Report - player.ekino-tv.link/f/OrPe7V0Mgz00

Report Overview

Visited public
2024-08-04 20:40:49
Tags
URL
player.ekino-tv.link/f/OrPe7V0Mgz00
Finishing URL
player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw==
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
Video player

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Sent	Received	IP
unpkg.com	11693	1.3 kB	80 kB	104.17.247.203
zeratys.com	unknown	2.1 kB	5.1 kB	138.201.194.90
smkezc.com	unknown	508 B	249 B	185.162.85.14
go.mnaspm.com	unknown	3.4 kB	17 kB	104.18.17.106
xml.cachegorilla.com	unknown	556 B	202 B	173.239.53.20
de.forerungirdles.com	unknown	532 B	16 kB	23.109.170.198
creative.mnaspm.com	unknown	3.2 kB	1.6 MB	104.18.17.106
video.sacdnssedge.com	unknown	429 B	569 B	185.76.9.18
xml.poprtb.com	69835	543 B	137 B	174.137.133.17
e5.o.lencr.org	unknown	326 B	729 B	23.36.76.226
marazma.com	unknown	1.1 kB	1.4 kB	172.67.128.55
videocdnshop.com	unknown	536 B	697 B	172.67.199.179
duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion	unknown	952 B	0 B	0.0.0.0
o.pki.goog	unknown	2.0 kB	4.2 kB	142.250.74.67
dns.google	82517	479 B	713 B	8.8.4.4
xml.popmansion.com	unknown	1.7 kB	2.6 kB	104.21.87.102
video.ktkjmp.com	23778	442 B	1.0 kB	104.18.48.21
commentsmodule.com	unknown	466 B	962 B	172.67.198.57
videocdnmetrika.com	unknown	409 B	1.1 kB	172.67.221.128
xml.xmlwiz.com	unknown	552 B	5.0 kB	174.137.133.17
i0.wp.com	3021	515 B	316 B	192.0.77.2
echonverforrinho.info	unknown	524 B	1.2 kB	143.204.55.91
img.strpst.com	12993	1.8 kB	73 kB	104.17.11.106
www.sexnarxnxx.com	unknown	513 B	872 B	104.21.32.194
r10.o.lencr.org	unknown	2.0 kB	5.3 kB	23.33.119.27
player.ekino-tv.link	unknown	14 kB	440 kB	188.114.96.1
tsyndicate.com	13042	514 B	1.4 kB	136.243.69.157

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-08-04 20:40:23	low	Client IP	74.125.250.129	ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
2024-08-04 20:40:23	low	Client IP	8.8.4.4	ET INFO Observed Google DNS over HTTPS Domain (dns .google in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-08-04	medium	forerungirdles.com	Sinkholed
2024-08-04	medium	duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion	Sinkholed
2024-08-04	medium	duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion	Sinkholed
2024-08-04	medium	commentsmodule.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (37)

	URL	From	Size	First Seen	Last Seen
	player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from	ScriptElement	24 kB	2024-04-03	2024-08-29
Pretty URL player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-03 17:09 Last Seen2024-08-29 18:15 Times Seen216 Hash 4e53eba039c89f045bbd090b826a177d e64fc3248dfd597a8278cc3bd1a8be628bceff2f 8e90d6177f9cee8bb9625caa64fc9ae9c496c6b3b37a20cb77e08c73fbb8a980 Loading...

	player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from	ScriptElement	339 B	2024-05-22	2025-04-24
Pretty URL player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-22 17:10 Last Seen2025-04-24 06:06 Times Seen298 Hash 4eb7ee0b8a873f58c81293046cb3e907 594d81f33096b4b320be67d6edc6116d28aabf93 ce6697a6a70e029cebae4932e588b7da4d59d41605e76e7e4e2051eddcb82a1c Loading...

	player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from	ScriptElement	0 B	0001-01-01	2025-05-21
Pretty URL player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-21 04:46 Times Seen4737376 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	player.ekino-tv.link/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	ScriptElement	1.2 kB	2023-03-07	2025-05-21
Pretty URL player.ekino-tv.link/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-21 04:45 Times Seen69668 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	player.ekino-tv.link/js/embed.232.js?736	ScriptElement	174 kB	2023-11-18	2025-05-16
Pretty URL player.ekino-tv.link/js/embed.232.js?736 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-18 22:56 Last Seen2025-05-16 04:41 Times Seen413 Hash 2ef0f0aaced28cafd6f81e3817e119a5 a7350dad6f2a5a030506712a3500ac5991c858b4 c08fcc8c5a98d44983c1b328f7345751e4aa22d21b90b1929c5c084fb62bf863 Loading...

	unpkg.com/jquery@2.2.4/dist/jquery.min.js	ScriptElement	86 kB	2023-03-07	2025-05-21
Pretty URL unpkg.com/jquery@2.2.4/dist/jquery.min.js IP 104.17.247.203 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-21 04:25 Times Seen175370 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw==	ScriptElement	565 B	2024-08-19	2024-08-19
Pretty URL player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw== IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 14:39 Last Seen2024-08-19 14:39 Times Seen1 Hash ae29c05ab9381fcc4eb330dc3cd0db3c 3702dcb38a770a24c9b15a529a5ba0aa5c8dc411 a4dc081490bfa07d9146fcc5f64a71d3bd8b7da108126e77075af71072c5f3fd Loading...

	player.ekino-tv.link/js/jquery-eu-cookie-law-popup.js?4	ScriptElement	8.9 kB	2023-03-07	2024-12-15
Pretty URL player.ekino-tv.link/js/jquery-eu-cookie-law-popup.js?4 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:41 Last Seen2024-12-15 16:22 Times Seen26 Hash 22c8e688031399af4810b7db64dc6c7e 1891e103fa545f8ac643bcbd2b2771b9730762b2 d1014f84b24e43a54fa1b087e24ed1eabc7603218970ddb845615a847eeb6869 Loading...

	unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js	ScriptElement	3.1 kB	2023-03-07	2025-05-20
Pretty URL unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js IP 104.17.247.203 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-05-20 21:41 Times Seen7288 Hash d5528dde0006c78be04817327c2f9b6f 31e1bcc4cf805a2c2fee21f48ded1e598f64a2a8 b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8 Loading...

	player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw==	ScriptElement	207 B	2023-03-07	2024-12-15
Pretty URL player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw== IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:41 Last Seen2024-12-15 16:22 Times Seen18 Hash a975650d6e9ba145341bb956a2e80d8b e281e2e501164952e67909fca8ad96f2b7d8aa1d e7e7c2b0b4ff7b583abe6503f70ab9ba47b58bbc863d7c936890b143713dc04b Loading...

	player.ekino-tv.link/js/disqusloader.js	ScriptElement	3.3 kB	2023-03-07	2024-12-15
Pretty URL player.ekino-tv.link/js/disqusloader.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:41 Last Seen2024-12-15 16:22 Times Seen18 Hash f0a8801a95a8e2e9e30d3fa0332e2772 ab43b8ecfa167243fed51af01df894fe959c4a71 549e0356348356425b1826c90b527274c4ae2e839b197053598b33c50c2edd04 Loading...

	player.ekino-tv.link/js/websocket_ip.min.js	ScriptElement	4.6 kB	2023-03-13	2025-05-16
Pretty URL player.ekino-tv.link/js/websocket_ip.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:04 Last Seen2025-05-16 04:41 Times Seen724 Hash 0e455c930eb772725553d8ab1f92fdc6 e3b6edf2d24bbf1ec3afeb8fae51bc25d4f18e52 419b600e2a3d2523ed458633a946a9a07fcf046077f0ea79f3e435f154f04ee7 Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	ScriptElement	1.6 kB	2023-05-06	2025-05-20
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21 Last Seen2025-05-20 22:01 Times Seen24456 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	unknown	EventHandler	43 B	2023-09-30	2025-05-16
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-09-30 22:49 Last Seen2025-05-16 04:41 Times Seen676 Hash 55c4c37c79452f4fe27be560b5a753df b21c3436ade225c92004c2fc7885b650bbe8b894 82b605d4af8acc468884627dfba2539dfc079b7cdd1fbf2b1399c06a84606963 Loading...

	player.ekino-tv.link/ad/top/popunder.js	ScriptElement	21 B	2023-03-07	2025-05-16
Pretty URL player.ekino-tv.link/ad/top/popunder.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-05-16 04:41 Times Seen525 Hash 533a813ddb8f84d7e018bf8e6296c44d 8c95af23d5dc502f1bc3395a6d2e339e696c0d3e a499068cf858aa2cd9b077e2e354b6bf8435eaa8e44c2047f403c7283031977f Loading...

	videocdnmetrika.com/netu.php	ScriptElement	528 B	2024-08-19	2024-08-19
Pretty URL videocdnmetrika.com/netu.php IP 172.67.221.128 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 14:39 Last Seen2024-08-19 14:39 Times Seen1 Hash 6f5c9f0a891a4aad878019b89e689364 3dd172c45091e71fd1d3381f25b3f1675b0729d8 e235317982c1daabddefebf2f9fc0b3142c67f8c2df011790b79e80354e75e9f Loading...

	unknown	Function	724 B	2024-08-19	2024-08-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-08-19 14:39 Last Seen2024-08-19 14:39 Times Seen1 Hash fb91824b7d8980f3e94d6ee66e48afb5 c795a3cb4713c2ed8c2af9250a570b2f3d48ece6 3ad8ee7adbbdcb64667b5d653fc48266505b1cfc9f4b9999a5ca0e646dd181d7 Loading...

	player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw==	ScriptElement	438 B	2023-03-07	2024-12-15
Pretty URL player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw== IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:41 Last Seen2024-12-15 16:22 Times Seen18 Hash 324bed2bd746964deade97fde52bed1a 36849d07a65d18d13b5b4828d17f76102d883a44 4d72f9bc75bafb85e79ae5ef5a2c62c149fa1a5c5a7adbda44e6cedb9206f474 Loading...

	player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw==	ScriptElement	13 B	2023-03-07	2024-12-15
Pretty URL player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw== IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:41 Last Seen2024-12-15 16:22 Times Seen18 Hash 4f059901e75e5b959b49cf1878664980 4426e070c5f5cce6034731aa259184476b5256d4 2aab152d81e14dc15edbb98c8e9d7703b41e928bcdb1a4005c5a5db8443d329e Loading...

	unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js	ScriptElement	30 kB	2023-03-07	2025-05-16
Pretty URL unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js IP 104.17.247.203 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-05-16 04:41 Times Seen690 Hash 013916ab61482481d8de9742a0f95bee 546bb742502faa36f8c2bb954c2f028187660404 73cdea3ea0691f9ac4150be0c937dc2ee7eaa10205168a84e41ef5c9e05784b7 Loading...

	player.ekino-tv.link/sandbox%20eval%20code		128 B	2023-05-06	2025-05-20
Pretty URL player.ekino-tv.link/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21 Last Seen2025-05-20 22:01 Times Seen24669 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	unknown	EventHandler	12 B	2023-11-11	2025-05-16
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-11-11 16:20 Last Seen2025-05-16 04:41 Times Seen569 Hash 183beaea448ba4fe4cd297659414f1c6 e9967d0239407577b3b0e55041da855d9cd765b2 2aefdb772967bf6334ed50f14bc4aa34c8d27debb70f7bdba7b220ca18d2c2a6 Loading...

	player.ekino-tv.link/js/video.jquery_plugs/modernizr.js?12	ScriptElement	1.2 kB	2023-03-07	2025-05-16
Pretty URL player.ekino-tv.link/js/video.jquery_plugs/modernizr.js?12 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-05-16 04:41 Times Seen681 Hash 981ce49e4c69148552b01cbbe30f0858 9cb566fa0e6cfda06fe4721214acc445d443ef07 458cc3be215bef898d5e6a41e25f0c022e6d5d5e61add13f13c01898bb53b9bc Loading...

	unknown	Function	79 B	2023-04-11	2025-05-21
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38 Last Seen2025-05-21 04:43 Times Seen113088 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	player.ekino-tv.link/js/adv/fuckadblock.js?2	ScriptElement	14 kB	2023-03-07	2025-05-16
Pretty URL player.ekino-tv.link/js/adv/fuckadblock.js?2 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-05-16 04:41 Times Seen481 Hash 626be86ed51eef8b8b4038b6dcb8fcb2 229b2c503c8a0acc4bb1b423c895fc30330a0723 7e5965a6eb681ef5f8a59dacd6e8c8263dcbbb512e441e532fee942a90c4c7ea Loading...

	player.ekino-tv.link/js/script_33.11.js?16	ScriptElement	7.0 kB	2023-12-22	2025-05-16
Pretty URL player.ekino-tv.link/js/script_33.11.js?16 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-22 22:46 Last Seen2025-05-16 04:41 Times Seen363 Hash b0560242a3e6bfa725f3318a6421c2a1 e1e3fca8bf89a62ec023f11d1e13bcd05a523958 13971a21e52963922af2a4ce68153931184b5404db0dcbb53233e441209ae0ee Loading...

	player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw==	ScriptElement	1.8 kB	2024-08-19	2024-08-19
Pretty URL player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw== IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 14:39 Last Seen2024-08-19 14:39 Times Seen1 Hash 598c1276f66fd4a07089aeb044ee9725 9d0758ec22c2b63591d60ba46a1b835584d13b26 da3b83d1d3292686056512a60da0a3167abb63ec46daab249a59e7048826ee8d Loading...

	player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw==	ScriptElement	3.0 kB	2024-08-19	2024-08-19
Pretty URL player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw== IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 14:39 Last Seen2024-08-19 14:39 Times Seen1 Hash 0414144c02f3a193417402165325cb51 0de8c749c45c5020aad504755be4eab88f61e880 2e689e1474059fdcbd097b9013a00cd1cbc7e5a2c3b74f35077e4f28f4fa694b Loading...

	player.ekino-tv.link/js/video.counters.2.js?117	ScriptElement	696 B	2023-03-07	2025-05-16
Pretty URL player.ekino-tv.link/js/video.counters.2.js?117 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:26 Last Seen2025-05-16 04:41 Times Seen519 Hash 822d1aaefb9a343e788bfd63d5270e37 500ec918bfb859b16cb6b147010924f266591c67 34310731b79445f958ec982df1cb3793cea4f125f0a192a110d08203f4015c10 Loading...

	unknown	EventHandler	0 B	0001-01-01	2025-05-21
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-05-21 04:46 Times Seen4737376 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw==	ScriptElement	241 B	2023-03-26	2024-08-19
Pretty URL player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw== IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 14:24 Last Seen2024-08-19 14:39 Times Seen1 Hash 09c7d42e65e8a34b46f308a6b81122b1 97b9bd954ea16669f79293951ca90b0fcb4a8944 f3203ecca6752627946f8ad6d333815c70ebecaf34ba9f0d40c76e9a86a4dd8d Loading...

	player.ekino-tv.link/js/d_check.js?35	ScriptElement	3.5 kB	2023-10-14	2025-05-16
Pretty URL player.ekino-tv.link/js/d_check.js?35 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-14 17:44 Last Seen2025-05-16 04:41 Times Seen480 Hash cc58687e068922c3c6cd915e90ce82a6 4560b7b212b7a3ea4daab7f679cfee37e4493bf8 88e33d38aa577708d4cb0230edfddbbc348ed7dd6af3224797bee28eae0f2c7a Loading...

	unknown	Function	37 B	2023-04-11	2025-05-21
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31 Last Seen2025-05-21 04:43 Times Seen265714 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	unknown	Function	219 B	2024-08-19	2024-08-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-08-19 14:39 Last Seen2024-08-19 14:39 Times Seen1 Hash 2e176d3a9b3bc04d4b4ff429928b22a1 8d8238a0c361c79c92571652b1f6b0193f921d8b ed0daf4cd47544206c76ef65ecef8c265a9ab19b90efed49ace39f1d31e1a4a0 Loading...

		Size	First Seen	Last Seen
	#1 Eval - a7ce8bf7c544f76eb89926b3ca618f43	12 B	2023-03-07 01:07	2025-05-16 04:41
Pretty Observations First Seen2023-03-07 01:07 Last Seen2025-05-16 04:41 Times Seen1417 Hash a7ce8bf7c544f76eb89926b3ca618f43 313d20acfe186ea3594870fc6d56c119f658fef2 4ab4edee422a7a6e621718d1ae7180b13ba13f18c0ce3e7e3e26fd68e57e119c Loading...

	#2 Eval - 786999bfc817837caf61ec5fd75eaaf0	20 B	2023-03-07 01:07	2025-05-16 04:41
Pretty Observations First Seen2023-03-07 01:07 Last Seen2025-05-16 04:41 Times Seen817 Hash 786999bfc817837caf61ec5fd75eaaf0 0cbe6cc1093c2068c537393bbc96de4bc32888f5 fc0d820f6f6693ccd6462b02714dcea358f75a12b72a7fe3f38e24168433f487 Loading...

	#3 Eval - 45c0cad4f4fc0a31889cfbcfa2d4df9a	751 B	2024-08-19 14:39	2024-08-19 14:39
Pretty Observations First Seen2024-08-19 14:39 Last Seen2024-08-19 14:39 Times Seen1 Hash 45c0cad4f4fc0a31889cfbcfa2d4df9a 5e1431585f6116ca1149d296f97ed53df6e6b990 2916a8416cbc074190bc3617e6ccc5e91d29b4210bc904dcfaa7448cbe9e5c5e Loading...

HTTP Transactions (75)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
aadf4023fd478bb51576a5f2358b225e
a9d7b5d1e6a9d4f3fd800815a784607563dae142
cc1e53796ec8c93a6a4cf66399a32249a405bd6ec1bd7399d5926c11657868a9

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CC1E53796EC8C93A6A4CF66399A32249A405BD6EC1BD7399D5926C11657868A9"
Last-Modified: Sat, 03 Aug 2024 18:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5072
Expires: Sun, 04 Aug 2024 22:04:53 GMT
Date: Sun, 04 Aug 2024 20:40:21 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
fbcbba6bdbe62bf043a449052e96c537
78ba577fb46d8f5471d6b956b571a64840d68762
af55de43044220deca1e257adc161f81a25c20dd9e7208ee4efec19b1a194f2a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "AF55DE43044220DECA1E257ADC161F81A25C20DD9E7208EE4EFEC19B1A194F2A"
Last-Modified: Sat, 03 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7118
Expires: Sun, 04 Aug 2024 22:38:59 GMT
Date: Sun, 04 Aug 2024 20:40:21 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c303859305dd6c542987eab859bf7ff6
d5ad24e8d4d45da1f0ade79f0c059547a6ddc4cb
6c62566757f05a770360606b6260cc4ed7f8f88d45ee495b3091776e11166fd5

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6C62566757F05A770360606B6260CC4ED7F8F88D45EE495B3091776E11166FD5"
Last-Modified: Sat, 03 Aug 2024 18:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11588
Expires: Sun, 04 Aug 2024 23:53:30 GMT
Date: Sun, 04 Aug 2024 20:40:22 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3653abf0951eea060f104ae59d60cf7c
75790e8c59cb78c77ab522e7dc7140b62a046bb9
d059eeda67b64dd02259f5a9352df39cc808e3f9e03068a434e0f6486814893d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D059EEDA67B64DD02259F5A9352DF39CC808E3F9E03068A434E0F6486814893D"
Last-Modified: Sat, 03 Aug 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11020
Expires: Sun, 04 Aug 2024 23:44:02 GMT
Date: Sun, 04 Aug 2024 20:40:22 GMT
Connection: keep-alive

player.ekino-tv.link/ad/top/popunder.js

188.114.96.1

200 OK

21 B

URL GET HTTP/3
player.ekino-tv.link/ad/top/popunder.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
533a813ddb8f84d7e018bf8e6296c44d
8c95af23d5dc502f1bc3395a6d2e339e696c0d3e
a499068cf858aa2cd9b077e2e354b6bf8435eaa8e44c2047f403c7283031977f

HTTP Headers

GET /ad/top/popunder.js HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/javascript; charset=UTF-8
content-length: 21
last-modified: Wed, 15 Sep 2021 14:06:22 GMT
etag: "6141fdde-15"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 2109326
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QlFsvubAlpEB%2FPDIOZO27O2562QDYjgR2I4V9mNfsogDFaND4w%2F5zPj08RU0CXvOMLpwIDgFKfKJdBBH%2FC1XfzHXDcwyHIgTbOK3khZskCgqtHuFZN9KbIsE1UozDqk8NVrNGZeSDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ae15cb97803b4f3-OSL
alt-svc: h3=":443"; ma=86400

player.ekino-tv.link/js/embed.232.js?736

188.114.96.1

200 OK

48 kB

URL GET HTTP/3
player.ekino-tv.link/js/embed.232.js?736
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3159)
Size
48 kB (47535 bytes)
Hash
2ef0f0aaced28cafd6f81e3817e119a5
a7350dad6f2a5a030506712a3500ac5991c858b4
c08fcc8c5a98d44983c1b328f7345751e4aa22d21b90b1929c5c084fb62bf863

HTTP Headers

GET /js/embed.232.js?736 HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 18 Nov 2023 19:14:49 GMT
etag: W/"65590d29-2a6ef"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 108892
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9BEiL6tLA0aQoUPP5%2BxWBaS2Xv%2BYz34bObRg%2FZbRxEWmQ%2BtLlMFVjsiobfsOXUxOzhEfbxYuMU%2B65e45PfUu2XcDEuFhJF08z47jkudk7iHJRjNv0qcHzGJ28aL8c%2Bz2jScmwuuraA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cb97801b4f3-OSL
alt-svc: h3=":443"; ma=86400

player.ekino-tv.link/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=54723817

188.114.96.1

200 OK

2 B

URL GET HTTP/3
player.ekino-tv.link/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=54723817
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

HTTP Headers

GET /ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=54723817 HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Cookie: uid=GN-EUbMfV4Hua_cLc7I4yuJA1x5N_utG
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/json
content-length: 2
access-control-allow-origin: *
x-inferno-location: banner
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jOZokZQ0N8FEd7OiMy38EhG7rN6%2BwYecZYRUFv%2B930CzzMW%2F6Wnxa8aoIjJwWa7mTbdKJShGakMk7h%2BjpB%2BqWk4S3wjfM%2FZCWabj%2F%2FJdSJdO4P%2F1w0UTBKvfgqICc0ksODQEMfCN5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cbc6c20b4f3-OSL
alt-svc: h3=":443"; ma=86400

player.ekino-tv.link/js/script_33.11.js?16

188.114.96.1

200 OK

3.4 kB

URL GET HTTP/3
player.ekino-tv.link/js/script_33.11.js?16
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
gzip compressed data, from Unix
Size
3.4 kB (3419 bytes)
Hash
7c0121ceada600ca805161053e99638d
d64d2b65951006a14c38add3411c8e72ed09077a
4e95b32d7319877d792404a43813f70758ed7bd1124a0e575213ab5d739172a3

HTTP Headers

GET /js/script_33.11.js?16 HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Cookie: uid=GN-EUbMfV4Hua_cLc7I4yuJA1x5N_utG
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Fri, 22 Dec 2023 20:09:58 GMT
etag: W/"6585ed16-1b3e"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 2631428
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EBGn8C2m30Zy2vn1za964JTbAxMDDY1H0gVWyZmyhupVGoXXADJMBdCwMXqs%2Fqtgi8PP5OtQHrfJk1HhYbbNWkwSeoK1ECKhoHlFyilyvwC5kmPQordme1rDSsvMckjLoz4aw%2FuryQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cbb5ab5b4f3-OSL
alt-svc: h3=":443"; ma=86400

i0.wp.com/cdn-s11.cfglobalcdn.com/flv/api/files/thumbs_new/2021/04/06/16177149658btb3/16177149658btb3-640x480-1.jpg

192.0.77.2

403 Forbidden

146 B

URL GET HTTP/2
i0.wp.com/cdn-s11.cfglobalcdn.com/flv/api/files/thumbs_new/2021/04/06/16177149658btb3/16177149658btb3-640x480-1.jpg
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
9fe3cb2b7313dc79bb477bc8fde184a7
4d7b3cb41e90618358d0ee066c45c76227a13747
32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

HTTP Headers

GET /cdn-s11.cfglobalcdn.com/flv/api/files/thumbs_new/2021/04/06/16177149658btb3/16177149658btb3-640x480-1.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
server: nginx
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: text/html
content-length: 146
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.67

472 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
68e15309da1d5c0a2175c773015b67a2
d803d8ffed6fae4c309893927142b3d33565f129
0df60fb822c62dbdee654125c177c7e9ad7520a562adda9550f3962be8f61da4

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Aug 2024 20:40:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

dns.google/resolve?name=154.42.90.91.in-addr.arpa&type=PTR&cd=true

8.8.4.4

200 OK

196 B

URL GET HTTP/2
dns.google/resolve?name=154.42.90.91.in-addr.arpa&type=PTR&cd=true
IP
8.8.4.4:443
ASN
#15169 GOOGLE

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectdns.google
Fingerprint23:C3:D6:08:9E:F1:5F:01:64:EA:18:E6:9C:21:B5:58:2A:29:86:00
ValidityTue, 30 Jul 2024 12:50:19 GMT - Tue, 22 Oct 2024 12:50:18 GMT

File type
JSON text data
Size
196 B (196 bytes)
Hash
85438c0f6b351bf7452eaf76460409d5
24ebcc2f6efb59b35808cc37fb18187c0845c529
a83ee738bf9b23cd53f586b128f09e6fca1a7750dcde21610702c896664e41e3

HTTP Headers

GET /resolve?name=154.42.90.91.in-addr.arpa&type=PTR&cd=true HTTP/1.1
Host: dns.google
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://player.ekino-tv.link/
Origin: https://player.ekino-tv.link
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
date: Sun, 04 Aug 2024 20:40:24 GMT
expires: Sun, 04 Aug 2024 20:40:24 GMT
cache-control: private, max-age=300
content-type: application/json; charset=UTF-8
content-encoding: gzip
server: HTTP server (unknown)
content-length: 196
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.67

472 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3c4328abad16a9572dafaa9b6827f46c
fd924517b8c1b1c6d4eb666fe438abe8d3a7cef5
a91e6720849eb3574a593a88a91eaa689a9189df6df9f88e7ec3f6d920aad7a2

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Aug 2024 20:40:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
78be19d93b8add0d8f3c63b67e490038
2ed9c5d656a70a78ced84cd8fedbf0dcceb35bd6
b8a162cbf6a846ccd9bd65a8744c313d48c66700352346c24777bdc1c2358726

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B8A162CBF6A846CCD9BD65A8744C313D48C66700352346C24777BDC1C2358726"
Last-Modified: Sat, 03 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18687
Expires: Mon, 05 Aug 2024 01:51:51 GMT
Date: Sun, 04 Aug 2024 20:40:24 GMT
Connection: keep-alive

player.ekino-tv.link/cdn-cgi/trace

188.114.96.1

200 OK

8.2 kB

URL GET HTTP/3
player.ekino-tv.link/cdn-cgi/trace
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
gzip compressed data, from Unix
Size
8.2 kB (8243 bytes)
Hash
1d94caf04c8d9a6de3390791f96076a0
68a464b741bef0c704567567d1e58c322bafeeba
b0cc1684549165b31d7bc1e60881c3cbe5bf948ef417cc10c678398cdc0614bb

HTTP Headers

GET /cdn-cgi/trace HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Cookie: uid=GN-EUbMfV4Hua_cLc7I4yuJA1x5N_utG
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: text/plain
access-control-allow-origin: *
server: cloudflare
cf-ray: 8ae15cbb6ab7b4f3-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip

player.ekino-tv.link/favicon.ico

188.114.96.1

200 OK

12 kB

URL GET HTTP/3
player.ekino-tv.link/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw==
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel
Size
12 kB (11662 bytes)
Hash
80a54ed7d6660735acb2e465f5bdf3a5
3a404bf6b14afe2c93d775c58dbe98d244d1c925
4ce41669e0bcf7336eee3c87b7377824458cabb5edbac6279629051933e7e89c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: image/x-icon
last-modified: Thu, 12 May 2016 16:33:21 GMT
etag: W/"5734b051-57e"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 4511577
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s38kXWSpNZN7bRplL%2F8ejnmohf2G1t4AHHyS8O7xP1hqiFsP%2BqfqaAndNK1%2B4yK3xVH6fNAqAZW4WCLwihFGXaZwIzlf5RE1F1MU%2FjJpzHcMfaVzl%2FGhUK31qRVnRZuoi7xdOmshPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ae15cb8df26b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

xml.popmansion.com/load

104.21.87.102

302 Found

359 B

URL POST HTTP/3
xml.popmansion.com/load
IP
104.21.87.102:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectpopmansion.com
Fingerprint3F:7A:D2:92:74:54:7B:F3:0B:0C:BD:2F:9E:9E:BC:94:88:FD:71:EC
ValidityFri, 28 Jun 2024 07:10:45 GMT - Thu, 26 Sep 2024 07:10:44 GMT

File type
HTML document, ASCII text
Size
359 B (359 bytes)
Hash
f219f4e1a432fbb2980f91563407cc2b
434419565b9b9e48baedb78c889dfda7b18b722d
05d912b6cb9b24ddb89ab6144f1f93a139be169d649ec68fc55bfb2d0ca93359

HTTP Headers

POST /load HTTP/1.1
Host: xml.popmansion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 92
Origin: https://xml.popmansion.com
DNT: 1
Connection: keep-alive
Referer: https://xml.popmansion.com/sub/ED05GzY
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Sun, 04 Aug 2024 20:40:26 GMT
content-type: text/html; charset=utf-8
location: https://xml.xmlwiz.com/redirect?feed=598894&auth=FqgVMV&pubid=196092
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pd6I4XuwQwzgH9u%2F41DvEn7F9YvGCBwqH8N0r5QgQFe9gWT1YbK8Mw%2FsD7MnxsOCzyfcDOX9JHMwBwMFgCTBZqFYkKvDasPTXOIrRf1t0RB2xiMLQtPf0%2BgcRHykvHyzMuObtpc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15ccb3fa956ca-OSL
alt-svc: h3=":443"; ma=86400

xml.poprtb.com/redirect?feed=491010&auth=OpDJQF&pubid=152420

174.137.133.17

200 OK

0 B

URL GET HTTP/1.1
xml.poprtb.com/redirect?feed=491010&auth=OpDJQF&pubid=152420
IP
174.137.133.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerSectigo Limited
Subject*.poprtb.com
FingerprintAC:C5:F9:6B:7E:28:43:60:71:CA:FD:76:2B:3D:3E:5D:FB:F8:F5:D0
ValidityMon, 22 Jul 2024 00:00:00 GMT - Tue, 22 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=491010&auth=OpDJQF&pubid=152420 HTTP/1.1
Host: xml.poprtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marazma.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Aug 2024 20:40:26 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

xml.cachegorilla.com/redirect?feed=652770&auth=kWcHhV&pubid=202912

173.239.53.20

302 Found

0 B

URL GET HTTP/1.1
xml.cachegorilla.com/redirect?feed=652770&auth=kWcHhV&pubid=202912
IP
173.239.53.20:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerSectigo Limited
Subject*.cachegorilla.com
Fingerprint29:B3:53:29:E3:6F:D3:48:F6:66:3E:78:57:05:A6:19:12:0D:2C:4A
ValidityFri, 10 Nov 2023 00:00:00 GMT - Sun, 10 Nov 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=652770&auth=kWcHhV&pubid=202912 HTTP/1.1
Host: xml.cachegorilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xml.popmansion.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Aug 2024 20:40:26 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://de.forerungirdles.com/i6oKq6spPDgpeY/QrOEQ

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0f5de1c2525d9bde7dc16ad4ed434dd4
650a7d8336a3dd463a84e8d0294d91bb9c18fa4c
1198de1ca8b99cbbd53d3c2b1de90218528bcaac99c6ab6fa1c15c9fcf9fedc5

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1198DE1CA8B99CBBD53D3C2B1DE90218528BCAAC99C6AB6FA1C15C9FCF9FEDC5"
Last-Modified: Sat, 03 Aug 2024 19:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18601
Expires: Mon, 05 Aug 2024 01:50:27 GMT
Date: Sun, 04 Aug 2024 20:40:26 GMT
Connection: keep-alive

de.forerungirdles.com/i6oKq6spPDgpeY/QrOEQ

23.109.170.198

200 OK

15 kB

URL GET HTTP/1.1
de.forerungirdles.com/i6oKq6spPDgpeY/QrOEQ
IP
23.109.170.198:443
ASN
#7979 SERVERS-COM

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerLet's Encrypt
Subjectde.forerungirdles.com
Fingerprint3B:E3:2F:66:9C:8C:F7:DD:F2:13:FC:A7:C5:30:47:3F:77:EE:DE:62
ValidityFri, 07 Jun 2024 02:51:37 GMT - Thu, 05 Sep 2024 02:51:36 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (39664)
Size
15 kB (15173 bytes)
Hash
3433dc816a4d508ccb86cdf526949738
33eadbcc98bf4776aa3b1912a0e737759fc22911
a6a39146749d04df5395856fced346e5330101f0d760dff6c30b60aa8e5b1f23

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /i6oKq6spPDgpeY/QrOEQ HTTP/1.1
Host: de.forerungirdles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xml.popmansion.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Aug 2024 20:40:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Mon, 05-Aug-2024 20:40:26 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Mon, 05-Aug-2024 20:40:26 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

echonverforrinho.info/?tid=1062812

143.204.55.91

302 Found

0 B

URL GET HTTP/2
echonverforrinho.info/?tid=1062812
IP
143.204.55.91:443
ASN
#16509 AMAZON-02

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerAmazon
Subjectechonverforrinho.info
FingerprintEE:84:54:4C:F3:64:D0:69:4A:AA:DF:E0:1C:A9:50:F3:55:C7:76:E0
ValidityThu, 25 Jan 2024 00:00:00 GMT - Sat, 22 Feb 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?tid=1062812 HTTP/1.1
Host: echonverforrinho.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xml.popmansion.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://zeratys.com/ie?v=4&c=SgrZDpT2-DNxsNXLPXc0qmpnqFtFKKBcftWgIYsJ_NIkxxKY6zrOzZT3yWdKQRuGnwqWEUhKjJJyovKy2cxo6R-Eol3qzPTjiB17v-IdwcaBHrJRS_k92Xf94SZTMhw2TLZcrZgtJUDe9-SJ5Roy866SgoNreO-6YegqG4K61OCvUwT2qjWe9RMhtAZSM0p408BDpwY97BXF5l1c6SveoHIN5St27F9C6Pf6lsfnwu7OTgvN-BnsZGzopEr1aeUSTsgiV0dEW0QF01c1o_9RvWtO3yi4edHL6seiipkcoFq2asZN4yBDMnH3rYJjJ2N1bII9XB-zhLI1Zv_uUHFs_eJTZLn8vuUCeRAEO4WNsV3jf2ft_idtgJWO-cyTTDsuosYt74Hg6NHql7IZXHdXMT9krCryxBofhc4Yxx-Jww1KaGeB_g3n8FLWhFeCWqFEvGms&v1=158&v2=113984
date: Sun, 04 Aug 2024 20:40:27 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=022fb3c9-5fdd-4840-aa4d-47e6bdf56dc7
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: grTyifZCDWgLiLD89zCn1benfO0iNRze0VsJoRlDlNXhp-OU_3Cdxg==
X-Firefox-Spdy: h2

e5.o.lencr.org/

23.36.76.226

346 B

URL
e5.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
a942573c3e9d5fe969a98e753c74332c
7f2853e71871eca25a6a96dae8cf4bd8ab41fdfd
062abb25b80b0ab4d5bef0a1ae431b4845b075c72edaa7ec32c92b002c699d48

HTTP Headers

POST / HTTP/1.1
Host: e5.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "062ABB25B80B0AB4D5BEF0A1AE431B4845B075C72EDAA7EC32C92B002C699D48"
Last-Modified: Sat, 03 Aug 2024 13:02:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6992
Expires: Sun, 04 Aug 2024 22:36:59 GMT
Date: Sun, 04 Aug 2024 20:40:27 GMT
Connection: keep-alive

zeratys.com/ie?v=4&c=SgrZDpT2-DNxsNXLPXc0qmpnqFtFKKBcftWgIYsJ_NIkxxKY6zrOzZT3yWdKQRuGnwqWEUhKjJJyovKy2cxo6R-Eol3qzPTjiB17v-IdwcaBHrJRS_k92Xf94SZTMhw2TLZcrZgtJUDe9-SJ5Roy866SgoNreO-6YegqG4K61OCvUwT2qjWe9RMhtAZSM0p408BDpwY97BXF5l1c6SveoHIN5St27F9C6Pf6lsfnwu7OTgvN-BnsZGzopEr1aeUSTsgiV0dEW0QF01c1o_9RvWtO3yi4edHL6seiipkcoFq2asZN4yBDMnH3rYJjJ2N1bII9XB-zhLI1Zv_uUHFs_eJTZLn8vuUCeRAEO4WNsV3jf2ft_idtgJWO-cyTTDsuosYt74Hg6NHql7IZXHdXMT9krCryxBofhc4Yxx-Jww1KaGeB_g3n8FLWhFeCWqFEvGms&v1=158&v2=113984

138.201.194.90

200 OK

4.8 kB

URL GET HTTP/1.1
zeratys.com/ie?v=4&c=SgrZDpT2-DNxsNXLPXc0qmpnqFtFKKBcftWgIYsJ_NIkxxKY6zrOzZT3yWdKQRuGnwqWEUhKjJJyovKy2cxo6R-Eol3qzPTjiB17v-IdwcaBHrJRS_k92Xf94SZTMhw2TLZcrZgtJUDe9-SJ5Roy866SgoNreO-6YegqG4K61OCvUwT2qjWe9RMhtAZSM0p408BDpwY97BXF5l1c6SveoHIN5St27F9C6Pf6lsfnwu7OTgvN-BnsZGzopEr1aeUSTsgiV0dEW0QF01c1o_9RvWtO3yi4edHL6seiipkcoFq2asZN4yBDMnH3rYJjJ2N1bII9XB-zhLI1Zv_uUHFs_eJTZLn8vuUCeRAEO4WNsV3jf2ft_idtgJWO-cyTTDsuosYt74Hg6NHql7IZXHdXMT9krCryxBofhc4Yxx-Jww1KaGeB_g3n8FLWhFeCWqFEvGms&v1=158&v2=113984
IP
138.201.194.90:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerLet's Encrypt
Subjectnimrute.com
Fingerprint00:BD:52:6B:A4:7D:CD:9E:E3:23:17:37:DC:62:09:FF:3A:14:BA:67
ValidityMon, 29 Jul 2024 11:55:16 GMT - Sun, 27 Oct 2024 11:55:15 GMT

File type
HTML document, ASCII text, with very long lines (3197)
Size
4.8 kB (4829 bytes)
Hash
f5ae4978b2414109c3b3e52f00a8d950
c87c38d22f54a884a3c2e62176a523d567a5bc30
505a1f33015628658e9d5e31ea1b45bd8a7f621231c749bbab4f2138ea43ab82

HTTP Headers

GET /ie?v=4&c=SgrZDpT2-DNxsNXLPXc0qmpnqFtFKKBcftWgIYsJ_NIkxxKY6zrOzZT3yWdKQRuGnwqWEUhKjJJyovKy2cxo6R-Eol3qzPTjiB17v-IdwcaBHrJRS_k92Xf94SZTMhw2TLZcrZgtJUDe9-SJ5Roy866SgoNreO-6YegqG4K61OCvUwT2qjWe9RMhtAZSM0p408BDpwY97BXF5l1c6SveoHIN5St27F9C6Pf6lsfnwu7OTgvN-BnsZGzopEr1aeUSTsgiV0dEW0QF01c1o_9RvWtO3yi4edHL6seiipkcoFq2asZN4yBDMnH3rYJjJ2N1bII9XB-zhLI1Zv_uUHFs_eJTZLn8vuUCeRAEO4WNsV3jf2ft_idtgJWO-cyTTDsuosYt74Hg6NHql7IZXHdXMT9krCryxBofhc4Yxx-Jww1KaGeB_g3n8FLWhFeCWqFEvGms&v1=158&v2=113984 HTTP/1.1
Host: zeratys.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xml.popmansion.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: fasthttp
date: Sun, 04 Aug 2024 20:40:27 GMT
content-type: text/html
content-length: 4829
x-app-id: 14

zeratys.com/ie?v=4

138.201.194.90

301 Moved Permanently

0 B

URL POST HTTP/1.1
zeratys.com/ie?v=4
IP
138.201.194.90:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerLet's Encrypt
Subjectnimrute.com
Fingerprint00:BD:52:6B:A4:7D:CD:9E:E3:23:17:37:DC:62:09:FF:3A:14:BA:67
ValidityMon, 29 Jul 2024 11:55:16 GMT - Sun, 27 Oct 2024 11:55:15 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ie?v=4 HTTP/1.1
Host: zeratys.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 799
Origin: https://zeratys.com
DNT: 1
Connection: keep-alive
Referer: https://zeratys.com/ie?v=4&c=SgrZDpT2-DNxsNXLPXc0qmpnqFtFKKBcftWgIYsJ_NIkxxKY6zrOzZT3yWdKQRuGnwqWEUhKjJJyovKy2cxo6R-Eol3qzPTjiB17v-IdwcaBHrJRS_k92Xf94SZTMhw2TLZcrZgtJUDe9-SJ5Roy866SgoNreO-6YegqG4K61OCvUwT2qjWe9RMhtAZSM0p408BDpwY97BXF5l1c6SveoHIN5St27F9C6Pf6lsfnwu7OTgvN-BnsZGzopEr1aeUSTsgiV0dEW0QF01c1o_9RvWtO3yi4edHL6seiipkcoFq2asZN4yBDMnH3rYJjJ2N1bII9XB-zhLI1Zv_uUHFs_eJTZLn8vuUCeRAEO4WNsV3jf2ft_idtgJWO-cyTTDsuosYt74Hg6NHql7IZXHdXMT9krCryxBofhc4Yxx-Jww1KaGeB_g3n8FLWhFeCWqFEvGms&v1=158&v2=113984
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Sun, 04 Aug 2024 20:40:27 GMT
content-length: 0
location: https://www.sexnarxnxx.com/xnxx.html
x-app-id: 14

smkezc.com/admc?a=2&pid=1019978&sid=1320666&wid=533138&fp=0bda360793d6d5f0c72079fa6104b64d&f=8&tz=0

185.162.85.14

0 B

URL
smkezc.com/admc?a=2&pid=1019978&sid=1320666&wid=533138&fp=0bda360793d6d5f0c72079fa6104b64d&f=8&tz=0
IP
185.162.85.14:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /admc?a=2&pid=1019978&sid=1320666&wid=533138&fp=0bda360793d6d5f0c72079fa6104b64d&f=8&tz=0 HTTP/1.1
Host: smkezc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.sexnarxnxx.com/
Origin: https://www.sexnarxnxx.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 04 Aug 2024 20:40:28 GMT
content-length: 0
access-control-allow-origin: https://www.sexnarxnxx.com
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Platform-Version
X-Firefox-Spdy: h2

tsyndicate.com/api/v1/direct/4f22342a5ec3485699b65ced0ff545fc?

136.243.69.157

302 Found

0 B

URL GET HTTP/2
tsyndicate.com/api/v1/direct/4f22342a5ec3485699b65ced0ff545fc?
IP
136.243.69.157:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerLet's Encrypt
Subjecttsyndicate.com
Fingerprint8A:68:BB:65:04:81:18:6D:08:27:F8:F9:B5:D9:55:74:8B:DC:27:85
ValidityFri, 12 Jul 2024 09:06:43 GMT - Thu, 10 Oct 2024 09:06:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/v1/direct/4f22342a5ec3485699b65ced0ff545fc? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sun, 04 Aug 2024 20:40:28 GMT
content-length: 0
pragma: no-cache
expires: 0
vary: *
x-api-version: 2
location: https://go.mnaspm.com/smartpop/a96c4365c7d308d3376afe0272ee2b463518c44d17621f80b7dec6f060bcb687?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=760039&memberId=xJE2V3FxeiM7MGV9QKvdUqAtSBxAjupud9SsgutU9Z0R8BVjH4uHloMGEpB1mQW6WXIirqFNfRTLGQswKAvJCDdRnaz9hL-e_1nyozLTHUCeV-TO_gUIDRUi&p1=4578416&no_bb=1
set-cookie: ts_direct_tag=760039:4188608:14718:4578416:53739; expires=Wed, 04 Sep 2024 20:40:28 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
ts_last_click_id=xJE2V3FxeiM7MGV9QKvdUqAtSBxAjupud9SsgutU9Z0R8BVjH4uHloMGEpB1mQW6WXIirqFNfRTLGQswKAvJCDdRnaz9hL-e_1nyozLTHUCeV-TO_gUIDRUi; expires=Sun, 11 Aug 2024 20:40:28 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cookie_user_id=2d25e52b-35fc-4899-beab-0116405af8b7; expires=Tue, 04 Feb 2025 20:40:28 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYaMXDgsAEDRxcWIsYU3BLjoYgyE2PckCEDRw4YNDp26aMg; expires=Mon, 05 Aug 2024 20:40:28 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2

go.mnaspm.com/smartpop/a96c4365c7d308d3376afe0272ee2b463518c44d17621f80b7dec6f060bcb687?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=760039&memberId=xJE2V3FxeiM7MGV9QKvdUqAtSBxAjupud9SsgutU9Z0R8BVjH4uHloMGEpB1mQW6WXIirqFNfRTLGQswKAvJCDdRnaz9hL-e_1nyozLTHUCeV-TO_gUIDRUi&p1=4578416&no_bb=1

104.18.17.106

302 Found

0 B

URL GET HTTP/2
go.mnaspm.com/smartpop/a96c4365c7d308d3376afe0272ee2b463518c44d17621f80b7dec6f060bcb687?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=760039&memberId=xJE2V3FxeiM7MGV9QKvdUqAtSBxAjupud9SsgutU9Z0R8BVjH4uHloMGEpB1mQW6WXIirqFNfRTLGQswKAvJCDdRnaz9hL-e_1nyozLTHUCeV-TO_gUIDRUi&p1=4578416&no_bb=1
IP
104.18.17.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectmnaspm.com
Fingerprint2A:B0:18:21:52:65:FD:DF:3F:51:E5:57:12:A2:2B:77:6F:77:92:C3
ValidityWed, 12 Jun 2024 21:20:38 GMT - Tue, 10 Sep 2024 21:20:37 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /smartpop/a96c4365c7d308d3376afe0272ee2b463518c44d17621f80b7dec6f060bcb687?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=760039&memberId=xJE2V3FxeiM7MGV9QKvdUqAtSBxAjupud9SsgutU9Z0R8BVjH4uHloMGEpB1mQW6WXIirqFNfRTLGQswKAvJCDdRnaz9hL-e_1nyozLTHUCeV-TO_gUIDRUi&p1=4578416&no_bb=1 HTTP/1.1
Host: go.mnaspm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sun, 04 Aug 2024 20:40:28 GMT
content-length: 0
location: https://creative.mnaspm.com/LPAkira?action=sbSignupWithModel&autoplay=allInFocus&autoplayForce=1&campaignId=a96c4365c7d308d3376afe0272ee2b463518c44d17621f80b7dec6f060bcb687&campaignType=smartpop&creativeId=701259d3d7518ebab72267f14d4976f98b2888db090ec7e7a0ac6a4899e0ce07&iterationId=884851&masterSmartpopId=1603&memberId=xJE2V3FxeiM7MGV9QKvdUqAtSBxAjupud9SsgutU9Z0R8BVjH4uHloMGEpB1mQW6WXIirqFNfRTLGQswKAvJCDdRnaz9hL-e_1nyozLTHUCeV-TO_gUIDRUi&no_bb=1&noc=1&p1=4578416&ruleId=363&smartpopId=1055&sourceId=760039&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=33610
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8ae15cda9b2056a8-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

creative.mnaspm.com/LPAkira/main.9862c9a2ee68bd9b4aa5.js

104.18.17.106

788 kB

URL
creative.mnaspm.com/LPAkira/main.9862c9a2ee68bd9b4aa5.js
IP
104.18.17.106:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, max speed, from Unix
Size
788 kB (787453 bytes)
Hash
364a947c018a6e5c065553a31b7ee373
609a3b12a0c1403039ecc1147899b698967c80d4
11ab8088e91207750d87cab0b74eed65ed0c828bd5000d6423d67dd073679323

HTTP Headers

GET /LPAkira/main.9862c9a2ee68bd9b4aa5.js HTTP/1.1
Host: creative.mnaspm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.mnaspm.com/LPAkira?action=sbSignupWithModel&autoplay=allInFocus&autoplayForce=1&campaignId=a96c4365c7d308d3376afe0272ee2b463518c44d17621f80b7dec6f060bcb687&campaignType=smartpop&creativeId=701259d3d7518ebab72267f14d4976f98b2888db090ec7e7a0ac6a4899e0ce07&iterationId=884851&masterSmartpopId=1603&memberId=xJE2V3FxeiM7MGV9QKvdUqAtSBxAjupud9SsgutU9Z0R8BVjH4uHloMGEpB1mQW6WXIirqFNfRTLGQswKAvJCDdRnaz9hL-e_1nyozLTHUCeV-TO_gUIDRUi&no_bb=1&noc=1&p1=4578416&ruleId=363&smartpopId=1055&sourceId=760039&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=33610
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:28 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 29 Jul 2024 09:36:27 GMT
etag: W/"66a7629b-6c33f"
expires: Sun, 04 Aug 2024 20:40:23 GMT
cache-control: max-age=10
pragma: public
content-encoding: gzip
cf-cache-status: HIT
age: 5
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ae15cdbdb53569a-OSL
alt-svc: h3=":443"; ma=86400

video.ktkjmp.com/adsbygoogle.js

104.18.48.21

16 B

URL
video.ktkjmp.com/adsbygoogle.js
IP
104.18.48.21:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
16 B (16 bytes)
Hash
3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f

HTTP Headers

GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.mnaspm.com/
Origin: https://creative.mnaspm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Aug 2024 20:40:29 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: N/Ka+VmEDZ+RBUPAKEXkZYRhYoVPp3IVLDlCSFPWfBjFyG3UCPHobJOnrnQ3zm9qgt4NdsJz6Qw=
x-amz-request-id: QGYDYNCRRYZH5ZW9
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.mnaspm.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 7112
expires: Mon, 05 Aug 2024 00:40:29 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ae15cdd5be10b06-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.67

471 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
de0ea4529e89ffd2f5a3fc2a302d7bce
54d71c374d14ccfe76df7a5b715b1e4372cf3509
4417d40c3fcbae82658730fffa2932568acea43e016af39dc11c61ca47c79d7c

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Aug 2024 20:40:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

142.250.74.67

471 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
fdb2507c5b8a1ec3ca19663da4f63c95
026483cca4bd5ffa25adc8b097a1bce4e7cff297
0c2c0d8200e0a3dd2550ccd7f635e64230a2d568bb4111dce3c7d3701bbb212f

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Aug 2024 20:40:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

creative.mnaspm.com/LPAkira/HelveticaNeue-Bold.ttf

104.18.17.106

322 kB

URL
creative.mnaspm.com/LPAkira/HelveticaNeue-Bold.ttf
IP
104.18.17.106:0
ASN
#13335 CLOUDFLARENET

File type
TrueType Font data, 17 tables, 1st "FFTM", 38 names, Macintosh
Size
322 kB (322508 bytes)
Hash
f51e47dd78152318d01f10739a7e610e
8772b55ed23b9a9dfd0e6dc848d01db17e30a141
9127e8991d4ad0f0d6306513785b4a86c3b3bd6a24d25d2879e00009f175f294

HTTP Headers

GET /LPAkira/HelveticaNeue-Bold.ttf HTTP/1.1
Host: creative.mnaspm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.mnaspm.com/LPAkira/main.9862c9a2ee68bd9b4aa5.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:29 GMT
content-type: application/octet-stream
content-length: 322508
last-modified: Mon, 29 Jul 2024 09:31:17 GMT
etag: "66a76165-4ebcc"
expires: Sun, 04 Aug 2024 20:40:22 GMT
cache-control: max-age=10
access-control-allow-origin: *
cf-cache-status: HIT
age: 10
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ae15cde3e50569a-OSL
alt-svc: h3=":443"; ma=86400

creative.mnaspm.com/LPAkira/HelveticaNeue-Medium.ttf

104.18.17.106

256 kB

URL
creative.mnaspm.com/LPAkira/HelveticaNeue-Medium.ttf
IP
104.18.17.106:0
ASN
#13335 CLOUDFLARENET

File type
TrueType Font data, 18 tables, 1st "FFTM", 40 names, Macintosh
Size
256 kB (256020 bytes)
Hash
5d6f90814caed5e3c4d5e2bf78714fc6
88b761e46449399b29e10fb66dc73e63e59c3e93
70da8ef2f79c1da6a9c25c8935f04b8fcd44d80d7efd9f23feca51596811645e

HTTP Headers

GET /LPAkira/HelveticaNeue-Medium.ttf HTTP/1.1
Host: creative.mnaspm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.mnaspm.com/LPAkira/main.9862c9a2ee68bd9b4aa5.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:29 GMT
content-type: application/octet-stream
content-length: 256020
last-modified: Mon, 29 Jul 2024 09:31:17 GMT
etag: "66a76165-3e814"
expires: Sun, 04 Aug 2024 20:40:29 GMT
cache-control: max-age=10
access-control-allow-origin: *
cf-cache-status: HIT
age: 3
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ae15cde4e65569a-OSL
alt-svc: h3=":443"; ma=86400

go.mnaspm.com/abc.gif?action=sbSignupWithModel&campaignId=a96c4365c7d308d3376afe0272ee2b463518c44d17621f80b7dec6f060bcb687&campaignType=smartpop&creativeId=701259d3d7518ebab72267f14d4976f98b2888db090ec7e7a0ac6a4899e0ce07&iterationId=884851&masterSmartpopId=1603&p1=4578416&ruleId=363&smartpopId=1055&sourceId=760039&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=33610&language=en&agev=0&nonNudeContent=0&stripcashR=0&thumbFit=cover&quality=original&thumbType=default&abTest=lpakira_aaa_1&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=5&segment=hls-newAPI&landing=LPAkira&referrer&i=0&ib=0&abTestVariant=lpakira_aaa_1_paidUsers_28&filtersMatch=1&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A0%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A630%2C%22duration%22%3A62%2C%22transferSize%22%3A145713%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A630%2C%22duration%22%3A57%2C%22transferSize%22%3A16278%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A840%2C%22duration%22%3A140%2C%22transferSize%22%3A0%7D%5D&mh=85989138

104.18.17.106

103 B

URL
go.mnaspm.com/abc.gif?action=sbSignupWithModel&campaignId=a96c4365c7d308d3376afe0272ee2b463518c44d17621f80b7dec6f060bcb687&campaignType=smartpop&creativeId=701259d3d7518ebab72267f14d4976f98b2888db090ec7e7a0ac6a4899e0ce07&iterationId=884851&masterSmartpopId=1603&p1=4578416&ruleId=363&smartpopId=1055&sourceId=760039&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=33610&language=en&agev=0&nonNudeContent=0&stripcashR=0&thumbFit=cover&quality=original&thumbType=default&abTest=lpakira_aaa_1&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=5&segment=hls-newAPI&landing=LPAkira&referrer&i=0&ib=0&abTestVariant=lpakira_aaa_1_paidUsers_28&filtersMatch=1&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A0%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A630%2C%22duration%22%3A62%2C%22transferSize%22%3A145713%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A630%2C%22duration%22%3A57%2C%22transferSize%22%3A16278%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A840%2C%22duration%22%3A140%2C%22transferSize%22%3A0%7D%5D&mh=85989138
IP
104.18.17.106:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmnaspm.com
Fingerprint2A:B0:18:21:52:65:FD:DF:3F:51:E5:57:12:A2:2B:77:6F:77:92:C3
ValidityWed, 12 Jun 2024 21:20:38 GMT - Tue, 10 Sep 2024 21:20:37 GMT

File type
data
Size
103 B (103 bytes)
Hash
8c99886486b9a004383cb4df29011c43
d79ca4754481fc59598bc08fcdf354900918bffe
bda00b0f6892b1c6991e793b42654ad1807694e2ffabcbc4eb1399379737ef6c

HTTP Headers

GET /abc.gif?action=sbSignupWithModel&campaignId=a96c4365c7d308d3376afe0272ee2b463518c44d17621f80b7dec6f060bcb687&campaignType=smartpop&creativeId=701259d3d7518ebab72267f14d4976f98b2888db090ec7e7a0ac6a4899e0ce07&iterationId=884851&masterSmartpopId=1603&p1=4578416&ruleId=363&smartpopId=1055&sourceId=760039&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=33610&language=en&agev=0&nonNudeContent=0&stripcashR=0&thumbFit=cover&quality=original&thumbType=default&abTest=lpakira_aaa_1&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=5&segment=hls-newAPI&landing=LPAkira&referrer&i=0&ib=0&abTestVariant=lpakira_aaa_1_paidUsers_28&filtersMatch=1&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A0%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A630%2C%22duration%22%3A62%2C%22transferSize%22%3A145713%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A630%2C%22duration%22%3A57%2C%22transferSize%22%3A16278%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A840%2C%22duration%22%3A140%2C%22transferSize%22%3A0%7D%5D&mh=85989138 HTTP/1.1
Host: go.mnaspm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.mnaspm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:29 GMT
content-type: image/gif
content-length: 103
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8ae15cdf3f9a569a-OSL
alt-svc: h3=":443"; ma=86400

go.mnaspm.com/api/models?landing=LPAkira&masterSmartpopId=1603&smartpopId=1055&forceClient=1&stripcashR=0&limit=5&usePreroll&webp=1&sortBy=paidUsers

104.18.17.106

15 kB

URL
go.mnaspm.com/api/models?landing=LPAkira&masterSmartpopId=1603&smartpopId=1055&forceClient=1&stripcashR=0&limit=5&usePreroll&webp=1&sortBy=paidUsers
IP
104.18.17.106:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmnaspm.com
Fingerprint2A:B0:18:21:52:65:FD:DF:3F:51:E5:57:12:A2:2B:77:6F:77:92:C3
ValidityWed, 12 Jun 2024 21:20:38 GMT - Tue, 10 Sep 2024 21:20:37 GMT

File type
gzip compressed data, max speed, from Unix
Size
15 kB (14671 bytes)
Hash
15cde5ee8044c942f27e555c385c2428
9e52adf926df9ae4e478f02d0e64445064bcdb98
86e3030837e6e9de12e95156e240852c24f23e6238fe902d447e30019f0c8035

HTTP Headers

GET /api/models?landing=LPAkira&masterSmartpopId=1603&smartpopId=1055&forceClient=1&stripcashR=0&limit=5&usePreroll&webp=1&sortBy=paidUsers HTTP/1.1
Host: go.mnaspm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.mnaspm.com/
Origin: https://creative.mnaspm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:29 GMT
content-type: application/json
access-control-allow-origin: https://creative.mnaspm.com
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
content-encoding: gzip
last-modified: Sun, 04 Aug 2024 20:40:23 GMT
cf-cache-status: HIT
server: cloudflare
cf-ray: 8ae15cddfe0e569a-OSL
alt-svc: h3=":443"; ma=86400

img.strpst.com/thumbs/1722803970/115856831_webp

104.17.11.106

18 kB

URL
img.strpst.com/thumbs/1722803970/115856831_webp
IP
104.17.11.106:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x360, Scaling: [none]x[none], YUV color, decoders should clamp
Size
18 kB (17780 bytes)
Hash
fed6015e18cae0afbd77ae38c04190c3
538020c0f536d35234cc9c73c5617f1196d892bd
414d2b1ed312b902ea8438c33532deb521182e692da6b550e2c70a3f0f13936b

HTTP Headers

GET /thumbs/1722803970/115856831_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.mnaspm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Aug 2024 20:40:29 GMT
content-type: image/webp
content-length: 17780
etag: "fed6015e18cae0afbd77ae38c04190c3"
last-modified: Sun, 04 Aug 2024 20:38:52 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 58
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ae15cdf8abdb518-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

img.strpst.com/thumbs/1722803970/130466719_webp

104.17.11.106

14 kB

URL
img.strpst.com/thumbs/1722803970/130466719_webp
IP
104.17.11.106:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x360, Scaling: [none]x[none], YUV color, decoders should clamp
Size
14 kB (13606 bytes)
Hash
d72be28ce3f7c4ab6c85f2f3617e25f7
1fd6c4106357b81949a189ed1a06b23db52feab2
687e4a32666372f78b20d8576773b9a7bffabaf984111342f8566c5d67c6cb5d

HTTP Headers

GET /thumbs/1722803970/130466719_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.mnaspm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Aug 2024 20:40:29 GMT
content-type: image/webp
content-length: 13606
etag: "d72be28ce3f7c4ab6c85f2f3617e25f7"
last-modified: Sun, 04 Aug 2024 20:38:51 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 63
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ae15cdf8ad6b518-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

img.strpst.com/thumbs/1722803970/66768818_webp

104.17.11.106

9.2 kB

URL
img.strpst.com/thumbs/1722803970/66768818_webp
IP
104.17.11.106:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x360, Scaling: [none]x[none], YUV color, decoders should clamp
Size
9.2 kB (9244 bytes)
Hash
84ee3e73b7bd0c2435584b13615114d9
107b058147295fc7aa793a101625c4887d72ef1c
fc65948675439c74ca90e4561e65c42abe32081197e2c8a260e197ba58de9774

HTTP Headers

GET /thumbs/1722803970/66768818_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.mnaspm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Aug 2024 20:40:29 GMT
content-type: image/webp
content-length: 9244
etag: "84ee3e73b7bd0c2435584b13615114d9"
last-modified: Sun, 04 Aug 2024 20:38:39 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 63
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ae15cdf8ad1b518-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

img.strpst.com/thumbs/1722803970/106494554_webp

104.17.11.106

31 kB

URL
img.strpst.com/thumbs/1722803970/106494554_webp
IP
104.17.11.106:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x360, Scaling: [none]x[none], YUV color, decoders should clamp
Size
31 kB (30860 bytes)
Hash
802531346bbeb0b39e3379e0bc456f9f
e2c8a5ea23dc86b76acc6fddd8ae6a9bd24bb7af
7ab506296729d90132423bf07fd85bb4238a062069825ae585e050458855fe0f

HTTP Headers

GET /thumbs/1722803970/106494554_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.mnaspm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Aug 2024 20:40:29 GMT
content-type: image/webp
content-length: 30860
etag: "802531346bbeb0b39e3379e0bc456f9f"
last-modified: Sun, 04 Aug 2024 20:38:51 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 58
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ae15cdf9aeeb518-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.67

472 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
996b036d63a7652e2eb4b8a954e5f282
7ab9bf0acfd65fb9d670ef755dd41d4afb61df87
aeac2a1d1952f62b85d59b0056f9976c40b7c543930ed9fffa466e6a9d7cf595

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Aug 2024 20:40:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

creative.mnaspm.com/LPAkira?action=sbSignupWithModel&autoplay=allInFocus&autoplayForce=1&campaignId=a96c4365c7d308d3376afe0272ee2b463518c44d17621f80b7dec6f060bcb687&campaignType=smartpop&creativeId=701259d3d7518ebab72267f14d4976f98b2888db090ec7e7a0ac6a4899e0ce07&iterationId=884851&masterSmartpopId=1603&memberId=xJE2V3FxeiM7MGV9QKvdUqAtSBxAjupud9SsgutU9Z0R8BVjH4uHloMGEpB1mQW6WXIirqFNfRTLGQswKAvJCDdRnaz9hL-e_1nyozLTHUCeV-TO_gUIDRUi&no_bb=1&noc=1&p1=4578416&ruleId=363&smartpopId=1055&sourceId=760039&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=33610

104.18.17.106

200 OK

215 kB

URL GET HTTP/2
creative.mnaspm.com/LPAkira?action=sbSignupWithModel&autoplay=allInFocus&autoplayForce=1&campaignId=a96c4365c7d308d3376afe0272ee2b463518c44d17621f80b7dec6f060bcb687&campaignType=smartpop&creativeId=701259d3d7518ebab72267f14d4976f98b2888db090ec7e7a0ac6a4899e0ce07&iterationId=884851&masterSmartpopId=1603&memberId=xJE2V3FxeiM7MGV9QKvdUqAtSBxAjupud9SsgutU9Z0R8BVjH4uHloMGEpB1mQW6WXIirqFNfRTLGQswKAvJCDdRnaz9hL-e_1nyozLTHUCeV-TO_gUIDRUi&no_bb=1&noc=1&p1=4578416&ruleId=363&smartpopId=1055&sourceId=760039&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=33610
IP
104.18.17.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectmnaspm.com
Fingerprint2A:B0:18:21:52:65:FD:DF:3F:51:E5:57:12:A2:2B:77:6F:77:92:C3
ValidityWed, 12 Jun 2024 21:20:38 GMT - Tue, 10 Sep 2024 21:20:37 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
215 kB (215030 bytes)
Hash
a05d5a2371541e8c7097fec51cf781ca
4b5fa2cf12fb62a9970a401ebfbc14df1e2f87c9
a20144636d0bdd488b65d1297fadd63114a3fc43bd22b655588068664b33329c

HTTP Headers

GET /LPAkira?action=sbSignupWithModel&autoplay=allInFocus&autoplayForce=1&campaignId=a96c4365c7d308d3376afe0272ee2b463518c44d17621f80b7dec6f060bcb687&campaignType=smartpop&creativeId=701259d3d7518ebab72267f14d4976f98b2888db090ec7e7a0ac6a4899e0ce07&iterationId=884851&masterSmartpopId=1603&memberId=xJE2V3FxeiM7MGV9QKvdUqAtSBxAjupud9SsgutU9Z0R8BVjH4uHloMGEpB1mQW6WXIirqFNfRTLGQswKAvJCDdRnaz9hL-e_1nyozLTHUCeV-TO_gUIDRUi&no_bb=1&noc=1&p1=4578416&ruleId=363&smartpopId=1055&sourceId=760039&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=33610 HTTP/1.1
Host: creative.mnaspm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Aug 2024 20:40:28 GMT
content-type: text/html
last-modified: Mon, 29 Jul 2024 09:31:17 GMT
expires: Sun, 04 Aug 2024 20:40:34 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age":  1048576 }
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: HIT
age: 3
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ae15cdadb7056a8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

video.sacdnssedge.com/checkUrl

185.76.9.18

15 B

URL
video.sacdnssedge.com/checkUrl
IP
185.76.9.18:0
ASN
#60068 Datacamp Limited

File type
JSON text data
Size
15 B (15 bytes)
Hash
7fb97eb7c8636552ad068f6d56b5ea34
b69679936779fb02503bc0fe1374a737cc762ecb
e78008828abaa93c4462e326ef384dcda1443352a0f24bdeedada6a6fdbfd1d5

HTTP Headers

GET /checkUrl HTTP/1.1
Host: video.sacdnssedge.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Referer: https://creative.mnaspm.com/
Origin: https://creative.mnaspm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Aug 2024 20:40:29 GMT
content-type: text/plain
content-length: 15
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-ray: 8ade42558feebbd4-FRA
alt-svc: h3=":443"; ma=86400
x-77-nzt: EwwBuUwJDQH3IH8AAAgBuUwKCQFBDAGKxyXEAfcAAAAA
x-77-nzt-ray: c0a4cc282701fb353de7af6656a0b426
x-accel-expires: @1723808285
x-accel-date: 1722771485
x-77-cache: HIT
x-77-age: 32544
server: CDN77-Turbo
x-accel-date-max: 1722771485
x-cache: HIT
x-age: 32544
x-77-pop: stockholmSE
accept-ranges: bytes
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.67

472 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
996b036d63a7652e2eb4b8a954e5f282
7ab9bf0acfd65fb9d670ef755dd41d4afb61df87
aeac2a1d1952f62b85d59b0056f9976c40b7c543930ed9fffa466e6a9d7cf595

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Aug 2024 20:40:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

go.mnaspm.com/app/domain-checker/check-result

104.18.17.106

0 B

URL
go.mnaspm.com/app/domain-checker/check-result
IP
104.18.17.106:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmnaspm.com
Fingerprint2A:B0:18:21:52:65:FD:DF:3F:51:E5:57:12:A2:2B:77:6F:77:92:C3
ValidityWed, 12 Jun 2024 21:20:38 GMT - Tue, 10 Sep 2024 21:20:37 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /app/domain-checker/check-result HTTP/1.1
Host: go.mnaspm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.mnaspm.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 238
Origin: https://creative.mnaspm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Sun, 04 Aug 2024 20:40:29 GMT
access-control-allow-origin: https://creative.mnaspm.com
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8ae15ce18a69569a-OSL
alt-svc: h3=":443"; ma=86400

unpkg.com/jquery@2.2.4/dist/jquery.min.js

104.17.247.203

200 OK

46 kB

URL GET HTTP/2
unpkg.com/jquery@2.2.4/dist/jquery.min.js
IP
104.17.247.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectunpkg.com
Fingerprint78:2B:78:78:28:26:0C:48:36:B0:F1:BE:16:37:48:76:93:BB:A7:42
ValiditySun, 28 Jul 2024 05:23:27 GMT - Sat, 26 Oct 2024 05:23:26 GMT

File type
JavaScript source, ASCII text, with very long lines (32065)
Size
46 kB (45497 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /jquery@2.2.4/dist/jquery.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Fri, 20 May 2016 17:24:42 GMT
etag: "14e4a-abtp4lyn1e8JNTF1hOYVPz/ZqIw"
via: 1.1 fly.io
fly-request-id: 01J214KQEDW8DYR57MCY087VTW-arn
cf-cache-status: HIT
age: 2631226
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8ae15cb9cecf1c16-OSL
X-Firefox-Spdy: h2

player.ekino-tv.link/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

188.114.96.1

200 OK

1.2 kB

URL GET HTTP/3
player.ekino-tv.link/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
HTML document, ASCII text, with very long lines (1271), with no line terminators
Size
1.2 kB (1239 bytes)
Hash
40d981045a7516cdadd00e8dccc9c58d
8b8d9a48c6b9d2fba596034ef5db3dd0f2f781c3
71c7d5fc630ff38080f71945be1e8b0c43140d8c25338056b752495e18739c0c

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/javascript
last-modified: Tue, 30 Jul 2024 21:56:14 GMT
etag: W/"66a9617e-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9om3NYoRQBMiNhrVpaEoFrVsAjbhQI%2FGAWebXrTcI8rgZq3vL6unuFFKUIpYtTrDTG7UzjZT5tbtMXEeUUIMymLUxJ2sOmuQs%2FQiF3AlQ2gBe%2FYGXRYDFNWcg%2B%2BgC%2F9jSUWHjfveHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ae15cb95fc5b4f3-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Tue, 06 Aug 2024 20:40:23 GMT
cache-control: max-age=172800, public
content-encoding: gzip

xml.xmlwiz.com/redirect?feed=598894&auth=FqgVMV&pubid=196092

174.137.133.17

302 Found

4.8 kB

URL GET HTTP/1.1
xml.xmlwiz.com/redirect?feed=598894&auth=FqgVMV&pubid=196092
IP
174.137.133.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerSectigo Limited
Subject*.xmlwiz.com
FingerprintB7:42:FA:31:6C:A5:92:E5:B3:3F:EA:6A:F5:D0:20:0A:27:15:6B:4B
ValidityTue, 05 Sep 2023 00:00:00 GMT - Thu, 05 Sep 2024 23:59:59 GMT

File type

Size
4.8 kB (4829 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=598894&auth=FqgVMV&pubid=196092 HTTP/1.1
Host: xml.xmlwiz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xml.popmansion.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Aug 2024 20:40:26 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://echonverforrinho.info?tid=1062812

unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js

104.17.247.203

200 OK

3.1 kB

URL GET HTTP/2
unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js
IP
104.17.247.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectunpkg.com
Fingerprint78:2B:78:78:28:26:0C:48:36:B0:F1:BE:16:37:48:76:93:BB:A7:42
ValiditySun, 28 Jul 2024 05:23:27 GMT - Sat, 26 Oct 2024 05:23:26 GMT

File type
JavaScript source, ASCII text, with very long lines (3441), with no line terminators
Size
3.1 kB (3121 bytes)
Hash
c70a657c6ff1764a238929b6e46fb8e4
e2a8eb96b388abf14690ea14fe4af3f600296235
466840a5176a0d6bd70e2d5ade5928ad656ca6b9cd3040a241e33478c63f5813

HTTP Headers

GET /jquery.cookie@1.4.1/jquery.cookie.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sun, 27 Apr 2014 20:04:54 GMT
etag: "c31-MeG8xM+AWiwv7iH0je0eWY9koqg"
via: 1.1 fly.io
fly-request-id: 01J08G10F3N1JDS3FR8SKA41X0-arn
cf-cache-status: HIT
age: 4531859
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8ae15cb9cedb1c16-OSL
X-Firefox-Spdy: h2

player.ekino-tv.link/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=99046617

188.114.96.1

200 OK

2 B

URL GET HTTP/3
player.ekino-tv.link/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=99046617
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

HTTP Headers

GET /ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=99046617 HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Cookie: uid=GN-EUbMfV4Hua_cLc7I4yuJA1x5N_utG
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/json
content-length: 2
access-control-allow-origin: *
x-inferno-location: banner
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0inr6njweFRzQeAhAmW3MP46mnGWXHuIUJaeW%2BNvIpxLjm%2BWm8Fd7cXKkjCl8iXid3j%2FE6%2FRW9QfWi5eWJpM95Ja%2F6jicX3AZKLbCP5Wl4Fbav6OCOqFsyt7cZAKrAzpnD%2FGAjCXig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cbcbc73b4f3-OSL
alt-svc: h3=":443"; ma=86400

player.ekino-tv.link/styles/cbv2new/theme/main.css?232

188.114.96.1

200 OK

84 kB

URL GET HTTP/3
player.ekino-tv.link/styles/cbv2new/theme/main.css?232
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw==
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
ASCII text, with very long lines (472), with CRLF line terminators
Size
84 kB (84201 bytes)
Hash
04f01ecac68f145ace3155e32cc1efb3
78a846b93f0c05ba91c369462c7ce80e1be3c15e
1f8696a278ea0b75f3f71619645651d9af13ac3959f18f888464f3b805534ba4

HTTP Headers

GET /styles/cbv2new/theme/main.css?232 HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 26 Mar 2022 09:09:58 GMT
etag: W/"623ed866-148e9"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 2631430
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZusZISSUUAjs3XwZqB7KLZObaClMF%2FVmi2TQ7kN5H5idOJD6t0nLtLTcolO4qMIzUUIcskFoD1NEs76WxB63iTBs%2FR6LFp8WFryppEjFbtGI6zIrHB5toUjvrsh%2FsglF8Jnl2j%2BZFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cb7bd81b4f3-OSL
alt-svc: h3=":443"; ma=86400

marazma.com/sub/zxwk7krOl5

172.67.128.55

200 OK

233 B

URL GET HTTP/2
marazma.com/sub/zxwk7krOl5
IP
172.67.128.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectmarazma.com
FingerprintB2:D3:15:36:8E:F8:99:9F:CD:0E:D2:E8:FB:EE:32:45:8D:6E:F8:B9
ValiditySat, 20 Jul 2024 22:44:46 GMT - Fri, 18 Oct 2024 22:44:45 GMT

File type
HTML document, ASCII text, with no line terminators
Size
233 B (233 bytes)
Hash
c41ad0a7f69925148f6306803554ef5a
2bb4b7ace9a46e75e965cc5a39558e369f2138d5
c60341f44512643a2d4fa7c192247c05c91f87f3ceaa3a763b038aadd7b575f2

HTTP Headers

GET /sub/zxwk7krOl5 HTTP/1.1
Host: marazma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Aug 2024 20:40:25 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tFSklXvdLPsg0oN1y2ISU0je1UJFWlCgev2GmNaWb1zoUeR6w17DP5OZx7yN2IA6MSEFAADYcGJgftHF9UeF3OihZURdmpcnga4Wt8wO%2Bo7C7TWSceKlTnEvtB1U2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cc92c00569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

player.ekino-tv.link/js/video.counters.2.js?117

188.114.96.1

200 OK

696 B

URL GET HTTP/3
player.ekino-tv.link/js/video.counters.2.js?117
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
JavaScript source, ASCII text, with very long lines (739), with no line terminators
Size
696 B (696 bytes)
Hash
a2a4921aacb2a8988a0c0af96088c0ae
876de6826a45c1520fc16d1d7a0fd68c9dfb7040
a322d95809eef61e82cc313c84a7d76d1ec4c7c90e24a47d2197d229a4d45395

HTTP Headers

GET /js/video.counters.2.js?117 HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Cookie: uid=GN-EUbMfV4Hua_cLc7I4yuJA1x5N_utG
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 06 Feb 2022 19:35:56 GMT
etag: W/"6200231c-2b8"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 4511577
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cosD%2BMbOYghyvKE6nvfy78QEml5Lzce3oaeUjaYgGYPa9L5eF6YRbdopzu28%2BnDpY%2F3MULjXETP8KnyCgTHu9sTAb6RHHZZspqRd47SA6cM74MbbfhCVVmqFBE%2BmKbEYMWWRYI8hdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cbc5c08b4f3-OSL
alt-svc: h3=":443"; ma=86400

player.ekino-tv.link/js/websocket_ip.min.js

188.114.96.1

200 OK

4.6 kB

URL GET HTTP/3
player.ekino-tv.link/js/websocket_ip.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
JavaScript source, ASCII text, with very long lines (4798), with no line terminators
Size
4.6 kB (4636 bytes)
Hash
7c354bd309d3152f26fd4c61b1f7eb2b
2dc50304cfaecb57148a5001827f8e0b19acb9ca
f88d924353140c3c8cbfd2ce7f128539408029907fadeaa0f5cb81c4fde1e1e8

HTTP Headers

GET /js/websocket_ip.min.js HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Fri, 20 Jan 2023 13:44:36 GMT
etag: W/"63ca9ac4-121c"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 2631429
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U%2BEjCztdjfeoY5Px4IBAeg9Pt2lvg0UC69QOek44w3FaCsaomLb4WabcDUCrZIkBIJwvk3JyNVKLUWZx8yq0XxxIAbPSqlohPqjtXMxDZ5ORGKAfjx9YhnQWi92vgDWKpM8A4K1X8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cb95fbfb4f3-OSL
alt-svc: h3=":443"; ma=86400

player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D

188.114.96.1

200 OK

13 kB

URL User Request GET HTTP/3
player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
HTML document, ASCII text, with very long lines (1305)
Size
13 kB (13305 bytes)
Hash
5cacef7a381eaa41710df6fa5e4bff22
4884d127429e723800522a3f48ee3695ea17511c
5c8b4021d997b23cef52486ac0d1531087a7e493ab7d2fd322b56627ba6e5cb2

HTTP Headers

GET /watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/f/OrPe7V0Mgz00
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:22 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
expires: Sun, 04 Aug 2024 20:41:22 GMT
x-origin-location: player
cache-control: public, stale-if-error=30, max-age=30
x-cache-status-inferno: MISS
x-inferno-location: player
x-inferno-limit-req: PASSED
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pnqgkEtp0SJVrCNNrivNMYiC7hkzTK6QYjfgXB10ka51q4RQUVZ2ZHkXV5VUElAV7tYbojmEBp5dLWie5RYPxI62UfU%2BucfC45cmpR%2B1Le9M2NF3Tq5VGE5Xftq4eXEm20WOx1kGYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cb62b6bb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

player.ekino-tv.link/styles/global/jquery-eu-cookie-law-popup.css

188.114.96.1

200 OK

2.0 kB

URL GET HTTP/3
player.ekino-tv.link/styles/global/jquery-eu-cookie-law-popup.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw==
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
ASCII text, with very long lines (2133), with no line terminators
Size
2.0 kB (1951 bytes)
Hash
a21de67fbfaae5cae389e54f91376211
c4804a572cf69183cb8d050f79feea08139700a6
1f8801b32b5c13f236965c60d57bdb28d9eb217f85840f4e5b5b17d0ca308a3f

HTTP Headers

GET /styles/global/jquery-eu-cookie-law-popup.css HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 11 Mar 2017 18:53:53 GMT
etag: W/"58c447c1-79f"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 4511579
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zJ1WAKG2K7pzyJf7TQ3mTMU0kf104EhydyAVGHnU1k8e1ykvjB0o%2BkEi1LxMMdvA3RoJuGuKVehTuQgOnRHwwXcSSEMBYmi6RwII17fro41%2FJ7RcQLs5iEJ1TRpSWYiitpa4WyYQGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cb7bd86b4f3-OSL
alt-svc: h3=":443"; ma=86400

videocdnshop.com/f.php?sid=212040&ra=13810

172.67.199.179

200 OK

0 B

URL GET HTTP/2
videocdnshop.com/f.php?sid=212040&ra=13810
IP
172.67.199.179:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectvideocdnshop.com
Fingerprint65:2A:D6:6C:E9:1F:A5:A9:5A:73:DA:6B:13:7B:5D:7C:4B:2F:DF:51
ValiditySun, 14 Jul 2024 08:49:24 GMT - Sat, 12 Oct 2024 08:49:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /f.php?sid=212040&ra=13810 HTTP/1.1
Host: videocdnshop.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Aug 2024 20:40:24 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
cache-control: no-store, no-cache, must-revalidate, max-age=0
x-robots-tag: noindex
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BVqVgaaCYMocoEqLooA%2BXDtqQWeGoAxl4XN9jD6Fh0Y3PEGkLzM1Hw%2BlJbhV4pD%2FqsZd7nORQMF8Cf4ljE95fDa5qbIUD9IvfeLtiJR4dsoY9EqzKABhTerBDy0OmmGxVch3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cbdef6eb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

player.ekino-tv.link/styles/global/embed_player.3.css?130

188.114.96.1

200 OK

5.9 kB

URL GET HTTP/3
player.ekino-tv.link/styles/global/embed_player.3.css?130
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
ASCII text, with very long lines (6369), with no line terminators
Size
5.9 kB (5889 bytes)
Hash
bc995c4e34d124e4f1330abec4dc9176
3fdcc0a0237651e355f041a96172a6197dcb4e20
9f4a684b3812d61066c54737adb2be3a628d76ac32978f224fce028ad0c6eb92

HTTP Headers

GET /styles/global/embed_player.3.css?130 HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 09 Dec 2020 22:16:37 GMT
etag: W/"5fd14cc5-1701"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 196119
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zm8QzNGAFrB0w7uNTfYsbBx5bkFNosNUFWd%2BoLxEAPoMAT6rIX%2B6EztcWdSjUFAM%2FmZQjcmWHZ1Q7FbIH8%2FCk79UoAGf%2B5KFtCIM51rXnslMDK7FqJViYJEwbQnGjqgOSFSAtyBPUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cb95fcbb4f3-OSL
alt-svc: h3=":443"; ma=86400

player.ekino-tv.link/js/jquery-eu-cookie-law-popup.js?4

188.114.96.1

200 OK

8.9 kB

URL GET HTTP/3
player.ekino-tv.link/js/jquery-eu-cookie-law-popup.js?4
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw==
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
JavaScript source, ASCII text, with very long lines (10040), with no line terminators
Size
8.9 kB (8917 bytes)
Hash
f5a426212491d5bd930ae9fe3c4cef69
5451a01793bf86fd5e8dfe535faca283ced6fab4
7e2f8c138aa0f0906948b9b445a3befa3a1ffc454aca47ab4c11fef6eab5a04b

HTTP Headers

GET /js/jquery-eu-cookie-law-popup.js?4 HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 11 Mar 2017 18:54:04 GMT
etag: W/"58c447cc-22d5"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 4511579
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b7b%2FvZGftXOtGkHYun6wwe7CjZbC3Y%2BUtIyKrMWi6feAAjHblGvFjYffV3A0u9LujQ6lOT3Z0kFv5oZdlWt%2BbEvSQwQrOhJaqk4J9yMZMgbAwGzXZB%2FdXXGIv1ZTTrMkhOetiVLlDA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cb7cd93b4f3-OSL
alt-svc: h3=":443"; ma=86400

duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/favicon.ico

0.0.0.0

0 B

URL GET
duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

player.ekino-tv.link/styles/cbv2new/theme/rating.css

188.114.96.1

200 OK

4.0 kB

URL GET HTTP/3
player.ekino-tv.link/styles/cbv2new/theme/rating.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw==
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
ASCII text, with very long lines (4293), with no line terminators
Size
4.0 kB (4030 bytes)
Hash
85fdc74c47fbb26a7c1f9d24f1aef9f5
8806d8fd5dabca4b1b0b0913342db4d82b67413e
a50a5da5d89142f36ac5395a3774cc683e96b91c1d40d092ae1f1d2831c46faa

HTTP Headers

GET /styles/cbv2new/theme/rating.css HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 07 Sep 2013 15:43:21 GMT
etag: W/"522b4999-fbe"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 4511579
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7yf%2FHS%2FJsD3XMn8sJzhq3LGnhlPP6%2FFs0nIASdObLACl416plPectR8lZg8la61Ie4bz%2Bbtk36fCeHBvUFXIdGgiO%2B0zRSHd7s9vEal%2BbJGzqBKe%2FmIQiFUuWZ05YUQfz2DJYGyUHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cb7bd8db4f3-OSL
alt-svc: h3=":443"; ma=86400

duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/favicon.ico

0.0.0.0

0 B

URL GET
duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

xml.popmansion.com/sub/ED05GzY

104.21.87.102

200 OK

233 B

URL GET HTTP/2
xml.popmansion.com/sub/ED05GzY
IP
104.21.87.102:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectpopmansion.com
Fingerprint3F:7A:D2:92:74:54:7B:F3:0B:0C:BD:2F:9E:9E:BC:94:88:FD:71:EC
ValidityFri, 28 Jun 2024 07:10:45 GMT - Thu, 26 Sep 2024 07:10:44 GMT

File type
HTML document, ASCII text, with no line terminators
Size
233 B (233 bytes)
Hash
6495b73f0e0a22250eaad408c3a4ff54
152c11e78181209d086b1f655d72a9a038a80298
0e181548ece072dba69b7488f4e47b46d0e0bb319c0f5654d0ca38c83c4c168c

HTTP Headers

GET /sub/ED05GzY HTTP/1.1
Host: xml.popmansion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Aug 2024 20:40:25 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2SwM5B3%2FhY8tgTYiZbkkcb2%2Ffv0D7gdfAJzhk9rX04VygE3HAq9NVe8yiYFyRp7QXvXMBprInrgaDLYgdEvn5y9Vc34xY88kLX4MOKECjVCCvTU61fezDq9iNnaPUUZHcGglids%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cc92f081bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.sexnarxnxx.com/xnxx.html

104.21.32.194

200 OK

245 B

URL GET HTTP/2
www.sexnarxnxx.com/xnxx.html
IP
104.21.32.194:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectsexnarxnxx.com
Fingerprint06:2C:6E:EB:EA:54:53:27:5A:43:5E:67:1F:CC:C4:AB:F8:78:5F:3D
ValidityFri, 26 Jul 2024 06:11:47 GMT - Thu, 24 Oct 2024 06:11:46 GMT

File type
HTML document, ASCII text, with no line terminators
Size
245 B (245 bytes)
Hash
2f938d46bb923871880ea5711c6353f3
aa39f0897c171bbaecdb4a25cdee46f5beff5a2a
da723fcca334a1140259c0f76aa3c28a73ff05c3ea6c144c913f13bc95729181

HTTP Headers

GET /xnxx.html HTTP/1.1
Host: www.sexnarxnxx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zeratys.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Aug 2024 20:40:27 GMT
content-type: text/html
last-modified: Sat, 03 Aug 2024 18:55:29 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3qGMkD57vjgV%2Fw9zKo5a0K1YRPGXdeZHsc9%2BcoU2Pvg7PnmHi19ZifMy1xZw8uauyV4cMqDPVu1UPextWF6A5P5%2BD7ISH69%2FD0lEfPwbtUL9Q77O2cUdypnH4lp2efFx55O8xKI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cd44e63b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

player.ekino-tv.link/js/video.jquery_plugs/modernizr.js?12

188.114.96.1

200 OK

1.2 kB

URL GET HTTP/3
player.ekino-tv.link/js/video.jquery_plugs/modernizr.js?12
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
JavaScript source, ASCII text, with very long lines (1245), with no line terminators
Size
1.2 kB (1227 bytes)
Hash
8daca638b6ea732f6375341d2dfe9811
73369521d8d8b5a3bbc30c158b2e9ca6ba37b9d1
23ae5f08dc1f05ecdb72298c9cf2eaf5670f088356903bec72f39520389dc0ba

HTTP Headers

GET /js/video.jquery_plugs/modernizr.js?12 HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 03 Jun 2018 17:19:35 GMT
etag: W/"5b142327-4cb"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 4511578
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ePju7nvX8D%2BxSVTzRzrJmhtTXXZsKaPCCiKBeM5B3coyKK2iJ1Otzk00gPwlpsu9mKKP3R7BvmRNwpD3pzOJVCWg008Vt3qg9bcop9rGNT2d4XeLFZzXwoT39i4hkvxUBRwaTKIDuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cb96fd4b4f3-OSL
alt-svc: h3=":443"; ma=86400

player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from

188.114.96.1

200 OK

156 kB

URL GET HTTP/3
player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw==
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type

Size
156 kB (155947 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
p3p: policyref="http://www.example.com/w3c/p3p.xml", CP="CURa ADMa DEVa CONo HISa OUR IND DSP ALL COR"
link: <//player.ekino-tv.link>; rel=preconnect; crossorigin, <//global.stun.twilio.com>; rel=dns-prefetch; crossorigin, <//counter.yadro.ru>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//stun2.l.google.com>; rel=dns-prefetch; crossorigin, <//unpkg.com>; rel=preconnect; crossorigin, <//mc.yandex.ru>; rel=preconnect; crossorigin, <//cdn.jsdelivr.net>; rel=preconnect; crossorigin, <//wss.commentsmodule.com>; rel=dns-prefetch; crossorigin, <//www.gstatic.com>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin,<//a.labadena.com>; rel=preconnect; crossorigin, <//deliver.vkcdnservice.com>; rel=preconnect; crossorigin,<//vkcdnservice.appspot.com.storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin, <//www.recaptcha.net>; rel=preconnect; crossorigin, <//cdnjs.cloudflare.com>; rel=preconnect; crossorigin
pragma: no-cache
x-origin-location: player
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
x-cache-status-inferno: MISS
x-inferno-location: player
x-inferno-limit-req: PASSED
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZZIAikX1%2F537WrtuULbIluPa8noC9FkA%2F2iERMsFj1%2FzlHiXyUUnLO7HfjUS1JjbpQoJTLsHrfjuuVP%2BqHZTq8537apLxp0PILck2JtwIn4tQu1pP1%2FMY6Dwi9cOloPOAHLsUmFgxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cb8aedeb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

player.ekino-tv.link/js/d_check.js?35

188.114.96.1

200 OK

3.5 kB

URL GET HTTP/3
player.ekino-tv.link/js/d_check.js?35
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
JavaScript source, ASCII text, with very long lines (3599), with no line terminators
Size
3.5 kB (3456 bytes)
Hash
47dd2e972f0059419379ce10022af024
664d680f87701f4aa0b32f6bee82ed57ab992afc
41ac5f66afda4f18ce3423349e6a070dab8cbcd99ed9ad1101f82fbc6b24f5fa

HTTP Headers

GET /js/d_check.js?35 HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 01 Oct 2023 06:10:30 GMT
etag: W/"65190d56-d80"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 4511578
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PMvGwMaZ8k9hdEbUUQhhZvYYrWH7Z8Mxh29cckesATV8yXr5J%2BXllDQ63HxoilNLQIrk0jtU%2B0Fgr1AgZLMzb1QvfiKTBpiBc1v8OQ4Yng3VFLtU9R0Mp3dl5bum3PYJVy6m1Lv6YA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cb97ffeb4f3-OSL
alt-svc: h3=":443"; ma=86400

commentsmodule.com/js/js.load.1.js?3170061177758944

172.67.198.57

200 OK

0 B

URL GET HTTP/2
commentsmodule.com/js/js.load.1.js?3170061177758944
IP
172.67.198.57:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectcommentsmodule.com
FingerprintF8:14:4F:77:8E:B2:35:FD:D6:B0:E7:0D:A7:96:4C:CB:4D:E4:73:7F
ValiditySat, 03 Aug 2024 05:20:26 GMT - Fri, 01 Nov 2024 05:20:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/js.load.1.js?3170061177758944 HTTP/1.1
Host: commentsmodule.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://player.ekino-tv.link/
Origin: https://player.ekino-tv.link
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/javascript; charset=UTF-8
content-length: 0
last-modified: Thu, 14 Apr 2022 12:20:52 GMT
etag: "625811a4-0"
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
x-cache-status-inferno-s: HIT
x-inferno-location: static
cf-cache-status: HIT
age: 2631428
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NpuW7D%2F5i1bQX5AcUQ9zbhAFu61MnuuN3n33NObH2nkS2micbA%2Fw0XNYJfF%2FhQanqucANg6OtkZ%2By4Gvio9%2BhLTJYHZCSWGpvLjp%2BvhfdKO9L5qsQnoEISKRAW0PXf0MIjYKWzI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 8ae15cbac8b9b523-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

player.ekino-tv.link/js/disqusloader.js

188.114.96.1

200 OK

3.3 kB

URL GET HTTP/3
player.ekino-tv.link/js/disqusloader.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw==
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
JavaScript source, ASCII text, with very long lines (3680), with no line terminators
Size
3.3 kB (3265 bytes)
Hash
fc46a944ef47c981454ba51f4d0fa343
9000f51907301f1a0f6cf06420c1d86696c5dd89
703b6e4196172e7b860f55c3b66de3a7230de3e3e9a9a38c5347ee4b36166f13

HTTP Headers

GET /js/disqusloader.js HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 29 Nov 2020 18:18:32 GMT
etag: W/"5fc3e5f8-cc1"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 196120
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o6ADHjCPpgfB1c5eSz83Qt9O0Cvz6E2Yyio13w%2B0fMpDVcPKPXVzS6taoiwYvVRXHQMXc%2BH6zQbm1EXfVYnQOSBWEgGKr1v8YaFMxq682tQ9UqNl4%2B9%2Bu0ockzg2ohv%2F4BJpeDpN1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cb7cd9db4f3-OSL
alt-svc: h3=":443"; ma=86400

xml.popmansion.com/sub/KpEzn38

104.21.87.102

200 OK

239 B

URL GET HTTP/2
xml.popmansion.com/sub/KpEzn38
IP
104.21.87.102:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectpopmansion.com
Fingerprint3F:7A:D2:92:74:54:7B:F3:0B:0C:BD:2F:9E:9E:BC:94:88:FD:71:EC
ValidityFri, 28 Jun 2024 07:10:45 GMT - Thu, 26 Sep 2024 07:10:44 GMT

File type
HTML document, ASCII text, with no line terminators
Size
239 B (239 bytes)
Hash
7293adfc4dc475f52752e8ffbbc56b09
3666e8afe301c2c7716bb0cade34ae51bc01a780
bd6a2cfe50408ad9ca6a6c4abb664835336a8c9194e7a7072389016df3224d00

HTTP Headers

GET /sub/KpEzn38 HTTP/1.1
Host: xml.popmansion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Aug 2024 20:40:25 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DTVYyKMyCqpRiMCpZuFp0824OAHUxelC5fErMMNi5bevJ5d%2FvLHngqJiFOyXj6DtKr85eDlP278sFaH6JpPik1i%2BREPJqBo4XUDIsjW%2FUciq66WUV8Xjf4EGdg9fsbJOA3DCR9g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cc92f131bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

marazma.com/load

172.67.128.55

302 Found

0 B

URL POST HTTP/3
marazma.com/load
IP
172.67.128.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectmarazma.com
FingerprintB2:D3:15:36:8E:F8:99:9F:CD:0E:D2:E8:FB:EE:32:45:8D:6E:F8:B9
ValiditySat, 20 Jul 2024 22:44:46 GMT - Fri, 18 Oct 2024 22:44:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /load HTTP/1.1
Host: marazma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 92
Origin: https://marazma.com
DNT: 1
Connection: keep-alive
Referer: https://marazma.com/sub/zxwk7krOl5
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Sun, 04 Aug 2024 20:40:26 GMT
content-type: text/html; charset=utf-8
location: https://xml.poprtb.com/redirect?feed=491010&auth=OpDJQF&pubid=152420
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cp6mJ25g88v9i3PeKYEraKTQcXLqe3wcLr68aWN3N3yvYtEus60J9dkM9C6xZ31ypjwMQzwYYDlOu%2BO4MQQsliWe4r4V57ye7UDUBqD3cRnm5WynBostwPzpo8k0rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15ccae8350b55-OSL
alt-svc: h3=":443"; ma=86400

player.ekino-tv.link/js/adv/fuckadblock.js?2

188.114.96.1

200 OK

14 kB

URL GET HTTP/3
player.ekino-tv.link/js/adv/fuckadblock.js?2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
14 kB (13982 bytes)
Hash
626be86ed51eef8b8b4038b6dcb8fcb2
229b2c503c8a0acc4bb1b423c895fc30330a0723
7e5965a6eb681ef5f8a59dacd6e8c8263dcbbb512e441e532fee942a90c4c7ea

HTTP Headers

GET /js/adv/fuckadblock.js?2 HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 27 Aug 2019 17:39:04 GMT
etag: W/"5d656ab8-369e"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 2631428
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dMG8cSgSasWwVtaMR%2BhXr4CsdIysm1U%2FnkB2i%2Fl87G9l3z8KnI38Mpq6n3M03NQBgSNZLvm2W0m5aFX1vimG7wqZdZgD7bIwxwwjv%2BiTMWzy4pwAN6J0bWU2RkJtACsMfQPUqB0SBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cb9880eb4f3-OSL
alt-svc: h3=":443"; ma=86400

videocdnmetrika.com/netu.php

172.67.221.128

200 OK

528 B

URL GET HTTP/2
videocdnmetrika.com/netu.php
IP
172.67.221.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectvideocdnmetrika.com
Fingerprint7C:66:72:0A:E9:7C:EE:28:9D:7F:48:AE:00:47:5C:86:FE:22:62:B3
ValidityFri, 19 Jul 2024 18:41:03 GMT - Thu, 17 Oct 2024 18:41:02 GMT

File type
ASCII text, with very long lines (568), with no line terminators
Size
528 B (528 bytes)
Hash
529918b7e8bfeda0c76eab721d250d20
74eaf44db33761ff3e96dabaac8f14f291cb5f04
3a9c733bd174f652f808551e54917fde78730d263c77c875436f676856ee5818

HTTP Headers

GET /netu.php HTTP/1.1
Host: videocdnmetrika.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/javascript
x-powered-by: PHP/7.1.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ycX%2FzKJltOwTV1m0lAa7Jqw5nKOPfg0KG4PvmheKzla4mOlDodfJJg5Ebxm%2BoBsQYTyILao9WLk6482j3Cvl7zgoSLy0QgWZ%2FErbUmVsS51jCpsNPmAcn%2F2XBhmsDe99kCN90e6n"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cbc8f0f0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

player.ekino-tv.link/player/get_player_image.php

188.114.96.1

200 OK

42 kB

URL POST HTTP/3
player.ekino-tv.link/player/get_player_image.php
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
JSON text data
Size
42 kB (42482 bytes)
Hash
d6ed20592c727491d970a849e1956578
018370c36800caf0c03f0c910a0502346ff9c5dc
d942560e77b89ef4ae65dda01c1e86a14b07ec1b73e23e35fd41ebd953399ed4

HTTP Headers

POST /player/get_player_image.php HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 74
Origin: https://player.ekino-tv.link
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Cookie: uid=GN-EUbMfV4Hua_cLc7I4yuJA1x5N_utG
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:24 GMT
content-type: application/json
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
pragma: no-cache
x-image-colors-src: 0
x-file-located: temp, filename:../files/temp/video_images/3/b/16177149658btb3-1.jpg
x-clickarr-add-e: 1
x-image-size: 53295
x-image-colors: 0
x-img-cr: j
x-origin-location: get_image
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
x-inferno-location: player
x-inferno-limit-req: PASSED
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=extzL%2FIcym%2F2o4ElcmYZi1FfoZFl2eTJkaVtcaSKBRQ3ArkFXvpo03mgiIvtQY%2Be7YrDHSkF8%2BPXEoYFX254qcUVoMFI3P4ZQzG4jSovbu8AzoXmADjqmFhDHKQH41JYa%2FM5QE0WYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cbbeb6db4f3-OSL
alt-svc: h3=":443"; ma=86400

player.ekino-tv.link/styles/cbv2new/theme/view_channel.css

188.114.96.1

200 OK

2.4 kB

URL GET HTTP/3
player.ekino-tv.link/styles/cbv2new/theme/view_channel.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D#iss=My44OS44OS4xNw==
Certificate
IssuerGoogle Trust Services
Subjectekino-tv.link
Fingerprint28:43:73:C0:A7:17:DE:A5:E6:EE:58:E3:BF:DC:97:88:D0:08:5E:AE
ValiditySun, 04 Aug 2024 02:59:12 GMT - Sat, 02 Nov 2024 02:59:11 GMT

File type
ASCII text, with very long lines (2522), with no line terminators
Size
2.4 kB (2363 bytes)
Hash
e33d8fec4eb64cf32907b92034b6c372
2aed253f5d9345b62e2aaf10c374d6b6877372aa
815fa8ba09aef615f8bd6fac124a89aebddef64b41d0f8a5c3e175648eb5c256

HTTP Headers

GET /styles/cbv2new/theme/view_channel.css HTTP/1.1
Host: player.ekino-tv.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/watch_video.php?v=eUk3QWorM0hzKzBtd0pmUVMrQTBSR2VMUC9aZnQxY1ZuV0dnREVyQzlJQkJGd0p6MUs3cHhGYmVWSi9yaXBKaQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 19 Feb 2013 18:42:58 GMT
etag: W/"5123c7b2-93b"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 2631430
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JGxu2QaG9yZ5A0PUGULxjxb3ILhIgyDHxkNpzFy1tTeYGKm5CPlAML6aZffqExzXvDr6xZTFbcSp10TWt0olp%2BO1qH3GofdiUktKL7laRo9grIz%2FXBWLtjR6g463ROxeIzJRgpmyuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ae15cb7bd8bb4f3-OSL
alt-svc: h3=":443"; ma=86400

unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js

104.17.247.203

200 OK

30 kB

URL GET HTTP/2
unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js
IP
104.17.247.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://player.ekino-tv.link/e/aUlLeVhTZHNVME4wTHh6Z3pkQ0lJdz09?http_referer=https%3A%2F%2Fplayer.ekino-tv.link%2Ff%2FOrPe7V0Mgz00&autoplay=no&embed_from=embed_from
Certificate
IssuerGoogle Trust Services
Subjectunpkg.com
Fingerprint78:2B:78:78:28:26:0C:48:36:B0:F1:BE:16:37:48:76:93:BB:A7:42
ValiditySun, 28 Jul 2024 05:23:27 GMT - Sat, 26 Oct 2024 05:23:26 GMT

File type
JavaScript source, ASCII text, with very long lines (29325)
Size
30 kB (29461 bytes)
Hash
013916ab61482481d8de9742a0f95bee
546bb742502faa36f8c2bb954c2f028187660404
73cdea3ea0691f9ac4150be0c937dc2ee7eaa10205168a84e41ef5c9e05784b7

HTTP Headers

GET /progressbar.js@1.1.0/dist/progressbar.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://player.ekino-tv.link/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Aug 2024 20:40:23 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "7315-VGu3QlAvqjb4wruVTC8CgYdmBAQ"
via: 1.1 fly.io
fly-request-id: 01J214KQE4NE0F1JWCD39FGVXY-arn
cf-cache-status: HIT
age: 2631226
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8ae15cb9bebe1c16-OSL
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (37)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by