Report - it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming

Report Overview

Visited public
2024-08-17 22:57:48
Tags
Submit Tags
URL
it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Finishing URL
it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
IP / ASN
45.178.6.147
#64122 SWISS GLOBAL SERVICES S.A.S
Title
UFC 305: Dricus du Plessis - Israel Adesanya Trasmissione in diretta - VIPLeague

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Sent	Received	IP
fonts.googleapis.com	8877	496 B	28 kB	142.250.74.106
psauthowups.net	unknown	1.4 kB	77 kB	139.45.197.242
walletkeyslocker.me	unknown	487 B	1.5 kB	172.67.70.1
vi.castanydm.com	unknown	542 B	753 B	172.67.170.56
my.rtmark.net	9054	425 B	746 B	139.45.195.8
r10.o.lencr.org	unknown	1.6 kB	4.4 kB	23.33.119.57
it.vipleague.im	unknown	4.9 kB	83 kB	45.178.6.110
o.pki.goog	unknown	650 B	1.4 kB	142.250.74.131
proftrafficcounter.com	unknown	431 B	422 B	35.157.218.37
thubanoa.com	unknown	883 B	457 kB	139.45.197.242
darcyjellynobles.com	unknown	437 B	11 kB	192.243.61.227
cdn.cloudimagesb.com	23099	476 B	26 kB	45.133.44.10
si.castanydm.com	unknown	580 B	777 B	172.67.170.56
kenitv.me	unknown	1.1 kB	17 kB	45.178.6.126
rudderleisurelyobstinate.com	unknown	4.0 kB	6.7 kB	172.240.108.84
fonts.gstatic.com	unknown	1.1 kB	31 kB	216.58.207.227
abouhaursiki.net	unknown	828 B	75 kB	139.45.197.244
r11.o.lencr.org	unknown	2.6 kB	7.1 kB	23.33.119.57
sts.kenitv.me	unknown	2.8 kB	376 kB	172.67.160.6
ocsp.r2m03.amazontrust.com	unknown	338 B	942 B	54.230.218.11

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-08-17	medium	psauthowups.net	Sinkholed
2024-08-17	medium	thubanoa.com	Sinkholed
2024-08-17	medium	abouhaursiki.net	Sinkholed
2024-08-17	medium	thubanoa.com	Sinkholed
2024-08-17	medium	abouhaursiki.net	Sinkholed
2024-08-17	medium	psauthowups.net	Sinkholed
2024-08-17	medium	psauthowups.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (21)

	URL	From	Size	First Seen	Last Seen
	it.vipleague.im/partytown/partytown.js	ScriptElement	2.2 kB	2024-05-15	2025-07-19
Pretty URL it.vipleague.im/partytown/partytown.js IP 45.178.6.110 ASN #64122 SWISS GLOBAL SERVICES S.A.S Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-15 10:19 Last Seen2025-07-19 20:20 Times Seen114 Hash f2fd72763375adc25431dcea4f2fea5c 96c18e4f68b9d6af523135ff76be7462b8acd345 dcdc6aaf78e26e5f334df142f616160c24fa270d70cb26016d179282e0ea83cc Loading...

	darcyjellynobles.com/bc4710b84ae50f44dd7b2136596e6cda/invoke.js	ScriptElement	27 kB	2024-08-19	2024-08-19
Pretty URL darcyjellynobles.com/bc4710b84ae50f44dd7b2136596e6cda/invoke.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 12:55 Last Seen2024-08-19 12:55 Times Seen1 Hash c7081dcf879d4fdf52b148ff68ed192e 9dd2da0daa3f4d15274abd95ab0270a73a7d4423 b5acd6bf00d1b11a3aa897b7c75f454fc771f6fa4c0c88cba9e461925be9cb6f Loading...

	sts.kenitv.me/scripts/jwhls/hls.light.24aug09.min.js	ScriptElement	483 kB	2024-08-18	2024-08-19
Pretty URL sts.kenitv.me/scripts/jwhls/hls.light.24aug09.min.js IP 172.67.160.6 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-18 00:57 Last Seen2024-08-19 12:55 Times Seen2 Hash ed3732da73081eb164a9d017a0f83cf7 d7473bd6e06e98c4ef34ac2aa46b95235b3e7ef7 905f2ac18219d517573f6038766c1487733b78db251427e32fc6589a53e65e25 Loading...

	sts.kenitv.me/scripts/player/8.30.1/jwplayer.core.controls.min.js	ScriptElement	324 kB	2024-01-21	2025-01-25
Pretty URL sts.kenitv.me/scripts/player/8.30.1/jwplayer.core.controls.min.js IP 172.67.160.6 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-21 02:41 Last Seen2025-01-25 18:03 Times Seen30 Hash 98ab50e4ff7abb469b222a3708d4b8c3 3df341d1fc83d4aa26859afbdb4f037eeff4e8bc 0d19cba3bb2146c2edecdc48135e0bcf15b3a0a50c9dfc4ddb82c2760deb7cf0 Loading...

	it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming	ScriptElement	78 B	2024-08-19	2024-08-19
Pretty URL it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming IP 45.178.6.110 ASN #64122 SWISS GLOBAL SERVICES S.A.S Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 12:55 Last Seen2024-08-19 12:55 Times Seen1 Hash 0e78d239e2abc80c3fa990c2417c9039 84734a018be1d1034492cf34cf3a3c1ca833a774 1aeb35b20244adb172b00d5abfcd10304f731b89c3b76256e134794709500bfd Loading...

	sts.kenitv.me/scripts/v2/embed2.min.js?v1=1	ScriptElement	1.2 kB	2024-07-28	2024-11-16
Pretty URL sts.kenitv.me/scripts/v2/embed2.min.js?v1=1 IP 172.67.160.6 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-28 20:30 Last Seen2024-11-16 01:25 Times Seen9 Hash f7d4837b503dfa6a70714930c434f0b8 24d4516ad9f3137a340fdf6fd72d8e620834135c b3673aa7f2763dc870a2bfb301a31056c610665ea416f59c12ecbec25a063597 Loading...

	unknown	ScriptElement	139 B	2023-10-26	2025-07-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-26 14:53 Last Seen2025-07-19 07:06 Times Seen14 Hash 504500f524b69de1fb611b4d802bc02d 627d611a914b2c21a26c02ad21f89faf3fd5054a fd69d44e2ada92e4bf384e20cf327b379e660ceb385bdd2393466bd3bcd97bbb Loading...

	psauthowups.net/tag.min.js	ScriptElement	69 kB	2024-08-16	2024-08-21
Pretty URL psauthowups.net/tag.min.js IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-16 15:22 Last Seen2024-08-21 10:21 Times Seen85 Hash 9942ce6c1d8706c77a19aaeee3de99a4 2a63c101e8bb8682de5f65886449ca934d2210fe 4ea15f8dc6be1c745823ce514c8de271a2a5da4d79edb5a40ec41d509de3ca46 Loading...

	kenitv.me/sd0embed/UFC	ScriptElement	8.8 kB	2024-08-19	2024-08-19
Pretty URL kenitv.me/sd0embed/UFC IP 45.178.6.126 ASN #64122 SWISS GLOBAL SERVICES S.A.S Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 12:55 Last Seen2024-08-19 12:55 Times Seen1 Hash 81e70b69047a7379b22271e1881e9e1e 8bc20522949c76e13cf606ad9284cf9cede71df7 40bae9ccd9adb7fbccc7d70d45a7f9aec376891dfe5ac24a422af2d98397be1c Loading...

	it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming	ScriptElement	68 B	2024-08-19	2024-08-19
Pretty URL it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming IP 45.178.6.110 ASN #64122 SWISS GLOBAL SERVICES S.A.S Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 12:55 Last Seen2024-08-19 12:55 Times Seen1 Hash 392b14cf3d296db72b863e05d1f03a99 b632e4d0997f5036a452fd4fdf7fddbb6849ad0e bd35f895c9a5e690c7bd56ee099abcf6b4d2256030d4d38b6df5b26a67bca585 Loading...

	it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming	ScriptElement	999 B	2024-08-19	2024-08-19
Pretty URL it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming IP 45.178.6.110 ASN #64122 SWISS GLOBAL SERVICES S.A.S Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 12:55 Last Seen2024-08-19 12:55 Times Seen1 Hash 50e5dd8ab8ad46b154face278fea0626 5f3e7d5ccaf5c5d44f25c3f5253a084356a3327a 865fb75e3def157c236d49d879d7786adae9d8f629c784ba2a44c4d21435e4b8 Loading...

	it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming	ScriptElement	28 kB	2024-08-19	2024-08-19
Pretty URL it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming IP 45.178.6.110 ASN #64122 SWISS GLOBAL SERVICES S.A.S Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 12:55 Last Seen2024-08-19 12:55 Times Seen1 Hash e76a5b51e1168e38d7e41addff866edb 616e615148fd25af84820e83c515745ed4150f00 0bc08341daa6b8c6fed18e62f32b902ba41d715f007e5e2c502e1f02e77faf36 Loading...

	it.vipleague.im/stream.bun.min.js?v=3.0	ScriptElement	112 kB	2024-08-18	2025-07-19
Pretty URL it.vipleague.im/stream.bun.min.js?v=3.0 IP 45.178.6.110 ASN #64122 SWISS GLOBAL SERVICES S.A.S Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-18 00:57 Last Seen2025-07-19 20:20 Times Seen19 Hash fea7f6689ac9086dd224edc9faadd6e3 d588b3bbd918aef0e211f5d845a8c9ffc8e295f6 c6e42a49aa2b46ffee9cf917ed0746443db46b8db99aeb04e20ac495c243741c Loading...

	sts.kenitv.me/scripts/player/8.30.1/jwplayer.min.js	ScriptElement	109 kB	2024-01-21	2025-01-25
Pretty URL sts.kenitv.me/scripts/player/8.30.1/jwplayer.min.js IP 172.67.160.6 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-21 02:41 Last Seen2025-01-25 18:03 Times Seen34 Hash 3a45286fb506e991e7bfc3aaf1ad2ec6 65c2559a229bfa5c80a952e4063ea12b0e5ac2ae efc7c196a89c9aef5bbe0611bcd2c2d3d095cea912551297a3f3f5c81bf3a647 Loading...

	unknown	ScriptElement	172 B	2024-08-19	2024-08-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 12:55 Last Seen2024-08-19 12:55 Times Seen1 Hash 538fe0fe8a770e3525d4e106cc500119 ebc706e1fa97415507293ea1a783daffba961a91 10535804dbeaff5cbc32a5c989fb84aa9ef3d9f6cba8bab3fc74034b698f4fe1 Loading...

	kenitv.me/sd0embed/UFC	ScriptElement	28 kB	2024-08-18	2024-08-19
Pretty URL kenitv.me/sd0embed/UFC IP 45.178.6.126 ASN #64122 SWISS GLOBAL SERVICES S.A.S Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-18 00:57 Last Seen2024-08-19 12:55 Times Seen2 Hash a7640168d6629f53fc6d9e27d817d7c7 6dc08c7114abe46785064d3ec294207d1e6262e1 83cf4c4abfad465fcbd1399eb73f9ddcd79ece0ec1a36cda32998d9ac49916f5 Loading...

	it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming	ScriptElement	448 B	2024-08-19	2024-08-19
Pretty URL it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming IP 45.178.6.110 ASN #64122 SWISS GLOBAL SERVICES S.A.S Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 12:55 Last Seen2024-08-19 12:55 Times Seen1 Hash 23a9a6d7747a0a4f7a2f823c493f8102 e8a7e1c9304cc61128f801e6a100cd3060b06596 ab02a7d568d8b8b9ce617d72d588a319d49516de723a567f06cc99e54e629872 Loading...

	sts.kenitv.me/scripts/jwhls/jwplayer.hlsjs.24mar31.min.js	ScriptElement	16 kB	2024-04-14	2025-07-19
Pretty URL sts.kenitv.me/scripts/jwhls/jwplayer.hlsjs.24mar31.min.js IP 172.67.160.6 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-14 22:53 Last Seen2025-07-19 20:20 Times Seen29 Hash 0268574fc8685b9fd0942ae714211e62 937902fc96b55fad3af1b2ce84bdee908f410937 4233725bad5f88611cbbbe82dbb34421dc9a6e16215b06242e97f0444e6034fb Loading...

	kenitv.me/sd0embed/UFC	ScriptElement	449 B	2024-08-18	2024-08-19
Pretty URL kenitv.me/sd0embed/UFC IP 45.178.6.126 ASN #64122 SWISS GLOBAL SERVICES S.A.S Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-18 00:57 Last Seen2024-08-19 12:55 Times Seen2 Hash 214e330de5dc121f6774bbaa7e7a4e68 931f0b86d84868b53ab5725763e2b74e18e2ce31 9608bdae1a5287a99a43cb8b2a02e560f786eeed1a72bc8f2ad2df997c86d2e4 Loading...

	kenitv.me/sd0embed/UFC	ScriptElement	627 B	2024-08-19	2024-08-19
Pretty URL kenitv.me/sd0embed/UFC IP 45.178.6.126 ASN #64122 SWISS GLOBAL SERVICES S.A.S Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 12:55 Last Seen2024-08-19 12:55 Times Seen1 Hash f0e13a335e74e7191dab8d44a1e4e711 911445fb11a0338c937c5d2b897ff506c579fb8b 1c4dc0b5c0a70983238550f7d167f35992a8cb7cc26178e48d140c4c1c016380 Loading...

	thubanoa.com/1?z=6533428	ScriptElement	43 kB	2024-08-19	2024-08-19
Pretty URL thubanoa.com/1?z=6533428 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 12:55 Last Seen2024-08-19 12:55 Times Seen1 Hash dae848c84c1cf742a49b5e03458e1657 d510c54d427e8adf793655d8ce7175968c70c851 3ef847cc352fea2e511f631a80d5d1ba8fd41b1348d489e40ac3bcef0bb18c25 Loading...

HTTP Transactions (52)

URL IP Response Size

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
219f59137337a0ee601729cab5ec83f6
85f2e3496820405559fd526b44b9a915e0009a4f
f9701bf0083b06f4a573774d1a4dd491236216bc08f1006a94ce79144df70a21

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F9701BF0083B06F4A573774D1A4DD491236216BC08F1006A94CE79144DF70A21"
Last-Modified: Sat, 17 Aug 2024 00:55:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16517
Expires: Sun, 18 Aug 2024 03:32:37 GMT
Date: Sat, 17 Aug 2024 22:57:20 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9fca859eba50e585d7c1550a61d33bc3
a33940f9c83807660f212e5ff511fe28e0413c0d
08afcf8f1ad63cfd72b781cf4c69900e3fd266ee46389de3918570cf5d682f30

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "08AFCF8F1AD63CFD72B781CF4C69900E3FD266EE46389DE3918570CF5D682F30"
Last-Modified: Fri, 16 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6624
Expires: Sun, 18 Aug 2024 00:47:45 GMT
Date: Sat, 17 Aug 2024 22:57:21 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
69a9603269726ce602d708bf57058c4c
8689e9ea81ea9636e7b08c3ed42650553a0c4e3b
1a2339d740b715f3df1900d80114c8376ead57205961a6f896edf37b3ee3a897

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1A2339D740B715F3DF1900D80114C8376EAD57205961A6F896EDF37B3EE3A897"
Last-Modified: Sat, 17 Aug 2024 09:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11749
Expires: Sun, 18 Aug 2024 02:13:10 GMT
Date: Sat, 17 Aug 2024 22:57:21 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
2ae189346fbf1c4db44f325fbc27cdd1
3bfaab5d83d905673ff9ca4dd91d7c2cb34ddb76
9d811dddbb6915131e8f2a84ab84709f47697ebdf51b0fe839150f95c924c0ae

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9D811DDDBB6915131E8F2A84AB84709F47697EBDF51B0FE839150F95C924C0AE"
Last-Modified: Fri, 16 Aug 2024 06:57:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6144
Expires: Sun, 18 Aug 2024 00:39:45 GMT
Date: Sat, 17 Aug 2024 22:57:21 GMT
Connection: keep-alive

GET it.vipleague.im/img/vipleague.svg

45.178.6.110

200 OK

3.6 kB

URL GET HTTP/3
it.vipleague.im/img/vipleague.svg
IP
45.178.6.110:443
ASN
#64122 SWISS GLOBAL SERVICES S.A.S

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectvipleague.im
FingerprintD0:C1:A4:8A:E6:22:6B:F3:64:17:A5:28:D9:A0:DA:50:1A:B6:F7:1E
ValidityMon, 01 Jul 2024 03:06:12 GMT - Sun, 29 Sep 2024 03:06:11 GMT

File type
SVG Scalable Vector Graphics image
Size
3.6 kB (3560 bytes)
Hash
1d4752041e533a40b0965173659be108
183827ebdc1979d9cc35dff627f7730e0fcaf7dc
9c124930de95375aef86b8708d33bd5bd0de8e118f4bb641195b2f151ab10f89

HTTP Headers

GET /img/vipleague.svg HTTP/1.1
Host: it.vipleague.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
DNT: 1
Connection: keep-alive
Cookie: _dt_vs=AAAAAhQCEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXIN
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:22 GMT
content-type: image/svg+xml
last-modified: Thu, 14 Oct 2021 08:04:07 GMT
vary: accept-encoding
etag: W/"6167e477-289e"
expires: Mon, 16 Sep 2024 22:57:22 GMT
cache-control: max-age=2592000, must-revalidate
content-encoding: br

GET it.vipleague.im/stream.min.css?v=3.0.1

45.178.6.110

200 OK

9.4 kB

URL GET HTTP/3
it.vipleague.im/stream.min.css?v=3.0.1
IP
45.178.6.110:443
ASN
#64122 SWISS GLOBAL SERVICES S.A.S

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectvipleague.im
FingerprintD0:C1:A4:8A:E6:22:6B:F3:64:17:A5:28:D9:A0:DA:50:1A:B6:F7:1E
ValidityMon, 01 Jul 2024 03:06:12 GMT - Sun, 29 Sep 2024 03:06:11 GMT

File type
ASCII text, with very long lines (30074), with no line terminators
Size
9.4 kB (9379 bytes)
Hash
a16d1f02d5a00c7844b7cfb4caeb9d61
fef00b2f7f879d3487a34ef8e9db273a2df3de14
8e357340479e9d7debb8980eaad890fe754fee771520b69cd26cd3c0d4a427fd

HTTP Headers

GET /stream.min.css?v=3.0.1 HTTP/1.1
Host: it.vipleague.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
DNT: 1
Connection: keep-alive
Cookie: _dt_vs=AAAAAhQCEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXIN
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:22 GMT
content-type: text/css
last-modified: Wed, 30 Aug 2023 05:01:46 GMT
vary: accept-encoding
etag: W/"64eecd3a-757a"
expires: Mon, 16 Sep 2024 22:57:22 GMT
cache-control: max-age=2592000, must-revalidate
content-encoding: br

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a2e2e90d42cc9a12f496531106d98fa1
a13f8a0076b60a21d01e07cb1fbe02d6cede9b50
1c324e337dd70609a5f865ce51813c1e0bf6cd4895fd89ea80da1c0423c8d365

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Aug 2024 22:57:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
a802fc5900a86da8934db5f2a5e71e12
65816dd22db590aa6e36606de81b9c86237123e1
dd247c9e08422855517ea3607c8d226aa5e1694a2f36a177a39ae7fc1e125899

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DD247C9E08422855517EA3607C8D226AA5E1694A2F36A177A39AE7FC1E125899"
Last-Modified: Fri, 16 Aug 2024 23:05:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5427
Expires: Sun, 18 Aug 2024 00:27:49 GMT
Date: Sat, 17 Aug 2024 22:57:22 GMT
Connection: keep-alive

GET it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming

45.178.6.110

200 OK

0 B

URL User Request GET HTTP/2
it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
IP
45.178.6.110:443
ASN
#64122 SWISS GLOBAL SERVICES S.A.S

Certificate
IssuerLet's Encrypt
Subjectvipleague.im
FingerprintD0:C1:A4:8A:E6:22:6B:F3:64:17:A5:28:D9:A0:DA:50:1A:B6:F7:1E
ValidityMon, 01 Jul 2024 03:06:12 GMT - Sun, 29 Sep 2024 03:06:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming HTTP/1.1
Host: it.vipleague.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
DNT: 1
Connection: keep-alive
Cookie: _dt_vs=AAAAAhQCEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXIN
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:22 GMT
content-type: application/octet-stream
content-length: 2
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
alt-svc: h3=":443"; ma=86400

GET sts.kenitv.me/scripts/v2/embed2.min.js?v1=1

172.67.160.6

200 OK

1.1 kB

URL GET HTTP/2
sts.kenitv.me/scripts/v2/embed2.min.js?v1=1
IP
172.67.160.6:443
ASN
#13335 CLOUDFLARENET

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerGoogle Trust Services
Subjectkenitv.me
Fingerprint24:EA:F3:77:10:4C:0B:55:D4:6C:1C:86:1B:4C:3F:C2:CA:4C:FC:5F
ValidityWed, 31 Jul 2024 08:54:04 GMT - Tue, 29 Oct 2024 08:54:03 GMT

File type
JavaScript source, ASCII text, with very long lines (1243), with no line terminators
Size
1.1 kB (1071 bytes)
Hash
f7d4837b503dfa6a70714930c434f0b8
24d4516ad9f3137a340fdf6fd72d8e620834135c
b3673aa7f2763dc870a2bfb301a31056c610665ea416f59c12ecbec25a063597

HTTP Headers

GET /scripts/v2/embed2.min.js?v1=1 HTTP/1.1
Host: sts.kenitv.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.vipleague.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 Aug 2024 22:57:22 GMT
content-type: application/javascript
last-modified: Fri, 26 Jul 2024 01:56:42 GMT
vary: Accept-Encoding
etag: W/"66a3025a-4db"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, must-revalidate
cf-cache-status: HIT
age: 1513403
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z6KuigLMNAKLTmp0R8PTEICd79K8zEyPxYMe4WGmjedP79lb2uM83DFFqNRdG5%2Brgp3bThOIIH%2FLbG%2FgJarXppDEHI%2BAKQKHjaBzInJjPxTY3%2BL7ftMKBBwMn%2B3B%2BOn9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8b4d4341db0f56a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET it.vipleague.im/stream.bun.min.js?v=3.0

45.178.6.110

200 OK

48 kB

URL GET HTTP/3
it.vipleague.im/stream.bun.min.js?v=3.0
IP
45.178.6.110:443
ASN
#64122 SWISS GLOBAL SERVICES S.A.S

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectvipleague.im
FingerprintD0:C1:A4:8A:E6:22:6B:F3:64:17:A5:28:D9:A0:DA:50:1A:B6:F7:1E
ValidityMon, 01 Jul 2024 03:06:12 GMT - Sun, 29 Sep 2024 03:06:11 GMT

File type
JavaScript source, ASCII text, with very long lines (49019)
Size
48 kB (48537 bytes)
Hash
fea7f6689ac9086dd224edc9faadd6e3
d588b3bbd918aef0e211f5d845a8c9ffc8e295f6
c6e42a49aa2b46ffee9cf917ed0746443db46b8db99aeb04e20ac495c243741c

HTTP Headers

GET /stream.bun.min.js?v=3.0 HTTP/1.1
Host: it.vipleague.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
DNT: 1
Connection: keep-alive
Cookie: _dt_vs=AAAAAhQCEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXIN
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:22 GMT
content-type: application/javascript
last-modified: Fri, 16 Aug 2024 06:48:12 GMT
vary: accept-encoding
etag: W/"66bef62c-1b370"
expires: Mon, 16 Sep 2024 22:57:22 GMT
cache-control: max-age=2592000, must-revalidate
content-encoding: br

GET it.vipleague.im/img/topmenu.png

45.178.6.110

200 OK

8.4 kB

URL GET HTTP/3
it.vipleague.im/img/topmenu.png
IP
45.178.6.110:443
ASN
#64122 SWISS GLOBAL SERVICES S.A.S

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectvipleague.im
FingerprintD0:C1:A4:8A:E6:22:6B:F3:64:17:A5:28:D9:A0:DA:50:1A:B6:F7:1E
ValidityMon, 01 Jul 2024 03:06:12 GMT - Sun, 29 Sep 2024 03:06:11 GMT

File type
PNG image data, 42 x 756, 8-bit colormap, non-interlaced
Size
8.4 kB (8389 bytes)
Hash
02fbdcb6ba741a2ea895f71655bfb206
93f8af99c28a6b8778cbceeb9ac492a03e0960bb
e211c399a655c42dac11591a957af6aa23eeeb3ad221f6f0ea251b36d63da21a

HTTP Headers

GET /img/topmenu.png HTTP/1.1
Host: it.vipleague.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.vipleague.im/stream.min.css?v=3.0.1
Cookie: _dt_vs=AAAAAhQCEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXIN
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:22 GMT
content-type: image/png
content-length: 8389
last-modified: Tue, 12 Oct 2021 06:11:27 GMT
vary: accept-encoding
etag: "6165270f-20c5"
expires: Mon, 16 Sep 2024 22:57:22 GMT
cache-control: max-age=2592000, must-revalidate
accept-ranges: bytes

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4df6d532402c9b6937d3dfe3f2107172
2236e241c131cfba5d838041f85f9ed4f2308726
b676ac09516d27608228cc8e12a1af0c94c90cb508820b0a1f706e1db8a4f73b

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B676AC09516D27608228CC8E12A1AF0C94C90CB508820B0A1F706E1DB8A4F73B"
Last-Modified: Thu, 15 Aug 2024 18:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2181
Expires: Sat, 17 Aug 2024 23:33:43 GMT
Date: Sat, 17 Aug 2024 22:57:22 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4df6d532402c9b6937d3dfe3f2107172
2236e241c131cfba5d838041f85f9ed4f2308726
b676ac09516d27608228cc8e12a1af0c94c90cb508820b0a1f706e1db8a4f73b

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B676AC09516D27608228CC8E12A1AF0C94C90CB508820B0A1F706E1DB8A4F73B"
Last-Modified: Thu, 15 Aug 2024 18:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2156
Expires: Sat, 17 Aug 2024 23:33:18 GMT
Date: Sat, 17 Aug 2024 22:57:22 GMT
Connection: keep-alive

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cbe043b00fd34a061807096ec5006e7d
d66859e488d6d6cd388554e1c3831ff582e1b91c
b78fd9fa12e3b821a9ba9aa09e204eaca3f3f68bdb09aea6d435f6501a321c57

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Aug 2024 22:57:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET darcyjellynobles.com/bc4710b84ae50f44dd7b2136596e6cda/invoke.js

192.243.61.227

200 OK

10 kB

URL GET HTTP/1.1
darcyjellynobles.com/bc4710b84ae50f44dd7b2136596e6cda/invoke.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectdarcyjellynobles.com
FingerprintF5:1A:00:50:C3:92:18:A8:A3:29:7F:31:9A:83:49:2B:36:D9:31:26
ValiditySat, 27 Jul 2024 15:46:42 GMT - Fri, 25 Oct 2024 15:46:41 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (26784), with no line terminators
Size
10 kB (9994 bytes)
Hash
c7081dcf879d4fdf52b148ff68ed192e
9dd2da0daa3f4d15274abd95ab0270a73a7d4423
b5acd6bf00d1b11a3aa897b7c75f454fc771f6fa4c0c88cba9e461925be9cb6f

HTTP Headers

GET /bc4710b84ae50f44dd7b2136596e6cda/invoke.js HTTP/1.1
Host: darcyjellynobles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.vipleague.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 17 Aug 2024 22:57:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: ac3be559b4a5134f9b47e383160f91e2
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400;600;700&display=swap

142.250.74.106

200 OK

27 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400;600;700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintC4:3F:12:39:D2:EC:4C:2C:1C:0A:A6:18:8E:2A:97:2C:D8:C2:7E:AF
ValidityTue, 30 Jul 2024 12:49:45 GMT - Tue, 22 Oct 2024 12:49:44 GMT

File type
gzip compressed data, max compression
Size
27 kB (27155 bytes)
Hash
16f2a1eb2968dcfc50d9c603d395cb4b
e130613fb9272d7be09833de18df0a597d097aed
1740c66c5366301c1e2f78f117693270f950d62540959a6771dc3c859038c795

HTTP Headers

GET /css2?family=Source+Sans+Pro:wght@400;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://it.vipleague.im
DNT: 1
Connection: keep-alive
Referer: https://it.vipleague.im/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 17 Aug 2024 22:57:22 GMT
date: Sat, 17 Aug 2024 22:57:22 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET psauthowups.net/5/6274610/?oo=1&aab=1

139.45.197.242

200 OK

149 B

URL GET HTTP/2
psauthowups.net/5/6274610/?oo=1&aab=1
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectpsauthowups.net
FingerprintAC:11:34:64:3B:C2:D4:3B:36:CE:8C:D4:C7:FA:3E:E4:26:CE:05:0B
ValidityFri, 09 Aug 2024 16:59:12 GMT - Thu, 07 Nov 2024 16:59:11 GMT

File type
JSON text data
Size
149 B (149 bytes)
Hash
5d15d4b57f77e89ce651bb04dc14da6a
4386692486d1d58ed5220d92b4a62cff86823034
73887299bb9ed41a6cf31b7416f2d0ab27e6af3a0b772cef03d635fd3d82cf11

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6274610/?oo=1&aab=1 HTTP/1.1
Host: psauthowups.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://it.vipleague.im
DNT: 1
Connection: keep-alive
Referer: https://it.vipleague.im/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:22 GMT
content-type: application/json
content-length: 149
x-trace-id: 2e3a720120d00bd1c9e59d5dbcbcaf5b
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://it.vipleague.im
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0080bb72f6bd4fa2e19dd6bbf050db9c; expires=Sun, 17 Aug 2025 22:57:22 GMT; path=/; secure; SameSite=None
oaidts=1723935442; expires=Sun, 17 Aug 2025 22:57:22 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ecfb8f1d83b6f8c8c71e2cdd0d9560cb
b9de0c6652450cec715dec07b98871d318f9a797
ff0e676433c748b200f137224e4e0900517ce1ca93575b7f592a45183f9779cb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 17 Aug 2024 22:57:22 GMT
Last-Modified: Sat, 17 Aug 2024 21:23:38 GMT
Server: ECAcc (ska/F756)
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: oYfHd9VDDg7Y3TWpDMZgSE9URIFAKdv2oNRA2NijybZ4YbZ2muCOEw==
Age: 5624

GET proftrafficcounter.com/stats

35.157.218.37

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
35.157.218.37:443
ASN
#16509 AMAZON-02

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
da84f9df3f1b1f28fcaa8a91431ff35c
67ce5afe8d2b715671fa7f41b1c598c1b61757b2
d2395ae21405799e7f296e4ff5af63a12d63f712067d64ef225db5a29d00fbd3

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://it.vipleague.im
DNT: 1
Connection: keep-alive
Referer: https://it.vipleague.im/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 Aug 2024 22:57:22 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://it.vipleague.im
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=e580c763-6220-4f74-8119-57e0d838c79c:3:1; expires=Tue, 15 Aug 2034 22:57:22 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4e957a61029b1b7990b2de6b0b9e2a37
253e252540ab958c3370460b0c6be8e90c7f1965
43392e6d124bbbe7f465c8d2b888881ca91e017bbfdb49e6d8222ffb7d34ed42

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "43392E6D124BBBE7F465C8D2B888881CA91E017BBFDB49E6D8222FFB7D34ED42"
Last-Modified: Fri, 16 Aug 2024 07:09:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5389
Expires: Sun, 18 Aug 2024 00:27:11 GMT
Date: Sat, 17 Aug 2024 22:57:22 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b1e545a7f209ac34b2978871fb2cca1e
f3a58084f16a1b0ecb79211bb5ed22b9ba01f948
0b6e51fa603f82eb95213e6c86693b8e207e5c355d524dc70e0d41f46bd0cf62

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0B6E51FA603F82EB95213E6C86693B8E207E5C355D524DC70E0D41F46BD0CF62"
Last-Modified: Sat, 17 Aug 2024 08:15:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3567
Expires: Sat, 17 Aug 2024 23:56:50 GMT
Date: Sat, 17 Aug 2024 22:57:23 GMT
Connection: keep-alive

POST kenitv.me/sd0embed/UFC

45.178.6.126

200 OK

16 kB

URL POST HTTP/2
kenitv.me/sd0embed/UFC
IP
45.178.6.126:443
ASN
#64122 SWISS GLOBAL SERVICES S.A.S

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectkenitv.me
Fingerprint4E:76:B6:6D:A6:64:C5:46:1A:22:3B:B2:0C:06:99:ED:D0:08:CE:6A
ValidityWed, 31 Jul 2024 09:36:01 GMT - Tue, 29 Oct 2024 09:36:00 GMT

File type
HTML document, ASCII text, with very long lines (28603), with CRLF, LF line terminators
Size
16 kB (15831 bytes)
Hash
7408a583adc450f566b9ac29a2e9097c
f775fa3a535fb7c9e56bb55a958b55a39443a4f3
97e58fea6957152e8386cb8668bdafc94a36b7d62d5dffefe7c51b2e91c131be

HTTP Headers

POST /sd0embed/UFC HTTP/1.1
Host: kenitv.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 81
Origin: https://it.vipleague.im
DNT: 1
Connection: keep-alive
Referer: https://it.vipleague.im/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:22 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: tamedy=1; expires=Sun, 18 Aug 2024 10:57:22 GMT; Max-Age=43200; path=/; domain=.kenitv.me; secure; HttpOnly; SameSite=None
_pshflg=~; expires=Sun, 18 Aug 2024 10:57:22 GMT; Max-Age=43200; path=/; domain=.kenitv.me; secure; HttpOnly; SameSite=None
link: <https://sts.kenitv.me/scripts/jwhls/jwplayer.hlsjs.24mar31.min.js>; rel=preload; as=script, <https://sts.kenitv.me/scripts/player/8.30.1/jwplayer.min.js>; rel=preload; as=script, <https://sts.kenitv.me/scripts/jwhls/hls.light.24aug09.min.js>; rel=preload; as=script,
strict-transport-security: max-age=324000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
alt-svc: h3=":443"; ma=86400
content-encoding: br
X-Firefox-Spdy: h2

GET sts.kenitv.me/scripts/jwhls/hls.light.24aug09.min.js

172.67.160.6

200 OK

148 kB

URL GET HTTP/3
sts.kenitv.me/scripts/jwhls/hls.light.24aug09.min.js
IP
172.67.160.6:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kenitv.me/sd0embed/UFC
Certificate
IssuerGoogle Trust Services
Subjectkenitv.me
Fingerprint24:EA:F3:77:10:4C:0B:55:D4:6C:1C:86:1B:4C:3F:C2:CA:4C:FC:5F
ValidityWed, 31 Jul 2024 08:54:04 GMT - Tue, 29 Oct 2024 08:54:03 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
148 kB (147690 bytes)
Hash
ed3732da73081eb164a9d017a0f83cf7
d7473bd6e06e98c4ef34ac2aa46b95235b3e7ef7
905f2ac18219d517573f6038766c1487733b78db251427e32fc6589a53e65e25

HTTP Headers

GET /scripts/jwhls/hls.light.24aug09.min.js HTTP/1.1
Host: sts.kenitv.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kenitv.me/
Cookie: tamedy=1; _pshflg=~
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 17 Aug 2024 22:57:23 GMT
content-type: application/javascript
last-modified: Fri, 09 Aug 2024 18:04:06 GMT
vary: Accept-Encoding
etag: W/"66b65a16-75e91"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, must-revalidate
cf-cache-status: HIT
age: 708667
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fHkym4KqOSeScpFa3DeECJIsIZ5yPX5%2FasCyvZhaxwdlRs2hM%2Fn0NacRFNsMeaosX1bW9l5JCzZ%2BuH%2FWoJhfXm55tJkRftnM6h9siTA3JqfIwAIX1q7mlWWIslgrQmWQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8b4d4346aae30afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET it.vipleague.im/fav/apple-touch-icon.png

45.178.6.110

200 OK

6.7 kB

URL GET HTTP/3
it.vipleague.im/fav/apple-touch-icon.png
IP
45.178.6.110:443
ASN
#64122 SWISS GLOBAL SERVICES S.A.S

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectvipleague.im
FingerprintD0:C1:A4:8A:E6:22:6B:F3:64:17:A5:28:D9:A0:DA:50:1A:B6:F7:1E
ValidityMon, 01 Jul 2024 03:06:12 GMT - Sun, 29 Sep 2024 03:06:11 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
6.7 kB (6730 bytes)
Hash
361164eb4fd536fc94548779c02343f8
72ec9ed848bd70f6d272113ebabc96fd68a93c69
c3d9088192864b2ae559257c46dde6d981bf9d7dfd46d5f10abdcf731f96745e

HTTP Headers

GET /fav/apple-touch-icon.png HTTP/1.1
Host: it.vipleague.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
DNT: 1
Connection: keep-alive
Cookie: _dt_vs=AAAAAhQCEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXIN; dom3ic8zudi28v8lr6fgphwffqoz0j6c=e580c763-6220-4f74-8119-57e0d838c79c%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:23 GMT
content-type: image/png
content-length: 6730
last-modified: Tue, 12 Oct 2021 09:23:25 GMT
vary: accept-encoding
etag: "6165540d-1a4a"
expires: Mon, 16 Sep 2024 22:57:23 GMT
cache-control: max-age=2592000, public
accept-ranges: bytes

GET sts.kenitv.me/scripts/jwhls/jwplayer.hlsjs.24mar31.min.js

172.67.160.6

200 OK

7.6 kB

URL GET HTTP/3
sts.kenitv.me/scripts/jwhls/jwplayer.hlsjs.24mar31.min.js
IP
172.67.160.6:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kenitv.me/sd0embed/UFC
Certificate
IssuerGoogle Trust Services
Subjectkenitv.me
Fingerprint24:EA:F3:77:10:4C:0B:55:D4:6C:1C:86:1B:4C:3F:C2:CA:4C:FC:5F
ValidityWed, 31 Jul 2024 08:54:04 GMT - Tue, 29 Oct 2024 08:54:03 GMT

File type
JavaScript source, ASCII text, with very long lines (15881), with no line terminators
Size
7.6 kB (7596 bytes)
Hash
0268574fc8685b9fd0942ae714211e62
937902fc96b55fad3af1b2ce84bdee908f410937
4233725bad5f88611cbbbe82dbb34421dc9a6e16215b06242e97f0444e6034fb

HTTP Headers

GET /scripts/jwhls/jwplayer.hlsjs.24mar31.min.js HTTP/1.1
Host: sts.kenitv.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kenitv.me/
Cookie: tamedy=1; _pshflg=~
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 17 Aug 2024 22:57:22 GMT
content-type: application/javascript
last-modified: Sun, 31 Mar 2024 10:57:20 GMT
vary: Accept-Encoding
etag: W/"66094190-3e09"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, must-revalidate
cf-cache-status: HIT
age: 1513258
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YWE1dUyM8zVIyfiT0HRkTF1yYvhKn1j%2FjS4iqjzLwvGxm3V0r1zlwR5E2idc%2BhJqOnYB4TE2kczsyk4eY48RyItJk%2B5BFLVpdw2WysH80PkmPuuZIPI4BA%2BsXJKFuhsx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8b4d4346aae00afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET rudderleisurelyobstinate.com/ntv.json?key=bc4710b84ae50f44dd7b2136596e6cda&vstc=1

172.240.108.84

200 OK

4.0 kB

URL GET HTTP/1.1
rudderleisurelyobstinate.com/ntv.json?key=bc4710b84ae50f44dd7b2136596e6cda&vstc=1
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectrudderleisurelyobstinate.com
Fingerprint6D:BD:0F:3E:A0:3C:60:C5:3D:AD:6F:C8:65:B6:80:FB:00:8A:57:3E
ValidityTue, 02 Jul 2024 14:45:14 GMT - Mon, 30 Sep 2024 14:45:13 GMT

File type
JSON text data
Size
4.0 kB (4010 bytes)
Hash
41540420bd5497018d7ae88115cc70fd
da427f61fb8fce29d5eb6d55a61faee852c5e86e
b3ca3fe87e7046ea6118e4752421f009f3f5fed1c36af530c2a9e1174468f8e4

HTTP Headers

GET /ntv.json?key=bc4710b84ae50f44dd7b2136596e6cda&vstc=1 HTTP/1.1
Host: rudderleisurelyobstinate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://it.vipleague.im
DNT: 1
Connection: keep-alive
Referer: https://it.vipleague.im/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 17 Aug 2024 22:57:23 GMT
Content-Type: application/json
Content-Length: 4010
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://it.vipleague.im
Access-Control-Allow-Origin: https://it.vipleague.im
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=20236717; expires=Sun, 18 Aug 2024 22:57:23 GMT; path=/; secure; SameSite=None
pdhtkv=true; expires=Sun, 18 Aug 2024 22:57:23 GMT; path=/; secure; SameSite=None
uncs=1; expires=Sun, 18 Aug 2024 22:57:23 GMT; path=/; secure; SameSite=None
pdhtkv49=true; expires=Sun, 18 Aug 2024 22:57:23 GMT; path=/; secure; SameSite=None
uncs49=1; expires=Sun, 18 Aug 2024 22:57:23 GMT; path=/; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 908ce5b7f603e36caaee9cf83bb0bf03
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

POST kenitv.me/sd0embed/UFC

45.178.6.126

200 OK

0 B

URL POST HTTP/2
kenitv.me/sd0embed/UFC
IP
45.178.6.126:443
ASN
#64122 SWISS GLOBAL SERVICES S.A.S

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectkenitv.me
Fingerprint4E:76:B6:6D:A6:64:C5:46:1A:22:3B:B2:0C:06:99:ED:D0:08:CE:6A
ValidityWed, 31 Jul 2024 09:36:01 GMT - Tue, 29 Oct 2024 09:36:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /sd0embed/UFC HTTP/1.1
Host: kenitv.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kenitv.me/sd0embed/UFC
DNT: 1
Connection: keep-alive
Cookie: tamedy=1; _pshflg=~
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:23 GMT
content-type: application/octet-stream
content-length: 2
strict-transport-security: max-age=324000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
alt-svc: h3=":443"; ma=86400

GET fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2

216.58.207.227

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintF2:15:54:4E:F3:58:7F:5A:14:9D:F2:45:37:0E:B1:A6:48:C6:2B:14
ValidityTue, 30 Jul 2024 12:49:30 GMT - Tue, 22 Oct 2024 12:49:29 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14712, version 1.0
Size
15 kB (14712 bytes)
Hash
3afeae0d768769f5e5f30ac9805c5b70
3ada17c2b462db3e7a1fd85c3f4670dfe7704f4d
0d0a6262c545e8bbc895116e5afb22579c468d7abb77e378f377d6fed57c1dce

HTTP Headers

GET /s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://it.vipleague.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14712
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Aug 2024 12:12:48 GMT
expires: Thu, 14 Aug 2025 12:12:48 GMT
cache-control: public, max-age=31536000
age: 297875
last-modified: Thu, 01 Jun 2023 22:52:57 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET walletkeyslocker.me/?scode=RLVi6PlvWO__sCrVjpgjxw&stream=wi6ag0hux0ha60zorujo&expires=1723935472

172.67.70.1

200 OK

588 B

URL GET HTTP/2
walletkeyslocker.me/?scode=RLVi6PlvWO__sCrVjpgjxw&stream=wi6ag0hux0ha60zorujo&expires=1723935472
IP
172.67.70.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kenitv.me/sd0embed/UFC
Certificate
IssuerGoogle Trust Services
Subjectwalletkeyslocker.me
FingerprintBF:6E:C0:14:58:72:1B:F6:BC:D5:5E:A0:C0:C7:82:5F:75:15:CC:A4
ValidityThu, 11 Jul 2024 17:49:03 GMT - Wed, 09 Oct 2024 17:49:02 GMT

File type
gzip compressed data, from Unix
Size
588 B (588 bytes)
Hash
293fb36877075e6292d256531ce73385
cba9c491313f293c0c1af889fdd9a6020ff31ee4
52e93dde1dde90c4161f44301b0341a26f7b819293772637c831fc649b4d14ad

HTTP Headers

GET /?scode=RLVi6PlvWO__sCrVjpgjxw&stream=wi6ag0hux0ha60zorujo&expires=1723935472 HTTP/1.1
Host: walletkeyslocker.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kenitv.me
DNT: 1
Connection: keep-alive
Referer: https://kenitv.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 Aug 2024 22:57:23 GMT
content-type: application/json
vary: Accept-Encoding
k-auth-type: hit
ser-loc-id: loc-004
expires: Sat, 17 Aug 2024 22:57:23 GMT
cache-control: max-age=0
access-control-allow-origin: https://kenitv.me
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YIhFg7WLUnRd8rSNQFMe64znKEnbsRgvBSiRbPIaJOXo5ZsXdxHb%2FFJVa3o%2Fv20o%2B6Rmda3eHvnF4Zve2BSNft5eb2mHwTaCiySDrM3XbxW3Oq0JJuV6c1ufCJDToyEgRrt554k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b4d4348e8ad56bd-OSL
X-Firefox-Spdy: h2

GET sts.kenitv.me/scripts/player/8.30.1/jwplayer.core.controls.min.js

172.67.160.6

200 OK

86 kB

URL GET HTTP/3
sts.kenitv.me/scripts/player/8.30.1/jwplayer.core.controls.min.js
IP
172.67.160.6:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kenitv.me/sd0embed/UFC
Certificate
IssuerGoogle Trust Services
Subjectkenitv.me
Fingerprint24:EA:F3:77:10:4C:0B:55:D4:6C:1C:86:1B:4C:3F:C2:CA:4C:FC:5F
ValidityWed, 31 Jul 2024 08:54:04 GMT - Tue, 29 Oct 2024 08:54:03 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
86 kB (86518 bytes)
Hash
98ab50e4ff7abb469b222a3708d4b8c3
3df341d1fc83d4aa26859afbdb4f037eeff4e8bc
0d19cba3bb2146c2edecdc48135e0bcf15b3a0a50c9dfc4ddb82c2760deb7cf0

HTTP Headers

GET /scripts/player/8.30.1/jwplayer.core.controls.min.js HTTP/1.1
Host: sts.kenitv.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kenitv.me/sd0embed/UFC
DNT: 1
Connection: keep-alive
Cookie: tamedy=1; _pshflg=~
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 17 Aug 2024 22:57:23 GMT
content-type: application/javascript
last-modified: Fri, 15 Dec 2023 16:04:37 GMT
vary: Accept-Encoding
etag: W/"657c7915-4f204"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, must-revalidate
cf-cache-status: HIT
age: 1513257
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9tJXOqAj8FYCSJA1OrsyoR1MG8vben7vlMvh9KvSyC9kkYQRujSSxGU85y0jGiTURBWxcWxjU3oqfFARRn1fby8TGcKpIZShQiqkebXYtkOJOWHvOf9c2vikjHWBEH8r"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8b4d43488bc70afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET rudderleisurelyobstinate.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSuDosHA4Ia8OCljxpk0j3T27NjDuK6ri6u2ZgoepPqqprZcqq7mqr%2BMbunxYAEvEyO8dT7zW6W%2FFAURLwYtTcQQkDY8SB7yP4TgniUniyOPije%2B973Cr56X32xm5%2BQNnJ6vPK%2B3pZK0QuLLc995RPfv%2BiuyyQfuaOl8NMwuOia4vVe2PJedd8RbKgvtD3f83zPd1elEX09utCQkOm9nt%2Fqea2g3fIXA4zM%2F7HNHVjqgBcn5AVIPl144JyDZDWS%2BNsVYYeZTl97O84VzbRBwQ8%2BSoaJLhPE87JvHPSTg9NpaHu0eh862Z%2FJhS7%2BHYzklDgP7yNKDk5FIir2ZjojBZEg4mdRFjWEqiFpDaavQfIjAjCOSxtI4luXtCnp1lOWNuyULPz1J2Q5JQtPziGJv1lWcuRe1SrPpE4sRv0KclRDDmqk%2BSGy7TOQ5SFY9jkk%2F414L51FEt999%2FDHQg7dQpghJK9mK5CyhuzXUGIMah3kzZEO8r6DPHUQ82OX%2Bb7f9Tij3lKPsQ7viijknk%2B7fZ%2F6XriEnDUqx8jSMZgag5kdpGYHQ3njKHgCk%2F8Cu1nBcgc2mxLngx0UvEIpCEpLUFKCUhKUGUFZVPtc2batbnFl88g%2Fze3T3KkmOhvs0n2dDURCQM0Yhle76Ql5vtmUEzz6GkNx7EYs6PpetBRQsej1g4DzbtT2O%2BFiLxQh4xRWVpD2zOzV241r399BKo%2Bch4joIaw6BJMvguY%2BaFmBblbYTm4XMo30qKUYuK6QZgvItpxddUJentm0nnwJwR6T0wAzFVJT4TP5gGCgrk%2Bu6JLsXdGlJd9tpJmM5TZtLLya0Uw8c%2Bc9sVVqw9dW7Pj2m6whmvLeh8Jm6zThMhlYcndZci7MqjZMkJ%2FW7MciupzbzeXcJHm6fvmt1bU4NcJaqZMaVB5t%2FA0mp%2BS5P36Y%2Fc3zN3%2BGNDVMXiHO50qlrsHSHdh03rOawKg5jlIHZV5NTDuaN5UkUGKOaVTB%2FgdH83piaHObymrXXsfAOKDZNSRxhcJUKFQFqsaw%2BbOTLDWP33h0s4mvEClnEinj7EXKqBtPl2zlsdvtdDwa9hb9bpeKbhS0l%2FqhzyltB2E7DGkHmZ32fz3%2F%2Bz8BAAD%2F%2FxNcjr9wBAAA

172.240.108.84

200 OK

7 B

URL GET HTTP/1.1
rudderleisurelyobstinate.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSuDosHA4Ia8OCljxpk0j3T27NjDuK6ri6u2ZgoepPqqprZcqq7mqr%2BMbunxYAEvEyO8dT7zW6W%2FFAURLwYtTcQQkDY8SB7yP4TgniUniyOPije%2B973Cr56X32xm5%2BQNnJ6vPK%2B3pZK0QuLLc995RPfv%2BiuyyQfuaOl8NMwuOia4vVe2PJedd8RbKgvtD3f83zPd1elEX09utCQkOm9nt%2Fqea2g3fIXA4zM%2F7HNHVjqgBcn5AVIPl144JyDZDWS%2BNsVYYeZTl97O84VzbRBwQ8%2BSoaJLhPE87JvHPSTg9NpaHu0eh862Z%2FJhS7%2BHYzklDgP7yNKDk5FIir2ZjojBZEg4mdRFjWEqiFpDaavQfIjAjCOSxtI4luXtCnp1lOWNuyULPz1J2Q5JQtPziGJv1lWcuRe1SrPpE4sRv0KclRDDmqk%2BSGy7TOQ5SFY9jkk%2F414L51FEt999%2FDHQg7dQpghJK9mK5CyhuzXUGIMah3kzZEO8r6DPHUQ82OX%2Bb7f9Tij3lKPsQ7viijknk%2B7fZ%2F6XriEnDUqx8jSMZgag5kdpGYHQ3njKHgCk%2F8Cu1nBcgc2mxLngx0UvEIpCEpLUFKCUhKUGUFZVPtc2batbnFl88g%2Fze3T3KkmOhvs0n2dDURCQM0Yhle76Ql5vtmUEzz6GkNx7EYs6PpetBRQsej1g4DzbtT2O%2BFiLxQh4xRWVpD2zOzV241r399BKo%2Bch4joIaw6BJMvguY%2BaFmBblbYTm4XMo30qKUYuK6QZgvItpxddUJentm0nnwJwR6T0wAzFVJT4TP5gGCgrk%2Bu6JLsXdGlJd9tpJmM5TZtLLya0Uw8c%2Bc9sVVqw9dW7Pj2m6whmvLeh8Jm6zThMhlYcndZci7MqjZMkJ%2FW7MciupzbzeXcJHm6fvmt1bU4NcJaqZMaVB5t%2FA0mp%2BS5P36Y%2Fc3zN3%2BGNDVMXiHO50qlrsHSHdh03rOawKg5jlIHZV5NTDuaN5UkUGKOaVTB%2FgdH83piaHObymrXXsfAOKDZNSRxhcJUKFQFqsaw%2BbOTLDWP33h0s4mvEClnEinj7EXKqBtPl2zlsdvtdDwa9hb9bpeKbhS0l%2FqhzyltB2E7DGkHmZ32fz3%2F%2Bz8BAAD%2F%2FxNcjr9wBAAA
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectrudderleisurelyobstinate.com
Fingerprint6D:BD:0F:3E:A0:3C:60:C5:3D:AD:6F:C8:65:B6:80:FB:00:8A:57:3E
ValidityTue, 02 Jul 2024 14:45:14 GMT - Mon, 30 Sep 2024 14:45:13 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSuDosHA4Ia8OCljxpk0j3T27NjDuK6ri6u2ZgoepPqqprZcqq7mqr%2BMbunxYAEvEyO8dT7zW6W%2FFAURLwYtTcQQkDY8SB7yP4TgniUniyOPije%2B973Cr56X32xm5%2BQNnJ6vPK%2B3pZK0QuLLc995RPfv%2BiuyyQfuaOl8NMwuOia4vVe2PJedd8RbKgvtD3f83zPd1elEX09utCQkOm9nt%2Fqea2g3fIXA4zM%2F7HNHVjqgBcn5AVIPl144JyDZDWS%2BNsVYYeZTl97O84VzbRBwQ8%2BSoaJLhPE87JvHPSTg9NpaHu0eh862Z%2FJhS7%2BHYzklDgP7yNKDk5FIir2ZjojBZEg4mdRFjWEqiFpDaavQfIjAjCOSxtI4luXtCnp1lOWNuyULPz1J2Q5JQtPziGJv1lWcuRe1SrPpE4sRv0KclRDDmqk%2BSGy7TOQ5SFY9jkk%2F414L51FEt999%2FDHQg7dQpghJK9mK5CyhuzXUGIMah3kzZEO8r6DPHUQ82OX%2Bb7f9Tij3lKPsQ7viijknk%2B7fZ%2F6XriEnDUqx8jSMZgag5kdpGYHQ3njKHgCk%2F8Cu1nBcgc2mxLngx0UvEIpCEpLUFKCUhKUGUFZVPtc2batbnFl88g%2Fze3T3KkmOhvs0n2dDURCQM0Yhle76Ql5vtmUEzz6GkNx7EYs6PpetBRQsej1g4DzbtT2O%2BFiLxQh4xRWVpD2zOzV241r399BKo%2Bch4joIaw6BJMvguY%2BaFmBblbYTm4XMo30qKUYuK6QZgvItpxddUJentm0nnwJwR6T0wAzFVJT4TP5gGCgrk%2Bu6JLsXdGlJd9tpJmM5TZtLLya0Uw8c%2Bc9sVVqw9dW7Pj2m6whmvLeh8Jm6zThMhlYcndZci7MqjZMkJ%2FW7MciupzbzeXcJHm6fvmt1bU4NcJaqZMaVB5t%2FA0mp%2BS5P36Y%2Fc3zN3%2BGNDVMXiHO50qlrsHSHdh03rOawKg5jlIHZV5NTDuaN5UkUGKOaVTB%2FgdH83piaHObymrXXsfAOKDZNSRxhcJUKFQFqsaw%2BbOTLDWP33h0s4mvEClnEinj7EXKqBtPl2zlsdvtdDwa9hb9bpeKbhS0l%2FqhzyltB2E7DGkHmZ32fz3%2F%2Bz8BAAD%2F%2FxNcjr9wBAAA HTTP/1.1
Host: rudderleisurelyobstinate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.vipleague.im/
Cookie: u_pl=20236717; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 17 Aug 2024 22:57:23 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 16d26929d330d2e1f5178b41635bef20
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6a5dc19f4e051425a9d33aff52f496f6
920403da652028daadc593b70d126c07f3ab7439
504e3a5ec27fe0ea5cb89ce4e296fcf1a1054cf193df945b973fca6f11bb47d2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "504E3A5EC27FE0EA5CB89CE4E296FCF1A1054CF193DF945B973FCA6F11BB47D2"
Last-Modified: Fri, 16 Aug 2024 07:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2067
Expires: Sat, 17 Aug 2024 23:31:50 GMT
Date: Sat, 17 Aug 2024 22:57:23 GMT
Connection: keep-alive

GET thubanoa.com/1?z=6533428

139.45.197.242

200 OK

42 kB

URL GET HTTP/2
thubanoa.com/1?z=6533428
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://kenitv.me/sd0embed/UFC
Certificate
IssuerLet's Encrypt
Subjectthubanoa.com
FingerprintD2:43:91:6F:01:A1:FD:1A:5A:53:F8:E0:2E:6F:62:7F:D1:F2:D6:BF
ValidityThu, 27 Jun 2024 00:50:47 GMT - Wed, 25 Sep 2024 00:50:46 GMT

File type
gzip compressed data, max speed, from Unix
Size
42 kB (42235 bytes)
Hash
2c565ce522bc589f67d48559c259edd5
7e06bcdda53480d4b39741eee180bb637b1fc967
005544afc8d96d7bbb1c1cd17ebd39415a50190f02bfeaebbead51f68edcbb6b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=6533428 HTTP/1.1
Host: thubanoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kenitv.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:23 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: ba14189376071ce8ac554dbab763db2f
access-control-expose-headers: X-Sc
x-sc: izizjLYXz8tWDnd6eYWMv-XClRDTsV7HApzJzYD4v296uQsFue3DesLVwCCDJ_EVwUi2YqbGIPkdBhMIrV1-6tMuYSg=
set-cookie: scm=1; expires=Sun, 17 Aug 2025 22:57:23 GMT; secure; SameSite=None
OAID=0400bb1bda354e45e9755905a83f6b3b; expires=Sun, 17 Aug 2025 22:57:23 GMT; secure; SameSite=None
oaidts=1723935443; expires=Sun, 17 Aug 2025 22:57:23 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET rudderleisurelyobstinate.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2BrwQXFgS14MLNLLXI9L3J%2FIpdiDFGg7GpraI7ub%2Fe5Dr3vfu49%2F2YZBUsSMHNdFlXL98kDf2hKIi4sepLoZSCkHEhWTT%2FhCAu5U2Dowcu53znOxe%2Be777xW52QlrI6PHK%2B2ZbaU0vdJp%2B45VPguBiY13F2agx6nc%2F7bYvNmz%2B%2BlK36b%2FaeEfyobnQ8gPfD%2FygsaqsDM3oQk1CJfeWguaS32y3mkGnjZH9P3aZB0c9iPyEvAAlpgsPvHNQvEIcfbsi3TA1yWtvR5mmqbHIxcFH8TA2RYxoXobWQxgfnE7DuKPV%2BzDx%2FkwuTP7vIFNT4j28DxYfnIoEy%2FdmOpmGjMHEWRR5BakrKFqBm2tQ4ogAXODSBuLo1iVjC7r1lKU1OyULf%2F0JVUzJwpNziKNvlrUaNa4anaXKxA6jsIQaVVCDCkl2iHT7DFRxCJ5%2BDiV%2BI%2F5LZxFHd989%2FDFXw0Yu7RBKlLMVKFVBhRW0HIM6D1l9lIcs9JAlHiJx3OBBEPR8wanfX%2BJ8UfQk6wo%2FoL0woIHf7SPjtcox0mQMrsfgdgeJ3cFQ3ThqP4HNfoHbLOGEB5dOiffBDnJRopAEhSMoKEGhCIqUoMjLfaFdy5W3hHYZC05z6zQvlhOTDnbpvkkHMiagdgwryt3khDxfb8prP%2FoaQ3ncYLzdC3zWb1PZ8cN2W4geawWL3c5SV3a5oHCqhHJnZq%2Ferl37%2Fg4SdeQ9BKOHcPoQXL0ImgWgRQm6WWI7vp2rhJlRU3MIUyJJF5Buebv6hLw8s2k9%2FhKSPyanAW5LJLbEZ%2BoBwUBfn1wxBdm7YgpHvttIUhWpbVpbeDWlqXzmzntyqzBWrK248e03eU3U5b0PpUvXaSxUPHDk7rISQtpVY7kkP625jyW7nLnN5czGWbJ%2B%2Ba3VtSix0jll4gpUHW38Da6m5Lk%2Ffpj9zfM3f4ayFWxWIsrmSpWpwJMduGTec4bA6jlmiYciKye2xeZNrQi0nGPKSrj%2FYDavJ5bWt6kqd911DKwHml5DHJXIbYlcl6B6DJc9O0kT%2B%2FiNRzfr%2BApMexOmrbfHtNU3ni7ZqePGoi96TIayx2S70w4lF6zTYT4POVsU%2FT5H6qbhr%2Bd%2F%2FycAAP%2F%2Fk4hbV3AEAAA%3D

172.240.108.84

200 OK

7 B

URL GET HTTP/1.1
rudderleisurelyobstinate.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2BrwQXFgS14MLNLLXI9L3J%2FIpdiDFGg7GpraI7ub%2Fe5Dr3vfu49%2F2YZBUsSMHNdFlXL98kDf2hKIi4sepLoZSCkHEhWTT%2FhCAu5U2Dowcu53znOxe%2Be777xW52QlrI6PHK%2B2ZbaU0vdJp%2B45VPguBiY13F2agx6nc%2F7bYvNmz%2B%2BlK36b%2FaeEfyobnQ8gPfD%2FygsaqsDM3oQk1CJfeWguaS32y3mkGnjZH9P3aZB0c9iPyEvAAlpgsPvHNQvEIcfbsi3TA1yWtvR5mmqbHIxcFH8TA2RYxoXobWQxgfnE7DuKPV%2BzDx%2FkwuTP7vIFNT4j28DxYfnIoEy%2FdmOpmGjMHEWRR5BakrKFqBm2tQ4ogAXODSBuLo1iVjC7r1lKU1OyULf%2F0JVUzJwpNziKNvlrUaNa4anaXKxA6jsIQaVVCDCkl2iHT7DFRxCJ5%2BDiV%2BI%2F5LZxFHd989%2FDFXw0Yu7RBKlLMVKFVBhRW0HIM6D1l9lIcs9JAlHiJx3OBBEPR8wanfX%2BJ8UfQk6wo%2FoL0woIHf7SPjtcox0mQMrsfgdgeJ3cFQ3ThqP4HNfoHbLOGEB5dOiffBDnJRopAEhSMoKEGhCIqUoMjLfaFdy5W3hHYZC05z6zQvlhOTDnbpvkkHMiagdgwryt3khDxfb8prP%2FoaQ3ncYLzdC3zWb1PZ8cN2W4geawWL3c5SV3a5oHCqhHJnZq%2Ferl37%2Fg4SdeQ9BKOHcPoQXL0ImgWgRQm6WWI7vp2rhJlRU3MIUyJJF5Buebv6hLw8s2k9%2FhKSPyanAW5LJLbEZ%2BoBwUBfn1wxBdm7YgpHvttIUhWpbVpbeDWlqXzmzntyqzBWrK248e03eU3U5b0PpUvXaSxUPHDk7rISQtpVY7kkP625jyW7nLnN5czGWbJ%2B%2Ba3VtSix0jll4gpUHW38Da6m5Lk%2Ffpj9zfM3f4ayFWxWIsrmSpWpwJMduGTec4bA6jlmiYciKye2xeZNrQi0nGPKSrj%2FYDavJ5bWt6kqd911DKwHml5DHJXIbYlcl6B6DJc9O0kT%2B%2FiNRzfr%2BApMexOmrbfHtNU3ni7ZqePGoi96TIayx2S70w4lF6zTYT4POVsU%2FT5H6qbhr%2Bd%2F%2FycAAP%2F%2Fk4hbV3AEAAA%3D
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectrudderleisurelyobstinate.com
Fingerprint6D:BD:0F:3E:A0:3C:60:C5:3D:AD:6F:C8:65:B6:80:FB:00:8A:57:3E
ValidityTue, 02 Jul 2024 14:45:14 GMT - Mon, 30 Sep 2024 14:45:13 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2BrwQXFgS14MLNLLXI9L3J%2FIpdiDFGg7GpraI7ub%2Fe5Dr3vfu49%2F2YZBUsSMHNdFlXL98kDf2hKIi4sepLoZSCkHEhWTT%2FhCAu5U2Dowcu53znOxe%2Be777xW52QlrI6PHK%2B2ZbaU0vdJp%2B45VPguBiY13F2agx6nc%2F7bYvNmz%2B%2BlK36b%2FaeEfyobnQ8gPfD%2FygsaqsDM3oQk1CJfeWguaS32y3mkGnjZH9P3aZB0c9iPyEvAAlpgsPvHNQvEIcfbsi3TA1yWtvR5mmqbHIxcFH8TA2RYxoXobWQxgfnE7DuKPV%2BzDx%2FkwuTP7vIFNT4j28DxYfnIoEy%2FdmOpmGjMHEWRR5BakrKFqBm2tQ4ogAXODSBuLo1iVjC7r1lKU1OyULf%2F0JVUzJwpNziKNvlrUaNa4anaXKxA6jsIQaVVCDCkl2iHT7DFRxCJ5%2BDiV%2BI%2F5LZxFHd989%2FDFXw0Yu7RBKlLMVKFVBhRW0HIM6D1l9lIcs9JAlHiJx3OBBEPR8wanfX%2BJ8UfQk6wo%2FoL0woIHf7SPjtcox0mQMrsfgdgeJ3cFQ3ThqP4HNfoHbLOGEB5dOiffBDnJRopAEhSMoKEGhCIqUoMjLfaFdy5W3hHYZC05z6zQvlhOTDnbpvkkHMiagdgwryt3khDxfb8prP%2FoaQ3ncYLzdC3zWb1PZ8cN2W4geawWL3c5SV3a5oHCqhHJnZq%2Ferl37%2Fg4SdeQ9BKOHcPoQXL0ImgWgRQm6WWI7vp2rhJlRU3MIUyJJF5Buebv6hLw8s2k9%2FhKSPyanAW5LJLbEZ%2BoBwUBfn1wxBdm7YgpHvttIUhWpbVpbeDWlqXzmzntyqzBWrK248e03eU3U5b0PpUvXaSxUPHDk7rISQtpVY7kkP625jyW7nLnN5czGWbJ%2B%2Ba3VtSix0jll4gpUHW38Da6m5Lk%2Ffpj9zfM3f4ayFWxWIsrmSpWpwJMduGTec4bA6jlmiYciKye2xeZNrQi0nGPKSrj%2FYDavJ5bWt6kqd911DKwHml5DHJXIbYlcl6B6DJc9O0kT%2B%2FiNRzfr%2BApMexOmrbfHtNU3ni7ZqePGoi96TIayx2S70w4lF6zTYT4POVsU%2FT5H6qbhr%2Bd%2F%2FycAAP%2F%2Fk4hbV3AEAAA%3D HTTP/1.1
Host: rudderleisurelyobstinate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.vipleague.im/
Cookie: u_pl=20236717; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 17 Aug 2024 22:57:23 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 84257801b851b7bf93cd1fd7c29fce00
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET cdn.cloudimagesb.com/cti/af/1a/65/af1a655780a7b23d190c2d1a3fc29a35/1708443967.jpg

45.133.44.10

200 OK

25 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/af/1a/65/af1a655780a7b23d190c2d1a3fc29a35/1708443967.jpg
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC4:E5:6E:E8:15:37:9B:58:9E:AA:84:E9:B0:65:53:C9:88:43:C1:59
ValiditySat, 20 Jul 2024 04:00:43 GMT - Fri, 18 Oct 2024 04:00:42 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 321x240, components 3
Size
25 kB (25415 bytes)
Hash
5c05fb505ee222e71bf111076a9d90a9
b7e580b834b573b74b4ec33c7143918f85041d87
ad6b29af5e8885a3f449ccfad9ed0fc104975036388002b7d697aef4cf495081

HTTP Headers

GET /cti/af/1a/65/af1a655780a7b23d190c2d1a3fc29a35/1708443967.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.vipleague.im/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 Aug 2024 22:57:23 GMT
content-type: image/jpeg
content-length: 25415
server: nginx/1.21.6
last-modified: Tue, 20 Feb 2024 15:46:15 GMT
etag: "65d4c947-6347"
expires: Mon, 19 Aug 2024 22:57:23 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
x-cdn-host-id: ds5859
accept-ranges: bytes
X-Firefox-Spdy: h2

GET sts.kenitv.me/images/thumb/wi6ag0hux0ha60zorujo.jpeg

172.67.160.6

200 OK

19 kB

URL GET HTTP/3
sts.kenitv.me/images/thumb/wi6ag0hux0ha60zorujo.jpeg
IP
172.67.160.6:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kenitv.me/sd0embed/UFC
Certificate
IssuerGoogle Trust Services
Subjectkenitv.me
Fingerprint24:EA:F3:77:10:4C:0B:55:D4:6C:1C:86:1B:4C:3F:C2:CA:4C:FC:5F
ValidityWed, 31 Jul 2024 08:54:04 GMT - Tue, 29 Oct 2024 08:54:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components 3
Size
19 kB (18944 bytes)
Hash
893236e4872f782f9db3fc7bfc8f3ec0
5f849ceeadb39f619df4c605b42cbbc3e3b5921c
dcba38de457589ed0c0c6c34859f21280c40d4ddcc908b7db415a7a2a03eeca1

HTTP Headers

GET /images/thumb/wi6ag0hux0ha60zorujo.jpeg HTTP/1.1
Host: sts.kenitv.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kenitv.me/sd0embed/UFC
DNT: 1
Connection: keep-alive
Cookie: tamedy=1; _pshflg=~
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 17 Aug 2024 22:57:23 GMT
content-type: image/jpeg
content-length: 18944
last-modified: Sat, 17 Aug 2024 22:51:42 GMT
vary: Accept-Encoding
etag: "66c1297e-4a00"
expires: Sat, 17 Aug 2024 23:00:43 GMT
cache-control: max-age=14400, must-revalidate
cf-cache-status: HIT
age: 100
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lh%2BZbeEWb0ICpssHCoQ%2B4cYsmf6%2FZ5vD4LoySACGVEuTXas3ckwFlKGIyHRPD%2BZWsmzaYD1%2FdrIGlgDOu5pxMlmaOArxvC3LAyjVVNXmVlx%2BoVe2fv%2FA6SLn%2BHAls0YR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8b4d434adcec0afa-OSL
alt-svc: h3=":443"; ma=86400

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3c14cfb85dc9ceb923d7d3c3648719d2
10ea83f83398870f50ca771216ad77bd95aa66cc
bc868b2a34fe0c66d7a2dc1754676cc4031891c797fdd23e82d135559bd82c1b

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BC868B2A34FE0C66D7A2DC1754676CC4031891C797FDD23E82D135559BD82C1B"
Last-Modified: Thu, 15 Aug 2024 09:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5623
Expires: Sun, 18 Aug 2024 00:31:07 GMT
Date: Sat, 17 Aug 2024 22:57:24 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3c14cfb85dc9ceb923d7d3c3648719d2
10ea83f83398870f50ca771216ad77bd95aa66cc
bc868b2a34fe0c66d7a2dc1754676cc4031891c797fdd23e82d135559bd82c1b

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BC868B2A34FE0C66D7A2DC1754676CC4031891C797FDD23E82D135559BD82C1B"
Last-Modified: Thu, 15 Aug 2024 09:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5559
Expires: Sun, 18 Aug 2024 00:30:03 GMT
Date: Sat, 17 Aug 2024 22:57:24 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3c14cfb85dc9ceb923d7d3c3648719d2
10ea83f83398870f50ca771216ad77bd95aa66cc
bc868b2a34fe0c66d7a2dc1754676cc4031891c797fdd23e82d135559bd82c1b

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BC868B2A34FE0C66D7A2DC1754676CC4031891C797FDD23E82D135559BD82C1B"
Last-Modified: Thu, 15 Aug 2024 09:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5623
Expires: Sun, 18 Aug 2024 00:31:07 GMT
Date: Sat, 17 Aug 2024 22:57:24 GMT
Connection: keep-alive

GET abouhaursiki.net/5/6274587/?oo=1&aab=1

139.45.197.244

200 OK

3.9 kB

URL GET HTTP/2
abouhaursiki.net/5/6274587/?oo=1&aab=1
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://kenitv.me/sd0embed/UFC
Certificate
IssuerLet's Encrypt
Subjectabouhaursiki.net
Fingerprint89:26:88:34:DD:FC:0F:13:E6:81:0C:A7:3E:0E:5B:86:FA:4A:78:19
ValidityMon, 12 Aug 2024 11:34:06 GMT - Sun, 10 Nov 2024 11:34:05 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3915), with no line terminators
Size
3.9 kB (3911 bytes)
Hash
8ed7014b11c09274d969495a656616e8
f10acf528e7fe9b63630061b4e5d9c5d4bd865aa
8ededa96686272f136f9779b7f7eade7fb94a9479836800fd7a39baca1a301e8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6274587/?oo=1&aab=1 HTTP/1.1
Host: abouhaursiki.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kenitv.me
DNT: 1
Connection: keep-alive
Referer: https://kenitv.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:23 GMT
content-type: application/json
x-trace-id: 2fef49f02b642b7924737a6096a20f2a
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://kenitv.me
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0080bb9247d6427fe278b8f30dc324ee; expires=Sun, 17 Aug 2025 22:57:23 GMT; path=/; secure; SameSite=None
oaidts=1723935443; expires=Sun, 17 Aug 2025 22:57:23 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET it.vipleague.im/partytown/partytown.js

45.178.6.110

200 OK

2.2 kB

URL GET HTTP/3
it.vipleague.im/partytown/partytown.js
IP
45.178.6.110:443
ASN
#64122 SWISS GLOBAL SERVICES S.A.S

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectvipleague.im
FingerprintD0:C1:A4:8A:E6:22:6B:F3:64:17:A5:28:D9:A0:DA:50:1A:B6:F7:1E
ValidityMon, 01 Jul 2024 03:06:12 GMT - Sun, 29 Sep 2024 03:06:11 GMT

File type
JavaScript source, ASCII text, with very long lines (2248), with no line terminators
Size
2.2 kB (2186 bytes)
Hash
3d69d3dd233c19d38d94b850fb67122d
84b561cc95716ed8dc3a1cb312fce643804837cc
6bb72ab18fca41d97e81a6f0b854edd95ad71b3573a0b9ad3f1ecb8913d5f186

HTTP Headers

GET /partytown/partytown.js HTTP/1.1
Host: it.vipleague.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
DNT: 1
Connection: keep-alive
Cookie: _dt_vs=AAAAAhQCEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXIN
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:22 GMT
content-type: application/javascript
last-modified: Tue, 14 May 2024 01:56:36 GMT
vary: accept-encoding
etag: W/"6642c4d4-88a"
expires: Mon, 16 Sep 2024 22:57:22 GMT
cache-control: max-age=2592000, must-revalidate
content-encoding: br

GET si.castanydm.com/?utm_data=cGdlPXN0cmVhbSZsYW5nPWl0JmRvbT12cyZyZWY9JmdpZD0zMTE3MzImbG5vPTEmZ25hbWU9VUZDKzMwNSUzQStEcmljdXMrZHUrUGxlc3Npcyt2cytJc3JhZWwrQWRlc2FueWEmZ2NhdD02Jmg9MQ%3D%3D

172.67.170.56

200 OK

69 B

URL GET HTTP/2
si.castanydm.com/?utm_data=cGdlPXN0cmVhbSZsYW5nPWl0JmRvbT12cyZyZWY9JmdpZD0zMTE3MzImbG5vPTEmZ25hbWU9VUZDKzMwNSUzQStEcmljdXMrZHUrUGxlc3Npcyt2cytJc3JhZWwrQWRlc2FueWEmZ2NhdD02Jmg9MQ%3D%3D
IP
172.67.170.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerGoogle Trust Services
Subjectcastanydm.com
Fingerprint8C:C5:44:39:BE:51:CC:48:E6:97:A8:EF:EB:68:CA:43:60:91:17:66
ValidityTue, 30 Jul 2024 22:23:29 GMT - Mon, 28 Oct 2024 22:23:28 GMT

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced
Size
69 B (69 bytes)
Hash
6c7a8e573e15b784caf2c2e09712e43b
bdcee93526ab5766a6622fdbb18464871411e121
0fe6baf08e550e4c7cd40b1f8d08b0cfbd00e8c6bd78a53a1822d6216bcd73d8

HTTP Headers

GET /?utm_data=cGdlPXN0cmVhbSZsYW5nPWl0JmRvbT12cyZyZWY9JmdpZD0zMTE3MzImbG5vPTEmZ25hbWU9VUZDKzMwNSUzQStEcmljdXMrZHUrUGxlc3Npcyt2cytJc3JhZWwrQWRlc2FueWEmZ2NhdD02Jmg9MQ%3D%3D HTTP/1.1
Host: si.castanydm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.vipleague.im/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 Aug 2024 22:57:22 GMT
content-type: image/png
ser-loc-id: loc-004
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=facLxA%2FPugkR9N%2B89kNlQx4CW8K6KLrsPHHKi6L8%2B2QA0L0n0yXIhIl7W9b8KmKAa8pmAewN1mw%2FuRDq1yWTFHBQ%2BYdRe6sUAfKR79O2LZlKRRXD0M39STC8X%2BSJmwWn15Qo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b4d43440fe9b509-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET thubanoa.com/27/7552beb94fc0bdff7bbb33cad3d1ab0a

139.45.197.242

200 OK

413 kB

URL GET HTTP/2
thubanoa.com/27/7552beb94fc0bdff7bbb33cad3d1ab0a
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://kenitv.me/sd0embed/UFC
Certificate
IssuerLet's Encrypt
Subjectthubanoa.com
FingerprintD2:43:91:6F:01:A1:FD:1A:5A:53:F8:E0:2E:6F:62:7F:D1:F2:D6:BF
ValidityThu, 27 Jun 2024 00:50:47 GMT - Wed, 25 Sep 2024 00:50:46 GMT

File type
JavaScript source, ASCII text, with very long lines (65523)
Size
413 kB (413423 bytes)
Hash
297cc248309ba835cf13a1f82fd3f938
1e6f51ce257a0ee53e25280dd44092ed33339847
b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27/7552beb94fc0bdff7bbb33cad3d1ab0a HTTP/1.1
Host: thubanoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kenitv.me/
Cookie: scm=1; OAID=0400bb1bda354e45e9755905a83f6b3b; oaidts=1723935443
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:23 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: a1c548ed8bf752a5c9ecf2501c349ec1
cache-control: max-age:290304000, public
last-modified: Thu, 18 Apr 2024 06:29:14 GMT
expires: Thu, 18 May 2084 06:29:14 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

GET vi.castanydm.com/?utm_data=dj11ZmMxaGR%2BdWZjMXNkJmQ9ZGVza3RvcCZ1PXZpcGxlYWd1ZS5pbSZ1cmw9aHR0cHMlM0ElMkYlMkZrZW5pdHYubWUlMkZzZDBlbWJlZCUyRlVGQyZoPTE%3D

172.67.170.56

200 OK

69 B

URL GET HTTP/3
vi.castanydm.com/?utm_data=dj11ZmMxaGR%2BdWZjMXNkJmQ9ZGVza3RvcCZ1PXZpcGxlYWd1ZS5pbSZ1cmw9aHR0cHMlM0ElMkYlMkZrZW5pdHYubWUlMkZzZDBlbWJlZCUyRlVGQyZoPTE%3D
IP
172.67.170.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kenitv.me/sd0embed/UFC
Certificate
IssuerGoogle Trust Services
Subjectcastanydm.com
Fingerprint8C:C5:44:39:BE:51:CC:48:E6:97:A8:EF:EB:68:CA:43:60:91:17:66
ValidityTue, 30 Jul 2024 22:23:29 GMT - Mon, 28 Oct 2024 22:23:28 GMT

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced
Size
69 B (69 bytes)
Hash
6c7a8e573e15b784caf2c2e09712e43b
bdcee93526ab5766a6622fdbb18464871411e121
0fe6baf08e550e4c7cd40b1f8d08b0cfbd00e8c6bd78a53a1822d6216bcd73d8

HTTP Headers

GET /?utm_data=dj11ZmMxaGR%2BdWZjMXNkJmQ9ZGVza3RvcCZ1PXZpcGxlYWd1ZS5pbSZ1cmw9aHR0cHMlM0ElMkYlMkZrZW5pdHYubWUlMkZzZDBlbWJlZCUyRlVGQyZoPTE%3D HTTP/1.1
Host: vi.castanydm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kenitv.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 17 Aug 2024 22:57:23 GMT
content-type: image/png
ser-loc-id: loc-004
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xg%2BOrAphCdORe%2FG7Z8EzmS%2FteEl6FOzQy9lq1DhFJJrdPXcR0pQM4FdroedykK7dNv4vKUmekuQq0vkefkpwAEQY1IptSowWl9XxLN6QIBecTFlij0pBX5avz%2BJCNUKQjEEv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b4d4348dc2a56c3-OSL
alt-svc: h3=":443"; ma=86400

GET my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint4B:EF:80:EB:90:B5:8C:01:82:25:B6:92:59:BE:A9:6A:C7:83:75:8E
ValidityFri, 05 Jul 2024 22:30:11 GMT - Thu, 03 Oct 2024 22:30:10 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
a06c3708918b162be2b83396c8f6a35f
a4429f8eb73d4d0307a481aabed7baf5ddfaa9b5
3a1963c7a6eea6abc1131c1b86d8af6b3ff9c7d8f34d3d52f1bed39c605acb38

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://it.vipleague.im
DNT: 1
Connection: keep-alive
Referer: https://it.vipleague.im/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:23 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://it.vipleague.im
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0800bb8cc2a4478cfaaf992ac8738736; expires=Sun, 17 Aug 2025 22:57:23 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET abouhaursiki.net/tag.min.js

139.45.197.244

200 OK

69 kB

URL GET HTTP/2
abouhaursiki.net/tag.min.js
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://kenitv.me/sd0embed/UFC
Certificate
IssuerLet's Encrypt
Subjectabouhaursiki.net
Fingerprint89:26:88:34:DD:FC:0F:13:E6:81:0C:A7:3E:0E:5B:86:FA:4A:78:19
ValidityMon, 12 Aug 2024 11:34:06 GMT - Sun, 10 Nov 2024 11:34:05 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
69 kB (69115 bytes)
Hash
9942ce6c1d8706c77a19aaeee3de99a4
2a63c101e8bb8682de5f65886449ca934d2210fe
4ea15f8dc6be1c745823ce514c8de271a2a5da4d79edb5a40ec41d509de3ca46

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: abouhaursiki.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kenitv.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 26417
content-encoding: br
x-trace-id: 1fb927a31d1fa585193a22b9f7d6a8e3
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 16 Aug 2024 11:50:37 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

216.58.207.227

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintF2:15:54:4E:F3:58:7F:5A:14:9D:F2:45:37:0E:B1:A6:48:C6:2B:14
ValidityTue, 30 Jul 2024 12:49:30 GMT - Tue, 22 Oct 2024 12:49:29 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14892, version 1.0
Size
15 kB (14892 bytes)
Hash
9ec6deaf6bada919e20b98f9f7b718b1
501d36403ad8205e4644532600019ecb10f5cb0a
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

HTTP Headers

GET /s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://it.vipleague.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14892
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Aug 2024 03:00:26 GMT
expires: Sun, 17 Aug 2025 03:00:26 GMT
cache-control: public, max-age=31536000
age: 71816
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET psauthowups.net/5/6274610/?abt_opts=1&oo=1&aab=1&js_build=iclick-1.893.0&userId=0800bb8cc2a4478cfaaf992ac8738736

139.45.197.242

200 OK

4.2 kB

URL GET HTTP/2
psauthowups.net/5/6274610/?abt_opts=1&oo=1&aab=1&js_build=iclick-1.893.0&userId=0800bb8cc2a4478cfaaf992ac8738736
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectpsauthowups.net
FingerprintAC:11:34:64:3B:C2:D4:3B:36:CE:8C:D4:C7:FA:3E:E4:26:CE:05:0B
ValidityFri, 09 Aug 2024 16:59:12 GMT - Thu, 07 Nov 2024 16:59:11 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (4159), with no line terminators
Size
4.2 kB (4155 bytes)
Hash
1f773ba92d1007ae857fefaf952ee3f0
8086a3cfb84112f3d3914553432288f306ee02ed
5bb7525bd60a34e2be56226757a3a380d69b1598b0ffc63472d7499abcdd487d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6274610/?abt_opts=1&oo=1&aab=1&js_build=iclick-1.893.0&userId=0800bb8cc2a4478cfaaf992ac8738736 HTTP/1.1
Host: psauthowups.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://it.vipleague.im
DNT: 1
Connection: keep-alive
Referer: https://it.vipleague.im/
Cookie: OAID=0080bb72f6bd4fa2e19dd6bbf050db9c; oaidts=1723935442
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:23 GMT
content-type: application/json
x-trace-id: 9bbe0b819831bc9d9a2ca033dad44389
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://it.vipleague.im
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0800bb8cc2a4478cfaaf992ac8738736; expires=Sun, 17 Aug 2025 22:57:23 GMT; path=/; secure; SameSite=None
oaidts=1723935443; expires=Sun, 17 Aug 2025 22:57:23 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 24 Aug 2024 22:57:23 GMT; path=/; secure; SameSite=None
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET sts.kenitv.me/scripts/player/8.30.1/jwplayer.min.js

172.67.160.6

200 OK

109 kB

URL GET HTTP/3
sts.kenitv.me/scripts/player/8.30.1/jwplayer.min.js
IP
172.67.160.6:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kenitv.me/sd0embed/UFC
Certificate
IssuerGoogle Trust Services
Subjectkenitv.me
Fingerprint24:EA:F3:77:10:4C:0B:55:D4:6C:1C:86:1B:4C:3F:C2:CA:4C:FC:5F
ValidityWed, 31 Jul 2024 08:54:04 GMT - Tue, 29 Oct 2024 08:54:03 GMT

File type

Size
109 kB (109044 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /scripts/player/8.30.1/jwplayer.min.js HTTP/1.1
Host: sts.kenitv.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kenitv.me/
Cookie: tamedy=1; _pshflg=~
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 17 Aug 2024 22:57:22 GMT
content-type: application/javascript
last-modified: Fri, 15 Dec 2023 16:11:23 GMT
vary: Accept-Encoding
etag: W/"657c7aab-1a9f4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, must-revalidate
cf-cache-status: HIT
age: 1513258
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h1IyzqarWzHC5796I2meWO1uG1IZJWs5XgyJj0VSeqBYJgxLAHBI53SGY7tAXLxbH%2FTBoVr813%2BIJAlKVfJu5fNhCu4DQWh7xZV58UbfsyJEhLeI0uBNqDS9de7prHlh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8b4d4346aae20afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET it.vipleague.im/fav/favicon-32x32.png

45.178.6.110

200 OK

1.7 kB

URL GET HTTP/3
it.vipleague.im/fav/favicon-32x32.png
IP
45.178.6.110:443
ASN
#64122 SWISS GLOBAL SERVICES S.A.S

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectvipleague.im
FingerprintD0:C1:A4:8A:E6:22:6B:F3:64:17:A5:28:D9:A0:DA:50:1A:B6:F7:1E
ValidityMon, 01 Jul 2024 03:06:12 GMT - Sun, 29 Sep 2024 03:06:11 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
1.7 kB (1694 bytes)
Hash
e4523d2122ad341781879356d0d1a181
96762d7154ada8b84997abc9ee1737ec110a1da6
20c4dbe39720567c97caed056b0964230d5a8685d7ba893a34fe1d2dc27c6ca3

HTTP Headers

GET /fav/favicon-32x32.png HTTP/1.1
Host: it.vipleague.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
DNT: 1
Connection: keep-alive
Cookie: _dt_vs=AAAAAhQCEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXIN; dom3ic8zudi28v8lr6fgphwffqoz0j6c=e580c763-6220-4f74-8119-57e0d838c79c%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:23 GMT
content-type: image/png
content-length: 1694
last-modified: Tue, 12 Oct 2021 09:23:25 GMT
vary: accept-encoding
etag: "6165540d-69e"
expires: Mon, 16 Sep 2024 22:57:23 GMT
cache-control: max-age=2592000, public
accept-ranges: bytes

GET psauthowups.net/tag.min.js

139.45.197.242

200 OK

69 kB

URL GET HTTP/2
psauthowups.net/tag.min.js
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://it.vipleague.im/mma/ufc-305-dricus-du-plessis-vs-israel-adesanya-streaming
Certificate
IssuerLet's Encrypt
Subjectpsauthowups.net
FingerprintAC:11:34:64:3B:C2:D4:3B:36:CE:8C:D4:C7:FA:3E:E4:26:CE:05:0B
ValidityFri, 09 Aug 2024 16:59:12 GMT - Thu, 07 Nov 2024 16:59:11 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
69 kB (69115 bytes)
Hash
9942ce6c1d8706c77a19aaeee3de99a4
2a63c101e8bb8682de5f65886449ca934d2210fe
4ea15f8dc6be1c745823ce514c8de271a2a5da4d79edb5a40ec41d509de3ca46

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: psauthowups.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.vipleague.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 Aug 2024 22:57:22 GMT
content-type: text/javascript; charset=utf-8
content-length: 26417
content-encoding: br
x-trace-id: e9a00414d66f301f44a6b35c359c10b5
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 16 Aug 2024 11:50:37 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash