Report - bembed.net/v/4bQVOj7oAe45wKm/HA.mp4

Report Overview

Submitted URL
bembed.net/v/4bQVOj7oAe45wKm/HA.mp4
IP
104.21.84.193
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-24 17:47:06
Access
public
Website Title
HA.mp4
Final URL
listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-04-23	408 B	33 kB	104.21.35.227
hw8qpzyv9p.guardstorage.net	unknown	unknown	No data	No data	2.9 kB	640 kB	37.59.29.140
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-04-22	414 B	329 B	192.243.59.13
i.guardstorage.net	unknown	2022-12-22	2023-02-27	2024-02-06	1.8 kB	498 kB	172.67.211.88
offerimage.com	304078	2019-06-10	2019-06-10	2024-04-03	436 B	11 kB	104.22.33.172
bembed.net	unknown	2024-03-16	2024-03-16	2024-04-18	491 B	7.2 kB	104.21.84.193
okaydisciplemeek.com	unknown	unknown	No data	No data	437 B	32 kB	192.243.59.13
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-04-23	733 B	423 B	192.243.59.13
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-24	953 B	55 kB	142.250.74.106
oaphoace.net	unknown	2022-05-04	2022-05-04	2024-02-27	4.4 kB	50 kB	139.45.197.239
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-04-23	419 B	742 B	139.45.195.8
honeyreadinesscentral.com	unknown	unknown	No data	No data	489 B	467 B	192.243.59.12
fleraprt.com	unknown	2022-01-14	2022-01-14	2024-04-20	565 B	481 B	139.45.195.254
tzegilo.com	unknown	2022-01-14	2022-01-14	2024-04-20	396 B	20 kB	172.67.193.52
listeamed.net	unknown	unknown	No data	No data	6.8 kB	1.9 MB	172.67.208.196
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-23	2.1 kB	90 kB	216.58.207.227
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-04-23	926 B	716 B	35.158.46.84

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-24	medium	okaydisciplemeek.com	Sinkholed
2024-04-24	medium	oaphoace.net	Sinkholed
2024-04-24	medium	oaphoace.net	Sinkholed
2024-04-24	medium	fleraprt.com	Sinkholed
2024-04-24	medium	unseenreport.com	Sinkholed
2024-04-24	medium	oaphoace.net	Sinkholed
2024-04-24	medium	oaphoace.net	Sinkholed
2024-04-24	medium	oaphoace.net	Sinkholed
2024-04-24	medium	tzegilo.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (19)

	URL	Size	First Seen	Last Seen
	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-06
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 104.21.35.227 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-06 07:46:11 Times Seen2314 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4	0 B	2023-03-07	2024-05-06
Pretty URL listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4 IP 172.67.208.196 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 11:44:55 Times Seen37376865 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	listeamed.net/e/306655524b6e336b45613031734f69	0 B	2023-03-07	2024-05-06
Pretty URL listeamed.net/e/306655524b6e336b45613031734f69 IP 172.67.208.196 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 11:44:55 Times Seen37376865 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	listeamed.net/assets/jwplayer/8.28.1/provider.hlsjs.js	423 kB	2023-09-06	2024-05-05
Pretty URL listeamed.net/assets/jwplayer/8.28.1/provider.hlsjs.js IP 172.67.208.196 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-06 18:59:05 Last Seen2024-05-05 15:24:05 Times Seen63 Hash 750b19146211c426d9bdd9dcf4d93787 9b7639977960dc609de99863a12b1866b0ffd5a0 fac5e74d89a9f7ebaada1c783e47de50657803bf20ced45bea0336b9a0dda254 Loading...

	tzegilo.com/stattag.js	19 kB	2024-02-10	2024-05-06
Pretty URL tzegilo.com/stattag.js IP 172.67.193.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-10 03:00:18 Last Seen2024-05-06 04:46:01 Times Seen1578 Hash 70ebd404c2e1e7bad13998538b56887c 86e57af8ba3cfc2c004da3311835f6b54ba6d848 d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f Loading...

	listeamed.net/assets/jwplayer/8.28.1/jwplayer.js?id=2ec1cfc87408aded985a8ebcbcd646d6	109 kB	2023-12-30	2024-05-05
Pretty URL listeamed.net/assets/jwplayer/8.28.1/jwplayer.js?id=2ec1cfc87408aded985a8ebcbcd646d6 IP 172.67.208.196 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-30 23:53:23 Last Seen2024-05-05 15:24:05 Times Seen13 Hash 80a18bc4937ae794bf8b80cc2b15c821 7c2e3f66f9b3d983db4188baadc8fe1fa44b6073 4400d6dbc620c2f7aecdba4ca1a6f715866367e5e74f2a6190a52c214266d5ae Loading...

	listeamed.net/assets/jwplayer/8.28.1/jwplayer.core.controls.js	325 kB	2023-09-06	2024-05-05
Pretty URL listeamed.net/assets/jwplayer/8.28.1/jwplayer.core.controls.js IP 172.67.208.196 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-06 18:59:05 Last Seen2024-05-05 15:24:05 Times Seen77 Hash a69921d2a260f2b763c6f4866ab08ff5 2d1430cd5d243ad05ca0e7cfbac1c4398f31995e 45bba1c625ca7128376311c5490b2d4a283dd787eec1c011be838141bfbb42ea Loading...

	unknown	630 B	2024-04-24	2024-04-24
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-04-24 19:47:12 Last Seen2024-04-24 19:47:12 Times Seen1 Hash 77fece6e2c403ace68d90aaa7879bf99 7bbd0f900a054ca5e017e2d7f1ea9ce9887908ed f4212a8719b0369f75606ea257ca770cfc6f23379e8b94f1e20be17d43b36649 Loading...

	okaydisciplemeek.com/51/1a/5b/511a5b14f9f9525cf33f9e93d660853b.js	84 kB	2024-04-24	2024-04-24
Pretty URL okaydisciplemeek.com/51/1a/5b/511a5b14f9f9525cf33f9e93d660853b.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 19:47:13 Last Seen2024-04-24 19:47:13 Times Seen2 Hash 4f359df43f6b87ccb4769412a8ad1290 6cd72239d4f5dc69f9a222d23e8edc9f3fbf1f2e 24f653ed13b8231e6e396edb26542ed74c0ce8f58f9aef7f2693caf3c0d6c199 Loading...

	capaciousdrewreligion.com/advertisers.js	0 B	2023-03-07	2024-05-06
Pretty URL capaciousdrewreligion.com/advertisers.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 11:44:55 Times Seen37376865 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	listeamed.net/assets/js/load.js	3.7 kB	2024-04-24	2024-05-05
Pretty URL listeamed.net/assets/js/load.js IP 172.67.208.196 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 19:47:13 Last Seen2024-05-05 15:24:05 Times Seen4 Hash d9c20c3e3512735c34d570b27902ce21 2e759ef4e518009e4414a5ef65d96f1489fd0df3 88777310a5c3f5382fcd464fbbf4d6dd119089bf94be45aa7789ce43c0184481 Loading...

	listeamed.net/assets/js/player.js?id=a9b24acc6c8d37de23098caa2f7907da	14 kB	2023-03-07	2024-05-05
Pretty URL listeamed.net/assets/js/player.js?id=a9b24acc6c8d37de23098caa2f7907da IP 172.67.208.196 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:43 Last Seen2024-05-05 15:24:06 Times Seen149 Hash 19b624e7fe7a86b4c7851ed61e250626 760a6c0399930b96c61b6e18a6cbb0dbf0125f97 eaf266c920ef8297bf135324d4c6232d117d1eb849a082850b8d0520c1966c2e Loading...

	unknown	2.3 kB	2024-04-24	2024-04-24
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-04-24 19:47:13 Last Seen2024-04-24 19:47:13 Times Seen1 Hash dc772e32b4b70d029ee647d74afc369e 33077f5c6ad8b692d0b66ccd340afe2804cf6804 ca1382520c50b524d3a3668d319b93216ac0b419edfbbb85972caa6cb7817946 Loading...

	listeamed.net/assets/jwplayer/8.28.1/jwpsrv.js	65 kB	2023-12-30	2024-05-05
Pretty URL listeamed.net/assets/jwplayer/8.28.1/jwpsrv.js IP 172.67.208.196 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-30 23:53:23 Last Seen2024-05-05 15:24:05 Times Seen19 Hash 8035032c7bcdff774adfcf60e84b450d 1eb7f0268ef459954dea51343ef96720ed370566 b676f19bfd6bc7f2d07cdf0d00beb0c75ad04d1a8e4268df0f10ddbffb7313bf Loading...

	oaphoace.net/401/6424058	88 kB	2024-04-24	2024-04-24
Pretty URL oaphoace.net/401/6424058 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 19:47:13 Last Seen2024-04-24 19:47:13 Times Seen1 Hash 837ad65876e9942a4ec039fef70e3207 8c105757052117d4ed8604e6a134cc79b8a85a86 fb07d193bac003524b5f1e98320333887731333e374192d08417d103ab82db78 Loading...

	listeamed.net/assets/js/bootstrap.bundle.min.js?id=780372263c4e1fecbb636a38f53d3a2f	80 kB	2023-03-08	2024-05-06
Pretty URL listeamed.net/assets/js/bootstrap.bundle.min.js?id=780372263c4e1fecbb636a38f53d3a2f IP 172.67.208.196 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:58:09 Last Seen2024-05-06 10:30:25 Times Seen1456 Hash d2b0d31f74e62440ea1a557f126d0c64 5c8f6cb983397deb65673b961a8657cfd6113ad9 c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00 Loading...

	data:text/javascript;base64,dmFyIHA9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoInNjcmlwdCIpWzBdLGU9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0IiksZD1kb2N1bWVudC5xdWVyeVNlbGVjdG9yKCJkaXZbZG9tYWluXSIpLmdldEF0dHJpYnV0ZSgiZG9tYWluIik7ZS5zcmM9Ii8vIitkKyIvYXNzZXRzL2pzL2xvYWQuanMiLHAuYWZ0ZXIoZSk7	192 B	2023-10-15	2024-05-05
Pretty URL data:text/javascript;base64,dmFyIHA9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoInNjcmlwdCIpWzBdLGU9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0IiksZD1kb2N1bWVudC5xdWVyeVNlbGVjdG9yKCJkaXZbZG9tYWluXSIpLmdldEF0dHJpYnV0ZSgiZG9tYWluIik7ZS5zcmM9Ii8vIitkKyIvYXNzZXRzL2pzL2xvYWQuanMiLHAuYWZ0ZXIoZSk7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-15 21:02:05 Last Seen2024-05-05 15:24:05 Times Seen8 Hash 721c2c4cf8c4351e65dae7637ae3c9c8 7a03f1eeb68bf9e279110b84e6f88b3dea90e66c 7ef7acf33713063709afcbd55e29fe14556cfff565d3437eece71e34fe9553d7 Loading...

	listeamed.net/assets/js/main.js?id=eddfd74f6de7386e3162347efd9a6be3	105 kB	2024-04-10	2024-05-05
Pretty URL listeamed.net/assets/js/main.js?id=eddfd74f6de7386e3162347efd9a6be3 IP 172.67.208.196 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-10 21:08:26 Last Seen2024-05-05 15:24:05 Times Seen9 Hash 49b39d637f801152c5a7fcd78b03ae32 ee64fdbb655fc81e5d2771b6680fa96dbf8d8a9a 1beeb5ad0ede6c67083aacdf3593950d4190148f1b00a4df85cbb733c37a4336 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 0f332855819a8444b45492dacc8c2465	41 kB	2024-04-24	2024-04-24
Pretty Observations First Seen2024-04-24 19:47:13 Last Seen2024-04-24 19:47:13 Times Seen1 Hash 0f332855819a8444b45492dacc8c2465 84d2aef0c59b172163033ffdaff1edec627f7c9b ac3ea78881497a19d88f93c50c76e4661f6dd26957362633f92e74c6af6fe586 Loading...

HTTP Transactions (45)

URL IP Response Size

listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4

172.67.208.196

200 OK

39 kB

URL User Request GET HTTP/2
listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
IP
172.67.208.196:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectlisteamed.net
FingerprintD5:AE:F2:D1:CC:8E:63:47:EC:73:FF:C6:6B:32:FA:C9:0F:27:8E:C1
ValidityMon, 22 Apr 2024 08:48:48 GMT - Sun, 21 Jul 2024 08:48:47 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (463)
Size
39 kB (39117 bytes)
Hash
894053dd204bace92b9b5ebe8d9216a9
1178be6d5561046ebf23c64ced6153f2412808aa
96c64c0f63d37644769efaf9452a8afc32ef55d5505b4db547121a7c3722bcbf

HTTP Headers

GET /v/4bQVOj7oAe45wKm/HA.mp4 HTTP/1.1
Host: listeamed.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 17:46:38 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Wed, 24 Apr 2024 17:46:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RQkRp4cK1AVQWmj5nNC4dBPSPPLTB8bMCgkAnweJfYn8mKeouBzZVK2PbIES4nvfxJaHeiLBysRAJde62N0TKpjHIaecb%2FjxofZcSH6vqslS9oogilceKCmGGKzYPVPP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8797e9f7d8a5569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/heebo/v26/NGS6v5_NC0k9P9H2TbE.woff2

216.58.207.227

200 OK

30 kB

URL GET HTTP/2
fonts.gstatic.com/s/heebo/v26/NGS6v5_NC0k9P9H2TbE.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 30240, version 1.0
Size
30 kB (30240 bytes)
Hash
2a51724cb1aefe32e3183a8e138189cc
c8f36c7eee7c868b5cba392e353d47180643f5f1
964dfe7c512a6166c71c6c9791d84a9ce38c192f66e596dbc507114024a5c431

HTTP Headers

GET /s/heebo/v26/NGS6v5_NC0k9P9H2TbE.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://listeamed.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30240
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:31:58 GMT
expires: Fri, 18 Apr 2025 17:31:58 GMT
cache-control: public, max-age=31536000
age: 519281
last-modified: Wed, 31 Jan 2024 23:13:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

listeamed.net/e/306655524b6e336b45613031734f69

172.67.208.196

200 OK

53 kB

URL GET HTTP/3
listeamed.net/e/306655524b6e336b45613031734f69
IP
172.67.208.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Certificate
IssuerGoogle Trust Services LLC
Subjectlisteamed.net
FingerprintD5:AE:F2:D1:CC:8E:63:47:EC:73:FF:C6:6B:32:FA:C9:0F:27:8E:C1
ValidityMon, 22 Apr 2024 08:48:48 GMT - Sun, 21 Jul 2024 08:48:47 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (48581)
Size
53 kB (52728 bytes)
Hash
31d03aced66707057019937162067b84
e2a93a5129b35cbfda44496ff04cf56979fb2b94
630633d1e33a549b6b6853b75d1b020117e1b184d64152dad3bd80c770a816a1

HTTP Headers

GET /e/306655524b6e336b45613031734f69 HTTP/1.1
Host: listeamed.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:46:39 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8JkvnEYBxuKqnx3aeUGRGrdTPdOXVn1udyEs3BjDeS4xgKxKvN7joz8qb%2BB90jbkJGssnCyQ2hAGmIJpgDpBKlwEnuRxoLnfxLt5VRUYmsQ6xE5ocXB2n9xUEi8wzXVg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8797e9fd7d421c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

listeamed.net/assets/css/bootstrap.min.css?id=cb4551534d3284d048285a8c45fa269a

172.67.208.196

200 OK

46 kB

URL GET HTTP/3
listeamed.net/assets/css/bootstrap.min.css?id=cb4551534d3284d048285a8c45fa269a
IP
172.67.208.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Certificate
IssuerGoogle Trust Services LLC
Subjectlisteamed.net
FingerprintD5:AE:F2:D1:CC:8E:63:47:EC:73:FF:C6:6B:32:FA:C9:0F:27:8E:C1
ValidityMon, 22 Apr 2024 08:48:48 GMT - Sun, 21 Jul 2024 08:48:47 GMT

File type
Unicode text, UTF-8 text, with very long lines (65305)
Size
46 kB (46311 bytes)
Hash
025df1ec88740cad5ff14bb3380da6dd
7abed070e37ce060c0a561575f1d41a7f248fc74
2143941c03dacda8b4f1016ced6e0c6f34e5c04585a3bcffe33c3c626c448a4a

HTTP Headers

GET /assets/css/bootstrap.min.css?id=cb4551534d3284d048285a8c45fa269a HTTP/1.1
Host: listeamed.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:46:39 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 26 Jan 2024 07:31:58 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K1TlvMW98eP1tXNi85BJCGSfVZxx1bMohAtyCQD5WgB%2FMBH8PD6fAmwR5wwfAiDnZtAMREq0RCRkKvuButoadvzvhHI5ORpkvQ2gN7r%2F5KYI%2FjmemVK%2FrAUbXG4YuwzV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8797e9fa9a261c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

okaydisciplemeek.com/51/1a/5b/511a5b14f9f9525cf33f9e93d660853b.js

192.243.59.13

200 OK

31 kB

URL GET HTTP/1.1
okaydisciplemeek.com/51/1a/5b/511a5b14f9f9525cf33f9e93d660853b.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerLet's Encrypt
Subjectokaydisciplemeek.com
Fingerprint66:C7:C8:9B:E8:68:D4:DB:8D:92:05:DD:C9:8E:61:83:F9:73:04:5A
ValidityMon, 25 Mar 2024 09:21:59 GMT - Sun, 23 Jun 2024 09:21:58 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (31058 bytes)
Hash
4f359df43f6b87ccb4769412a8ad1290
6cd72239d4f5dc69f9a222d23e8edc9f3fbf1f2e
24f653ed13b8231e6e396edb26542ed74c0ce8f58f9aef7f2693caf3c0d6c199

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /51/1a/5b/511a5b14f9f9525cf33f9e93d660853b.js HTTP/1.1
Host: okaydisciplemeek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 Apr 2024 17:46:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-2931_layer=0; expires=Sat, 27 Apr 2024 17:46:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d488dc7220cb05a9c456ccb96ae5ddfd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

35.158.46.84

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
35.158.46.84:443
ASN
#16509 AMAZON-02

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
94e53994b1743c805b3867d17db9812c
9477b7dae49d7e05132d3490b79f84cc3189b3f8
d06b650d49b24fb078a13542c25b3682e42455688ce0e342b944f161f89329d1

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://listeamed.net
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 17:46:40 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://listeamed.net
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=f6803774-5188-4c74-8976-e693ae1d449b:3:1; expires=Sat, 22 Apr 2034 17:46:40 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

downstairsnegotiatebarren.com/sfp.js

104.21.35.227

200 OK

32 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
104.21.35.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44
ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
32 kB (31622 bytes)
Hash
f4a2f8f9f99541c6f105bbd0a025bd40
1f8e3eff12168fdd9e719adfc098d24a45b6916a
b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 17:46:40 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 13bc8aec1797fb02f6aa41b8a68a8573
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 24 Apr 2024 17:46:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1uH09dZRWZq5BWUUNcmG8maYo%2FXQy5kXzOrd7blOmSmeNJQA7lE31nyvCi7uPj55XJvZIQcqcaWL8zIQ%2B5KvBQBfLy1iqHtAA8yUxl%2FoD4HCoS95XUVkauMfkNrQ5c3YPaUQqpLEn0Yjo%2FVZ42luiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8797ea04b8ffb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.guardstorage.net/posters/kj4bQVOj7oAe45wKmZG2.poster.jpg

172.67.211.88

200 OK

37 kB

URL GET HTTP/2
i.guardstorage.net/posters/kj4bQVOj7oAe45wKmZG2.poster.jpg
IP
172.67.211.88:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerLet's Encrypt
Subjecti.guardstorage.net
Fingerprint04:03:23:15:78:06:68:60:E6:22:9F:F4:EF:79:DC:D8:DA:79:11:7B
ValidityTue, 16 Apr 2024 11:01:27 GMT - Mon, 15 Jul 2024 11:01:26 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 852x476, components 3
Size
37 kB (36973 bytes)
Hash
ed7c18fe8a07a4c964c54e347b46ec50
4c104207fa25e37feed9850748ef82c2ded95594
ea097a17545412993128b6295a0f1b3b19380786ea50764f897e5f17b2061574

HTTP Headers

GET /posters/kj4bQVOj7oAe45wKmZG2.poster.jpg HTTP/1.1
Host: i.guardstorage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 17:46:41 GMT
content-type: image/jpeg
content-length: 36973
last-modified: Wed, 27 Mar 2024 19:31:29 GMT
etag: "66047411-906d"
access-control-allow-origin: *
x-server: cdn2
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BzJ3D5yE39%2BwcuXg%2BRPZVCCoLklAY0uxgHwkBEXc5ue96vcDHmkD8jRquPiwC59wa72WpBD%2FwUSEdWsztmxatqEoCCwF%2Fyo7gSPYzNOZn8zSF4xPNV%2BPFC5EHVGr19O51KS79rE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8797ea066a84712a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

oaphoace.net/401/6424058

139.45.197.239

200 OK

43 kB

URL GET HTTP/2
oaphoace.net/401/6424058
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerLet's Encrypt
Subjectoaphoace.net
Fingerprint5A:77:51:1A:03:0F:F3:58:DD:3F:3C:DA:AA:4A:F9:55:B5:FD:E6:C4
ValidityTue, 09 Apr 2024 21:43:25 GMT - Mon, 08 Jul 2024 21:43:24 GMT

File type
gzip compressed data, max speed, from Unix
Size
43 kB (42741 bytes)
Hash
d9335b08d6785e94171fb2979b606c69
db76c9774ec6944f020015655cbd9443d55f5686
bb3f36fe4e8f897ea53ce87430c6c1432762b6dde04584734482dbe3b4248aa1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /401/6424058 HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 17:46:40 GMT
content-type: application/javascript
x-trace-id: 9fa274bb19eb616856377009217e55d1
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=0300487fda7d4f48e0e8efd76be02cb9; expires=Thu, 24 Apr 2025 17:46:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
b8dfda333436b644281877621fdabc1f
4e59c2a620a3151790417fe643e8a356e32ba281
1c99c16b700a6d91b07fa6f31dd4b4978e1517686b50f4d16e7b2e2659949e1b

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://listeamed.net
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 17:46:41 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://listeamed.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=080048b8f0934270fd22420449cf93ea; expires=Thu, 24 Apr 2025 17:46:41 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

honeyreadinesscentral.com/pixel/purst?dl=0&th=0&sc=0&rs=1108&rd=1108&fd=771&bv=24.4.4887&tmpl=70

192.243.59.12

200 OK

0 B

URL GET HTTP/1.1
honeyreadinesscentral.com/pixel/purst?dl=0&th=0&sc=0&rs=1108&rd=1108&fd=771&bv=24.4.4887&tmpl=70
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerLet's Encrypt
Subjecthoneyreadinesscentral.com
Fingerprint1A:99:28:0A:D4:17:17:83:DE:BC:79:4F:7A:13:0A:36:0F:71:64:CF
ValidityTue, 23 Apr 2024 10:47:10 GMT - Mon, 22 Jul 2024 10:47:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1108&rd=1108&fd=771&bv=24.4.4887&tmpl=70 HTTP/1.1
Host: honeyreadinesscentral.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 Apr 2024 17:46:41 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

hw8qpzyv9p.guardstorage.net/hls_3/_agR8spfR2FIiOJbdwxF8so8k3L10QlsyQyqZTH70Ozkg5kw74GUfnh5B3K0cJC0g4oRUVZo1bZ-KMa9oPtI6IZYtE1jRc2DwQS_dVLTIB1JwUwzY6H3Q6Hzw065-RpjVZ3YJrYnIFdY6tqevVXlD8GO99dyMTcWYrNks7fjFbkZB3mOS4TfoDQpKn80QbroVLMCj00QDzDzudm4Y-nCJA/seg-1-v1-a1.ts?sig=i8q-cEkiIMXz6rKZN-kxDA&expires=1713989799

37.59.29.140

200 OK

367 kB

URL GET HTTP/2
hw8qpzyv9p.guardstorage.net/hls_3/_agR8spfR2FIiOJbdwxF8so8k3L10QlsyQyqZTH70Ozkg5kw74GUfnh5B3K0cJC0g4oRUVZo1bZ-KMa9oPtI6IZYtE1jRc2DwQS_dVLTIB1JwUwzY6H3Q6Hzw065-RpjVZ3YJrYnIFdY6tqevVXlD8GO99dyMTcWYrNks7fjFbkZB3mOS4TfoDQpKn80QbroVLMCj00QDzDzudm4Y-nCJA/seg-1-v1-a1.ts?sig=i8q-cEkiIMXz6rKZN-kxDA&expires=1713989799
IP
37.59.29.140:443
ASN
#16276 OVH SAS

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerSectigo Limited
Subject*.guardstorage.net
FingerprintBB:17:7F:B4:1E:14:F6:23:29:98:AF:CB:F2:A0:43:5D:16:1E:D6:C1
ValiditySun, 10 Dec 2023 00:00:00 GMT - Thu, 09 Jan 2025 23:59:59 GMT

File type
MPEG transport stream data
Size
367 kB (367352 bytes)
Hash
712c8b4d68134443deec786932be10e8
051cf0828dbd143d6eb78d1ae387c0b821d09b34
b4ffb35a4656720f38085bc4c120829d9f4d3b9f79c1ecf5642cb9776722d7bf

HTTP Headers

GET /hls_3/_agR8spfR2FIiOJbdwxF8so8k3L10QlsyQyqZTH70Ozkg5kw74GUfnh5B3K0cJC0g4oRUVZo1bZ-KMa9oPtI6IZYtE1jRc2DwQS_dVLTIB1JwUwzY6H3Q6Hzw065-RpjVZ3YJrYnIFdY6tqevVXlD8GO99dyMTcWYrNks7fjFbkZB3mOS4TfoDQpKn80QbroVLMCj00QDzDzudm4Y-nCJA/seg-1-v1-a1.ts?sig=i8q-cEkiIMXz6rKZN-kxDA&expires=1713989799 HTTP/1.1
Host: hw8qpzyv9p.guardstorage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://listeamed.net
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty/1.21.4.3
date: Wed, 24 Apr 2024 17:46:41 GMT
content-type: video/MP2T
content-length: 367352
etag: "3a1794b0-59af8"
last-modified: Sun, 19 Nov 2000 08:52:00 GMT
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-origin: *
expires: Fri, 02 Aug 2024 17:46:41 GMT
cache-control: max-age=8640000
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

listeamed.net/assets/js/bootstrap.bundle.min.js?id=780372263c4e1fecbb636a38f53d3a2f

172.67.208.196

200 OK

470 kB

URL GET HTTP/3
listeamed.net/assets/js/bootstrap.bundle.min.js?id=780372263c4e1fecbb636a38f53d3a2f
IP
172.67.208.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Certificate
IssuerGoogle Trust Services LLC
Subjectlisteamed.net
FingerprintD5:AE:F2:D1:CC:8E:63:47:EC:73:FF:C6:6B:32:FA:C9:0F:27:8E:C1
ValidityMon, 22 Apr 2024 08:48:48 GMT - Sun, 21 Jul 2024 08:48:47 GMT

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
470 kB (470279 bytes)
Hash
d2b0d31f74e62440ea1a557f126d0c64
5c8f6cb983397deb65673b961a8657cfd6113ad9
c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00

HTTP Headers

GET /assets/js/bootstrap.bundle.min.js?id=780372263c4e1fecbb636a38f53d3a2f HTTP/1.1
Host: listeamed.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:46:39 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 26 Jan 2024 07:29:36 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vEaFi0NLdG0EnJ1ORiqKeP%2BSVw9zuoSjrXw4vnW7j%2F%2F5hm2Jc6zelUsj6o%2FVDTe4OXgHMvY%2BpyvffPaVAIGSUl23iy%2FsMv6D7PWmLtisUAdLdy2UoEhO7l6sWLGAMilX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8797e9faaa451c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

hw8qpzyv9p.guardstorage.net/hls_3/_agR8spfR2FIiOJbdwxF8so8k3L10QlsyQyqZTH70Ozkg5kw74GUfnh5B3K0cJC0g4oRUVZo1bZ-KMa9oPtI6IZYtE1jRc2DwQS_dVLTIB1JwUwzY6H3Q6Hzw065-RpjVZ3YJrYnIFdY6tqevVXlD8GO99dyMTcWYrNks7fjFbkZB3mOS4TfoDQpKn80QbroVLMCj00QDzDzudm4Y-nCJA/seg-2-v1-a1.ts?sig=i8q-cEkiIMXz6rKZN-kxDA&expires=1713989799

37.59.29.140

200 OK

247 kB

URL GET HTTP/2
hw8qpzyv9p.guardstorage.net/hls_3/_agR8spfR2FIiOJbdwxF8so8k3L10QlsyQyqZTH70Ozkg5kw74GUfnh5B3K0cJC0g4oRUVZo1bZ-KMa9oPtI6IZYtE1jRc2DwQS_dVLTIB1JwUwzY6H3Q6Hzw065-RpjVZ3YJrYnIFdY6tqevVXlD8GO99dyMTcWYrNks7fjFbkZB3mOS4TfoDQpKn80QbroVLMCj00QDzDzudm4Y-nCJA/seg-2-v1-a1.ts?sig=i8q-cEkiIMXz6rKZN-kxDA&expires=1713989799
IP
37.59.29.140:443
ASN
#16276 OVH SAS

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerSectigo Limited
Subject*.guardstorage.net
FingerprintBB:17:7F:B4:1E:14:F6:23:29:98:AF:CB:F2:A0:43:5D:16:1E:D6:C1
ValiditySun, 10 Dec 2023 00:00:00 GMT - Thu, 09 Jan 2025 23:59:59 GMT

File type
MPEG transport stream data
Size
247 kB (247032 bytes)
Hash
03d8553df91da85abd516b3a1a3bbbd1
3e55715590b3d255626a56c4a743fd7aaff3beb3
17d997cc6a6c86c1c834e80a980f1a3469bbb8363314747504e4b153471425c6

HTTP Headers

GET /hls_3/_agR8spfR2FIiOJbdwxF8so8k3L10QlsyQyqZTH70Ozkg5kw74GUfnh5B3K0cJC0g4oRUVZo1bZ-KMa9oPtI6IZYtE1jRc2DwQS_dVLTIB1JwUwzY6H3Q6Hzw065-RpjVZ3YJrYnIFdY6tqevVXlD8GO99dyMTcWYrNks7fjFbkZB3mOS4TfoDQpKn80QbroVLMCj00QDzDzudm4Y-nCJA/seg-2-v1-a1.ts?sig=i8q-cEkiIMXz6rKZN-kxDA&expires=1713989799 HTTP/1.1
Host: hw8qpzyv9p.guardstorage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://listeamed.net
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty/1.21.4.3
date: Wed, 24 Apr 2024 17:46:41 GMT
content-type: video/MP2T
content-length: 247032
etag: "3a1794b0-3c4f8"
last-modified: Sun, 19 Nov 2000 08:52:00 GMT
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-origin: *
expires: Fri, 02 Aug 2024 17:46:41 GMT
cache-control: max-age=8640000
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

oaphoace.net/500/6424058?excludes=&oaid=080048b8f0934270fd22420449cf93ea&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1116&wiw=1116&wih=628&wfc=1&pl=https%3A%2F%2Flisteamed.net%2Fe%2F306655524b6e336b45613031734f69&drf=https%3A%2F%2Flisteamed.net%2Fv%2F4bQVOj7oAe45wKm%2FHA.mp4&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.239

200 OK

0 B

URL OPTIONS HTTP/2
oaphoace.net/500/6424058?excludes=&oaid=080048b8f0934270fd22420449cf93ea&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1116&wiw=1116&wih=628&wfc=1&pl=https%3A%2F%2Flisteamed.net%2Fe%2F306655524b6e336b45613031734f69&drf=https%3A%2F%2Flisteamed.net%2Fv%2F4bQVOj7oAe45wKm%2FHA.mp4&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerLet's Encrypt
Subjectoaphoace.net
Fingerprint5A:77:51:1A:03:0F:F3:58:DD:3F:3C:DA:AA:4A:F9:55:B5:FD:E6:C4
ValidityTue, 09 Apr 2024 21:43:25 GMT - Mon, 08 Jul 2024 21:43:24 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/6424058?excludes=&oaid=080048b8f0934270fd22420449cf93ea&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1116&wiw=1116&wih=628&wfc=1&pl=https%3A%2F%2Flisteamed.net%2Fe%2F306655524b6e336b45613031734f69&drf=https%3A%2F%2Flisteamed.net%2Fv%2F4bQVOj7oAe45wKm%2FHA.mp4&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://listeamed.net/
Origin: https://listeamed.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 17:46:41 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://listeamed.net
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=aeb8dbea-bf94-40a7-8151-e04250d40958

139.45.195.254

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=aeb8dbea-bf94-40a7-8151-e04250d40958
IP
139.45.195.254:443
ASN
#9002 RETN Limited

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
Fingerprint32:DB:C5:24:21:ED:1D:C3:40:C3:46:9F:CF:EE:98:4D:72:29:4C:3C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Mon, 13 Jan 2025 23:59:59 GMT

File type
JSON text data
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=aeb8dbea-bf94-40a7-8151-e04250d40958 HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1460
Origin: https://listeamed.net
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 24 Apr 2024 17:46:41 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://listeamed.net
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

listeamed.net/assets/jwplayer/8.28.1/jwpsrv.js

172.67.208.196

200 OK

148 kB

URL GET HTTP/3
listeamed.net/assets/jwplayer/8.28.1/jwpsrv.js
IP
172.67.208.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerGoogle Trust Services LLC
Subjectlisteamed.net
FingerprintD5:AE:F2:D1:CC:8E:63:47:EC:73:FF:C6:6B:32:FA:C9:0F:27:8E:C1
ValidityMon, 22 Apr 2024 08:48:48 GMT - Sun, 21 Jul 2024 08:48:47 GMT

File type
JavaScript source, ASCII text, with very long lines (65100), with no line terminators
Size
148 kB (147618 bytes)
Hash
8035032c7bcdff774adfcf60e84b450d
1eb7f0268ef459954dea51343ef96720ed370566
b676f19bfd6bc7f2d07cdf0d00beb0c75ad04d1a8e4268df0f10ddbffb7313bf

HTTP Headers

GET /assets/jwplayer/8.28.1/jwpsrv.js HTTP/1.1
Host: listeamed.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/e/306655524b6e336b45613031734f69
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:46:40 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 26 Jan 2024 07:33:12 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3628
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YB74U4eB4zD8biAp3TjPcqMYVbTjGB1XfbK357ShwR0Nw3ygxMLgvTnzwi1fw03cIhzb2c9kSLRzcmNQGZNiSu4C9FwUE9KlHN282Jq7e5dCDrY9xIrgiLhI6P3sDAO%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8797ea046dbc1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

proftrafficcounter.com/stats

35.158.46.84

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
35.158.46.84:443
ASN
#16509 AMAZON-02

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
94e53994b1743c805b3867d17db9812c
9477b7dae49d7e05132d3490b79f84cc3189b3f8
d06b650d49b24fb078a13542c25b3682e42455688ce0e342b944f161f89329d1

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://listeamed.net
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Cookie: uid_id2=f6803774-5188-4c74-8976-e693ae1d449b:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 17:46:41 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://listeamed.net
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

hw8qpzyv9p.guardstorage.net/hls_3/_agR8spfR2FIiOJbdwxF8so8k3L10QlsyQyqZTH70Ozkg5kw74GUfnh5B3K0cJC0g4oRUVZo1bZ-KMa9oPtI6IZYtE1jRc2DwQS_dVLTIB1JwUwzY6H3Q6Hzw065-RpjVZ3YJrYnIFdY6tqevVXlD8GO99dyMTcWYrNks7fjFbkZB3mOS4TfoDQpKn80QbroVLMCj00QDzDzudm4Y-nCJA/master.m3u8?sig=i8q-cEkiIMXz6rKZN-kxDA&expires=1713989799

37.59.29.140

200 OK

12 kB

URL GET HTTP/2
hw8qpzyv9p.guardstorage.net/hls_3/_agR8spfR2FIiOJbdwxF8so8k3L10QlsyQyqZTH70Ozkg5kw74GUfnh5B3K0cJC0g4oRUVZo1bZ-KMa9oPtI6IZYtE1jRc2DwQS_dVLTIB1JwUwzY6H3Q6Hzw065-RpjVZ3YJrYnIFdY6tqevVXlD8GO99dyMTcWYrNks7fjFbkZB3mOS4TfoDQpKn80QbroVLMCj00QDzDzudm4Y-nCJA/master.m3u8?sig=i8q-cEkiIMXz6rKZN-kxDA&expires=1713989799
IP
37.59.29.140:443
ASN
#16276 OVH SAS

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerSectigo Limited
Subject*.guardstorage.net
FingerprintBB:17:7F:B4:1E:14:F6:23:29:98:AF:CB:F2:A0:43:5D:16:1E:D6:C1
ValiditySun, 10 Dec 2023 00:00:00 GMT - Thu, 09 Jan 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
12 kB (11670 bytes)
Hash
d37d5f981666878f772859235d9cfdc0
7764c29901e9d1af1283e1fefeeeda6b592b85c0
a764af614f06a007877f53084f64934e0b3ee6b9a91c0ece2030ac4443749952

HTTP Headers

GET /hls_3/_agR8spfR2FIiOJbdwxF8so8k3L10QlsyQyqZTH70Ozkg5kw74GUfnh5B3K0cJC0g4oRUVZo1bZ-KMa9oPtI6IZYtE1jRc2DwQS_dVLTIB1JwUwzY6H3Q6Hzw065-RpjVZ3YJrYnIFdY6tqevVXlD8GO99dyMTcWYrNks7fjFbkZB3mOS4TfoDQpKn80QbroVLMCj00QDzDzudm4Y-nCJA/master.m3u8?sig=i8q-cEkiIMXz6rKZN-kxDA&expires=1713989799 HTTP/1.1
Host: hw8qpzyv9p.guardstorage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://listeamed.net
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.21.4.3
date: Wed, 24 Apr 2024 17:46:41 GMT
content-type: application/vnd.apple.mpegurl
last-modified: Wed, 24 Apr 2024 17:46:41 GMT
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=f6803774-5188-4c74-8976-e693ae1d449b&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=1&pk=511a5b14f9f9525cf33f9e93d660853b&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17

192.243.59.13

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=f6803774-5188-4c74-8976-e693ae1d449b&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=1&pk=511a5b14f9f9525cf33f9e93d660853b&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=f6803774-5188-4c74-8976-e693ae1d449b&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=1&pk=511a5b14f9f9525cf33f9e93d660853b&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 Apr 2024 17:46:42 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0f42760711b1a0c052884c7bb2c05140
Strict-Transport-Security: max-age=0; includeSubdomains

139.45.197.239

200 OK

1.4 kB

URL OPTIONS HTTP/2
oaphoace.net/500/6424058?excludes=&oaid=080048b8f0934270fd22420449cf93ea&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1116&wiw=1116&wih=628&wfc=1&pl=https%3A%2F%2Flisteamed.net%2Fe%2F306655524b6e336b45613031734f69&drf=https%3A%2F%2Flisteamed.net%2Fv%2F4bQVOj7oAe45wKm%2FHA.mp4&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerLet's Encrypt
Subjectoaphoace.net
Fingerprint5A:77:51:1A:03:0F:F3:58:DD:3F:3C:DA:AA:4A:F9:55:B5:FD:E6:C4
ValidityTue, 09 Apr 2024 21:43:25 GMT - Mon, 08 Jul 2024 21:43:24 GMT

File type
gzip compressed data, max speed, from Unix
Size
1.4 kB (1356 bytes)
Hash
8e9aca66bad2543523d199c2d5f576e3
8e2ff37084b9a13c61279a4f7a2b0e1f330cd5c1
91535a67f1df25e534ce743a21f6e403f0930f9da746456f781ddac525f0d41e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /500/6424058?excludes=&oaid=080048b8f0934270fd22420449cf93ea&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1116&wiw=1116&wih=628&wfc=1&pl=https%3A%2F%2Flisteamed.net%2Fe%2F306655524b6e336b45613031734f69&drf=https%3A%2F%2Flisteamed.net%2Fv%2F4bQVOj7oAe45wKm%2FHA.mp4&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://listeamed.net
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Cookie: OAID=080048b8f0934270fd22420449cf93ea
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 17:46:41 GMT
content-type: application/javascript
x-trace-id: d7558c29c27ad446dbc074aa38a512ca
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://listeamed.net
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=080048b8f0934270fd22420449cf93ea; expires=Thu, 24 Apr 2025 17:46:41 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

offerimage.com/www/images/cf947832fe6353d6f477fd764ce28f9a.jpg

104.22.33.172

200 OK

10 kB

URL GET HTTP/2
offerimage.com/www/images/cf947832fe6353d6f477fd764ce28f9a.jpg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
10 kB (10346 bytes)
Hash
cf947832fe6353d6f477fd764ce28f9a
88926fe6b1aebbcf54c6f4a73d6b1acdcc24e62c
7cdbbe00ac6c19037fb12d41947902ce403b0590128977dfc813d78b2e0e96fb

HTTP Headers

GET /www/images/cf947832fe6353d6f477fd764ce28f9a.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 17:46:46 GMT
content-type: image/jpeg
content-length: 10346
cache-control: max-age=86400
cf-bgj: h2pri
etag: "66074aa8-286a"
expires: Thu, 25 Apr 2024 15:41:05 GMT
last-modified: Fri, 29 Mar 2024 23:11:36 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 7541
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8797ea287d078f64-CPH
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://listeamed.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 01:54:31 GMT
expires: Wed, 23 Apr 2025 01:54:31 GMT
cache-control: public, max-age=31536000
age: 143535
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://listeamed.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 16:27:38 GMT
expires: Wed, 23 Apr 2025 16:27:38 GMT
cache-control: public, max-age=31536000
age: 91148
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700

142.250.74.106

200 OK

11 kB

URL GET HTTP/3
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
gzip compressed data, max compression
Size
11 kB (10693 bytes)
Hash
3d2ed381f3e3af599a03d146c593c2a0
d321d7e8feacf478276d225a0870017af7057a3e
7c7854b202c500e15d731e260dddc6b8e651e26272d61c6e9b1563656dbeaa56

HTTP Headers

GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 24 Apr 2024 17:46:46 GMT
date: Wed, 24 Apr 2024 17:46:46 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

i.guardstorage.net/previews/kj4bQVOj7oAe45wKmZG2.preview.jpg

172.67.211.88

200 OK

446 kB

URL GET HTTP/3
i.guardstorage.net/previews/kj4bQVOj7oAe45wKmZG2.preview.jpg
IP
172.67.211.88:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerLet's Encrypt
Subjecti.guardstorage.net
Fingerprint04:03:23:15:78:06:68:60:E6:22:9F:F4:EF:79:DC:D8:DA:79:11:7B
ValidityTue, 16 Apr 2024 11:01:27 GMT - Mon, 15 Jul 2024 11:01:26 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 765x4080, components 3
Size
446 kB (445540 bytes)
Hash
0884bad83ba48b3e05c825fc281491ec
b7ee4a9eb898d302f640e10dad6967ebc19510a8
7952379805df39f987f605a66befb9a6a4f0522b01a1304111f95f0d63051753

HTTP Headers

GET /previews/kj4bQVOj7oAe45wKmZG2.preview.jpg HTTP/1.1
Host: i.guardstorage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:46:41 GMT
content-type: image/jpeg
content-length: 445540
last-modified: Wed, 27 Mar 2024 19:31:35 GMT
etag: "66047417-6cc64"
access-control-allow-origin: *
x-server: cdn2
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rWwiISQ59g0hi4E7%2BCX1y%2BBSrtVgT72FdvyGEKXq1FazZdAZ9JRqGu7xlW48I5cjYDsW4Ue3M4wVZgefngbsf64dQPVD0ZXoFYB0d8F1vq2oN%2FYveO3A6QskF5qpn%2FScOsXuyig%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8797ea07ba6a5688-OSL
alt-svc: h3=":443"; ma=86400

oaphoace.net/impression/Uc0EZ_cQBzXC5hOyNMtpWPzBaghlt5LWuV21c4AdCaeFZw3auxtTzLGprH5PTHUJaV1L7gCNaiyMHg1ba8DhQlZeZO3I5FJS1fL-R36cjkkCRXIUxeQKOiqKKUacbwwIjISey2AMdJfRACXxlavHkS5aBewT2__0akMnaxAhc8yxP2sKgSPYvgcDltBnjgb5l1hiO1wG0gHVRvY2XrAnaNMS6PgIv7OKEd-XXphTgn59luFlMF8uofy-HYmOsl9art4Npi2djcNC1z5ZD-lRjJ6TucQVgOwIMY0AGcWd-EMCe8UDFW-rVrXhjrRCPWSxqED7sm1izXXyFJ16e7qdHBq9HQfvElysaWe9wHi45fVkL8c69ul_BlZrdKr7mPI4L7CdwwsTGiSyi8N8_UkVfYH6-SOdRLATGpeJzg90vdt4dsPm0BQVlHaEy7kvZyvJaTKgwVwKf3vpk5z2BTuyNsbXhEQpGqmVjlrsX0rHS6YrsWKIQUgoylvm8M4XqhyG2Z1HRMbHwbXdvDfNMUjZus5DWb751XLe6bVobykYPqda7J237EMj2WxzAiDVPAySDrEbgAB6inv1BJzBqWywoPFdsg2k0dwAIYWVhydUY7_OfDZAIXPpQecAE3e3Hhf5Vtux2YsApU86aEVq2htUA3Vzg_AlmENX-alpWENVAjwGrlyzFfrU766GO3l-xzsiOfZvJrS9BO7EDIKWcdZmPvrUXcXXYpx6EDUs3XvvYPJS281SIlmOb3LeNr1GpJ97MCk1YsQ0YuqYnj8tk3oawJuf9upbnn2rmEqspsw3aMQc3Yl95fM80BbFgftIndfRydqz0OwRheiG-k97x8EhSJXcQi6MJ07S1n7uEQ==?_z=6424058&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1116&wiw=1116&wih=628&wfc=1&pl=https%3A%2F%2Flisteamed.net%2Fe%2F306655524b6e336b45613031734f69&drf=https%3A%2F%2Flisteamed.net%2Fv%2F4bQVOj7oAe45wKm%2FHA.mp4&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.239

200 OK

43 B

URL GET HTTP/2
oaphoace.net/impression/Uc0EZ_cQBzXC5hOyNMtpWPzBaghlt5LWuV21c4AdCaeFZw3auxtTzLGprH5PTHUJaV1L7gCNaiyMHg1ba8DhQlZeZO3I5FJS1fL-R36cjkkCRXIUxeQKOiqKKUacbwwIjISey2AMdJfRACXxlavHkS5aBewT2__0akMnaxAhc8yxP2sKgSPYvgcDltBnjgb5l1hiO1wG0gHVRvY2XrAnaNMS6PgIv7OKEd-XXphTgn59luFlMF8uofy-HYmOsl9art4Npi2djcNC1z5ZD-lRjJ6TucQVgOwIMY0AGcWd-EMCe8UDFW-rVrXhjrRCPWSxqED7sm1izXXyFJ16e7qdHBq9HQfvElysaWe9wHi45fVkL8c69ul_BlZrdKr7mPI4L7CdwwsTGiSyi8N8_UkVfYH6-SOdRLATGpeJzg90vdt4dsPm0BQVlHaEy7kvZyvJaTKgwVwKf3vpk5z2BTuyNsbXhEQpGqmVjlrsX0rHS6YrsWKIQUgoylvm8M4XqhyG2Z1HRMbHwbXdvDfNMUjZus5DWb751XLe6bVobykYPqda7J237EMj2WxzAiDVPAySDrEbgAB6inv1BJzBqWywoPFdsg2k0dwAIYWVhydUY7_OfDZAIXPpQecAE3e3Hhf5Vtux2YsApU86aEVq2htUA3Vzg_AlmENX-alpWENVAjwGrlyzFfrU766GO3l-xzsiOfZvJrS9BO7EDIKWcdZmPvrUXcXXYpx6EDUs3XvvYPJS281SIlmOb3LeNr1GpJ97MCk1YsQ0YuqYnj8tk3oawJuf9upbnn2rmEqspsw3aMQc3Yl95fM80BbFgftIndfRydqz0OwRheiG-k97x8EhSJXcQi6MJ07S1n7uEQ==?_z=6424058&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1116&wiw=1116&wih=628&wfc=1&pl=https%3A%2F%2Flisteamed.net%2Fe%2F306655524b6e336b45613031734f69&drf=https%3A%2F%2Flisteamed.net%2Fv%2F4bQVOj7oAe45wKm%2FHA.mp4&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerLet's Encrypt
Subjectoaphoace.net
Fingerprint5A:77:51:1A:03:0F:F3:58:DD:3F:3C:DA:AA:4A:F9:55:B5:FD:E6:C4
ValidityTue, 09 Apr 2024 21:43:25 GMT - Mon, 08 Jul 2024 21:43:24 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/Uc0EZ_cQBzXC5hOyNMtpWPzBaghlt5LWuV21c4AdCaeFZw3auxtTzLGprH5PTHUJaV1L7gCNaiyMHg1ba8DhQlZeZO3I5FJS1fL-R36cjkkCRXIUxeQKOiqKKUacbwwIjISey2AMdJfRACXxlavHkS5aBewT2__0akMnaxAhc8yxP2sKgSPYvgcDltBnjgb5l1hiO1wG0gHVRvY2XrAnaNMS6PgIv7OKEd-XXphTgn59luFlMF8uofy-HYmOsl9art4Npi2djcNC1z5ZD-lRjJ6TucQVgOwIMY0AGcWd-EMCe8UDFW-rVrXhjrRCPWSxqED7sm1izXXyFJ16e7qdHBq9HQfvElysaWe9wHi45fVkL8c69ul_BlZrdKr7mPI4L7CdwwsTGiSyi8N8_UkVfYH6-SOdRLATGpeJzg90vdt4dsPm0BQVlHaEy7kvZyvJaTKgwVwKf3vpk5z2BTuyNsbXhEQpGqmVjlrsX0rHS6YrsWKIQUgoylvm8M4XqhyG2Z1HRMbHwbXdvDfNMUjZus5DWb751XLe6bVobykYPqda7J237EMj2WxzAiDVPAySDrEbgAB6inv1BJzBqWywoPFdsg2k0dwAIYWVhydUY7_OfDZAIXPpQecAE3e3Hhf5Vtux2YsApU86aEVq2htUA3Vzg_AlmENX-alpWENVAjwGrlyzFfrU766GO3l-xzsiOfZvJrS9BO7EDIKWcdZmPvrUXcXXYpx6EDUs3XvvYPJS281SIlmOb3LeNr1GpJ97MCk1YsQ0YuqYnj8tk3oawJuf9upbnn2rmEqspsw3aMQc3Yl95fM80BbFgftIndfRydqz0OwRheiG-k97x8EhSJXcQi6MJ07S1n7uEQ==?_z=6424058&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1116&wiw=1116&wih=628&wfc=1&pl=https%3A%2F%2Flisteamed.net%2Fe%2F306655524b6e336b45613031734f69&drf=https%3A%2F%2Flisteamed.net%2Fv%2F4bQVOj7oAe45wKm%2FHA.mp4&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Cookie: OAID=080048b8f0934270fd22420449cf93ea
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 17:46:46 GMT
content-type: image/gif
content-length: 43
x-trace-id: 18a598887b67945cabed2f5e34bd0852
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

listeamed.net/assets/jwplayer/8.28.1/provider.hlsjs.js

172.67.208.196

200 OK

423 kB

URL GET HTTP/3
listeamed.net/assets/jwplayer/8.28.1/provider.hlsjs.js
IP
172.67.208.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerGoogle Trust Services LLC
Subjectlisteamed.net
FingerprintD5:AE:F2:D1:CC:8E:63:47:EC:73:FF:C6:6B:32:FA:C9:0F:27:8E:C1
ValidityMon, 22 Apr 2024 08:48:48 GMT - Sun, 21 Jul 2024 08:48:47 GMT

File type

Size
423 kB (423017 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /assets/jwplayer/8.28.1/provider.hlsjs.js HTTP/1.1
Host: listeamed.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/e/306655524b6e336b45613031734f69
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:46:40 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 26 Jan 2024 07:31:58 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2634
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pqE1aymcBuWx6%2BRyQfoK444WHB66T4GFeM4lMizPS9vZg4HC4MBd15otwZAlhWi6qzqlBbyIR64GaGQoU4P5zaYnR3onTZEnDZbUPrXxbXZFxHd%2Fyn2NpViIrntjGU4f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8797ea04ce2a1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

listeamed.net/assets/jwplayer/8.28.1/jwplayer.core.controls.js

172.67.208.196

200 OK

325 kB

URL GET HTTP/3
listeamed.net/assets/jwplayer/8.28.1/jwplayer.core.controls.js
IP
172.67.208.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerGoogle Trust Services LLC
Subjectlisteamed.net
FingerprintD5:AE:F2:D1:CC:8E:63:47:EC:73:FF:C6:6B:32:FA:C9:0F:27:8E:C1
ValidityMon, 22 Apr 2024 08:48:48 GMT - Sun, 21 Jul 2024 08:48:47 GMT

File type

Size
325 kB (325119 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /assets/jwplayer/8.28.1/jwplayer.core.controls.js HTTP/1.1
Host: listeamed.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/e/306655524b6e336b45613031734f69
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:46:40 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 26 Jan 2024 07:33:12 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2634
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rBx2%2FKaDzhkgcdqIIMmB9KgsmsoPhX3ENITzuk2YXZJC4aSbZGFb745kdCy9RTLvyKORYOex5wu2pN1KwTrRpsDM7lU0lQShsrx7LfTCvnD3XIHax332Rq3azwr3IsG2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8797ea04ce291c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

capaciousdrewreligion.com/advertisers.js

192.243.59.13

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
Fingerprint53:B6:ED:C6:B5:B6:60:3E:6D:02:5A:92:2E:C3:12:74:64:A1:23:DC
ValidityWed, 06 Mar 2024 11:57:32 GMT - Tue, 04 Jun 2024 11:57:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 Apr 2024 17:46:41 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1f221a04663ad4cf77e71b72a163999a
Strict-Transport-Security: max-age=0; includeSubdomains

bembed.net/v/4bQVOj7oAe45wKm/HA.mp4

104.21.84.193

308 Permanent Redirect

6.6 kB

URL User Request GET HTTP/2
bembed.net/v/4bQVOj7oAe45wKm/HA.mp4
IP
104.21.84.193:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectbembed.net
FingerprintB2:66:B4:93:E3:4E:ED:34:31:A3:5C:F4:7F:B9:1A:0E:62:94:2F:9B
ValiditySat, 16 Mar 2024 11:58:27 GMT - Fri, 14 Jun 2024 11:58:26 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (6898), with no line terminators
Size
6.6 kB (6575 bytes)
Hash
a6a1a4eede297eef23dab2356d7bd155
0cd4b94f4ac2b15a37d269b57d516dd165f63e5f
0cc8c1554c72a36159485a295cd19031a637f9756992105d5d696f36cc4f3282

HTTP Headers

GET /v/4bQVOj7oAe45wKm/HA.mp4 HTTP/1.1
Host: bembed.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 308 Permanent Redirect
date: Wed, 24 Apr 2024 17:46:38 GMT
content-type: text/html; charset=utf-8
location: https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qqVPkMF8LaGzU6pjoEBzleJEESm4R3pijlbGKCWKzkYpAodiLvZ88e6O4s4abTt99SyLWYydHuodshODsC2Qzt8xvcsZJVrxZaruNo7O%2BZd3Z9zbZvtAkLfJAR5v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8797e9f64fe556ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

listeamed.net/assets/img/favicon.ico

172.67.208.196

200 OK

15 kB

URL GET HTTP/3
listeamed.net/assets/img/favicon.ico
IP
172.67.208.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Certificate
IssuerGoogle Trust Services LLC
Subjectlisteamed.net
FingerprintD5:AE:F2:D1:CC:8E:63:47:EC:73:FF:C6:6B:32:FA:C9:0F:27:8E:C1
ValidityMon, 22 Apr 2024 08:48:48 GMT - Sun, 21 Jul 2024 08:48:47 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15406 bytes)
Hash
7d9d17baaa54ab2b59859173c38f1a57
f383ac7a911d949ea75ebd07d8d95d5b231e9ea6
86fc3c09c4aec36ca788eabfda604e48d1ee61feb43a16371afab31f0cd2b48f

HTTP Headers

GET /assets/img/favicon.ico HTTP/1.1
Host: listeamed.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:46:39 GMT
content-type: image/vnd.microsoft.icon
last-modified: Fri, 26 Jan 2024 07:31:15 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IPjrard6tZXcs7ijt%2Bl%2By6GSYb4KMzDddqjfHR0TdTMW5w5R6P6S1Y9%2FVegduhk4vNqbMVQsuREB2CPxm%2Fv3cB%2BDzOgW67u5YPjOLnccWeG9AQ8XK9ZiBnUwc23coxVR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8797e9fd8d451c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

listeamed.net/assets/jwplayer/8.28.1/jwplayer.js?id=2ec1cfc87408aded985a8ebcbcd646d6

172.67.208.196

200 OK

109 kB

URL GET HTTP/3
listeamed.net/assets/jwplayer/8.28.1/jwplayer.js?id=2ec1cfc87408aded985a8ebcbcd646d6
IP
172.67.208.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerGoogle Trust Services LLC
Subjectlisteamed.net
FingerprintD5:AE:F2:D1:CC:8E:63:47:EC:73:FF:C6:6B:32:FA:C9:0F:27:8E:C1
ValidityMon, 22 Apr 2024 08:48:48 GMT - Sun, 21 Jul 2024 08:48:47 GMT

File type

Size
109 kB (109142 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /assets/jwplayer/8.28.1/jwplayer.js?id=2ec1cfc87408aded985a8ebcbcd646d6 HTTP/1.1
Host: listeamed.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/e/306655524b6e336b45613031734f69
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:46:39 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 26 Jan 2024 07:31:58 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3116
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e8%2B4ehVDR9EmoFDqSURe%2FhjMrcqCStksmk3Dc9yeIQpo1eA2fFuZj9TeJGedJmpTRthDkGstd930mcLuL9c7%2BA%2BRWs4wlMe8Y6fad811w0eCZLgP6%2FMEAeKPAIT7eVrt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8797e9ff3f4f1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

listeamed.net/assets/js/player.js?id=a9b24acc6c8d37de23098caa2f7907da

172.67.208.196

200 OK

14 kB

URL GET HTTP/3
listeamed.net/assets/js/player.js?id=a9b24acc6c8d37de23098caa2f7907da
IP
172.67.208.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerGoogle Trust Services LLC
Subjectlisteamed.net
FingerprintD5:AE:F2:D1:CC:8E:63:47:EC:73:FF:C6:6B:32:FA:C9:0F:27:8E:C1
ValidityMon, 22 Apr 2024 08:48:48 GMT - Sun, 21 Jul 2024 08:48:47 GMT

File type
ASCII text, with very long lines (13852), with no line terminators
Size
14 kB (13852 bytes)
Hash
19b624e7fe7a86b4c7851ed61e250626
760a6c0399930b96c61b6e18a6cbb0dbf0125f97
eaf266c920ef8297bf135324d4c6232d117d1eb849a082850b8d0520c1966c2e

HTTP Headers

GET /assets/js/player.js?id=a9b24acc6c8d37de23098caa2f7907da HTTP/1.1
Host: listeamed.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/e/306655524b6e336b45613031734f69
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:46:39 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 21 Mar 2024 07:00:44 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3983
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eHiYfh0Y3ubTfqgPMUUW9am1ux7yAWKzhnkLz0BK7Z%2BhKN%2FoA6XtV8VoAkzw7IZJ0f5OZxjxGPCQLQHTkkVq8ic%2BH30gPNfGU0bW0VtOrr%2Fy9se3DQGbPVD%2BvZ28Ncb8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8797e9ff3f581c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

oaphoace.net/401/6424058?oo=1&oaid=080048b8f0934270fd22420449cf93ea&sw_version=v1.337.0

139.45.197.239

200 OK

2.3 kB

URL GET HTTP/2
oaphoace.net/401/6424058?oo=1&oaid=080048b8f0934270fd22420449cf93ea&sw_version=v1.337.0
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerLet's Encrypt
Subjectoaphoace.net
Fingerprint5A:77:51:1A:03:0F:F3:58:DD:3F:3C:DA:AA:4A:F9:55:B5:FD:E6:C4
ValidityTue, 09 Apr 2024 21:43:25 GMT - Mon, 08 Jul 2024 21:43:24 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2467), with no line terminators
Size
2.3 kB (2279 bytes)
Hash
fe59f1a0d56241fb304e7b69afaedefc
0ffcd94c130deb678288c12275678c905037ddf5
759716da7b2d3300145c5338249616e05e0700949ea61ddf83f072d1f5e2b66c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /401/6424058?oo=1&oaid=080048b8f0934270fd22420449cf93ea&sw_version=v1.337.0 HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://listeamed.net
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Cookie: OAID=0300487fda7d4f48e0e8efd76be02cb9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 17:46:41 GMT
content-type: application/json
x-trace-id: 53656301363046114469145045385608
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://listeamed.net
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=080048b8f0934270fd22420449cf93ea; expires=Thu, 24 Apr 2025 17:46:41 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

172.67.193.52

200 OK

19 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
172.67.193.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerGoogle Trust Services LLC
Subjecttzegilo.com
Fingerprint28:2E:D0:DF:04:78:60:5A:D2:5B:1F:EA:59:80:9C:2F:89:C1:9D:D1
ValiditySat, 30 Mar 2024 15:54:48 GMT - Fri, 28 Jun 2024 15:54:47 GMT

File type
JavaScript source, ASCII text, with very long lines (18486)
Size
19 kB (19136 bytes)
Hash
70ebd404c2e1e7bad13998538b56887c
86e57af8ba3cfc2c004da3311835f6b54ba6d848
d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 17:46:41 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:13 GMT
etag: W/"65c37cc1-4ac0"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pX4EQ1%2B58XT6buDk78MlvegisibPPNHWa5VXf53fizRUN7%2B9iSj3RPYVJYqnVRaFxAXtsGcga%2FbBQO1GLb49r1mAOdGR1BRxC474iddoAFBCmzR%2BvdbLiD8EjikkhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8797ea08c863569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

listeamed.net/assets/js/main.js?id=eddfd74f6de7386e3162347efd9a6be3

172.67.208.196

200 OK

105 kB

URL GET HTTP/3
listeamed.net/assets/js/main.js?id=eddfd74f6de7386e3162347efd9a6be3
IP
172.67.208.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerGoogle Trust Services LLC
Subjectlisteamed.net
FingerprintD5:AE:F2:D1:CC:8E:63:47:EC:73:FF:C6:6B:32:FA:C9:0F:27:8E:C1
ValidityMon, 22 Apr 2024 08:48:48 GMT - Sun, 21 Jul 2024 08:48:47 GMT

File type

Size
105 kB (105278 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /assets/js/main.js?id=eddfd74f6de7386e3162347efd9a6be3 HTTP/1.1
Host: listeamed.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/e/306655524b6e336b45613031734f69
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:46:39 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Mon, 08 Apr 2024 14:13:45 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3983
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bPektKSUAPKAe07SPyh8pVRrecm83riS74hK3PIen4HfwhCiAlMLtmjw6iKnwZWAsAEjpHXGPqgP5BrF0F2bJthpLML7KwV2vHpIhTVeqtLlLD7mEewIR6FpEGWNoNP0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8797e9ff3f5c1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

listeamed.net/assets/css/icons/bootstrap-icons.css?id=4ae28873f5f5353c4c8d8aa129590f85

172.67.208.196

200 OK

89 kB

URL GET HTTP/3
listeamed.net/assets/css/icons/bootstrap-icons.css?id=4ae28873f5f5353c4c8d8aa129590f85
IP
172.67.208.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Certificate
IssuerGoogle Trust Services LLC
Subjectlisteamed.net
FingerprintD5:AE:F2:D1:CC:8E:63:47:EC:73:FF:C6:6B:32:FA:C9:0F:27:8E:C1
ValidityMon, 22 Apr 2024 08:48:48 GMT - Sun, 21 Jul 2024 08:48:47 GMT

File type
ASCII text
Size
89 kB (88585 bytes)
Hash
91f7cf4a3d3f0660b4e3914e5ac9298a
6e12e1ebcd983f848e5c280ab77649eeb44e74bc
f0cf9bd878febf2ff6279b59f696031deb8f0f9f4ab1a1199f55d78f7c558638

HTTP Headers

GET /assets/css/icons/bootstrap-icons.css?id=4ae28873f5f5353c4c8d8aa129590f85 HTTP/1.1
Host: listeamed.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:46:39 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 26 Jan 2024 07:33:12 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kom%2Bx2sMu38huTBd3siwk4N7zlUfeqvHvANlIdfyTJLXziMaKqE8OwKqmofBv8A2p2JcUZsd4O8A1hBuzYThlWcbo4mk3aKfayRx1bY%2Fj73MTQJfYTxitB80FlsVgkF9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8797e9faaa3f1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

listeamed.net/assets/js/load.js

172.67.208.196

200 OK

3.7 kB

URL GET HTTP/3
listeamed.net/assets/js/load.js
IP
172.67.208.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Certificate
IssuerGoogle Trust Services LLC
Subjectlisteamed.net
FingerprintD5:AE:F2:D1:CC:8E:63:47:EC:73:FF:C6:6B:32:FA:C9:0F:27:8E:C1
ValidityMon, 22 Apr 2024 08:48:48 GMT - Sun, 21 Jul 2024 08:48:47 GMT

File type
JavaScript source, ASCII text, with very long lines (3720), with no line terminators
Size
3.7 kB (3720 bytes)
Hash
d9c20c3e3512735c34d570b27902ce21
2e759ef4e518009e4414a5ef65d96f1489fd0df3
88777310a5c3f5382fcd464fbbf4d6dd119089bf94be45aa7789ce43c0184481

HTTP Headers

GET /assets/js/load.js HTTP/1.1
Host: listeamed.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:46:39 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Mon, 08 Apr 2024 14:13:45 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wZKqAgcuxW6g%2F05D7MjqWXCc4wf9zcqsIOoSZm1J%2FE0WJCySLmbtb%2B0lSkNXmhWYzLnTBL433x8TYPOhO1Cyohs6TnsCbj4K7S3FFJi%2FuzyJK6amlUAPdXlkH%2BKjDDQV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8797e9fc4bef1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

listeamed.net/assets/css/main.css?id=5fd3d01499b08b69f2032a864a46f45c

172.67.208.196

200 OK

46 kB

URL GET HTTP/3
listeamed.net/assets/css/main.css?id=5fd3d01499b08b69f2032a864a46f45c
IP
172.67.208.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Certificate
IssuerGoogle Trust Services LLC
Subjectlisteamed.net
FingerprintD5:AE:F2:D1:CC:8E:63:47:EC:73:FF:C6:6B:32:FA:C9:0F:27:8E:C1
ValidityMon, 22 Apr 2024 08:48:48 GMT - Sun, 21 Jul 2024 08:48:47 GMT

File type
ASCII text, with very long lines (449)
Size
46 kB (46207 bytes)
Hash
d54edf9aa1cde0c27571f0d70a5a800c
0280204d67163c971177fe07a97de7e7dd9d9bd4
9f323f60f1cb46c682179cbde508d1ad0ded66950f93f64abf9c80ce643ab4da

HTTP Headers

GET /assets/css/main.css?id=5fd3d01499b08b69f2032a864a46f45c HTTP/1.1
Host: listeamed.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:46:39 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Mon, 29 Jan 2024 14:24:15 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NbXJ5DDt4q7ndPjFK5T77RXszsyC70I2Ub8fYIJ5byQxspwHxp3oilZ0CcqjI7K0Mtfi0zWuR77tbKxPgtknkNUrUCVeYNf6S3BNmzN6aVZo3PLGcuAxp3DmPViDdytj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8797e9faaa421c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

hw8qpzyv9p.guardstorage.net/hls_3/_agR8spfR2FIiOJbdwxF8so8k3L10QlsyQyqZTH70Ozkg5kw74GUfnh5B3K0cJC0g4oRUVZo1bZ-KMa9oPtI6IZYtE1jRc2DwQS_dVLTIB1JwUwzY6H3Q6Hzw065-RpjVZ3YJrYnIFdY6tqevVXlD8GO99dyMTcWYrNks7fjFbkZB3mOS4TfoDQpKn80QbroVLMCj00QDzDzudm4Y-nCJA/index-v1-a1.m3u8?sig=i8q-cEkiIMXz6rKZN-kxDA&expires=1713989799

37.59.29.140

200 OK

13 kB

URL GET HTTP/2
hw8qpzyv9p.guardstorage.net/hls_3/_agR8spfR2FIiOJbdwxF8so8k3L10QlsyQyqZTH70Ozkg5kw74GUfnh5B3K0cJC0g4oRUVZo1bZ-KMa9oPtI6IZYtE1jRc2DwQS_dVLTIB1JwUwzY6H3Q6Hzw065-RpjVZ3YJrYnIFdY6tqevVXlD8GO99dyMTcWYrNks7fjFbkZB3mOS4TfoDQpKn80QbroVLMCj00QDzDzudm4Y-nCJA/index-v1-a1.m3u8?sig=i8q-cEkiIMXz6rKZN-kxDA&expires=1713989799
IP
37.59.29.140:443
ASN
#16276 OVH SAS

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerSectigo Limited
Subject*.guardstorage.net
FingerprintBB:17:7F:B4:1E:14:F6:23:29:98:AF:CB:F2:A0:43:5D:16:1E:D6:C1
ValiditySun, 10 Dec 2023 00:00:00 GMT - Thu, 09 Jan 2025 23:59:59 GMT

File type
M3U playlist, ASCII text
Size
13 kB (12664 bytes)
Hash
c93869a68ac5c596172068c3f4e6fb99
613751fa6186c2ee45b98ba78455f216afd35438
f17605d321ad085e791071f39049ebd575ac6ac8b9c2580b95f9adc81a53876d

HTTP Headers

GET /hls_3/_agR8spfR2FIiOJbdwxF8so8k3L10QlsyQyqZTH70Ozkg5kw74GUfnh5B3K0cJC0g4oRUVZo1bZ-KMa9oPtI6IZYtE1jRc2DwQS_dVLTIB1JwUwzY6H3Q6Hzw065-RpjVZ3YJrYnIFdY6tqevVXlD8GO99dyMTcWYrNks7fjFbkZB3mOS4TfoDQpKn80QbroVLMCj00QDzDzudm4Y-nCJA/index-v1-a1.m3u8?sig=i8q-cEkiIMXz6rKZN-kxDA&expires=1713989799 HTTP/1.1
Host: hw8qpzyv9p.guardstorage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://listeamed.net
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.21.4.3
date: Wed, 24 Apr 2024 17:46:41 GMT
content-type: application/vnd.apple.mpegurl
last-modified: Wed, 24 Apr 2024 17:46:41 GMT
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

i.guardstorage.net/channellogo/sIrUHjc46xow.png

172.67.211.88

200 OK

4.2 kB

URL GET HTTP/2
i.guardstorage.net/channellogo/sIrUHjc46xow.png
IP
172.67.211.88:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerLet's Encrypt
Subjecti.guardstorage.net
Fingerprint04:03:23:15:78:06:68:60:E6:22:9F:F4:EF:79:DC:D8:DA:79:11:7B
ValidityTue, 16 Apr 2024 11:01:27 GMT - Mon, 15 Jul 2024 11:01:26 GMT

File type
PNG image data, 148 x 53, 8-bit/color RGBA, non-interlaced
Size
4.2 kB (4161 bytes)
Hash
4dee385c1c06bd091ae29955bff2825d
09f68b1cdaeecd9047c37d818154adf8441cb881
7c64a9c92bf30fd24aa5694a1d9873f65f5ea2a9d7a5bd364baf49293b678a59

HTTP Headers

GET /channellogo/sIrUHjc46xow.png HTTP/1.1
Host: i.guardstorage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 17:46:41 GMT
content-type: image/png
content-length: 4161
last-modified: Thu, 14 Mar 2024 02:19:41 GMT
etag: "65f25ebd-1041"
x-server: cdn2
cache-control: max-age=14400
cf-cache-status: HIT
age: 471
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OVnfA4cr4cMC6KCglhCeVTZwtZXj2t%2BI%2Bh8QYdD8xqd0VsJ0aRko7p1%2F0d4WwEdV9ecGilEWb23DqZexRNsH0SiNrGHN3gGJOG0YtqEz0WAs9DTMjfwMBJbIs9cclsq9ZpSsGuo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8797ea068aac712a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Fira+Sans:wght@300;400;500;600;700;800;900&family=Heebo:wght@300;400;500;600;700;800;900&display=swap

142.250.74.106

200 OK

43 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Fira+Sans:wght@300;400;500;600;700;800;900&family=Heebo:wght@300;400;500;600;700;800;900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
ASCII text, with very long lines (1572)
Size
43 kB (43274 bytes)
Hash
3e32afaeab15a05db2c05ffbc64301d4
16263be6088f307dacc812b4db01f4e5be4cf122
659fcc80b9999153ced6cbc81530b538d814fb0a4a4029f3d0576744dc445184

HTTP Headers

GET /css2?family=Fira+Sans:wght@300;400;500;600;700;800;900&family=Heebo:wght@300;400;500;600;700;800;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 24 Apr 2024 17:46:39 GMT
date: Wed, 24 Apr 2024 17:46:39 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/firasans/v17/va9B4kDNxMZdWfMOD5VnLK3eRhf6.woff2

216.58.207.227

200 OK

25 kB

URL GET HTTP/2
fonts.gstatic.com/s/firasans/v17/va9B4kDNxMZdWfMOD5VnLK3eRhf6.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://listeamed.net/v/4bQVOj7oAe45wKm/HA.mp4
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 24964, version 1.0
Size
25 kB (24964 bytes)
Hash
ab1e118c3ab25d4210327093166ca977
6d6c24619115649c4c80a20d725c78f65175fb38
45f1b654ec61c60215f597e30df063b0fee38c8a42f7046f99bf9bf3376971dc

HTTP Headers

GET /s/firasans/v17/va9B4kDNxMZdWfMOD5VnLK3eRhf6.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://listeamed.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24964
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:32:06 GMT
expires: Fri, 18 Apr 2025 17:32:06 GMT
cache-control: public, max-age=31536000
age: 519273
last-modified: Tue, 02 May 2023 14:50:32 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

i.guardstorage.net/previews/kj4bQVOj7oAe45wKmZG2.preview.vtt

172.67.211.88

200 OK

8.8 kB

URL GET HTTP/2
i.guardstorage.net/previews/kj4bQVOj7oAe45wKmZG2.preview.vtt
IP
172.67.211.88:443
ASN
#13335 CLOUDFLARENET

Requested by
https://listeamed.net/e/306655524b6e336b45613031734f69
Certificate
IssuerLet's Encrypt
Subjecti.guardstorage.net
Fingerprint04:03:23:15:78:06:68:60:E6:22:9F:F4:EF:79:DC:D8:DA:79:11:7B
ValidityTue, 16 Apr 2024 11:01:27 GMT - Mon, 15 Jul 2024 11:01:26 GMT

File type
WebVTT subtitles, ASCII text
Size
8.8 kB (8798 bytes)
Hash
7abd969beef9bdf78ea9cfb6773237d2
d3fe967fb517cd64a8dee9c98008f93f7b64b60d
ddc152e029b3663ccebecf7b9f771fa0e78785d354edb997db937fb8016cdbf9

HTTP Headers

GET /previews/kj4bQVOj7oAe45wKmZG2.preview.vtt HTTP/1.1
Host: i.guardstorage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://listeamed.net
DNT: 1
Connection: keep-alive
Referer: https://listeamed.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 17:46:41 GMT
content-type: application/octet-stream
content-length: 8798
last-modified: Wed, 27 Mar 2024 19:31:35 GMT
etag: "66047417-225e"
accept-ranges: bytes
access-control-allow-origin: *
x-server: cdn2
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NZ43hczm%2BqDdUimO8oe97SpCNyRe4uxYgtbTqcxz0bwGIj7%2B6FOzXLwYemhaK0HnSIcO97V18l%2F41uxRtM87A4Op8pcj0f8p%2BDjmhmJLNStQEzsguyUlQ%2FkVZ8vQ%2Fy1g5QUA6Us%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8797ea066d1656c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (19)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL