1.0\012- data
Hash 5fe660c3a23b871807b0e1d3ee973d23
62a9dd423b30b6ee3ab3dd40d573545d579af10a
e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d
GET /s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://candylil.line.pm
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 45300
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 23 Nov 2023 23:23:47 GMT
Expires: Fri, 22 Nov 2024 23:23:47 GMT
Cache-Control: public, max-age=31536000
Age: 360571
Last-Modified: Wed, 27 Apr 2022 16:11:08 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/ptsans/v17/jizfRExUiTo99u79B_mh0OqtLQ0Z.woff2
200 OK 30 kB URL GET HTTP/1.1 fonts.gstatic.com/s/ptsans/v17/jizfRExUiTo99u79B_mh0OqtLQ0Z.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 29928, version 1.0\012- data
Hash 609bea65e2bf8ee9b728a85a8f1b282c
a0d2fbcf012e6554fb8cb182994ec8eb744ab65d
1a045fdc088409e4e87d57617de7a9b613bf251c12997180910faeed8fa7aba1
GET /s/ptsans/v17/jizfRExUiTo99u79B_mh0OqtLQ0Z.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://candylil.line.pm
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 29928
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 23 Nov 2023 04:53:06 GMT
Expires: Fri, 22 Nov 2024 04:53:06 GMT
Cache-Control: public, max-age=31536000
Age: 427212
Last-Modified: Wed, 27 Apr 2022 16:55:48 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0aExdGM.woff2
200 OK 28 kB URL GET HTTP/1.1 fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0aExdGM.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 28444, version 1.0\012- data
Hash e996a4db02cc36705ce700e4b5d06b3a
c5fa1dff68d7d83689f58bc498caea9041cf7b75
7e9c22d02fc319b701844b334477a05fd32acee9668feb98672f6c27887f79cf
GET /s/ptsans/v17/jizaRExUiTo99u79D0aExdGM.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://candylil.line.pm
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 28444
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 23 Nov 2023 23:23:45 GMT
Expires: Fri, 22 Nov 2024 23:23:45 GMT
Cache-Control: public, max-age=31536000
Age: 360573
Last-Modified: Wed, 27 Apr 2022 16:45:23 GMT
Content-Type: font/woff2
candylil.line.pm/templates/angio.su/images/bottom.jpg
200 OK 33 kB URL GET HTTP/1.1 candylil.line.pm/templates/angio.su/images/bottom.jpg
IP
ASN #34665 Petersburg Internet Network ltd.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1200x156, components 3\012- data
Hash 8464cdb8a5829f677e8c049ba85294c4
ddc587f1cbe82720827d95f1f3aa312307c08a33
cb0b63f0dce14cc17d743f719fe32a001fbf3f8f19f8103762419297082242af
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /templates/angio.su/images/bottom.jpg HTTP/1.1
Host: candylil.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/templates/angio.su/css/template.css
Cookie: 5ebd637faec883c93d952d9910b06e6d=231872f17c03274a222637cb151237d4
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 28 Nov 2023 03:33:18 GMT
Content-Type: image/jpeg
Content-Length: 32620
Last-Modified: Sat, 23 Jan 2021 16:24:58 GMT
Connection: keep-alive
ETag: "600c4dda-7f6c"
Accept-Ranges: bytes
www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
200 OK 0 B URL GET HTTP/2 www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
IP
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 28 Nov 2023 03:33:18 GMT
Location: https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yastatic.net/share/ya-share-cnt.html?url=http%3A%2F%2Fcandylil.line.pm%2F&services=vkontakte,facebook,twitter,odnoklassniki,moimir,gplus
200 OK 1.5 kB URL GET HTTP/1.1 yastatic.net/share/ya-share-cnt.html?url=http%3A%2F%2Fcandylil.line.pm%2F&services=vkontakte,facebook,twitter,odnoklassniki,moimir,gplus
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3181), with CRLF line terminators
Hash b4410f26aa4a1448071c7f97e2a81e4c
98d7b9e582275e33210c4fbae35fb71477c0a90b
7e29b8fa68a48c0fa32321c441c867176c5403716f3c7cf7e542b668c218cac2
GET /share/ya-share-cnt.html?url=http%3A%2F%2Fcandylil.line.pm%2F&services=vkontakte,facebook,twitter,odnoklassniki,moimir,gplus HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 28 Nov 2023 03:33:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=216009
Content-Encoding: gzip
Etag: W/"b4410f26aa4a1448071c7f97e2a81e4c"
Expires: Thu, 30 Nov 2023 15:33:19 GMT
Last-Modified: Wed, 24 Oct 2018 16:00:42 GMT
NEL: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
Report-To: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
Strict-Transport-Security: max-age=43200000; includeSubDomains;
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Nginx-Request-Id: 8ed2de65c188a758
site.yandex.net/v2.0/js/all.js
200 OK 18 kB URL GET HTTP/1.1 site.yandex.net/v2.0/js/all.js
IP
File type Unicode text, UTF-8 text, with very long lines (53862), with no line terminators
Hash 68a626d77106684c519c56a360f0facd
1c3dac43f9a7905074ff6bb08aa2b61b6eac7070
9882e083aad0be394eef2bc511fbd204f670004b4ff09e627197805c5c7ceb9a
GET /v2.0/js/all.js HTTP/1.1
Host: site.yandex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 28 Nov 2023 03:33:18 GMT
Content-Type: application/javascript
Content-Length: 17667
Connection: keep-alive
Keep-Alive: timeout=5
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=216013
Content-Encoding: gzip
Etag: "1447ba0561e7db60267e8ec539062259"
Expires: Thu, 30 Nov 2023 15:28:56 GMT
Last-Modified: Tue, 14 Feb 2023 08:57:29 GMT
NEL: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
Report-To: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
Strict-Transport-Security: max-age=43200000; includeSubDomains;
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Robots-Tag: noindex, noarchive, nofollow
Accept-Ranges: bytes
yastatic.net/share/static/b-share_counter_small.png
200 OK 1.1 kB URL GET HTTP/1.1 yastatic.net/share/static/b-share_counter_small.png
IP
File type PNG image data, 18 x 232, 8-bit colormap, non-interlaced\012- data
Hash a41b8bd207e963b98646a45084f36f17
5ad728ff7aeaf4d33cffba13ab5e2bc571aefd72
e78b6d74434a2318e1f3907c0a621a7f7b5883614e7589f79c180fbdad59e943
GET /share/static/b-share_counter_small.png HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 28 Nov 2023 03:33:18 GMT
Content-Type: image/png
Content-Length: 1058
Connection: keep-alive
Keep-Alive: timeout=5
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=216009
Etag: "a41b8bd207e963b98646a45084f36f17"
Expires: Thu, 30 Nov 2023 15:30:48 GMT
Last-Modified: Wed, 24 Oct 2018 16:00:42 GMT
NEL: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
Report-To: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
Strict-Transport-Security: max-age=43200000; includeSubDomains;
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Nginx-Request-Id: 73e012a59db2dd3e
Accept-Ranges: bytes
candylil.line.pm/templates/angio.su/favicon.ico
200 OK 9.3 kB URL GET HTTP/1.1 candylil.line.pm/templates/angio.su/favicon.ico
IP
ASN #34665 Petersburg Internet Network ltd.
File type MS Windows icon resource - 4 icons, 16x16, 8 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 559a36050280c63c1c5a88ba691f7317
d180d43d460b3a88c83a3ac85c6e9e2192003778
1efcdc37e9c6e9f59b3ab4ef2ad378c7e489ae5f1eb34063fe37ab9b8dd4a721
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /templates/angio.su/favicon.ico HTTP/1.1
Host: candylil.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Cookie: 5ebd637faec883c93d952d9910b06e6d=231872f17c03274a222637cb151237d4
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 28 Nov 2023 03:33:18 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 9286
Connection: keep-alive
Last-Modified: Sat, 23 Jan 2021 16:24:58 GMT
ETag: "2446-5b993beebaa80"
Accept-Ranges: bytes
www.youtube.com/s/player/63e90c30/player_ias.vflset/en_US/embed.js
200 OK 18 kB URL GET HTTP/3 www.youtube.com/s/player/63e90c30/player_ias.vflset/en_US/embed.js
IP
Requested by https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type ASCII text, with very long lines (3391)
Hash 50bbf688f33e38d5f7c5f2a73c02aa7a
67f82d27e93488dad1da215155fedb8744066738
d5277513b55f5e850101f15939c3dde471282e1a737d4d54cd347d4c28aa99c2
GET /s/player/63e90c30/player_ias.vflset/en_US/embed.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 17775
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 27 Nov 2023 08:39:02 GMT
expires: Tue, 26 Nov 2024 08:39:02 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 20 Nov 2023 02:45:49 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 68056
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.youtube.com/s/player/63e90c30/www-player.css
200 OK 49 kB URL GET HTTP/3 www.youtube.com/s/player/63e90c30/www-player.css
IP
Requested by https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash fe1c53d51cb92c2a5d115aaa327f89ff
121246c952d00cbe64196f9afb88823f1190ce13
0d3110815e47322fa8c8821c53234f4f90ff9107501b4d74741dfe6e8250e24a
GET /s/player/63e90c30/www-player.css HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 48811
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 27 Nov 2023 08:33:35 GMT
expires: Tue, 26 Nov 2024 08:33:35 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 20 Nov 2023 02:45:49 GMT
content-type: text/css
vary: Accept-Encoding, Origin
age: 68383
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.youtube.com/s/player/63e90c30/www-embed-player.vflset/www-embed-player.js
200 OK 99 kB URL GET HTTP/3 www.youtube.com/s/player/63e90c30/www-embed-player.vflset/www-embed-player.js
IP
Requested by https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type ASCII text, with very long lines (682)
Hash 29d728b01da2b497000a84aba115257e
84fb48d68c9bac9efb1d3aec0a32c0ded4cb461a
c31a04c8fb061c363792f34fb8b368d710ca6baa750e58ad587699d916aa5a52
GET /s/player/63e90c30/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 98564
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 27 Nov 2023 08:33:35 GMT
expires: Tue, 26 Nov 2024 08:33:35 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 20 Nov 2023 02:45:49 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 68383
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
yastatic.net/jquery/1.6.2/jquery.min.js
200 OK 28 kB URL GET HTTP/2 yastatic.net/jquery/1.6.2/jquery.min.js
IP
Certificate IssuerGlobalSign nv-sa
Subject*.yastatic-net.ru
FingerprintD9:64:E0:F2:39:AC:36:DB:9A:A3:3D:E4:27:E4:0B:F5:5B:5B:E3:A0
ValidityMon, 10 Jul 2023 13:25:28 GMT - Sun, 07 Jan 2024 20:59:59 GMT
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32764)
Hash a1a8cb16a060f6280a767187fd22e037
7622c9ac2335be6dcd3ab8b47132e94089cef931
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
GET /jquery/1.6.2/jquery.min.js HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.17.9
date: Tue, 28 Nov 2023 03:33:18 GMT
content-type: application/x-javascript
content-length: 28368
access-control-allow-origin: *
cache-control: public, max-age=31556952
content-encoding: br
etag: "57f5e4ce99f95e1eb0f18d52b65b6769"
expires: Tue, 26 Nov 2024 16:04:24 GMT
last-modified: Mon, 12 Nov 2018 13:13:42 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-nginx-request-id: 7ecb72e862ba30f7
accept-ranges: bytes
X-Firefox-Spdy: h2
share.yandex.net/counter/gpp/?callback=services.gplus.cb&url=http%3A%2F%2Fcandylil.line.pm%2F
204 No Content 0 B URL GET HTTP/1.1 share.yandex.net/counter/gpp/?callback=services.gplus.cb&url=http%3A%2F%2Fcandylil.line.pm%2F
IP
Requested by http://yastatic.net/share/ya-share-cnt.html?url=http%3A%2F%2Fcandylil.line.pm%2F&services=vkontakte,facebook,twitter,odnoklassniki,moimir,gplus
Certificate IssuerGlobalSign nv-sa
Subjectshare.yandex.net
Fingerprint62:76:2C:42:1F:7F:7F:82:C6:DC:16:02:4B:A7:C2:20:53:30:5E:6F
ValidityMon, 10 Jul 2023 21:01:27 GMT - Mon, 08 Jan 2024 20:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /counter/gpp/?callback=services.gplus.cb&url=http%3A%2F%2Fcandylil.line.pm%2F HTTP/1.1
Host: share.yandex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://yastatic.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Date: Tue, 28 Nov 2023 03:33:18 GMT
Set-Cookie: _yasc=m7Dd845ihLtVdNtyJoiKauO2tM7HeUQD2x3X2LkVjKd/bpdfweu79scnm/vg22/e; domain=.yandex.net; path=/; expires=Fri, 25 Nov 2033 03:33:18 GMT; secure
www.youtube.com/s/player/63e90c30/player_ias.vflset/en_US/base.js
200 OK 781 kB URL GET HTTP/3 www.youtube.com/s/player/63e90c30/player_ias.vflset/en_US/base.js
IP
Requested by https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type ASCII text, with very long lines (555)
Size 781 kB (781027 bytes)
Hash c502246556fb79bbbb83d4f036ea963f
4ab8182f4453dd4808b94aa76d98eb08e46128ae
7896bc3b93023bc401267007bec8ff688d9c42021c94eb9289cdac09c58ffb54
GET /s/player/63e90c30/player_ias.vflset/en_US/base.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-encoding: gzip
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 781027
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 27 Nov 2023 08:39:02 GMT
expires: Tue, 26 Nov 2024 08:39:02 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 20 Nov 2023 02:45:49 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 68056
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
Requested by https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 23:23:18 GMT
expires: Fri, 22 Nov 2024 23:23:18 GMT
cache-control: public, max-age=31536000
age: 360600
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 15 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
Requested by https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 23:26:09 GMT
expires: Fri, 22 Nov 2024 23:26:09 GMT
cache-control: public, max-age=31536000
age: 360429
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
site.yandex.net/v2.0/js/opensearch.js
200 OK 6.2 kB URL GET HTTP/2 site.yandex.net/v2.0/js/opensearch.js
IP
Certificate IssuerGlobalSign nv-sa
Subject*.yastatic-net.ru
FingerprintD9:64:E0:F2:39:AC:36:DB:9A:A3:3D:E4:27:E4:0B:F5:5B:5B:E3:A0
ValidityMon, 10 Jul 2023 13:25:28 GMT - Sun, 07 Jan 2024 20:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (18552), with no line terminators
Hash d12257f87644c4e89830f47705dee860
06822268477a00b08ad6590e4992bf7d2a457ed6
de66288f054df7f389e8281f87fb0a9a05095149f4e96d13c32a1c3b61b1a4a3
GET /v2.0/js/opensearch.js HTTP/1.1
Host: site.yandex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.17.9
date: Tue, 28 Nov 2023 03:33:18 GMT
content-type: application/javascript
content-length: 6188
access-control-allow-origin: *
cache-control: public, max-age=216013
content-encoding: br
etag: "1df256fb3e065fdf3b47b6ac51380393"
expires: Thu, 30 Nov 2023 15:31:54 GMT
last-modified: Tue, 14 Feb 2023 08:57:29 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nofollow
accept-ranges: bytes
X-Firefox-Spdy: h2
site.yandex.net/v2.0/i/search.png
200 OK 771 B URL GET HTTP/2 site.yandex.net/v2.0/i/search.png
IP
Certificate IssuerGlobalSign nv-sa
Subject*.yastatic-net.ru
FingerprintD9:64:E0:F2:39:AC:36:DB:9A:A3:3D:E4:27:E4:0B:F5:5B:5B:E3:A0
ValidityMon, 10 Jul 2023 13:25:28 GMT - Sun, 07 Jan 2024 20:59:59 GMT
File type PNG image data, 19 x 15, 8-bit colormap, non-interlaced\012- data
Hash 95698da59d3786c4b32c0172ccf23009
dce5db37f233387eb2baa6318c30d967797e1206
49c6ca26c2e3b18d1ef9f08f6f5eb5d3b26ebf13fd246e717072b9075df6fd2f
GET /v2.0/i/search.png HTTP/1.1
Host: site.yandex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.17.9
date: Tue, 28 Nov 2023 03:33:18 GMT
content-type: image/png
content-length: 771
access-control-allow-origin: *
cache-control: public, max-age=216013
etag: "95698da59d3786c4b32c0172ccf23009"
expires: Thu, 30 Nov 2023 15:30:32 GMT
last-modified: Tue, 14 Feb 2023 08:57:29 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nofollow
accept-ranges: bytes
X-Firefox-Spdy: h2
site.yandex.net/v2.0/i/yandex-hint-rb.png
200 OK 425 B URL GET HTTP/2 site.yandex.net/v2.0/i/yandex-hint-rb.png
IP
Certificate IssuerGlobalSign nv-sa
Subject*.yastatic-net.ru
FingerprintD9:64:E0:F2:39:AC:36:DB:9A:A3:3D:E4:27:E4:0B:F5:5B:5B:E3:A0
ValidityMon, 10 Jul 2023 13:25:28 GMT - Sun, 07 Jan 2024 20:59:59 GMT
File type PNG image data, 26 x 11, 8-bit/color RGBA, non-interlaced\012- data
Hash fbe624b4939c4538e386beffac5861f6
3c8ed24d3d130de09ebb60b596808bf2c65baa56
3db7135d424b421c0c412fd4504afd0f744698be1df3f009027159627de5ff8f
GET /v2.0/i/yandex-hint-rb.png HTTP/1.1
Host: site.yandex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.17.9
date: Tue, 28 Nov 2023 03:33:18 GMT
content-type: image/png
content-length: 425
access-control-allow-origin: *
cache-control: public, max-age=216013
etag: "fbe624b4939c4538e386beffac5861f6"
expires: Thu, 30 Nov 2023 15:33:19 GMT
last-modified: Tue, 14 Feb 2023 08:57:29 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nofollow
accept-ranges: bytes
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
200 OK 0 B URL OPTIONS HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP
Requested by https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Tue, 28 Nov 2023 03:33:19 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
200 OK 9.8 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
IP
Requested by https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 9832, version 1.0\012- data
Hash efe937997e08e15b056a3643e2734636
d02decbf472a0928b054cc8e4b13684539a913db
53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9832
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 04:50:55 GMT
expires: Fri, 22 Nov 2024 04:50:55 GMT
cache-control: public, max-age=31536000
age: 427344
last-modified: Mon, 16 Oct 2017 17:32:49 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
200 OK 33 kB URL OPTIONS HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP
Requested by https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash beae900ca722b9265d969def34d8effc
5f1c3ba3bf1a7646c3327635ab47d657ddbec4d7
5580e87e2e504a495516a9a9251e2e1787da21fe3b24cf65ecdf4c479bbd23c4
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Tue, 28 Nov 2023 03:33:19 GMT
server: ESF
cache-control: private
content-length: 32839
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
i.ytimg.com/vi/fxTEqSSJgDo/hqdefault.jpg
200 OK 21 kB URL GET HTTP/2 i.ytimg.com/vi/fxTEqSSJgDo/hqdefault.jpg
IP
Requested by https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subjectedgestatic.com
FingerprintC8:30:4C:1A:A8:FF:83:E1:A2:7F:DB:02:8C:D9:05:46:C4:D6:CA:95
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 1020e38d32b5a148130108283b8a05ac
510f84216ad40ebbd90f89fb9fc793dd183623f7
722d1b37d906eaee35b7f4bbcf2471f185bfff5a54c448f05bc2d8a5d704425d
GET /vi/fxTEqSSJgDo/hqdefault.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 20780
date: Tue, 28 Nov 2023 03:33:19 GMT
expires: Tue, 28 Nov 2023 05:33:19 GMT
cache-control: public, max-age=7200
etag: "1412163315"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/js/th/iPEf94t7kg41AT9t4roGKH7lRPlVKxurQ2Q3DUZ2d_o.js
200 OK 15 kB URL GET HTTP/2 www.google.com/js/th/iPEf94t7kg41AT9t4roGKH7lRPlVKxurQ2Q3DUZ2d_o.js
IP
Requested by https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT
File type ASCII text, with very long lines (38778)
Hash 611664198e75adad39f34b46876810f4
e4a80a37ddbebff8794b6edcaa73e55152208f24
88f11ff78b7b920e35013f6de2ba06287ee544f9552b1bab4364370d467677fa
GET /js/th/iPEf94t7kg41AT9t4roGKH7lRPlVKxurQ2Q3DUZ2d_o.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 15286
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 25 Nov 2023 05:20:10 GMT
expires: Sun, 24 Nov 2024 05:20:10 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 06 Nov 2023 17:00:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 252789
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
200 OK 0 B URL POST HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP
Requested by https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Tue, 28 Nov 2023 03:33:19 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
200 OK 114 B URL POST HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP
Requested by https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 61d3ec2ad7ea456f280e16bfef76a39b
d357537c764c078ab3811ce384967b9c76583322
371c05ef9c8ed2e2ad460e1cf37d504c38132cabce18aad0e45ed400fd1b11bd
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 1128
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Tue, 28 Nov 2023 03:33:19 GMT
server: ESF
cache-control: private
content-length: 114
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
yt3.ggpht.com/ytc/APkrFKZLYcylOiVyQbAfa4MQBmQHtgdFrOJ88q2PQw=s68-c-k-c0x00ffffff-no-rj
200 OK 1.0 kB URL GET HTTP/2 yt3.ggpht.com/ytc/APkrFKZLYcylOiVyQbAfa4MQBmQHtgdFrOJ88q2PQw=s68-c-k-c0x00ffffff-no-rj
IP
Requested by https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 68x68, components 3\012- data
Hash eaca51b5ac4580373ae226893b6f1091
d0e6cb4691c2392d1eadca71ddfdbc5f892313af
b8fdf80509225019556bc78463b5d9d87029c336f8d8ce19b3f23b7940053c42
GET /ytc/APkrFKZLYcylOiVyQbAfa4MQBmQHtgdFrOJ88q2PQw=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Wed, 29 Nov 2023 03:33:19 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Tue, 28 Nov 2023 03:33:19 GMT
server: fife
content-length: 1010
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.youtube.com/generate_204?gdFz9w
204 No Content 0 B URL GET HTTP/3 www.youtube.com/generate_204?gdFz9w
IP
Requested by https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /generate_204?gdFz9w HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
content-length: 0
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 03:33:19 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
200 OK 31 B URL POST HTTP/3 www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
IP
Requested by https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type JSON data\012- , ASCII text
Hash 5e1fa6fd9abd549a576f3f24b1d3c8d4
d5335d7f7d33be6a0b663f03b2df4df2521c4a87
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Request-Time: 1701142405208
Content-Type: application/json
X-Goog-Visitor-Id: Cgt6WEFySnBDS0xxRSj-vpWrBjIICgJOTxICEgA%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20231119.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Time-Zone: UTC
X-YouTube-Ad-Signals: dt=1701142402427&flash=0&frm=2&u_tz&u_his=2&u_h=1024&u_w=1280&u_ah=1024&u_aw=1280&u_cd=24&bc=23&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C378%2C283&vis=1&wgl=true&ca_type=image
Content-Length: 12899
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: br
date: Tue, 28 Nov 2023 03:33:21 GMT
server: scaffolding on HTTPServer2
content-length: 31
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+109; expires=Thu, 27-Nov-2025 03:33:21 GMT; path=/; domain=.youtube.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 28 Nov 2023 03:33:21 GMT
cache-control: private
www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
200 OK 31 B URL POST HTTP/3 www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
IP
Requested by https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type JSON data\012- , ASCII text
Hash 5e1fa6fd9abd549a576f3f24b1d3c8d4
d5335d7f7d33be6a0b663f03b2df4df2521c4a87
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Request-Time: 1701142418805
Content-Type: application/json
X-Goog-Visitor-Id: Cgt6WEFySnBDS0xxRSj-vpWrBjIICgJOTxICEgA%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20231119.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Time-Zone: UTC
X-YouTube-Ad-Signals: dt=1701142402427&flash=0&frm=2&u_tz&u_his=2&u_h=1024&u_w=1280&u_ah=1024&u_aw=1280&u_cd=24&bc=23&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C378%2C283&vis=1&wgl=true&ca_type=image
Content-Length: 842
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/fxTEqSSJgDo?rel=0&controls=0&showinfo=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: br
date: Tue, 28 Nov 2023 03:33:35 GMT
server: scaffolding on HTTPServer2
content-length: 31
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+455; expires=Thu, 27-Nov-2025 03:33:35 GMT; path=/; domain=.youtube.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 28 Nov 2023 03:33:35 GMT
cache-control: private
candylil.line.pm/templates/angio.su/images/fon.jpg
200 OK 184 kB URL GET HTTP/1.1 candylil.line.pm/templates/angio.su/images/fon.jpg
IP
ASN #34665 Petersburg Internet Network ltd.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1920x1000, components 3\012- data
Size 184 kB (183847 bytes)
Hash d1973170b5477dd77e5d3295916ca2e2
d2b589fc3b5732f4f70429fa24eaa3ed118e1e3c
d074f8443ffa23dc02213381fe6f6bd074e9f4427fa4b04fca449cecb1aaf7aa
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /templates/angio.su/images/fon.jpg HTTP/1.1
Host: candylil.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://candylil.line.pm/templates/angio.su/css/template.css
Cookie: 5ebd637faec883c93d952d9910b06e6d=231872f17c03274a222637cb151237d4
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 28 Nov 2023 03:33:18 GMT
Content-Type: image/jpeg
Content-Length: 183847
Last-Modified: Sat, 23 Jan 2021 16:24:58 GMT
Connection: keep-alive
ETag: "600c4dda-2ce27"
Accept-Ranges: bytes
connect.ok.ru/dk?st.cmd=extLike&uid=odklocs0&ref=http%3A%2F%2Fcandylil.line.pm%2F
200 OK 25 B URL GET HTTP/2 connect.ok.ru/dk?st.cmd=extLike&uid=odklocs0&ref=http%3A%2F%2Fcandylil.line.pm%2F
IP
Requested by http://yastatic.net/share/ya-share-cnt.html?url=http%3A%2F%2Fcandylil.line.pm%2F&services=vkontakte,facebook,twitter,odnoklassniki,moimir,gplus
Certificate IssuerGlobalSign nv-sa
Subject*.ok.ru
Fingerprint66:20:81:B9:D0:20:96:BF:13:93:E6:76:FF:C4:19:BD:F6:29:0E:A3
ValidityWed, 04 Oct 2023 08:36:03 GMT - Wed, 02 Oct 2024 09:21:02 GMT
File type ASCII text, with no line terminators
Hash 32b1ea77432373a4e0244a5233a52d5b
5d3db390a16ddca066c449672c5bacbde793eda9
48d1186e375dd91148851d1b190b40e99f821b7258e175c3ac15f7c05673096a
GET /dk?st.cmd=extLike&uid=odklocs0&ref=http%3A%2F%2Fcandylil.line.pm%2F HTTP/1.1
Host: connect.ok.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://yastatic.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: apache
date: Tue, 28 Nov 2023 03:33:18 GMT
content-type: application/javascript;charset=UTF-8
vary: Accept-Encoding
set-cookie: bci=2976411164596317309; Domain=.ok.ru; Expires=Sun, 16 Dec 2091 06:47:25 GMT; Path=/; Secure; HttpOnly
_statid=3c382850-b0ef-4a58-870f-3663a5039f45; Domain=.ok.ru; Expires=Sun, 16 Dec 2091 06:47:25 GMT; Path=/; Secure; HttpOnly
landref=yastatic.net; Domain=.ok.ru; Path=/; Secure
__last_online=1701142398507; Expires=Sun, 16 Dec 2091 06:47:25 GMT; Path=/; Secure
content-security-policy: default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com *.yandex.ru blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com yandex.ru; worker-src blob: 'self'; connect-src * wss: blob: data:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report;
content-security-policy-report-only: default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always;
cache-control: no-cache, no-store
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=63072000;includeSubdomains;preload
access-control-allow-origin: *
access-control-allow-credentials: true
rendered-blocks: WidgetExtLike
content-encoding: br
X-Firefox-Spdy: h2
185.181.164.16
216.58.211.14