Report - mephimtv.com/dem-lang-phan-1/

Report Overview

Submitted URL
mephimtv.com/dem-lang-phan-1/
IP
172.67.195.241
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-11 12:26:35
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
mephimtv.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	794 B	1.5 kB	104.21.52.56
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.115
limurol.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	2.7 kB	62.122.171.6
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	35.160.51.228
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	987 B	2.2 kB	93.184.220.29
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	952 B	55 kB	142.250.74.163
connect.facebook.net	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	812 B	92 kB	157.240.200.14
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
2158novffp.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	81 kB	62.122.171.6
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	4.2 kB	157.240.200.35
region1.google-analytics.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	1.1 kB	216.239.34.36
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	68 kB	34.120.237.76
cdn.pncloudfl.com	13313	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	386 B	8.4 kB	172.67.25.161
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	437 B	746 B	142.250.74.10
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.4 kB	95.101.11.115
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	5.6 kB	142.250.74.3
bg4nxu2u5t.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.8 kB	62.122.171.6
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	366 B	37 kB	142.250.74.72

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-11	medium	bg4nxu2u5t.com	Sinkholed
2022-09-11	medium	2158novffp.com	Sinkholed
2022-09-11	medium	limurol.com	Sinkholed
2022-09-11	medium	limurol.com	Sinkholed
2022-09-11	medium	2158novffp.com	Sinkholed
2022-09-11	medium	limurol.com	Sinkholed
2022-09-11	medium	bg4nxu2u5t.com	Sinkholed
2022-09-11	medium	bg4nxu2u5t.com	Sinkholed
2022-09-11	medium	2158novffp.com	Sinkholed

JavaScript (20)

	URL	Size	First Seen	Last Seen
	connect.facebook.net/vi_VN/sdk.js?hash=799092d5a8d6961f030c85c888b534f0	311 kB	2023-03-07	2023-03-07
Pretty URL connect.facebook.net/vi_VN/sdk.js?hash=799092d5a8d6961f030c85c888b534f0 IP 157.240.200.14 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:44:54 Last Seen2023-03-07 14:45:02 Times Seen1 Hash f5f2e3cf727b350dae1e38561324e952 978dee70ecedd9351f49e9236f2752fef2b3d5e9 816ed446231b41bd4986c1e443360645dd4bec48debcdd6872fbc1065e4fdf0d Loading...

	mephimtv.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0	90 kB	2023-03-07	2024-04-19
Pretty URL mephimtv.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-19 22:30:25 Times Seen31748 Hash 02dd5d04add4759122013c5ab4dc5cc2 a45a56e396ac549b4ff39b696ce9e0c16a7612de bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea Loading...

	mephimtv.com/dem-lang-phan-1/	3.4 kB	2023-03-07	2024-04-19
Pretty URL mephimtv.com/dem-lang-phan-1/ IP 104.21.52.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-19 11:02:50 Times Seen6148 Hash a94b76e45c11675df9f26fd25a8e4359 1cd29363bb1b514e6f7ef031f1831008df181f17 4569f5c3704a88394335b0fabccd6460ba5e582c3058f9286f42cc589da02899 Loading...

	mephimtv.com/dem-lang-phan-1/	2.1 kB	2023-03-07	2024-04-19
Pretty URL mephimtv.com/dem-lang-phan-1/ IP 104.21.52.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-19 11:02:50 Times Seen6335 Hash 9cd47ac5a0389a37b4d8e7d194e17c9a 9121da7907e37462c10ce8616f06b5c22f640744 ae37d2523200d80db4a789404c079f2cb1bb172ed526cb27909f929c9d935cda Loading...

	mephimtv.com/wp-content/plugins/wp-rocket/assets/js/lazyload/16.1/lazyload.min.js	7.9 kB	2023-03-07	2024-04-19
Pretty URL mephimtv.com/wp-content/plugins/wp-rocket/assets/js/lazyload/16.1/lazyload.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-19 12:28:03 Times Seen3321 Hash d18523e4a4aaa9420a86e4dddfb07554 fa22a3d38dc3c87ca92f1456846682abeb696b96 6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41 Loading...

	2158novffp.com/lv/esnk/1933084/code.js	125 kB	2023-03-07	2023-03-07
Pretty URL 2158novffp.com/lv/esnk/1933084/code.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:45:02 Last Seen2023-03-07 14:45:02 Times Seen1 Hash 4a0616d16aec225b3046485d53abedd2 d98ddff1e2c976db19e78bc3778cd913a8350a7f 4963852b9285a548248fe0a9f3f2370d891188f959a4372916217025d3e36346 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-PJKN77K	94 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-PJKN77K IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:45:02 Last Seen2023-03-07 14:45:02 Times Seen1 Hash c2223c44d8f0394f47e4abe3dff2338f 510c799cf8b07933ba7541a24e1bd074817a5b0a 4254bbbfaff32242b13e5404978112a3477b163fa58109742be314e66c8c14be Loading...

	limurol.com/ssp/req/1933055/?pb=208aa69031774acfdbcc578a6272eec41662906384&psp=Jj5OPECyxWQmTXm2sNe53EEzoxVfifZ1C6qEAsKs4MnhiEYVgqFND60GtLblx6KBt2PdSvHi-L48wbudxaSOQWTIZ9g_CSRM7SiuBS0UlSA6_dLYbrBU30_wxKmb1TXiMgNxB4GRQrnMHCgpEwXj-GBPb72DPplBtorBcsXhS5Ynsc93cxQHNBAgbP0saDa2u85tWxLJ_DlANfRi5DMIwVkxPjYxlASmQKHbjSMvgK8iv6cxlNFdDjFg7V2ZWqzyToW_kpZ9KAuyeNJpL6mYEpIZeUC4ZNX2oSV2l56OXuRs-_hLNWJo3sa9HCV9m9-9Q_3jqGsSNtdsFwTRvn6qvcn06s85Rn8jr1xSu-8_JjX3CjKbszHbNQCMyYWwZEKPH8WZzzBIt3RY5EB1p5ib5xQnJj4E4fNf43z_1tu7MCl0bDCUcTvy8_lvLmPP5iAY46gWzQWAfQtKl0uLe3cn68U=&cb=_cluiib1t5mc7q70wid0x0k&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24	7 B	2023-03-07	2024-04-17
Pretty URL limurol.com/ssp/req/1933055/?pb=208aa69031774acfdbcc578a6272eec41662906384&psp=Jj5OPECyxWQmTXm2sNe53EEzoxVfifZ1C6qEAsKs4MnhiEYVgqFND60GtLblx6KBt2PdSvHi-L48wbudxaSOQWTIZ9g_CSRM7SiuBS0UlSA6_dLYbrBU30_wxKmb1TXiMgNxB4GRQrnMHCgpEwXj-GBPb72DPplBtorBcsXhS5Ynsc93cxQHNBAgbP0saDa2u85tWxLJ_DlANfRi5DMIwVkxPjYxlASmQKHbjSMvgK8iv6cxlNFdDjFg7V2ZWqzyToW_kpZ9KAuyeNJpL6mYEpIZeUC4ZNX2oSV2l56OXuRs-_hLNWJo3sa9HCV9m9-9Q_3jqGsSNtdsFwTRvn6qvcn06s85Rn8jr1xSu-8_JjX3CjKbszHbNQCMyYWwZEKPH8WZzzBIt3RY5EB1p5ib5xQnJj4E4fNf43z_1tu7MCl0bDCUcTvy8_lvLmPP5iAY46gWzQWAfQtKl0uLe3cn68U=&cb=_cluiib1t5mc7q70wid0x0k&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:23 Last Seen2024-04-17 16:44:22 Times Seen16320 Hash a97eb6fbe6f13b601d5d48c0eba8baae 736efb938caf3d0edec406932ada889f1a4f2268 a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821 Loading...

	www.googletagmanager.com/gtag/js?id=G-577GSL84SN&l=dataLayer&cx=c	198 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=G-577GSL84SN&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:45:02 Last Seen2023-03-07 14:45:02 Times Seen1 Hash a77b356944eb3f7c4c330943c446b4d9 572331515eec1ae9d2db638e695f1324d7465d22 2b3f2bd434512bf59a609c5507c3bf6be1919cdf248cafe6c1e52ae1974fd4a6 Loading...

	mephimtv.com/wp-content/cache/min/1/0b910cee29daa898329f7d80c3860dac.js	479 kB	2023-03-07	2023-03-07
Pretty URL mephimtv.com/wp-content/cache/min/1/0b910cee29daa898329f7d80c3860dac.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:45:02 Last Seen2023-03-07 14:45:02 Times Seen1 Hash 62a6c4a09a408735721d2a5710e7fe8a d7acbe6602f9dc5703c8afd901cdf33dac2b18c2 b6c795d46929c72ea92f5f1ec96f80d6f8b28ff1be525fd6733e6e6ba14fefb7 Loading...

	mephimtv.com/dem-lang-phan-1/	466 B	2023-03-07	2023-12-01
Pretty URL mephimtv.com/dem-lang-phan-1/ IP 104.21.52.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:45:02 Last Seen2023-12-01 00:03:02 Times Seen6 Hash 21d697c90759d6807dba2edab55f3807 4fa35252a4acf5e1b7289c72e3dfe542416398fe 15b984d98c29979302786903bda48d02df93c3c400dd56f8ca07f772405cb1c1 Loading...

	mephimtv.com/dem-lang-phan-1/	406 B	2023-03-07	2023-03-07
Pretty URL mephimtv.com/dem-lang-phan-1/ IP 104.21.52.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:45:02 Last Seen2023-03-07 14:45:02 Times Seen1 Hash 985a0baf1b949062b8977840c7e108c6 70db12dbb673908e81b6fe9179a76b081d843e8c 1a6d8fa45dbf7a9451240007e3d18e9364c6b783a86474202c182745b9156feb Loading...

	connect.facebook.net/vi_VN/sdk.js#xfbml=1&version=v13.0&appId=570963083077578&autoLogAppEvents=1	3.1 kB	2023-03-07	2023-03-07
Pretty URL connect.facebook.net/vi_VN/sdk.js#xfbml=1&version=v13.0&appId=570963083077578&autoLogAppEvents=1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:45:02 Last Seen2023-03-07 14:45:02 Times Seen1 Hash d82d91a99a530c54e590f199448d59aa a691885b91db423f2974db94ccaaef9e593dba5a d5284cc9d7d46fe0fc4ab3c54621be3906b5ac2b99fdf1a1b609b2b06737d2b0 Loading...

	mephimtv.com/dem-lang-phan-1/	724 B	2023-03-07	2023-03-07
Pretty URL mephimtv.com/dem-lang-phan-1/ IP 104.21.52.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:45:02 Last Seen2023-03-07 14:45:02 Times Seen1 Hash 3af1c678b647ef58ad64f56b22dac5d4 e79fb7007464411a4781a4210c03ccb457ad2233 a08caef21ab34d82842f5887c371f376aeee786e6ec448c40edfaaf851cd70bb Loading...

	mephimtv.com/dem-lang-phan-1/	1.6 kB	2023-03-07	2024-03-17
Pretty URL mephimtv.com/dem-lang-phan-1/ IP 104.21.52.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-03-17 17:47:25 Times Seen192 Hash 53fbd8254380a09d2dd1bf9b91b1043a e8845efae2f30c2295495e6c9e79cd1476cb77de d5f3258ea089a916b729c690de5e0ea55e6ee1c90c57b49a0d5b9ed80460b82b Loading...

	bg4nxu2u5t.com/get/1933055?zoneid=1933055&jp=_clx629xvyq33d5ez0ffvik&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=5738479294432414	3.1 kB	2023-03-07	2023-03-07
Pretty URL bg4nxu2u5t.com/get/1933055?zoneid=1933055&jp=_clx629xvyq33d5ez0ffvik&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=5738479294432414 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:45:02 Last Seen2023-03-07 14:45:02 Times Seen1 Hash e0dfb301f7d52463e16a1ad5b7ab1bb8 c0faedfce2ec9642a3b559af6522d1879100a2da d22c13d40ee1b10ef61d4dabeb3a854005676a33b8ea69a42a2e18f7e4d4041a Loading...

	2158novffp.com/get/1933084?zoneid=1933084&jp=_clyyyaw3ty3tudblwntamf&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=5457004317731475	3.0 kB	2023-03-07	2023-03-07
Pretty URL 2158novffp.com/get/1933084?zoneid=1933084&jp=_clyyyaw3ty3tudblwntamf&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=5457004317731475 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:45:02 Last Seen2023-03-07 14:45:02 Times Seen1 Hash f9891cb63d8769eca22902f23065e70e c852418e521349de17cecb508b72deb921e77b85 897c4a4b26be1247fad3464f307416baca64f54a13f11ecca61ce84b91a14599 Loading...

	www.googletagmanager.com/gtag/js?id=G-RCB1GD7RC5&l=dataLayer&cx=c	214 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=G-RCB1GD7RC5&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:45:02 Last Seen2023-03-07 14:45:02 Times Seen1 Hash edcb7e5459beaef4d4438ac916c0bd24 a96d42f820b5e6dde78b6d8ccf891ad157be48cb bae87f052a2a9220d41716aafa53c85e2ca50eab248195d9caaac3a837991120 Loading...

	mephimtv.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-04-20
Pretty URL mephimtv.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-20 04:00:01 Times Seen54573 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	bg4nxu2u5t.com/aas/r45d/vki/1933055/6964e5c8.js	68 kB	2023-03-07	2023-03-07
Pretty URL bg4nxu2u5t.com/aas/r45d/vki/1933055/6964e5c8.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:45:02 Last Seen2023-03-07 14:45:02 Times Seen1 Hash 1f5c94ef418dfb2cffe085d0dc5a2336 234dff1e077fa9f45d89710f24e543509e6e1721 9158087ffcaac5d3c82042537888aae617fed96ce7cd3c79b0e313408b8f6d16 Loading...

HTTP Transactions (50)

URL IP Response Size

mephimtv.com/dem-lang-phan-1/

104.21.52.56

301 Moved Permanently

0 B

URL HTTP/1.1
mephimtv.com/dem-lang-phan-1/
IP
104.21.52.56:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /dem-lang-phan-1/ HTTP/1.1
Host: mephimtv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Sep 2022 12:26:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 11 Sep 2022 13:26:23 GMT
Location: https://mephimtv.com/dem-lang-phan-1/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ok4w8RozT%2FFmbKQS3lxFsBYUmxfm7u8SAS6VWRePg6FhqtgFvAYncjyCs4sH0lIbf%2BQvcvLBQOXhTiK2npVIDDMuluFaH%2BwdqbIkYL9eulweLHHFN9LkgyBOpOMoBB8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7490643a2a2ab503-OSL
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 11 Sep 2022 12:07:35 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: fIVcpFdAbgpUvXeFdmNtg_5Brgc4TP5vI1fwMZKo8msh47r3dFX2Pg==
Age: 1128

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14304
Expires: Sun, 11 Sep 2022 16:24:47 GMT
Date: Sun, 11 Sep 2022 12:26:23 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 11 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: IUtUzNaHs76WFHjU3CXs_pL6j0s3Q9qIP-VMMxUy-DWn42qjrYIWAA==
age: 18551
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 12:26:24 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 11 Sep 2022 11:56:07 GMT
Expires: Sun, 11 Sep 2022 12:20:33 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vL-ZOlRw-rZdjazQCy1U-M31hy5Zqvf4yyEFLcNSvp5nPXeDE-S-Ww==
Age: 1817

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
65deebab57142db522e6c874673bdd9f
bfd022181afaec5035f868ccd05fac58113f81dc
7470143c8bd79f00190a3766ebaa9c632d0aa47693fc4c146f097873865da327

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 12:26:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
65deebab57142db522e6c874673bdd9f
bfd022181afaec5035f868ccd05fac58113f81dc
7470143c8bd79f00190a3766ebaa9c632d0aa47693fc4c146f097873865da327

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 12:26:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

bg4nxu2u5t.com/solid.gif?z=1933055&abvar=0

62.122.171.6

200 OK

43 B

URL HTTP/2
bg4nxu2u5t.com/solid.gif?z=1933055&abvar=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /solid.gif?z=1933055&abvar=0 HTTP/1.1
Host: bg4nxu2u5t.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mephimtv.com
Connection: keep-alive
Referer: https://mephimtv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 12:26:24 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 12:26:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

2158novffp.com/lv/esnk/1933084/code.js

62.122.171.6

200 OK

78 kB

URL HTTP/2
2158novffp.com/lv/esnk/1933084/code.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
78 kB (78062 bytes)
Hash
b3604188004ded7cf214733eeba9996d
309c6437cd7cf32a53d6ba68fa8d2b00f0525a9b
b7a8f3be701f359454c2c8e3b2e3f99d7e395073d062b130eda77e45b9a3b96c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lv/esnk/1933084/code.js HTTP/1.1
Host: 2158novffp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mephimtv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 12:26:24 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 13:38:24 GMT
vary: Accept-Encoding
etag: W/"63189ed0-1e740"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 12:26:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
26e829ba5f754918e20cbd316dc4348e
ba198501da0812dd11ca3b38a51325b5de6cfa60
4352c25d4af7637a8435b0df6d042fc606d37a348e966b99fecce8a853b8ebc0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6154
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 12:26:24 GMT
Last-Modified: Sun, 11 Sep 2022 10:43:50 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 12:26:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2

142.250.74.163

200 OK

7.8 kB

URL HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7764, version 1.0\012- data
Size
7.8 kB (7764 bytes)
Hash
0ce128326f68d416deb04f6dba51c4a2
749cee74b13139cb507069a41752920825bcea64
56544b89de11e26ae80a5212b3387d693b1bfbaf68312e3ccc0f0b7a00382f5d

HTTP Headers

GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mephimtv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7764
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Sep 2022 17:25:11 GMT
expires: Fri, 08 Sep 2023 17:25:11 GMT
cache-control: public, max-age=31536000
age: 241273
last-modified: Mon, 11 Jul 2022 18:56:32 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2

142.250.74.163

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
45 kB (45308 bytes)
Hash
f6499f760d4290f7586dba824adc771d
f84aad76e7fa91d9af1388f7d49806515c7936c7
1aa7f4d63eab3117b1314e9735c1455dc93e49e0e5a1b245f49b580a7ec27608

HTTP Headers

GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mephimtv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 25036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Sep 2022 06:42:21 GMT
expires: Fri, 08 Sep 2023 06:42:21 GMT
cache-control: public, max-age=31536000
age: 279843
last-modified: Mon, 11 Jul 2022 18:59:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
57b75ea93de540716c45f1397781431a
431cc2c684385c4e46facd7210b5ac49b9dd09cc
4581d7dd422dc110fa7cfe667297cdb75d92a02ce7226db6db89448befa5b780

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 12:26:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 12:26:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-PJKN77K

142.250.74.72

200 OK

37 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-PJKN77K
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1615)
Size
37 kB (36673 bytes)
Hash
b0dd86920e3eccab8ac2074e46f7f1d8
79af714b1de58a995b11780ebb6c54731f0d47a1
dfc0e8b4428909aa133a6be1942cc66ceee4630851b5204d78b408eb55018165

HTTP Headers

GET /gtm.js?id=GTM-PJKN77K HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mephimtv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 11 Sep 2022 12:26:24 GMT
expires: Sun, 11 Sep 2022 12:26:24 GMT
cache-control: private, max-age=900
last-modified: Sun, 11 Sep 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 36673
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
57b75ea93de540716c45f1397781431a
431cc2c684385c4e46facd7210b5ac49b9dd09cc
4581d7dd422dc110fa7cfe667297cdb75d92a02ce7226db6db89448befa5b780

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 12:26:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

limurol.com/ssp/req/1933055/?pb=208aa69031774acfdbcc578a6272eec41662906384&psp=Jj5OPECyxWQmTXm2sNe53EEzoxVfifZ1C6qEAsKs4MnhiEYVgqFND60GtLblx6KBt2PdSvHi-L48wbudxaSOQWTIZ9g_CSRM7SiuBS0UlSA6_dLYbrBU30_wxKmb1TXiMgNxB4GRQrnMHCgpEwXj-GBPb72DPplBtorBcsXhS5Ynsc93cxQHNBAgbP0saDa2u85tWxLJ_DlANfRi5DMIwVkxPjYxlASmQKHbjSMvgK8iv6cxlNFdDjFg7V2ZWqzyToW_kpZ9KAuyeNJpL6mYEpIZeUC4ZNX2oSV2l56OXuRs-_hLNWJo3sa9HCV9m9-9Q_3jqGsSNtdsFwTRvn6qvcn06s85Rn8jr1xSu-8_JjX3CjKbszHbNQCMyYWwZEKPH8WZzzBIt3RY5EB1p5ib5xQnJj4E4fNf43z_1tu7MCl0bDCUcTvy8_lvLmPP5iAY46gWzQWAfQtKl0uLe3cn68U=&cb=_cluiib1t5mc7q70wid0x0k&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24

62.122.171.6

200 OK

7 B

URL HTTP/2
limurol.com/ssp/req/1933055/?pb=208aa69031774acfdbcc578a6272eec41662906384&psp=Jj5OPECyxWQmTXm2sNe53EEzoxVfifZ1C6qEAsKs4MnhiEYVgqFND60GtLblx6KBt2PdSvHi-L48wbudxaSOQWTIZ9g_CSRM7SiuBS0UlSA6_dLYbrBU30_wxKmb1TXiMgNxB4GRQrnMHCgpEwXj-GBPb72DPplBtorBcsXhS5Ynsc93cxQHNBAgbP0saDa2u85tWxLJ_DlANfRi5DMIwVkxPjYxlASmQKHbjSMvgK8iv6cxlNFdDjFg7V2ZWqzyToW_kpZ9KAuyeNJpL6mYEpIZeUC4ZNX2oSV2l56OXuRs-_hLNWJo3sa9HCV9m9-9Q_3jqGsSNtdsFwTRvn6qvcn06s85Rn8jr1xSu-8_JjX3CjKbszHbNQCMyYWwZEKPH8WZzzBIt3RY5EB1p5ib5xQnJj4E4fNf43z_1tu7MCl0bDCUcTvy8_lvLmPP5iAY46gWzQWAfQtKl0uLe3cn68U=&cb=_cluiib1t5mc7q70wid0x0k&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ssp/req/1933055/?pb=208aa69031774acfdbcc578a6272eec41662906384&psp=Jj5OPECyxWQmTXm2sNe53EEzoxVfifZ1C6qEAsKs4MnhiEYVgqFND60GtLblx6KBt2PdSvHi-L48wbudxaSOQWTIZ9g_CSRM7SiuBS0UlSA6_dLYbrBU30_wxKmb1TXiMgNxB4GRQrnMHCgpEwXj-GBPb72DPplBtorBcsXhS5Ynsc93cxQHNBAgbP0saDa2u85tWxLJ_DlANfRi5DMIwVkxPjYxlASmQKHbjSMvgK8iv6cxlNFdDjFg7V2ZWqzyToW_kpZ9KAuyeNJpL6mYEpIZeUC4ZNX2oSV2l56OXuRs-_hLNWJo3sa9HCV9m9-9Q_3jqGsSNtdsFwTRvn6qvcn06s85Rn8jr1xSu-8_JjX3CjKbszHbNQCMyYWwZEKPH8WZzzBIt3RY5EB1p5ib5xQnJj4E4fNf43z_1tu7MCl0bDCUcTvy8_lvLmPP5iAY46gWzQWAfQtKl0uLe3cn68U=&cb=_cluiib1t5mc7q70wid0x0k&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mephimtv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 12:26:24 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=22091107261b84de1f643c40d0980d014c67; Path=/; Expires=Mon, 11 Sep 2023 12:26:24 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

cdn.pncloudfl.com/pn/b87/6ea/ca2/b876eaca2e38796f55d9a0370585f75844e6b105.jpg

172.67.25.161

200 OK

7.3 kB

URL HTTP/2
cdn.pncloudfl.com/pn/b87/6ea/ca2/b876eaca2e38796f55d9a0370585f75844e6b105.jpg
IP
172.67.25.161:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.3 kB (7304 bytes)
Hash
d0dcaebbcbaf8617d20179a6bf12dcce
1def99219c826bbc2402e7cffecf350757e3d88d
ef3b1aeda5b8620a2bb86e514e3942eaecf78ffeb978f7a80c4efc87860e0d33

HTTP Headers

GET /pn/b87/6ea/ca2/b876eaca2e38796f55d9a0370585f75844e6b105.jpg HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 11 Sep 2022 12:26:24 GMT
content-type: image/webp
content-length: 7304
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=jpeg, origSize=17138
content-disposition: inline; filename="b876eaca2e38796f55d9a0370585f75844e6b105.webp"
etag: d4bbdd296c8cb098ccfb0408235b5f5e
expires: Mon, 12 Sep 2022 17:32:01 GMT
last-modified: Mon, 20 Jun 2022 15:58:16 GMT
vary: Accept
x-openstack-request-id: txf4c89cdf04644fa3931cf-0062b18432
x-proxy-cache: HIT
x-timestamp: 1655740695.28694
x-trans-id: txf4c89cdf04644fa3931cf-0062b18432
cf-cache-status: HIT
age: 68063
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 74906440ed450b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

62.122.171.6

200 OK

7 B

URL HTTP/2
limurol.com/ssp/req/1933055/?pb=208aa69031774acfdbcc578a6272eec41662906384&psp=Jj5OPECyxWQmTXm2sNe53EEzoxVfifZ1C6qEAsKs4MnhiEYVgqFND60GtLblx6KBt2PdSvHi-L48wbudxaSOQWTIZ9g_CSRM7SiuBS0UlSA6_dLYbrBU30_wxKmb1TXiMgNxB4GRQrnMHCgpEwXj-GBPb72DPplBtorBcsXhS5Ynsc93cxQHNBAgbP0saDa2u85tWxLJ_DlANfRi5DMIwVkxPjYxlASmQKHbjSMvgK8iv6cxlNFdDjFg7V2ZWqzyToW_kpZ9KAuyeNJpL6mYEpIZeUC4ZNX2oSV2l56OXuRs-_hLNWJo3sa9HCV9m9-9Q_3jqGsSNtdsFwTRvn6qvcn06s85Rn8jr1xSu-8_JjX3CjKbszHbNQCMyYWwZEKPH8WZzzBIt3RY5EB1p5ib5xQnJj4E4fNf43z_1tu7MCl0bDCUcTvy8_lvLmPP5iAY46gWzQWAfQtKl0uLe3cn68U=&cb=_cluiib1t5mc7q70wid0x0k&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ssp/req/1933055/?pb=208aa69031774acfdbcc578a6272eec41662906384&psp=Jj5OPECyxWQmTXm2sNe53EEzoxVfifZ1C6qEAsKs4MnhiEYVgqFND60GtLblx6KBt2PdSvHi-L48wbudxaSOQWTIZ9g_CSRM7SiuBS0UlSA6_dLYbrBU30_wxKmb1TXiMgNxB4GRQrnMHCgpEwXj-GBPb72DPplBtorBcsXhS5Ynsc93cxQHNBAgbP0saDa2u85tWxLJ_DlANfRi5DMIwVkxPjYxlASmQKHbjSMvgK8iv6cxlNFdDjFg7V2ZWqzyToW_kpZ9KAuyeNJpL6mYEpIZeUC4ZNX2oSV2l56OXuRs-_hLNWJo3sa9HCV9m9-9Q_3jqGsSNtdsFwTRvn6qvcn06s85Rn8jr1xSu-8_JjX3CjKbszHbNQCMyYWwZEKPH8WZzzBIt3RY5EB1p5ib5xQnJj4E4fNf43z_1tu7MCl0bDCUcTvy8_lvLmPP5iAY46gWzQWAfQtKl0uLe3cn68U=&cb=_cluiib1t5mc7q70wid0x0k&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mephimtv.com/
Cookie: UID=22091107261b84de1f643c40d0980d014c67
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 12:26:24 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

2158novffp.com/chicken.gif?z=1933084&pb=208aa69031774acfdbcc578a6272eec41662906384&psp=BK_Ad8Qe0bira1NxAcChcX2L6IUOJr9CCwueY8LQvwGe2ST1_VxrTg21mU3ET1u1ZkjdmUqq7T0MjfTkm8jyyx5sj20AhAbM6k17mhZXNQFkS65M_Rfk7RL6x-ty1v6HqbmyTC6XFE0HsWL0pzsMDJMuwdIRmoDiiNaDpBwcjkd2Ez7lJtv9unUtbd-dJMIE-srVv1ZdwpsKxL_C9rJDUMfCbX85k1X_3xicKjyEe1Nza3NPkOL3iy0UCj6jk3LcinOTipubMmt_lWBVMKI-mkNAs2pYWf2D7IXOKVKveE9Tb1YIKmOqAYfjS3ypenpQtRDN-Vi17-z7OciZEeSfWV9AAAchWjYEqIf8TJcH0DxVT_ZBEupBaIFGEoffkuN6W5HUhhMG_WFPr2-6CrX-vkognJcBqJIDLRBZNQ8G4zlB5f4kiGrm6pqbO7iWjjr_o2BvYpUvQFMgdLUpK9bzfr2FWP4pUmDXP6HqlgzHV4kYHZgz80zLFTmaeRdnHKp6pagACbKL-UL_NIXt40ZAILW0IBWZMq2kw0UjFI3G1U9_kHFREOGejZBKnEacgprM7HqEuX5SLC3HUPgw4xwzCpf7LnZkyfleRvLN6AWQttDCZNdEZDe8JkeTtEk8jJwau_WV_pnqY-mxyGmb3i4nHDlVf2TX6batOw==&abvar=0&os=0

62.122.171.6

200 OK

43 B

URL HTTP/2
2158novffp.com/chicken.gif?z=1933084&pb=208aa69031774acfdbcc578a6272eec41662906384&psp=BK_Ad8Qe0bira1NxAcChcX2L6IUOJr9CCwueY8LQvwGe2ST1_VxrTg21mU3ET1u1ZkjdmUqq7T0MjfTkm8jyyx5sj20AhAbM6k17mhZXNQFkS65M_Rfk7RL6x-ty1v6HqbmyTC6XFE0HsWL0pzsMDJMuwdIRmoDiiNaDpBwcjkd2Ez7lJtv9unUtbd-dJMIE-srVv1ZdwpsKxL_C9rJDUMfCbX85k1X_3xicKjyEe1Nza3NPkOL3iy0UCj6jk3LcinOTipubMmt_lWBVMKI-mkNAs2pYWf2D7IXOKVKveE9Tb1YIKmOqAYfjS3ypenpQtRDN-Vi17-z7OciZEeSfWV9AAAchWjYEqIf8TJcH0DxVT_ZBEupBaIFGEoffkuN6W5HUhhMG_WFPr2-6CrX-vkognJcBqJIDLRBZNQ8G4zlB5f4kiGrm6pqbO7iWjjr_o2BvYpUvQFMgdLUpK9bzfr2FWP4pUmDXP6HqlgzHV4kYHZgz80zLFTmaeRdnHKp6pagACbKL-UL_NIXt40ZAILW0IBWZMq2kw0UjFI3G1U9_kHFREOGejZBKnEacgprM7HqEuX5SLC3HUPgw4xwzCpf7LnZkyfleRvLN6AWQttDCZNdEZDe8JkeTtEk8jJwau_WV_pnqY-mxyGmb3i4nHDlVf2TX6batOw==&abvar=0&os=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /chicken.gif?z=1933084&pb=208aa69031774acfdbcc578a6272eec41662906384&psp=BK_Ad8Qe0bira1NxAcChcX2L6IUOJr9CCwueY8LQvwGe2ST1_VxrTg21mU3ET1u1ZkjdmUqq7T0MjfTkm8jyyx5sj20AhAbM6k17mhZXNQFkS65M_Rfk7RL6x-ty1v6HqbmyTC6XFE0HsWL0pzsMDJMuwdIRmoDiiNaDpBwcjkd2Ez7lJtv9unUtbd-dJMIE-srVv1ZdwpsKxL_C9rJDUMfCbX85k1X_3xicKjyEe1Nza3NPkOL3iy0UCj6jk3LcinOTipubMmt_lWBVMKI-mkNAs2pYWf2D7IXOKVKveE9Tb1YIKmOqAYfjS3ypenpQtRDN-Vi17-z7OciZEeSfWV9AAAchWjYEqIf8TJcH0DxVT_ZBEupBaIFGEoffkuN6W5HUhhMG_WFPr2-6CrX-vkognJcBqJIDLRBZNQ8G4zlB5f4kiGrm6pqbO7iWjjr_o2BvYpUvQFMgdLUpK9bzfr2FWP4pUmDXP6HqlgzHV4kYHZgz80zLFTmaeRdnHKp6pagACbKL-UL_NIXt40ZAILW0IBWZMq2kw0UjFI3G1U9_kHFREOGejZBKnEacgprM7HqEuX5SLC3HUPgw4xwzCpf7LnZkyfleRvLN6AWQttDCZNdEZDe8JkeTtEk8jJwau_WV_pnqY-mxyGmb3i4nHDlVf2TX6batOw==&abvar=0&os=0 HTTP/1.1
Host: 2158novffp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2209110726a8e10309cf2c445f8ff604c2d4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 12:26:24 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: ppucnt=0; Path=/; Expires=Mon, 12 Sep 2022 12:26:24 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.160.51.228

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.160.51.228:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CUObJel0d7AmJ1UKwrinGQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dUX4DrQEZYPyQSvUXzZFHrQfijQ=

62.122.171.6

200 OK

7 B

URL HTTP/2
limurol.com/ssp/req/1933055/?pb=208aa69031774acfdbcc578a6272eec41662906384&psp=Jj5OPECyxWQmTXm2sNe53EEzoxVfifZ1C6qEAsKs4MnhiEYVgqFND60GtLblx6KBt2PdSvHi-L48wbudxaSOQWTIZ9g_CSRM7SiuBS0UlSA6_dLYbrBU30_wxKmb1TXiMgNxB4GRQrnMHCgpEwXj-GBPb72DPplBtorBcsXhS5Ynsc93cxQHNBAgbP0saDa2u85tWxLJ_DlANfRi5DMIwVkxPjYxlASmQKHbjSMvgK8iv6cxlNFdDjFg7V2ZWqzyToW_kpZ9KAuyeNJpL6mYEpIZeUC4ZNX2oSV2l56OXuRs-_hLNWJo3sa9HCV9m9-9Q_3jqGsSNtdsFwTRvn6qvcn06s85Rn8jr1xSu-8_JjX3CjKbszHbNQCMyYWwZEKPH8WZzzBIt3RY5EB1p5ib5xQnJj4E4fNf43z_1tu7MCl0bDCUcTvy8_lvLmPP5iAY46gWzQWAfQtKl0uLe3cn68U=&cb=_cluiib1t5mc7q70wid0x0k&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ssp/req/1933055/?pb=208aa69031774acfdbcc578a6272eec41662906384&psp=Jj5OPECyxWQmTXm2sNe53EEzoxVfifZ1C6qEAsKs4MnhiEYVgqFND60GtLblx6KBt2PdSvHi-L48wbudxaSOQWTIZ9g_CSRM7SiuBS0UlSA6_dLYbrBU30_wxKmb1TXiMgNxB4GRQrnMHCgpEwXj-GBPb72DPplBtorBcsXhS5Ynsc93cxQHNBAgbP0saDa2u85tWxLJ_DlANfRi5DMIwVkxPjYxlASmQKHbjSMvgK8iv6cxlNFdDjFg7V2ZWqzyToW_kpZ9KAuyeNJpL6mYEpIZeUC4ZNX2oSV2l56OXuRs-_hLNWJo3sa9HCV9m9-9Q_3jqGsSNtdsFwTRvn6qvcn06s85Rn8jr1xSu-8_JjX3CjKbszHbNQCMyYWwZEKPH8WZzzBIt3RY5EB1p5ib5xQnJj4E4fNf43z_1tu7MCl0bDCUcTvy8_lvLmPP5iAY46gWzQWAfQtKl0uLe3cn68U=&cb=_cluiib1t5mc7q70wid0x0k&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mephimtv.com/
Cookie: UID=22091107261b84de1f643c40d0980d014c67
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 12:26:24 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
5519d9b94876284556136b01d3dcb35c
bce65aca1b9c5663b816af17c5fab2b10e42ef1e
b3a83fb0b49eae3710990cd4461e216dea2aca5ba1d6dfbdb4a89dc328fc95ce

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4125
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 12:26:24 GMT
Last-Modified: Sun, 11 Sep 2022 11:17:40 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

connect.facebook.net/vi_VN/sdk.js

157.240.200.14

200 OK

1.7 kB

URL HTTP/2
connect.facebook.net/vi_VN/sdk.js
IP
157.240.200.14:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (1961)
Size
1.7 kB (1688 bytes)
Hash
320837551200f0e87a0f747fda120682
fd7861cb44fd1ae8024bd3165c8037ac89f9579c
f0bef3f412f51fbef25f0894c08f223771e8bda773cbe3dda67877e635b43aea

HTTP Headers

GET /vi_VN/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mephimtv.com
Connection: keep-alive
Referer: https://mephimtv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: d82d91a99a530c54e590f199448d59aa
etag: "cf8774bf5b9e8afec97c766914233677"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sun, 11 Sep 2022 12:43:33 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: Mgg3VRIA8Oh6D3R/2hIGgg==
x-fb-debug: HdORIShOgSiN5dqRRitlpjlSyFrsaJGm+qtmFPNKeo2iZpnl+Y5gLilolIBNLcssUml5lxEUki/jlRyieiE8xw==
content-length: 1688
x-fb-trip-id: 1679558926
date: Sun, 11 Sep 2022 12:26:24 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
5519d9b94876284556136b01d3dcb35c
bce65aca1b9c5663b816af17c5fab2b10e42ef1e
b3a83fb0b49eae3710990cd4461e216dea2aca5ba1d6dfbdb4a89dc328fc95ce

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4126
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 12:26:25 GMT
Last-Modified: Sun, 11 Sep 2022 11:17:40 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

connect.facebook.net/vi_VN/sdk.js?hash=799092d5a8d6961f030c85c888b534f0

157.240.200.14

200 OK

88 kB

URL HTTP/2
connect.facebook.net/vi_VN/sdk.js?hash=799092d5a8d6961f030c85c888b534f0
IP
157.240.200.14:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (18453)
Size
88 kB (88124 bytes)
Hash
d83f21d050d8a2021bd51fd085d0827c
f0ad2046e2390d1e410cb9167823911c7c5e7440
f3bf58d8a9620585b17ebbe8c8e5dcf6919a5111eb6735c1bc9fc4b365fc685b

HTTP Headers

GET /vi_VN/sdk.js?hash=799092d5a8d6961f030c85c888b534f0 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mephimtv.com
Connection: keep-alive
Referer: https://mephimtv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: f5f2e3cf727b350dae1e38561324e952
etag: "080580258920b5171af5845bfd5a4758"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Mon, 11 Sep 2023 11:53:23 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: 2D8h0FDYogIb1R/QhdCCfA==
x-fb-debug: ltQ+Vu7/H54Y+X4YV0/F9Rl5sGCok3YLYU378oMt9pV+EwL5LGl8gCrepHY5OIPggdmg12PgCH8gM6tKEuBnog==
priority: u=3,i
content-length: 88124
x-fb-trip-id: 1679558926
date: Sun, 11 Sep 2022 12:26:25 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.facebook.com/tr/?id=570963083077578&ev=fb_page_view&dl=https%3A%2F%2Fmephimtv.com%2Fdem-lang-phan-1%2F&rl=&if=false&ts=1662899174307&sw=1280&sh=1024&at=

157.240.200.35

200 OK

44 B

URL HTTP/2
www.facebook.com/tr/?id=570963083077578&ev=fb_page_view&dl=https%3A%2F%2Fmephimtv.com%2Fdem-lang-phan-1%2F&rl=&if=false&ts=1662899174307&sw=1280&sh=1024&at=
IP
157.240.200.35:0
ASN
#32934 FACEBOOK

File type
GIF image data, version 89a, 1 x 1\012- data
Size
44 B (44 bytes)
Hash
b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

HTTP Headers

GET /tr/?id=570963083077578&ev=fb_page_view&dl=https%3A%2F%2Fmephimtv.com%2Fdem-lang-phan-1%2F&rl=&if=false&ts=1662899174307&sw=1280&sh=1024&at= HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mephimtv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/gif
date: Sun, 11 Sep 2022 12:26:25 GMT
expires: Sun, 11 Sep 2022 12:26:25 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie: 
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.facebook.com/v13.0/plugins/comments.php?app_id=570963083077578&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df17f7ce00cab4ca%26domain%3Dmephimtv.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmephimtv.com%252Ff198b3e13cda2fa%26relation%3Dparent.parent&container_width=760&height=100&href=https%3A%2F%2Fmephimtv.com%2Fdem-lang-phan-1%2F&lazy=true&locale=vi_VN&numposts=5&sdk=joey&version=v13.0&width=

157.240.200.35

200 OK

0 B

URL HTTP/2
www.facebook.com/v13.0/plugins/comments.php?app_id=570963083077578&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df17f7ce00cab4ca%26domain%3Dmephimtv.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmephimtv.com%252Ff198b3e13cda2fa%26relation%3Dparent.parent&container_width=760&height=100&href=https%3A%2F%2Fmephimtv.com%2Fdem-lang-phan-1%2F&lazy=true&locale=vi_VN&numposts=5&sdk=joey&version=v13.0&width=
IP
157.240.200.35:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v13.0/plugins/comments.php?app_id=570963083077578&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df17f7ce00cab4ca%26domain%3Dmephimtv.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmephimtv.com%252Ff198b3e13cda2fa%26relation%3Dparent.parent&container_width=760&height=100&href=https%3A%2F%2Fmephimtv.com%2Fdem-lang-phan-1%2F&lazy=true&locale=vi_VN&numposts=5&sdk=joey&version=v13.0&width= HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mephimtv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html;charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: +jPDNmq/hEDizSvynBO9C14h/sOHtmFA82tkOaBoXRnF+pDgY5SDPVeL8SJAkAlG9OCdFrKCxvrP+NCOF/YVvA==
content-length: 0
date: Sun, 11 Sep 2022 12:26:25 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-RCB1GD7RC5&gtm=2oe970&_p=1421152163&cid=1622540089.1662899174&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662899174&sct=1&seg=0&dl=https%3A%2F%2Fmephimtv.com%2Fdem-lang-phan-1%2F&dt=%C4%90%C3%AAm%20L%E1%BA%B7ng%20(Ph%E1%BA%A7n%201)%20%7C%20Dark%20(Season%201)%20(2017)%20Vietsub&en=page_view&_fv=1&_nsi=1&_ss=1

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-RCB1GD7RC5&gtm=2oe970&_p=1421152163&cid=1622540089.1662899174&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662899174&sct=1&seg=0&dl=https%3A%2F%2Fmephimtv.com%2Fdem-lang-phan-1%2F&dt=%C4%90%C3%AAm%20L%E1%BA%B7ng%20(Ph%E1%BA%A7n%201)%20%7C%20Dark%20(Season%201)%20(2017)%20Vietsub&en=page_view&_fv=1&_nsi=1&_ss=1
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-RCB1GD7RC5&gtm=2oe970&_p=1421152163&cid=1622540089.1662899174&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662899174&sct=1&seg=0&dl=https%3A%2F%2Fmephimtv.com%2Fdem-lang-phan-1%2F&dt=%C4%90%C3%AAm%20L%E1%BA%B7ng%20(Ph%E1%BA%A7n%201)%20%7C%20Dark%20(Season%201)%20(2017)%20Vietsub&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mephimtv.com
Connection: keep-alive
Referer: https://mephimtv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://mephimtv.com
date: Sun, 11 Sep 2022 12:26:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-577GSL84SN&gtm=2oe970&_p=1421152163&cid=1622540089.1662899174&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662899174&sct=1&seg=0&dl=https%3A%2F%2Fmephimtv.com%2Fdem-lang-phan-1%2F&dt=%C4%90%C3%AAm%20L%E1%BA%B7ng%20(Ph%E1%BA%A7n%201)%20%7C%20Dark%20(Season%201)%20(2017)%20Vietsub&en=page_view&_fv=1&_ss=1

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-577GSL84SN&gtm=2oe970&_p=1421152163&cid=1622540089.1662899174&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662899174&sct=1&seg=0&dl=https%3A%2F%2Fmephimtv.com%2Fdem-lang-phan-1%2F&dt=%C4%90%C3%AAm%20L%E1%BA%B7ng%20(Ph%E1%BA%A7n%201)%20%7C%20Dark%20(Season%201)%20(2017)%20Vietsub&en=page_view&_fv=1&_ss=1
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-577GSL84SN&gtm=2oe970&_p=1421152163&cid=1622540089.1662899174&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662899174&sct=1&seg=0&dl=https%3A%2F%2Fmephimtv.com%2Fdem-lang-phan-1%2F&dt=%C4%90%C3%AAm%20L%E1%BA%B7ng%20(Ph%E1%BA%A7n%201)%20%7C%20Dark%20(Season%201)%20(2017)%20Vietsub&en=page_view&_fv=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mephimtv.com
Connection: keep-alive
Referer: https://mephimtv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
access-control-allow-origin: https://mephimtv.com
date: Sun, 11 Sep 2022 12:26:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15983
Expires: Sun, 11 Sep 2022 16:52:49 GMT
Date: Sun, 11 Sep 2022 12:26:26 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15983
Expires: Sun, 11 Sep 2022 16:52:49 GMT
Date: Sun, 11 Sep 2022 12:26:26 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15983
Expires: Sun, 11 Sep 2022 16:52:49 GMT
Date: Sun, 11 Sep 2022 12:26:26 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15983
Expires: Sun, 11 Sep 2022 16:52:49 GMT
Date: Sun, 11 Sep 2022 12:26:26 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7443d7c-c2ec-4e8c-ad91-c2f3cdcecead.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7443d7c-c2ec-4e8c-ad91-c2f3cdcecead.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11701 bytes)
Hash
f25dc1e7a2da853e32c6509b061f49d7
cd9eedb9b5b31a4df3c13410e734d823ec36d71d
a143650a7d355826e68eb313bfd4ce0f4b744b9408ecc5b0473dc04058978220

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7443d7c-c2ec-4e8c-ad91-c2f3cdcecead.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11701
x-amzn-requestid: 9c0ca08c-36ec-49fb-b8b2-d38616c7d1c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YEjhIHlfoAMFvbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6318193a-41fe17a45f5248864d01ce01;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 04:08:26 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Lm_HMR8w44p0RQczWOCkPxuED_3WZxOxTl2i6F_A6PJC7DcvkUvLjQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 22:25:54 GMT
age: 50432
etag: "cd9eedb9b5b31a4df3c13410e734d823ec36d71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7635 bytes)
Hash
4ec2646c56c4c522f0744768ad20342b
ad1d9eee90556a359547dc7cbb6758aee2c804cd
0bf9eaa4420bf6290535fd23895c6c723c7de6b849995ba83774532862cfe8b4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7635
x-amzn-requestid: dbd07cc7-d0f6-4500-83c6-b19fa9fa2e3d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xt5xDEfUIAMFYXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630f09a0-3771b23118f3711e5caca699;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 07:11:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ILut4hEDJbs6jNr3wpPST1HgAYMabIT7cdZebRFETn8lL_QfS92KBA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:34 GMT
age: 53152
etag: "ad1d9eee90556a359547dc7cbb6758aee2c804cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6889 bytes)
Hash
57d797a1c3f6589746a1135bdb19f54f
7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97
ff8855ca951f53ed5f3886cc81a7f28384d41288edeca4fdc621250e4d01c6fe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6889
x-amzn-requestid: c82ac543-90cd-4aeb-a65b-7e1bbbacc407
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ2UEE-3IAMFYBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d0419-427a29067c9c92ec0db6567f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:39:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mNvNO0HJjZ1zwPKcjfqiVOnCL0CYXc8BPDSFbV6MXVW71IVt-2K3mQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:46:54 GMT
age: 52772
etag: "7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8485 bytes)
Hash
e407da4d97d497925b1ab523fd416787
166741631fb93d109b18dde6d316b3fa3276aa8f
707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mfmj40aUc8l5RPk56M-pbqTwhde_HzYcmN5MDrfv-WFPhbpoShWYNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 22:14:30 GMT
age: 51116
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9ba7347-38d8-40e3-9b29-41a380f99ed5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.1 kB (6109 bytes)
Hash
8c35b7f5f8e1b0b24570a41b7d18533a
c5b82c9d77851820b8d206573d5c03cd36d27a20
bb2456b31c48e6ebc9595c2bb9972b74531e93dd02ec4571d5af614f2d116ec7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9ba7347-38d8-40e3-9b29-41a380f99ed5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6109
x-amzn-requestid: 271b006e-9d17-46ba-9eed-22fd638c4e9e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ2AhHZgIAMFlSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d039c-444e7d6b22f2a08f7215a986;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:37:32 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Z1ZoYLM2Mj7teQm-1Dz80IZxKGqzuzAoEiT85R3RldbJwO6iJR-JJA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:44:01 GMT
etag: "c5b82c9d77851820b8d206573d5c03cd36d27a20"
content-type: image/jpeg
age: 52945
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13568 bytes)
Hash
8625e0707046e7a3715a8dbb40b1cae2
0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78
abc4c12561be08897341d9c8104c30a289357c0907e55c46895f7fb6afb2f75d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13568
x-amzn-requestid: a2fadcbe-350b-4a06-9f9c-ee2da40bb285
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YEESeHA_oAMFjCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317e742-4740aa3f4ebd479e7a4886ed;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 00:35:14 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: jbF2ZaJUhIoJV-o4f6iviFyUnoDW4R0KHTfC5NySmITnsLbD5iJrPQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:11 GMT
age: 53175
etag: "0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe41cdec0-ceff-4e9c-88a7-3a5565f1a459.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5752 bytes)
Hash
12666d69f9af3ceb23fdfc2100bd3226
c4d17e3ea44ef6dee9819c1586424e5f056f149c
054236a4d1f88a486f48b8f3a8ac01d21ec2179d5b1f3fc9791d0982d07a88a2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe41cdec0-ceff-4e9c-88a7-3a5565f1a459.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 5752
x-amzn-requestid: 622ffff0-1bd5-4eb4-a9ff-eb54c5ae44a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YBrqiFiToAMF0tA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6316f310-49efdcc572b4fad3543f857d;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 07:13:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VKsU4S6tKOso216JLUWn7b1bKDyfruIVukt98JooNCjwaXDT9bkPYQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:44:02 GMT
age: 52950
etag: "c4d17e3ea44ef6dee9819c1586424e5f056f149c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

mephimtv.com/dem-lang-phan-1/

104.21.52.56

200 OK

0 B

URL HTTP/2
mephimtv.com/dem-lang-phan-1/
IP
104.21.52.56:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /dem-lang-phan-1/ HTTP/1.1
Host: mephimtv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sun, 11 Sep 2022 12:26:24 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.29
link: <https://mephimtv.com/wp-json/>; rel="https://api.w.org/", <https://mephimtv.com/wp-json/wp/v2/posts/14618>; rel="alternate"; type="application/json", <https://mephimtv.com/?p=14618>; rel=shortlink
last-modified: Sun, 11 Sep 2022 12:26:24 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EZ5q7k4Mtc5srl6PNJTN2hJ%2BvLHLZG9R1AvpteQRHUGg3yKRdOq7%2BkPQOF8eUMTGTP5sF2Q0weFiBSbat8jiLU6llcWy7mAFWtoTMCoanAAN3oSeQgnI9i9yW%2FXUv7E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7490643b8d3fb50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bg4nxu2u5t.com/aas/r45d/vki/1933055/6964e5c8.js

62.122.171.6

200 OK

0 B

URL HTTP/2
bg4nxu2u5t.com/aas/r45d/vki/1933055/6964e5c8.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /aas/r45d/vki/1933055/6964e5c8.js HTTP/1.1
Host: bg4nxu2u5t.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mephimtv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 12:26:24 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 13:38:24 GMT
vary: Accept-Encoding
etag: W/"63189ed0-1091a"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700&subset=latin%2Cvietnamese&display=swap

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700&subset=latin%2Cvietnamese&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Montserrat:wght@400;500;600;700&subset=latin%2Cvietnamese&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mephimtv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 11 Sep 2022 12:26:24 GMT
date: Sun, 11 Sep 2022 12:26:24 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

bg4nxu2u5t.com/get/1933055?zoneid=1933055&jp=_clx629xvyq33d5ez0ffvik&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=5738479294432414

62.122.171.6

200 OK

0 B

URL HTTP/2
bg4nxu2u5t.com/get/1933055?zoneid=1933055&jp=_clx629xvyq33d5ez0ffvik&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=5738479294432414
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1933055?zoneid=1933055&jp=_clx629xvyq33d5ez0ffvik&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=5738479294432414 HTTP/1.1
Host: bg4nxu2u5t.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mephimtv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 12:26:24 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2209110726e41a313fee3d4c73b05fc9cc08; Path=/; Expires=Mon, 11 Sep 2023 12:26:24 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

2158novffp.com/get/1933084?zoneid=1933084&jp=_clyyyaw3ty3tudblwntamf&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=5457004317731475

62.122.171.6

200 OK

0 B

URL HTTP/2
2158novffp.com/get/1933084?zoneid=1933084&jp=_clyyyaw3ty3tudblwntamf&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=5457004317731475
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1933084?zoneid=1933084&jp=_clyyyaw3ty3tudblwntamf&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=5457004317731475 HTTP/1.1
Host: 2158novffp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mephimtv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 12:26:24 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2209110726a8e10309cf2c445f8ff604c2d4; Path=/; Expires=Mon, 11 Sep 2023 12:26:24 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations