| princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ | 185.197.162.157 | 200 OK | 8.7 kB |
URL User Request GET HTTP/2princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ IP185.197.162.157:443
CertificateIssuerLet's Encrypt Subjecthydr0.org Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3 ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (963) Hash22977756c52ece1f6426e939d920dea1 6ca7630fd9b1066043ea86c604c9c2e9ac32b714 43327200ccc2192d6ed07715edba0f47fdaa06397967b6d44e0209aae047cd63
GET /t/13736209121606227426-princess-chelsea-cigarette-duet/ HTTP/1.1
Host: princess-chelsea.hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:39 GMT
content-type: text/html; charset=utf-8
content-length: 8748
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| hydr0.org/i/js/_main_min.js?bd267116 | 185.197.162.157 | 200 OK | 6.8 kB |
URL GET HTTP/2hydr0.org/i/js/_main_min.js?bd267116 IP185.197.162.157:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjecthydr0.org Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3 ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT
File typegzip compressed data, from Unix Hash77f43b68f714440b0bf16af924bc635e 4c88c8b1c03581d732ee94a56cc1416201f902ad b7f399432d6371eb7c713233483f650f09711c4778a2ef42d6158b2a71ddea58
GET /i/js/_main_min.js?bd267116 HTTP/1.1
Host: hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:39 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Sun, 06 Dec 2020 12:25:14 GMT
vary: Accept-Encoding
etag: W/"5fcccdaa-4029"
expires: Wed, 15 May 2024 22:46:39 GMT
cache-control: max-age=691200
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| hydr0.org/i/assets/css/main.min.css | 185.197.162.157 | 200 OK | 2.5 kB |
URL GET HTTP/2hydr0.org/i/assets/css/main.min.css IP185.197.162.157:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjecthydr0.org Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3 ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT
File typegzip compressed data, from Unix Hash938391e95fa6ce218978399a91be9ae4 3e3a5bc7b082aea49d3b16e4d14b5fc75edf59ba 32be7853bdee489a77a0c7f1d67afed44d4509571412d942ca71787e68896050
GET /i/assets/css/main.min.css HTTP/1.1
Host: hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:39 GMT
content-type: text/css
last-modified: Mon, 24 Sep 2018 21:22:06 GMT
vary: Accept-Encoding
etag: W/"5ba9557e-1b5d"
expires: Wed, 15 May 2024 22:46:39 GMT
cache-control: max-age=691200
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700 | 142.250.74.106 | 200 OK | 1.2 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700 IP142.250.74.106:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typegzip compressed data, max compression Hash7cfc42577705ae611949363333c14b62 5bd1619fae9afb6718d536ff55c68fa7d99d307b db64462e4c203e6ebef44c63115a38a6bdd2460c99fe791772c59ada7844137e
GET /css?family=Source+Sans+Pro:300,400,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 22:46:40 GMT
date: Tue, 07 May 2024 22:46:40 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| hydr0.org/i/img/tw-icon.png | 185.197.162.157 | 200 OK | 224 B |
URL GET HTTP/2hydr0.org/i/img/tw-icon.png IP185.197.162.157:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjecthydr0.org Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3 ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT
File typePNG image data, 16 x 14, 8-bit/color RGBA, non-interlaced Hashe2cee1c943433546bb4480f554de127a ed743bf22f75ebac80022eef1dca0deefb1c1fe0 f379291652866713bf1f5569751bec9f5cb86df654c64d6ce56e22b58cfb01a2
GET /i/img/tw-icon.png HTTP/1.1
Host: hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hydr0.org/i/css/_main_min.css?07e7a71b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: image/png
content-length: 224
last-modified: Sun, 22 Apr 2018 18:52:38 GMT
etag: "5adcd9f6-e0"
expires: Wed, 15 May 2024 22:46:40 GMT
cache-control: max-age=691200
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| hydr0.org/i/img/vk-icon.png | 185.197.162.157 | 200 OK | 227 B |
URL GET HTTP/2hydr0.org/i/img/vk-icon.png IP185.197.162.157:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjecthydr0.org Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3 ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT
File typePNG image data, 18 x 12, 8-bit/color RGBA, non-interlaced Hash02a6c41a891f99dfd543ba1cb2f6236f 4dee5f8812755c8fbb1dd1b261067aaf59bae749 b16afc6cf638c1a017697c56889bd640044df1618146e7ed5e40f2189bab785a
GET /i/img/vk-icon.png HTTP/1.1
Host: hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hydr0.org/i/css/_main_min.css?07e7a71b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: image/png
content-length: 227
last-modified: Sun, 22 Apr 2018 18:52:38 GMT
etag: "5adcd9f6-e3"
expires: Wed, 15 May 2024 22:46:40 GMT
cache-control: max-age=691200
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| hydr0.org/i/assets/img/play-button.svg | 185.197.162.157 | 200 OK | 872 B |
URL GET HTTP/2hydr0.org/i/assets/img/play-button.svg IP185.197.162.157:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjecthydr0.org Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3 ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT
File typeSVG Scalable Vector Graphics image Hash9d78dd199dec98e2b4b0ec81437d6c88 ec05c5717c55461b5ab474e5f301d11a0a9d7bbf 1c3dc095e4636fefe4a91bf18f9988eae51f08766d56cfd40bfe1caa8690de34
GET /i/assets/img/play-button.svg HTTP/1.1
Host: hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hydr0.org/i/css/_main_min.css?07e7a71b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: image/svg+xml
content-length: 872
last-modified: Sun, 23 Sep 2018 09:56:11 GMT
etag: "5ba7633b-368"
expires: Wed, 15 May 2024 22:46:40 GMT
cache-control: max-age=691200
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| hydr0.org/i/assets/img/download.svg | 185.197.162.157 | 200 OK | 1.1 kB |
URL GET HTTP/2hydr0.org/i/assets/img/download.svg IP185.197.162.157:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjecthydr0.org Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3 ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT
File typeSVG Scalable Vector Graphics image Hash18498919aa46e36a2909abb492263545 640f1fd7d6714c6b96a372028fd5fa1ae001aed4 41fc339bf1a098172ef993c03574dcbfd88cc2e4490eee62f3e889f3e132ca3e
GET /i/assets/img/download.svg HTTP/1.1
Host: hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hydr0.org/i/css/_main_min.css?07e7a71b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: image/svg+xml
content-length: 1135
last-modified: Sun, 23 Sep 2018 10:25:32 GMT
etag: "5ba76a1c-46f"
expires: Wed, 15 May 2024 22:46:40 GMT
cache-control: max-age=691200
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| hydr0.org/i/img/fixplayer.png | 185.197.162.157 | 200 OK | 4.2 kB |
URL GET HTTP/2hydr0.org/i/img/fixplayer.png IP185.197.162.157:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjecthydr0.org Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3 ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT
File typePNG image data, 500 x 200, 8-bit/color RGBA, non-interlaced Hash7e86d3366c2cb8883fc258e5d43ef6ae 433163ca9d6addfcf52c216879f1bccd003b056d e704f5b237151eeb6afa59feba454f91dbaa04e8794e91296903958883974b7a
GET /i/img/fixplayer.png HTTP/1.1
Host: hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hydr0.org/i/css/_main_min.css?07e7a71b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: image/png
content-length: 4200
last-modified: Sun, 23 Sep 2018 19:17:36 GMT
etag: "5ba7e6d0-1068"
expires: Wed, 15 May 2024 22:46:40 GMT
cache-control: max-age=691200
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 | 216.58.207.227 | 200 OK | 15 kB |
URL GET HTTP/2fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 IP216.58.207.227:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 14892, version 1.0 Hash9ec6deaf6bada919e20b98f9f7b718b1 501d36403ad8205e4644532600019ecb10f5cb0a 7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
GET /s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14892
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 10:17:48 GMT
expires: Sat, 03 May 2025 10:17:48 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
content-type: font/woff2
age: 390532
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| omoonsih.net/pfe/current/micro.tag.min.js?z=6444282&sw=/sw-check-permissions.js | 172.66.43.183 | 200 OK | 28 kB |
URL GET HTTP/2omoonsih.net/pfe/current/micro.tag.min.js?z=6444282&sw=/sw-check-permissions.js IP172.66.43.183:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint64:19:B1:75:F5:EE:20:B6:3B:9F:48:90:E4:C0:BC:4E:12:5B:60:4B ValidityFri, 09 Jun 2023 00:00:00 GMT - Sat, 08 Jun 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (37142), with no line terminators Hash32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de
GET /pfe/current/micro.tag.min.js?z=6444282&sw=/sw-check-permissions.js HTTP/1.1
Host: omoonsih.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-9116"
access-control-allow-credentials: true
cache-control: max-age=14400
pragma: no-cache
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=snSjuAJPm7CPi63a0m6jAV6V7%2BDexsM8a%2BCWq7wFIn3tcr7NtKwIB75KwLVJ%2F%2F74xPYZ%2BTRlJK29epLkFdrLXThl4Iao2a0bGOa3WneDnweLfawVdr8xHEmxOY9g7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804bf53dd3d56b9-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 | 216.58.207.227 | 200 OK | 15 kB |
URL GET HTTP/2fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 IP216.58.207.227:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 14712, version 1.0 Hash3afeae0d768769f5e5f30ac9805c5b70 3ada17c2b462db3e7a1fd85c3f4670dfe7704f4d 0d0a6262c545e8bbc895116e5afb22579c468d7abb77e378f377d6fed57c1dce
GET /s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14712
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 18:02:35 GMT
expires: Fri, 02 May 2025 18:02:35 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 01 Jun 2023 22:52:57 GMT
content-type: font/woff2
age: 449045
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| omoonsih.net/zone?&pub=0&zone_id=6444282&is_mobile=false&domain=princess-chelsea.hydr0.org&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=e73e3734-4125-4af0-a454-69419ec3d25e&action=prerequest | 172.66.43.183 | 200 OK | 0 B |
URL POST HTTP/2omoonsih.net/zone?&pub=0&zone_id=6444282&is_mobile=false&domain=princess-chelsea.hydr0.org&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=e73e3734-4125-4af0-a454-69419ec3d25e&action=prerequest IP172.66.43.183:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint64:19:B1:75:F5:EE:20:B6:3B:9F:48:90:E4:C0:BC:4E:12:5B:60:4B ValidityFri, 09 Jun 2023 00:00:00 GMT - Sat, 08 Jun 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=6444282&is_mobile=false&domain=princess-chelsea.hydr0.org&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=e73e3734-4125-4af0-a454-69419ec3d25e&action=prerequest HTTP/1.1
Host: omoonsih.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 22:46:40 GMT
content-length: 0
x-trace-id: 30fd623347b9f867fdb1b60af14c85d6
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://princess-chelsea.hydr0.org
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S32dTdcocU5YEn0KGZnZCwsFNsuEeYn1rIJMytLY4k3GyzhyIipUd1iOuYI4QAwuz4cezS7aW2%2FzQXKqjZx8IiaqhEu%2B9jglJrb9AwDdp1yaK29%2F%2F8yRAUJfdaoJVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804bf565f9e56b9-OSL
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 322
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 34b655a781b6a1a8f3718b61923ac384
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://princess-chelsea.hydr0.org
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 325
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: d0403732713facbc92b2a76c9a15222a
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://princess-chelsea.hydr0.org
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 324
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 4565b50db4f3fb03d209fd0396149209
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://princess-chelsea.hydr0.org
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://princess-chelsea.hydr0.org/
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://princess-chelsea.hydr0.org
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| princess-chelsea.hydr0.org/sw-check-permissions.js?zoneId=6444282 | 185.197.162.157 | 200 OK | 503 B |
URL GET HTTP/2princess-chelsea.hydr0.org/sw-check-permissions.js?zoneId=6444282 IP185.197.162.157:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjecthydr0.org Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3 ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT
Hashd05dbf65f2e2534405a9bfdef85ea2f5 6eaedd77ecd6883166136377e31a2678c93f490c 27da5d1029d8f9022b772da59bf5cd9a8daa82b7d70330c2d923e5de926ad9b4
GET /sw-check-permissions.js?zoneId=6444282 HTTP/1.1
Host: princess-chelsea.hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/javascript; charset=UTF-8
content-length: 503
last-modified: Tue, 10 Oct 2023 08:44:41 GMT
etag: "65250ef9-1f7"
expires: Wed, 15 May 2024 22:46:40 GMT
cache-control: max-age=691200
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js?userId=008055d700f4494df57a97946484441f | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=008055d700f4494df57a97946484441f IP139.45.195.8:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash7c66ca9449b92bff8145ee60033b8ff6 c1f7368ea14e123ec429f1ab1a97e7fdaa80beb0 c94b8e79dc5a6135bc12857ed79ece1d089b689015d7dd25bd013c970eb21957
GET /gid.js?userId=008055d700f4494df57a97946484441f HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://princess-chelsea.hydr0.org
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008055d700f4494df57a97946484441f; expires=Wed, 07 May 2025 22:46:40 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hash39a91582eae10095b42acfb9fba29df7 31fd99163ed7779db91705db40f777a43fe4ea2c acd8bb8d6ee80207b866f658ce6cbf7d5c502248170090d2b61c50d3ece9f3cf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://princess-chelsea.hydr0.org/
Content-Type: application/json
Content-Length: 904
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://princess-chelsea.hydr0.org
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| princess-chelsea.hydr0.org/favicon.ico | 185.197.162.157 | 200 OK | 1.2 kB |
URL GET HTTP/2princess-chelsea.hydr0.org/favicon.ico IP185.197.162.157:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjecthydr0.org Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3 ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash77a5802ef2306252acd37d624e83da69 7c48978777ac45d4d615c93a3d1cac8c0ebd111d 2f23bc10aef4196b073237193f296340a225a133c5bf9c0dbc6ffd336991da33
GET /favicon.ico HTTP/1.1
Host: princess-chelsea.hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/
Cookie: prefetchAd_7149369=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: image/vnd.microsoft.icon
content-length: 1150
last-modified: Sun, 23 Sep 2018 10:22:36 GMT
etag: "47e-57687405c3300"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=kJn7tPOKk5BJZaWIemkuBuAp7QJqLhLcqgpipnEP2brJTNZDZ4JzNW02utmAkAfXZYyr_Z7Y6cqEDldf3aVsITix0ItV_mVEgp4FF1Rmsioumxh3ewiSMAdlaQWbdOlA
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Tue, 07 May 2024 22:45:16 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 102
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| zuhempih.com/5/7149369 | 139.45.197.245 | 200 OK | 94 kB |
IP139.45.197.245:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjectzuhempih.com Fingerprint97:B7:D0:6C:8B:16:1C:15:92:B9:BF:26:3C:FC:CD:84:BF:52:AF:7D ValidityThu, 11 Apr 2024 05:08:18 GMT - Wed, 10 Jul 2024 05:08:17 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash23f68308da3aec5ea1734244376166be 285b843a7be08b72c2cbbeca267ac63ed56c1e37 1dac8f12208e6da27a9d0b640f441bc3c6965da7b4490fe6ab0bce8521f54045
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /5/7149369 HTTP/1.1
Host: zuhempih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/javascript
x-trace-id: ee4a6beac0e80ae8c49f312dbdec63df
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008055d700f4494df57a97946484441f; expires=Wed, 07 May 2025 22:46:40 GMT; path=/; secure; SameSite=None
oaidts=1715122000; expires=Wed, 07 May 2025 22:46:40 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| hydr0.org/i/css/_main_min.css?07e7a71b | 185.197.162.157 | 200 OK | 35 kB |
URL GET HTTP/2hydr0.org/i/css/_main_min.css?07e7a71b IP185.197.162.157:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjecthydr0.org Fingerprint7B:B7:89:F7:BE:E7:7C:D2:27:BF:DA:03:06:EF:9C:6C:4E:4C:26:D3 ValidityMon, 18 Mar 2024 20:03:56 GMT - Sun, 16 Jun 2024 20:03:55 GMT
File typeASCII text, with very long lines (5499) Hash81385d0061739851378acb21c21bdbdf 05fe763d67de00f8b85cb109bb60c5c7fbc6a2fd 32d4f879ec70f3608e7cccfa4e7bb3e469564fdcca5b5fc28594ac415044f0e4
GET /i/css/_main_min.css?07e7a71b HTTP/1.1
Host: hydr0.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://princess-chelsea.hydr0.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:39 GMT
content-type: text/css
last-modified: Tue, 27 Aug 2019 20:39:38 GMT
vary: Accept-Encoding
etag: W/"5d65950a-876d"
expires: Wed, 15 May 2024 22:46:39 GMT
cache-control: max-age=691200
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| zuhempih.com/?rb=YPIW2G4zYoH1hjlb8I44zklq7R9fifhTX_mlQXmuIXyJQEnZF7Y4K_taV2NmwOeEi539NsvzvM1bhTfuxYIdOwbLVB3KQQaOh1paUTQ3aFM5DKsYsosoczoj53VhxCszA4a1nTCJ-Js9KgoZ_AFJmtL-1s7Sraa05ntPdY0bQrqL1rpKRZyozz4j-3lm3hpRfxyBKo7rc_EghCib032YeLiS-2PB0nueLxFmOSRKfrQBXbKKcDNBgYugnE70nyPB9x5ywRD168ApeejaiQFqeWMowsc%3D&request_ab2=0&zoneid=7149369&js_build=iclick-v1.788.10-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fprincess-chelsea.hydr0.org%2Ft%2F13736209121606227426-princess-chelsea-cigarette-duet%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.10-auto&navlng=en-US&pnt=0&pnrc=0&bs=94d8869f-cac8-418f-a1a5-f9da19bbfca0&wasm=1&userId=008055d700f4494df57a97946484441f&m=link | 139.45.197.245 | 200 OK | 2.4 kB |
URL GET HTTP/2zuhempih.com/?rb=YPIW2G4zYoH1hjlb8I44zklq7R9fifhTX_mlQXmuIXyJQEnZF7Y4K_taV2NmwOeEi539NsvzvM1bhTfuxYIdOwbLVB3KQQaOh1paUTQ3aFM5DKsYsosoczoj53VhxCszA4a1nTCJ-Js9KgoZ_AFJmtL-1s7Sraa05ntPdY0bQrqL1rpKRZyozz4j-3lm3hpRfxyBKo7rc_EghCib032YeLiS-2PB0nueLxFmOSRKfrQBXbKKcDNBgYugnE70nyPB9x5ywRD168ApeejaiQFqeWMowsc%3D&request_ab2=0&zoneid=7149369&js_build=iclick-v1.788.10-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fprincess-chelsea.hydr0.org%2Ft%2F13736209121606227426-princess-chelsea-cigarette-duet%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.10-auto&navlng=en-US&pnt=0&pnrc=0&bs=94d8869f-cac8-418f-a1a5-f9da19bbfca0&wasm=1&userId=008055d700f4494df57a97946484441f&m=link IP139.45.197.245:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerLet's Encrypt Subjectzuhempih.com Fingerprint97:B7:D0:6C:8B:16:1C:15:92:B9:BF:26:3C:FC:CD:84:BF:52:AF:7D ValidityThu, 11 Apr 2024 05:08:18 GMT - Wed, 10 Jul 2024 05:08:17 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2440), with no line terminators Hash1e43046e7d7642e1feb07aafe17fe49e 54bf6d3cb9e5821f84ace5e42f4328f515adc862 5e4180cd54366d311bc953b368c2b2ac5e69b3dad0edbca27f2bf8636be7652b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?rb=YPIW2G4zYoH1hjlb8I44zklq7R9fifhTX_mlQXmuIXyJQEnZF7Y4K_taV2NmwOeEi539NsvzvM1bhTfuxYIdOwbLVB3KQQaOh1paUTQ3aFM5DKsYsosoczoj53VhxCszA4a1nTCJ-Js9KgoZ_AFJmtL-1s7Sraa05ntPdY0bQrqL1rpKRZyozz4j-3lm3hpRfxyBKo7rc_EghCib032YeLiS-2PB0nueLxFmOSRKfrQBXbKKcDNBgYugnE70nyPB9x5ywRD168ApeejaiQFqeWMowsc%3D&request_ab2=0&zoneid=7149369&js_build=iclick-v1.788.10-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fprincess-chelsea.hydr0.org%2Ft%2F13736209121606227426-princess-chelsea-cigarette-duet%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.10-auto&navlng=en-US&pnt=0&pnrc=0&bs=94d8869f-cac8-418f-a1a5-f9da19bbfca0&wasm=1&userId=008055d700f4494df57a97946484441f&m=link HTTP/1.1
Host: zuhempih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://princess-chelsea.hydr0.org/
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Cookie: OAID=008055d700f4494df57a97946484441f; oaidts=1715122000
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 22:46:40 GMT
content-type: application/json
x-trace-id: cc06465a61fe4d029fa7c3a8776533f4
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://princess-chelsea.hydr0.org
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008055d700f4494df57a97946484441f; expires=Wed, 07 May 2025 22:46:40 GMT; path=/; secure; SameSite=None
oaidts=1715122000; expires=Wed, 07 May 2025 22:46:40 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Tue, 14 May 2024 22:46:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 | 216.58.207.227 | 200 OK | 15 kB |
URL GET HTTP/2fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 IP216.58.207.227:443
Requested byhttps://princess-chelsea.hydr0.org/t/13736209121606227426-princess-chelsea-cigarette-duet/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 14780, version 1.0 Hash8dae809192c44690275a3624133293e7 969c98c4d7eb00386ebbd61a63288972d138ecb8 c3de27b2cbd6deda629c9b442700cf54c0dda74e494b1c75a57d822068a047f8
GET /s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://princess-chelsea.hydr0.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14780
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:03:54 GMT
expires: Fri, 02 May 2025 02:03:54 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 01 Jun 2023 22:52:58 GMT
content-type: font/woff2
age: 506566
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|