Report - tv1337.buzz/hola.php?id=3/37

Report Overview

Visited public
2024-05-27 20:22:52
Tags
URL
tv1337.buzz/hola.php?id=3/37
Finishing URL
tv1337.buzz/hola.php?id=3/37
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
3rd

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
awistats.com	unknown	2023-08-04	2023-08-06 00:36:54	2024-05-25 17:39:17	399 B	2.0 kB	172.67.206.156
closedjelly.net	unknown	2024-05-16	2024-05-27 20:32:57	2024-05-27 20:32:57	1.9 kB	292 kB	104.21.73.89
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2024-05-27 20:34:01	465 B	746 B	139.45.195.8
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-05-27 18:40:32	434 B	2.1 kB	142.250.74.106
swarm.video	126884	2018-11-05	2017-10-22 21:55:23	2024-05-25 17:39:17	406 B	545 kB	172.67.153.113
zxrfzxb.com	unknown	2024-01-26	2024-01-27 08:16:09	2024-05-27 20:32:57	417 B	64 kB	104.21.21.109
www.tv1337.buzz	unknown	unknown	No data	No data	506 B	66 kB	104.21.95.101
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-05-27 18:12:52	514 B	24 kB	142.250.74.131
nossairt.net	unknown	2022-10-25	2022-10-26 02:40:03	2024-05-19 19:41:36	2.0 kB	38 kB	139.45.197.238
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2024-05-27 19:01:42	427 B	146 kB	104.18.187.31
mhcfsjbqw.com	unknown	2024-05-06	2024-05-11 19:38:17	2024-05-25 16:17:00	417 B	32 kB	172.67.178.210
youradexchange.com	273384	2012-11-09	2013-02-04 17:25:46	2024-05-27 20:32:57	1.6 kB	3.2 kB	172.67.177.214
lol-foot.ru	unknown	2023-10-27	2024-04-09 16:05:53	2024-04-17 21:00:39	504 B	223 kB	188.114.97.1
tv1337.buzz	unknown	unknown	No data	No data	917 B	4.1 kB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-27	medium	nossairt.net	Sinkholed
2024-05-27	medium	nossairt.net	Sinkholed
2024-05-27	medium	nossairt.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (22)

	URL	From	Size	First Seen	Last Seen
	swarm.video/j79z9kzty.js?v=1.1	ScriptElement	544 kB	2023-03-14	2024-12-08
Pretty URL swarm.video/j79z9kzty.js?v=1.1 IP 172.67.153.113 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 06:05 Last Seen2024-12-08 17:33 Times Seen128 Hash 5bb4a2cc385c78f8f136804a7f9c099d 446deffaa8960d13ef52d28f9e27ade237b6e7b1 7c260f5e1dcb04331e9fb5ea2c0a5b82552133dd170d219384ec76afb1ec9b3d Loading...

	closedjelly.net/embed/a0wgmo3uvlcu3y	ScriptElement	44 B	2023-03-07	2025-06-20
Pretty URL closedjelly.net/embed/a0wgmo3uvlcu3y IP 104.21.73.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14 Last Seen2025-06-20 16:07 Times Seen180 Hash 8fb6e79a44a0c72402372ac295ca331a 3375b6cba22e95d2035a9eac246b4889b55a8ee9 e6dce9d47c5ff7badf344ff43d4394d35dc909cb3689651d044f388f28f7f96d Loading...

	www.tv1337.buzz/go/3/37	ScriptElement	59 kB	2023-03-08	2024-08-19
Pretty URL www.tv1337.buzz/go/3/37 IP 104.21.95.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 15:29 Last Seen2024-08-19 23:26 Times Seen16 Hash 6490061be5d3eb805ee3525cd546e737 25859651fe562524d905a8f9e4783dc8e3d10b1c 3ef7085f43059b2b3329271baf68eabc754eb279fd761ce7d9475de193eac89c Loading...

	nossairt.net/tag.min.js	ScriptElement	90 kB	2024-05-27	2024-08-19
Pretty URL nossairt.net/tag.min.js IP 139.45.197.238 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-27 21:40 Last Seen2024-08-19 21:33 Times Seen16 Hash 073f3f7737c246431c8e8c38ed0d3c7a 12e5c9d5b94bcfcd78635d8c08df1e0c1cd46f2a dcd2eb31ad22fd462331ff452bbf9ac1131ee021f307dd08629f27f97a99ebd4 Loading...

	mhcfsjbqw.com/script/ut.js?cb=1716841346311	ScriptElement	63 kB	2024-04-25	2024-08-20
Pretty URL mhcfsjbqw.com/script/ut.js?cb=1716841346311 IP 172.67.178.210 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 17:58 Last Seen2024-08-20 02:47 Times Seen796 Hash bc481e345c04b4534e0a4e54a0f2c1c6 2be428035dd37b2722891c200f35449c5893df33 04d8cc0aacc3f172f638e608d3f08e8457d849290ae553090cb951d4b3f1b97b Loading...

	closedjelly.net/js/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-06-25
Pretty URL closedjelly.net/js/jquery.min.js IP 104.21.73.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-25 06:10 Times Seen38866 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	closedjelly.net/embed/a0wgmo3uvlcu3y	ScriptElement	1.7 kB	2024-08-19	2024-08-19
Pretty URL closedjelly.net/embed/a0wgmo3uvlcu3y IP 104.21.73.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 21:33 Last Seen2024-08-19 21:33 Times Seen1 Hash e7bda8056703bebb92bfee9ca17819e0 2cae85671626a8e4e91f795242380ea68f89db61 d2e906ae6108ed52db70aeab2e999a081d0c843f57166725a57726105d84d4ab Loading...

	closedjelly.net/embed/a0wgmo3uvlcu3y	ScriptElement	169 kB	2024-05-26	2024-08-19
Pretty URL closedjelly.net/embed/a0wgmo3uvlcu3y IP 104.21.73.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-26 17:08 Last Seen2024-08-19 21:42 Times Seen6 Hash bf349f439a28c039b7565d95a4a51fa5 86af7e5b8c919135ae85ace14e6451c93dc26225 5ced4253ba935b1c2f96bbf4848b438eb9e052e8131059b9ec105e082b29ac7c Loading...

	closedjelly.net/embed/a0wgmo3uvlcu3y	ScriptElement	230 B	2024-03-03	2025-01-25
Pretty URL closedjelly.net/embed/a0wgmo3uvlcu3y IP 104.21.73.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-03 21:21 Last Seen2025-01-25 07:15 Times Seen92 Hash 0e8c07adb622621fa0f09640cc1d2c93 35eedadc67026f4975b05556c134957b1e05aa67 624ba8f88c519c651b41d70f82e0cc16088ac3820dccfcd7f4a68aa101133ec6 Loading...

	www.tv1337.buzz/go/3/37	ScriptElement	447 B	2023-03-08	2024-08-19
Pretty URL www.tv1337.buzz/go/3/37 IP 104.21.95.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 15:29 Last Seen2024-08-19 23:26 Times Seen17 Hash a1fb63b580a625ee80882807b1ad46eb cfe28864efd30ba1c5e9d32dffcd5a5cda252c5b c513fb339ffe0bf37d6b8372edffa81b8aa86fae153918414830c8314fece85a Loading...

	www.tv1337.buzz/go/3/37	ScriptElement	162 kB	2024-05-26	2024-08-19
Pretty URL www.tv1337.buzz/go/3/37 IP 104.21.95.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-26 14:57 Last Seen2024-08-19 21:42 Times Seen16 Hash 81b3120cf9ec0e87b4324550565a5a8c 7fa0ac7975c0a5cd8596c77a61e3a29bb2583a1d 3a193550e44e39110a6a959296ba646bd295b5a71044d046f313999e2e0f89b4 Loading...

	www.tv1337.buzz/go/3/37	ScriptElement	67 B	2024-05-10	2024-10-20
Pretty URL www.tv1337.buzz/go/3/37 IP 104.21.95.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 09:56 Last Seen2024-10-20 17:33 Times Seen37 Hash a0a99db9883f8a1b41b1f376ccd805f0 25ba81b1fe0b1c3198f1c63e1ed58203d3db50a0 ba81b56e7fcb27e9bbdb9b2fe3fa3fb3dce6e48ad5bdc1475fca09f59326c3b4 Loading...

	closedjelly.net/deb.js	ScriptElement	26 kB	2023-03-14	2025-06-20
Pretty URL closedjelly.net/deb.js IP 104.21.73.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 08:08 Last Seen2025-06-20 16:07 Times Seen107 Hash 4854629b2f59efbee5662790a405fa68 961af168c9029a8a3765356bd37631fa3941ccb2 00f55721ec6181d9c16cc365dfe2ca9aab2fb8008ffe22ded892085019fd33b5 Loading...

	unknown	Function	34 B	2023-04-11	2025-06-25
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:16 Last Seen2025-06-25 05:04 Times Seen67339 Hash 572cb94037fffc2a0a53b465972e15f1 0d679b041a7c1ca45cc99e2d229fc2b86762838d 6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35 Loading...

	closedjelly.net/embed/a0wgmo3uvlcu3y	ScriptElement	295 B	2024-08-19	2024-08-19
Pretty URL closedjelly.net/embed/a0wgmo3uvlcu3y IP 104.21.73.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 21:33 Last Seen2024-08-19 21:33 Times Seen1 Hash 4e6bebe272b85f09021a4359332ffce2 1a15177759e7b958b66eb3445c13c91047432f2d bcb0df380c6767044be3889ac88d1741ba9f18a0bd19256d47e8bad2312ae5b8 Loading...

	closedjelly.net/embed/a0wgmo3uvlcu3y	ScriptElement	1.6 kB	2024-08-19	2024-08-19
Pretty URL closedjelly.net/embed/a0wgmo3uvlcu3y IP 104.21.73.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 21:33 Last Seen2024-08-19 21:33 Times Seen1 Hash fd7eb4badbc72133381f5a0d64838b1e c2bde7ac08328bc8bbfeaad600de7eabc164b0dd 8eac431eec4e1da9f1eebb46613056fdaafc6b6ef38315bd814412bb3a971f5e Loading...

	closedjelly.net/embed/a0wgmo3uvlcu3y	ScriptElement	3.8 kB	2024-08-19	2024-08-19
Pretty URL closedjelly.net/embed/a0wgmo3uvlcu3y IP 104.21.73.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 21:33 Last Seen2024-08-19 21:33 Times Seen1 Hash 95ae8c90c71aa46ca612d2dcff3859db 2633777640a2fb70369a35d8a6ed6ab4c0ad4c53 b8286a9ddd0651d599f1d940a8540c6eb0f3afff7f80493a5871196cb3328235 Loading...

	www.tv1337.buzz/go/3/37	ScriptElement	424 B	2024-05-26	2025-06-07
Pretty URL www.tv1337.buzz/go/3/37 IP 104.21.95.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-26 14:57 Last Seen2025-06-07 19:03 Times Seen52 Hash 5dbc1caad2f0cfdb7809ee31ae77169e 2a15ac32af566fb04d39dd863cfbf41a862a8f07 e320defbe33f96dbb8bdaa1a262dde2fa11d142e550ff474099a72bb56f30823 Loading...

	closedjelly.net/embed/a0wgmo3uvlcu3y	ScriptElement	160 B	2023-08-26	2025-06-07
Pretty URL closedjelly.net/embed/a0wgmo3uvlcu3y IP 104.21.73.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-26 23:38 Last Seen2025-06-07 11:18 Times Seen143 Hash 5a8804e294acad6c8bd29a7945808ddb 90ffa7ba6d41e154ce325aab134f732e62bed676 98f7e3a041cce30a75f5b01cbf7c1128760da4d9db44e8e2ed148a2154aa3bf8 Loading...

	cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js	ScriptElement	525 kB	2023-03-07	2025-06-24
Pretty URL cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js IP 104.18.187.31 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-06-24 01:11 Times Seen985 Hash f55c6c796275a41ce7d97bd160e648ff 936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89 db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c Loading...

		Size	First Seen	Last Seen
	#1 Eval - 75d0aef5e3a1498c746a6685a09095ad	6.0 kB	2024-08-19 21:33	2024-08-19 21:33
Pretty Observations First Seen2024-08-19 21:33 Last Seen2024-08-19 21:33 Times Seen1 Hash 75d0aef5e3a1498c746a6685a09095ad 1dcaf4859ce789e80e8d4b1620b161379050be01 fa562178d6e9e29b13c8089676739da02a6ab41fa58ea2690e005c8852590808 Loading...

	#2 Eval - 613b58ce7dc5f9411e189047172d9831	1.4 kB	2024-08-19 21:33	2024-08-19 21:33
Pretty Observations First Seen2024-08-19 21:33 Last Seen2024-08-19 21:33 Times Seen1 Hash 613b58ce7dc5f9411e189047172d9831 0118b948db0e5075743c0c993f83107e564b1871 8e42a74a2c11e884590cb40f053ae6e3b7fd7ba68dd643d0e64347d654af0f73 Loading...

HTTP Transactions (21)

URL IP Response Size

HEAD www.tv1337.buzz/go/3/37

104.21.95.101

200 OK

65 kB

URL HEAD HTTP/3
www.tv1337.buzz/go/3/37
IP
104.21.95.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.tv1337.buzz/go/3/37
Certificate
IssuerGoogle Trust Services LLC
Subjecttv1337.buzz
Fingerprint9D:4A:18:EB:19:04:19:E0:A9:01:28:87:BD:73:A6:1D:63:4C:E5:78
ValidityMon, 29 Apr 2024 00:24:21 GMT - Sun, 28 Jul 2024 00:24:20 GMT

File type
JavaScript source, ASCII text, with very long lines (59444), with CRLF line terminators
Size
65 kB (65342 bytes)
Hash
63abf80d65a4ab80dd678f57eaffaa13
8cb9ccad1bac8c3ecd76771a7b444e09b96ee790
39b2f89ceb93272cc33727f71152e5a32c9ff5e21e3c89c13f4f1e6cddc7bde4

HTTP Headers

GET /go/3/37 HTTP/1.1
Host: www.tv1337.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tv1337.buzz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 May 2024 20:22:25 GMT
content-type: text/html; charset=UTF-8
x-proxy-cache: HIT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2yNcCbYdeOba8TRbVxiQTuVIsZfOkLsq4D5M76Jjgu8gA9A8Bv3mBbomE96iH6TW86gfURPpRODOTGHkCjC58BeIb219RXhLju3MkR%2Fxw%2BrdluTP8KEozUyZwhJGb7E3zjU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88a8b78bfae05685-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET nossairt.net/tag.min.js

139.45.197.238

200 OK

28 kB

URL GET HTTP/2
nossairt.net/tag.min.js
IP
139.45.197.238:443
ASN
#9002 RETN Limited

Requested by
https://www.tv1337.buzz/go/3/37
Certificate
IssuerLet's Encrypt
Subjectnossairt.net
Fingerprint9B:D9:3C:16:AE:3A:B3:4C:11:53:DB:A3:74:9D:97:43:AE:4B:80:83
ValidityTue, 07 May 2024 05:19:07 GMT - Mon, 05 Aug 2024 05:19:06 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
28 kB (28494 bytes)
Hash
073f3f7737c246431c8e8c38ed0d3c7a
12e5c9d5b94bcfcd78635d8c08df1e0c1cd46f2a
dcd2eb31ad22fd462331ff452bbf9ac1131ee021f307dd08629f27f97a99ebd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: nossairt.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tv1337.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 May 2024 20:22:26 GMT
content-type: text/javascript; charset=utf-8
content-length: 28494
content-encoding: br
x-trace-id: 689bac82598e888b6ae88b56f3591377
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Mon, 27 May 2024 18:43:09 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js

104.18.187.31

200 OK

145 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js
IP
104.18.187.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://closedjelly.net/embed/a0wgmo3uvlcu3y
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
Fingerprint74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE
ValiditySat, 04 May 2024 00:00:00 GMT - Sun, 04 May 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
145 kB (145133 bytes)
Hash
f55c6c796275a41ce7d97bd160e648ff
936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89
db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c

HTTP Headers

GET /npm/clappr@latest/dist/clappr.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://closedjelly.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 May 2024 20:22:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 145133
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 0.3.13
x-jsd-version-type: version
etag: W/"80319-k2KF+cjIWnSaHvjPxNXoS36ivIk"
content-encoding: br
x-served-by: cache-fra-etou8220029-FRA, cache-lga21954-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 23302
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WAtCDfZDGFasfNnEabg44G%2BUEH3U5tIzPUYaNwHjL6Tu8abeMhnEbb7DO1Or6mBgZjetyYzLkcT50d2MbH4H7ahNj5bYi4zFR9Bp38nwtfcRsXiDQBA6euE5uEMsklyeMyY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88a8b790486cb521-OSL
X-Firefox-Spdy: h2

GET youradexchange.com/script/suurl5.php?r=8343450&cbur=0.578290970487101&cbiframe=1&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Ftv1337.buzz%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=mhcfsjbqw.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1716841346232&srs=068aeb6a263377499cb8674bee9e5a95&atv=48.1&abtg=1&adbv=3-swat3

172.67.177.214

200 OK

807 B

URL GET HTTP/2
youradexchange.com/script/suurl5.php?r=8343450&cbur=0.578290970487101&cbiframe=1&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Ftv1337.buzz%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=mhcfsjbqw.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1716841346232&srs=068aeb6a263377499cb8674bee9e5a95&atv=48.1&abtg=1&adbv=3-swat3
IP
172.67.177.214:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.tv1337.buzz/go/3/37
Certificate
IssuerGoogle Trust Services LLC
Subjectyouradexchange.com
FingerprintD5:0B:42:43:E8:69:FA:76:AA:C8:B3:28:9A:EB:33:C4:6F:62:7A:2B
ValiditySun, 14 Apr 2024 01:48:20 GMT - Sat, 13 Jul 2024 01:48:19 GMT

File type
gzip compressed data, max compression, from Unix
Size
807 B (807 bytes)
Hash
bba9f63cb6e801e234f014892893211a
07544ebb75fefd79f0918e1cb9952c3fdc44d43f
1ee76f268f6637eb4f5da7d061e4e487118bf905a3af8be62398460981d29369

HTTP Headers

GET /script/suurl5.php?r=8343450&cbur=0.578290970487101&cbiframe=1&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Ftv1337.buzz%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=mhcfsjbqw.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1716841346232&srs=068aeb6a263377499cb8674bee9e5a95&atv=48.1&abtg=1&adbv=3-swat3 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.tv1337.buzz/
Origin: https://www.tv1337.buzz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 May 2024 20:22:26 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lpaG9%2FI39m46GOa4qTiOY5ZOHNPrx2bPpEYym2YNpC4%2F7yLlgTREdCKhwIBUfE0tj8swQCMEtlqRrbHekLadlZQ6a6Uji26PGPf97v0GZJr0Hw0rpDcEcxV1bPr%2FtvifY2INU6A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88a8b78e2a23569d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET awistats.com/js/script.js

172.67.206.156

200 OK

1.2 kB

URL GET HTTP/2
awistats.com/js/script.js
IP
172.67.206.156:443
ASN
#13335 CLOUDFLARENET

Requested by
https://closedjelly.net/embed/a0wgmo3uvlcu3y
Certificate
IssuerGoogle Trust Services LLC
Subjectawistats.com
Fingerprint2A:51:4E:19:F1:0A:BA:19:4D:C8:8E:8E:F2:79:5D:58:76:2A:1F:28
ValiditySat, 25 May 2024 23:09:53 GMT - Fri, 23 Aug 2024 23:09:52 GMT

File type
JavaScript source, ASCII text, with very long lines (1346), with no line terminators
Size
1.2 kB (1168 bytes)
Hash
abd4e2373b2e8c4dac2e80159641c5f1
e273656e58ca934d873204e68dd35670fde657ed
021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94

HTTP Headers

GET /js/script.js HTTP/1.1
Host: awistats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://closedjelly.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 May 2024 20:22:26 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cf-cache-status: HIT
age: 12911
last-modified: Mon, 27 May 2024 16:47:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PR1iJhox6YVYwljYlYoJ3MrPsZkVmr%2BC8GIRuFOEW4NJBB5LP6oN1tan%2FHr80vdoi66Oh02DO6DxPa4V8BUK5EnRJe%2BVexEvvPpjGrLh5UUJdkRcSP6NaSIozNsGxYM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88a8b7905a36b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

142.250.74.131

200 OK

24 kB

URL GET HTTP/2
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://closedjelly.net/embed/a0wgmo3uvlcu3y
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C
ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://closedjelly.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 25 May 2024 08:49:08 GMT
expires: Sun, 25 May 2025 08:49:08 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
age: 214399
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET mhcfsjbqw.com/script/ut.js?cb=1716841346311

172.67.178.210

200 OK

31 kB

URL GET HTTP/2
mhcfsjbqw.com/script/ut.js?cb=1716841346311
IP
172.67.178.210:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.tv1337.buzz/go/3/37
Certificate
IssuerGoogle Trust Services LLC
Subjectmhcfsjbqw.com
FingerprintA8:BB:04:8C:20:CF:AC:2F:8B:C2:A4:C9:36:88:68:34:4C:7B:A4:0A
ValiditySun, 05 May 2024 23:31:25 GMT - Sat, 03 Aug 2024 23:31:24 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (62938), with no line terminators
Size
31 kB (31244 bytes)
Hash
bc481e345c04b4534e0a4e54a0f2c1c6
2be428035dd37b2722891c200f35449c5893df33
04d8cc0aacc3f172f638e608d3f08e8457d849290ae553090cb951d4b3f1b97b

HTTP Headers

GET /script/ut.js?cb=1716841346311 HTTP/1.1
Host: mhcfsjbqw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tv1337.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 May 2024 20:22:26 GMT
content-type: text/javascript
x-goog-generation: 1714053300452258
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 62975
x-goog-hash: crc32c=f8d0YQ==, md5=vEgeNFwEtFNOCk5UoPLBxg==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
x-guploader-uploadid: ABPtcPrPTGCeNOi0aPZzo_FoG4C6YtuStJGQc2MdQ4LXvHTxuObU_9sWT18GaX4vPRKxw8Mp8e_V7MPnkg
expires: Mon, 27 May 2024 20:22:44 GMT
cache-control: public, max-age=14400
age: 3043
last-modified: Thu, 25 Apr 2024 13:55:00 GMT
etag: W/"bc481e345c04b4534e0a4e54a0f2c1c6"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0XXgxHJU9o%2BT9dnFqJOiIlxCpqo5vmoBB7zNsCyl0e5LYI0gdM89T7ePW7ARQl5De1nL0n%2FreeVDDh3qXJ3%2BUoaOBYWZjt93H5vI4ZQRiDRIMlxNOsexend38X1uDmJk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88a8b78eaf3fb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET closedjelly.net/css/embed.min.css?v=0.5

104.21.73.89

200 OK

9.9 kB

URL GET HTTP/3
closedjelly.net/css/embed.min.css?v=0.5
IP
104.21.73.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://closedjelly.net/embed/a0wgmo3uvlcu3y
Certificate
IssuerLet's Encrypt
Subjectclosedjelly.net
FingerprintCF:5A:5C:48:A0:C2:0B:DB:87:1D:8C:C2:9B:6B:43:FB:AB:C0:53:77
ValidityThu, 16 May 2024 18:27:17 GMT - Wed, 14 Aug 2024 18:27:16 GMT

File type
ASCII text, with very long lines (1263)
Size
9.9 kB (9850 bytes)
Hash
47bdb127c8b9c6915ba4aea9205641ba
56554a3c0bd6785df1f1d18de5a07a495fb49270
2c7cf941b4eb9254e850875107ded812b5cf2da9de46f85919561f2a73876257

HTTP Headers

GET /css/embed.min.css?v=0.5 HTTP/1.1
Host: closedjelly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://closedjelly.net/embed/a0wgmo3uvlcu3y
Cookie: hf1=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 May 2024 20:22:26 GMT
content-type: text/css
last-modified: Thu, 09 Jun 2022 09:49:16 GMT
etag: W/"62a1c21c-4f0"
expires: Fri, 31 May 2024 12:40:11 GMT
cache-control: max-age=608400
cf-cache-status: HIT
age: 290535
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8%2FvSWUyJ3nMcmOo9Fxf9Hd9lWSDB0Zo5gdshtVj6uRYl1WI3ulICb1OCY8QPKyFA9NVfb3j%2FAs%2BpF0OxGJtffSQiIlTf7yujVe5hvzKhrAlu3uXCk%2FcRRagK6cHXdyOFfms%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88a8b7900e95b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET closedjelly.net/deb.js

104.21.73.89

200 OK

14 kB

URL GET HTTP/3
closedjelly.net/deb.js
IP
104.21.73.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://closedjelly.net/embed/a0wgmo3uvlcu3y
Certificate
IssuerLet's Encrypt
Subjectclosedjelly.net
FingerprintCF:5A:5C:48:A0:C2:0B:DB:87:1D:8C:C2:9B:6B:43:FB:AB:C0:53:77
ValidityThu, 16 May 2024 18:27:17 GMT - Wed, 14 Aug 2024 18:27:16 GMT

File type
JavaScript source, ASCII text, with very long lines (21359)
Size
14 kB (14431 bytes)
Hash
4854629b2f59efbee5662790a405fa68
961af168c9029a8a3765356bd37631fa3941ccb2
00f55721ec6181d9c16cc365dfe2ca9aab2fb8008ffe22ded892085019fd33b5

HTTP Headers

GET /deb.js HTTP/1.1
Host: closedjelly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://closedjelly.net/embed/a0wgmo3uvlcu3y
Cookie: hf1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 May 2024 20:22:26 GMT
content-type: application/javascript
last-modified: Wed, 22 Feb 2023 13:57:38 GMT
etag: W/"63f61f52-6450"
expires: Fri, 31 May 2024 12:40:11 GMT
cache-control: max-age=608400
cf-cache-status: HIT
age: 290535
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o%2BRclhCNtrTtJsv9gxMBMjcJMB%2FromANeFgy498cpSbIoYeGbkprw0pnt2JzB%2FxAk9f6%2BenY6gNF7b31%2BKAWs7Oq3JCyNNkoHoeJ%2BbwZ338BsHModynhtmIjpKcAQej4%2FlI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88a8b7902ebbb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET my.rtmark.net/gid.js?userId=008069ccc5f644c9e66699ee50c6ba01

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=008069ccc5f644c9e66699ee50c6ba01
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://www.tv1337.buzz/go/3/37
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint90:47:5A:A5:5F:5F:FA:E6:7C:6F:AB:D2:06:D1:D9:BD:F3:54:9E:6E
ValiditySat, 11 May 2024 20:51:41 GMT - Fri, 09 Aug 2024 20:51:40 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
19cc5db9ea53f9ee757b5cca629155ed
1e59efb746dc972568cef3884191ce38cf96a6f2
472b94cb9fe308c3c9d655dba343b7143ef7580c16ef8bb2db83e1e713cfb8e2

HTTP Headers

GET /gid.js?userId=008069ccc5f644c9e66699ee50c6ba01 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.tv1337.buzz
DNT: 1
Connection: keep-alive
Referer: https://www.tv1337.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 May 2024 20:22:26 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.tv1337.buzz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008069ccc5f644c9e66699ee50c6ba01; expires=Tue, 27 May 2025 20:22:26 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Lato:400,700

142.250.74.106

200 OK

1.4 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Lato:400,700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://closedjelly.net/embed/a0wgmo3uvlcu3y
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint58:16:76:D3:35:A7:C7:1B:68:67:E2:F5:33:04:0E:E9:CB:56:BD:77
ValidityMon, 06 May 2024 14:43:20 GMT - Mon, 29 Jul 2024 14:43:19 GMT

File type
ASCII text, with very long lines (1474), with no line terminators
Size
1.4 kB (1442 bytes)
Hash
73d13bdd1ab78f594cb774a9319a64f2
b998b7afc14655aed45dbdd4120eda96a2aa4427
5645753d1916f250c3f7c8658a2616db7c616ae6ec7d1dc0e3f9f1a2bb7ab47a

HTTP Headers

GET /css?family=Lato:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://closedjelly.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 27 May 2024 20:22:26 GMT
date: Mon, 27 May 2024 20:22:26 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET nossairt.net/5/5548992/?oo=1&aab=1

139.45.197.238

200 OK

3.8 kB

URL GET HTTP/2
nossairt.net/5/5548992/?oo=1&aab=1
IP
139.45.197.238:443
ASN
#9002 RETN Limited

Requested by
https://www.tv1337.buzz/go/3/37
Certificate
IssuerLet's Encrypt
Subjectnossairt.net
Fingerprint9B:D9:3C:16:AE:3A:B3:4C:11:53:DB:A3:74:9D:97:43:AE:4B:80:83
ValidityTue, 07 May 2024 05:19:07 GMT - Mon, 05 Aug 2024 05:19:06 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3844), with no line terminators
Size
3.8 kB (3840 bytes)
Hash
b45cd9b349da9abdb3a580676af207b9
fffb664316bf5e525fdfbf3cae6b8d5cf93cf13c
b6b80fe5cb722d84ef2577565715c4a93badaa3fe898346cf94abeb89a5b4eba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/5548992/?oo=1&aab=1 HTTP/1.1
Host: nossairt.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.tv1337.buzz
DNT: 1
Connection: keep-alive
Referer: https://www.tv1337.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 May 2024 20:22:26 GMT
content-type: application/json
x-trace-id: 51714c0daf91ff332998e91a1a6a1a79
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.tv1337.buzz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008069ccc5f644c9e66699ee50c6ba01; expires=Tue, 27 May 2025 20:22:26 GMT; path=/; secure; SameSite=None
oaidts=1716841346; expires=Tue, 27 May 2025 20:22:26 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET closedjelly.net/embed/a0wgmo3uvlcu3y

104.21.73.89

200 OK

178 kB

URL GET HTTP/2
closedjelly.net/embed/a0wgmo3uvlcu3y
IP
104.21.73.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.tv1337.buzz/go/3/37
Certificate
IssuerLet's Encrypt
Subjectclosedjelly.net
FingerprintCF:5A:5C:48:A0:C2:0B:DB:87:1D:8C:C2:9B:6B:43:FB:AB:C0:53:77
ValidityThu, 16 May 2024 18:27:17 GMT - Wed, 14 Aug 2024 18:27:16 GMT

File type

Size
178 kB (178497 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /embed/a0wgmo3uvlcu3y HTTP/1.1
Host: closedjelly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tv1337.buzz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 May 2024 20:22:26 GMT
content-type: text/html; charset=UTF-8
set-cookie: hf1=1; expires=Mon, 27-May-2024 20:52:26 GMT; Max-Age=1800; path=/; secure; HttpOnly; SameSite=None
hf2=1; expires=Mon, 27-May-2024 20:22:26 GMT; Max-Age=0; path=/; secure; HttpOnly; SameSite=None
hf3=1; expires=Mon, 27-May-2024 20:22:26 GMT; Max-Age=0; path=/; secure; HttpOnly; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q%2FUSU8KTP2PzeYnCIo4iujBeKFXHc%2B2iMMEGhT1RZ1Q86zR3RGbvE79iIcZ%2FL%2FLC2JrRrHRG6NfggDm13TGTEIfYrr%2FUebAoParklII3%2BXGbBYOXA6FtBftz5AqMOotv2Lg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88a8b78e4b1e1c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET lol-foot.ru/go/3/37

188.114.97.1

301 Moved Permanently

222 kB

URL GET HTTP/2
lol-foot.ru/go/3/37
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tv1337.buzz/hola.php?id=3/37
Certificate
IssuerGoogle Trust Services LLC
Subjectlol-foot.ru
Fingerprint46:11:81:40:B2:08:13:A6:B9:86:6F:4B:5C:DB:83:09:8F:9E:79:08
ValidityTue, 09 Apr 2024 00:32:15 GMT - Mon, 08 Jul 2024 00:32:14 GMT

File type

Size
222 kB (222510 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /go/3/37 HTTP/1.1
Host: lol-foot.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tv1337.buzz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Mon, 27 May 2024 20:22:25 GMT
content-type: text/html
location: https://www.tv1337.buzz/go/3/37
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tEqQIvWzHs9aHBd0KMH4q4syYySYe%2BQ2RhdfDDaJSMis2WL4LTMhzmnBrh7d6qMWhAzxke8I%2BiAKeIACifZOOLBMDk8uyM08Wr7bvZYjD%2FRgds8EcoYQkYO4zmOHIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88a8b78b8ea90afa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET tv1337.buzz/hola.php?id=3/37

188.114.96.1

200 OK

868 B

URL User Request GET HTTP/2
tv1337.buzz/hola.php?id=3/37
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecttv1337.buzz
Fingerprint9D:4A:18:EB:19:04:19:E0:A9:01:28:87:BD:73:A6:1D:63:4C:E5:78
ValidityMon, 29 Apr 2024 00:24:21 GMT - Sun, 28 Jul 2024 00:24:20 GMT

File type
HTML document, ASCII text, with very long lines (972), with no line terminators
Size
868 B (868 bytes)
Hash
03c41b99c76d0dd53242cd4b43ad1c12
3287c56999508b4d5452dabc36f48f072677f3f9
63c7bb861fccf697331eed4d58424e4a28692c9d430d74d92333b5c1a9590dd9

HTTP Headers

GET /hola.php?id=3/37 HTTP/1.1
Host: tv1337.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 May 2024 20:22:25 GMT
content-type: text/html; charset=UTF-8
x-proxy-cache: HIT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hzgrhCsPloOcF0NmC0P5o0A7HKIJIk7eJzn3fblE5wqJssNO9%2Bs6%2B6YeNWYBMVvg53emqO3bZ5ayaBscZcvChZLjG02TOPYXSF%2B0%2F64Z%2FT6LVzq%2FcWh7U%2Fmu9xSbyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88a8b788e9aab503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET swarm.video/j79z9kzty.js?v=1.1

172.67.153.113

200 OK

544 kB

URL GET HTTP/2
swarm.video/j79z9kzty.js?v=1.1
IP
172.67.153.113:443
ASN
#13335 CLOUDFLARENET

Requested by
https://closedjelly.net/embed/a0wgmo3uvlcu3y
Certificate
IssuerGoogle Trust Services LLC
Subjectswarm.video
FingerprintE4:A3:1D:E1:92:BF:7E:10:0C:65:79:3B:64:03:3A:AA:31:C9:01:2B
ValidityThu, 23 May 2024 06:22:33 GMT - Wed, 21 Aug 2024 06:22:32 GMT

File type

Size
544 kB (544335 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /j79z9kzty.js?v=1.1 HTTP/1.1
Host: swarm.video
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://closedjelly.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 May 2024 20:22:26 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-bgj: minify
cf-polished: origSize=545594
etag: W/"8533a-1893d1d213a"
last-modified: Mon, 10 Jul 2023 00:04:26 GMT
x-powered-by: Express
cf-cache-status: HIT
age: 2343329
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QWEm8TnLuM72gfQpb5byhPA3Ga7azEDTOx3qRi5pggM8%2FgTClEdetKKDHzK0TMl0CqlioGJW5n9RyLf42Xi031MylV12Jewk4giOrZySceRoIgGcidk8kmCdWtSBEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88a8b7905a81712a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET tv1337.buzz/favicon.ico

188.114.96.1

200 OK

2.0 kB

URL GET HTTP/3
tv1337.buzz/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tv1337.buzz/hola.php?id=3/37
Certificate
IssuerGoogle Trust Services LLC
Subjecttv1337.buzz
Fingerprint9D:4A:18:EB:19:04:19:E0:A9:01:28:87:BD:73:A6:1D:63:4C:E5:78
ValidityMon, 29 Apr 2024 00:24:21 GMT - Sun, 28 Jul 2024 00:24:20 GMT

File type
PNG image data, 36 x 34, 8-bit/color RGBA, non-interlaced
Size
2.0 kB (1992 bytes)
Hash
73ba79f24b56a0b965644213c761635d
442be67ca159de22822c8dc1d15874a2ee3a075f
cb136eca6edfeb5843fead65aebac6990f0bad0ab94e6eb95c83723a39472119

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: tv1337.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tv1337.buzz/hola.php?id=3/37
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 May 2024 20:22:25 GMT
content-type: image/x-icon
last-modified: Tue, 24 Sep 2019 00:24:21 GMT
etag: W/"5d896235-7c8"
x-proxy-cache: EXPIRED
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Qkt9FzsUPwVp3khU7rTq7oHdnKPYSpj6jMwueEZ5Cg2UJgEI4fdqdLUdGpn0uTkq09S45CEV4FqIGVzmZZm%2B8FqJP9ybv70XkPZ%2BXs3JEI%2F3qOWW%2FSWPQA22hVx0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88a8b78b2b3a5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET closedjelly.net/js/jquery.min.js

104.21.73.89

200 OK

87 kB

URL GET HTTP/3
closedjelly.net/js/jquery.min.js
IP
104.21.73.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://closedjelly.net/embed/a0wgmo3uvlcu3y
Certificate
IssuerLet's Encrypt
Subjectclosedjelly.net
FingerprintCF:5A:5C:48:A0:C2:0B:DB:87:1D:8C:C2:9B:6B:43:FB:AB:C0:53:77
ValidityThu, 16 May 2024 18:27:17 GMT - Wed, 14 Aug 2024 18:27:16 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
87 kB (86659 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: closedjelly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://closedjelly.net/embed/a0wgmo3uvlcu3y
Cookie: hf1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 May 2024 20:22:26 GMT
content-type: application/javascript
last-modified: Mon, 09 Nov 2020 18:05:02 GMT
etag: W/"5fa984ce-15283"
expires: Fri, 31 May 2024 12:40:11 GMT
cache-control: max-age=608400
cf-cache-status: HIT
age: 290535
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ks3xomogcozS5N5pWBXe8GcOeYqRR6fAnBUjPA91Xm6wGxHGT43tS6yKBthU5uFabBJBsAfvGR5foLNaGj%2FnadwSTe2D4egIChS5e9ps%2Fk9lYyQ0UcN%2BO%2Bazae7Bxjk%2FKhc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88a8b7901e97b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET nossairt.net/?rb=5QGd6EfSx5LiqG_M9tafdnCMGFL9EkHeUujVg46aUl7T7gk6b_CZ-eokEiQvb0XIt0oO5r0OiMiodC99JdPKYuStkFETAaxd7tBw1rgUJSVsTDi51f9WKnUwbXQGUPlaeTZfaWqZ6RFQXcHZor2JVe8-A9a2WPY9YI82FLqyzPRcqR0xactpHsYAfiZp-7WMXC5xodQbhu0K9mHqdh_1zrwfk4FNf7Z6Ae_LXbZTIWOi5KGoKUVNmVtXla5Z9jxFrDcfNtHh5ks%3D&request_ab2=0&zoneid=5548992&js_build=iclick-v1.805.2-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=1&pl=https%3A%2F%2Fwww.tv1337.buzz%2Fgo%2F3%2F37&drf=https%3A%2F%2Ftv1337.buzz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.805.2-auto&navlng=en-US&pnt=0&pnrc=0&bs=b76e6308-81f0-4a2e-8457-49047696eb6d&wasm=1&userId=008069ccc5f644c9e66699ee50c6ba01&m=link

139.45.197.238

200 OK

2.4 kB

URL GET HTTP/2
nossairt.net/?rb=5QGd6EfSx5LiqG_M9tafdnCMGFL9EkHeUujVg46aUl7T7gk6b_CZ-eokEiQvb0XIt0oO5r0OiMiodC99JdPKYuStkFETAaxd7tBw1rgUJSVsTDi51f9WKnUwbXQGUPlaeTZfaWqZ6RFQXcHZor2JVe8-A9a2WPY9YI82FLqyzPRcqR0xactpHsYAfiZp-7WMXC5xodQbhu0K9mHqdh_1zrwfk4FNf7Z6Ae_LXbZTIWOi5KGoKUVNmVtXla5Z9jxFrDcfNtHh5ks%3D&request_ab2=0&zoneid=5548992&js_build=iclick-v1.805.2-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=1&pl=https%3A%2F%2Fwww.tv1337.buzz%2Fgo%2F3%2F37&drf=https%3A%2F%2Ftv1337.buzz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.805.2-auto&navlng=en-US&pnt=0&pnrc=0&bs=b76e6308-81f0-4a2e-8457-49047696eb6d&wasm=1&userId=008069ccc5f644c9e66699ee50c6ba01&m=link
IP
139.45.197.238:443
ASN
#9002 RETN Limited

Requested by
https://www.tv1337.buzz/go/3/37
Certificate
IssuerLet's Encrypt
Subjectnossairt.net
Fingerprint9B:D9:3C:16:AE:3A:B3:4C:11:53:DB:A3:74:9D:97:43:AE:4B:80:83
ValidityTue, 07 May 2024 05:19:07 GMT - Mon, 05 Aug 2024 05:19:06 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2380), with no line terminators
Size
2.4 kB (2357 bytes)
Hash
1d31634799912940f48c412c80453c8f
ab4190e1141ed75da256110280b7c1287b88bdaa
97f3a472ab5e362e3f9da72d5728b08a6b16cc296fcf170b3628ec8ceb2fd3f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=5QGd6EfSx5LiqG_M9tafdnCMGFL9EkHeUujVg46aUl7T7gk6b_CZ-eokEiQvb0XIt0oO5r0OiMiodC99JdPKYuStkFETAaxd7tBw1rgUJSVsTDi51f9WKnUwbXQGUPlaeTZfaWqZ6RFQXcHZor2JVe8-A9a2WPY9YI82FLqyzPRcqR0xactpHsYAfiZp-7WMXC5xodQbhu0K9mHqdh_1zrwfk4FNf7Z6Ae_LXbZTIWOi5KGoKUVNmVtXla5Z9jxFrDcfNtHh5ks%3D&request_ab2=0&zoneid=5548992&js_build=iclick-v1.805.2-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=1&pl=https%3A%2F%2Fwww.tv1337.buzz%2Fgo%2F3%2F37&drf=https%3A%2F%2Ftv1337.buzz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.805.2-auto&navlng=en-US&pnt=0&pnrc=0&bs=b76e6308-81f0-4a2e-8457-49047696eb6d&wasm=1&userId=008069ccc5f644c9e66699ee50c6ba01&m=link HTTP/1.1
Host: nossairt.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.tv1337.buzz/
Origin: https://www.tv1337.buzz
DNT: 1
Connection: keep-alive
Cookie: OAID=008069ccc5f644c9e66699ee50c6ba01; oaidts=1716841346
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 May 2024 20:22:26 GMT
content-type: application/json
x-trace-id: 9cf3cbd8f3f48ad4b6c4b5d0b318cea5
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.tv1337.buzz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008069ccc5f644c9e66699ee50c6ba01; expires=Tue, 27 May 2025 20:22:26 GMT; path=/; secure; SameSite=None
oaidts=1716841346; expires=Tue, 27 May 2025 20:22:26 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Mon, 03 Jun 2024 20:22:26 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET zxrfzxb.com/script/ut.js?cb=1716841346981

104.21.21.109

200 OK

63 kB

URL GET HTTP/2
zxrfzxb.com/script/ut.js?cb=1716841346981
IP
104.21.21.109:443
ASN
#13335 CLOUDFLARENET

Requested by
https://closedjelly.net/embed/a0wgmo3uvlcu3y
Certificate
IssuerLet's Encrypt
Subjectzxrfzxb.com
Fingerprint9D:9D:51:EB:77:43:C1:98:B9:1E:42:55:99:7D:0F:01:27:BD:08:05
ValidityThu, 23 May 2024 16:51:10 GMT - Wed, 21 Aug 2024 16:51:09 GMT

File type

Size
63 kB (62975 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/ut.js?cb=1716841346981 HTTP/1.1
Host: zxrfzxb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://closedjelly.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 May 2024 20:22:27 GMT
content-type: text/javascript
x-goog-generation: 1714053300452258
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 62975
x-goog-hash: crc32c=f8d0YQ==, md5=vEgeNFwEtFNOCk5UoPLBxg==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
x-guploader-uploadid: ABPtcPolHAQnMqGdNaZVZaRJWoAtBjeMxOfGxNDwq-_w6DPt2gU7oDMS8aActEJnPwS9sxVGPw
expires: Mon, 27 May 2024 20:22:44 GMT
cache-control: public, max-age=14400
age: 3063
last-modified: Thu, 25 Apr 2024 13:55:00 GMT
etag: W/"bc481e345c04b4534e0a4e54a0f2c1c6"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pBFc3%2Fa1xsgvHv3xoab%2F9gVh2LgPoe2Ui2U0QqBsZyNtoRSpJ4z0EUDbyoximjmd7q8RcT58sQN%2FbMDj02URP6LeTcWqG0h19itlp2Eo4yPiqi3McJJ65CmnWA5gGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88a8b792fcbd5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET youradexchange.com/script/suurl5.php?r=7108866&cbur=0.6893936829715902&cbiframe=1&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Fwww.tv1337.buzz%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=zxrfzxb.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1716841346989&srs=8f4352d49d8f0a48d388f2fa0b18e335&atv=50.0&abtg=1&adbv=3-swat3-swf2

172.67.177.214

200 OK

917 B

URL GET HTTP/2
youradexchange.com/script/suurl5.php?r=7108866&cbur=0.6893936829715902&cbiframe=1&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Fwww.tv1337.buzz%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=zxrfzxb.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1716841346989&srs=8f4352d49d8f0a48d388f2fa0b18e335&atv=50.0&abtg=1&adbv=3-swat3-swf2
IP
172.67.177.214:443
ASN
#13335 CLOUDFLARENET

Requested by
https://closedjelly.net/embed/a0wgmo3uvlcu3y
Certificate
IssuerGoogle Trust Services LLC
Subjectyouradexchange.com
FingerprintD5:0B:42:43:E8:69:FA:76:AA:C8:B3:28:9A:EB:33:C4:6F:62:7A:2B
ValiditySun, 14 Apr 2024 01:48:20 GMT - Sat, 13 Jul 2024 01:48:19 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (943), with no line terminators
Size
917 B (917 bytes)
Hash
f233a2ce64851e4e578baa9911e4fe00
8f44d2ce978928587d9b3946610d2f0019c99636
6c16c54345e562cd183b4c3bb5e2fbb3f42276389fed63c94b79e72edd7234aa

HTTP Headers

GET /script/suurl5.php?r=7108866&cbur=0.6893936829715902&cbiframe=1&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Fwww.tv1337.buzz%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=zxrfzxb.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1716841346989&srs=8f4352d49d8f0a48d388f2fa0b18e335&atv=50.0&abtg=1&adbv=3-swat3-swf2 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://closedjelly.net/
Origin: https://closedjelly.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 May 2024 20:22:27 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BlLOvxX8p3TkQ%2FO45Wu59n6iZVPSrdWPgxHCWghYWSwBdrPzDralQEyPqrujPnwI4j%2BnGH6n5AELWt1mzIWroPvmme8iv10MMj4%2BfDQpM%2FokHrheoiz7AVCZKM0S98DHDUt8fc8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88a8b792dfd6569d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by