Report - en.yt1save.com/zoro/

Report Overview

Visited public
2023-10-24 21:22:55
Tags
Submit Tags
URL
en.yt1save.com/zoro/
Finishing URL
en.yt1save.com/zoro/
IP / ASN
172.67.211.111
#13335 CLOUDFLARENET
Title
Zoro Downloader • Convert & Download ❤️ - YT1Save

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
en.yt1save.com	unknown	2021-01-25	2022-01-08 13:04:06	2023-07-29 16:13:50	5.1 kB	468 kB	104.21.77.198
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-10-24 19:28:06	340 B	942 B	143.204.53.97
professionalswebcheck.com	unknown	2022-04-01	2022-04-02 00:47:29	2023-10-24 19:03:53	434 B	421 B	3.73.202.184
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-10-24 14:26:05	1.3 kB	178 kB	45.133.44.9
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-10-24 18:12:09	1.3 kB	2.8 kB	142.250.74.67
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-10-24 19:34:38	879 B	151 kB	142.250.74.168
www.google.no	25607	2001-02-26	2016-04-05 21:50:59	2023-10-24 18:20:41	531 B	578 B	142.250.74.163
jazzspeechlessarena.com	unknown	2022-05-17	2022-05-17 14:39:41	2023-10-07 12:32:44	1.4 kB	35 kB	173.233.139.164
firefox-settings-attachments.cdn.mozilla.net	11509	1998-01-31	2019-11-30 10:32:57	2023-10-24 17:49:40	402 B	818 kB	34.117.121.53
region1.analytics.google.com	unknown	1997-09-15	2022-03-17 12:26:33	2023-10-24 18:20:41	779 B	445 B	216.239.32.36
cuttingdemeanoursuperintend.com	unknown	2023-09-27	2023-09-27 03:55:41	2023-10-24 18:47:58	2.7 kB	5.7 kB	173.233.137.36
sealinstalment.com	unknown	2023-09-23	2023-09-23 03:56:56	2023-10-24 19:38:22	2.6 kB	5.6 kB	192.243.59.20
blobjournalistunwind.com	unknown	2023-10-10	2023-10-10 11:42:00	2023-10-24 19:37:05	2.6 kB	5.7 kB	173.233.137.60

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-24	medium	cuttingdemeanoursuperintend.com	Sinkholed
2023-10-24	medium	sealinstalment.com	Sinkholed
2023-10-24	medium	cuttingdemeanoursuperintend.com	Sinkholed
2023-10-24	medium	sealinstalment.com	Sinkholed
2023-10-24	medium	blobjournalistunwind.com	Sinkholed
2023-10-24	medium	blobjournalistunwind.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (20)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	3.3 kB	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 03:33 Last Seen2024-08-21 03:33 Times Seen1 Hash cf92d8469a7c76d70e238cbcf7010a40 2e1664ad9fd60854c20d31b4b9ee724e4f85f47a 232c784d4ff7eb57760b4b3ba34cba8600226abb9f1a5d54f2a971565ddedb4d Loading...

	unknown	ScriptElement	145 B	2023-03-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 11:32 Last Seen2024-08-21 03:33 Times Seen3 Hash 0feb4fe8acd77e4891bc340609c79376 5b43d51fa56025ebdee41d5e296a620dcc0ed3ce 622d4ceb091a4826d2a9e06a1eb52987273f1f3d282e1da99c1352274b23720b Loading...

	en.yt1save.com/wp-content/litespeed/js/c46eb8a2cd476ebbed14724e45be0cf9.js?ver=0c8eb	ScriptElement	140 kB	2023-10-24	2024-08-21
Pretty URL en.yt1save.com/wp-content/litespeed/js/c46eb8a2cd476ebbed14724e45be0cf9.js?ver=0c8eb IP 104.21.77.198 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 23:22 Last Seen2024-08-21 03:33 Times Seen2 Hash c46eb8a2cd476ebbed14724e45be0cf9 88970aa24531ef8b49d03f62d890e598e50f29cd 8d5b2f3ccd08ebbf5eef82b43080b980f9598616d7f030db7bef62f71efd73fc Loading...

	en.yt1save.com/zoro/sandbox%20eval%20code		147 B	2023-04-11	2025-06-28
Pretty URL en.yt1save.com/zoro/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-28 03:34 Times Seen374645 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	jazzspeechlessarena.com/5415b68c733cc7f4d97d6c2dfd885164/invoke.js?_=1698182559109	ScriptElement	30 kB	2023-10-24	2023-10-24
Pretty URL jazzspeechlessarena.com/5415b68c733cc7f4d97d6c2dfd885164/invoke.js?_=1698182559109 IP 173.233.139.164 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 23:22 Last Seen2023-10-24 23:22 Times Seen1 Hash 29250dbba902d85dd5098ae7aeb7f5c1 400300e316da2382035f2230f9b00930e966a5b4 7f274a924422ab79f19d3992f90c0c5b6d23257731bf67b4124ee1930df387db Loading...

	unknown	ScriptElement	3.4 kB	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 03:33 Last Seen2024-08-21 03:33 Times Seen1 Hash 85ceec7938453e35a1f24814d2d7a3a2 a57427cd8da719cd88955c2ebc3913bbfe2eee1c 56eae7bdb9b28d91c949f5f3c789486bce592961605f4a50838a367f26ab79c1 Loading...

	www.googletagmanager.com/gtag/js?id=UA-190521431-1	ScriptElement	190 kB	2023-10-24	2023-10-24
Pretty URL www.googletagmanager.com/gtag/js?id=UA-190521431-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 23:22 Last Seen2023-10-24 23:22 Times Seen1 Hash 8ea5240accf6c3c50ba04e1092b4c8de 2faacef7b9a53b4cea7226d2a9520442860f637a 1d1d0b1e61ea245a91655f2fe436600e76c8388d0f88bf45762c95e77fb80c56 Loading...

	data:text/javascript;base64,dmFyIHdwY2Y3PXsiYXBpIjp7InJvb3QiOiJodHRwczpcL1wvZW4ueXQxc2F2ZS5jb21cL3dwLWpzb25cLyIsIm5hbWVzcGFjZSI6ImNvbnRhY3QtZm9ybS03XC92MSJ9LCJjYWNoZWQiOiIxIn0=	ScriptElement	110 B	2023-07-29	2024-08-21
Pretty URL data:text/javascript;base64,dmFyIHdwY2Y3PXsiYXBpIjp7InJvb3QiOiJodHRwczpcL1wvZW4ueXQxc2F2ZS5jb21cL3dwLWpzb25cLyIsIm5hbWVzcGFjZSI6ImNvbnRhY3QtZm9ybS03XC92MSJ9LCJjYWNoZWQiOiIxIn0= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-29 16:14 Last Seen2024-08-21 03:33 Times Seen2 Hash c0097a764e02de1fea51366f1283baf6 4c97d4a3cc73734a479cd7977fda43874fbc00f8 d1082e8dcc4e88ea1ec1f328df7c15996ea85d95378101293bb047d1a95a7e46 Loading...

	www.googletagmanager.com/gtag/js?id=G-SM6030EHG3&l=dataLayer&cx=c	ScriptElement	230 kB	2023-10-24	2023-10-24
Pretty URL www.googletagmanager.com/gtag/js?id=G-SM6030EHG3&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 23:22 Last Seen2023-10-24 23:22 Times Seen1 Hash 38936a5f5a98204016c6c855274481e1 99fd9036e81a497610d4e775a5445bb4a8ea4d14 d43b24a4fb2dbc1819b3e8874c51ae1bde030c0dab69c993814071f5bcc9cc76 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-06-28
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-28 03:34 Times Seen374054 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	jazzspeechlessarena.com/5415b68c733cc7f4d97d6c2dfd885164/invoke.js?_=1698182559110	ScriptElement	30 kB	2023-10-24	2023-10-24
Pretty URL jazzspeechlessarena.com/5415b68c733cc7f4d97d6c2dfd885164/invoke.js?_=1698182559110 IP 173.233.139.164 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 23:22 Last Seen2023-10-24 23:22 Times Seen1 Hash e0d76327008bb95d44c431e9a2247005 c36fee61ca1282863c5690d2feca83a965a57fdd 94f44792e0bb0f0f62f3513c55eee721d54743c618d90644cf267bba97915fca Loading...

	data:text/javascript;base64,d2luZG93LmRhdGFMYXllcj13aW5kb3cuZGF0YUxheWVyfHxbXTtmdW5jdGlvbiBndGFnKCl7ZGF0YUxheWVyLnB1c2goYXJndW1lbnRzKX0KZ3RhZygic2V0IiwibGlua2VyIix7ImRvbWFpbnMiOlsiZW4ueXQxc2F2ZS5jb20iXX0pO2d0YWcoImpzIixuZXcgRGF0ZSgpKTtndGFnKCJzZXQiLCJkZXZlbG9wZXJfaWQuZFpUTmlNVCIsITApO2d0YWcoImNvbmZpZyIsIlVBLTE5MDUyMTQzMS0xIix7ImFub255bWl6ZV9pcCI6ITB9KQ==	ScriptElement	244 B	2023-07-29	2024-08-21
Pretty URL data:text/javascript;base64,d2luZG93LmRhdGFMYXllcj13aW5kb3cuZGF0YUxheWVyfHxbXTtmdW5jdGlvbiBndGFnKCl7ZGF0YUxheWVyLnB1c2goYXJndW1lbnRzKX0KZ3RhZygic2V0IiwibGlua2VyIix7ImRvbWFpbnMiOlsiZW4ueXQxc2F2ZS5jb20iXX0pO2d0YWcoImpzIixuZXcgRGF0ZSgpKTtndGFnKCJzZXQiLCJkZXZlbG9wZXJfaWQuZFpUTmlNVCIsITApO2d0YWcoImNvbmZpZyIsIlVBLTE5MDUyMTQzMS0xIix7ImFub255bWl6ZV9pcCI6ITB9KQ== IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-29 16:14 Last Seen2024-08-21 03:33 Times Seen2 Hash a3c9a71b6a72d07b30405be9938709ad 13c608fc3e3491f371964ce693cfd54ef70ab4ca d01b4fcb3081574570ac8cede113b60a64f73b68b0e27a77cef91bfac2a6293d Loading...

	data:text/javascript;base64,Y29uc3QgZD1uZXcgRGF0ZSgpO2xldCB5ZWFyPWQuZ2V0RnVsbFllYXIoKTtkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgieWVhciIpLmlubmVySFRNTD15ZWFy	ScriptElement	90 B	2023-07-16	2024-08-21
Pretty URL data:text/javascript;base64,Y29uc3QgZD1uZXcgRGF0ZSgpO2xldCB5ZWFyPWQuZ2V0RnVsbFllYXIoKTtkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgieWVhciIpLmlubmVySFRNTD15ZWFy IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-16 08:59 Last Seen2024-08-21 03:33 Times Seen3 Hash a3aa782a285cdbfa9748d83077783063 333716c8d4768d899747497b1ecb61b152553771 bbee2f61a2c9eaab008d9716bd9cb4635ea89822a9172af532c5a03c84c6e239 Loading...

	data:text/javascript;base64,dmFyIHN1cGVycHdhX3N3PXsidXJsIjoiXC9zdXBlcnB3YS1zdy5qcz8yLjIuNSIsImRpc2FibGVfYWRkdG9ob21lIjoiMCIsImVuYWJsZU9uRGVza3RvcCI6IiJ9	ScriptElement	93 B	2023-07-16	2024-08-21
Pretty URL data:text/javascript;base64,dmFyIHN1cGVycHdhX3N3PXsidXJsIjoiXC9zdXBlcnB3YS1zdy5qcz8yLjIuNSIsImRpc2FibGVfYWRkdG9ob21lIjoiMCIsImVuYWJsZU9uRGVza3RvcCI6IiJ9 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-16 08:59 Last Seen2024-08-21 03:33 Times Seen3 Hash 07c5e7a4c11bb362d6e4470e2173362b 134369b7ce31c33bebb36d341f4036e510029f91 6209038b961cdefbba2a81ec18337a5be3c23e39b988b2020f7ee4f41efe75d1 Loading...

	jazzspeechlessarena.com/5415b68c733cc7f4d97d6c2dfd885164/invoke.js?_=1698182559111	ScriptElement	30 kB	2023-10-24	2023-10-24
Pretty URL jazzspeechlessarena.com/5415b68c733cc7f4d97d6c2dfd885164/invoke.js?_=1698182559111 IP 173.233.139.164 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 23:22 Last Seen2023-10-24 23:22 Times Seen1 Hash 6b085c9ce38d28e43199f7470549a3b5 09cdca3e82b25a731e34d54acf25193c0c55bcc2 fc674f97c899b3461d3a80e22c0d41575b343c5a8f22129e30fc47e460869d7d Loading...

	unknown	ScriptElement	3.3 kB	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 03:33 Last Seen2024-08-21 03:33 Times Seen1 Hash b3184153971d3ffca1895c0fb7020bbf e0ff60aa6821bf532063fc12fc4f0a4a9241e4d3 f4534411db529900ead11104e8050248c72c46c43ce7aaea3d08fbddffc27b6e Loading...

		Size	First Seen	Last Seen
	#1 Eval - 2096e2b2eabb196a3f43834d1dfe114b	125 B	2023-03-13 11:32	2024-08-21 03:33
Pretty Observations First Seen2023-03-13 11:32 Last Seen2024-08-21 03:33 Times Seen3 Hash 2096e2b2eabb196a3f43834d1dfe114b d145326f9bffc9daaa101e4fc2650317382bbbb9 d627185e1de4100bc35dc6dfc67134dff39b4ed6520ddffd42c3aaffab54117d Loading...

	#2 Eval - bbb1010d85d184e8b1f926635d6e6a84	2.1 kB	2024-08-21 03:33	2024-08-21 03:33
Pretty Observations First Seen2024-08-21 03:33 Last Seen2024-08-21 03:33 Times Seen1 Hash bbb1010d85d184e8b1f926635d6e6a84 bb998faef18b4aea3d7906569722b92cd99ef104 37be5a7380dc3a3f741e85293114f87264a4ebb7e0013724885186ce0c8bfd78 Loading...

	#3 Eval - 1e9b0be6555f1801fb93c5750d4b859f	2.1 kB	2024-08-21 03:33	2024-08-21 03:33
Pretty Observations First Seen2024-08-21 03:33 Last Seen2024-08-21 03:33 Times Seen1 Hash 1e9b0be6555f1801fb93c5750d4b859f f4c203eb75bd9ed2e981937f1bd0d625301249c6 d77c406a63014f82180d3c105db0cc04e45cd013406f72eafd3b5b361489274b Loading...

	#4 Eval - 88e10529c1a069a1cd0b8e9ad8ca724b	2.1 kB	2024-08-21 03:33	2024-08-21 03:33
Pretty Observations First Seen2024-08-21 03:33 Last Seen2024-08-21 03:33 Times Seen1 Hash 88e10529c1a069a1cd0b8e9ad8ca724b a04b31b44896dd987a8c5bae06bb8523d53f2093 6f99dc3711c58d8048de831dded8e97a8b0879cfbf79bfdc728b9f674883b389 Loading...

HTTP Transactions (33)

URL IP Response Size

ocsp.pki.goog/gts1c3

142.250.74.67

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
25ee40154711e09e72514fb1d97998db
9d9c7de2b4e049ca9ee938c1bc2259b915d0ca7b
31fdfba6b02cf76a87b31d19645609d200108e0e967495cb583a40fa963614f4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Oct 2023 21:22:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET en.yt1save.com/wp-content/uploads/2022/03/yt1save-logo.png

104.21.77.198

200 OK

6.0 kB

URL GET HTTP/3
en.yt1save.com/wp-content/uploads/2022/03/yt1save-logo.png
IP
104.21.77.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint68:95:FB:EB:CA:11:0A:AB:F7:86:78:DB:F5:C3:31:47:EF:8D:D8:D6
ValidityWed, 01 Feb 2023 00:00:00 GMT - Wed, 31 Jan 2024 23:59:59 GMT

File type
PNG image data, 750 x 95, 8-bit colormap, non-interlaced\012- data
Size
6.0 kB (6015 bytes)
Hash
b04b772cc4ca2ba4c28b17272484f7f5
9ebd1a1698199fbda72d4c56ea6628167474ca7f
814a98cc8664b39bc05cdd85fc736e186a996d6548eb970cde77245cef8f3703

HTTP Headers

GET /wp-content/uploads/2022/03/yt1save-logo.png HTTP/1.1
Host: en.yt1save.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/zoro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 24 Oct 2023 21:22:37 GMT
content-type: image/png
content-length: 6015
cache-control: public, max-age=31557600
expires: Thu, 24 Oct 2024 03:22:37 GMT
last-modified: Thu, 17 Mar 2022 14:44:06 GMT
accept-ranges: bytes
vary: User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2BjSd3tw7jaN1IcaDEetSS60H9lap3RInN60hMAcsXej45%2BhilRXbWsi6hWbRl0ZFgUwaNPJVIVNhbvycX5N42rzxWyKN1l7O2kQtrTR0LlB9sdOt55qaPxv6bYhhZGpVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81b546ba4c630b49-OSL
alt-svc: h3=":443"; ma=86400

GET www.googletagmanager.com/gtag/js?id=UA-190521431-1

142.250.74.168

200 OK

69 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-190521431-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89
ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT

File type
ASCII text, with very long lines (4179)
Size
69 kB (68644 bytes)
Hash
8ea5240accf6c3c50ba04e1092b4c8de
2faacef7b9a53b4cea7226d2a9520442860f637a
1d1d0b1e61ea245a91655f2fe436600e76c8388d0f88bf45762c95e77fb80c56

HTTP Headers

GET /gtag/js?id=UA-190521431-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 24 Oct 2023 21:22:37 GMT
expires: Tue, 24 Oct 2023 21:22:37 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68644
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET en.yt1save.com/wp-content/themes/inhype/fonts/fontawesome-webfont.woff2

104.21.77.198

200 OK

77 kB

URL GET HTTP/3
en.yt1save.com/wp-content/themes/inhype/fonts/fontawesome-webfont.woff2
IP
104.21.77.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint68:95:FB:EB:CA:11:0A:AB:F7:86:78:DB:F5:C3:31:47:EF:8D:D8:D6
ValidityWed, 01 Feb 2023 00:00:00 GMT - Wed, 31 Jan 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /wp-content/themes/inhype/fonts/fontawesome-webfont.woff2 HTTP/1.1
Host: en.yt1save.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://en.yt1save.com/zoro/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 24 Oct 2023 21:22:37 GMT
content-type: font/woff2
content-length: 77160
cache-control: public, max-age=31557600
expires: Thu, 24 Oct 2024 03:22:37 GMT
last-modified: Sat, 08 Jan 2022 12:11:48 GMT
accept-ranges: bytes
vary: User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BbkwNE6ZeTt4z6Huu8cZMKCqb7JgG89LsdzofBfQi8QztguXwTby69cLhL1tSHdd6MWklcUcMLt9YErRUhsrOKDDilhJn%2Bc42AX7%2F7e4LnxW1FlfBTJ%2BuWbKyzPWvW5%2BuA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81b546ba4c5d0b49-OSL
alt-svc: h3=":443"; ma=86400

GET en.yt1save.com/wp-content/fonts/Nunito-ExtraBold.woff2

104.21.77.198

200 OK

43 kB

URL GET HTTP/3
en.yt1save.com/wp-content/fonts/Nunito-ExtraBold.woff2
IP
104.21.77.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint68:95:FB:EB:CA:11:0A:AB:F7:86:78:DB:F5:C3:31:47:EF:8D:D8:D6
ValidityWed, 01 Feb 2023 00:00:00 GMT - Wed, 31 Jan 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 43044, version 1.0\012- data
Size
43 kB (43044 bytes)
Hash
821cb4e91e42c549a64bc89129f0d090
dad44d24b7c9e6d84ac89caef6a8c44dcd31bbb3
2cb1afe78a8d8d4f2aec1c676a74c7bf404d2e074ba1444f8f4086baf1db0710

HTTP Headers

GET /wp-content/fonts/Nunito-ExtraBold.woff2 HTTP/1.1
Host: en.yt1save.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://en.yt1save.com/zoro/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 24 Oct 2023 21:22:37 GMT
content-type: font/woff2
content-length: 43044
cache-control: public, max-age=31557600
expires: Thu, 24 Oct 2024 03:22:37 GMT
last-modified: Fri, 26 May 2023 17:22:40 GMT
accept-ranges: bytes
vary: User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lvGxacHrAnXFCcVw28qjt8VtDiF0m%2BeM6pojxe7LO0oiYy%2FB1VSxoPClxEOob%2B2B4Pz0WlZ%2Brnk%2FcOUO1Qn%2Fc7cIs37CVIyj3mgoizyZAadx%2FWr4Z6OQieu0SsDoN%2Fo5vw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81b546ba4c620b49-OSL
alt-svc: h3=":443"; ma=86400

GET en.yt1save.com/wp-content/fonts/Nunito-SemiBold.woff2

104.21.77.198

200 OK

43 kB

URL GET HTTP/3
en.yt1save.com/wp-content/fonts/Nunito-SemiBold.woff2
IP
104.21.77.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint68:95:FB:EB:CA:11:0A:AB:F7:86:78:DB:F5:C3:31:47:EF:8D:D8:D6
ValidityWed, 01 Feb 2023 00:00:00 GMT - Wed, 31 Jan 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 42760, version 1.0\012- data
Size
43 kB (42760 bytes)
Hash
b1982ff7b8d2e71c18f74c1ca71815f2
b410418c4b006dc5ee8777454e659a30103adc2b
284c8dab26213baee73522cd72aed807bcd001adf86f1e84e07b9750ffbd2c1c

HTTP Headers

GET /wp-content/fonts/Nunito-SemiBold.woff2 HTTP/1.1
Host: en.yt1save.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://en.yt1save.com/zoro/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 24 Oct 2023 21:22:37 GMT
content-type: font/woff2
content-length: 42760
cache-control: public, max-age=31557600
expires: Thu, 24 Oct 2024 03:22:37 GMT
last-modified: Fri, 26 May 2023 17:22:41 GMT
accept-ranges: bytes
vary: User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pCnu1vr10L9bV3U0aS49X0C92MZwiNMdtqEA%2FHuBB3Hg3cVj%2F0O96nlzxf8yZhbLvO0iQDpM9n92kSbLDzPqvX8pTQVu%2BpdXRjXO1FmmxBSrlCkA8GjMJ39LVVnZKLBnyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81b546ba4c600b49-OSL
alt-svc: h3=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.67

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
25ee40154711e09e72514fb1d97998db
9d9c7de2b4e049ca9ee938c1bc2259b915d0ca7b
31fdfba6b02cf76a87b31d19645609d200108e0e967495cb583a40fa963614f4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Oct 2023 21:22:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET www.googletagmanager.com/gtag/js?id=G-SM6030EHG3&l=dataLayer&cx=c

142.250.74.168

200 OK

81 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-SM6030EHG3&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89
ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT

File type
ASCII text, with very long lines (5788)
Size
81 kB (81136 bytes)
Hash
38936a5f5a98204016c6c855274481e1
99fd9036e81a497610d4e775a5445bb4a8ea4d14
d43b24a4fb2dbc1819b3e8874c51ae1bde030c0dab69c993814071f5bcc9cc76

HTTP Headers

GET /gtag/js?id=G-SM6030EHG3&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 24 Oct 2023 21:22:38 GMT
expires: Tue, 24 Oct 2023 21:22:38 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81136
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ocsp.pki.goog/gts1c3

142.250.74.67

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
06c4a54e98f9b58240059e27a7c72f0c
b7b748e98085bbffff6b066d342a9199036b0e4c
68243eb10ec3ccec5ea353b9254e5e848cf1fee0328c48196d7892c217c79ea9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Oct 2023 21:22:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET en.yt1save.com/wp-content/uploads/2022/04/yt1save-download-logo-a.png

104.21.77.198

200 OK

2.6 kB

URL GET HTTP/3
en.yt1save.com/wp-content/uploads/2022/04/yt1save-download-logo-a.png
IP
104.21.77.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint68:95:FB:EB:CA:11:0A:AB:F7:86:78:DB:F5:C3:31:47:EF:8D:D8:D6
ValidityWed, 01 Feb 2023 00:00:00 GMT - Wed, 31 Jan 2024 23:59:59 GMT

File type
PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Size
2.6 kB (2566 bytes)
Hash
edb4b293b3066be0fcf63c9688a96e93
a0ae69510864408e3a67d6cef4a28194d0abcb68
b87f9a9bfa5fd300106b80b4427531fde259fa7501a10f1eb66ccbb7a0c9df9f

HTTP Headers

GET /wp-content/uploads/2022/04/yt1save-download-logo-a.png HTTP/1.1
Host: en.yt1save.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/zoro/
Cookie: _ga_SM6030EHG3=GS1.1.1698182559.1.0.1698182559.60.0.0; _ga=GA1.1.1689926047.1698182559
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 24 Oct 2023 21:22:38 GMT
content-type: image/png
content-length: 2566
cache-control: public, max-age=31557600
expires: Thu, 24 Oct 2024 03:22:38 GMT
last-modified: Sun, 24 Apr 2022 11:28:58 GMT
accept-ranges: bytes
vary: User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Lnr07sKYuNAQj3E2FQYpKXfGSqSr6KSmICj2kbZ7pnFMTEnXpvCdMXcASgA6exldCITEFvNYYn64p3acLvEiykS0RYs5cCZF6gshPLCDXw9XjIlOaH76yODRwTH7m%2F4iQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81b546c01f490b49-OSL
alt-svc: h3=":443"; ma=86400

GET en.yt1save.com/wp-content/uploads/2022/04/cropped-yt1save-download-logo-32x32.png

104.21.77.198

200 OK

587 B

URL GET HTTP/3
en.yt1save.com/wp-content/uploads/2022/04/cropped-yt1save-download-logo-32x32.png
IP
104.21.77.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint68:95:FB:EB:CA:11:0A:AB:F7:86:78:DB:F5:C3:31:47:EF:8D:D8:D6
ValidityWed, 01 Feb 2023 00:00:00 GMT - Wed, 31 Jan 2024 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
587 B (587 bytes)
Hash
479bea7f4559520d908c54dfb87c51fc
5fbf2593c8596140f7b159a8646108c67a7280c6
287d2606bc719dc60609f97859bf0dc95aa260d03760a10727a36e63797a5791

HTTP Headers

GET /wp-content/uploads/2022/04/cropped-yt1save-download-logo-32x32.png HTTP/1.1
Host: en.yt1save.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/zoro/
Cookie: _ga_SM6030EHG3=GS1.1.1698182559.1.0.1698182559.60.0.0; _ga=GA1.1.1689926047.1698182559
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 24 Oct 2023 21:22:38 GMT
content-type: image/png
content-length: 587
cache-control: public, max-age=31557600
expires: Thu, 24 Oct 2024 03:22:38 GMT
last-modified: Sun, 24 Apr 2022 09:03:58 GMT
accept-ranges: bytes
vary: User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fisFT%2BUUhKXIhRtwsKIAtJ1sWZy9cNb74uUcAh29vNOqwLdy52SAKroBt36WPtsU3%2BNgMAXcA%2FpyXbX%2BkouT84wimKdri9ue3NPqOyKMckmh4Vh%2FMPosHy4J94K8yKUKsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81b546c01f4c0b49-OSL
alt-svc: h3=":443"; ma=86400

GET www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ono=1&tid=G-SM6030EHG3&cid=1689926047.1698182559&gtm=45je3an0&aip=1&z=1825104571

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ono=1&tid=G-SM6030EHG3&cid=1689926047.1698182559&gtm=45je3an0&aip=1&z=1825104571
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
FingerprintAC:CC:5C:40:F8:AE:9F:4B:DD:D1:1C:89:EE:E7:A4:A0:F3:F9:2F:58
ValidityThu, 28 Sep 2023 05:34:30 GMT - Thu, 21 Dec 2023 05:34:29 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ono=1&tid=G-SM6030EHG3&cid=1689926047.1698182559&gtm=45je3an0&aip=1&z=1825104571 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 24 Oct 2023 21:22:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.67

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
06c4a54e98f9b58240059e27a7c72f0c
b7b748e98085bbffff6b066d342a9199036b0e4c
68243eb10ec3ccec5ea353b9254e5e848cf1fee0328c48196d7892c217c79ea9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Oct 2023 21:22:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET jazzspeechlessarena.com/5415b68c733cc7f4d97d6c2dfd885164/invoke.js?_=1698182559109

173.233.139.164

200 OK

11 kB

URL GET HTTP/1.1
jazzspeechlessarena.com/5415b68c733cc7f4d97d6c2dfd885164/invoke.js?_=1698182559109
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerLet's Encrypt
Subjectjazzspeechlessarena.com
Fingerprint9E:95:F4:45:64:9F:EF:7D:D7:8F:48:60:9B:EC:7F:4E:58:8F:5E:68
ValiditySun, 10 Sep 2023 06:46:15 GMT - Sat, 09 Dec 2023 06:46:14 GMT

File type
exported SGML document, ASCII text, with very long lines (29675), with no line terminators
Size
11 kB (10942 bytes)
Hash
29250dbba902d85dd5098ae7aeb7f5c1
400300e316da2382035f2230f9b00930e966a5b4
7f274a924422ab79f19d3992f90c0c5b6d23257731bf67b4124ee1930df387db

HTTP Headers

GET /5415b68c733cc7f4d97d6c2dfd885164/invoke.js?_=1698182559109 HTTP/1.1
Host: jazzspeechlessarena.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 24 Oct 2023 21:22:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2aba6c28b33b41cc95ded85674202f35
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/6c7d9b78-4642-461c-9b2d-b802ccd7a1d5.bin

34.117.121.53

817 kB

URL
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/6c7d9b78-4642-461c-9b2d-b802ccd7a1d5.bin
IP
34.117.121.53:0
ASN
#15169 GOOGLE

File type
data
Size
817 kB (817083 bytes)
Hash
6b5b15372ca108d4b33caf02ed016f3e
13df17583626a0987070dde4340f876d08c401c0
9c890391b90d43bf692755185bfa1780ee051467ae9a2775759d9866f4546664

HTTP Headers

GET /staging/addons-bloomfilters/6c7d9b78-4642-461c-9b2d-b802ccd7a1d5.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-guploader-uploadid: ABPtcPpA2LGN3mgCG5_tbsFHNdJJZx5OqY8ysobEw7GHElKbp0Oq-niHkSAL7hHZfm0DHTPS_n9YHHNLL2o55koWSAiGyQ
x-goog-generation: 1690223885754624
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 817083
x-goog-hash: crc32c=NmyCHA==, md5=a1sVNyyhCNSzPK8C7QFvPg==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 817083
server: UploadServer
date: Sat, 21 Oct 2023 15:49:53 GMT
cache-control: public,max-age=604800
age: 279166
last-modified: Mon, 24 Jul 2023 18:38:05 GMT
etag: "6b5b15372ca108d4b33caf02ed016f3e"
content-type: application/octet-stream
alt-svc: clear
X-Firefox-Spdy: h2

POST region1.analytics.google.com/g/collect?v=2&tid=G-SM6030EHG3&_ono=1&gtm=45je3an0&_p=565696992&_gaz=1&gdid=dZTNiMT&cid=1689926047.1698182559&ul=en-us&sr=1280x1024&ir=1&_eu=EAAI&_s=1&sid=1698182559&sct=1&seg=0&dl=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&dt=Zoro%20Downloader%20%E2%80%A2%20Convert%20%26%20Download%20%E2%9D%A4%EF%B8%8F%20-%20YT1Save&en=page_view&_fv=1&_nsi=1&_ss=1&ep.anonymize_ip=true

216.239.32.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-SM6030EHG3&_ono=1&gtm=45je3an0&_p=565696992&_gaz=1&gdid=dZTNiMT&cid=1689926047.1698182559&ul=en-us&sr=1280x1024&ir=1&_eu=EAAI&_s=1&sid=1698182559&sct=1&seg=0&dl=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&dt=Zoro%20Downloader%20%E2%80%A2%20Convert%20%26%20Download%20%E2%9D%A4%EF%B8%8F%20-%20YT1Save&en=page_view&_fv=1&_nsi=1&_ss=1&ep.anonymize_ip=true
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89
ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-SM6030EHG3&_ono=1&gtm=45je3an0&_p=565696992&_gaz=1&gdid=dZTNiMT&cid=1689926047.1698182559&ul=en-us&sr=1280x1024&ir=1&_eu=EAAI&_s=1&sid=1698182559&sct=1&seg=0&dl=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&dt=Zoro%20Downloader%20%E2%80%A2%20Convert%20%26%20Download%20%E2%9D%A4%EF%B8%8F%20-%20YT1Save&en=page_view&_fv=1&_nsi=1&_ss=1&ep.anonymize_ip=true HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yt1save.com
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://en.yt1save.com
date: Tue, 24 Oct 2023 21:22:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
fb7b760d300b9d9a68650b67e480083d
4bb8d17d540c5e44e5204f3e273b758eb8213a86
5819615cdb4234c3a49b5ea25e7fe83a9699763a6033e41cec8649b70e0eb3e2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Tue, 24 Oct 2023 21:22:39 GMT
Last-Modified: Tue, 24 Oct 2023 20:31:22 GMT
Server: ECAcc (ska/F7B0)
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: VdsButhDu5H8zgTQy0n-E0w1jxxVnTifWZlhfQsdpTfRT67jF0WPCQ==
Age: 3077

GET professionalswebcheck.com/stats

3.73.202.184

200 OK

40 B

URL GET HTTP/2
professionalswebcheck.com/stats
IP
3.73.202.184:443
ASN
#16509 AMAZON-02

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
a77b92b701733352c8464b5d4ad2b4d0
928be7db79b71b019e580a4b1bfb26c874c26ea8
51fa5d0c315a6ab6c9e906174abdc9a3e3ede8e2567f6d5be1bdb0a894bc015d

HTTP Headers

GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yt1save.com
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Oct 2023 21:22:39 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://en.yt1save.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=22588fcf-ee8f-493d-addb-8bcc95ad1296:2:1; expires=Fri, 21 Oct 2033 21:22:39 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

GET jazzspeechlessarena.com/5415b68c733cc7f4d97d6c2dfd885164/invoke.js?_=1698182559110

173.233.139.164

200 OK

11 kB

URL GET HTTP/1.1
jazzspeechlessarena.com/5415b68c733cc7f4d97d6c2dfd885164/invoke.js?_=1698182559110
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerLet's Encrypt
Subjectjazzspeechlessarena.com
Fingerprint9E:95:F4:45:64:9F:EF:7D:D7:8F:48:60:9B:EC:7F:4E:58:8F:5E:68
ValiditySun, 10 Sep 2023 06:46:15 GMT - Sat, 09 Dec 2023 06:46:14 GMT

File type
exported SGML document, ASCII text, with very long lines (29636), with no line terminators
Size
11 kB (10932 bytes)
Hash
e0d76327008bb95d44c431e9a2247005
c36fee61ca1282863c5690d2feca83a965a57fdd
94f44792e0bb0f0f62f3513c55eee721d54743c618d90644cf267bba97915fca

HTTP Headers

GET /5415b68c733cc7f4d97d6c2dfd885164/invoke.js?_=1698182559110 HTTP/1.1
Host: jazzspeechlessarena.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 24 Oct 2023 21:22:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 91044a385078ff7400ffdb8f0d5ed212
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

173.233.137.36

307 Temporary Redirect

0 B

URL GET HTTP/1.1
cuttingdemeanoursuperintend.com/watch.1630538095187.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerLet's Encrypt
Subjectcuttingdemeanoursuperintend.com
FingerprintB0:ED:AB:27:8A:BB:17:5C:C2:53:C3:A6:76:9B:CD:C1:34:7C:72:55
ValidityWed, 27 Sep 2023 00:54:00 GMT - Tue, 26 Dec 2023 00:53:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1630538095187.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1 HTTP/1.1
Host: cuttingdemeanoursuperintend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yt1save.com
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Tue, 24 Oct 2023 21:22:40 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://en.yt1save.com
Access-Control-Allow-Origin: https://en.yt1save.com
Access-Control-Allow-Credentials: true
Location: https://cuttingdemeanoursuperintend.com/watch.1630538095187.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1&shu=5df87e37471e4e37b531d362c459b44f3595891369e5215f11f5af84fc6d7222ae53c566834505f686dc6ec72d91e6a5b1c45761f3b920b3f5fc54264bfc5cbdfe63daf241aaa63d0a518cfff860549f1c2095dbb1fea8649b0cdf66e0886f2547&pst=1698182620&rmtc=t
Set-Cookie: u_pl=17162621; expires=Wed, 25 Oct 2023 21:22:40 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzE2MjYyMSwiayI6IjU0MTViNjhjNzMzY2M3ZjRkOTdkNmMyZGZkODg1MTY0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODMzOTgwLCJwaWQiOjQ1NTkxNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoiYThmejdwcGkiLCJjcGtzIjp7ICIyOCI6ImE0YjE0ZDkwNTY2MGQ2YzZkYzEwMTYyMzRkMjNlNDc2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZW4ueXQxc2F2ZS5jb20vem9yby8ifX0.dP9jB0OVuzdnCbB78MnORD93iHCFLewwACa3-LsXEBQ; expires=Tue, 24 Oct 2023 21:23:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3881d464f887e1ed06ef267fed0b8bb9
Strict-Transport-Security: max-age=0; includeSubdomains

192.243.59.20

307 Temporary Redirect

0 B

URL GET HTTP/1.1
sealinstalment.com/watch.721408585824.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerLet's Encrypt
Subjectsealinstalment.com
FingerprintB0:54:B2:1D:C3:76:CA:05:95:14:2C:50:AB:2D:9A:36:04:5C:D5:E2
ValiditySat, 23 Sep 2023 00:55:16 GMT - Fri, 22 Dec 2023 00:55:15 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.721408585824.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1 HTTP/1.1
Host: sealinstalment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yt1save.com
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Tue, 24 Oct 2023 21:22:40 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://en.yt1save.com
Access-Control-Allow-Origin: https://en.yt1save.com
Access-Control-Allow-Credentials: true
Location: https://sealinstalment.com/watch.721408585824.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1&shu=221204d620168e804d78d878d3707750bf956398437594a7e7e227acf853d0d1e809921da7f6b576a723ca784bd173acd223707d2b2d546ef18f7564cf4cd8a54b68d64c9ddb8a9ddc22f4f45c2fc2382ed24c2816c7fae434f367babee776&pst=1698182620&rmtc=t
Set-Cookie: u_pl=17162621; expires=Wed, 25 Oct 2023 21:22:40 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzE2MjYyMSwiayI6IjU0MTViNjhjNzMzY2M3ZjRkOTdkNmMyZGZkODg1MTY0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODMzOTgwLCJwaWQiOjQ1NTkxNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoiYThmejdwcGkiLCJjcGtzIjp7ICIyOCI6ImE0YjE0ZDkwNTY2MGQ2YzZkYzEwMTYyMzRkMjNlNDc2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZW4ueXQxc2F2ZS5jb20vem9yby8ifX0.dP9jB0OVuzdnCbB78MnORD93iHCFLewwACa3-LsXEBQ; expires=Tue, 24 Oct 2023 21:23:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 28aa1739fc989c2a8e3ccefccd2257ea
Strict-Transport-Security: max-age=0; includeSubdomains

GET cuttingdemeanoursuperintend.com/watch.1630538095187.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1&shu=5df87e37471e4e37b531d362c459b44f3595891369e5215f11f5af84fc6d7222ae53c566834505f686dc6ec72d91e6a5b1c45761f3b920b3f5fc54264bfc5cbdfe63daf241aaa63d0a518cfff860549f1c2095dbb1fea8649b0cdf66e0886f2547&pst=1698182620&rmtc=t

173.233.137.36

200 OK

2.0 kB

URL GET HTTP/1.1
cuttingdemeanoursuperintend.com/watch.1630538095187.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1&shu=5df87e37471e4e37b531d362c459b44f3595891369e5215f11f5af84fc6d7222ae53c566834505f686dc6ec72d91e6a5b1c45761f3b920b3f5fc54264bfc5cbdfe63daf241aaa63d0a518cfff860549f1c2095dbb1fea8649b0cdf66e0886f2547&pst=1698182620&rmtc=t
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerLet's Encrypt
Subjectcuttingdemeanoursuperintend.com
FingerprintB0:ED:AB:27:8A:BB:17:5C:C2:53:C3:A6:76:9B:CD:C1:34:7C:72:55
ValidityWed, 27 Sep 2023 00:54:00 GMT - Tue, 26 Dec 2023 00:53:59 GMT

File type
HTML document, ASCII text, with very long lines (2495)
Size
2.0 kB (2022 bytes)
Hash
e24d6d2d53d7d9c7456436e166adc2ea
6fab5fd48a952dcdee2efa1791ca456d482b1c4f
85b426e6fd028984d95cef0490ab3e58295d5ab42c878a216070f39d0a5063a0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1630538095187.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1&shu=5df87e37471e4e37b531d362c459b44f3595891369e5215f11f5af84fc6d7222ae53c566834505f686dc6ec72d91e6a5b1c45761f3b920b3f5fc54264bfc5cbdfe63daf241aaa63d0a518cfff860549f1c2095dbb1fea8649b0cdf66e0886f2547&pst=1698182620&rmtc=t HTTP/1.1
Host: cuttingdemeanoursuperintend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yt1save.com
Referer: https://en.yt1save.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17162621; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzE2MjYyMSwiayI6IjU0MTViNjhjNzMzY2M3ZjRkOTdkNmMyZGZkODg1MTY0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODMzOTgwLCJwaWQiOjQ1NTkxNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoiYThmejdwcGkiLCJjcGtzIjp7ICIyOCI6ImE0YjE0ZDkwNTY2MGQ2YzZkYzEwMTYyMzRkMjNlNDc2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZW4ueXQxc2F2ZS5jb20vem9yby8ifX0.dP9jB0OVuzdnCbB78MnORD93iHCFLewwACa3-LsXEBQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 24 Oct 2023 21:22:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://en.yt1save.com
Access-Control-Allow-Origin: https://en.yt1save.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=22588fcf-ee8f-493d-addb-8bcc95ad1296:2:1; expires=Tue, 31 Oct 2023 21:22:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 25 Oct 2023 21:22:40 GMT; secure; SameSite=None
uncs=1; expires=Wed, 25 Oct 2023 21:22:40 GMT; secure; SameSite=None
pdhtkv23=true; expires=Wed, 25 Oct 2023 21:22:40 GMT; secure; SameSite=None
uncs23=1; expires=Wed, 25 Oct 2023 21:22:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9b09d75e9f48cf6feadb9aafe929a18f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET sealinstalment.com/watch.721408585824.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1&shu=221204d620168e804d78d878d3707750bf956398437594a7e7e227acf853d0d1e809921da7f6b576a723ca784bd173acd223707d2b2d546ef18f7564cf4cd8a54b68d64c9ddb8a9ddc22f4f45c2fc2382ed24c2816c7fae434f367babee776&pst=1698182620&rmtc=t

192.243.59.20

200 OK

2.0 kB

URL GET HTTP/1.1
sealinstalment.com/watch.721408585824.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1&shu=221204d620168e804d78d878d3707750bf956398437594a7e7e227acf853d0d1e809921da7f6b576a723ca784bd173acd223707d2b2d546ef18f7564cf4cd8a54b68d64c9ddb8a9ddc22f4f45c2fc2382ed24c2816c7fae434f367babee776&pst=1698182620&rmtc=t
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerLet's Encrypt
Subjectsealinstalment.com
FingerprintB0:54:B2:1D:C3:76:CA:05:95:14:2C:50:AB:2D:9A:36:04:5C:D5:E2
ValiditySat, 23 Sep 2023 00:55:16 GMT - Fri, 22 Dec 2023 00:55:15 GMT

File type
HTML document, ASCII text, with very long lines (2418)
Size
2.0 kB (1964 bytes)
Hash
8e91ff3e0ab18a23fe9b37c8a472cf04
cbb7038d4a02f78926003abdeae3e31ed47f83a0
ee8e8cbcbd03076992432448e0c979ad8934e8331fba24edc0cd9aef335ada7d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.721408585824.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1&shu=221204d620168e804d78d878d3707750bf956398437594a7e7e227acf853d0d1e809921da7f6b576a723ca784bd173acd223707d2b2d546ef18f7564cf4cd8a54b68d64c9ddb8a9ddc22f4f45c2fc2382ed24c2816c7fae434f367babee776&pst=1698182620&rmtc=t HTTP/1.1
Host: sealinstalment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yt1save.com
Referer: https://en.yt1save.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17162621; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzE2MjYyMSwiayI6IjU0MTViNjhjNzMzY2M3ZjRkOTdkNmMyZGZkODg1MTY0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODMzOTgwLCJwaWQiOjQ1NTkxNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoiYThmejdwcGkiLCJjcGtzIjp7ICIyOCI6ImE0YjE0ZDkwNTY2MGQ2YzZkYzEwMTYyMzRkMjNlNDc2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZW4ueXQxc2F2ZS5jb20vem9yby8ifX0.dP9jB0OVuzdnCbB78MnORD93iHCFLewwACa3-LsXEBQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 24 Oct 2023 21:22:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://en.yt1save.com
Access-Control-Allow-Origin: https://en.yt1save.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=22588fcf-ee8f-493d-addb-8bcc95ad1296:2:1; expires=Tue, 31 Oct 2023 21:22:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 25 Oct 2023 21:22:40 GMT; secure; SameSite=None
uncs=1; expires=Wed, 25 Oct 2023 21:22:40 GMT; secure; SameSite=None
pdhtkv23=true; expires=Wed, 25 Oct 2023 21:22:40 GMT; secure; SameSite=None
uncs23=1; expires=Wed, 25 Oct 2023 21:22:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e009942d6da0aa4e21f9ba1afdd2bd4e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET jazzspeechlessarena.com/5415b68c733cc7f4d97d6c2dfd885164/invoke.js?_=1698182559111

173.233.139.164

200 OK

11 kB

URL GET HTTP/1.1
jazzspeechlessarena.com/5415b68c733cc7f4d97d6c2dfd885164/invoke.js?_=1698182559111
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerLet's Encrypt
Subjectjazzspeechlessarena.com
Fingerprint9E:95:F4:45:64:9F:EF:7D:D7:8F:48:60:9B:EC:7F:4E:58:8F:5E:68
ValiditySun, 10 Sep 2023 06:46:15 GMT - Sat, 09 Dec 2023 06:46:14 GMT

File type
exported SGML document, ASCII text, with very long lines (29654), with no line terminators
Size
11 kB (10945 bytes)
Hash
6b085c9ce38d28e43199f7470549a3b5
09cdca3e82b25a731e34d54acf25193c0c55bcc2
fc674f97c899b3461d3a80e22c0d41575b343c5a8f22129e30fc47e460869d7d

HTTP Headers

GET /5415b68c733cc7f4d97d6c2dfd885164/invoke.js?_=1698182559111 HTTP/1.1
Host: jazzspeechlessarena.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 24 Oct 2023 21:22:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c6d1e26c0acb1756e0fd43e262e765fd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET cdn.cloudimagesb.com/cti/b2/af/8a/b2af8ac2a38a3a519d5e4c5787c1d9cb/1663335057.png

45.133.44.9

200 OK

60 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/b2/af/8a/b2af8ac2a38a3a519d5e4c5787c1d9cb/1663335057.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint62:DE:BA:BA:30:E9:EE:15:E9:24:B9:C5:BF:E1:7E:39:8B:20:E5:42
ValiditySun, 24 Sep 2023 23:04:02 GMT - Sat, 23 Dec 2023 23:04:01 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced\012- data
Size
60 kB (60299 bytes)
Hash
dcc2cb1dabee57e298b368c25b4d72c7
05742ee7c81b766aa3f2ce0ca0bc222acbef8d62
df8034422253387414eaf1c24f9ee191d84b0fcd534e31100b4a5960b04ed4ed

HTTP Headers

GET /cti/b2/af/8a/b2af8ac2a38a3a519d5e4c5787c1d9cb/1663335057.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Oct 2023 21:22:40 GMT
content-type: image/png
content-length: 60299
server: nginx/1.21.6
last-modified: Fri, 16 Sep 2022 13:31:05 GMT
etag: "63247a99-eb8b"
expires: Thu, 26 Oct 2023 21:22:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET cdn.cloudimagesb.com/cti/27/cf/a9/27cfa94bc21f8231e12ae94f4cebe367/1627917273.png

45.133.44.9

200 OK

56 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/27/cf/a9/27cfa94bc21f8231e12ae94f4cebe367/1627917273.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint62:DE:BA:BA:30:E9:EE:15:E9:24:B9:C5:BF:E1:7E:39:8B:20:E5:42
ValiditySun, 24 Sep 2023 23:04:02 GMT - Sat, 23 Dec 2023 23:04:01 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced\012- data
Size
56 kB (56505 bytes)
Hash
231d615f0b920b0f0c8758342141193b
ca68f0f6e4c9124bbe61c49d789d0447076b0332
3e24999c26c1c68485e879756ea30639ccee4d7f30f1e2c0e5190818cbab8996

HTTP Headers

GET /cti/27/cf/a9/27cfa94bc21f8231e12ae94f4cebe367/1627917273.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Oct 2023 21:22:40 GMT
content-type: image/png
content-length: 56505
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 15:14:41 GMT
etag: "61080be1-dcb9"
expires: Thu, 26 Oct 2023 21:22:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

173.233.137.60

307 Temporary Redirect

0 B

URL GET HTTP/1.1
blobjournalistunwind.com/watch.1293997867409.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1
IP
173.233.137.60:443
ASN
#7979 SERVERS-COM

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerLet's Encrypt
Subjectblobjournalistunwind.com
Fingerprint66:BC:3D:D3:8C:D1:55:84:EE:FB:93:1C:D7:7D:56:98:76:4D:9C:F7
ValidityTue, 10 Oct 2023 08:41:06 GMT - Mon, 08 Jan 2024 08:41:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1293997867409.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1 HTTP/1.1
Host: blobjournalistunwind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yt1save.com
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Tue, 24 Oct 2023 21:22:41 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://en.yt1save.com
Access-Control-Allow-Origin: https://en.yt1save.com
Access-Control-Allow-Credentials: true
Location: https://blobjournalistunwind.com/watch.1293997867409.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1&shu=c951c8bbbf75cbc450ee7a75a5c189022e6771f9d10712a4bc07c4640e0f5899e79e5c9b7a23b1e779b93f8d90ab6b79690cbfe3afbb86207eeb3d0e6999d0603cbbd4081378f8c09137ab592490aa798329877330be6a92c6a34d49c1cf0f&pst=1698182621&rmtc=t
Set-Cookie: u_pl=17162621; expires=Wed, 25 Oct 2023 21:22:41 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzE2MjYyMSwiayI6IjU0MTViNjhjNzMzY2M3ZjRkOTdkNmMyZGZkODg1MTY0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODMzOTgwLCJwaWQiOjQ1NTkxNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoiYThmejdwcGkiLCJjcGtzIjp7ICIyOCI6ImE0YjE0ZDkwNTY2MGQ2YzZkYzEwMTYyMzRkMjNlNDc2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZW4ueXQxc2F2ZS5jb20vem9yby8ifX0.dP9jB0OVuzdnCbB78MnORD93iHCFLewwACa3-LsXEBQ; expires=Tue, 24 Oct 2023 21:23:41 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 80dd7e9c06d8f22c39d3f35e36528025
Strict-Transport-Security: max-age=0; includeSubdomains

GET blobjournalistunwind.com/watch.1293997867409.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1&shu=c951c8bbbf75cbc450ee7a75a5c189022e6771f9d10712a4bc07c4640e0f5899e79e5c9b7a23b1e779b93f8d90ab6b79690cbfe3afbb86207eeb3d0e6999d0603cbbd4081378f8c09137ab592490aa798329877330be6a92c6a34d49c1cf0f&pst=1698182621&rmtc=t

173.233.137.60

200 OK

2.0 kB

URL GET HTTP/1.1
blobjournalistunwind.com/watch.1293997867409.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1&shu=c951c8bbbf75cbc450ee7a75a5c189022e6771f9d10712a4bc07c4640e0f5899e79e5c9b7a23b1e779b93f8d90ab6b79690cbfe3afbb86207eeb3d0e6999d0603cbbd4081378f8c09137ab592490aa798329877330be6a92c6a34d49c1cf0f&pst=1698182621&rmtc=t
IP
173.233.137.60:443
ASN
#7979 SERVERS-COM

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerLet's Encrypt
Subjectblobjournalistunwind.com
Fingerprint66:BC:3D:D3:8C:D1:55:84:EE:FB:93:1C:D7:7D:56:98:76:4D:9C:F7
ValidityTue, 10 Oct 2023 08:41:06 GMT - Mon, 08 Jan 2024 08:41:05 GMT

File type
HTML document, ASCII text, with very long lines (2514)
Size
2.0 kB (2030 bytes)
Hash
34ce5a338ff274a4cfcbcf100f5a2285
5384ea18b5ac4b4a42623b8e753085f17cc60628
fe1848cad2b04d9c692a1e1622fdab19eaae680e43fdbd0460bc08d4dcb9fcba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1293997867409.js?key=5415b68c733cc7f4d97d6c2dfd885164&kw=%5B%22zoro%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fzoro%2F&tz=0&dev=e&res=14.2079&uuid=22588fcf-ee8f-493d-addb-8bcc95ad1296%3A2%3A1&shu=c951c8bbbf75cbc450ee7a75a5c189022e6771f9d10712a4bc07c4640e0f5899e79e5c9b7a23b1e779b93f8d90ab6b79690cbfe3afbb86207eeb3d0e6999d0603cbbd4081378f8c09137ab592490aa798329877330be6a92c6a34d49c1cf0f&pst=1698182621&rmtc=t HTTP/1.1
Host: blobjournalistunwind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yt1save.com
Referer: https://en.yt1save.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17162621; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzE2MjYyMSwiayI6IjU0MTViNjhjNzMzY2M3ZjRkOTdkNmMyZGZkODg1MTY0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODMzOTgwLCJwaWQiOjQ1NTkxNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoiYThmejdwcGkiLCJjcGtzIjp7ICIyOCI6ImE0YjE0ZDkwNTY2MGQ2YzZkYzEwMTYyMzRkMjNlNDc2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZW4ueXQxc2F2ZS5jb20vem9yby8ifX0.dP9jB0OVuzdnCbB78MnORD93iHCFLewwACa3-LsXEBQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 24 Oct 2023 21:22:42 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://en.yt1save.com
Access-Control-Allow-Origin: https://en.yt1save.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=22588fcf-ee8f-493d-addb-8bcc95ad1296:2:1; expires=Tue, 31 Oct 2023 21:22:41 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 25 Oct 2023 21:22:41 GMT; secure; SameSite=None
uncs=1; expires=Wed, 25 Oct 2023 21:22:41 GMT; secure; SameSite=None
pdhtkv23=true; expires=Wed, 25 Oct 2023 21:22:41 GMT; secure; SameSite=None
uncs23=1; expires=Wed, 25 Oct 2023 21:22:41 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4871aaaa5701900960a084e7960a0219
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET cdn.cloudimagesb.com/cti/b2/af/8a/b2af8ac2a38a3a519d5e4c5787c1d9cb/1663335057.png

45.133.44.9

200 OK

60 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/b2/af/8a/b2af8ac2a38a3a519d5e4c5787c1d9cb/1663335057.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint62:DE:BA:BA:30:E9:EE:15:E9:24:B9:C5:BF:E1:7E:39:8B:20:E5:42
ValiditySun, 24 Sep 2023 23:04:02 GMT - Sat, 23 Dec 2023 23:04:01 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced\012- data
Size
60 kB (60299 bytes)
Hash
dcc2cb1dabee57e298b368c25b4d72c7
05742ee7c81b766aa3f2ce0ca0bc222acbef8d62
df8034422253387414eaf1c24f9ee191d84b0fcd534e31100b4a5960b04ed4ed

HTTP Headers

GET /cti/b2/af/8a/b2af8ac2a38a3a519d5e4c5787c1d9cb/1663335057.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 24 Oct 2023 21:22:42 GMT
content-type: image/png
content-length: 60299
server: nginx/1.21.6
last-modified: Fri, 16 Sep 2022 13:31:05 GMT
etag: "63247a99-eb8b"
expires: Thu, 26 Oct 2023 21:22:42 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET en.yt1save.com/superpwa-manifest.json

104.21.77.198

200 OK

1.1 kB

URL GET HTTP/3
en.yt1save.com/superpwa-manifest.json
IP
104.21.77.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint68:95:FB:EB:CA:11:0A:AB:F7:86:78:DB:F5:C3:31:47:EF:8D:D8:D6
ValidityWed, 01 Feb 2023 00:00:00 GMT - Wed, 31 Jan 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1283), with no line terminators
Size
1.1 kB (1110 bytes)
Hash
9f8535117a6a1edb71f7f1749ef62a63
9ef71af3f8dfcd530e1fe76eadaba72fd227c431
03f7cb99d57685ac4d3928da05383c59c120d416fed7d4af4522b16fa2c37463

HTTP Headers

GET /superpwa-manifest.json HTTP/1.1
Host: en.yt1save.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/zoro/
Cookie: _ga_SM6030EHG3=GS1.1.1698182559.1.0.1698182559.60.0.0; _ga=GA1.1.1689926047.1698182559
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 24 Oct 2023 21:22:39 GMT
content-type: application/json
last-modified: Thu, 19 Oct 2023 00:37:12 GMT
vary: User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hb3k2TbvzUJm%2B0pvtQHiDiAKgIsg017%2BdCNF79UNnPxHmcexXU7mBDjWNHtt5brL14MQHBWPIgKemK%2FcxQ9iCxu69tt911J04zyMk3ev1L33SziHCe41tnXj15q0V2QACw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81b546c2c8e50b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET en.yt1save.com/wp-content/litespeed/js/c46eb8a2cd476ebbed14724e45be0cf9.js?ver=0c8eb

104.21.77.198

200 OK

140 kB

URL GET HTTP/3
en.yt1save.com/wp-content/litespeed/js/c46eb8a2cd476ebbed14724e45be0cf9.js?ver=0c8eb
IP
104.21.77.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint68:95:FB:EB:CA:11:0A:AB:F7:86:78:DB:F5:C3:31:47:EF:8D:D8:D6
ValidityWed, 01 Feb 2023 00:00:00 GMT - Wed, 31 Jan 2024 23:59:59 GMT

File type

Size
140 kB (140367 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/litespeed/js/c46eb8a2cd476ebbed14724e45be0cf9.js?ver=0c8eb HTTP/1.1
Host: en.yt1save.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/zoro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 24 Oct 2023 21:22:37 GMT
content-type: application/javascript
cache-control: public, max-age=31557600
expires: Thu, 24 Oct 2024 03:22:37 GMT
last-modified: Thu, 19 Oct 2023 00:25:23 GMT
vary: Accept-Encoding,User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GXN5wRQIDPIYCJ%2BnI40tpvpOj3F33ZsX4rDKMcjZgyHoEQ%2BqrALXhC6CBUNBDsE5x5X0B%2FSnpZRn5HN%2BYOMBmaDomlKrbH0GGXoIlKheISXuhj4elp2X9zfD%2BDxcALbVDw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81b546ba4c650b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET en.yt1save.com/zoro/

104.21.77.198

200 OK

65 kB

URL User Request GET HTTP/2
en.yt1save.com/zoro/
IP
104.21.77.198:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint68:95:FB:EB:CA:11:0A:AB:F7:86:78:DB:F5:C3:31:47:EF:8D:D8:D6
ValidityWed, 01 Feb 2023 00:00:00 GMT - Wed, 31 Jan 2024 23:59:59 GMT

File type

Size
65 kB (64635 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zoro/ HTTP/1.1
Host: en.yt1save.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Oct 2023 21:22:37 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
link: <https://en.yt1save.com/wp-json/>; rel="https://api.w.org/", <https://en.yt1save.com/wp-json/wp/v2/pages/4812>; rel="alternate"; type="application/json", <https://en.yt1save.com/?p=4812>; rel=shortlink
x-litespeed-cache: hit
vary: Accept-Encoding,User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VLt2mSC7tsPsOAt7FWmUr3MzMJoozCvJZrJ3B8ezVmyaOhk%2BPmkx0Ue8XhLJClojmu8sXANdCfu7ztifp0%2BUA4hPnnwkTA2x2xrlZK5QvELP3Aw2G1oSq03Se0i5I%2B9AqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81b546b4fe6b0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET en.yt1save.com/wp-content/litespeed/css/dd6e391dffb6ff04311f8f4565d11202.css?ver=0c8eb

104.21.77.198

200 OK

82 kB

URL GET HTTP/3
en.yt1save.com/wp-content/litespeed/css/dd6e391dffb6ff04311f8f4565d11202.css?ver=0c8eb
IP
104.21.77.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yt1save.com/zoro/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint68:95:FB:EB:CA:11:0A:AB:F7:86:78:DB:F5:C3:31:47:EF:8D:D8:D6
ValidityWed, 01 Feb 2023 00:00:00 GMT - Wed, 31 Jan 2024 23:59:59 GMT

File type

Size
82 kB (82377 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/litespeed/css/dd6e391dffb6ff04311f8f4565d11202.css?ver=0c8eb HTTP/1.1
Host: en.yt1save.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/zoro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 24 Oct 2023 21:22:37 GMT
content-type: text/css
cache-control: public, max-age=31557600
expires: Thu, 24 Oct 2024 03:22:37 GMT
last-modified: Wed, 11 Oct 2023 00:40:47 GMT
vary: Accept-Encoding,User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FZJo1PeAIQYfPrn6Al0N4ZvubXUCwWewfrHD%2F8yipq9yyaruXfIKOcpyFqP3n02cqLRrypZ7Dg0Um2411pUcYg5JjaUFfaQDXHp27gMdn%2FnIwAA9JarToE65zpwwhh4Cwg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81b546ba4c5b0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (20)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations