Report - s3embtaku.pro/download?id=MTQyNzM3

Report Overview

Visited public
2024-12-24 15:48:43
Tags
URL
s3embtaku.pro/download?id=MTQyNzM3
Finishing URL
s3embtaku.pro/download?id=MTQyNzM3
IP / ASN
104.26.0.180
#13335 CLOUDFLARENET
Title
Kaguya-sama wa Kokurasetai?: Tensai-tachi no Renai Zunousen 2 (Dub) Episode 1

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ssl.p.jwpcdn.com	2512	2012-08-07	2017-01-30	2024-12-24	866 B	153 kB	151.101.2.114
oi.bilifyfirers.com	unknown	2024-11-22	2024-12-06	2024-12-14	409 B	1.5 kB	23.109.170.209
roastoup.com	unknown	2023-10-23	2023-10-23	2024-12-14	2.7 kB	303 kB	139.45.197.106
platform.bidgear.com	30367	2011-08-30	2016-07-27	2024-12-17	436 B	5.5 kB	104.26.2.107
imp9.bidgear.com	34078	2011-08-30	2021-03-15	2024-12-24	506 B	718 B	104.26.2.107
www.googletagmanager.com	75	2011-11-11	2012-10-04	2024-12-18	420 B	111 kB	142.250.74.168
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2024-12-18	429 B	29 kB	104.17.25.14
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-12-18	459 B	1.9 kB	188.114.96.1
www.gstatic.com	unknown	2008-02-11	2012-05-29	2024-12-18	1.9 kB	489 kB	142.250.74.99
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2024-12-18	1.0 kB	33 kB	216.58.207.227
www.google.com	7	1997-09-15	2015-05-10	2024-12-18	4.0 kB	77 kB	142.250.74.164
s3embtaku.pro	unknown	2024-11-03	2024-11-21	2024-12-17	6.7 kB	567 kB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-12-24	medium	bilifyfirers.com	Sinkholed
2024-12-24	medium	roastoup.com	Sinkholed
2024-12-24	medium	roastoup.com	Sinkholed
2024-12-24	medium	roastoup.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (23)

	URL	From	Size	First Seen	Last Seen
	roastoup.com/5/5187598	ScriptElement	76 kB	2024-12-24	2024-12-24
Pretty URL roastoup.com/5/5187598 IP 139.45.197.106 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-24 15:48 Last Seen2024-12-24 15:48 Times Seen1 Hash e0d32598447af7da05f76dd9dc1310b3 a357ec72d63e8469512a354eefc983fa79efc8a2 7f86e09f8c904d36c5918c2b18bbbe35949676c2f5ff28a3bbdfc7f23bbfa92e Loading...

	s3embtaku.pro/download?id=MTQyNzM3	ScriptElement	0 B	0001-01-01	2025-04-26
Pretty URL s3embtaku.pro/download?id=MTQyNzM3 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-04-26 00:18 Times Seen4535312 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	ScriptElement	172 B	2024-12-24	2024-12-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-24 15:48 Last Seen2024-12-24 15:48 Times Seen1 Hash 146adcefcda4545e8b56f811fbc77832 824ea8ff9d3faea07468338c6730dba0fe85501b 30d22bf4eaa0fcdc2734a3f3b41ce5b2e4cf2d795cdf869bc34909a4989d8c56 Loading...

	oi.bilifyfirers.com/r1Tq4Ag0rYj/70760	ScriptElement	0 B	0001-01-01	2025-04-26
Pretty URL oi.bilifyfirers.com/r1Tq4Ag0rYj/70760 IP 23.109.170.209 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-04-26 00:18 Times Seen4535312 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	s3embtaku.pro/download?id=MTQyNzM3	ScriptElement	0 B	0001-01-01	2025-04-26
Pretty URL s3embtaku.pro/download?id=MTQyNzM3 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-04-26 00:18 Times Seen4535312 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx	ScriptElement	69 B	2023-03-07	2025-04-26
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-04-26 00:12 Times Seen113940 Hash 45ecf7458f42da80ac248ad42d610372 a5b3edf8328769bc754e6e616a957ceed4fdadd7 75867e75b209895995014b43c3d711476e3437481e5fbec91a4da674302558bf Loading...

	www.google.com/js/bg/GaYUpI3TM2ZeJrJuY6shdNLJBEVQZd83XqI1ZKo9ZSY.js	ScriptElement	19 kB	2024-12-13	2025-01-14
Pretty URL www.google.com/js/bg/GaYUpI3TM2ZeJrJuY6shdNLJBEVQZd83XqI1ZKo9ZSY.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-13 08:23 Last Seen2025-01-14 08:00 Times Seen1444 Hash 46074f20715b2e1d71813fe06d27f940 0a1f5fa5e8ee3161ee0a7fcf754fea35a4d6c3f5 19a614a48dd333665e26b26e63ab2174d2c904455065df375ea23564aa3d6526 Loading...

	www.googletagmanager.com/gtag/js?id=G-PY1M3DS3LQ	ScriptElement	331 kB	2024-12-24	2024-12-24
Pretty URL www.googletagmanager.com/gtag/js?id=G-PY1M3DS3LQ IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-24 15:48 Last Seen2024-12-24 15:48 Times Seen1 Hash fc2287ce2e55a63cfc69e28e2e3638d3 701c66c6ba0bc207fd61e64b53d77303a2806e5b 0aa18ba8be3df726b518a8db3a8f83939a16481f23b853a5a50fdf31e5a9c9a5 Loading...

	www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js	ScriptElement	560 kB	2024-12-12	2025-03-18
Pretty URL www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js IP 142.250.74.99 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-12 06:57 Last Seen2025-03-18 08:34 Times Seen9332 Hash 19ddac3be88eda2c8263c5d52fa7f6bd c81720778f57c56244c72ce6ef402bb4de5f9619 b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6 Loading...

	s3embtaku.pro/player/js/jquery.min.js?v=11.0	ScriptElement	86 kB	2023-03-07	2025-02-01
Pretty URL s3embtaku.pro/player/js/jquery.min.js?v=11.0 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-02-01 17:45 Times Seen496 Hash ed72e2a6ae1afb03eb3e917c2dbe2b50 b23ec2f5041209e5d1d567740fe5ad323688b76a f8e5351fc39356f8f94d7f334b11f9a0f44a67a9461bbd3e8be10cf44acdf780 Loading...

	s3embtaku.pro/js/jw8.21/jwplayer.js?v=11.0	ScriptElement	114 kB	2023-03-07	2025-02-20
Pretty URL s3embtaku.pro/js/jw8.21/jwplayer.js?v=11.0 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-02-20 07:00 Times Seen165 Hash bb5e42e4210f921bac1043a165b87703 7bb8da96bbed9a24799868bfb394863597f27726 421bd3d398dcba5196a09a792b61ae1f4f2de63109396b16ac4f76d8e4d8d763 Loading...

	www.google.com/recaptcha/api.js?render=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO	ScriptElement	904 B	2024-12-14	2024-12-31
Pretty URL www.google.com/recaptcha/api.js?render=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-14 14:33 Last Seen2024-12-31 19:51 Times Seen5 Hash d12fa7d1a0d33c3e12e23966a416c0ae bb798d0681a5264e81c4ce868f6761b518614da8 542e6a6da699efadb6e1ba4b099963cc5f2685a386d7895de98d2aa78d463bd9 Loading...

	ssl.p.jwpcdn.com/player/v/8.21.1/jwpsrv.js	ScriptElement	58 kB	2023-03-07	2025-04-17
Pretty URL ssl.p.jwpcdn.com/player/v/8.21.1/jwpsrv.js IP 151.101.2.114 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-04-17 20:05 Times Seen283 Hash 2d642e2770c705fe7a30a5a3a28396ea 1517b2df995bbb9f184a8f9d6ea6bcf46b464ee1 59582c75d6c2b9e2b4bbf226db778d7211d60de3343c83c809ad5a59a322fc15 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-04-26
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-04-26 00:10 Times Seen201860 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	s3embtaku.pro/download?id=MTQyNzM3	ScriptElement	0 B	0001-01-01	2025-04-26
Pretty URL s3embtaku.pro/download?id=MTQyNzM3 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-04-26 00:18 Times Seen4535312 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	platform.bidgear.com/ads.php?domainid=3113&sizeid=17&zoneid=8091	ScriptElement	575 B	2024-12-24	2024-12-24
Pretty URL platform.bidgear.com/ads.php?domainid=3113&sizeid=17&zoneid=8091 IP 104.26.2.107 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-24 15:48 Last Seen2024-12-24 15:48 Times Seen1 Hash ac98affbfe09128c3f1919dab2b705e4 6a407184ad55eb2d60f01c01e8fc3f8143cac676 8eafdb973895cf171495b8c6a764de930ba1f9517212ef45d567a618d78ed058 Loading...

	ssl.p.jwpcdn.com/player/v/8.21.1/jwplayer.core.controls.html5.js	ScriptElement	352 kB	2023-03-07	2025-02-01
Pretty URL ssl.p.jwpcdn.com/player/v/8.21.1/jwplayer.core.controls.html5.js IP 151.101.2.114 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-02-01 17:45 Times Seen59 Hash 00defed8cdc2155ad316d0543fdd07d8 0ae19cd3531bcc4892d6b24bbf7702931f8d0cd3 68ab3c487b67391fb7709201b88b8e95002ea7ac9675c63f57b3e8b36092c465 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx	ScriptElement	38 kB	2024-12-24	2024-12-24
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-24 15:48 Last Seen2024-12-24 15:48 Times Seen1 Hash 45f987ff792a14ebafb13b80fdd0e302 998bde91db33723ce3d75a5a351f585215ff0539 9f53fe090cc066c5bf3a41e0cf704605ee8f2ba5157254c55833db9558cfd2f2 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 4c30471329a6d77beceae3bdf968cc5b	25 kB	2024-12-24 15:48	2024-12-24 15:48
Pretty Observations First Seen2024-12-24 15:48 Last Seen2024-12-24 15:48 Times Seen1 Hash 4c30471329a6d77beceae3bdf968cc5b bff7c0b32655e540e1a5b29bbcb66379b705e0da adfe79f5fd6b8d1c4483542f491f0a79ba4ea0fb263d8852d7add0ca4f158ee7 Loading...

	#2 Eval - 85c8e9f26034729bbc4c79bf07d81197	22 B	2024-12-13 08:26	2025-01-14 08:00
Pretty Observations First Seen2024-12-13 08:26 Last Seen2025-01-14 08:00 Times Seen1424 Hash 85c8e9f26034729bbc4c79bf07d81197 03edb62c5e9716f53ce5b0108dd8187681c94cd6 5ea3a0d08a89cf6edf12481a403700d29ab782d13e69117a8eb918e186b34dc3 Loading...

	#3 Eval - 144c37c79cbc1fac23c2122146c73da5	22 B	2024-12-13 08:23	2025-01-14 08:00
Pretty Observations First Seen2024-12-13 08:23 Last Seen2025-01-14 08:00 Times Seen1422 Hash 144c37c79cbc1fac23c2122146c73da5 46205cb1029e35c88f2515bc08f88cdfa8a08f30 921710c9775ffc47053a876813693529e2c453b895d508c03926ada3bf80d6f7 Loading...

	#4 Eval - fa7e940647ca7ee7406ef4f7415b55f8	62 B	2024-12-13 08:23	2025-01-14 08:00
Pretty Observations First Seen2024-12-13 08:23 Last Seen2025-01-14 08:00 Times Seen1431 Hash fa7e940647ca7ee7406ef4f7415b55f8 a523d51dfa3098fba3ae55c55c2411125021cc42 20ab1fafa05284aae79fe4bd5339a984b883be1f31c4d0f12ddc4acc8a9a0c9d Loading...

		Size	First Seen	Last Seen
	#1 Write - e484cb8c1633d21bdf3b30c3f2bcdd03	549 B	2024-12-24 15:48	2024-12-24 15:48
Pretty Observations First Seen2024-12-24 15:48 Last Seen2024-12-24 15:48 Times Seen1 Hash e484cb8c1633d21bdf3b30c3f2bcdd03 c86845fe7b4da51168e6724fecf2fb0889c08674 b34a7053ea86e540e5f6ccacb868c97372cf4d0169d273956412814187b1de66 Loading...

HTTP Transactions (36)

URL IP Response Size

s3embtaku.pro/download?id=MTQyNzM3

188.114.96.1

200 OK

2.1 kB

URL User Request GET HTTP/2
s3embtaku.pro/download?id=MTQyNzM3
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjects3embtaku.pro
Fingerprint8A:F0:26:A9:B1:6F:B3:75:9A:AE:B9:D0:7E:05:7F:7F:18:77:EE:B8
ValiditySun, 03 Nov 2024 18:19:22 GMT - Sat, 01 Feb 2025 19:19:18 GMT

File type
HTML document, ASCII text
Size
2.1 kB (2118 bytes)
Hash
1213f1e99e5442783df632c15c64b370
c7fa783453b7d088d5ef33a19dd1933323e970a7
5d6499d05ad98e651d6f1d8cf16fcc2a9a9324f5c00429ea8de218d1449b7a95

HTTP Headers

GET /download?id=MTQyNzM3 HTTP/1.1
Host: s3embtaku.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Dec 2024 15:48:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding
x-powered-by: PHP/5.6.13
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OXrzJYBJORKSPYdcjFM1lTR44L1bfX%2BAoIRajfnR4AUzvmii9Hc0saEcb9BE3Yq7ojkagUbOZ7F9Z0pIxOqqW7LDk2G2QpMjsHiZXlAKtU3b3TlgZ93Lgd5fBxPT7TaT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f71bc10dab456b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6612&min_rtt=637&rtt_var=11976&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3204&recv_bytes=1132&delivery_rate=5436795&cwnd=254&unsent_bytes=0&cid=da050281285229cb&ts=217&x=0"
X-Firefox-Spdy: h2

s3embtaku.pro/img/logo.png

188.114.96.1

200 OK

17 kB

URL GET HTTP/3
s3embtaku.pro/img/logo.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subjects3embtaku.pro
Fingerprint8A:F0:26:A9:B1:6F:B3:75:9A:AE:B9:D0:7E:05:7F:7F:18:77:EE:B8
ValiditySun, 03 Nov 2024 18:19:22 GMT - Sat, 01 Feb 2025 19:19:18 GMT

File type
PNG image data, 217 x 34, 8-bit/color RGBA, non-interlaced
Size
17 kB (17285 bytes)
Hash
3de9b525fca2b5ae8ae13973499b540b
5321d0e52e85104423c6de5c411820c8cc90711e
ef5d2227bd02c291d619f6fba92f4c207dbde307b4207ccc56fd816f6abcc626

HTTP Headers

GET /img/logo.png HTTP/1.1
Host: s3embtaku.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/download?id=MTQyNzM3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 24 Dec 2024 15:48:16 GMT
content-type: image/png
content-length: 17285
last-modified: Wed, 28 Feb 2024 17:39:10 GMT
etag: "65df6fbe-4385"
expires: Thu, 09 Jan 2025 01:30:04 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 1261092
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E3Tl5pZgYbRUyLbD5e9XM%2FaYzAV48aF8f%2FGndjrec1u%2BJleQjPlyKrYaIgZDgtlerMWm53rUeyPnuLwB6vMgOfbGbSAw2Hm4owmZ%2FOfE5mp0fQ0Ht4IYv2gkR0ZopsrX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f71bc151c2156b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15137&min_rtt=5917&rtt_var=7532&sent=37&recv=13&lost=0&retrans=0&sent_bytes=28173&recv_bytes=2378&delivery_rate=26605&cwnd=24000&unsent_bytes=0&cid=74c3bc172178ee75&ts=480&x=1", cfExtPri, cfHdrFlush;dur=0

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint64:3F:50:40:E0:BD:89:CB:A9:C8:BE:E5:74:F6:9E:D6:2E:1A:32:02
ValidityTue, 26 Nov 2024 07:25:18 GMT - Mon, 24 Feb 2025 07:25:17 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
28 kB (27938 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Dec 2024 15:48:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 300537
expires: Sun, 14 Dec 2025 15:48:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YBF9FlAupRORAQqp%2FN1VAcuNurfO%2BN9lCX1IWGFLB4nHa%2BbKGxeD0P1B%2FdrCGOzAZKSSAbNlF40PDkRN4rncqnCypEx8WfuiV1SAG4qvi5URs18sy0jXfiqLTfqONlwYGFuy3g0L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8f71bc158d0db515-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

s3embtaku.pro/img/bg_main.png

188.114.96.1

200 OK

934 B

URL GET HTTP/3
s3embtaku.pro/img/bg_main.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subjects3embtaku.pro
Fingerprint8A:F0:26:A9:B1:6F:B3:75:9A:AE:B9:D0:7E:05:7F:7F:18:77:EE:B8
ValiditySun, 03 Nov 2024 18:19:22 GMT - Sat, 01 Feb 2025 19:19:18 GMT

File type
PNG image data, 1 x 49, 8-bit/color RGB, non-interlaced
Size
934 B (934 bytes)
Hash
90b4e18b7d87440049747cc0030d68b4
cd9cac77e919c503a924e5635f980fdad83877d4
ff911c9be9d032be042b58e4f77c4f7f220e1976ac47ce976f4e4d656a663da7

HTTP Headers

GET /img/bg_main.png HTTP/1.1
Host: s3embtaku.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/css/style.css?v=1.2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 24 Dec 2024 15:48:16 GMT
content-type: image/png
content-length: 934
last-modified: Wed, 28 Feb 2024 17:39:10 GMT
etag: "65df6fbe-3a6"
expires: Fri, 17 Jan 2025 21:55:10 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 496386
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7hV%2BQdrattkbuZcAKNf0uqgb5wWvCwa%2Bgr84b9T3YLbBCXf7aWMWsMnkBlkoiLJGSmaVA65ibtkqq5MpRKnttxMViFzCojdV9yFGIkNyMI%2FR5VJIZ4aw%2FjLd9fe%2Bp%2FW6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f71bc160cfb56b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=13490&min_rtt=5917&rtt_var=5786&sent=97&recv=17&lost=0&retrans=0&sent_bytes=96365&recv_bytes=2800&delivery_rate=513124&cwnd=96000&unsent_bytes=0&cid=74c3bc172178ee75&ts=636&x=1", cfExtPri, cfHdrFlush;dur=0

www.googletagmanager.com/gtag/js?id=G-PY1M3DS3LQ

142.250.74.168

200 OK

110 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-PY1M3DS3LQ
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintFA:A6:D6:5C:A6:DC:BE:D1:9A:34:42:70:3B:66:13:21:40:A4:C9:E4
ValidityMon, 02 Dec 2024 08:35:56 GMT - Mon, 24 Feb 2025 08:35:55 GMT

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
110 kB (109934 bytes)
Hash
fc2287ce2e55a63cfc69e28e2e3638d3
701c66c6ba0bc207fd61e64b53d77303a2806e5b
0aa18ba8be3df726b518a8db3a8f83939a16481f23b853a5a50fdf31e5a9c9a5

HTTP Headers

GET /gtag/js?id=G-PY1M3DS3LQ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 24 Dec 2024 15:48:17 GMT
expires: Tue, 24 Dec 2024 15:48:17 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 109934
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ssl.p.jwpcdn.com/player/v/8.21.1/jwplayer.core.controls.html5.js

151.101.2.114

200 OK

93 kB

URL GET HTTP/2
ssl.p.jwpcdn.com/player/v/8.21.1/jwplayer.core.controls.html5.js
IP
151.101.2.114:443
ASN
#54113 FASTLY

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGlobalSign nv-sa
Subject*.jwplayer.com
FingerprintEB:7D:6F:C0:96:2F:66:35:5C:60:21:FF:31:D2:7A:D1:4F:C7:CF:96
ValidityTue, 02 Jul 2024 18:10:25 GMT - Sun, 03 Aug 2025 18:10:24 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65135)
Size
93 kB (93385 bytes)
Hash
00defed8cdc2155ad316d0543fdd07d8
0ae19cd3531bcc4892d6b24bbf7702931f8d0cd3
68ab3c487b67391fb7709201b88b8e95002ea7ac9675c63f57b3e8b36092c465

HTTP Headers

GET /player/v/8.21.1/jwplayer.core.controls.html5.js HTTP/1.1
Host: ssl.p.jwpcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: max-age=31536000, immutable
last-modified: Fri, 16 Jul 2021 21:39:21 GMT
etag: "00defed8cdc2155ad316d0543fdd07d8"
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Tue, 24 Dec 2024 15:48:17 GMT
via: 1.1 varnish
age: 1769209
x-served-by: cache-hel1410031-HEL
x-cache: HIT
x-cache-hits: 14
x-timer: S1735055297.087846,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 93385
X-Firefox-Spdy: h2

s3embtaku.pro/css/style.css?v=1.2

188.114.96.1

200 OK

18 kB

URL GET HTTP/3
s3embtaku.pro/css/style.css?v=1.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subjects3embtaku.pro
Fingerprint8A:F0:26:A9:B1:6F:B3:75:9A:AE:B9:D0:7E:05:7F:7F:18:77:EE:B8
ValiditySun, 03 Nov 2024 18:19:22 GMT - Sat, 01 Feb 2025 19:19:18 GMT

File type
JavaScript source, ASCII text, with very long lines (58530)
Size
18 kB (18308 bytes)
Hash
e26b9cb03097d90fff0da156c3313ec7
979322128188e3cdf185bf423dfcb5084341c31f
6ac3d6d6df83fb9dd797ae63f18ba2d095ff524a8080eefd18edf63e1170ad9f

HTTP Headers

GET /css/style.css?v=1.2 HTTP/1.1
Host: s3embtaku.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/download?id=MTQyNzM3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 24 Dec 2024 15:48:16 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding
last-modified: Wed, 28 Feb 2024 17:39:10 GMT
etag: W/"65df6fbe-c49"
expires: Sat, 18 Jan 2025 17:46:45 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
content-encoding: gzip
age: 424890
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LR1BpImblBfnx7qeckecRBynNvIGVVWf4W%2BbOfxWa735ZBE2jQ0NNgQ7tpsMy8GgU%2FevrYRXknp%2BYwq2qcpI%2FyLBQK1DzgvdwQ4IP8sReqe7O1iUaluIMjpUgj4ifmZh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f71bc150c0f56b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15503&min_rtt=5917&rtt_var=9066&sent=15&recv=12&lost=0&retrans=0&sent_bytes=4173&recv_bytes=2334&delivery_rate=99538&cwnd=12000&unsent_bytes=0&cid=74c3bc172178ee75&ts=472&x=1", cfExtPri, cfHdrFlush;dur=0

s3embtaku.pro/img/bg_header.png

188.114.96.1

200 OK

941 B

URL GET HTTP/3
s3embtaku.pro/img/bg_header.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subjects3embtaku.pro
Fingerprint8A:F0:26:A9:B1:6F:B3:75:9A:AE:B9:D0:7E:05:7F:7F:18:77:EE:B8
ValiditySun, 03 Nov 2024 18:19:22 GMT - Sat, 01 Feb 2025 19:19:18 GMT

File type
PNG image data, 2 x 87, 8-bit/color RGB, non-interlaced
Size
941 B (941 bytes)
Hash
de5c6e3d7572f9ba4d4c8b8479a6bbe1
880037da56cf23fcbf8ee69c92643b66f36486cf
c6c09c4864fbadc58509fe626b9c769d92cea08d1be7ef5ef9df03d23b4e59d5

HTTP Headers

GET /img/bg_header.png HTTP/1.1
Host: s3embtaku.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/css/style.css?v=1.2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 24 Dec 2024 15:48:17 GMT
content-type: image/png
content-length: 941
last-modified: Wed, 28 Feb 2024 17:39:10 GMT
etag: "65df6fbe-3ad"
expires: Thu, 23 Jan 2025 02:52:02 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 46575
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PeMjNeEwXz4G6RqaL%2BiGDI%2B0EEgKLOGJ%2FJmd6VS9vRNlcizBlpLP7H6hfyyvVVElUa23tDFaC%2BMJkKk6RG8QYsuL%2F62QYLC0KjNhytpvqSo95JZLoeGg%2BTl6%2Bifox8%2FR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f71bc178e2856b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=13607&min_rtt=5917&rtt_var=4574&sent=100&recv=19&lost=0&retrans=0&sent_bytes=98130&recv_bytes=3423&delivery_rate=69805&cwnd=96000&unsent_bytes=0&cid=74c3bc172178ee75&ts=875&x=1", cfExtPri, cfHdrFlush;dur=0

s3embtaku.pro/player/js/jquery.min.js?v=11.0

188.114.96.1

200 OK

30 kB

URL GET HTTP/3
s3embtaku.pro/player/js/jquery.min.js?v=11.0
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subjects3embtaku.pro
Fingerprint8A:F0:26:A9:B1:6F:B3:75:9A:AE:B9:D0:7E:05:7F:7F:18:77:EE:B8
ValiditySun, 03 Nov 2024 18:19:22 GMT - Sat, 01 Feb 2025 19:19:18 GMT

File type
gzip compressed data, from Unix
Size
30 kB (30518 bytes)
Hash
435db3cd6df83d3ffa901b6d347ef4f5
767119ccbe59ef8685c5cd80a7ccc92b12acbd6d
7bfc6d255efec96d0e4f2d64a851dbb8826cc1a853585e25faa2f91865161627

HTTP Headers

GET /player/js/jquery.min.js?v=11.0 HTTP/1.1
Host: s3embtaku.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/download?id=MTQyNzM3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 24 Dec 2024 15:48:16 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding
last-modified: Wed, 28 Feb 2024 17:39:10 GMT
etag: W/"65df6fbe-1514d"
expires: Thu, 26 Dec 2024 04:35:51 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
content-encoding: gzip
cf-cache-status: HIT
age: 2459544
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F%2BgKUaYlq5x2qyCKUW5Wlm0J2Jh%2B0TT7iLJb6olRyrZ4AmXCo2AhfX91KtL9UBH%2BiVnkdBwjxnhptD9tN6jvj7exMHF433vlYBoKKB6ZuGwJVHQGBVZOPlVMnj5wkVKx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f71bc150c1256b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15503&min_rtt=5917&rtt_var=9066&sent=19&recv=12&lost=0&retrans=0&sent_bytes=7050&recv_bytes=2334&delivery_rate=99538&cwnd=12000&unsent_bytes=0&cid=74c3bc172178ee75&ts=474&x=1", cfExtPri, cfHdrFlush;dur=0

my.rtmark.net/gid.js?userId=00813cc57c00462efb6d13876c4903c4

188.114.96.1

200 OK

570 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=00813cc57c00462efb6d13876c4903c4
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint8A:B7:CD:87:FA:39:07:A8:88:41:1C:9E:2D:0E:97:51:61:75:C1:34
ValidityWed, 06 Nov 2024 10:31:42 GMT - Tue, 04 Feb 2025 10:31:41 GMT

File type
JSON text data
Size
570 B (570 bytes)
Hash
c0027707e2413d0885f2957107c5fe98
c94641f4d15a99f4ab11becde4d0e2f01d2d75e3
6dcad53a19afbd14f8ba36d40b1e9e0fbb8d24cc47299aeeaba0cce80abc08e8

HTTP Headers

GET /gid.js?userId=00813cc57c00462efb6d13876c4903c4 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s3embtaku.pro
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Dec 2024 15:48:17 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://s3embtaku.pro
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
set-cookie: ID=00813cc57c00462efb6d13876c4903c4; expires=Wed, 24 Dec 2025 15:48:17 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lyFkUdPyPOl14DU%2FSZixJy21nKVFSIPWSqXySUI8axJEmtFYngUo%2BZ2YxggbX9S9%2FN9PbvyeWTuM5PvprKRQjC7ACHHLpJfFing8JRgnXP%2Fhtxb9SzmVaHhxS8pJZMQJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f71bc199f775689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=675&min_rtt=580&rtt_var=209&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3255&recv_bytes=1228&delivery_rate=6683076&cwnd=253&unsent_bytes=0&cid=76fcf41db5700a48&ts=63&x=0"
X-Firefox-Spdy: h2

oi.bilifyfirers.com/r1Tq4Ag0rYj/70760

23.109.170.209

200 OK

20 B

URL GET HTTP/1.1
oi.bilifyfirers.com/r1Tq4Ag0rYj/70760
IP
23.109.170.209:443
ASN
#7979 SERVERS-COM

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerLet's Encrypt
Subjectoi.bilifyfirers.com
Fingerprint42:50:44:28:B5:0C:4F:C1:D6:CA:B0:49:3F:67:BB:6D:C8:EC:0E:E2
ValidityFri, 22 Nov 2024 06:58:04 GMT - Thu, 20 Feb 2025 06:58:03 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /r1Tq4Ag0rYj/70760 HTTP/1.1
Host: oi.bilifyfirers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Dec 2024 15:48:17 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://s3embtaku.pro
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Wed, 25-Dec-2024 15:48:17 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Wed, 25-Dec-2024 15:48:17 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

s3embtaku.pro/css/font/MYRIADPROREGULAR.woff

188.114.96.1

404 Not Found

4 B

URL GET HTTP/3
s3embtaku.pro/css/font/MYRIADPROREGULAR.woff
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subjects3embtaku.pro
Fingerprint8A:F0:26:A9:B1:6F:B3:75:9A:AE:B9:D0:7E:05:7F:7F:18:77:EE:B8
ValiditySun, 03 Nov 2024 18:19:22 GMT - Sat, 01 Feb 2025 19:19:18 GMT

File type
ASCII text
Size
4 B (4 bytes)
Hash
c87363ba121297b063e83344e122b6d3
b2201302e129a4396a323cb56283cddeef11bbe8
f8bf41177a5f5e808a7ccb648b51080b031f15ca8018d91a576263d6cc626eb6

HTTP Headers

GET /css/font/MYRIADPROREGULAR.woff HTTP/1.1
Host: s3embtaku.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/css/font.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Tue, 24 Dec 2024 15:48:17 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Encoding
x-powered-by: PHP/5.6.13
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
set-cookie: tvshow=bgarncsg8rvmdnoojbi0826lv5; path=/
token=676ad7c14d22b; path=/
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CBkNts%2FLzxGsZZdE44jZ5WDzjxqhE9Bjcdd99ikAMcob6X1dlN3tbZQ%2FGLj5rsV78fVGTnRsPJhuQHD06onqVoZ%2FHhM2jki2qmPbBDPq9Utu7ONcRoXvtmAu1i3JAR17"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f71bc178e2956b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=12098&min_rtt=1531&rtt_var=6449&sent=102&recv=20&lost=0&retrans=0&sent_bytes=99878&recv_bytes=3469&delivery_rate=203608&cwnd=96000&unsent_bytes=0&cid=74c3bc172178ee75&ts=1017&x=1", cfExtPri, cfHdrFlush;dur=0

s3embtaku.pro/css/font/MyriadPro-Regular.ttf

188.114.96.1

200 OK

364 kB

URL GET HTTP/3
s3embtaku.pro/css/font/MyriadPro-Regular.ttf
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subjects3embtaku.pro
Fingerprint8A:F0:26:A9:B1:6F:B3:75:9A:AE:B9:D0:7E:05:7F:7F:18:77:EE:B8
ValiditySun, 03 Nov 2024 18:19:22 GMT - Sat, 01 Feb 2025 19:19:18 GMT

File type
TrueType Font data, 20 tables, 1st "GPOS", 23 names, Macintosh, � 1992, 1994, 1997, 2000, 2004 Adobe Systems Incorporated. All rights reserved. Protected by U.S
Size
364 kB (363680 bytes)
Hash
aeaff3e02250b65d88887f2f28714836
5c2716a1235091f8fbf5dd1618ca928d4aa87fba
0b0d0464b4990b53fecec96ed57ac75e4de4d3bfe6a781c399e98876b22afd58

HTTP Headers

GET /css/font/MyriadPro-Regular.ttf HTTP/1.1
Host: s3embtaku.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/css/font.css
Cookie: tvshow=bgarncsg8rvmdnoojbi0826lv5; token=676ad7c14d22b
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 24 Dec 2024 15:48:17 GMT
content-type: application/octet-stream
content-length: 363680
last-modified: Wed, 28 Feb 2024 17:39:10 GMT
etag: "65df6fbe-58ca0"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ptFRdLCTj1Y%2BEJ2OYNKyKMAoI749i03SfryYxOl7xPiBRz4LhwuHTwKMHsBM3cPa4E34LVmewOztc5uh5BiMS1Q1dAYEtmsV876wgbmujGzEYwnpITWu7ZGbgF0CYJDX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f71bc1aa8ea56b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=10882&min_rtt=1531&rtt_var=7268&sent=104&recv=22&lost=0&retrans=0&sent_bytes=100726&recv_bytes=3875&delivery_rate=36697&cwnd=96000&unsent_bytes=0&cid=74c3bc172178ee75&ts=1507&x=1", cfExtPri, cfHdrFlush;dur=0

roastoup.com/wrr?z=5187598&p_rid=9d7e4e72-dfbc-49dc-93e7-8993ca9f4903&rb=2gjEu-JYz6MHHyZbGr0frVZ4hM8f4G9MOBj6-4LnUa7Gr-jTayAMnKCMf2E460zusiCYza7crGVawvW_A8CwVPPyao4gS9gce8vDen3FPDDJK_aVwXYJR2_NPLetap2XrQ0drsm5ffexYx9TaYevcxS-ipTtcCQSzyma3LZ3rrc58oPa541aHJWwbDACZtRgssPNRuUnFqU5woaTUWbHFD7wbsWIp6ANgEL-_r8qJAn75O8u60dsZb_sP7PdoEOVNjP--FGy6em_BZDa&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fs3embtaku.pro%2Fdownload%3Fid%3DMTQyNzM3&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1028.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=1&dmn=roastoup.com&userId=00813cc57c00462efb6d13876c4903c4

139.45.197.106

200 OK

2 B

URL GET HTTP/2
roastoup.com/wrr?z=5187598&p_rid=9d7e4e72-dfbc-49dc-93e7-8993ca9f4903&rb=2gjEu-JYz6MHHyZbGr0frVZ4hM8f4G9MOBj6-4LnUa7Gr-jTayAMnKCMf2E460zusiCYza7crGVawvW_A8CwVPPyao4gS9gce8vDen3FPDDJK_aVwXYJR2_NPLetap2XrQ0drsm5ffexYx9TaYevcxS-ipTtcCQSzyma3LZ3rrc58oPa541aHJWwbDACZtRgssPNRuUnFqU5woaTUWbHFD7wbsWIp6ANgEL-_r8qJAn75O8u60dsZb_sP7PdoEOVNjP--FGy6em_BZDa&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fs3embtaku.pro%2Fdownload%3Fid%3DMTQyNzM3&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1028.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=1&dmn=roastoup.com&userId=00813cc57c00462efb6d13876c4903c4
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerLet's Encrypt
Subjectroastoup.com
FingerprintE0:4D:9D:AE:7B:42:15:EA:CB:68:E2:F1:03:B0:15:9E:DF:A1:B5:95
ValidityTue, 26 Nov 2024 05:26:15 GMT - Mon, 24 Feb 2025 05:26:14 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wrr?z=5187598&p_rid=9d7e4e72-dfbc-49dc-93e7-8993ca9f4903&rb=2gjEu-JYz6MHHyZbGr0frVZ4hM8f4G9MOBj6-4LnUa7Gr-jTayAMnKCMf2E460zusiCYza7crGVawvW_A8CwVPPyao4gS9gce8vDen3FPDDJK_aVwXYJR2_NPLetap2XrQ0drsm5ffexYx9TaYevcxS-ipTtcCQSzyma3LZ3rrc58oPa541aHJWwbDACZtRgssPNRuUnFqU5woaTUWbHFD7wbsWIp6ANgEL-_r8qJAn75O8u60dsZb_sP7PdoEOVNjP--FGy6em_BZDa&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fs3embtaku.pro%2Fdownload%3Fid%3DMTQyNzM3&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1028.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=1&dmn=roastoup.com&userId=00813cc57c00462efb6d13876c4903c4 HTTP/1.1
Host: roastoup.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s3embtaku.pro/
Origin: https://s3embtaku.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 24 Dec 2024 15:48:18 GMT
content-type: text/plain
content-length: 2
x-trace-id: 3db858c59f00a09b8c1f63195017634d
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://s3embtaku.pro
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00813cc57c00462efb6d13876c4903c4; expires=Wed, 24 Dec 2025 15:48:18 GMT; path=/; secure; SameSite=None
oaidts=1735055298; expires=Wed, 24 Dec 2025 15:48:18 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Tue, 31 Dec 2024 15:48:18 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

roastoup.com/?rb=2gjEu-JYz6MHHyZbGr0frVZ4hM8f4G9MOBj6-4LnUa7Gr-jTayAMnKCMf2E460zusiCYza7crGVawvW_A8CwVPPyao4gS9gce8vDen3FPDDJK_aVwXYJR2_NPLetap2XrQ0drsm5ffexYx9TaYevcxS-ipTtcCQSzyma3LZ3rrc58oPa541aHJWwbDACZtRgssPNRuUnFqU5woaTUWbHFD7wbsWIp6ANgEL-_r8qJAn75O8u60dsZb_sP7PdoEOVNjP--FGy6em_BZDa&request_ab2=0&zoneid=5187598&js_build=iclick-v1.1028.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fs3embtaku.pro%2Fdownload%3Fid%3DMTQyNzM3&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1028.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=9d7e4e72-dfbc-49dc-93e7-8993ca9f4903&wasm=1&userId=00813cc57c00462efb6d13876c4903c4&m=link

139.45.197.106

200 OK

223 kB

URL GET HTTP/2
roastoup.com/?rb=2gjEu-JYz6MHHyZbGr0frVZ4hM8f4G9MOBj6-4LnUa7Gr-jTayAMnKCMf2E460zusiCYza7crGVawvW_A8CwVPPyao4gS9gce8vDen3FPDDJK_aVwXYJR2_NPLetap2XrQ0drsm5ffexYx9TaYevcxS-ipTtcCQSzyma3LZ3rrc58oPa541aHJWwbDACZtRgssPNRuUnFqU5woaTUWbHFD7wbsWIp6ANgEL-_r8qJAn75O8u60dsZb_sP7PdoEOVNjP--FGy6em_BZDa&request_ab2=0&zoneid=5187598&js_build=iclick-v1.1028.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fs3embtaku.pro%2Fdownload%3Fid%3DMTQyNzM3&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1028.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=9d7e4e72-dfbc-49dc-93e7-8993ca9f4903&wasm=1&userId=00813cc57c00462efb6d13876c4903c4&m=link
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerLet's Encrypt
Subjectroastoup.com
FingerprintE0:4D:9D:AE:7B:42:15:EA:CB:68:E2:F1:03:B0:15:9E:DF:A1:B5:95
ValidityTue, 26 Nov 2024 05:26:15 GMT - Mon, 24 Feb 2025 05:26:14 GMT

File type
JavaScript source, ASCII text, with very long lines (2893)
Size
223 kB (223111 bytes)
Hash
fd4d0f9017b236fe3edae39b7e0909b9
bb3688292d3ea5ab7bb1954941363b62ae92fcb1
bea27ff1baee7934d2ef3e3c93dca5fd58c0d267a280378c27650bdd7805e72b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=2gjEu-JYz6MHHyZbGr0frVZ4hM8f4G9MOBj6-4LnUa7Gr-jTayAMnKCMf2E460zusiCYza7crGVawvW_A8CwVPPyao4gS9gce8vDen3FPDDJK_aVwXYJR2_NPLetap2XrQ0drsm5ffexYx9TaYevcxS-ipTtcCQSzyma3LZ3rrc58oPa541aHJWwbDACZtRgssPNRuUnFqU5woaTUWbHFD7wbsWIp6ANgEL-_r8qJAn75O8u60dsZb_sP7PdoEOVNjP--FGy6em_BZDa&request_ab2=0&zoneid=5187598&js_build=iclick-v1.1028.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fs3embtaku.pro%2Fdownload%3Fid%3DMTQyNzM3&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1028.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=9d7e4e72-dfbc-49dc-93e7-8993ca9f4903&wasm=1&userId=00813cc57c00462efb6d13876c4903c4&m=link HTTP/1.1
Host: roastoup.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s3embtaku.pro/
Origin: https://s3embtaku.pro
DNT: 1
Connection: keep-alive
Cookie: OAID=00813cc57c00462efb6d13876c4903c4; oaidts=1735055297
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 24 Dec 2024 15:48:18 GMT
content-type: application/json
x-trace-id: ca479e44a21f0b481472d86518b7865f
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://s3embtaku.pro
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00813cc57c00462efb6d13876c4903c4; expires=Wed, 24 Dec 2025 15:48:17 GMT; path=/; secure; SameSite=None
oaidts=1735055297; expires=Wed, 24 Dec 2025 15:48:17 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Tue, 31 Dec 2024 15:48:17 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/styles__ltr.css

142.250.74.99

200 OK

42 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/styles__ltr.css
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint40:A7:D7:D3:7D:FA:BE:34:C0:7E:6F:F7:9F:55:52:22:92:07:C7:EF
ValidityMon, 02 Dec 2024 08:36:58 GMT - Mon, 24 Feb 2025 08:36:57 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
42 kB (42044 bytes)
Hash
6aec8cfd5d3a790339dc627f9f1229b5
b6c8cffe38e1015dd8595f2dd1a92435e2795874
80583fa3c83831a9e036eba0500d1b9c0d30892d0701f1617e0fafaf5aeaa2ca

HTTP Headers

GET /recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 42044
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Dec 2024 11:53:04 GMT
expires: Wed, 24 Dec 2025 11:53:04 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 10 Dec 2024 23:05:10 GMT
content-type: text/css
vary: Accept-Encoding
age: 14114
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js

142.250.74.99

200 OK

221 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint40:A7:D7:D3:7D:FA:BE:34:C0:7E:6F:F7:9F:55:52:22:92:07:C7:EF
ValidityMon, 02 Dec 2024 08:36:58 GMT - Mon, 24 Feb 2025 08:36:57 GMT

File type
JavaScript source, ASCII text, with very long lines (654)
Size
221 kB (220882 bytes)
Hash
19ddac3be88eda2c8263c5d52fa7f6bd
c81720778f57c56244c72ce6ef402bb4de5f9619
b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6

HTTP Headers

GET /recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 220882
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Dec 2024 11:53:05 GMT
expires: Wed, 24 Dec 2025 11:53:05 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 10 Dec 2024 23:05:10 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 14113
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint40:A7:D7:D3:7D:FA:BE:34:C0:7E:6F:F7:9F:55:52:22:92:07:C7:EF
ValidityMon, 02 Dec 2024 08:36:58 GMT - Mon, 24 Feb 2025 08:36:57 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Dec 2024 04:23:18 GMT
expires: Sun, 21 Dec 2025 04:23:18 GMT
cache-control: public, max-age=31536000
age: 300300
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint40:A7:D7:D3:7D:FA:BE:34:C0:7E:6F:F7:9F:55:52:22:92:07:C7:EF
ValidityMon, 02 Dec 2024 08:36:58 GMT - Mon, 24 Feb 2025 08:36:57 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Dec 2024 18:53:03 GMT
expires: Sat, 20 Dec 2025 18:53:03 GMT
cache-control: public, max-age=31536000
age: 334515
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js

142.250.74.99

200 OK

221 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint40:A7:D7:D3:7D:FA:BE:34:C0:7E:6F:F7:9F:55:52:22:92:07:C7:EF
ValidityMon, 02 Dec 2024 08:36:58 GMT - Mon, 24 Feb 2025 08:36:57 GMT

File type
JavaScript source, ASCII text, with very long lines (654)
Size
221 kB (220882 bytes)
Hash
19ddac3be88eda2c8263c5d52fa7f6bd
c81720778f57c56244c72ce6ef402bb4de5f9619
b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6

HTTP Headers

GET /recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 220882
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Dec 2024 11:53:05 GMT
expires: Wed, 24 Dec 2025 11:53:05 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 10 Dec 2024 23:05:10 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 14113
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/js/bg/GaYUpI3TM2ZeJrJuY6shdNLJBEVQZd83XqI1ZKo9ZSY.js

142.250.74.164

200 OK

7.7 kB

URL GET HTTP/3
www.google.com/js/bg/GaYUpI3TM2ZeJrJuY6shdNLJBEVQZd83XqI1ZKo9ZSY.js
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint36:7C:F6:D0:DA:DB:45:E1:80:A6:76:D2:C1:A5:38:1A:0B:8D:99:4E
ValidityMon, 02 Dec 2024 08:35:57 GMT - Mon, 24 Feb 2025 08:35:56 GMT

File type
JavaScript source, ASCII text, with very long lines (18300)
Size
7.7 kB (7730 bytes)
Hash
46074f20715b2e1d71813fe06d27f940
0a1f5fa5e8ee3161ee0a7fcf754fea35a4d6c3f5
19a614a48dd333665e26b26e63ab2174d2c904455065df375ea23564aa3d6526

HTTP Headers

GET /js/bg/GaYUpI3TM2ZeJrJuY6shdNLJBEVQZd83XqI1ZKo9ZSY.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 7730
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Dec 2024 06:07:29 GMT
expires: Tue, 23 Dec 2025 06:07:29 GMT
cache-control: public, max-age=31536000
age: 121250
last-modified: Mon, 02 Dec 2024 19:00:00 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/logo_48.png

142.250.74.99

200 OK

2.2 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/api2/logo_48.png
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint40:A7:D7:D3:7D:FA:BE:34:C0:7E:6F:F7:9F:55:52:22:92:07:C7:EF
ValidityMon, 02 Dec 2024 08:36:58 GMT - Mon, 24 Feb 2025 08:36:57 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
2.2 kB (2228 bytes)
Hash
ef9941290c50cd3866e2ba6b793f010d
4736508c795667dcea21f8d864233031223b7832
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

HTTP Headers

GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Dec 2024 03:59:14 GMT
expires: Sat, 28 Dec 2024 03:59:14 GMT
cache-control: public, max-age=604800
age: 301745
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

s3embtaku.pro/favicon.ico

188.114.96.1

404 Not Found

611 B

URL GET HTTP/3
s3embtaku.pro/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subjects3embtaku.pro
Fingerprint8A:F0:26:A9:B1:6F:B3:75:9A:AE:B9:D0:7E:05:7F:7F:18:77:EE:B8
ValiditySun, 03 Nov 2024 18:19:22 GMT - Sat, 01 Feb 2025 19:19:18 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
611 B (611 bytes)
Hash
70461da8b94c6ca5d2fda3260c5a8c3b
994bc667720c21257500e29038c1a5f61e25da1e
f33c27745f2bd87344be790465ef984a972fd539dc83bd4f61d4242c607ef1ee

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: s3embtaku.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/download?id=MTQyNzM3
Cookie: tvshow=bgarncsg8rvmdnoojbi0826lv5; token=676ad7c14d22b; _ga_PY1M3DS3LQ=GS1.1.1735055297.1.0.1735055297.0.0.0; _ga=GA1.1.380921489.1735055298; prefetchAd_5187598=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Tue, 24 Dec 2024 15:48:18 GMT
content-type: text/html
vary: Accept-Encoding, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FAlAG0lVS743rE2N9%2FgjIM5P4Pol6h9fiykFt%2FkiqQMa%2BEraSG1RWo7rnKPFUg8brbwG%2BhQ2Np0lqDqtFGFk0aYnMy7ap5kBQzQJ2RdvrFjFzRzJ9fxTRILQzS%2FWr%2FDC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f71bc1d8b8f56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7068&min_rtt=1531&rtt_var=6148&sent=418&recv=28&lost=0&retrans=0&sent_bytes=474238&recv_bytes=4512&delivery_rate=13243933&cwnd=194400&unsent_bytes=0&cid=74c3bc172178ee75&ts=1972&x=1", cfExtPri, cfHdrFlush;dur=0

platform.bidgear.com/ads.php?domainid=3113&sizeid=17&zoneid=8091

104.26.2.107

200 OK

4.7 kB

URL GET HTTP/2
platform.bidgear.com/ads.php?domainid=3113&sizeid=17&zoneid=8091
IP
104.26.2.107:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subjectbidgear.com
Fingerprint5B:B2:B7:5E:75:87:C6:03:CA:E0:A0:13:57:FC:41:6F:31:84:EB:35
ValidityFri, 22 Nov 2024 04:51:44 GMT - Thu, 20 Feb 2025 04:51:43 GMT

File type
HTML document, ASCII text, with very long lines (575), with no line terminators
Size
4.7 kB (4678 bytes)
Hash
ac98affbfe09128c3f1919dab2b705e4
6a407184ad55eb2d60f01c01e8fc3f8143cac676
8eafdb973895cf171495b8c6a764de930ba1f9517212ef45d567a618d78ed058

HTTP Headers

GET /ads.php?domainid=3113&sizeid=17&zoneid=8091 HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Dec 2024 15:48:17 GMT
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ImqfBZiOex%2BeLzz9bCgIRJduTp2qaRMtsIoTpX4Jmg0mNHPQGNTi4eutrH%2F%2FJCxduRQjz9TXR4C5nkFckXF2%2F4xT%2FepE1xg%2BSng%2B%2FPmp0wXXSvL%2BsHBjGiJEWfRxE70wkTTI0Mwu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f71bc15ab9a568e-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1344&min_rtt=686&rtt_var=570&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3251&recv_bytes=1216&delivery_rate=2110787&cwnd=253&unsent_bytes=0&cid=a08617784f558877&ts=169&x=0"
X-Firefox-Spdy: h2

www.google.com/recaptcha/api2/clr?k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO

142.250.74.164

200 OK

0 B

URL POST HTTP/3
www.google.com/recaptcha/api2/clr?k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint36:7C:F6:D0:DA:DB:45:E1:80:A6:76:D2:C1:A5:38:1A:0B:8D:99:4E
ValidityMon, 02 Dec 2024 08:35:57 GMT - Mon, 24 Feb 2025 08:35:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /recaptcha/api2/clr?k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-protobuf
Content-Length: 1536
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx
Cookie: _GRECAPTCHA=09AJNbFnd9kwQjFU5d0nr7fK0wDn_OBIGbmox_zbbqwncoMagJ-JqJkylGOk9WcP4Wjs_tBej1bulsT-oesjW-VmA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/binary
cross-origin-resource-policy: same-site
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Tue, 24 Dec 2024 15:48:20 GMT
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

s3embtaku.pro/img/dow.png

188.114.96.1

200 OK

1.2 kB

URL GET HTTP/3
s3embtaku.pro/img/dow.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subjects3embtaku.pro
Fingerprint8A:F0:26:A9:B1:6F:B3:75:9A:AE:B9:D0:7E:05:7F:7F:18:77:EE:B8
ValiditySun, 03 Nov 2024 18:19:22 GMT - Sat, 01 Feb 2025 19:19:18 GMT

File type
PNG image data, 22 x 23, 8-bit/color RGBA, non-interlaced
Size
1.2 kB (1238 bytes)
Hash
e23b8cb713be7c87bb688043c7a0e6a0
d6f6c6955342a448634a0a96faa18be89f5901d5
d8ecc3017253b4df99f95ea6fff67923ef559a2b54dc7ddb8aa425eb162b6f94

HTTP Headers

GET /img/dow.png HTTP/1.1
Host: s3embtaku.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/css/style.css?v=1.2
Cookie: tvshow=bgarncsg8rvmdnoojbi0826lv5; token=676ad7c14d22b; _ga_PY1M3DS3LQ=GS1.1.1735055297.1.0.1735055297.0.0.0; _ga=GA1.1.380921489.1735055298; prefetchAd_5187598=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 24 Dec 2024 15:48:20 GMT
content-type: image/png
content-length: 1238
last-modified: Wed, 28 Feb 2024 17:39:10 GMT
etag: "65df6fbe-4d6"
expires: Thu, 09 Jan 2025 01:30:16 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 1261084
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BanYuJ0TucxFhT9v0VbANoWhT3cvRGb1Ywl1vKcfG5B38xiNXG6u7GA9Cs6TbhvtOO1cMsPXqmiFiSF0EAgDpakOhomp3nsCr1d1xUlmhNu%2FnzVTgo8cevRFCoznHoDo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f71bc2c4aa356b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6113&min_rtt=1321&rtt_var=5233&sent=424&recv=32&lost=0&retrans=0&sent_bytes=476631&recv_bytes=6340&delivery_rate=6343&cwnd=194400&unsent_bytes=0&cid=74c3bc172178ee75&ts=4194&x=1", cfExtPri, cfHdrFlush;dur=0

www.google.com/recaptcha/api2/reload?k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO

142.250.74.164

200 OK

16 kB

URL POST HTTP/3
www.google.com/recaptcha/api2/reload?k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint36:7C:F6:D0:DA:DB:45:E1:80:A6:76:D2:C1:A5:38:1A:0B:8D:99:4E
ValidityMon, 02 Dec 2024 08:35:57 GMT - Mon, 24 Feb 2025 08:35:56 GMT

File type
gzip compressed data, max compression
Size
16 kB (16532 bytes)
Hash
c3e82c1d59a936de2ef1c904fa41104e
80d8fec53273cc2591c14c8fc228ce78207e6b83
9e28ea449cd29e1d6b9f065f0b5d0bfe3c92c8ede8a858d123235ebd7338399d

HTTP Headers

POST /recaptcha/api2/reload?k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-protobuffer
Content-Length: 10620
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
cross-origin-resource-policy: same-site
content-encoding: gzip
date: Tue, 24 Dec 2024 15:48:20 GMT
server: ESF
cache-control: private
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: _GRECAPTCHA=09AJNbFnd9kwQjFU5d0nr7fK0wDn_OBIGbmox_zbbqwncoMagJ-JqJkylGOk9WcP4Wjs_tBej1bulsT-oesjW-VmA; Expires=Sun, 22-Jun-2025 15:48:20 GMT; Path=/recaptcha; Secure; HttpOnly; Priority=HIGH; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 24 Dec 2024 15:48:20 GMT

s3embtaku.pro/css/font.css

188.114.96.1

200 OK

555 B

URL GET HTTP/3
s3embtaku.pro/css/font.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subjects3embtaku.pro
Fingerprint8A:F0:26:A9:B1:6F:B3:75:9A:AE:B9:D0:7E:05:7F:7F:18:77:EE:B8
ValiditySun, 03 Nov 2024 18:19:22 GMT - Sat, 01 Feb 2025 19:19:18 GMT

File type
ASCII text, with very long lines (579), with no line terminators
Size
555 B (555 bytes)
Hash
68057754334ec6b19c23009969f62d84
6cd2778075262326a20483029e8674cf363d25c1
2382046eda4fff39ba2503ee17e71a7301975284a9f8b1700067d761ebc2c86e

HTTP Headers

GET /css/font.css HTTP/1.1
Host: s3embtaku.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/download?id=MTQyNzM3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 24 Dec 2024 15:48:16 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding
last-modified: Wed, 28 Feb 2024 17:39:10 GMT
etag: W/"65df6fbe-22b"
expires: Thu, 09 Jan 2025 01:30:04 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
content-encoding: gzip
cf-cache-status: HIT
age: 1261092
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FqQtdSaVpGli6KqHXTS1X%2Fzi96Akgh09onE8gv0j1RL%2FGUCu4rFXMYJTdEg%2BLFYFQK9CH4wjagSQz5KmDXH04ivO1Ks2lcnQsfTP6bzA0adHidsnuhQLxDckcyXvIgYm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f71bc150c0d56b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15503&min_rtt=5917&rtt_var=9066&sent=18&recv=12&lost=0&retrans=0&sent_bytes=5989&recv_bytes=2334&delivery_rate=99538&cwnd=12000&unsent_bytes=0&cid=74c3bc172178ee75&ts=474&x=1", cfExtPri, cfHdrFlush;dur=0

www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx

142.250.74.164

200 OK

47 kB

URL GET HTTP/3
www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint36:7C:F6:D0:DA:DB:45:E1:80:A6:76:D2:C1:A5:38:1A:0B:8D:99:4E
ValidityMon, 02 Dec 2024 08:35:57 GMT - Mon, 24 Feb 2025 08:35:56 GMT

File type
HTML document, ASCII text, with very long lines (38211)
Size
47 kB (47108 bytes)
Hash
c1b9e9d5755ac5e44de6bcbd5986091a
e25d77e40fb41dd465f4fbbc0539c91413e0e80c
247293f1c98d725e008978100be96ff438ff2b1c6abf312a4323c4d9ca76b1d7

HTTP Headers

GET /recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}, {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 24 Dec 2024 15:48:18 GMT
content-security-policy: script-src 'nonce-AHeWs_aazGZsTLd0HVo_vQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

s3embtaku.pro/js/jw8.21/jwplayer.js?v=11.0

188.114.96.1

200 OK

114 kB

URL GET HTTP/3
s3embtaku.pro/js/jw8.21/jwplayer.js?v=11.0
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subjects3embtaku.pro
Fingerprint8A:F0:26:A9:B1:6F:B3:75:9A:AE:B9:D0:7E:05:7F:7F:18:77:EE:B8
ValiditySun, 03 Nov 2024 18:19:22 GMT - Sat, 01 Feb 2025 19:19:18 GMT

File type
JavaScript source, ASCII text, with very long lines (65143)
Size
114 kB (114468 bytes)
Hash
bb5e42e4210f921bac1043a165b87703
7bb8da96bbed9a24799868bfb394863597f27726
421bd3d398dcba5196a09a792b61ae1f4f2de63109396b16ac4f76d8e4d8d763

HTTP Headers

GET /js/jw8.21/jwplayer.js?v=11.0 HTTP/1.1
Host: s3embtaku.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/download?id=MTQyNzM3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 24 Dec 2024 15:48:16 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding
last-modified: Wed, 28 Feb 2024 17:39:10 GMT
etag: W/"65df6fbe-1bf24"
expires: Thu, 09 Jan 2025 05:42:45 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
content-encoding: gzip
cf-cache-status: HIT
age: 1245931
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SBkdkkSXM7kxFdRfltGARcy%2F0MRxBAgYfXFZnf46BqlLASnlwCI7KIm4rOK1NuQpe0zTS3opZiG00XEP75AvnE2DWwUlcb9%2B%2BbUfoVch7X1N2w57ACdhAa57F9gW6SFS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f71bc150c1656b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15137&min_rtt=5917&rtt_var=7532&sent=48&recv=13&lost=0&retrans=0&sent_bytes=40173&recv_bytes=2378&delivery_rate=26605&cwnd=24000&unsent_bytes=0&cid=74c3bc172178ee75&ts=483&x=1", cfExtPri, cfHdrFlush;dur=8

s3embtaku.pro/download

188.114.96.1

200 OK

3.0 kB

URL POST HTTP/3
s3embtaku.pro/download
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subjects3embtaku.pro
Fingerprint8A:F0:26:A9:B1:6F:B3:75:9A:AE:B9:D0:7E:05:7F:7F:18:77:EE:B8
ValiditySun, 03 Nov 2024 18:19:22 GMT - Sat, 01 Feb 2025 19:19:18 GMT

File type
ASCII text, with very long lines (3054), with no line terminators
Size
3.0 kB (2970 bytes)
Hash
e80c10d985bc3373134f083a37050689
a7b53094290c19a49ab4618c41a405032aa2ad86
375d79a9749e427b83cc99a897a62a3fa3d969a7ac1e0fe10bea8eddfbce0d47

HTTP Headers

POST /download HTTP/1.1
Host: s3embtaku.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 869
Origin: https://s3embtaku.pro
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/download?id=MTQyNzM3
Cookie: tvshow=bgarncsg8rvmdnoojbi0826lv5; token=676ad7c14d22b; _ga_PY1M3DS3LQ=GS1.1.1735055297.1.0.1735055297.0.0.0; _ga=GA1.1.380921489.1735055298; prefetchAd_5187598=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 24 Dec 2024 15:48:20 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding
x-powered-by: PHP/5.6.13
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oZaQvofkc0mSH4Pg7OfmwsCL2gMZZUSrBt95dte2cruJMSNP00%2F7cDKda1DGBm4tkve9YS0UxkhldoVYq%2Ft0pkZhLmbQ8%2Fc8ec8Wm0yimNEKTdSSZsjTsljw3hlm%2B2UG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f71bc2aa91c56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6797&min_rtt=1531&rtt_var=5152&sent=420&recv=30&lost=0&retrans=0&sent_bytes=475056&recv_bytes=5889&delivery_rate=4592&cwnd=194400&unsent_bytes=0&cid=74c3bc172178ee75&ts=4169&x=1", cfExtPri, cfHdrFlush;dur=0

www.google.com/recaptcha/api.js?render=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO

142.250.74.164

200 OK

904 B

URL GET HTTP/2
www.google.com/recaptcha/api.js?render=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
Fingerprint73:D7:A2:DD:D9:66:88:D8:12:DA:21:B2:6C:66:23:55:F7:97:39:A7
ValidityMon, 02 Dec 2024 08:37:44 GMT - Mon, 24 Feb 2025 08:37:43 GMT

File type
JavaScript source, ASCII text, with very long lines (904), with no line terminators
Size
904 B (904 bytes)
Hash
d12fa7d1a0d33c3e12e23966a416c0ae
bb798d0681a5264e81c4ce868f6761b518614da8
542e6a6da699efadb6e1ba4b099963cc5f2685a386d7895de98d2aa78d463bd9

HTTP Headers

GET /recaptcha/api.js?render=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Tue, 24 Dec 2024 15:48:17 GMT
date: Tue, 24 Dec 2024 15:48:17 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

roastoup.com/5/5187598

139.45.197.106

200 OK

76 kB

URL GET HTTP/2
roastoup.com/5/5187598
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerLet's Encrypt
Subjectroastoup.com
FingerprintE0:4D:9D:AE:7B:42:15:EA:CB:68:E2:F1:03:B0:15:9E:DF:A1:B5:95
ValidityTue, 26 Nov 2024 05:26:15 GMT - Mon, 24 Feb 2025 05:26:14 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
76 kB (76310 bytes)
Hash
e0d32598447af7da05f76dd9dc1310b3
a357ec72d63e8469512a354eefc983fa79efc8a2
7f86e09f8c904d36c5918c2b18bbbe35949676c2f5ff28a3bbdfc7f23bbfa92e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/5187598 HTTP/1.1
Host: roastoup.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 24 Dec 2024 15:48:17 GMT
content-type: application/javascript
x-trace-id: 880627b627a1443df333ed457d38438c
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00813cc57c00462efb6d13876c4903c4; expires=Wed, 24 Dec 2025 15:48:17 GMT; path=/; secure; SameSite=None
oaidts=1735055297; expires=Wed, 24 Dec 2025 15:48:17 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

imp9.bidgear.com/rec?t=1&z=8091&uuid=7e8c35e1515545b7a1ae2210c1aecad3&p=85&g=NO&token=5db9ccaf1a&tbg=1735055296

104.26.2.107

200 OK

0 B

URL GET HTTP/2
imp9.bidgear.com/rec?t=1&z=8091&uuid=7e8c35e1515545b7a1ae2210c1aecad3&p=85&g=NO&token=5db9ccaf1a&tbg=1735055296
IP
104.26.2.107:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGoogle Trust Services
Subjectbidgear.com
Fingerprint5B:B2:B7:5E:75:87:C6:03:CA:E0:A0:13:57:FC:41:6F:31:84:EB:35
ValidityFri, 22 Nov 2024 04:51:44 GMT - Thu, 20 Feb 2025 04:51:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /rec?t=1&z=8091&uuid=7e8c35e1515545b7a1ae2210c1aecad3&p=85&g=NO&token=5db9ccaf1a&tbg=1735055296 HTTP/1.1
Host: imp9.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Dec 2024 15:48:17 GMT
content-length: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KFaeng2HDIgCXDjQwM3xpXzOKHucFN4q1GbfnEz0mKM%2FBjtJznhfz8%2BTO%2Bajo%2FTPO3%2Fd57pTznbT1%2F4SEhQfbYNOc5iaiCMM2sBl4Qk%2FnPs90pVAja81JSKc91AKOVZ85fk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f71bc196f2c568e-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=2051&min_rtt=686&rtt_var=1841&sent=12&recv=13&lost=0&retrans=1&sent_bytes=4323&recv_bytes=1392&delivery_rate=2110787&cwnd=257&unsent_bytes=0&cid=a08617784f558877&ts=894&x=0"
X-Firefox-Spdy: h2

ssl.p.jwpcdn.com/player/v/8.21.1/jwpsrv.js

151.101.2.114

200 OK

58 kB

URL GET HTTP/2
ssl.p.jwpcdn.com/player/v/8.21.1/jwpsrv.js
IP
151.101.2.114:443
ASN
#54113 FASTLY

Requested by
https://s3embtaku.pro/download?id=MTQyNzM3
Certificate
IssuerGlobalSign nv-sa
Subject*.jwplayer.com
FingerprintEB:7D:6F:C0:96:2F:66:35:5C:60:21:FF:31:D2:7A:D1:4F:C7:CF:96
ValidityTue, 02 Jul 2024 18:10:25 GMT - Sun, 03 Aug 2025 18:10:24 GMT

File type
JavaScript source, ASCII text, with very long lines (58529)
Size
58 kB (58530 bytes)
Hash
2d642e2770c705fe7a30a5a3a28396ea
1517b2df995bbb9f184a8f9d6ea6bcf46b464ee1
59582c75d6c2b9e2b4bbf226db778d7211d60de3343c83c809ad5a59a322fc15

HTTP Headers

GET /player/v/8.21.1/jwpsrv.js HTTP/1.1
Host: ssl.p.jwpcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s3embtaku.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=900, immutable
last-modified: Fri, 16 Jul 2021 21:39:28 GMT
etag: "2d642e2770c705fe7a30a5a3a28396ea"
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
age: 777
date: Tue, 24 Dec 2024 15:48:17 GMT
via: 1.1 varnish
x-served-by: cache-hel1410031-HEL
x-cache: HIT
x-cache-hits: 0
x-timer: S1735055297.087750,VS0,VE1
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 17364
X-Firefox-Spdy: h2

www.google.com/recaptcha/api2/webworker.js?hl=en&v=zIriijn3uj5Vpknvt_LnfNbF

142.250.74.164

200 OK

102 B

URL GET HTTP/3
www.google.com/recaptcha/api2/webworker.js?hl=en&v=zIriijn3uj5Vpknvt_LnfNbF
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint36:7C:F6:D0:DA:DB:45:E1:80:A6:76:D2:C1:A5:38:1A:0B:8D:99:4E
ValidityMon, 02 Dec 2024 08:35:57 GMT - Mon, 24 Feb 2025 08:35:56 GMT

File type
ASCII text, with no line terminators
Size
102 B (102 bytes)
Hash
c206147c7cae99642a4f8a2c640a0019
8c32b7b7e0807bbe85e5c8c94f87afea31eedc40
6f55adbecce78b9c566f8dc830177dc91782702ff35f213f009fc2b902e25603

HTTP Headers

GET /recaptcha/api2/webworker.js?hl=en&v=zIriijn3uj5Vpknvt_LnfNbF HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LealdkbAAAAAHbox4XlHS8ZMQ6lkcx96WV62UfO&co=aHR0cHM6Ly9zM2VtYnRha3UucHJvOjQ0Mw..&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ylgjxp91zpvx
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/javascript; charset=utf-8
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}, {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
expires: Tue, 24 Dec 2024 15:48:18 GMT
date: Tue, 24 Dec 2024 15:48:18 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: same-site
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL