Report - 1hd.sh

Report Overview

Visited public
2025-04-06 02:56:26
Tags
URL
1hd.sh
Finishing URL
1hd.sh/
IP / ASN
172.67.140.43
#13335 CLOUDFLARENET
Title
1HD | Watch Free Movies online

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-04-02	3.7 kB	641 kB	104.17.25.14
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2025-04-02	454 B	142 kB	104.18.10.207
masterlist.tv	unknown	unknown	2024-02-10	2025-04-03	436 B	18 kB	104.21.16.153
1hd.sh	unknown	2023-08-24	2023-09-12	2025-04-03	3.3 kB	188 kB	104.21.70.229
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-04-02	992 B	15 kB	142.250.74.10
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-04-02	2.2 kB	245 kB	142.250.74.35
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-04-02	1.6 kB	379 kB	142.250.178.104
pl26287075.effectiveratecpm.com	unknown	2025-02-07	2025-04-04	2025-04-04	455 B	618 B	172.240.108.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-05	medium	effectiveratecpm.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	From	Size	First Seen	Last Seen
	1hd.sh/	ScriptElement	153 B	2024-08-19	2025-05-08
Pretty URL 1hd.sh/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 13:10 Last Seen2025-05-08 10:15 Times Seen8 Hash 2964c0a51cd59d0c5197839f28dce36b 3acac78da03660430f8dff512ae9babdb2cd7b33 25276aae750e8d5182bb6c02525ac4b20f940406fd4b06c276287c0c6f38970c Loading...

	1hd.sh/assets/js/custom.js	ScriptElement	19 kB	2024-07-13	2025-05-08
Pretty URL 1hd.sh/assets/js/custom.js IP 104.21.70.229 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-13 04:40 Last Seen2025-05-08 10:15 Times Seen9 Hash 28c98063fb6f44b912a27435a44b503c ee3b6f1a16e33a2e63a2671d9066690eff8c5fda 831cfbe8ed41066900f00d7b869f5a952b61e3c4c9a6a8d7fb7f66cb857f8861 Loading...

	cdnjs.cloudflare.com/ajax/libs/Swiper/5.4.4/js/swiper.min.js	ScriptElement	141 kB	2023-04-18	2025-05-08
Pretty URL cdnjs.cloudflare.com/ajax/libs/Swiper/5.4.4/js/swiper.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-18 10:35 Last Seen2025-05-08 10:15 Times Seen677 Hash cf2fe63069b52d6a5bc1bccdb2626273 c1a56d0735470b2ab51e4dda017eefc281cbd7ce 636ee53e0454d4eff633ac3467f3540087e0ed55f4db06c2ef5f4662302b6329 Loading...

	1hd.sh/assets/js/lights.js?v=3	ScriptElement	5.6 kB	2023-03-07	2025-05-08
Pretty URL 1hd.sh/assets/js/lights.js?v=3 IP 104.21.70.229 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:13 Last Seen2025-05-08 10:15 Times Seen60 Hash 3c0668bf818160d6c0d8cf81703f2daa 2890f10417ebce711ed58ee8aa5cbc8b5df2f1d3 d3ee876cbd3740b000bd768cdf6aa1b3f4a9e40bee461c97f8d01ed90e5304e1 Loading...

	1hd.sh/	ScriptElement	38 B	2024-08-19	2025-05-08
Pretty URL 1hd.sh/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 13:10 Last Seen2025-05-08 10:15 Times Seen8 Hash 441ac630cdff5f38c83824e49b0132dd f8c6e4b5b8f8d7b7f7fd7d3faf0eb58e784eb8bb 2164b23dc2f5db3da31557be2391f411f8d4615af469f860f6303470560e1540 Loading...

	1hd.sh/assets/js/sweetalert.js	ScriptElement	17 kB	2023-03-07	2025-05-09
Pretty URL 1hd.sh/assets/js/sweetalert.js IP 104.21.70.229 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15 Last Seen2025-05-09 04:45 Times Seen1757 Hash 0068f44b0aa1b83fa7679860ceb26590 20d5cdb9d2002442843baab241f2e883563d1de5 7a056fc64aba501090c8acd106b0c7bbc9a267914e695ae34aa42a6ae2a094a7 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/1.12.3/jquery.min.js	ScriptElement	97 kB	2023-03-07	2025-05-09
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/1.12.3/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29 Last Seen2025-05-09 02:48 Times Seen1288 Hash c07f2267a050732b752cc3e7a06850ac 220dad6750fba4898e10b8d9b78ca46f4f774544 69a3831c082fc105b56c53865cc797fa90b83d920fb2f9f6875b00ad83a18174 Loading...

	www.googletagmanager.com/gtag/js?id=G-V45H598T28	ScriptElement	378 kB	2025-04-06	2025-04-06
Pretty URL www.googletagmanager.com/gtag/js?id=G-V45H598T28 IP 142.250.178.104 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-06 02:56 Last Seen2025-04-06 02:56 Times Seen1 Hash 116ec64459e38f6f543b864b6483bf61 2226945d260b525827a6329b224033d13aecabe4 7226d780f5f75c64ad4b222bc7acf7c3863e002ce233c5b50d7157133e04c5f8 Loading...

	cdnjs.cloudflare.com/ajax/libs/tooltipster/4.0.0/js/tooltipster.bundle.min.js	ScriptElement	39 kB	2023-05-07	2025-05-08
Pretty URL cdnjs.cloudflare.com/ajax/libs/tooltipster/4.0.0/js/tooltipster.bundle.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-07 20:25 Last Seen2025-05-08 10:15 Times Seen600 Hash 150195cfb0977fbf7ca16de64ab19baa f310c457edb13f6affd5b9e90f44a1d9044489b5 aebd88d78695843b04af0fd0575a081795c46a3d940d48579781bab1327c4d91 Loading...

	cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.1/js/bootstrap.bundle.min.js	ScriptElement	83 kB	2023-03-07	2025-05-08
Pretty URL cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.1/js/bootstrap.bundle.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10 Last Seen2025-05-08 22:26 Times Seen1903 Hash 90146f01d8a2028ed6f2c3d2fba4ac9b 0363cb58b7a7b60ef7fbf82b8bceb6305232501a 7e02c082fedfc821a8a51fe004dab6896dd928876a21ccac8675142c2e2f7b1f Loading...

HTTP Transactions (26)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/tooltipster/4.0.0/css/tooltipster.bundle.min.css

104.17.25.14

200 OK

6.5 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/tooltipster/4.0.0/css/tooltipster.bundle.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
ASCII text, with very long lines (6495), with no line terminators
Size
6.5 kB (6495 bytes)
Hash
b15ef24270546e5fe896d3ea387ea134
63910103e8cc5e4bdeb2c289cfbf41f89966ea5b
41ce2509fa9959868717986010e16b6334885fd46bc64d0d3c745a73ed3c41e4

HTTP Headers

GET /ajax/libs/tooltipster/4.0.0/css/tooltipster.bundle.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 06 Apr 2025 02:56:03 GMT
content-type: text/css; charset=utf-8
content-length: 932
cf-ray: 92be02886acf56c3-OSL
server: cloudflare
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f559a80-195f"
last-modified: Mon, 07 Sep 2020 02:27:12 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 186625
expires: Fri, 27 Mar 2026 02:56:03 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OvSpvLBIuE0aG95XDbLgbv%2BdMDBpCGU4zeloispXWRXC80GYUnaCWiLgTbYZDNfWEbwmrR%2FfXsQDAdDh4xSSdXmflgWwhSJaAHhKeDHfmpVcTBjflN9qefRp7wskIdfP90wsUBb2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css

104.18.10.207

200 OK

141 kB

URL GET
maxcdn.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint90:B1:98:4A:7E:D6:37:CF:9B:DC:7D:67:82:58:17:6C:F7:F6:11:DE
ValiditySun, 16 Mar 2025 01:14:49 GMT - Sat, 14 Jun 2025 02:14:23 GMT

File type
ASCII text, with very long lines (65324)
Size
141 kB (140936 bytes)
Hash
04aca1f4cd3ec3c05a75a879f3be75a3
675fcf28f9fbf37139d3b2c0b676f96f601a4203
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11

HTTP Headers

GET /bootstrap/4.1.3/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 06 Apr 2025 02:56:04 GMT
content-type: text/css; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: W/"04aca1f4cd3ec3c05a75a879f3be75a3"
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 03/18/2024 12:28:12
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 752
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 702e145dd070a28ef381a81e33a0aeab
cdn-cache: HIT
cf-cache-status: HIT
age: 1905833
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 92be0288fe90b4ed-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

masterlist.tv/images/banner2.png?v=5

104.21.16.153

200 OK

17 kB

URL GET
masterlist.tv/images/banner2.png?v=5
IP
104.21.16.153:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subjectmasterlist.tv
FingerprintA4:66:E7:3F:8D:47:FC:FF:77:BB:51:B0:29:04:B7:D2:7C:DA:30:AB
ValidityFri, 07 Feb 2025 20:46:43 GMT - Thu, 08 May 2025 21:41:57 GMT

File type
PNG image data, 720 x 90, 8-bit/color RGB, non-interlaced
Size
17 kB (17086 bytes)
Hash
1731c9863012f339615d16002661d0e6
c11b368205419d231c9b3d0418fb7f5ec82b8d5d
f7ff97c1d66f0439acb08036b23ede3e1747dae0319feaae1f56386f75af69a7

HTTP Headers

GET /images/banner2.png?v=5 HTTP/1.1
Host: masterlist.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 06 Apr 2025 02:56:03 GMT
content-type: image/png
content-length: 17086
last-modified: Sat, 28 Sep 2024 09:47:54 GMT
etag: "66f7d0ca-42be"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 6673
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jvS4NynondUG1N1ix1PRJwsNGxhfjFxcnCznLkqRzoVS8HyamJ%2BJSBw%2FVtx06E0Zj2g%2BRqHRdFo33awS6Paq5SWtpIJoXaG5aXrMEUKF%2Bksn0OJJyfg4IMvUaAJe2xgH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92be0288df78b4fa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=519&min_rtt=480&rtt_var=97&sent=6&recv=10&lost=0&retrans=0&sent_bytes=3206&recv_bytes=1051&delivery_rate=7276381&cwnd=252&unsent_bytes=0&cid=485849bb2a0d5fa6&ts=166&x=0"
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/tooltipster/4.0.0/js/tooltipster.bundle.min.js

104.17.25.14

200 OK

39 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/tooltipster/4.0.0/js/tooltipster.bundle.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (32107)
Size
39 kB (39220 bytes)
Hash
150195cfb0977fbf7ca16de64ab19baa
f310c457edb13f6affd5b9e90f44a1d9044489b5
aebd88d78695843b04af0fd0575a081795c46a3d940d48579781bab1327c4d91

HTTP Headers

GET /ajax/libs/tooltipster/4.0.0/js/tooltipster.bundle.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 06 Apr 2025 02:56:04 GMT
content-type: application/javascript; charset=utf-8
content-length: 8881
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f559a80-9934"
last-modified: Mon, 07 Sep 2020 02:27:12 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 107987
expires: Fri, 27 Mar 2026 02:56:04 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NnVBypk50PZzAf%2FNhzSrE7bRyf5scP9JSBlJ3urOmv%2Fx429RlF4skOhyGYllSu9I1K54qK61ii%2FREuyCumusKBy4m4NHy%2F4abjaReri737AKEgLGBb7bQLGl5OMVPiLk%2BkrO%2BABl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 92be02894afb56c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1hd.sh/assets/js/custom.js

104.21.70.229

200 OK

19 kB

URL GET
1hd.sh/assets/js/custom.js
IP
104.21.70.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subject1hd.sh
FingerprintC6:FB:2F:5E:75:EE:E8:75:76:81:51:72:CD:4F:07:FB:2F:6B:3B:D0
ValidityMon, 24 Feb 2025 08:48:37 GMT - Sun, 25 May 2025 09:47:12 GMT

File type
JavaScript source, ASCII text, with very long lines (19072), with no line terminators
Size
19 kB (19072 bytes)
Hash
28c98063fb6f44b912a27435a44b503c
ee3b6f1a16e33a2e63a2671d9066690eff8c5fda
831cfbe8ed41066900f00d7b869f5a952b61e3c4c9a6a8d7fb7f66cb857f8861

HTTP Headers

GET /assets/js/custom.js HTTP/1.1
Host: 1hd.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Cookie: PHPSESSID=9llfvjlf2j9dm0d98frkl6n9fn
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 06 Apr 2025 02:56:03 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CClygjEpOC6%2Be2dj5GvJDNMJhtTnhb3zWfwFJFgt1SKs92Hh50q10LwevbUFaul4NlPYTCZm2nwrwai3LtxH7HuczX6jDccz%2BcB3%2F9QhmMY1if3PRu3jVL8%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Mon, 11 Dec 2023 10:40:33 GMT
etag: W/"6576e721-4a80"
x-powered-by: PleskLin
age: 2169
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 92be02878b5856a4-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17866&min_rtt=4561&rtt_var=8123&sent=87&recv=102&lost=0&retrans=0&sent_bytes=7777&recv_bytes=6344&delivery_rate=2173&cwnd=12000&unsent_bytes=0&cid=01e36932399c8bb8&ts=778&x=16"

fonts.googleapis.com/css2?family=Pathway+Extreme:opsz,wght@8..144,300;8..144,400;8..144,500;8..144,600;8..144,700&display=swap

142.250.74.10

200 OK

7.1 kB

URL GET
fonts.googleapis.com/css2?family=Pathway+Extreme:opsz,wght@8..144,300;8..144,400;8..144,500;8..144,600;8..144,700&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint3C:2E:67:30:A6:95:F3:D3:61:49:AB:AC:BC:D1:CF:77:3E:33:8F:B7
ValidityThu, 20 Mar 2025 11:19:46 GMT - Thu, 12 Jun 2025 11:19:45 GMT

File type
ASCII text, with very long lines (7265), with no line terminators
Size
7.1 kB (7115 bytes)
Hash
c224bc6f58023476e06d7fc117d2013b
855b8ebe5089a41f0b6d698a6ec8b9c3825906dc
ac866163dce70c62457cea26cbfa295ada4ccf8c52d7c297edf4f63704aadf7f

HTTP Headers

GET /css2?family=Pathway+Extreme:opsz,wght@8..144,300;8..144,400;8..144,500;8..144,600;8..144,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 06 Apr 2025 02:56:04 GMT
date: Sun, 06 Apr 2025 02:56:04 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2

142.250.74.35

200 OK

60 kB

URL GET
fonts.gstatic.com/s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 60384, version 1.0
Size
60 kB (60384 bytes)
Hash
3dab586cabfeaa291a506459b98fa3e7
31fdfb6cf6ea77b01e5d6a4e2f271c479a260a3c
20cc723814ee90c35309d8ca98dc2133007ad86cfebe0719babf021edc840a55

HTTP Headers

GET /s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1hd.sh
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 60384
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Apr 2025 09:51:01 GMT
expires: Fri, 03 Apr 2026 09:51:01 GMT
cache-control: public, max-age=31536000
age: 234304
last-modified: Thu, 20 Apr 2023 13:35:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1hd.sh/images/logo.png

104.21.70.229

200 OK

35 kB

URL GET
1hd.sh/images/logo.png
IP
104.21.70.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subject1hd.sh
FingerprintC6:FB:2F:5E:75:EE:E8:75:76:81:51:72:CD:4F:07:FB:2F:6B:3B:D0
ValidityMon, 24 Feb 2025 08:48:37 GMT - Sun, 25 May 2025 09:47:12 GMT

File type
PNG image data, 400 x 122, 8-bit/color RGBA, interlaced
Size
35 kB (35135 bytes)
Hash
f1f909ebf4aa5d74fcd3f8cbe28c2bb1
c3a6ada7410491dc7171ecd5ac8a8cbcc1f385bb
62ba338377bfa2b737a4134c8bb1917a4b53e378832eb04433c32deb71cd984f

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: 1hd.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Cookie: PHPSESSID=9llfvjlf2j9dm0d98frkl6n9fn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 06 Apr 2025 02:56:03 GMT
content-type: image/png
content-length: 35135
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zPlv9PEk8KGEVjmEJ%2FK1fRwJia9E0TOqBl8xzWnJRHzkiMtl0j3BrefkMaURvhwuZLm0RvUSGAkE7diLk%2Fj24f1V6%2BhYj9CCSHbX1ven54Q6iwlkm41XxAQ%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 12 Sep 2023 08:58:22 GMT
etag: "6500282e-893f"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2170
accept-ranges: bytes
cf-ray: 92be02876b5556a4-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17866&min_rtt=4561&rtt_var=8123&sent=87&recv=102&lost=0&retrans=0&sent_bytes=7777&recv_bytes=6344&delivery_rate=2173&cwnd=12000&unsent_bytes=0&cid=01e36932399c8bb8&ts=763&x=16"

1hd.sh/assets/js/lights.js?v=3

104.21.70.229

200 OK

5.6 kB

URL GET
1hd.sh/assets/js/lights.js?v=3
IP
104.21.70.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subject1hd.sh
FingerprintC6:FB:2F:5E:75:EE:E8:75:76:81:51:72:CD:4F:07:FB:2F:6B:3B:D0
ValidityMon, 24 Feb 2025 08:48:37 GMT - Sun, 25 May 2025 09:47:12 GMT

File type
JavaScript source, ASCII text, with very long lines (6797), with no line terminators
Size
5.6 kB (5588 bytes)
Hash
5a19f3cda99665f1f063c99f5cb140d7
f7aeb1dfccd8407f4810dce080242cfe02a9183a
a21296a60ae4446230d3fe29ab654c82d06a40911c07c7d178e5bcd5045a3b8d

HTTP Headers

GET /assets/js/lights.js?v=3 HTTP/1.1
Host: 1hd.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Cookie: PHPSESSID=9llfvjlf2j9dm0d98frkl6n9fn
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 06 Apr 2025 02:56:03 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nl0DL4X9KaVDhaYo3BX%2BZIgTKRkSGzSwGGyYR6jG4DL0itO%2BIcrMtsYcV8XIK5x5ewLMXNpHgo6KYHvRm9fAkbrcem9cwX8Evwi86k1FnYNOBJ%2BSgrm285g%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 11 Jan 2023 03:34:24 GMT
etag: W/"63be2e40-15d4"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2170
content-encoding: br
cf-ray: 92be02878b5756a4-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17866&min_rtt=4561&rtt_var=8123&sent=87&recv=102&lost=0&retrans=0&sent_bytes=7777&recv_bytes=6344&delivery_rate=2173&cwnd=12000&unsent_bytes=0&cid=01e36932399c8bb8&ts=777&x=16"

1hd.sh/images/favicon.png?v=13

104.21.70.229

200 OK

14 kB

URL GET
1hd.sh/images/favicon.png?v=13
IP
104.21.70.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subject1hd.sh
FingerprintC6:FB:2F:5E:75:EE:E8:75:76:81:51:72:CD:4F:07:FB:2F:6B:3B:D0
ValidityMon, 24 Feb 2025 08:48:37 GMT - Sun, 25 May 2025 09:47:12 GMT

File type
PNG image data, 100 x 100, 8-bit/color RGBA, interlaced
Size
14 kB (14514 bytes)
Hash
fd943465a16f5ec11e4e18b0f3ae445f
999a252495cdfbb1473f255ac9623fd6729835ef
3cf5f0a0645c4d0effb7f55f632dad1d6c626af70a7ca6bcdb872dcdee66d446

HTTP Headers

GET /images/favicon.png?v=13 HTTP/1.1
Host: 1hd.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Cookie: PHPSESSID=9llfvjlf2j9dm0d98frkl6n9fn; _ga_V45H598T28=GS1.1.1743908165.1.0.1743908165.0.0.0; _ga=GA1.1.1038710925.1743908166
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 06 Apr 2025 02:56:06 GMT
content-type: image/png
content-length: 14514
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jNJ1HZWVe4dXI%2BelX0zxhNXIzmtm4yi3epka6%2FSuoluJr5SwjRjcRLLLJXzEtxhRIPIujsT4YGeG46yqjDo1jbglLnSVUzRwYIvRz7ygkCpyql8%2BnGrahwA%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 12 Sep 2023 08:58:19 GMT
etag: "6500282b-38b2"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2172
accept-ranges: bytes
cf-ray: 92be02983b7456a4-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17866&min_rtt=4561&rtt_var=8123&sent=87&recv=102&lost=0&retrans=0&sent_bytes=7777&recv_bytes=6344&delivery_rate=2173&cwnd=12000&unsent_bytes=0&cid=01e36932399c8bb8&ts=3443&x=16"

1hd.sh/assets/css/sweetalert.css

104.21.70.229

200 OK

15 kB

URL GET
1hd.sh/assets/css/sweetalert.css
IP
104.21.70.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subject1hd.sh
FingerprintC6:FB:2F:5E:75:EE:E8:75:76:81:51:72:CD:4F:07:FB:2F:6B:3B:D0
ValidityMon, 24 Feb 2025 08:48:37 GMT - Sun, 25 May 2025 09:47:12 GMT

File type
ASCII text, with very long lines (12616), with CRLF line terminators
Size
15 kB (15303 bytes)
Hash
8c8a9a2a618582e621499ae884a3d7c4
71aa7d1105318554f11033e004888cd1943fcf51
ebd7eef3117c94ff9a0244240540d26596cc4940e8d29f703595dca12d40c9c6

HTTP Headers

GET /assets/css/sweetalert.css HTTP/1.1
Host: 1hd.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Cookie: PHPSESSID=9llfvjlf2j9dm0d98frkl6n9fn
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 06 Apr 2025 02:56:03 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wLZRrQrmhM0Iu1UKzT4W9lExoOGKQTuMV4YOWblta%2BxCVCmFvP1vYcgXdiKwuERItwRlpqGClb1W1pyG7X3X%2BwuMRzmBcxpLR9slea9DMxXek5F70V0fNwU%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sun, 25 Dec 2022 04:47:31 GMT
etag: W/"63a7d5e3-3bc7"
x-powered-by: PleskLin
age: 2170
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 92be0286eb5256a4-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17866&min_rtt=4561&rtt_var=8123&sent=87&recv=102&lost=0&retrans=0&sent_bytes=7777&recv_bytes=6344&delivery_rate=2173&cwnd=12000&unsent_bytes=0&cid=01e36932399c8bb8&ts=685&x=16"

cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.1/js/bootstrap.bundle.min.js

104.17.25.14

200 OK

83 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.1/js/bootstrap.bundle.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
83 kB (83253 bytes)
Hash
90146f01d8a2028ed6f2c3d2fba4ac9b
0363cb58b7a7b60ef7fbf82b8bceb6305232501a
7e02c082fedfc821a8a51fe004dab6896dd928876a21ccac8675142c2e2f7b1f

HTTP Headers

GET /ajax/libs/twitter-bootstrap/4.6.1/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 06 Apr 2025 02:56:04 GMT
content-type: application/javascript; charset=utf-8
content-length: 19418
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "617ac9de-4bda"
last-modified: Thu, 28 Oct 2021 16:03:42 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 106051
expires: Fri, 27 Mar 2026 02:56:04 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FbfhJoOp1BRSzwU%2FAnZXtSEdXUhRjIlJ%2FXy6mKsppaRdJuoxeG6rmCLEgAPa4ADs%2FjgxMtxHJjZE5hqWDZaFKhNMOyWtmZAvh%2B8wPJPr6%2F7ZrnWqRPEdXXB4dNN6q7jPqTvX8zn3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 92be02895aff56c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/Swiper/5.4.4/css/swiper.min.css

104.17.25.14

200 OK

14 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/Swiper/5.4.4/css/swiper.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
ASCII text, with very long lines (13425)
Size
14 kB (13677 bytes)
Hash
773d8f074cf687b5607c41a7e5e3c3ef
0456b77b6ebd7c1af268f611923fea64d5a1770f
3f607be9c8cccb04ff271240354b48285f25377662bb326bad8930ac2903a2b9

HTTP Headers

GET /ajax/libs/Swiper/5.4.4/css/swiper.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 06 Apr 2025 02:56:03 GMT
content-type: text/css; charset=utf-8
content-length: 3569
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ee8d6b2-356d"
last-modified: Tue, 16 Jun 2020 14:26:58 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 282054
expires: Fri, 27 Mar 2026 02:56:03 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MeJkF3d7crlYUojn6AckzHG0Sm9tfAIGnvgLgBJZw2Z%2Fl8gJ3xTYSOEkwD6Vo5KXHw0RZN8VTrnMT37nMbxkSip6qR%2FfdiDp2qDPeN926NcTW%2BZFQzMrNe4Lee%2B3BmfdHbB3elNd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 92be02887ad556c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-V45H598T28

142.250.178.104

200 OK

378 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-V45H598T28
IP
142.250.178.104:443
ASN
#15169 GOOGLE

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint88:85:26:A3:0A:0B:44:C6:92:DD:7B:0B:D1:14:38:BA:26:B9:EF:D9
ValidityThu, 20 Mar 2025 11:18:39 GMT - Thu, 12 Jun 2025 11:18:38 GMT

File type
JavaScript source, ASCII text, with very long lines (6129)
Size
378 kB (377468 bytes)
Hash
116ec64459e38f6f543b864b6483bf61
2226945d260b525827a6329b224033d13aecabe4
7226d780f5f75c64ad4b222bc7acf7c3863e002ce233c5b50d7157133e04c5f8

HTTP Headers

GET /gtag/js?id=G-V45H598T28 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 06 Apr 2025 02:56:04 GMT
expires: Sun, 06 Apr 2025 02:56:04 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
server: Google Tag Manager
content-length: 126016
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/1.12.3/jquery.min.js

104.17.25.14

200 OK

97 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/jquery/1.12.3/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (32029)
Size
97 kB (97180 bytes)
Hash
c07f2267a050732b752cc3e7a06850ac
220dad6750fba4898e10b8d9b78ca46f4f774544
69a3831c082fc105b56c53865cc797fa90b83d920fb2f9f6875b00ad83a18174

HTTP Headers

GET /ajax/libs/jquery/1.12.3/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 06 Apr 2025 02:56:04 GMT
content-type: application/javascript; charset=utf-8
content-length: 30308
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-17b9c"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 956945
expires: Fri, 27 Mar 2026 02:56:04 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lpcs7TQapNXvKoSVN%2B0d%2FfgiWkXcLXjREPWweJse980uE8H7h2khuuZO4J58hdVuRKvMkCOuvsfEQaoegsm5rG68PzSANEUGvcLeFJtyMSUiNoLFezN35MLLzFJ%2F4GcpHeHzHKh2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 92be0288faed56c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2

142.250.74.35

200 OK

60 kB

URL GET
fonts.gstatic.com/s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 60384, version 1.0
Size
60 kB (60384 bytes)
Hash
3dab586cabfeaa291a506459b98fa3e7
31fdfb6cf6ea77b01e5d6a4e2f271c479a260a3c
20cc723814ee90c35309d8ca98dc2133007ad86cfebe0719babf021edc840a55

HTTP Headers

GET /s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1hd.sh
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 60384
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Apr 2025 09:51:01 GMT
expires: Fri, 03 Apr 2026 09:51:01 GMT
cache-control: public, max-age=31536000
age: 234304
last-modified: Thu, 20 Apr 2023 13:35:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css

104.17.25.14

200 OK

102 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
ASCII text, with very long lines (52276)
Size
102 kB (102025 bytes)
Hash
ded1c367363e8b20bdc6a19b8350a737
8c06d82739d14b094ff6d9036021a252bd1d985d
1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 06 Apr 2025 02:56:03 GMT
content-type: text/css; charset=utf-8
content-length: 18752
cf-ray: 92be02887ad456c3-OSL
server: cloudflare
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6421d693-4940"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 279842
expires: Fri, 27 Mar 2026 02:56:03 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2mDtQh1fKDQl82NY6Sw2bpZYMdGDsMROap84Essbbeh3zdBeesQEn%2F2m%2FMkg22jjxNnlSEyHPlHXpI0NE1%2BcXtamuTru%2BI0Zyxr2Nprczpty%2BHLEjtroSZNBledtT5Y67WNbNOuu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2

104.17.25.14

200 OK

150 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
Web Open Font Format (Version 2), TrueType, length 150124, version 772.256
Size
150 kB (150124 bytes)
Hash
c64278386c2bbb5e293e11b94ca2f6d1
6b99aa650bd12a36caa14e0127435d8f4cd3ba73
7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1hd.sh
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 06 Apr 2025 02:56:05 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 150124
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6421d693-24a6c"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 111333
expires: Fri, 27 Mar 2026 02:56:05 GMT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2LA906hb01BXHXqc8%2FdCIakDT7kyOXs%2B9iMNej%2FpJcNP9Aw6YPY5uQNKnljbcI2jwxnXChwxF4I%2BGLr173wk8nYkwF%2FCaOSLY75qJwr%2FMCwDjkXMNALknKN%2FRLvJw5S%2BKJcxpNR1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 92be02925994b4ed-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

fonts.gstatic.com/s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2

142.250.74.35

200 OK

60 kB

URL GET
fonts.gstatic.com/s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 60384, version 1.0
Size
60 kB (60384 bytes)
Hash
3dab586cabfeaa291a506459b98fa3e7
31fdfb6cf6ea77b01e5d6a4e2f271c479a260a3c
20cc723814ee90c35309d8ca98dc2133007ad86cfebe0719babf021edc840a55

HTTP Headers

GET /s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1hd.sh
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 60384
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Apr 2025 09:51:01 GMT
expires: Fri, 03 Apr 2026 09:51:01 GMT
cache-control: public, max-age=31536000
age: 234304
last-modified: Thu, 20 Apr 2023 13:35:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/Swiper/5.4.4/js/swiper.min.js

104.17.25.14

200 OK

141 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/Swiper/5.4.4/js/swiper.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65284)
Size
141 kB (140929 bytes)
Hash
cf2fe63069b52d6a5bc1bccdb2626273
c1a56d0735470b2ab51e4dda017eefc281cbd7ce
636ee53e0454d4eff633ac3467f3540087e0ed55f4db06c2ef5f4662302b6329

HTTP Headers

GET /ajax/libs/Swiper/5.4.4/js/swiper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 06 Apr 2025 02:56:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 31039
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ee8d6b2-22681"
last-modified: Tue, 16 Jun 2020 14:26:58 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 111349
expires: Fri, 27 Mar 2026 02:56:03 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iRFhT%2Fwz7p7xBF%2FqYZXqAehLr%2Fl51OGxFZ5dzzNX0LpkFTzUowpqY%2BjhYIruvzXkM%2BKNYfXPNARws3M6cDE2pzzAbcss6%2B78w1x0wTTltfdi0%2BqTjdWXdDVEuc6Dnt7vl2rooXgv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 92be02886ad256c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1hd.sh/assets/css/all.css

104.21.70.229

200 OK

75 kB

URL GET
1hd.sh/assets/css/all.css
IP
104.21.70.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subject1hd.sh
FingerprintC6:FB:2F:5E:75:EE:E8:75:76:81:51:72:CD:4F:07:FB:2F:6B:3B:D0
ValidityMon, 24 Feb 2025 08:48:37 GMT - Sun, 25 May 2025 09:47:12 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
75 kB (75220 bytes)
Hash
bf446b2d0fffcae08a015ae28c5fd8a3
57963e274db23f2188872481c3f9c08c8e74adfc
e2ed3c859904accd2e902795f54c7c07a23ec5bdaf3be9b513e9608fac2e51e2

HTTP Headers

GET /assets/css/all.css HTTP/1.1
Host: 1hd.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Cookie: PHPSESSID=9llfvjlf2j9dm0d98frkl6n9fn
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 06 Apr 2025 02:56:03 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zEnIEUaAsyKsod6F1Gj6hbN43z%2B0Jy5PsfVLQ5ZL3ZN8P2DjZS4h3cOTB6qWGFgklvxgSp2YLvrLnM5HEGdr6xXfH1Cm%2BWpCXOaFVzyXaPFjTd4S5Yg79%2BI%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Mon, 11 Dec 2023 06:00:34 GMT
etag: W/"6576a582-125d4"
x-powered-by: PleskLin
age: 2170
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 92be0286eb5356a4-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17866&min_rtt=4561&rtt_var=8123&sent=87&recv=102&lost=0&retrans=0&sent_bytes=7777&recv_bytes=6344&delivery_rate=2173&cwnd=12000&unsent_bytes=0&cid=01e36932399c8bb8&ts=685&x=16"

pl26287075.effectiveratecpm.com/70/49/22/7049220dae28f41c8d046c56f190d4d6.js

172.240.108.68

403 Forbidden

0 B

URL GET
pl26287075.effectiveratecpm.com/70/49/22/7049220dae28f41c8d046c56f190d4d6.js
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://1hd.sh/
Certificate
IssuerLet's Encrypt
Subjecteffectiveratecpm.com
FingerprintEE:8B:4D:88:03:2A:5C:81:B9:7E:B1:AB:88:AA:3D:B4:51:20:76:EF
ValidityFri, 07 Feb 2025 08:43:29 GMT - Thu, 08 May 2025 08:43:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /70/49/22/7049220dae28f41c8d046c56f190d4d6.js HTTP/1.1
Host: pl26287075.effectiveratecpm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx/1.21.6
Date: Sun, 06 Apr 2025 02:56:04 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 0
Host: pl26287075.effectiveratecpm.com

1hd.sh/assets/js/sweetalert.js

104.21.70.229

200 OK

17 kB

URL GET
1hd.sh/assets/js/sweetalert.js
IP
104.21.70.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subject1hd.sh
FingerprintC6:FB:2F:5E:75:EE:E8:75:76:81:51:72:CD:4F:07:FB:2F:6B:3B:D0
ValidityMon, 24 Feb 2025 08:48:37 GMT - Sun, 25 May 2025 09:47:12 GMT

File type
JavaScript source, ASCII text, with very long lines (16977), with no line terminators
Size
17 kB (16977 bytes)
Hash
0068f44b0aa1b83fa7679860ceb26590
20d5cdb9d2002442843baab241f2e883563d1de5
7a056fc64aba501090c8acd106b0c7bbc9a267914e695ae34aa42a6ae2a094a7

HTTP Headers

GET /assets/js/sweetalert.js HTTP/1.1
Host: 1hd.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Cookie: PHPSESSID=9llfvjlf2j9dm0d98frkl6n9fn
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 06 Apr 2025 02:56:03 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4nhLApY6dcC8QPsgWMm9a635WJXIPF34lOiE6oaM7w9XDd4TZ%2BMP4gXb4Z8AWWjIQK6Ig%2Fw8x0b7PM8o0fySvuepr%2BAYHZKZ6YxbvzvQEx%2BNDbd49U8otHg%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sun, 25 Dec 2022 04:47:05 GMT
etag: W/"63a7d5c9-4251"
x-powered-by: PleskLin
age: 2169
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 92be02876b5656a4-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17866&min_rtt=4561&rtt_var=8123&sent=87&recv=102&lost=0&retrans=0&sent_bytes=7777&recv_bytes=6344&delivery_rate=2173&cwnd=12000&unsent_bytes=0&cid=01e36932399c8bb8&ts=765&x=16"

fonts.gstatic.com/s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2

142.250.74.35

200 OK

60 kB

URL GET
fonts.gstatic.com/s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 60384, version 1.0
Size
60 kB (60384 bytes)
Hash
3dab586cabfeaa291a506459b98fa3e7
31fdfb6cf6ea77b01e5d6a4e2f271c479a260a3c
20cc723814ee90c35309d8ca98dc2133007ad86cfebe0719babf021edc840a55

HTTP Headers

GET /s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1hd.sh
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 60384
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Apr 2025 09:51:01 GMT
expires: Fri, 03 Apr 2026 09:51:01 GMT
cache-control: public, max-age=31536000
age: 234304
last-modified: Thu, 20 Apr 2023 13:35:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/a?v=3&t=l&pid=1638702955&rv=5421&tag_exp=102788824~102803279~102813109~102887800~102926062~102975949~103016951~103021830~103027016&u=AAAAAAAAAAAAAIA&h=Ag&gtm=45je5421v9173035679za200&cl=1.2.1&ccid=173035679&cid=G-V45H598T28&l=L2628.S28.Y155.B103.E579.I2983.TC15.HTC0~gtm.init_consent.S3.V1.E212~gtm.init.S2.V1.E213.TS5ogt1pdatav2.TI4.TE8.TS5ccdgafirst.TI18.TE1.TS5ccdgaregscope.TI16.TE7.TS5ccdemdownload.TI15.TE4.TS5ccdemform.TI14.TE3.TS5ccdemoutboundclick.TI13.TE3.TS5ccdempageview.TI12.TE3.TS5ccdemscroll.TI11.TE3.TS5ccdemsitesearch.TI10.TE12.TS5ccdemvideo.TI9.TE2.TS5ccdconversionmarking.TI8.TE1.TS5ccdautoredact.TI7.TE5.TS5setproductsettings.TI17.TE195.TS5ccdgalast.TI6.TE148~gtm.js.S1.V1.E149.TS5gct.TI1.TE147~gtm.dom.E4~gtm.load.S3.V2.E5~GA539

142.250.178.104

200 OK

0 B

URL GET
www.googletagmanager.com/a?v=3&t=l&pid=1638702955&rv=5421&tag_exp=102788824~102803279~102813109~102887800~102926062~102975949~103016951~103021830~103027016&u=AAAAAAAAAAAAAIA&h=Ag&gtm=45je5421v9173035679za200&cl=1.2.1&ccid=173035679&cid=G-V45H598T28&l=L2628.S28.Y155.B103.E579.I2983.TC15.HTC0~gtm.init_consent.S3.V1.E212~gtm.init.S2.V1.E213.TS5ogt1pdatav2.TI4.TE8.TS5ccdgafirst.TI18.TE1.TS5ccdgaregscope.TI16.TE7.TS5ccdemdownload.TI15.TE4.TS5ccdemform.TI14.TE3.TS5ccdemoutboundclick.TI13.TE3.TS5ccdempageview.TI12.TE3.TS5ccdemscroll.TI11.TE3.TS5ccdemsitesearch.TI10.TE12.TS5ccdemvideo.TI9.TE2.TS5ccdconversionmarking.TI8.TE1.TS5ccdautoredact.TI7.TE5.TS5setproductsettings.TI17.TE195.TS5ccdgalast.TI6.TE148~gtm.js.S1.V1.E149.TS5gct.TI1.TE147~gtm.dom.E4~gtm.load.S3.V2.E5~GA539
IP
142.250.178.104:443
ASN
#15169 GOOGLE

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint88:85:26:A3:0A:0B:44:C6:92:DD:7B:0B:D1:14:38:BA:26:B9:EF:D9
ValidityThu, 20 Mar 2025 11:18:39 GMT - Thu, 12 Jun 2025 11:18:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /a?v=3&t=l&pid=1638702955&rv=5421&tag_exp=102788824~102803279~102813109~102887800~102926062~102975949~103016951~103021830~103027016&u=AAAAAAAAAAAAAIA&h=Ag&gtm=45je5421v9173035679za200&cl=1.2.1&ccid=173035679&cid=G-V45H598T28&l=L2628.S28.Y155.B103.E579.I2983.TC15.HTC0~gtm.init_consent.S3.V1.E212~gtm.init.S2.V1.E213.TS5ogt1pdatav2.TI4.TE8.TS5ccdgafirst.TI18.TE1.TS5ccdgaregscope.TI16.TE7.TS5ccdemdownload.TI15.TE4.TS5ccdemform.TI14.TE3.TS5ccdemoutboundclick.TI13.TE3.TS5ccdempageview.TI12.TE3.TS5ccdemscroll.TI11.TE3.TS5ccdemsitesearch.TI10.TE12.TS5ccdemvideo.TI9.TE2.TS5ccdconversionmarking.TI8.TE1.TS5ccdautoredact.TI7.TE5.TS5setproductsettings.TI17.TE195.TS5ccdgalast.TI6.TE148~gtm.js.S1.V1.E149.TS5gct.TI1.TE147~gtm.dom.E4~gtm.load.S3.V2.E5~GA539 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:836:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:836:0
report-to: {"group":"ascgcycc:836:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:836:0"}],}
date: Sun, 06 Apr 2025 02:56:06 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.googleapis.com/css2?family=Quicksand:wght@300;400;500;600;700&display=swap

142.250.74.10

200 OK

6.3 kB

URL GET
fonts.googleapis.com/css2?family=Quicksand:wght@300;400;500;600;700&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://1hd.sh/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint3C:2E:67:30:A6:95:F3:D3:61:49:AB:AC:BC:D1:CF:77:3E:33:8F:B7
ValidityThu, 20 Mar 2025 11:19:46 GMT - Thu, 12 Jun 2025 11:19:45 GMT

File type
ASCII text, with very long lines (6390), with no line terminators
Size
6.3 kB (6255 bytes)
Hash
344250e2e0307814260534638713936c
75a6cf4070ea503c70ba446d1eae282bfffef7aa
3539d1491c91dd53258cb84f274bca20c850ee076ab00b5775d296aa1be488e0

HTTP Headers

GET /css2?family=Quicksand:wght@300;400;500;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1hd.sh/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 06 Apr 2025 02:56:04 GMT
date: Sun, 06 Apr 2025 02:56:04 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML