Report - coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp

Report Overview

Visited public
2023-09-28 14:46:36
Tags
URL
coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Finishing URL
coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp#
IP / ASN
172.67.223.227
#13335 CLOUDFLARENET
Title
AI analysis for best results

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
buqkrzbrucz.com	unknown	2022-12-13	2022-12-13 17:08:33	2023-09-28 09:48:10	455 B	50 kB	62.122.171.6
amunfezanttor.com	unknown	2023-03-31	2023-03-31 14:42:42	2023-09-28 09:02:39	507 B	542 B	139.45.197.250
zerossl.ocsp.sectigo.com	4049	2018-08-16	2020-05-09 21:05:29	2023-09-27 20:51:30	1.0 kB	3.7 kB	104.18.14.101
coolbearsdaily53.com	unknown	2023-09-15	2023-09-15 10:41:42	2023-09-28 05:17:52	7.1 kB	47 kB	172.67.223.227
ocsp.buypass.com	157566	2004-08-13	2017-01-30 05:59:29	2023-09-28 09:34:10	330 B	2.2 kB	23.36.76.200
4.groovinews.com	unknown	2022-12-20	2023-02-04 03:23:12	2023-09-27 19:50:55	3.5 kB	3.8 MB	45.133.44.20
forlumineoner.com	298831	2020-04-08	2020-04-27 15:07:45	2023-09-28 14:12:12	4.6 kB	106 kB	139.45.197.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-28	medium	amunfezanttor.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	coolbearsdaily53.com/DAT4exits/assets/main.js	ScriptElement	6.7 kB	2024-08-21	2024-08-21
Pretty URL coolbearsdaily53.com/DAT4exits/assets/main.js IP 172.67.223.227 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 05:35 Last Seen2024-08-21 05:36 Times Seen2 Hash 619ad23bc2883450ad9f1b87a3ba349e 777bcdb55eaad2204fc08fe0cd194c59b2f53783 d663bf4a9856517243af6386f195b8cb1eea3cf22b1c790a39956b0a24bf73b5 Loading...

	coolbearsdaily53.com/DAT4exits/assets/translates.js	ScriptElement	16 kB	2023-09-28	2024-08-21
Pretty URL coolbearsdaily53.com/DAT4exits/assets/translates.js IP 172.67.223.227 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-28 15:36 Last Seen2024-08-21 05:36 Times Seen15 Hash 44f4331e8b2c3a150901b76d5f935482 ae52398678f654d25566315081e21e59bb75e161 44879bfe497606e0a84d775934dfc0197680230f19e30c25870172a720550751 Loading...

	buqkrzbrucz.com/pn21ywqw/z/sc/scssx/1996873/lib.js?var=1966914&prpsrc=null	ScriptElement	28 kB	2024-08-21	2024-08-21
Pretty URL buqkrzbrucz.com/pn21ywqw/z/sc/scssx/1996873/lib.js?var=1966914&prpsrc=null IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 05:35 Last Seen2024-08-21 05:35 Times Seen1 Hash 5c965386b1e5907941aac13087772c85 af2533869c03deaa284fcc413f0144e9b9d49e63 27292caf13dba6d449bb707ec6d08bd64230eb94024a7b15bd127382538e31d6 Loading...

	forlumineoner.com/pfe/current/tag.min.js?pub=1&z=1996873&var=1966914\|\|\|null	ScriptElement	13 kB	2023-09-28	2023-10-02
Pretty URL forlumineoner.com/pfe/current/tag.min.js?pub=1&z=1996873&var=1966914\|\|\|null IP 139.45.197.229 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-28 15:41 Last Seen2023-10-02 17:29 Times Seen44 Hash a947e289a6818640ffbfe15aa29a3539 e101e57c14b8aa3626ae6dcaef119124a86db518 d2f6ec8cfd87e4f351d8fb19e3946c91b70a674ce17ebe8b9f4f1c3627408138 Loading...

	unknown	ScriptElement	88 kB	2023-09-28	2023-10-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-28 15:41 Last Seen2023-10-02 16:21 Times Seen41 Hash c2ad122272116c830c3a8d0b93ffab29 38235d28e18653b3e040b0ce01d2fd4607008a87 9c0000ce79e1f60c12eb25458baac809a05b436d6361b4c909c5a8dd679e204d Loading...

		Size	First Seen	Last Seen
	#1 Eval - d41d8cd98f00b204e9800998ecf8427e	0 B	0001-01-01 00:00	2025-05-11 11:01
Pretty Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 11:01 Times Seen4653614 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (27)

URL IP Response Size

zerossl.ocsp.sectigo.com/

104.18.14.101

727 B

URL
zerossl.ocsp.sectigo.com/
IP
104.18.14.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
8a7ea3f071fd3a3831388d4d72a11fa7
5949349863bc1aecec2d037016b77d12d8b7b564
61bf59c4ffe8374fbfdabaaa60bb61208769c765b089abce1e9cbbef49c06d78

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Sep 2023 14:46:18 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Tue, 26 Sep 2023 00:16:56 GMT
Expires: Tue, 03 Oct 2023 00:16:55 GMT
Etag: "5949349863bc1aecec2d037016b77d12d8b7b564"
Cache-Control: max-age=379410,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 80dcc66ffa9d56ab-OSL

zerossl.ocsp.sectigo.com/

104.18.14.101

727 B

URL
zerossl.ocsp.sectigo.com/
IP
104.18.14.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
8a7ea3f071fd3a3831388d4d72a11fa7
5949349863bc1aecec2d037016b77d12d8b7b564
61bf59c4ffe8374fbfdabaaa60bb61208769c765b089abce1e9cbbef49c06d78

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Sep 2023 14:46:18 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Tue, 26 Sep 2023 00:16:56 GMT
Expires: Tue, 03 Oct 2023 00:16:55 GMT
Etag: "5949349863bc1aecec2d037016b77d12d8b7b564"
Cache-Control: max-age=380147,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 80dcc66ffcec5690-OSL

zerossl.ocsp.sectigo.com/

104.18.14.101

727 B

URL
zerossl.ocsp.sectigo.com/
IP
104.18.14.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
8a7ea3f071fd3a3831388d4d72a11fa7
5949349863bc1aecec2d037016b77d12d8b7b564
61bf59c4ffe8374fbfdabaaa60bb61208769c765b089abce1e9cbbef49c06d78

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Sep 2023 14:46:18 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Tue, 26 Sep 2023 00:16:56 GMT
Expires: Tue, 03 Oct 2023 00:16:55 GMT
Etag: "5949349863bc1aecec2d037016b77d12d8b7b564"
Cache-Control: max-age=379359,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 80dcc66ffbe6b4f3-OSL

coolbearsdaily53.com/DAT4exits/assets/style.css

172.67.223.227

200 OK

1.7 kB

URL GET HTTP/3
coolbearsdaily53.com/DAT4exits/assets/style.css
IP
172.67.223.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerLet's Encrypt
Subjectcoolbearsdaily53.com
FingerprintFF:FA:06:63:17:3B:DB:E2:32:29:C3:A9:01:F4:A6:98:0F:3F:F8:0F
ValidityFri, 15 Sep 2023 07:06:20 GMT - Thu, 14 Dec 2023 07:06:19 GMT

File type
ASCII text, with very long lines (3318)
Size
1.7 kB (1689 bytes)
Hash
fd713429a707ea113128750c2b91150b
16b97d7ff116fd7e94ad0adeda099eae24bd3d7f
71140088db4098d6de6c3e22a66e57982f8ccdff2afce19bffc3ac88b98bf9a0

HTTP Headers

GET /DAT4exits/assets/style.css HTTP/1.1
Host: coolbearsdaily53.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Sep 2023 14:46:18 GMT
content-type: text/css
last-modified: Thu, 28 Sep 2023 12:39:41 GMT
vary: Accept-Encoding
etag: W/"6515740d-cf7"
cache-control: max-age=14400
cf-cache-status: HIT
age: 272
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ME3ogU4M77lpucktxDW0OBAmOA%2FyV4Les99LIRVXXPputzn%2BerTWMBuXf59jTcFSjxGz18ojyI7%2BZKsUWz48lcBBbnTJJLQpDj4WgZnErkvK6Mub2cvRSpvS6Pmh%2FlPMeZ57EOfN6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80dcc66d4a0d1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ocsp.buypass.com/

23.36.76.200

1.7 kB

URL
ocsp.buypass.com/
IP
23.36.76.200:0
ASN
#20940 Akamai International B.V.

File type
data
Size
1.7 kB (1701 bytes)
Hash
1d3f542d15926f2b7e60cc308bcbc450
5cb21bffec299a96981de172265f886724acb3bd
6aa0d3befffc756b0741ad1ed0e3bfa01a352d3b4a3a51d2ce03344749135a30

HTTP Headers

POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: b9cd63f5-7bea-4afe-8d94-343df2c4741c
Content-Length: 1701
Date: Thu, 28 Sep 2023 14:46:19 GMT
Connection: keep-alive

4.groovinews.com/surv-vid/dat/1.mp4

45.133.44.20

206 Partial Content

940 kB

URL GET HTTP/2
4.groovinews.com/surv-vid/dat/1.mp4
IP
45.133.44.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerZeroSSL
Subject*.groovinews.com
Fingerprint3F:A1:C1:A0:D3:EE:63:EC:87:C3:E8:46:87:1D:D7:74:D9:FB:BD:D5
ValidityWed, 30 Aug 2023 00:00:00 GMT - Tue, 28 Nov 2023 23:59:59 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
940 kB (939936 bytes)
Hash
e848b1b81ebaa2b50ad199ac897957be
d6f740f3913fd694606eda828d0f9df28c8f69e0
98c3305ff0788e45edca33092f16ea78f08fe1545e70c486f3da6170ec21eed0

HTTP Headers

GET /surv-vid/dat/1.mp4 HTTP/1.1
Host: 4.groovinews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://coolbearsdaily53.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
date: Thu, 28 Sep 2023 14:46:19 GMT
content-type: video/mp4
content-length: 1662018
server: nginx/1.24.0
etag: 226e2c42eb9e4d586f8927cda6b282b7
last-modified: Thu, 21 Sep 2023 09:38:47 GMT
x-timestamp: 1695289126.61617
x-trans-id: tx0b2a6c83d5154b2eb108f-00651544dc
x-openstack-request-id: tx0b2a6c83d5154b2eb108f-00651544dc
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Sat, 30 Sep 2023 14:46:19 GMT
cache-control: max-age=172800
vary: Accept-Encoding
x-proxy-cache: HIT
content-range: bytes 0-1662017/1662018
X-Firefox-Spdy: h2

coolbearsdaily53.com/DAT4exits/assets/translates.js

172.67.223.227

200 OK

29 kB

URL GET HTTP/3
coolbearsdaily53.com/DAT4exits/assets/translates.js
IP
172.67.223.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerLet's Encrypt
Subjectcoolbearsdaily53.com
FingerprintFF:FA:06:63:17:3B:DB:E2:32:29:C3:A9:01:F4:A6:98:0F:3F:F8:0F
ValidityFri, 15 Sep 2023 07:06:20 GMT - Thu, 14 Dec 2023 07:06:19 GMT

File type
Unicode text, UTF-8 text
Size
29 kB (28946 bytes)
Hash
b543815e5a839fdb5527c77bdab582ec
9a4495846963f98886c8bb7b8410f50f6d04aa97
b4f53eae85f27a6717656cdf83a3fb3b6ebd06d447f409d637c2ac44e30bf15e

HTTP Headers

GET /DAT4exits/assets/translates.js HTTP/1.1
Host: coolbearsdaily53.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Sep 2023 14:46:18 GMT
content-type: application/javascript
last-modified: Thu, 28 Sep 2023 12:39:41 GMT
vary: Accept-Encoding
etag: W/"6515740d-3def"
cache-control: max-age=14400
cf-cache-status: HIT
age: 271
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ULNYLzC3P0Dki7rnMDNweroK3yW1ZYK4yZsaIwg4B1LvpEKmzfi7kOstKKElh5zo2CO8h0R8oPF23%2B9KgyUhbseqouL%2FIl5BTLvN4CQ164faCLWOAZKffRAbs4lm98SszhMonZACiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80dcc66d5a151c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

coolbearsdaily53.com/DAT4exits/assets/favicon.ico

172.67.223.227

200 OK

3.1 kB

URL GET HTTP/3
coolbearsdaily53.com/DAT4exits/assets/favicon.ico
IP
172.67.223.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerLet's Encrypt
Subjectcoolbearsdaily53.com
FingerprintFF:FA:06:63:17:3B:DB:E2:32:29:C3:A9:01:F4:A6:98:0F:3F:F8:0F
ValidityFri, 15 Sep 2023 07:06:20 GMT - Thu, 14 Dec 2023 07:06:19 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
3.1 kB (3058 bytes)
Hash
a5b2bc25e4a318a89008701226f353da
df1d5f05c4965e9820258c244780b0a421910c3d
a4a4cc3a8840924b046cedacdbec6e93863f9e832f5d983cc684e88d312137c8

HTTP Headers

GET /DAT4exits/assets/favicon.ico HTTP/1.1
Host: coolbearsdaily53.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Sep 2023 14:46:19 GMT
content-type: image/x-icon
last-modified: Thu, 28 Sep 2023 12:39:41 GMT
etag: W/"6515740d-3c2e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 269
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s2qxi0Y23D8B077SJsD0LJMbE%2FicQnGoWPjg8alOmcfuBGB7pkoy%2FpkjI%2F3qduHUQIa1ndhcXwD25a6ifdTTLkPpw30Gufsr1WQDV6jozb5ldplfYuWgDB68Ln0%2F7r9kqr9xtfHkWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80dcc676491e1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

forlumineoner.com/custom

139.45.197.229

200 OK

0 B

URL OPTIONS HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
Fingerprint4E:F2:61:CB:0B:FE:55:6E:10:FD:AA:BE:40:33:68:66:B6:C3:A3:35
ValidityFri, 25 Aug 2023 04:52:03 GMT - Thu, 23 Nov 2023 04:52:02 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://coolbearsdaily53.com/
Origin: https://coolbearsdaily53.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Sep 2023 14:46:17 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://coolbearsdaily53.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

0 B

URL OPTIONS HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
Fingerprint4E:F2:61:CB:0B:FE:55:6E:10:FD:AA:BE:40:33:68:66:B6:C3:A3:35
ValidityFri, 25 Aug 2023 04:52:03 GMT - Thu, 23 Nov 2023 04:52:02 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://coolbearsdaily53.com/
Origin: https://coolbearsdaily53.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Sep 2023 14:46:17 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://coolbearsdaily53.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

0 B

URL OPTIONS HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
Fingerprint4E:F2:61:CB:0B:FE:55:6E:10:FD:AA:BE:40:33:68:66:B6:C3:A3:35
ValidityFri, 25 Aug 2023 04:52:03 GMT - Thu, 23 Nov 2023 04:52:02 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://coolbearsdaily53.com/
Origin: https://coolbearsdaily53.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Sep 2023 14:46:17 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://coolbearsdaily53.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

39 B

URL OPTIONS HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
Fingerprint4E:F2:61:CB:0B:FE:55:6E:10:FD:AA:BE:40:33:68:66:B6:C3:A3:35
ValidityFri, 25 Aug 2023 04:52:03 GMT - Thu, 23 Nov 2023 04:52:02 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://coolbearsdaily53.com/
Content-Type: application/json
Content-Length: 1380
Origin: https://coolbearsdaily53.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Sep 2023 14:46:17 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: d4d8c0c548824e4e035d905dd0062eea
access-control-allow-origin: https://coolbearsdaily53.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

39 B

URL OPTIONS HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
Fingerprint4E:F2:61:CB:0B:FE:55:6E:10:FD:AA:BE:40:33:68:66:B6:C3:A3:35
ValidityFri, 25 Aug 2023 04:52:03 GMT - Thu, 23 Nov 2023 04:52:02 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://coolbearsdaily53.com/
Content-Type: application/json
Content-Length: 1754
Origin: https://coolbearsdaily53.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Sep 2023 14:46:17 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: f071b809e25e7acb2f249984a269116c
access-control-allow-origin: https://coolbearsdaily53.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

39 B

URL OPTIONS HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
Fingerprint4E:F2:61:CB:0B:FE:55:6E:10:FD:AA:BE:40:33:68:66:B6:C3:A3:35
ValidityFri, 25 Aug 2023 04:52:03 GMT - Thu, 23 Nov 2023 04:52:02 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://coolbearsdaily53.com/
Content-Type: application/json
Content-Length: 1389
Origin: https://coolbearsdaily53.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Sep 2023 14:46:17 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 182bf25a682708e187fb676b96261b7a
access-control-allow-origin: https://coolbearsdaily53.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

buqkrzbrucz.com/pn21ywqw/z/sc/scssx/1996873/lib.js?var=1966914&prpsrc=null

62.122.171.6

200 OK

49 kB

URL GET HTTP/2
buqkrzbrucz.com/pn21ywqw/z/sc/scssx/1996873/lib.js?var=1966914&prpsrc=null
IP
62.122.171.6:443
ASN
#50245 Serverel Inc.

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint88:29:1F:50:15:53:AB:25:F3:6A:55:51:AD:FA:C2:4A:27:40:53:CE
ValidityWed, 31 May 2023 12:20:34 GMT - Sun, 26 Nov 2023 22:59:00 GMT

File type
ASCII text, with very long lines (38294)
Size
49 kB (49248 bytes)
Hash
9bf684fe6409edcd0ee6966ecb845a11
086a407b0c7a85f87897b9a01ab34f1ef1d20ca8
2a771dfc1edab338604682c8447d9958ba6fb193f9812141424a55058808a486

HTTP Headers

GET /pn21ywqw/z/sc/scssx/1996873/lib.js?var=1966914&prpsrc=null HTTP/1.1
Host: buqkrzbrucz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://coolbearsdaily53.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Sep 2023 14:46:19 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: script
set-cookie: CHCK=1; Path=/; Expires=Thu, 31 Oct 2024 14:46:19 GMT; HttpOnly; Secure; SameSite=None
UID=23092809463a53e5e48dac4e56a167af7398; Path=/; Expires=Thu, 31 Oct 2024 14:46:19 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
31622963e292535b74665ec747238fa9
61c6502de55e3054017fbce2ad33fdbbd443f973
09c5a1e456041181fad7cc0860f963006bbcad8eb923b704a9df936c07994a6a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://coolbearsdaily53.com/
Content-Type: application/json
Content-Length: 1477
Origin: https://coolbearsdaily53.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Sep 2023 14:46:20 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: bfa083a6741bacf810536dd0dd3c48d3
access-control-allow-origin: https://coolbearsdaily53.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

forlumineoner.com/pfe/current/universal.min.js?v=3.1.461

139.45.197.229

200 OK

88 kB

URL GET HTTP/2
forlumineoner.com/pfe/current/universal.min.js?v=3.1.461
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
Fingerprint4E:F2:61:CB:0B:FE:55:6E:10:FD:AA:BE:40:33:68:66:B6:C3:A3:35
ValidityFri, 25 Aug 2023 04:52:03 GMT - Thu, 23 Nov 2023 04:52:02 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
88 kB (87463 bytes)
Hash
c2ad122272116c830c3a8d0b93ffab29
38235d28e18653b3e040b0ce01d2fd4607008a87
9c0000ce79e1f60c12eb25458baac809a05b436d6361b4c909c5a8dd679e204d

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.461 HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://coolbearsdaily53.com/
Origin: https://coolbearsdaily53.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Sep 2023 14:46:17 GMT
content-type: application/javascript
last-modified: Thu, 28 Sep 2023 13:39:15 GMT
etag: W/"65158203-155a7"
access-control-allow-origin: https://coolbearsdaily53.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

4.groovinews.com/surv-vid/dat/2.mp4

45.133.44.21

206 Partial Content

22 kB

URL GET HTTP/2
4.groovinews.com/surv-vid/dat/2.mp4
IP
45.133.44.21:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerZeroSSL
Subject*.groovinews.com
Fingerprint3F:A1:C1:A0:D3:EE:63:EC:87:C3:E8:46:87:1D:D7:74:D9:FB:BD:D5
ValidityWed, 30 Aug 2023 00:00:00 GMT - Tue, 28 Nov 2023 23:59:59 GMT

File type
data
Size
22 kB (22432 bytes)
Hash
40e5a5ed270bab292a2338f8ec8c2fc7
917cdc2c09ec0b7d0678e2af7cd728e53efc0dd8
d018a31e277c798ac92b5340087d9f09ee76fafe5abae23bde8674c2f475ddd2

HTTP Headers

GET /surv-vid/dat/2.mp4 HTTP/1.1
Host: 4.groovinews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=1212416-
DNT: 1
Connection: keep-alive
Referer: https://coolbearsdaily53.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
date: Thu, 28 Sep 2023 14:46:19 GMT
content-type: video/mp4
content-length: 22432
server: nginx/1.24.0
etag: 6c9de11f92ee89b9864f482482275d7b
last-modified: Thu, 21 Sep 2023 09:38:49 GMT
x-timestamp: 1695289128.57406
x-trans-id: txa37a04fa23194657bc2ee-00651544dc
x-openstack-request-id: txa37a04fa23194657bc2ee-00651544dc
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Sat, 30 Sep 2023 14:46:19 GMT
cache-control: max-age=172800
vary: Accept-Encoding
x-proxy-cache: HIT
content-range: bytes 1212416-1234847/1234848
X-Firefox-Spdy: h2

forlumineoner.com/pfe/current/tag.min.js?pub=1&z=1996873&var=1966914|||null

139.45.197.229

200 OK

13 kB

URL GET HTTP/2
forlumineoner.com/pfe/current/tag.min.js?pub=1&z=1996873&var=1966914|||null
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
Fingerprint4E:F2:61:CB:0B:FE:55:6E:10:FD:AA:BE:40:33:68:66:B6:C3:A3:35
ValidityFri, 25 Aug 2023 04:52:03 GMT - Thu, 23 Nov 2023 04:52:02 GMT

File type
C source, ASCII text, with very long lines (13266), with no line terminators
Size
13 kB (13266 bytes)
Hash
a947e289a6818640ffbfe15aa29a3539
e101e57c14b8aa3626ae6dcaef119124a86db518
d2f6ec8cfd87e4f351d8fb19e3946c91b70a674ce17ebe8b9f4f1c3627408138

HTTP Headers

GET /pfe/current/tag.min.js?pub=1&z=1996873&var=1966914|||null HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://coolbearsdaily53.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Sep 2023 14:46:17 GMT
content-type: application/javascript
last-modified: Thu, 28 Sep 2023 13:39:15 GMT
etag: W/"65158203-33d2"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

coolbearsdaily53.com/DAT4exits/assets/main.js

172.67.223.227

200 OK

6.7 kB

URL GET HTTP/3
coolbearsdaily53.com/DAT4exits/assets/main.js
IP
172.67.223.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerLet's Encrypt
Subjectcoolbearsdaily53.com
FingerprintFF:FA:06:63:17:3B:DB:E2:32:29:C3:A9:01:F4:A6:98:0F:3F:F8:0F
ValidityFri, 15 Sep 2023 07:06:20 GMT - Thu, 14 Dec 2023 07:06:19 GMT

File type
ASCII text, with very long lines (6873), with no line terminators
Size
6.7 kB (6652 bytes)
Hash
a6653fbe05b366f05168227b0a087f8c
8f11d8d79efe090a2cdea550d5a25442d0e0c78c
aaf3d09607e54469570509e577efd8b7154cb72d2585a262fbe07d1ff04523df

HTTP Headers

GET /DAT4exits/assets/main.js HTTP/1.1
Host: coolbearsdaily53.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Sep 2023 14:46:18 GMT
content-type: application/javascript
last-modified: Thu, 28 Sep 2023 12:39:41 GMT
vary: Accept-Encoding
etag: W/"6515740d-19fc"
cache-control: max-age=14400
cf-cache-status: HIT
age: 271
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZD1cmbnC1wepzNilMHKJuCYiNNknK1EjPJE7AO2mMnVXv27F3MPhAhR67BPeJCRSFx9VbkIRPSo30udu4VQhfe%2BvGntmkhvtRVZotk%2B8ok0Et0fPNVpJLvb7b%2FRpOh0M2vKmJkBipw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80dcc66d5a0f1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

4.groovinews.com/surv-vid/dat/6.mp4

45.133.44.20

206 Partial Content

197 kB

URL GET HTTP/2
4.groovinews.com/surv-vid/dat/6.mp4
IP
45.133.44.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerZeroSSL
Subject*.groovinews.com
Fingerprint3F:A1:C1:A0:D3:EE:63:EC:87:C3:E8:46:87:1D:D7:74:D9:FB:BD:D5
ValidityWed, 30 Aug 2023 00:00:00 GMT - Tue, 28 Nov 2023 23:59:59 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
197 kB (196608 bytes)
Hash
4a6b223ddaa037d584bdf1d6ee0ab0f5
2d41b842c93d5b3953ef91d7e3509252554e079b
7415cee8403007643cdaef62bee3c96c8959b89941ff558e52edac9ee7a57f7c

HTTP Headers

GET /surv-vid/dat/6.mp4 HTTP/1.1
Host: 4.groovinews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://coolbearsdaily53.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
date: Thu, 28 Sep 2023 14:46:19 GMT
content-type: video/mp4
content-length: 1676620
server: nginx/1.24.0
etag: 6cb952412ebd04bc849a558794786319
last-modified: Thu, 21 Sep 2023 09:38:44 GMT
x-timestamp: 1695289123.32442
x-trans-id: tx0d19c4cabc4840c9ae063-00651544dc
x-openstack-request-id: tx0d19c4cabc4840c9ae063-00651544dc
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Sat, 30 Sep 2023 14:46:19 GMT
cache-control: max-age=172800
vary: Accept-Encoding
x-proxy-cache: HIT
content-range: bytes 0-1676619/1676620
X-Firefox-Spdy: h2

4.groovinews.com/surv-vid/dat/2.mp4

45.133.44.20

206 Partial Content

885 kB

URL GET HTTP/2
4.groovinews.com/surv-vid/dat/2.mp4
IP
45.133.44.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerZeroSSL
Subject*.groovinews.com
Fingerprint3F:A1:C1:A0:D3:EE:63:EC:87:C3:E8:46:87:1D:D7:74:D9:FB:BD:D5
ValidityWed, 30 Aug 2023 00:00:00 GMT - Tue, 28 Nov 2023 23:59:59 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
885 kB (884736 bytes)
Hash
cb68a22f0b4944684890504c05a4bd54
315acb2c0946c79a157cf4ce311ea8324cbc1246
51b85c248e490701b7cd27e695f76774d0277118fb7e3af0d059fdae94050413

HTTP Headers

GET /surv-vid/dat/2.mp4 HTTP/1.1
Host: 4.groovinews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://coolbearsdaily53.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
date: Thu, 28 Sep 2023 14:46:19 GMT
content-type: video/mp4
content-length: 1234848
server: nginx/1.24.0
etag: 6c9de11f92ee89b9864f482482275d7b
last-modified: Thu, 21 Sep 2023 09:38:49 GMT
x-timestamp: 1695289128.57406
x-trans-id: txa37a04fa23194657bc2ee-00651544dc
x-openstack-request-id: txa37a04fa23194657bc2ee-00651544dc
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Sat, 30 Sep 2023 14:46:19 GMT
cache-control: max-age=172800
vary: Accept-Encoding
x-proxy-cache: HIT
content-range: bytes 0-1234847/1234848
X-Firefox-Spdy: h2

4.groovinews.com/surv-vid/dat/4.mp4

45.133.44.20

206 Partial Content

393 kB

URL GET HTTP/2
4.groovinews.com/surv-vid/dat/4.mp4
IP
45.133.44.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerZeroSSL
Subject*.groovinews.com
Fingerprint3F:A1:C1:A0:D3:EE:63:EC:87:C3:E8:46:87:1D:D7:74:D9:FB:BD:D5
ValidityWed, 30 Aug 2023 00:00:00 GMT - Tue, 28 Nov 2023 23:59:59 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
393 kB (393216 bytes)
Hash
9a19c61d820b377ab16140a189122cd1
b17466721aa208aabf75a150828daff10c788257
1b1af58fb750cd3d3c1cbf2e596cbe16ed8e4fce39bcf751a6fe2030c1a7b6ac

HTTP Headers

GET /surv-vid/dat/4.mp4 HTTP/1.1
Host: 4.groovinews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://coolbearsdaily53.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
date: Thu, 28 Sep 2023 14:46:19 GMT
content-type: video/mp4
content-length: 1660898
server: nginx/1.24.0
etag: b32de75c250adbad805a0e245127df40
last-modified: Thu, 21 Sep 2023 09:38:48 GMT
x-timestamp: 1695289127.53262
x-trans-id: txeec7af965eff4283b9535-00651544dc
x-openstack-request-id: txeec7af965eff4283b9535-00651544dc
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Sat, 30 Sep 2023 14:46:19 GMT
cache-control: max-age=172800
vary: Accept-Encoding
x-proxy-cache: HIT
content-range: bytes 0-1660897/1660898
X-Firefox-Spdy: h2

coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp

172.67.223.227

200 OK

3.0 kB

URL User Request GET HTTP/2
coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
IP
172.67.223.227:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectcoolbearsdaily53.com
FingerprintFF:FA:06:63:17:3B:DB:E2:32:29:C3:A9:01:F4:A6:98:0F:3F:F8:0F
ValidityFri, 15 Sep 2023 07:06:20 GMT - Thu, 14 Dec 2023 07:06:19 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3160), with no line terminators
Size
3.0 kB (2993 bytes)
Hash
c8f506d98a9761bccef9cf061b48ea77
21bd262cfeddb1bc4b290d7592f140557f826d98
40d1243da88c631007615ace8904d9046663d84636facd2dd5be16a265d5afb2

HTTP Headers

GET /DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp HTTP/1.1
Host: coolbearsdaily53.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Sep 2023 14:46:17 GMT
content-type: text/html
last-modified: Thu, 28 Sep 2023 12:39:41 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JymUAGCiI7WcazfzDWWJVJABAN519srFZeirNifIF0gAObxbd3EFtkHwTYBAbEfaGMrBl9C2zFafqljcEVPi3%2Frnv%2BKfCnt4LoOxypQdjwHXoP7b3vIjiZQL5%2FdcgkvAto2uCGP7CQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80dcc669eb2c569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

forlumineoner.com/zone?pub=1&zone_id=1996873&is_mobile=false&domain=coolbearsdaily53.com&var=1966914%7C%7C%7Cnull&ymid=&var_3=&tg=0

139.45.197.229

200 OK

863 B

URL GET HTTP/2
forlumineoner.com/zone?pub=1&zone_id=1996873&is_mobile=false&domain=coolbearsdaily53.com&var=1966914%7C%7C%7Cnull&ymid=&var_3=&tg=0
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
Fingerprint4E:F2:61:CB:0B:FE:55:6E:10:FD:AA:BE:40:33:68:66:B6:C3:A3:35
ValidityFri, 25 Aug 2023 04:52:03 GMT - Thu, 23 Nov 2023 04:52:02 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (958), with no line terminators
Size
863 B (863 bytes)
Hash
e36e16fe4c69d3fe8a331e2a6992ffcd
8d6f7a68db281116753fabaf36517b26c3fa2b4d
572cec9184841712a14531e1d30265814b3cfa75946c3ab9a8b17b6afa1af64c

HTTP Headers

GET /zone?pub=1&zone_id=1996873&is_mobile=false&domain=coolbearsdaily53.com&var=1966914%7C%7C%7Cnull&ymid=&var_3=&tg=0 HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://coolbearsdaily53.com/
Origin: https://coolbearsdaily53.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Sep 2023 14:46:17 GMT
content-type: application/json; charset=utf-8
content-length: 863
x-trace-id: 5531173d2096e32333ab66c6671ed2ae
access-control-allow-origin: https://coolbearsdaily53.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

4.groovinews.com/surv-vid/dat/5.mp4

45.133.44.20

206 Partial Content

459 kB

URL GET HTTP/2
4.groovinews.com/surv-vid/dat/5.mp4
IP
45.133.44.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerZeroSSL
Subject*.groovinews.com
Fingerprint3F:A1:C1:A0:D3:EE:63:EC:87:C3:E8:46:87:1D:D7:74:D9:FB:BD:D5
ValidityWed, 30 Aug 2023 00:00:00 GMT - Tue, 28 Nov 2023 23:59:59 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
459 kB (458752 bytes)
Hash
09011b8b17d5bffcb2252952e9df1ffe
6207f5afe43c65fbfbdeb79713a1e4ca163306cc
d44f5746707c8d0367f9f437bc5e7c639de8a8eab7e8c989d116113f8880e237

HTTP Headers

GET /surv-vid/dat/5.mp4 HTTP/1.1
Host: 4.groovinews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://coolbearsdaily53.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
date: Thu, 28 Sep 2023 14:46:19 GMT
content-type: video/mp4
content-length: 1653961
server: nginx/1.24.0
etag: fac58385808a09d13a569b4acce8c381
last-modified: Thu, 21 Sep 2023 09:38:44 GMT
x-timestamp: 1695289123.81306
x-trans-id: txb1e2f8701949420bbda31-00651544dc
x-openstack-request-id: txb1e2f8701949420bbda31-00651544dc
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Sat, 30 Sep 2023 14:46:19 GMT
cache-control: max-age=172800
vary: Accept-Encoding
x-proxy-cache: HIT
content-range: bytes 0-1653960/1653961
X-Firefox-Spdy: h2

4.groovinews.com/surv-vid/dat/3.mp4

45.133.44.20

206 Partial Content

918 kB

URL GET HTTP/2
4.groovinews.com/surv-vid/dat/3.mp4
IP
45.133.44.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://coolbearsdaily53.com/DAT4exits/?dd=buqkrzbrucz.com&z=1966914&s=23092808320390b721a40041f3b67c776dcd&lang=ro&pxl=https://abnrkespuk.com/sunny.gif?zoneid=1966914&psp=o4XjlcrIhcl6-KhLqgV2NTmtGcXuhOarpwxvoMwc7RN3NpY4_gNjSf1XvBq8OKUdxGOY7ktx4aQNju1FsQrLB2Yo12tdo-kSEkgtdhzsD7KrIRpU8cknXHjZ0uTNLwjN4xFkRZrU95iIj8DhuJWdcIsdobR-Lh0-cZPa_ju9UANlDJnemTBkbLO6Hx9Xo5_IxMOX3yuusPivZyRBLxrYgZPepi6puij7LhBmnTkCER097zM5QPBoMcq4dhatIGAwK4PvWk_nch1OTMLyOA-mbpTWxUJ3UwN4-fUUsbnfgsF-fnVNaKu01RCwW_INJyUStSaJzFBpX1HJRgki6EkGjYzk2j_XiI3wWE1I1x42uf8Id0NFf3ydJfQ8aYZkb-8BWlKobF1nTnqTWsUKttq-uTsflSqf-9N17BR79it55mmM2lUcdxzp07USJMhZQajEDjnWebtRDVlumElJyulsy_pzoHyFca4kOljLLYZ2wuYm0gH2JAihVreKrSE--JmaQsGXYCsdYXc0V1bPe72OebZ7STs-qlvL6F4L1VKeeUJin4tjLBHyj53k4nUfYHvejfZ10NL6H03lJIUaGUMrUPb1i_SUUqFTBPkwoc8zc5CV8fkLpJWHCigNNq2zN-QOBAIY30dpYRxm0ZsN-IuNoEmz31jmvm0mh0n2JC7PSSEaYmlSX7HsnBYAZ-B4MbBNGfbO4bmxwiCZiyNea2SxUzy3KoMjK5hokTGvLuCH4U1MIGS16KsHAI_6qyNO0onqKqSkDNURZu1SuCX-G3JSZTPJFdkrkiQbBi03RxezJNicl4IqMrV0jx2Y&prp
Certificate
IssuerZeroSSL
Subject*.groovinews.com
Fingerprint3F:A1:C1:A0:D3:EE:63:EC:87:C3:E8:46:87:1D:D7:74:D9:FB:BD:D5
ValidityWed, 30 Aug 2023 00:00:00 GMT - Tue, 28 Nov 2023 23:59:59 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
918 kB (917504 bytes)
Hash
15ab0b6ef2b34999cb2851568739fdcd
1e0bb134e7a4fba6914b5b4bdfd5092114ac6cc2
0d8ecb7d393e9f9cc31bfbe1594e6e29990e3f9bc1d6b413399b55d9cf758a77

HTTP Headers

GET /surv-vid/dat/3.mp4 HTTP/1.1
Host: 4.groovinews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://coolbearsdaily53.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
date: Thu, 28 Sep 2023 14:46:19 GMT
content-type: video/mp4
content-length: 1676452
server: nginx/1.24.0
etag: 3302e5c13d7a392493b0c65af5428646
last-modified: Thu, 21 Sep 2023 09:38:46 GMT
x-timestamp: 1695289125.28706
x-trans-id: txc3de5444078541d488ef0-00651544dc
x-openstack-request-id: txc3de5444078541d488ef0-00651544dc
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Sat, 30 Sep 2023 14:46:19 GMT
cache-control: max-age=172800
vary: Accept-Encoding
x-proxy-cache: HIT
content-range: bytes 0-1676451/1676452
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (27)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL

IP