Report - libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F

Report Overview

Submitted URL
libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
IP
172.67.193.122
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-25 08:33:49
Access
public
Website Title
Library Genesis
Final URL
libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-04-24	1.4 kB	68 kB	151.101.129.229
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-04-24	1.8 kB	136 kB	45.133.44.10
officerdiscontentedalley.com	unknown	unknown	No data	No data	3.0 kB	22 kB	192.243.59.13
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-04-24	408 B	327 B	172.240.108.76
libgen.li	224851	unknown	2019-12-08	2024-04-23	5.3 kB	209 kB	104.21.57.230
proverbadmiraluphill.com	unknown	2024-04-23	2024-04-23	2024-04-24	437 B	17 kB	172.240.108.68
excessstumbledvisited.com	unknown	unknown	No data	No data	3.0 kB	22 kB	172.240.108.68
crisppennygiggle.com	unknown	unknown	No data	No data	3.0 kB	22 kB	192.243.59.20
contrarymeeting.com	unknown	2023-11-27	2023-12-01	2024-03-28	1.8 kB	70 kB	192.243.61.227
hewomenentail.com	unknown	unknown	No data	No data	3.0 kB	22 kB	192.243.59.12
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-04-24	418 B	28 kB	188.114.96.1
code.jquery.com	634	2005-12-10	2012-05-21	2024-04-25	427 B	90 kB	151.101.2.137
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-04-24	2.2 kB	1.3 kB	172.240.108.76
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-04-24	910 B	708 B	35.158.46.84

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-24	medium	contrarymeeting.com	Sinkholed
2024-04-24	medium	contrarymeeting.com	Sinkholed
2024-04-24	medium	contrarymeeting.com	Sinkholed
2024-04-24	medium	contrarymeeting.com	Sinkholed
2024-04-25	medium	excessstumbledvisited.com	Sinkholed
2024-04-25	medium	excessstumbledvisited.com	Sinkholed
2024-04-25	medium	excessstumbledvisited.com	Sinkholed
2024-04-25	medium	unseenreport.com	Sinkholed
2024-04-25	medium	unseenreport.com	Sinkholed
2024-04-25	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (31)

	URL	Size	First Seen	Last Seen
	unknown	145 B	2023-03-07	2024-05-03
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:04 Last Seen2024-05-03 17:58:53 Times Seen131 Hash d28888b01d7e31499c212a8824a00265 488712e15db00b5ee347f1eb283afe36e9f5607e 1b11e401afc0450bb5d4abe70fb81ec426143654cbe419e222dbd48686fac1fe Loading...

	libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F	281 B	2024-04-25	2024-05-03
Pretty URL libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F IP 104.21.57.230 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 00:49:12 Last Seen2024-05-03 17:58:53 Times Seen3 Hash c5f50d1b85772b7bc824d8808f1989ac 37846709158afcff5e04dab0aa9215dbd054574f 6539f0ce03f3f806db2eff74b69c48d943b590945d65f7d27482cbaa55f95f46 Loading...

	contrarymeeting.com/e445fc5fceeb52489a652f9894c20087/invoke.js	31 kB	2024-04-25	2024-04-25
Pretty URL contrarymeeting.com/e445fc5fceeb52489a652f9894c20087/invoke.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:59 Times Seen2 Hash 6e9616c9fd4ee82055743bbe74a53e98 dc6ab13b0ed1802bebbb39e735fb63fd4b2f0b23 a32c08c9d288668121bccab543449d12f77f7ffffb9dd15da169ca4ca6f2b422 Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-05
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-05 10:39:09 Times Seen2218 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.min.js	63 kB	2023-03-07	2024-05-05
Pretty URL cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2024-05-05 08:43:16 Times Seen1808 Hash f20fa8b102f205141295cdefd6ffe449 0c4e8445f6f0c9611dc1c13dc6f085eb4bcaca0b d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88 Loading...

	unknown	3.3 kB	2024-04-25	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:58 Times Seen1 Hash ffe87d8dec0123103b088cc401e7695f 349a7967ba38f427aa3c81407e08853a44987cd1 dae7f6aaf962963129a72d610103aba72014ee5dc4b872522de3529838310336 Loading...

	contrarymeeting.com/api/posts?token=L2Q1LzNlLzI3L2Q1M2UyNzI4YTZkZTFiNmQ1OWU2MGY1ODMzZmE5YzNmLmpz	85 kB	2024-04-25	2024-04-25
Pretty URL contrarymeeting.com/api/posts?token=L2Q1LzNlLzI3L2Q1M2UyNzI4YTZkZTFiNmQ1OWU2MGY1ODMzZmE5YzNmLmpz IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:59 Times Seen2 Hash bf5d692141562e5d80f7a7c807c668ac 27aca2590fd7e26f170d446ee0c08b90176b368c d41d3083122b711af6fc0cce34f39b18ad42c17f66275dd3a3c3a295e874a51f Loading...

	libgen.li/js/popper.min.js	19 kB	2023-03-07	2024-05-04
Pretty URL libgen.li/js/popper.min.js IP 104.21.57.230 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:27 Last Seen2024-05-04 01:36:49 Times Seen378 Hash c2457ff14b8092f06f6d6610b202ec7f 6465bce461e777d6871c2d8dead3f6cfbbfab664 c86333d79746bb469e7d3fd957b4e58f05fc2e2c22033a9f523653aae6142591 Loading...

	libgen.li/js/dark-mode-switch.js	2.9 kB	2023-03-07	2024-05-03
Pretty URL libgen.li/js/dark-mode-switch.js IP 104.21.57.230 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:27 Last Seen2024-05-03 17:58:53 Times Seen188 Hash 9ca505b605f0247bb2db2e8ba898ac2a 576412cb53709781f9be65f9b3b08d9d51494a75 2e94841b3484e63d1b0c58e7fd286ebd5f1f5f6b03b813d3696018d2b00ef48b Loading...

	contrarymeeting.com/e445fc5fceeb52489a652f9894c20087/invoke.js	31 kB	2024-04-25	2024-04-25
Pretty URL contrarymeeting.com/e445fc5fceeb52489a652f9894c20087/invoke.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:59 Times Seen2 Hash 3b9df7b64015ae785d2b8d85360582e4 36830c21f98317b62fe350aa1c0b1d7199309a94 83baabade1ae44d9b20a31f4e876de0b5d30cdbebc9e64cd07f18b611a56768e Loading...

	contrarymeeting.com/e445fc5fceeb52489a652f9894c20087/invoke.js	31 kB	2024-04-25	2024-04-25
Pretty URL contrarymeeting.com/e445fc5fceeb52489a652f9894c20087/invoke.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:59 Times Seen2 Hash 64fd1a7106799181d9aac045036c1801 9033884e6200db9f2a9a0e277a56c19805ca1483 7775cab4215ee09212e077ba5921f58e7460f231074d6bac649b3c0d688a6204 Loading...

	libgen.li/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-05-05
Pretty URL libgen.li/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 104.21.57.230 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-05 09:49:45 Times Seen55968 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	excessstumbledvisited.com/58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js	44 kB	2024-04-25	2024-04-25
Pretty URL excessstumbledvisited.com/58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js IP 172.240.108.68 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:59 Times Seen2 Hash f54e90ffee663f56c65e9769f646f909 7d380464bd4031087e08bee10bf293b657cfbaf7 96ca30199aa2e76e8a19120e9d2d44189834a1c5d1c183911d8ba928a9ee52cd Loading...

	capaciousdrewreligion.com/advertisers.js	0 B	2023-03-07	2024-05-05
Pretty URL capaciousdrewreligion.com/advertisers.js IP 172.240.108.76 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-05 10:41:35 Times Seen37357081 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	libgen.li/js/form-validation.js	686 B	2023-03-07	2024-05-03
Pretty URL libgen.li/js/form-validation.js IP 104.21.57.230 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:27 Last Seen2024-05-03 17:58:53 Times Seen194 Hash 0b7eb3e3f49c158dcc9f4787dc1eb2d5 f1426bab12a38e3c7be0924785b6808de919be15 ea96f56d81b43a7e7b54f562543cc7b1348c8fa91b540c35aec106647d0d0c34 Loading...

	unknown	3.3 kB	2024-04-25	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:58 Times Seen1 Hash b0a499822dfd14412d72c65b40abaf71 f6cfe122e5ef2fb39942730f8d58ccb115c74a1c d7a5d9d66fb51310d781d3f72ed64c1d1ee0fabb4f66a92ff60d05506d3fc824 Loading...

	officerdiscontentedalley.com/58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js	44 kB	2024-04-25	2024-04-25
Pretty URL officerdiscontentedalley.com/58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:59 Times Seen2 Hash df1d75c6035d880fe40b62b728522a6a 0bbd3efc665762ee6575818019c194ba3774fd83 ec41dab797992076daa160bbb3af29fb3ce78b1456ad4c430d3806b42059e9e7 Loading...

	proverbadmiraluphill.com/04/2f/f9/042ff9b9b59bdc32b7a84fec6430fe85.js	44 kB	2024-04-25	2024-04-25
Pretty URL proverbadmiraluphill.com/04/2f/f9/042ff9b9b59bdc32b7a84fec6430fe85.js IP 172.240.108.68 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:59 Times Seen2 Hash 00a9691eaf907881561d23dbc5dc8e0e 2752f9836bfb6d222518218069e408b8baee2ff4 9b7370c876f9d6a42c904c2dca942f2031cd3356956c9aeaa8d980f1d34f57a5 Loading...

	crisppennygiggle.com/58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js	44 kB	2024-04-25	2024-04-25
Pretty URL crisppennygiggle.com/58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:59 Times Seen2 Hash 3f6233f954f4040b6fa3340fab67f692 d8104bd838dc7e6484364c4d883cff45786409df eb9237237f6ac930052db65bce31598a6e50ba27d0c9a71ea4d30501790cb8f7 Loading...

	code.jquery.com/jquery-3.6.0.min.js	90 kB	2023-03-07	2024-05-05
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-05-05 10:41:27 Times Seen266045 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	contrarymeeting.com/e445fc5fceeb52489a652f9894c20087/invoke.js	31 kB	2024-04-25	2024-04-25
Pretty URL contrarymeeting.com/e445fc5fceeb52489a652f9894c20087/invoke.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:58 Times Seen1 Hash 4812057057bea0372935b8d920b8e2fa 3cd7a2a241e8dd111ecf14b1ad75086846cd7f10 3715109e045955cedbd93cb951bcd423aba5c9f32738c6e0e7be855685851721 Loading...

	cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js	84 kB	2023-03-07	2024-05-05
Pretty URL cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:43 Last Seen2024-05-05 03:41:29 Times Seen7344 Hash 7f389f5d2622ce2090eca7c36bcb90bc ab27031159724e2421f6ff5c70f48e657abe9d39 8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01 Loading...

	hewomenentail.com/58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js	44 kB	2024-04-25	2024-04-25
Pretty URL hewomenentail.com/58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:59 Times Seen2 Hash 1c9632201239e5bc1e7819514ed87bd5 9fe033946a6a3fb6047bc43ce838cc8e46e52703 893622e9eab654bb320fa4bc20f97674a0ec2477e5f974119ab78fde91fc6f48 Loading...

	libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F	104 B	2023-03-07	2024-05-03
Pretty URL libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F IP 104.21.57.230 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03:27 Last Seen2024-05-03 17:58:53 Times Seen154 Hash def44b42463054e6a3ca51c280766b6e e1524e0ecc5f06477961900160e1dbbacfc660c6 d37f576c2402a765c4c20adfb2f120d139506ff6526cff2dea6cb7da5f611c5c Loading...

	unknown	3.3 kB	2024-04-25	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:58 Times Seen1 Hash c52a58a85c399ea72aab37bffd0105f2 e04b61bc04b0166678b250995e22bc2d82e62e12 6be7e5ccdda48a23edc67cc7124a4a6acb0c509e9f943f16eb96122a93792ce9 Loading...

	unknown	3.3 kB	2024-04-25	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:58 Times Seen1 Hash 45e2c8d55c9397fa3607512e8cea904d ed79481666e928d8f793e3564f98686b1a0f4b20 287d7f52fdc169373b7880f40033bb348973b6113f9ddd7db6a4d7e1963060d8 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 2c8be05657e90c679aeb1901b3866c92	2.1 kB	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:58 Times Seen1 Hash 2c8be05657e90c679aeb1901b3866c92 6e00c7206fb69992827841c769cdf6cb7dcd6ba4 3981ad44af04383d71c2ad5c51011574e13bb57e06e4bfeb3911b9a1cf0cdbb8 Loading...

	#2 Eval - aa4422afd15a7c7eefbe29a36a1cd3f1	2.1 kB	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:58 Times Seen1 Hash aa4422afd15a7c7eefbe29a36a1cd3f1 9838f97310acee9ffc9d9c78823d443ca5b8258f 7604a40d102960cd6fde2712a9fdd86876f319ca75ca7b838f92bed588938166 Loading...

	#3 Eval - b522cd7ffd26b1eab70a3c4c5afbf777	2.1 kB	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:58 Times Seen1 Hash b522cd7ffd26b1eab70a3c4c5afbf777 8049c391a8f0637c55c83214bd31e70a5e9a8074 80abdfbfdba98fab6cc7430c3bc5fdd4a45083a8ba317363eedfb82539ce2eb5 Loading...

	#4 Eval - 020ae8d0f6cb12f2fbc693c5f849d5a4	2.1 kB	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 10:33:58 Last Seen2024-04-25 10:33:59 Times Seen1 Hash 020ae8d0f6cb12f2fbc693c5f849d5a4 90317e75b52551bd98632dc2694426c5645104e1 4338802570db88af8aeccc3186ea019eb07b3ab4f58a2bdbe63e4c9be1b3f11d Loading...

		Size	First Seen	Last Seen
	#1 Write - 10fc927dee33450b089e48e6f1dbe432	111 B	2024-04-25	2024-05-03
Pretty Observations First Seen2024-04-25 00:49:13 Last Seen2024-05-03 17:58:53 Times Seen3 Hash 10fc927dee33450b089e48e6f1dbe432 5642e02e9f006c40d90a4bbc8654c13ca65a0bff 79e8c5b0e5ed8efb00bf11a3da1fe9d8f6b057738e5cdbfa59ab2fc7e181c837 Loading...

HTTP Transactions (42)

URL IP Response Size

libgen.li/img/logo.png

104.21.57.230

200 OK

2.0 kB

URL GET HTTP/3
libgen.li/img/logo.png
IP
104.21.57.230:443
ASN
#13335 CLOUDFLARENET

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerGoogle Trust Services LLC
Subjectlibgen.li
Fingerprint06:24:55:C4:AE:3B:B5:C6:0A:90:28:66:BB:46:E7:6D:2C:0C:A3:F4
ValidityTue, 16 Apr 2024 21:18:07 GMT - Mon, 15 Jul 2024 21:18:06 GMT

File type
PNG image data, 64 x 90, 8-bit colormap, non-interlaced
Size
2.0 kB (1976 bytes)
Hash
1d7aaa9da9adc174db1fb4c6a69d7bfb
b5acc94460f3609334599b914bede8beb085b669
4964c6a251428e2229a3be8650aad14850c9794fa9c85f097c38b0553d374fe9

HTTP Headers

GET /img/logo.png HTTP/1.1
Host: libgen.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Cookie: PHPSESSID=gq6rkhsqnfophfb91p21frmeo6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:33:23 GMT
content-type: image/png
content-length: 1976
last-modified: Sat, 30 May 2020 06:17:58 GMT
etag: "5ed1fa96-7b8"
expires: Thu, 02 May 2024 07:10:53 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 4950
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GMuqolTkMepL9pak4zomVsAFggKkWHF5q8kPRCrBbPQTchB1mXX%2FtXdZ1gm3JWDAM7OB2fXUhVcIGpJX0%2FZuw9cglC2OaxBi3c9TdXsGTb6pEVjYR8QTc55xWtI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfce77c50b4f9-OSL
alt-svc: h3=":443"; ma=86400

cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css

151.101.129.229

200 OK

26 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65326)
Size
26 kB (26099 bytes)
Hash
023b3876bb73aa541367fc40a193d2b7
8ed2d6350d23f857d92805737d0f97c675de666b
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

HTTP Headers

GET /npm/bootstrap@4.5.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
content-encoding: br
accept-ranges: bytes
date: Thu, 25 Apr 2024 08:33:23 GMT
age: 21871281
x-served-by: cache-fra-etou8220099-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26099
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.min.js

151.101.129.229

200 OK

16 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (62961)
Size
16 kB (16162 bytes)
Hash
f20fa8b102f205141295cdefd6ffe449
0c4e8445f6f0c9611dc1c13dc6f085eb4bcaca0b
d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88

HTTP Headers

GET /npm/bootstrap@4.5.3/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://libgen.li
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"f708-DE6ERfbwyWEdwcE9xvCF60vKygs"
content-encoding: br
accept-ranges: bytes
date: Thu, 25 Apr 2024 08:33:23 GMT
age: 18339895
x-served-by: cache-fra-etou8220064-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 16162
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.2.137

200 OK

90 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://libgen.li
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: "28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 25 Apr 2024 08:33:23 GMT
age: 80483
x-served-by: cache-lga21931-LGA, cache-hel1410031-HEL
x-cache: HIT, HIT
x-cache-hits: 222, 14425
x-timer: S1714034003.166223,VS0,VE0
vary: Accept-Encoding
content-length: 89501
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js

151.101.129.229

200 OK

23 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
23 kB (23383 bytes)
Hash
7f389f5d2622ce2090eca7c36bcb90bc
ab27031159724e2421f6ff5c70f48e657abe9d39
8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01

HTTP Headers

GET /npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://libgen.li
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"148b8-qycDEVlyTiQh9v9ccPSOZXq+nTk"
content-encoding: br
accept-ranges: bytes
date: Thu, 25 Apr 2024 08:33:23 GMT
age: 18866050
x-served-by: cache-fra-etou8220114-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23383
X-Firefox-Spdy: h2

contrarymeeting.com/api/posts?token=L2Q1LzNlLzI3L2Q1M2UyNzI4YTZkZTFiNmQ1OWU2MGY1ODMzZmE5YzNmLmpz

192.243.61.227

200 OK

31 kB

URL GET HTTP/1.1
contrarymeeting.com/api/posts?token=L2Q1LzNlLzI3L2Q1M2UyNzI4YTZkZTFiNmQ1OWU2MGY1ODMzZmE5YzNmLmpz
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectcontrarymeeting.com
FingerprintB1:99:91:6E:06:0B:5A:A2:A3:5E:80:5B:3F:3B:A5:FD:2B:A5:5E:A9
ValidityTue, 26 Mar 2024 20:35:05 GMT - Mon, 24 Jun 2024 20:35:04 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (31358 bytes)
Hash
bf5d692141562e5d80f7a7c807c668ac
27aca2590fd7e26f170d446ee0c08b90176b368c
d41d3083122b711af6fc0cce34f39b18ad42c17f66275dd3a3c3a295e874a51f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/posts?token=L2Q1LzNlLzI3L2Q1M2UyNzI4YTZkZTFiNmQ1OWU2MGY1ODMzZmE5YzNmLmpz HTTP/1.1
Host: contrarymeeting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 25 Apr 2024 08:33:23 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a6782283c55dc3b18664ce133208ec1c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

libgen.li/css/dark-mode.css

104.21.57.230

200 OK

12 kB

URL GET HTTP/3
libgen.li/css/dark-mode.css
IP
104.21.57.230:443
ASN
#13335 CLOUDFLARENET

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerGoogle Trust Services LLC
Subjectlibgen.li
Fingerprint06:24:55:C4:AE:3B:B5:C6:0A:90:28:66:BB:46:E7:6D:2C:0C:A3:F4
ValidityTue, 16 Apr 2024 21:18:07 GMT - Mon, 15 Jul 2024 21:18:06 GMT

File type
ASCII text
Size
12 kB (11995 bytes)
Hash
fd50c27b724f5f42571e433940422194
3ce23b8b712823b3a3cc6d26fd51fbb99dba6b9e
0d84039d9211fa1aec37908003c354093735e36ebb3351a7d40687ccd4637439

HTTP Headers

GET /css/dark-mode.css HTTP/1.1
Host: libgen.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Cookie: PHPSESSID=gq6rkhsqnfophfb91p21frmeo6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:33:23 GMT
content-type: text/css
last-modified: Thu, 29 Apr 2021 06:48:36 GMT
vary: Accept-Encoding
etag: W/"608a56c4-126"
expires: Tue, 30 Apr 2024 14:53:27 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 149996
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hzb89CPhcwHG3OzARMdoL3WGErLlPRmuaqh6Aovoj4PshXKqte6BVkMOTxfBywKBL2lMyLZWG1lVjlmBVZ%2BJTYFIZP0hUUX8pvZLtCcgPihjMj3wvWOCKLG7%2FTE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cfce77c4cb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

proftrafficcounter.com/stats

35.158.46.84

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
35.158.46.84:443
ASN
#16509 AMAZON-02

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
5a43523d5095897ce9eaa06214b018b7
0bc987f46edd3e41598a410b436cb139682687ea
90f7cb24bde8a6ce11dcfa79165c675dd129bfc5879fdc08457d553e9769d754

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://libgen.li
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:33:24 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://libgen.li
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=dd79b6cf-6983-4388-9a58-1b8c4e37f968:2:1; expires=Sun, 23 Apr 2034 08:33:24 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

35.158.46.84

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
35.158.46.84:443
ASN
#16509 AMAZON-02

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
5a43523d5095897ce9eaa06214b018b7
0bc987f46edd3e41598a410b436cb139682687ea
90f7cb24bde8a6ce11dcfa79165c675dd129bfc5879fdc08457d553e9769d754

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://libgen.li
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Cookie: uid_id2=dd79b6cf-6983-4388-9a58-1b8c4e37f968:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:33:24 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://libgen.li
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

contrarymeeting.com/e445fc5fceeb52489a652f9894c20087/invoke.js

192.243.61.227

200 OK

12 kB

URL GET HTTP/1.1
contrarymeeting.com/e445fc5fceeb52489a652f9894c20087/invoke.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectcontrarymeeting.com
FingerprintB1:99:91:6E:06:0B:5A:A2:A3:5E:80:5B:3F:3B:A5:FD:2B:A5:5E:A9
ValidityTue, 26 Mar 2024 20:35:05 GMT - Mon, 24 Jun 2024 20:35:04 GMT

File type
JavaScript source, ASCII text, with very long lines (31352), with no line terminators
Size
12 kB (11884 bytes)
Hash
3b9df7b64015ae785d2b8d85360582e4
36830c21f98317b62fe350aa1c0b1d7199309a94
83baabade1ae44d9b20a31f4e876de0b5d30cdbebc9e64cd07f18b611a56768e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e445fc5fceeb52489a652f9894c20087/invoke.js HTTP/1.1
Host: contrarymeeting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 25 Apr 2024 08:33:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 17d5555602cba5979e853fb530a7f516
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

contrarymeeting.com/e445fc5fceeb52489a652f9894c20087/invoke.js

192.243.61.227

200 OK

12 kB

URL GET HTTP/1.1
contrarymeeting.com/e445fc5fceeb52489a652f9894c20087/invoke.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectcontrarymeeting.com
FingerprintB1:99:91:6E:06:0B:5A:A2:A3:5E:80:5B:3F:3B:A5:FD:2B:A5:5E:A9
ValidityTue, 26 Mar 2024 20:35:05 GMT - Mon, 24 Jun 2024 20:35:04 GMT

File type
JavaScript source, ASCII text, with very long lines (31361), with no line terminators
Size
12 kB (11887 bytes)
Hash
64fd1a7106799181d9aac045036c1801
9033884e6200db9f2a9a0e277a56c19805ca1483
7775cab4215ee09212e077ba5921f58e7460f231074d6bac649b3c0d688a6204

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e445fc5fceeb52489a652f9894c20087/invoke.js HTTP/1.1
Host: contrarymeeting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 25 Apr 2024 08:33:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8f9d8b5964440ed2ed50a7a6433cf252
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proverbadmiraluphill.com/04/2f/f9/042ff9b9b59bdc32b7a84fec6430fe85.js

172.240.108.68

200 OK

16 kB

URL GET HTTP/1.1
proverbadmiraluphill.com/04/2f/f9/042ff9b9b59bdc32b7a84fec6430fe85.js
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectproverbadmiraluphill.com
Fingerprint2D:E9:49:E1:73:02:7C:88:6B:7A:18:EB:86:8B:E9:F9:7D:73:2B:D1
ValidityTue, 23 Apr 2024 10:41:52 GMT - Mon, 22 Jul 2024 10:41:51 GMT

File type
JavaScript source, ASCII text, with very long lines (44091), with no line terminators
Size
16 kB (15826 bytes)
Hash
00a9691eaf907881561d23dbc5dc8e0e
2752f9836bfb6d222518218069e408b8baee2ff4
9b7370c876f9d6a42c904c2dca942f2031cd3356956c9aeaa8d980f1d34f57a5

HTTP Headers

GET /04/2f/f9/042ff9b9b59bdc32b7a84fec6430fe85.js HTTP/1.1
Host: proverbadmiraluphill.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 25 Apr 2024 08:33:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 41f62d24cc42e5a37de231503dbaebff
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

contrarymeeting.com/e445fc5fceeb52489a652f9894c20087/invoke.js

192.243.61.227

200 OK

12 kB

URL GET HTTP/1.1
contrarymeeting.com/e445fc5fceeb52489a652f9894c20087/invoke.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectcontrarymeeting.com
FingerprintB1:99:91:6E:06:0B:5A:A2:A3:5E:80:5B:3F:3B:A5:FD:2B:A5:5E:A9
ValidityTue, 26 Mar 2024 20:35:05 GMT - Mon, 24 Jun 2024 20:35:04 GMT

File type
JavaScript source, ASCII text, with very long lines (31385), with no line terminators
Size
12 kB (11893 bytes)
Hash
6e9616c9fd4ee82055743bbe74a53e98
dc6ab13b0ed1802bebbb39e735fb63fd4b2f0b23
a32c08c9d288668121bccab543449d12f77f7ffffb9dd15da169ca4ca6f2b422

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e445fc5fceeb52489a652f9894c20087/invoke.js HTTP/1.1
Host: contrarymeeting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 25 Apr 2024 08:33:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1088e1429a70632f71f68da6232228e5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

excessstumbledvisited.com/watch.1367061970190.js?key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&tz=0&dev=e&res=14.2071&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1

172.240.108.68

307 Temporary Redirect

0 B

URL GET HTTP/1.1
excessstumbledvisited.com/watch.1367061970190.js?key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&tz=0&dev=e&res=14.2071&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectexcessstumbledvisited.com
FingerprintF6:CE:79:E1:1A:35:E2:A3:44:FF:13:1F:F1:48:18:54:55:70:8F:FE
ValidityMon, 22 Apr 2024 09:06:49 GMT - Sun, 21 Jul 2024 09:06:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1367061970190.js?key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&tz=0&dev=e&res=14.2071&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1 HTTP/1.1
Host: excessstumbledvisited.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://libgen.li
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Thu, 25 Apr 2024 08:33:24 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://libgen.li
Access-Control-Allow-Origin: https://libgen.li
Access-Control-Allow-Credentials: true
Location: https://excessstumbledvisited.com/watch.1367061970190.js?dev=e&key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&pst=1714034064&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&res=14.2071&rmtc=t&shu=daff0332621983406cd696ca2cd9313b1efdc92ae7ff442de56a07bf6fe6a693ddb950fca96d683ab0b9d4d56a386d2e07bff22230696ca07d9b0d7d3dc9a035b67201e4a2f67124a894e84a2e9408db5a072bdce700ecbdd88e0e84cdf8608d50&tz=0&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1
Set-Cookie: u_pl=17566676; expires=Fri, 26 Apr 2024 08:33:24 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzU2NjY3NiwiayI6ImU0NDVmYzVmY2VlYjUyNDg5YTY1MmY5ODk0YzIwMDg3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ5NTI1LCJwaWQiOjUyMDQ2NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiZGdxeTIzczMiLCJjcGtzIjp7IjI4IjoiMGUyMzE0M2ZlNTA1M2FhMGE3NzliYTI5OTNjMmE4ZTEiLCIyOSI6IjU4ZTFhZjRiMjc5Mjk4OTdkOThhN2YyYWM3MGFlZDlmIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xpYmdlbi5saS9hZHMucGhwP21kNT02MjZENTQzNTM3QzUxQzM3QUVCNDI4QjM0MDBEMEEzRiIsImFyIjpbXX19.DlgSPYejrjyxv6Dc5V936adPkU0GsJAeqjM_p7dG1Sw; expires=Thu, 25 Apr 2024 08:34:24 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8aa6d332ebc520c381fc8eeb5bcada50
Strict-Transport-Security: max-age=0; includeSubdomains

libgen.li/fictioncovers/3654000/626d543537c51c37aeb428b3400d0a3f.jpg

104.21.57.230

200 OK

133 kB

URL GET HTTP/3
libgen.li/fictioncovers/3654000/626d543537c51c37aeb428b3400d0a3f.jpg
IP
104.21.57.230:443
ASN
#13335 CLOUDFLARENET

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerGoogle Trust Services LLC
Subjectlibgen.li
Fingerprint06:24:55:C4:AE:3B:B5:C6:0A:90:28:66:BB:46:E7:6D:2C:0C:A3:F4
ValidityTue, 16 Apr 2024 21:18:07 GMT - Mon, 15 Jul 2024 21:18:06 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=12, height=2200, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=1569], baseline, precision 8, 357x500, components 3
Size
133 kB (132563 bytes)
Hash
43683bd4bda50df449ea17216b7b22de
e7dad4e31b530f873e9062de8b9d2c70a75941f4
936df11d873c51f816c179feff5070ef06eff305dde7e130546b0080b428ed57

HTTP Headers

GET /fictioncovers/3654000/626d543537c51c37aeb428b3400d0a3f.jpg HTTP/1.1
Host: libgen.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Cookie: PHPSESSID=gq6rkhsqnfophfb91p21frmeo6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:33:24 GMT
content-type: image/jpeg
content-length: 132563
last-modified: Wed, 30 Nov 2022 09:51:41 GMT
etag: "1000000a5a7e1-205d3-5eead0d27c93d"
expires: Thu, 02 May 2024 08:33:23 GMT
cache-control: max-age=604800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7XqHv5AXF88RLZwwupsHNSL4zstGEaPFDOlGkG6m72P1p7xVmRr8HoqjfOwYEgOlOvG0a2kmR0mfepO9ebfyLHZyrDCb6JyLJiyerdnJg%2FjAHJdPuInY7VAotFg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfce78c62b4f9-OSL
alt-svc: h3=":443"; ma=86400

excessstumbledvisited.com/58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js

172.240.108.68

200 OK

16 kB

URL GET HTTP/1.1
excessstumbledvisited.com/58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectexcessstumbledvisited.com
FingerprintF6:CE:79:E1:1A:35:E2:A3:44:FF:13:1F:F1:48:18:54:55:70:8F:FE
ValidityMon, 22 Apr 2024 09:06:49 GMT - Sun, 21 Jul 2024 09:06:48 GMT

File type
JavaScript source, ASCII text, with very long lines (44078), with no line terminators
Size
16 kB (15835 bytes)
Hash
f54e90ffee663f56c65e9769f646f909
7d380464bd4031087e08bee10bf293b657cfbaf7
96ca30199aa2e76e8a19120e9d2d44189834a1c5d1c183911d8ba928a9ee52cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js HTTP/1.1
Host: excessstumbledvisited.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 25 Apr 2024 08:33:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 97d5d6e5d8c4b6579b1c48668bb8ee18
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

excessstumbledvisited.com/watch.1367061970190.js?dev=e&key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&pst=1714034064&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&res=14.2071&rmtc=t&shu=daff0332621983406cd696ca2cd9313b1efdc92ae7ff442de56a07bf6fe6a693ddb950fca96d683ab0b9d4d56a386d2e07bff22230696ca07d9b0d7d3dc9a035b67201e4a2f67124a894e84a2e9408db5a072bdce700ecbdd88e0e84cdf8608d50&tz=0&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1

172.240.108.68

200 OK

2.0 kB

URL GET HTTP/1.1
excessstumbledvisited.com/watch.1367061970190.js?dev=e&key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&pst=1714034064&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&res=14.2071&rmtc=t&shu=daff0332621983406cd696ca2cd9313b1efdc92ae7ff442de56a07bf6fe6a693ddb950fca96d683ab0b9d4d56a386d2e07bff22230696ca07d9b0d7d3dc9a035b67201e4a2f67124a894e84a2e9408db5a072bdce700ecbdd88e0e84cdf8608d50&tz=0&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectexcessstumbledvisited.com
FingerprintF6:CE:79:E1:1A:35:E2:A3:44:FF:13:1F:F1:48:18:54:55:70:8F:FE
ValidityMon, 22 Apr 2024 09:06:49 GMT - Sun, 21 Jul 2024 09:06:48 GMT

File type
JavaScript source, ASCII text, with very long lines (2455)
Size
2.0 kB (1997 bytes)
Hash
d2faf6f111108d10d56104bc0974e90e
bb304277b62a5c7144936da16065d478600dbcca
eb6e9a84ed8098b9491cf8cf0a6501d4edc5976e9ba61b726dd648a24479100b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1367061970190.js?dev=e&key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&pst=1714034064&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&res=14.2071&rmtc=t&shu=daff0332621983406cd696ca2cd9313b1efdc92ae7ff442de56a07bf6fe6a693ddb950fca96d683ab0b9d4d56a386d2e07bff22230696ca07d9b0d7d3dc9a035b67201e4a2f67124a894e84a2e9408db5a072bdce700ecbdd88e0e84cdf8608d50&tz=0&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1 HTTP/1.1
Host: excessstumbledvisited.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://libgen.li
Referer: https://libgen.li/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17566676; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzU2NjY3NiwiayI6ImU0NDVmYzVmY2VlYjUyNDg5YTY1MmY5ODk0YzIwMDg3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ5NTI1LCJwaWQiOjUyMDQ2NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiZGdxeTIzczMiLCJjcGtzIjp7IjI4IjoiMGUyMzE0M2ZlNTA1M2FhMGE3NzliYTI5OTNjMmE4ZTEiLCIyOSI6IjU4ZTFhZjRiMjc5Mjk4OTdkOThhN2YyYWM3MGFlZDlmIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xpYmdlbi5saS9hZHMucGhwP21kNT02MjZENTQzNTM3QzUxQzM3QUVCNDI4QjM0MDBEMEEzRiIsImFyIjpbXX19.DlgSPYejrjyxv6Dc5V936adPkU0GsJAeqjM_p7dG1Sw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 25 Apr 2024 08:33:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://libgen.li
Access-Control-Allow-Origin: https://libgen.li
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=dd79b6cf-6983-4388-9a58-1b8c4e37f968:2:1; expires=Thu, 02 May 2024 08:33:24 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 26 Apr 2024 08:33:24 GMT; secure; SameSite=None
uncs=1; expires=Fri, 26 Apr 2024 08:33:24 GMT; secure; SameSite=None
pdhtkv23=true; expires=Fri, 26 Apr 2024 08:33:24 GMT; secure; SameSite=None
uncs23=1; expires=Fri, 26 Apr 2024 08:33:24 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0b1bb2d0e55b9f7b2d48ce63fb9c39fc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

hewomenentail.com/watch.1508859454337.js?key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&tz=0&dev=e&res=14.2071&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1

192.243.59.12

307 Temporary Redirect

0 B

URL GET HTTP/1.1
hewomenentail.com/watch.1508859454337.js?key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&tz=0&dev=e&res=14.2071&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjecthewomenentail.com
Fingerprint14:95:EE:C0:C1:31:B6:1C:62:FC:81:55:8C:9C:5B:64:48:FD:65:AD
ValidityWed, 24 Apr 2024 15:13:32 GMT - Tue, 23 Jul 2024 15:13:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch.1508859454337.js?key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&tz=0&dev=e&res=14.2071&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1 HTTP/1.1
Host: hewomenentail.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://libgen.li
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Thu, 25 Apr 2024 08:33:24 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://libgen.li
Access-Control-Allow-Origin: https://libgen.li
Access-Control-Allow-Credentials: true
Location: https://hewomenentail.com/watch.1508859454337.js?dev=e&key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&pst=1714034064&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&res=14.2071&rmtc=t&shu=d2c36992df82fedbddd155ba87da22e75a76819da6c1b203f191105f09e3cd0e5044f82cdd1f0eea555263af1334774ad1c35ac868804b4c400c0a3604554a7ba9526107334d4076c65c0f2c1d2097914cc91d70859b9033ef767cf186ae31&tz=0&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1
Set-Cookie: u_pl=17566676; expires=Fri, 26 Apr 2024 08:33:24 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzU2NjY3NiwiayI6ImU0NDVmYzVmY2VlYjUyNDg5YTY1MmY5ODk0YzIwMDg3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ5NTI1LCJwaWQiOjUyMDQ2NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiZGdxeTIzczMiLCJjcGtzIjp7IjI4IjoiMGUyMzE0M2ZlNTA1M2FhMGE3NzliYTI5OTNjMmE4ZTEiLCIyOSI6IjU4ZTFhZjRiMjc5Mjk4OTdkOThhN2YyYWM3MGFlZDlmIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xpYmdlbi5saS9hZHMucGhwP21kNT02MjZENTQzNTM3QzUxQzM3QUVCNDI4QjM0MDBEMEEzRiIsImFyIjpbXX19.DlgSPYejrjyxv6Dc5V936adPkU0GsJAeqjM_p7dG1Sw; expires=Thu, 25 Apr 2024 08:34:24 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9cfc7688a194e060dca33fc1b43332f0
Strict-Transport-Security: max-age=0; includeSubdomains

hewomenentail.com/watch.1508859454337.js?dev=e&key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&pst=1714034064&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&res=14.2071&rmtc=t&shu=d2c36992df82fedbddd155ba87da22e75a76819da6c1b203f191105f09e3cd0e5044f82cdd1f0eea555263af1334774ad1c35ac868804b4c400c0a3604554a7ba9526107334d4076c65c0f2c1d2097914cc91d70859b9033ef767cf186ae31&tz=0&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1

192.243.59.12

200 OK

2.0 kB

URL GET HTTP/1.1
hewomenentail.com/watch.1508859454337.js?dev=e&key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&pst=1714034064&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&res=14.2071&rmtc=t&shu=d2c36992df82fedbddd155ba87da22e75a76819da6c1b203f191105f09e3cd0e5044f82cdd1f0eea555263af1334774ad1c35ac868804b4c400c0a3604554a7ba9526107334d4076c65c0f2c1d2097914cc91d70859b9033ef767cf186ae31&tz=0&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjecthewomenentail.com
Fingerprint14:95:EE:C0:C1:31:B6:1C:62:FC:81:55:8C:9C:5B:64:48:FD:65:AD
ValidityWed, 24 Apr 2024 15:13:32 GMT - Tue, 23 Jul 2024 15:13:31 GMT

File type
JavaScript source, ASCII text, with very long lines (2445)
Size
2.0 kB (1986 bytes)
Hash
673da872c9cbf582d9238df73b287cd1
f0136cbf293bd08f036feee25a491d7425d1066a
fcaf084f3eb550a2ff6f5c1bfb8163297e9f9ad91544528faa8cb481b8288fc4

HTTP Headers

GET /watch.1508859454337.js?dev=e&key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&pst=1714034064&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&res=14.2071&rmtc=t&shu=d2c36992df82fedbddd155ba87da22e75a76819da6c1b203f191105f09e3cd0e5044f82cdd1f0eea555263af1334774ad1c35ac868804b4c400c0a3604554a7ba9526107334d4076c65c0f2c1d2097914cc91d70859b9033ef767cf186ae31&tz=0&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1 HTTP/1.1
Host: hewomenentail.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://libgen.li
Referer: https://libgen.li/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17566676; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzU2NjY3NiwiayI6ImU0NDVmYzVmY2VlYjUyNDg5YTY1MmY5ODk0YzIwMDg3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ5NTI1LCJwaWQiOjUyMDQ2NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiZGdxeTIzczMiLCJjcGtzIjp7IjI4IjoiMGUyMzE0M2ZlNTA1M2FhMGE3NzliYTI5OTNjMmE4ZTEiLCIyOSI6IjU4ZTFhZjRiMjc5Mjk4OTdkOThhN2YyYWM3MGFlZDlmIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xpYmdlbi5saS9hZHMucGhwP21kNT02MjZENTQzNTM3QzUxQzM3QUVCNDI4QjM0MDBEMEEzRiIsImFyIjpbXX19.DlgSPYejrjyxv6Dc5V936adPkU0GsJAeqjM_p7dG1Sw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 25 Apr 2024 08:33:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://libgen.li
Access-Control-Allow-Origin: https://libgen.li
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=dd79b6cf-6983-4388-9a58-1b8c4e37f968:2:1; expires=Thu, 02 May 2024 08:33:24 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 26 Apr 2024 08:33:24 GMT; secure; SameSite=None
uncs=1; expires=Fri, 26 Apr 2024 08:33:24 GMT; secure; SameSite=None
pdhtkv23=true; expires=Fri, 26 Apr 2024 08:33:24 GMT; secure; SameSite=None
uncs23=1; expires=Fri, 26 Apr 2024 08:33:24 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4e96a22cc29286a8557c9dfe8920b2a2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

hewomenentail.com/58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js

192.243.59.12

200 OK

16 kB

URL GET HTTP/1.1
hewomenentail.com/58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjecthewomenentail.com
Fingerprint14:95:EE:C0:C1:31:B6:1C:62:FC:81:55:8C:9C:5B:64:48:FD:65:AD
ValidityWed, 24 Apr 2024 15:13:32 GMT - Tue, 23 Jul 2024 15:13:31 GMT

File type
JavaScript source, ASCII text, with very long lines (44078), with no line terminators
Size
16 kB (15836 bytes)
Hash
1c9632201239e5bc1e7819514ed87bd5
9fe033946a6a3fb6047bc43ce838cc8e46e52703
893622e9eab654bb320fa4bc20f97674a0ec2477e5f974119ab78fde91fc6f48

HTTP Headers

GET /58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js HTTP/1.1
Host: hewomenentail.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 25 Apr 2024 08:33:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 91ac5aefaff7d9453eb9f71ef5ad0ac3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

crisppennygiggle.com/watch.908198848862.js?key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&tz=0&dev=e&res=14.2071&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1

192.243.59.20

307 Temporary Redirect

0 B

URL GET HTTP/1.1
crisppennygiggle.com/watch.908198848862.js?key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&tz=0&dev=e&res=14.2071&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectcrisppennygiggle.com
Fingerprint8F:53:50:A2:52:F5:0D:CA:5A:3F:AF:16:3E:6E:0F:F2:47:24:AD:8B
ValidityWed, 24 Apr 2024 14:54:12 GMT - Tue, 23 Jul 2024 14:54:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch.908198848862.js?key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&tz=0&dev=e&res=14.2071&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1 HTTP/1.1
Host: crisppennygiggle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://libgen.li
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Thu, 25 Apr 2024 08:33:24 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://libgen.li
Access-Control-Allow-Origin: https://libgen.li
Access-Control-Allow-Credentials: true
Location: https://crisppennygiggle.com/watch.908198848862.js?dev=e&key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&pst=1714034064&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&res=14.2071&rmtc=t&shu=577d95da8a1e7e08941adf61913234623dad442fa77b42d18c6e4d9ec839455eaa2fe6155ac5a294e46b48fdc36a931cc1561b733d1f06d9ddbd3cd86365508b598c7ececeaac5429c4a247dd6679836a8c5b407d0b2f2340110bfba19&tz=0&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1
Set-Cookie: u_pl=17566676; expires=Fri, 26 Apr 2024 08:33:24 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzU2NjY3NiwiayI6ImU0NDVmYzVmY2VlYjUyNDg5YTY1MmY5ODk0YzIwMDg3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ5NTI1LCJwaWQiOjUyMDQ2NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiZGdxeTIzczMiLCJjcGtzIjp7IjI4IjoiMGUyMzE0M2ZlNTA1M2FhMGE3NzliYTI5OTNjMmE4ZTEiLCIyOSI6IjU4ZTFhZjRiMjc5Mjk4OTdkOThhN2YyYWM3MGFlZDlmIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xpYmdlbi5saS9hZHMucGhwP21kNT02MjZENTQzNTM3QzUxQzM3QUVCNDI4QjM0MDBEMEEzRiIsImFyIjpbXX19.DlgSPYejrjyxv6Dc5V936adPkU0GsJAeqjM_p7dG1Sw; expires=Thu, 25 Apr 2024 08:34:24 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4e7d73dfc881e918800708f0024fb3dd
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/cti/27/cf/a9/27cfa94bc21f8231e12ae94f4cebe367/1627917273.png

45.133.44.10

200 OK

56 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/27/cf/a9/27cfa94bc21f8231e12ae94f4cebe367/1627917273.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced
Size
56 kB (56505 bytes)
Hash
231d615f0b920b0f0c8758342141193b
ca68f0f6e4c9124bbe61c49d789d0447076b0332
3e24999c26c1c68485e879756ea30639ccee4d7f30f1e2c0e5190818cbab8996

HTTP Headers

GET /cti/27/cf/a9/27cfa94bc21f8231e12ae94f4cebe367/1627917273.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:33:24 GMT
content-type: image/png
content-length: 56505
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 15:14:41 GMT
etag: "61080be1-dcb9"
expires: Sat, 27 Apr 2024 08:33:24 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

crisppennygiggle.com/58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js

192.243.59.20

200 OK

16 kB

URL GET HTTP/1.1
crisppennygiggle.com/58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectcrisppennygiggle.com
Fingerprint8F:53:50:A2:52:F5:0D:CA:5A:3F:AF:16:3E:6E:0F:F2:47:24:AD:8B
ValidityWed, 24 Apr 2024 14:54:12 GMT - Tue, 23 Jul 2024 14:54:11 GMT

File type
JavaScript source, ASCII text, with very long lines (44118), with no line terminators
Size
16 kB (15845 bytes)
Hash
3f6233f954f4040b6fa3340fab67f692
d8104bd838dc7e6484364c4d883cff45786409df
eb9237237f6ac930052db65bce31598a6e50ba27d0c9a71ea4d30501790cb8f7

HTTP Headers

GET /58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js HTTP/1.1
Host: crisppennygiggle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 25 Apr 2024 08:33:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 28e004668f6aad2eda8635718db1973c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.cloudimagesb.com/cti/08/97/f5/0897f5fd97712cab162ea659e7ab93f0/1627917212.png

45.133.44.10

200 OK

45 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/08/97/f5/0897f5fd97712cab162ea659e7ab93f0/1627917212.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced
Size
45 kB (45371 bytes)
Hash
dbde2854f2a693ab43a1ee72cdf0c686
820bc6fb6d40db1cdc8b9a214d4a8b1138f2e3fa
aa648c4116a815deb4a006ed29f17342ccdb8c0d2ca863b54aa2517e1ed88641

HTTP Headers

GET /cti/08/97/f5/0897f5fd97712cab162ea659e7ab93f0/1627917212.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:33:25 GMT
content-type: image/png
content-length: 45371
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 15:13:41 GMT
etag: "61080ba5-b13b"
expires: Sat, 27 Apr 2024 08:33:25 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

officerdiscontentedalley.com/watch.102295541708.js?key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&tz=0&dev=e&res=14.2071&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1

192.243.59.13

307 Temporary Redirect

0 B

URL GET HTTP/1.1
officerdiscontentedalley.com/watch.102295541708.js?key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&tz=0&dev=e&res=14.2071&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectofficerdiscontentedalley.com
FingerprintFD:63:9F:F3:B9:2C:0F:20:0E:D5:E3:96:9A:44:6D:F8:9C:C3:92:83
ValidityWed, 24 Apr 2024 15:16:37 GMT - Tue, 23 Jul 2024 15:16:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch.102295541708.js?key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&tz=0&dev=e&res=14.2071&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1 HTTP/1.1
Host: officerdiscontentedalley.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://libgen.li
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Thu, 25 Apr 2024 08:33:25 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://libgen.li
Access-Control-Allow-Origin: https://libgen.li
Access-Control-Allow-Credentials: true
Location: https://officerdiscontentedalley.com/watch.102295541708.js?dev=e&key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&pst=1714034065&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&res=14.2071&rmtc=t&shu=e752af9a8272488891deb6909af139470efd32926cb9d0c6a8409355f913b4049a51858841b63bd99658278f6528deb5c5c4d1610efd1c4ebb2b78b303a16a81e2985c2b390d2263da59aa1b9aff9096da0b93fc06ba5e20acc938fbf4cf&tz=0&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1
Set-Cookie: u_pl=17566676; expires=Fri, 26 Apr 2024 08:33:25 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzU2NjY3NiwiayI6ImU0NDVmYzVmY2VlYjUyNDg5YTY1MmY5ODk0YzIwMDg3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ5NTI1LCJwaWQiOjUyMDQ2NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiZGdxeTIzczMiLCJjcGtzIjp7IjI4IjoiMGUyMzE0M2ZlNTA1M2FhMGE3NzliYTI5OTNjMmE4ZTEiLCIyOSI6IjU4ZTFhZjRiMjc5Mjk4OTdkOThhN2YyYWM3MGFlZDlmIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xpYmdlbi5saS9hZHMucGhwP21kNT02MjZENTQzNTM3QzUxQzM3QUVCNDI4QjM0MDBEMEEzRiIsImFyIjpbXX19.DlgSPYejrjyxv6Dc5V936adPkU0GsJAeqjM_p7dG1Sw; expires=Thu, 25 Apr 2024 08:34:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 90f8d0b86c224fbece79e8ec55d5b792
Strict-Transport-Security: max-age=0; includeSubdomains

crisppennygiggle.com/watch.908198848862.js?dev=e&key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&pst=1714034064&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&res=14.2071&rmtc=t&shu=577d95da8a1e7e08941adf61913234623dad442fa77b42d18c6e4d9ec839455eaa2fe6155ac5a294e46b48fdc36a931cc1561b733d1f06d9ddbd3cd86365508b598c7ececeaac5429c4a247dd6679836a8c5b407d0b2f2340110bfba19&tz=0&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1

192.243.59.20

200 OK

2.0 kB

URL GET HTTP/1.1
crisppennygiggle.com/watch.908198848862.js?dev=e&key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&pst=1714034064&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&res=14.2071&rmtc=t&shu=577d95da8a1e7e08941adf61913234623dad442fa77b42d18c6e4d9ec839455eaa2fe6155ac5a294e46b48fdc36a931cc1561b733d1f06d9ddbd3cd86365508b598c7ececeaac5429c4a247dd6679836a8c5b407d0b2f2340110bfba19&tz=0&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectcrisppennygiggle.com
Fingerprint8F:53:50:A2:52:F5:0D:CA:5A:3F:AF:16:3E:6E:0F:F2:47:24:AD:8B
ValidityWed, 24 Apr 2024 14:54:12 GMT - Tue, 23 Jul 2024 14:54:11 GMT

File type
JavaScript source, ASCII text, with very long lines (2432)
Size
2.0 kB (1977 bytes)
Hash
e532f20ef9457d1e4ef3ca71536673c9
8a290430cbdac57f7807bf350ccfbd11f402a38c
259595673111dc58218a255a76b16ebe565f8c27604863840f91820df767d874

HTTP Headers

GET /watch.908198848862.js?dev=e&key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&pst=1714034064&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&res=14.2071&rmtc=t&shu=577d95da8a1e7e08941adf61913234623dad442fa77b42d18c6e4d9ec839455eaa2fe6155ac5a294e46b48fdc36a931cc1561b733d1f06d9ddbd3cd86365508b598c7ececeaac5429c4a247dd6679836a8c5b407d0b2f2340110bfba19&tz=0&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1 HTTP/1.1
Host: crisppennygiggle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://libgen.li
Referer: https://libgen.li/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17566676; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzU2NjY3NiwiayI6ImU0NDVmYzVmY2VlYjUyNDg5YTY1MmY5ODk0YzIwMDg3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ5NTI1LCJwaWQiOjUyMDQ2NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiZGdxeTIzczMiLCJjcGtzIjp7IjI4IjoiMGUyMzE0M2ZlNTA1M2FhMGE3NzliYTI5OTNjMmE4ZTEiLCIyOSI6IjU4ZTFhZjRiMjc5Mjk4OTdkOThhN2YyYWM3MGFlZDlmIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xpYmdlbi5saS9hZHMucGhwP21kNT02MjZENTQzNTM3QzUxQzM3QUVCNDI4QjM0MDBEMEEzRiIsImFyIjpbXX19.DlgSPYejrjyxv6Dc5V936adPkU0GsJAeqjM_p7dG1Sw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 25 Apr 2024 08:33:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://libgen.li
Access-Control-Allow-Origin: https://libgen.li
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=dd79b6cf-6983-4388-9a58-1b8c4e37f968:2:1; expires=Thu, 02 May 2024 08:33:25 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 26 Apr 2024 08:33:25 GMT; secure; SameSite=None
uncs=1; expires=Fri, 26 Apr 2024 08:33:25 GMT; secure; SameSite=None
pdhtkv23=true; expires=Fri, 26 Apr 2024 08:33:25 GMT; secure; SameSite=None
uncs23=1; expires=Fri, 26 Apr 2024 08:33:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5111aedf8e3e1110233d97bfdfc01837
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.cloudimagesb.com/cti/a0/a3/cc/a0a3cca38b4b0492063c567e97e9aea3/1707890399.png

45.133.44.10

200 OK

15 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/a0/a3/cc/a0a3cca38b4b0492063c567e97e9aea3/1707890399.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced
Size
15 kB (15233 bytes)
Hash
837a7b801be9663e0c6993bb82f4aab8
c6aa8633a4855d962e19c503e648c65ddc3f2ddf
9893e110964b4f5a1e6c172e1a93e41dbddafdc77f2df54d7461fac5c12302d0

HTTP Headers

GET /cti/a0/a3/cc/a0a3cca38b4b0492063c567e97e9aea3/1707890399.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:33:25 GMT
content-type: image/png
content-length: 15233
server: nginx/1.21.6
last-modified: Wed, 14 Feb 2024 06:00:09 GMT
etag: "65cc56e9-3b81"
expires: Sat, 27 Apr 2024 08:33:25 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

officerdiscontentedalley.com/58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js

192.243.59.13

200 OK

16 kB

URL GET HTTP/1.1
officerdiscontentedalley.com/58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectofficerdiscontentedalley.com
FingerprintFD:63:9F:F3:B9:2C:0F:20:0E:D5:E3:96:9A:44:6D:F8:9C:C3:92:83
ValidityWed, 24 Apr 2024 15:16:37 GMT - Tue, 23 Jul 2024 15:16:36 GMT

File type
JavaScript source, ASCII text, with very long lines (44078), with no line terminators
Size
16 kB (15834 bytes)
Hash
df1d75c6035d880fe40b62b728522a6a
0bbd3efc665762ee6575818019c194ba3774fd83
ec41dab797992076daa160bbb3af29fb3ce78b1456ad4c430d3806b42059e9e7

HTTP Headers

GET /58/e1/af/58e1af4b27929897d98a7f2ac70aed9f.js HTTP/1.1
Host: officerdiscontentedalley.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 25 Apr 2024 08:33:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: adad00fe49b8babc75d2d0444ccd7ecc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

officerdiscontentedalley.com/watch.102295541708.js?dev=e&key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&pst=1714034065&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&res=14.2071&rmtc=t&shu=e752af9a8272488891deb6909af139470efd32926cb9d0c6a8409355f913b4049a51858841b63bd99658278f6528deb5c5c4d1610efd1c4ebb2b78b303a16a81e2985c2b390d2263da59aa1b9aff9096da0b93fc06ba5e20acc938fbf4cf&tz=0&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1

192.243.59.13

200 OK

2.0 kB

URL GET HTTP/1.1
officerdiscontentedalley.com/watch.102295541708.js?dev=e&key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&pst=1714034065&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&res=14.2071&rmtc=t&shu=e752af9a8272488891deb6909af139470efd32926cb9d0c6a8409355f913b4049a51858841b63bd99658278f6528deb5c5c4d1610efd1c4ebb2b78b303a16a81e2985c2b390d2263da59aa1b9aff9096da0b93fc06ba5e20acc938fbf4cf&tz=0&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectofficerdiscontentedalley.com
FingerprintFD:63:9F:F3:B9:2C:0F:20:0E:D5:E3:96:9A:44:6D:F8:9C:C3:92:83
ValidityWed, 24 Apr 2024 15:16:37 GMT - Tue, 23 Jul 2024 15:16:36 GMT

File type
JavaScript source, ASCII text, with very long lines (2462)
Size
2.0 kB (2000 bytes)
Hash
9074cfc837c83700771b985ec41ad3c1
589a315829a0f7882b1f8fd734622480e98c7f97
cf4a3b008a8da7023a35d928e42bfc9c0216dd8e3f67fd5190aadeb84d0c9c5c

HTTP Headers

GET /watch.102295541708.js?dev=e&key=e445fc5fceeb52489a652f9894c20087&kw=%5B%22library%22%2C%22genesis%22%5D&pst=1714034065&refer=https%3A%2F%2Flibgen.li%2Fads.php%3Fmd5%3D626D543537C51C37AEB428B3400D0A3F&res=14.2071&rmtc=t&shu=e752af9a8272488891deb6909af139470efd32926cb9d0c6a8409355f913b4049a51858841b63bd99658278f6528deb5c5c4d1610efd1c4ebb2b78b303a16a81e2985c2b390d2263da59aa1b9aff9096da0b93fc06ba5e20acc938fbf4cf&tz=0&uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1 HTTP/1.1
Host: officerdiscontentedalley.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://libgen.li
Referer: https://libgen.li/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17566676; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzU2NjY3NiwiayI6ImU0NDVmYzVmY2VlYjUyNDg5YTY1MmY5ODk0YzIwMDg3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ5NTI1LCJwaWQiOjUyMDQ2NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiZGdxeTIzczMiLCJjcGtzIjp7IjI4IjoiMGUyMzE0M2ZlNTA1M2FhMGE3NzliYTI5OTNjMmE4ZTEiLCIyOSI6IjU4ZTFhZjRiMjc5Mjk4OTdkOThhN2YyYWM3MGFlZDlmIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xpYmdlbi5saS9hZHMucGhwP21kNT02MjZENTQzNTM3QzUxQzM3QUVCNDI4QjM0MDBEMEEzRiIsImFyIjpbXX19.DlgSPYejrjyxv6Dc5V936adPkU0GsJAeqjM_p7dG1Sw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 25 Apr 2024 08:33:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://libgen.li
Access-Control-Allow-Origin: https://libgen.li
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=dd79b6cf-6983-4388-9a58-1b8c4e37f968:2:1; expires=Thu, 02 May 2024 08:33:25 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 26 Apr 2024 08:33:25 GMT; secure; SameSite=None
uncs=1; expires=Fri, 26 Apr 2024 08:33:25 GMT; secure; SameSite=None
pdhtkv23=true; expires=Fri, 26 Apr 2024 08:33:25 GMT; secure; SameSite=None
uncs23=1; expires=Fri, 26 Apr 2024 08:33:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a20714b5d54f9627137ff42222920495
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

capaciousdrewreligion.com/advertisers.js

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
Fingerprint53:B6:ED:C6:B5:B6:60:3E:6D:02:5A:92:2E:C3:12:74:64:A1:23:DC
ValidityWed, 06 Mar 2024 11:57:32 GMT - Tue, 04 Jun 2024 11:57:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 25 Apr 2024 08:33:25 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 961a1e6b8208fce87d9677b3bc74c2ec
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/cti/fd/36/c9/fd36c98b33bae60ac085b715afd7d8fc/1707890422.png

45.133.44.10

200 OK

18 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/fd/36/c9/fd36c98b33bae60ac085b715afd7d8fc/1707890422.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced
Size
18 kB (17907 bytes)
Hash
22dbc90cc228238c2eda3411c5a94f2d
e649af6121cf06a0214e03df6cb97da3f5305d03
3df7322db0809e1f32259d18cfb69e77465e690272a645c4af6776975463c08e

HTTP Headers

GET /cti/fd/36/c9/fd36c98b33bae60ac085b715afd7d8fc/1707890422.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:33:25 GMT
content-type: image/png
content-length: 17907
server: nginx/1.21.6
last-modified: Wed, 14 Feb 2024 06:00:32 GMT
etag: "65cc5700-45f3"
expires: Sat, 27 Apr 2024 08:33:25 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

downstairsnegotiatebarren.com/sfp.js

188.114.96.1

200 OK

28 kB

URL GET HTTP/3
downstairsnegotiatebarren.com/sfp.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44
ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27462 bytes)
Hash
f4a2f8f9f99541c6f105bbd0a025bd40
1f8e3eff12168fdd9e719adfc098d24a45b6916a
b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:33:25 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 97283973b67770b770277e7e38169c15
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 25 Apr 2024 08:33:25 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rN5fReIjnDF%2B45Zc4zVr74rPI0Cm6KHSslUFyb%2Bc11ZJgvSNxGm5OuUGTH6yMPedGL1gjCrGk1wWWuTbJHdySlfge7RaHxG1%2FnA7%2FmE9CO6erON4Yyi%2BhjLMXEZeeqV2PR7DS5KOh4z0OJ3MoxQfbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfcf3e93f56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

libgen.li/img/favicon.ico

104.21.57.230

200 OK

611 B

URL GET HTTP/3
libgen.li/img/favicon.ico
IP
104.21.57.230:443
ASN
#13335 CLOUDFLARENET

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerGoogle Trust Services LLC
Subjectlibgen.li
Fingerprint06:24:55:C4:AE:3B:B5:C6:0A:90:28:66:BB:46:E7:6D:2C:0C:A3:F4
ValidityTue, 16 Apr 2024 21:18:07 GMT - Mon, 15 Jul 2024 21:18:06 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel
Size
611 B (611 bytes)
Hash
1aae1c5c5b27e6d63ba2e0a8d596760e
2a8294e38dfc9474d869e05d2a9a42dcccfe3066
d3910a9bd312389bd76df879ad74c7c5f596b1056f1d86d537b6451738c61390

HTTP Headers

GET /img/favicon.ico HTTP/1.1
Host: libgen.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Cookie: PHPSESSID=gq6rkhsqnfophfb91p21frmeo6; dom3ic8zudi28v8lr6fgphwffqoz0j6c=dd79b6cf-6983-4388-9a58-1b8c4e37f968%3A2%3A1; pp_main_d53e2728a6de1b6d59e60f5833fa9c3f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:33:25 GMT
content-type: image/x-icon
last-modified: Mon, 13 May 2013 20:56:22 GMT
etag: W/"51915376-8be"
expires: Sun, 28 Apr 2024 11:39:24 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 334441
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xZKIpitIq3k3mpJsVXYwqP999ufFI9HvsbquFx7BzAiva%2B70UGF92kKOujgCiYwnH5b4ZqyybViWLYlbLCU4i2hZerAZnJEXwRr9RQZ4FIIR0fBECRYZjiUG%2BaQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfcf5eb52b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

unseenreport.com/pxf.gif?uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=042ff9b9b59bdc32b7a84fec6430fe85&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=8

172.240.108.76

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=042ff9b9b59bdc32b7a84fec6430fe85&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=8
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=042ff9b9b59bdc32b7a84fec6430fe85&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 25 Apr 2024 08:33:26 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 04a33ff4f6f0e25cea534c165ac65ef9
Strict-Transport-Security: max-age=0; includeSubdomains

libgen.li/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

104.21.57.230

200 OK

1.2 kB

URL GET HTTP/3
libgen.li/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
104.21.57.230:443
ASN
#13335 CLOUDFLARENET

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerGoogle Trust Services LLC
Subjectlibgen.li
Fingerprint06:24:55:C4:AE:3B:B5:C6:0A:90:28:66:BB:46:E7:6D:2C:0C:A3:F4
ValidityTue, 16 Apr 2024 21:18:07 GMT - Mon, 15 Jul 2024 21:18:06 GMT

File type
HTML document, ASCII text, with very long lines (1271), with no line terminators
Size
1.2 kB (1239 bytes)
Hash
40d981045a7516cdadd00e8dccc9c58d
8b8d9a48c6b9d2fba596034ef5db3dd0f2f781c3
71c7d5fc630ff38080f71945be1e8b0c43140d8c25338056b752495e18739c0c

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: libgen.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Cookie: PHPSESSID=gq6rkhsqnfophfb91p21frmeo6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:33:23 GMT
content-type: application/javascript
last-modified: Fri, 19 Apr 2024 20:54:07 GMT
etag: W/"6622d9ef-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P5rWfKBZnuQz6MjfFLiEZxNZJVWxoK9pP0CINHakzZVWWrqh1R0TaBCxr%2F0%2FNCNws2o3wuysGRHZ6bUYTG35Njq27fH64to99pSyS3uYcGAqsDZA2AvUnmR%2FTD0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfce78c63b4f9-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sat, 27 Apr 2024 08:33:23 GMT
cache-control: max-age=172800, public
content-encoding: gzip

libgen.li/js/form-validation.js

104.21.57.230

200 OK

686 B

URL GET HTTP/3
libgen.li/js/form-validation.js
IP
104.21.57.230:443
ASN
#13335 CLOUDFLARENET

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerGoogle Trust Services LLC
Subjectlibgen.li
Fingerprint06:24:55:C4:AE:3B:B5:C6:0A:90:28:66:BB:46:E7:6D:2C:0C:A3:F4
ValidityTue, 16 Apr 2024 21:18:07 GMT - Mon, 15 Jul 2024 21:18:06 GMT

File type
JavaScript source, ASCII text, with very long lines (707), with no line terminators
Size
686 B (686 bytes)
Hash
9b49fb891557236d80c4823d110ee45b
3cfdb12d1dc761ca69c01f5387795358b20ba6ff
3d4aa7a6338cdd568ef532bcb206dbaadd1c060cdf3873819b7f8fe242bf804c

HTTP Headers

GET /js/form-validation.js HTTP/1.1
Host: libgen.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Cookie: PHPSESSID=gq6rkhsqnfophfb91p21frmeo6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:33:23 GMT
content-type: application/javascript
last-modified: Tue, 13 Oct 2020 12:33:28 GMT
etag: W/"5f859e98-2ae"
expires: Tue, 30 Apr 2024 14:58:57 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 149666
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jYQOwS31a6VdQco5HI5ydORwU43l9fetKNggThD0H%2FSWL%2FBTxTvEBk0MyXK%2FbB7DWXMyAzfVmhkfutfWSDzR74eXFrfYztn3x0XYtxBkXLzotA87yLcZQoUHgdM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfce78c6ab4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

unseenreport.com/pxf.gif?uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=58e1af4b27929897d98a7f2ac70aed9f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=8

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=58e1af4b27929897d98a7f2ac70aed9f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=8
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=58e1af4b27929897d98a7f2ac70aed9f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 25 Apr 2024 08:33:26 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 100c6be7a8ad6993458654c49bdbdd6d
Strict-Transport-Security: max-age=0; includeSubdomains

libgen.li/js/popper.min.js

104.21.57.230

200 OK

19 kB

URL GET HTTP/3
libgen.li/js/popper.min.js
IP
104.21.57.230:443
ASN
#13335 CLOUDFLARENET

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerGoogle Trust Services LLC
Subjectlibgen.li
Fingerprint06:24:55:C4:AE:3B:B5:C6:0A:90:28:66:BB:46:E7:6D:2C:0C:A3:F4
ValidityTue, 16 Apr 2024 21:18:07 GMT - Mon, 15 Jul 2024 21:18:06 GMT

File type
JavaScript source, ASCII text, with very long lines (19015)
Size
19 kB (19150 bytes)
Hash
c2457ff14b8092f06f6d6610b202ec7f
6465bce461e777d6871c2d8dead3f6cfbbfab664
c86333d79746bb469e7d3fd957b4e58f05fc2e2c22033a9f523653aae6142591

HTTP Headers

GET /js/popper.min.js HTTP/1.1
Host: libgen.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Cookie: PHPSESSID=gq6rkhsqnfophfb91p21frmeo6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:33:23 GMT
content-type: application/javascript
last-modified: Sun, 16 May 2021 04:13:40 GMT
etag: W/"60a09bf4-4ace"
expires: Tue, 30 Apr 2024 14:58:57 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 149666
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4kXaABR0OrvzEx%2Bqz22tmlw3TS71cGTJTM%2FOdHXXUb1RvCyAfiHiwRhAr%2BZ0P7FL3a5jP3P6fvNia51QFYQsKv8y3Z8MNo%2F7opVVZFWz44ETipGAp1gOxcUKZaA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfce78c64b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

libgen.li/js/dark-mode-switch.js

104.21.57.230

200 OK

2.9 kB

URL GET HTTP/3
libgen.li/js/dark-mode-switch.js
IP
104.21.57.230:443
ASN
#13335 CLOUDFLARENET

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerGoogle Trust Services LLC
Subjectlibgen.li
Fingerprint06:24:55:C4:AE:3B:B5:C6:0A:90:28:66:BB:46:E7:6D:2C:0C:A3:F4
ValidityTue, 16 Apr 2024 21:18:07 GMT - Mon, 15 Jul 2024 21:18:06 GMT

File type
ASCII text, with very long lines (3093), with no line terminators
Size
2.9 kB (2933 bytes)
Hash
196aaac6d47aecd9d378dce8825bad01
58b461baec6e549363b6bd2aea647177517a5852
7dd40ed03fc6c57f4863e34f5f67f9f7dc2a5f5ebc2e0b627f32fb9176b56b76

HTTP Headers

GET /js/dark-mode-switch.js HTTP/1.1
Host: libgen.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Cookie: PHPSESSID=gq6rkhsqnfophfb91p21frmeo6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:33:23 GMT
content-type: application/javascript
last-modified: Sat, 22 May 2021 16:34:13 GMT
etag: W/"60a93285-b75"
expires: Tue, 30 Apr 2024 14:53:27 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 149996
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O33IYgohBsG9fgp%2BkycDS94n%2Fmcny%2FmdAU2D0I%2FlV7sNVypK%2BNAPdWRD74g1ilBrx6TZ9G5KAG9Q%2BZIms3sPn2JWb0mvEZ0K0p8n8wcp8IAK6nucrz52werDssY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfce78c61b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

unseenreport.com/pxf.gif?uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=d53e2728a6de1b6d59e60f5833fa9c3f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=8

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=d53e2728a6de1b6d59e60f5833fa9c3f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=8
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=dd79b6cf-6983-4388-9a58-1b8c4e37f968&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=d53e2728a6de1b6d59e60f5833fa9c3f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 25 Apr 2024 08:33:26 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: abf6b8c8473bd7861c4c7a2c5f2f1148
Strict-Transport-Security: max-age=0; includeSubdomains

libgen.li/css/font.min.css

104.21.57.230

200 OK

9.7 kB

URL GET HTTP/3
libgen.li/css/font.min.css
IP
104.21.57.230:443
ASN
#13335 CLOUDFLARENET

Requested by
https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Certificate
IssuerGoogle Trust Services LLC
Subjectlibgen.li
Fingerprint06:24:55:C4:AE:3B:B5:C6:0A:90:28:66:BB:46:E7:6D:2C:0C:A3:F4
ValidityTue, 16 Apr 2024 21:18:07 GMT - Mon, 15 Jul 2024 21:18:06 GMT

File type
ASCII text, with very long lines (10506), with no line terminators
Size
9.7 kB (9687 bytes)
Hash
9e2ef5e40b8f39925c1c66bc9d92f5e7
7c3f02611f7535813f99923ce89ba2b5bee52634
368673b259231ff90a35ee7131c51db777f36db5b39b2c0c4ce60423d0ca1687

HTTP Headers

GET /css/font.min.css HTTP/1.1
Host: libgen.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
Cookie: PHPSESSID=gq6rkhsqnfophfb91p21frmeo6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:33:23 GMT
content-type: text/css
last-modified: Wed, 09 Jun 2021 18:13:05 GMT
vary: Accept-Encoding
etag: W/"60c104b1-25d7"
expires: Tue, 30 Apr 2024 14:53:27 GMT
cache-control: max-age=604800
cf-cache-status: HIT
age: 149996
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zElMkRCX%2F4ItOkUWdKvgyc7Ycd6yzzoCJTub3rGvgxri9WDXoL6quWez3DACumF2qBOjoLrdG5noCeoXS4%2Bw%2B97f23zgt9TPJsA88DBh1%2Bf5kAYf5xi8%2BJVUWQg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cfce77c4ab4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F

104.21.57.230

200 OK

21 kB

URL User Request GET HTTP/2
libgen.li/ads.php?md5=626D543537C51C37AEB428B3400D0A3F
IP
104.21.57.230:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectlibgen.li
Fingerprint06:24:55:C4:AE:3B:B5:C6:0A:90:28:66:BB:46:E7:6D:2C:0C:A3:F4
ValidityTue, 16 Apr 2024 21:18:07 GMT - Mon, 15 Jul 2024 21:18:06 GMT

File type

Size
21 kB (20827 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ads.php?md5=626D543537C51C37AEB428B3400D0A3F HTTP/1.1
Host: libgen.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:33:22 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=gq6rkhsqnfophfb91p21frmeo6; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CmU795jIkZpBJl%2FAelw0l0tRibLQOLo69bS5MPdfQ%2FGMyAeL2RjwrlnwAo5ah0WXtmw3lRCIfWup%2Bp4WkSW5iHlwCDwCXqZTRST9lb%2FFmSQcWQDTrbYFd5yc6%2Bs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cfcdd4f311c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (31)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by