| cultivatedcauldron.com/cvgfxran?key=33bb04a4f0edc076934b1949b5902fed | 172.240.108.76 | | 1.3 kB |
URL cultivatedcauldron.com/cvgfxran?key=33bb04a4f0edc076934b1949b5902fed IP172.240.108.76:0
File typeHTML document, ASCII text, with very long lines (412) Hash2dceb3b1ff37e8076b93a2ceb37915bf 6070c0c96741717d874faf0d952f36b089689ffa 18dfbb9694a5ea69df15c40cb76142fa7bfccc759f62323c701877d4423f61c9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cvgfxran?key=33bb04a4f0edc076934b1949b5902fed HTTP/1.1
Host: cultivatedcauldron.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 18:05:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=23160926; expires=Thu, 09 May 2024 18:05:37 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE2MDkyNiwiayI6IjMzYmIwNGE0ZjBlZGMwNzY5MzRiMTk0OWI1OTAyZmVkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzM1NDAzLCJwaWQiOjQwNTkxOCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjoyOCwicHQiOjQsInBrIjoiY3ZnZnhyYW4iLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6IiIsImFyIjpbXX19.7v8kb8QAuA3u13UgUZWczauGBBbupWq_Sf7OWA_K_88; expires=Wed, 08 May 2024 18:06:37 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e9d57cc1c2b6b7f9104e3d02f4cebb1e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cultivatedcauldron.com/api/users?token=L2N2Z2Z4cmFuP2tleT0zM2JiMDRhNGYwZWRjMDc2OTM0YjE5NDliNTkwMmZlZCZwc3Q9MTcxNTE5MTU5NyZybXRjPXQmc2h1PTkzMjcxYTUzZGY0MThlNWNkYTIwMGQ3MDdkMDA1NDdlNDBhM2FlNmMyZGVkN2VmZjc2MmE1YmUwMDZmNDg2OWVkMDc0MjQ0NDFiNzY2OGJkOTFmZDE5MDYwM2Q2YzU2ZDM4NzQ5ZTYyYjNhMzZhNGEzMTczMTc4NjU1OGIyMjJmNDIyMGQzNjk3ZThiYzQ1MjQzNDM0MjFmNTQxMWM0NDBiNTE4YTQyZjhlOTRkNTM4MDY4MjkxOTAxOGY2ZWU0NTI3&uuid=&pii=&in=false | 172.240.127.234 | | 0 B |
URL cultivatedcauldron.com/api/users?token=L2N2Z2Z4cmFuP2tleT0zM2JiMDRhNGYwZWRjMDc2OTM0YjE5NDliNTkwMmZlZCZwc3Q9MTcxNTE5MTU5NyZybXRjPXQmc2h1PTkzMjcxYTUzZGY0MThlNWNkYTIwMGQ3MDdkMDA1NDdlNDBhM2FlNmMyZGVkN2VmZjc2MmE1YmUwMDZmNDg2OWVkMDc0MjQ0NDFiNzY2OGJkOTFmZDE5MDYwM2Q2YzU2ZDM4NzQ5ZTYyYjNhMzZhNGEzMTczMTc4NjU1OGIyMjJmNDIyMGQzNjk3ZThiYzQ1MjQzNDM0MjFmNTQxMWM0NDBiNTE4YTQyZjhlOTRkNTM4MDY4MjkxOTAxOGY2ZWU0NTI3&uuid=&pii=&in=false IP172.240.127.234:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /api/users?token=L2N2Z2Z4cmFuP2tleT0zM2JiMDRhNGYwZWRjMDc2OTM0YjE5NDliNTkwMmZlZCZwc3Q9MTcxNTE5MTU5NyZybXRjPXQmc2h1PTkzMjcxYTUzZGY0MThlNWNkYTIwMGQ3MDdkMDA1NDdlNDBhM2FlNmMyZGVkN2VmZjc2MmE1YmUwMDZmNDg2OWVkMDc0MjQ0NDFiNzY2OGJkOTFmZDE5MDYwM2Q2YzU2ZDM4NzQ5ZTYyYjNhMzZhNGEzMTczMTc4NjU1OGIyMjJmNDIyMGQzNjk3ZThiYzQ1MjQzNDM0MjFmNTQxMWM0NDBiNTE4YTQyZjhlOTRkNTM4MDY4MjkxOTAxOGY2ZWU0NTI3&uuid=&pii=&in=false HTTP/1.1
Host: cultivatedcauldron.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cultivatedcauldron.com/api/users?token=L2N2Z2Z4cmFuP2tleT1hOTY5Y2E1YzlhZDI2MTE3NjJmMTFiNzlhNTI2ZTJkMiZzdWJtZXRyaWM9MjMxNjA5MjY
Cookie: u_pl=23160926; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE2MDkyNiwiayI6IjMzYmIwNGE0ZjBlZGMwNzY5MzRiMTk0OWI1OTAyZmVkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzM1NDAzLCJwaWQiOjQwNTkxOCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjoyOCwicHQiOjQsInBrIjoiY3ZnZnhyYW4iLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6IiIsImFyIjpbXX19.7v8kb8QAuA3u13UgUZWczauGBBbupWq_Sf7OWA_K_88; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Wed, 08 May 2024 18:05:38 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://nylonnickel.xyz/c9b2l0k.php?key=ssh20i85vx88tciu4a4m&SUB_ID_SHORT=39da1af76648298036ae19f04e3c42f1&COST_CPC=&PLACEMENT_ID=23160926&CAMPAIGN_ID=1026545&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2895359
Set-Cookie: pdhtkv=true; expires=Thu, 09 May 2024 18:05:38 GMT
uncs=1; expires=Thu, 09 May 2024 18:05:38 GMT
pdhtkv28=true; expires=Thu, 09 May 2024 18:05:38 GMT
uncs28=1; expires=Thu, 09 May 2024 18:05:38 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 026c00a52c4557e7227969f5ecd379fc
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| nylonnickel.xyz/c9b2l0k.php?key=ssh20i85vx88tciu4a4m&SUB_ID_SHORT=39da1af76648298036ae19f04e3c42f1&COST_CPC=&PLACEMENT_ID=23160926&CAMPAIGN_ID=1026545&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2895359 | 192.64.81.118 | | 0 B |
URL nylonnickel.xyz/c9b2l0k.php?key=ssh20i85vx88tciu4a4m&SUB_ID_SHORT=39da1af76648298036ae19f04e3c42f1&COST_CPC=&PLACEMENT_ID=23160926&CAMPAIGN_ID=1026545&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2895359 IP192.64.81.118:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c9b2l0k.php?key=ssh20i85vx88tciu4a4m&SUB_ID_SHORT=39da1af76648298036ae19f04e3c42f1&COST_CPC=&PLACEMENT_ID=23160926&CAMPAIGN_ID=1026545&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2895359 HTTP/1.1
Host: nylonnickel.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cultivatedcauldron.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Wed, 08 May 2024 18:05:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=us7vgxa7my; expires=Thu, 09-May-2024 18:05:39 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=us7vgxa7my-us7vgxa7my-xr46-0-usgm6o-9rib8n-9ribwj-506d68; expires=Thu, 09-May-2024 18:05:39 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://rqqlj.canopusacrux.com/?pl=4l9EZwXc2kSH_LKKjogwWA&click_id=443fcus7vgxa7my35b&sub_id=23160926
Strict-Transport-Security: max-age=31536000
|
|
| rqqlj.canopusacrux.com/?pl=4l9EZwXc2kSH_LKKjogwWA&click_id=443fcus7vgxa7my35b&sub_id=23160926 | 188.114.96.1 | | 0 B |
URL rqqlj.canopusacrux.com/?pl=4l9EZwXc2kSH_LKKjogwWA&click_id=443fcus7vgxa7my35b&sub_id=23160926 IP188.114.96.1:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?pl=4l9EZwXc2kSH_LKKjogwWA&click_id=443fcus7vgxa7my35b&sub_id=23160926 HTTP/1.1
Host: rqqlj.canopusacrux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cultivatedcauldron.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 08 May 2024 18:05:39 GMT
content-length: 0
location: https://rqqlj.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
set-cookie: 4l9EZwXc2kSH_LKKjogwWA=1; max-age=345600; path=/; samesite=lax
__pl=7e96cb99-1885-49f2-a9fd-df9def17c82c; expires=Fri, 08 May 2026 18:05:39 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WfWXxssbPZw8BiJP%2FyXxQTtF9oZ9KbV0d7LkEfDplCsR%2BTSdQ1ji5ivOos99mHZV3yvnkQ%2B16R0IZRKk2LovEMSdYZH2U7Bn%2FFHeZrmqI%2Bs0vdNdAHOhq5cfMGqyzaURMJR%2BXC90wJx8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b61103de97128-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| rqqlj.check-tl-ver-154-1.com/space-robot/assets/corner.png | 188.114.96.1 | | 300 B |
URL rqqlj.check-tl-ver-154-1.com/space-robot/assets/corner.png IP188.114.96.1:0
File typePNG image data, 44 x 44, 8-bit colormap, non-interlaced Hashf66c38fa2cd7c50bd1989d41da28fb80 e1de333eca72647f3c1831083fe678cfa8fe9eab 3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2
GET /space-robot/assets/corner.png HTTP/1.1
Host: rqqlj.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:39 GMT
content-type: image/png
content-length: 300
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-12c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1285
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e9ZneeCYmNM6ZIglpAzo54Or7u0dddNT99r7OiXW20fWjrFEoT%2FQ5XL7bwi9tS%2F81YNG9NpfW9iWAJgbWs%2BlzZ9WTBl2K2jo5ogyctLUQCf1l7ymvN%2FoFB56lPbKvC9Or0UkUtNcm6YBWi9i9%2FRA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b6112d9f6569d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 | 216.58.207.227 | | 16 kB |
URL fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 IP216.58.207.227:0
File typeWeb Open Font Format (Version 2), TrueType, length 15552, version 1.0 Hash285467176f7fe6bb6a9c6873b3dad2cc ea04e4ff5142ddd69307c183def721a160e0a64e 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rqqlj.check-tl-ver-154-1.com
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:50:52 GMT
expires: Fri, 02 May 2025 01:50:52 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
age: 576887
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| rqqlj.check-tl-ver-154-1.com/space-robot/assets/apple-touch-icon.png | 188.114.96.1 | | 23 kB |
URL rqqlj.check-tl-ver-154-1.com/space-robot/assets/apple-touch-icon.png IP188.114.96.1:0
File typePNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced Hashf500ba7eee0ae7d1ceb44236ac253165 0614de220ecadb48038ed894d91120ba102c8367 ba5a3083c38d71a2191ee7e614a96812d1f9d88bbfb360d3b61dbb1ffcd51de5
GET /space-robot/assets/apple-touch-icon.png HTTP/1.1
Host: rqqlj.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:39 GMT
content-type: image/png
content-length: 23177
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-5a89"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iNG3NcduwEAPxKpw%2B51pEAGiDXhX7FFgUvmWvgNtl1n%2Fx3T82PMOSAfkTDQvxjSO1drWO9xbqHxEHZvyVmtMbRfbes20NIyyxbNk7t%2BP4mYmvFC%2Bwe0x2yG3oafKrnXvMCMU3YDPx8JCHQzQqztY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b61147d1b569d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| rqqlj.check-tl-ver-154-1.com/space-robot/assets/favicon-16x16.png | 188.114.96.1 | | 1.2 kB |
URL rqqlj.check-tl-ver-154-1.com/space-robot/assets/favicon-16x16.png IP188.114.96.1:0
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash9d35b617fd258f648c37812252297dd3 7e32fd007f1c6fe1466d15439173082c0fbe82da e8a768f8122da75777dc64b6d35e756a1848c4f330f293920c18480df085000a
GET /space-robot/assets/favicon-16x16.png HTTP/1.1
Host: rqqlj.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:39 GMT
content-type: image/png
content-length: 1163
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-48b"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XGWBVEHwBPTyPilnbJJIfErPQ8iqtlBm%2F2scIZqq1UHxNVMYEi9sQzgJE4GwONosA1jJnyGHMtGhKYpe%2FQXnvHuzim%2BP203cjPtjq%2Fkrp%2Bhc81MEROdNhgT7jQN1tGrP5U3ajDelm4B3f%2F3gCi%2BG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b61147d20569d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| rqqlj.check-tl-ver-154-1.com/shared-js/assets/static-pl.js?v=2 | 188.114.96.1 | | 1.7 kB |
URL rqqlj.check-tl-ver-154-1.com/shared-js/assets/static-pl.js?v=2 IP188.114.96.1:0
File typeJavaScript source, ASCII text, with CRLF line terminators Hash7224243dd0b18bb2508a1d77d4b2a0b2 bd833c24aa241861316053fd8bd46a1bef3d343f 920aa94a10634fc23234b5e4f55c428f6311fc7811d3591792381678cb492659
GET /shared-js/assets/static-pl.js?v=2 HTTP/1.1
Host: rqqlj.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:39 GMT
content-type: application/javascript
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: W/"6627c958-dee"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1285
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oq0kXyWStAHXDwTCj7HGB9DaaqWg%2BXtsCkutQdV3Rb3%2FaEX6tjDUPyGR7PWGxq5UOI6d31npqTUveNoQQLd%2F4tlZ7OKUg%2BmdwXF5ZvK2%2BSYDZfhYEcEo%2FXmwTWj9uWiU2cU9Ra0DJbdGzb9YqURz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b6112da00569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js | 142.250.74.163 | | 9.3 kB |
URL www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js IP142.250.74.163:0
File typeJavaScript source, ASCII text, with very long lines (28368) Hash9900403b65514fad7df39a4e788a6e45 75f9ba061ef4e72bb23528c700f2a11c56d637e9 a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5
GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:57 GMT
expires: Fri, 02 May 2025 01:56:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 576522
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js | 142.250.74.163 | | 9.9 kB |
URL www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js IP142.250.74.163:0
File typeJavaScript source, ASCII text, with very long lines (38231) Hash0541b823dfaf39162ef84cf075c9951b e0934726455558cc1a59823efada9651e33aafaa 21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522
GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 02:03:05 GMT
expires: Sat, 03 May 2025 02:03:05 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 489755
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| la.check-tl-ver-154-1.com/space-robot/assets/corner.png | 188.114.96.1 | | 300 B |
URL la.check-tl-ver-154-1.com/space-robot/assets/corner.png IP188.114.96.1:0
File typePNG image data, 44 x 44, 8-bit colormap, non-interlaced Hashf66c38fa2cd7c50bd1989d41da28fb80 e1de333eca72647f3c1831083fe678cfa8fe9eab 3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2
GET /space-robot/assets/corner.png HTTP/1.1
Host: la.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://la.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:40 GMT
content-type: image/png
content-length: 300
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-12c"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AHXQhs6xG1rZ6mdrioyONUXvyccxhnXKxDndjoWADdLQol%2FzYy1y3N9cRynrO5Erb2wpn5XA4O9FEjw%2FJS5TeumqMhspYBhyyq4R8HJJ%2F9nwqUxrFEB%2FHmt6x9GrAGONWcbsy8IaizS0%2FK2U"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b61160ff1569d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| la.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839 | 188.114.96.1 | | 24 kB |
URL la.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839 IP188.114.96.1:0
File typeHTML document, Unicode text, UTF-8 text, with very long lines (474) Hash01041709ecf6a3f0b549820730593c03 55775e4279d24a34f601bf8180d9f280b8131e0d 51907b3319c05ec1c1a7466f4017f4dcc7b6dc59a29ed962bfd36572f223bb51
GET /space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839 HTTP/1.1
Host: la.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:40 GMT
content-type: text/html
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H%2B%2B3P7xSuyYbulN0f7evTPQyrpnGJ4JxSOSj47TCqH%2BgOxQYddcFfwXFgha73aOASReotkfO7aR%2FEq29%2BhvwWwIfMB99yBkh2X2c9LqVs%2FUcGEweuFD3YnDDnG5bTjoU4absK6eBxQVpYpJ8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b61156ecb569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| la.check-tl-ver-154-1.com/space-robot/assets/favicon-16x16.png | 188.114.96.1 | | 1.2 kB |
URL la.check-tl-ver-154-1.com/space-robot/assets/favicon-16x16.png IP188.114.96.1:0
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash9d35b617fd258f648c37812252297dd3 7e32fd007f1c6fe1466d15439173082c0fbe82da e8a768f8122da75777dc64b6d35e756a1848c4f330f293920c18480df085000a
GET /space-robot/assets/favicon-16x16.png HTTP/1.1
Host: la.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://la.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:40 GMT
content-type: image/png
content-length: 1163
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-48b"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f1ws%2FDLJLCzIOsZxEWMvlTXTWVl6PTtDtRbKt3sJrynjbreFyemAzPqb2wKssKFTZNZC8R%2BZu0u2%2FZbKo%2FXmDO9irboYArhxKADqUyWyBRJ7QYSdtHn2flw2oMJ9jNu03fN3rLsF7F4xIpx8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b611719a9569d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| la.check-tl-ver-154-1.com/space-robot/assets/apple-touch-icon.png | 188.114.96.1 | | 23 kB |
URL la.check-tl-ver-154-1.com/space-robot/assets/apple-touch-icon.png IP188.114.96.1:0
File typePNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced Hashf500ba7eee0ae7d1ceb44236ac253165 0614de220ecadb48038ed894d91120ba102c8367 ba5a3083c38d71a2191ee7e614a96812d1f9d88bbfb360d3b61dbb1ffcd51de5
GET /space-robot/assets/apple-touch-icon.png HTTP/1.1
Host: la.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://la.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:40 GMT
content-type: image/png
content-length: 23177
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-5a89"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RHXcFm%2BDWKl1C96FKffXZiQS8nrhcSh5KsAW2pDZhWfQLSg18OarwAbY0JoiYpdAcjPGlJHZ0ua1Tv%2FIBDeTmzUWrhSTO57jutp7o58GGtqg57xFZxUfwnSg40jKJhJd8Xg4%2FX7lQHM45c6G"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b611709a2569d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js | 142.250.74.163 | | 9.3 kB |
URL www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js IP142.250.74.163:0
File typeJavaScript source, ASCII text, with very long lines (28368) Hash9900403b65514fad7df39a4e788a6e45 75f9ba061ef4e72bb23528c700f2a11c56d637e9 a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5
GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://la.check-tl-ver-154-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:57 GMT
expires: Fri, 02 May 2025 01:56:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 576523
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| cdnstatic.check-tl-ver-154-1.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-154-1.com&timeout=30&tb=true&nrid=ef13b47c48a54cecbc0f9c6c812bfaea | 188.114.96.1 | | 24 kB |
URL cdnstatic.check-tl-ver-154-1.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-154-1.com&timeout=30&tb=true&nrid=ef13b47c48a54cecbc0f9c6c812bfaea IP188.114.96.1:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (33287), with no line terminators Hashb8f0a23e62a853b9e4357a64e8f8fc51 9e19b6bc7365db9b2893de7bc3642dcd260bfde1 057b6d5597db020b6fbf674496033003a9c6ead2a0361bbc43b869cd9ede58e1
GET /ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-154-1.com&timeout=30&tb=true&nrid=ef13b47c48a54cecbc0f9c6c812bfaea HTTP/1.1
Host: cdnstatic.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://la.check-tl-ver-154-1.com/
Cookie: __psu=73ee7103-05cc-4f42-9a7d-ae0095570915
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:40 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BcAVfcXOilZgKlOvSug%2BjjWlFvxYfkX2aNQ6950DgaF%2ByADX8%2B%2BCEN4z%2BFk%2B4ruRELDivBymF1bn3OcKPiio0cP0jWn3Z%2BxcE4y%2FOZMpXXgzN6p0ns7yYyJYroXH5Q0iGeUY7WzCsxN%2B3Dks9hYHeSZM3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b6116a909569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| lb.check-tl-ver-154-1.com/space-robot/assets/corner.png | 188.114.96.1 | | 300 B |
URL lb.check-tl-ver-154-1.com/space-robot/assets/corner.png IP188.114.96.1:0
File typePNG image data, 44 x 44, 8-bit colormap, non-interlaced Hashf66c38fa2cd7c50bd1989d41da28fb80 e1de333eca72647f3c1831083fe678cfa8fe9eab 3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2
GET /space-robot/assets/corner.png HTTP/1.1
Host: lb.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lb.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:40 GMT
content-type: image/png
content-length: 300
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-12c"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kp8qaQ0cRAYNfDKNLTOpEM%2Fk9cqoN2k3pex6uqh5zCa0bha0y%2BbAvg2QuhrE40E1BYriLCZgDDorg66n2gZ5LsQAJs%2Fn8MS3Z6QCcOdkVSEodnSnpV8XmAzuQnr%2BZuObPyyzr5VeXRg7Mpdb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b61196dfa569d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 | 216.58.207.227 | | 16 kB |
URL fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 IP216.58.207.227:0
File typeWeb Open Font Format (Version 2), TrueType, length 15552, version 1.0 Hash285467176f7fe6bb6a9c6873b3dad2cc ea04e4ff5142ddd69307c183def721a160e0a64e 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lb.check-tl-ver-154-1.com
DNT: 1
Connection: keep-alive
Referer: https://lb.check-tl-ver-154-1.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:50:52 GMT
expires: Fri, 02 May 2025 01:50:52 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
age: 576888
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| lb.check-tl-ver-154-1.com/space-robot/assets/favicon-16x16.png | 188.114.96.1 | | 1.2 kB |
URL lb.check-tl-ver-154-1.com/space-robot/assets/favicon-16x16.png IP188.114.96.1:0
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash9d35b617fd258f648c37812252297dd3 7e32fd007f1c6fe1466d15439173082c0fbe82da e8a768f8122da75777dc64b6d35e756a1848c4f330f293920c18480df085000a
GET /space-robot/assets/favicon-16x16.png HTTP/1.1
Host: lb.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lb.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:40 GMT
content-type: image/png
content-length: 1163
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-48b"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LerDPYI8o%2Bz7yX6mZXUfXvvFTPCtFlK2sJiVoug0kFZFWoo4YfiVOFJbBuKINMlSpcf%2Bych2uXKvjJxPAhVy6IFDyq4HSCwLHYREh6zW9ZR%2Bx5ZoJx2C%2FzkGG8%2F9Oyp4HmcZfABFae6cQYsC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b611a6f9a569d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| lb.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839 | 188.114.96.1 | | 45 kB |
URL lb.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839 IP188.114.96.1:0
File typeHTML document, Unicode text, UTF-8 text, with very long lines (474) Hash01041709ecf6a3f0b549820730593c03 55775e4279d24a34f601bf8180d9f280b8131e0d 51907b3319c05ec1c1a7466f4017f4dcc7b6dc59a29ed962bfd36572f223bb51
GET /space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839 HTTP/1.1
Host: lb.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://la.check-tl-ver-154-1.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:40 GMT
content-type: text/html
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QT3APYgL8O9FSvlK34ivTncYzUWjM8Zocy90%2BUGfunXzrS7tbP8lQ1ou8gHahsgCAQTUWFqvtVqlODb6f3e1UJSmMgRR5CnvhTZxaIuE18ssiBZqYp81fl2p%2Brj5zeXEkePZNg325elqWPob"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b61187c60569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js | 142.250.74.163 | | 9.3 kB |
URL www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js IP142.250.74.163:0
File typeJavaScript source, ASCII text, with very long lines (28368) Hash9900403b65514fad7df39a4e788a6e45 75f9ba061ef4e72bb23528c700f2a11c56d637e9 a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5
GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lb.check-tl-ver-154-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:57 GMT
expires: Fri, 02 May 2025 01:56:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 576523
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js | 142.250.74.163 | | 9.9 kB |
URL www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js IP142.250.74.163:0
File typeJavaScript source, ASCII text, with very long lines (38231) Hash0541b823dfaf39162ef84cf075c9951b e0934726455558cc1a59823efada9651e33aafaa 21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522
GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lb.check-tl-ver-154-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 02:03:05 GMT
expires: Sat, 03 May 2025 02:03:05 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 489756
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.highcpmgate.com/g0rcyaaab7?key=95e6f21cd393f59a1833b1034d8951ec | 192.243.61.227 | | 1.3 kB |
URL www.highcpmgate.com/g0rcyaaab7?key=95e6f21cd393f59a1833b1034d8951ec IP192.243.61.227:0 ASN#39572 DataWeb Global Group B.V.
File typeHTML document, ASCII text, with very long lines (410) Hashd89066428b4a95bafbbd1132d5610341 2a5f609ed9c612c21fa5349f0be183397b2760bc bdbc4332d4f550815357432af6055e72118f115ccddee5baf3bcd76ab76dcfe1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /g0rcyaaab7?key=95e6f21cd393f59a1833b1034d8951ec HTTP/1.1
Host: www.highcpmgate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 18:05:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=23070551; expires=Thu, 09 May 2024 18:05:41 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzA3MDU1MSwiayI6Ijk1ZTZmMjFjZDM5M2Y1OWExODMzYjEwMzRkODk1MWVjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNzk1OTI5LCJwaWQiOjE4MjM3NzAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MzEsImFpZCI6MjgsInB0Ijo0LCJwayI6ImcwcmN5YWFhYjciLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6IiIsImFyIjpbXX19.U2ebwFjEv1emnUSOTmNQTe-4rPP39OWIepgfVbZEwNQ; expires=Wed, 08 May 2024 18:06:41 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3a672cd9f3f9a7ddfd011389bdcc46d5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdnstatic.check-tl-ver-154-1.com/ps/config.js?id=4l9EZwXc2kSH_LKKjogwWA | 188.114.96.1 | | 228 B |
URL cdnstatic.check-tl-ver-154-1.com/ps/config.js?id=4l9EZwXc2kSH_LKKjogwWA IP188.114.96.1:0
File typeASCII text, with CRLF line terminators Hashdc65a2fbfc4c76147b8b778b759c8d91 b8374137f0fe797e6a7e58c0c6ef14aa7a6b9855 7e85c285fd983223d07a014d1a96804ba1c8f65fb43238a4fad204350e896958
GET /ps/config.js?id=4l9EZwXc2kSH_LKKjogwWA HTTP/1.1
Host: cdnstatic.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/
Cookie: __psu=73ee7103-05cc-4f42-9a7d-ae0095570915
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:39 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d799SXFonJ5PX9uE5J%2FlRGFN1uNx%2BE0%2FLSrx0seg%2FwxMlMKicSjBXWvGh%2FgHS%2FRiEmBdunp86OW0006ZuUbrD7rQE3%2F2gXNBsY3PmgdnBpJwpX7Mae%2FEGYMicdZOibVBQem0WEhjlYGTHiopchXQ6iJIyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b6113dbda569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| wifescamara.click/c9b2l0k.php?key=j9bvotykda242i8ilk8f&SUB_ID_SHORT=39d8305f8e8a6fed6c8c6d73a1050199&COST_CPC=&PLACEMENT_ID=23070551&CAMPAIGN_ID=1030445&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2904296 | 192.64.81.118 | | 0 B |
URL wifescamara.click/c9b2l0k.php?key=j9bvotykda242i8ilk8f&SUB_ID_SHORT=39d8305f8e8a6fed6c8c6d73a1050199&COST_CPC=&PLACEMENT_ID=23070551&CAMPAIGN_ID=1030445&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2904296 IP192.64.81.118:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c9b2l0k.php?key=j9bvotykda242i8ilk8f&SUB_ID_SHORT=39d8305f8e8a6fed6c8c6d73a1050199&COST_CPC=&PLACEMENT_ID=23070551&CAMPAIGN_ID=1030445&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2904296 HTTP/1.1
Host: wifescamara.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highcpmgate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Wed, 08 May 2024 18:05:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=us7vgxa8hq; expires=Thu, 09-May-2024 18:05:42 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=us7vgxa8hq-us7vgxa8hq-uoxs-0-usa30-9rq5dz-9rq5bl-24050d; expires=Thu, 09-May-2024 18:05:42 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://gzeao.canopusacrux.com/?pl=dR1J35fCDkibR45g1XXjgg&click_id=29c30us7vgxa8hq802&sub_id=23070551
Strict-Transport-Security: max-age=31536000
|
|
| gzeao.canopusacrux.com/?pl=dR1J35fCDkibR45g1XXjgg&click_id=29c30us7vgxa8hq802&sub_id=23070551 | 188.114.96.1 | | 0 B |
URL gzeao.canopusacrux.com/?pl=dR1J35fCDkibR45g1XXjgg&click_id=29c30us7vgxa8hq802&sub_id=23070551 IP188.114.96.1:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?pl=dR1J35fCDkibR45g1XXjgg&click_id=29c30us7vgxa8hq802&sub_id=23070551 HTTP/1.1
Host: gzeao.canopusacrux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highcpmgate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Wed, 08 May 2024 18:05:42 GMT
content-length: 0
location: https://gzeao.check-tl-ver-94-2.com/allow-button/?pl=dR1J35fCDkibR45g1XXjgg&sm=allow-button&click_id=29c30us7vgxa8hq802&sub_id=23070551&nrid=695ed4299d6445a2859b7f18c5e45627&hash=3UzkIlvTRXE53TomEn8vYA&exp=1715191842
set-cookie: dR1J35fCDkibR45g1XXjgg=2; max-age=345600; path=/; samesite=lax
__pl=726a0e4b-a433-4f04-9fa7-56af7c02136f; expires=Fri, 08 May 2026 18:05:42 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SPcwmw4Bx5EmmQ%2FFcTsVHS1kRronHbXw7fKc8nq1%2B%2FFfMic5SLB8CBgl6Rtkyq9If7vYVOD%2BCCu%2FACA0kpXzq80fTLXD8J4CMAKoPiKHpUZqFaXZLgIIYuUlyyJODwOvSfkJ8UHBQPxp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b61273882b52d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| gzeao.check-tl-ver-94-2.com/favicon.ico | 172.67.189.129 | | 0 B |
URL gzeao.check-tl-ver-94-2.com/favicon.ico IP172.67.189.129:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: gzeao.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gzeao.check-tl-ver-94-2.com/allow-button/?pl=dR1J35fCDkibR45g1XXjgg&sm=allow-button&click_id=29c30us7vgxa8hq802&sub_id=23070551&nrid=695ed4299d6445a2859b7f18c5e45627&hash=3UzkIlvTRXE53TomEn8vYA&exp=1715191842
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Wed, 08 May 2024 18:05:43 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6278
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W6JdaS5H3n0%2Fx9AhkwAfJiPVgw%2Bz6GR5dVq29cdqudVHM%2FjP1LYeQP71K9bZTuQ3WX6PGFVmT58dyK%2Bw98a0U%2F%2Bf483HjexWT9EwT5ki0Mqxy%2FmP8R9Q6W2WfGl2NDrX9aJbO6%2B3XFn2oZlnhwg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b612aaa69568e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js | 142.250.74.163 | | 9.3 kB |
URL www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js IP142.250.74.163:0
File typeJavaScript source, ASCII text, with very long lines (28368) Hash9900403b65514fad7df39a4e788a6e45 75f9ba061ef4e72bb23528c700f2a11c56d637e9 a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5
GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gzeao.check-tl-ver-94-2.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:57 GMT
expires: Fri, 02 May 2025 01:56:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 576526
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js | 142.250.74.163 | | 9.9 kB |
URL www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js IP142.250.74.163:0
File typeJavaScript source, ASCII text, with very long lines (38231) Hash0541b823dfaf39162ef84cf075c9951b e0934726455558cc1a59823efada9651e33aafaa 21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522
GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gzeao.check-tl-ver-94-2.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 02:03:05 GMT
expires: Sat, 03 May 2025 02:03:05 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 489758
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Early-Data: accepted
|
|
| gzeao.check-tl-ver-94-2.com/allow-button/?pl=dR1J35fCDkibR45g1XXjgg&sm=allow-button&click_id=29c30us7vgxa8hq802&sub_id=23070551&nrid=695ed4299d6445a2859b7f18c5e45627&hash=3UzkIlvTRXE53TomEn8vYA&exp=1715191842 | 172.67.189.129 | | 9.5 kB |
URL gzeao.check-tl-ver-94-2.com/allow-button/?pl=dR1J35fCDkibR45g1XXjgg&sm=allow-button&click_id=29c30us7vgxa8hq802&sub_id=23070551&nrid=695ed4299d6445a2859b7f18c5e45627&hash=3UzkIlvTRXE53TomEn8vYA&exp=1715191842 IP172.67.189.129:0
File typeHTML document, ASCII text, with very long lines (10169) Hash80f93dbb557a8864dc665d0ce557af58 963f36ccd9c2e63967ea3a66d051a8b4b7e08ab6 ee4d53ba73ffa074d944eae12df6386888e842ce4ca82d0ca6d6779256257f3b
GET /allow-button/?pl=dR1J35fCDkibR45g1XXjgg&sm=allow-button&click_id=29c30us7vgxa8hq802&sub_id=23070551&nrid=695ed4299d6445a2859b7f18c5e45627&hash=3UzkIlvTRXE53TomEn8vYA&exp=1715191842 HTTP/1.1
Host: gzeao.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highcpmgate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:05:43 GMT
content-type: text/html
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IMW7jyqPV%2FQxk%2FWkoSokR3NOd4zC81oXaPpLBiRTvxki0EW8GEx0PBe2QutgjBv2MTrqd8C234kPKgKNu7VEsv8AbjbW%2BFFFp0qhqghnN2r1Q69KpWW9%2BwQmJpk4eT5FM%2FVaXVeNlRcv8vKTmnc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b61280f8356bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js | 142.250.74.163 | | 9.3 kB |
URL www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js IP142.250.74.163:0
File typeJavaScript source, ASCII text, with very long lines (28368) Hash9900403b65514fad7df39a4e788a6e45 75f9ba061ef4e72bb23528c700f2a11c56d637e9 a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5
GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ta.check-tl-ver-94-2.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:57 GMT
expires: Fri, 02 May 2025 01:56:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 576527
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js | 142.250.74.163 | | 9.9 kB |
URL www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js IP142.250.74.163:0
File typeJavaScript source, ASCII text, with very long lines (38231) Hash0541b823dfaf39162ef84cf075c9951b e0934726455558cc1a59823efada9651e33aafaa 21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522
GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ta.check-tl-ver-94-2.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 02:03:05 GMT
expires: Sat, 03 May 2025 02:03:05 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 489759
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| glugherg.net/sftouch?userId=008056e6262d4b98e72d049861615987&z=6662145&p_rid=2f1ab75a-8982-40e3-99e3-e3ef841903d3&p_src=sf&branchId=0&rb=tqLIl9COhYZSD58TSlgK1quF0r2xGew5uXxbKaX0Y1tm1OCI8i4DLm-JwviEFORxH0sKHnEtPr3YhqL3MJZ2gq47OgrRNAD9KQvqv5jgIEHbrRhFqEXiSdmT8fBHYC2lEMBcmS0YNYC01rP87atVOQGVBK9Xi_U1j4naehPERVNFi88cqLnVmKRkVMkZPVIqUZBOuDaiOGhlcsoFPexbDtaGrA3L9gDYulbfqmR_hMM= | 139.45.197.237 | 200 OK | 2 B |
URL POST HTTP/2glugherg.net/sftouch?userId=008056e6262d4b98e72d049861615987&z=6662145&p_rid=2f1ab75a-8982-40e3-99e3-e3ef841903d3&p_src=sf&branchId=0&rb=tqLIl9COhYZSD58TSlgK1quF0r2xGew5uXxbKaX0Y1tm1OCI8i4DLm-JwviEFORxH0sKHnEtPr3YhqL3MJZ2gq47OgrRNAD9KQvqv5jgIEHbrRhFqEXiSdmT8fBHYC2lEMBcmS0YNYC01rP87atVOQGVBK9Xi_U1j4naehPERVNFi88cqLnVmKRkVMkZPVIqUZBOuDaiOGhlcsoFPexbDtaGrA3L9gDYulbfqmR_hMM= IP139.45.197.237:443
Requested byhttps://glugherg.net/4/6662145 CertificateIssuerLet's Encrypt Subjectglugherg.net Fingerprint32:41:21:37:65:99:C2:A0:C3:78:74:04:E3:8D:18:A9:B6:60:97:57 ValiditySun, 14 Apr 2024 05:10:47 GMT - Sat, 13 Jul 2024 05:10:46 GMT
File typeASCII text, with no line terminators Hash444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sftouch?userId=008056e6262d4b98e72d049861615987&z=6662145&p_rid=2f1ab75a-8982-40e3-99e3-e3ef841903d3&p_src=sf&branchId=0&rb=tqLIl9COhYZSD58TSlgK1quF0r2xGew5uXxbKaX0Y1tm1OCI8i4DLm-JwviEFORxH0sKHnEtPr3YhqL3MJZ2gq47OgrRNAD9KQvqv5jgIEHbrRhFqEXiSdmT8fBHYC2lEMBcmS0YNYC01rP87atVOQGVBK9Xi_U1j4naehPERVNFi88cqLnVmKRkVMkZPVIqUZBOuDaiOGhlcsoFPexbDtaGrA3L9gDYulbfqmR_hMM= HTTP/1.1
Host: glugherg.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://glugherg.net
DNT: 1
Connection: keep-alive
Referer: https://glugherg.net/4/6662145
Cookie: OAID=008056e6262d4b98e72d049861615987; oaidts=1715191544
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:05:44 GMT
content-type: text/plain
content-length: 2
x-trace-id: e3fc6b96e4837041872d9c8dc4bd6284
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://glugherg.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/img.gif?f=merge&userId=008056e6262d4b98e72d049861615987&z=6662145&p_rid=2f1ab75a-8982-40e3-99e3-e3ef841903d3&p_src=sf | 139.45.195.8 | 200 OK | 43 B |
URL GET HTTP/2my.rtmark.net/img.gif?f=merge&userId=008056e6262d4b98e72d049861615987&z=6662145&p_rid=2f1ab75a-8982-40e3-99e3-e3ef841903d3&p_src=sf IP139.45.195.8:443
Requested byhttps://glugherg.net/4/6662145 CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=008056e6262d4b98e72d049861615987&z=6662145&p_rid=2f1ab75a-8982-40e3-99e3-e3ef841903d3&p_src=sf HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://glugherg.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:05:44 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008056e6262d4b98e72d049861615987; expires=Thu, 08 May 2025 18:05:44 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| glugherg.net/favicon.ico | 139.45.197.237 | 204 No Content | 0 B |
IP139.45.197.237:443
Requested byhttps://glugherg.net/4/6662145 CertificateIssuerLet's Encrypt Subjectglugherg.net Fingerprint32:41:21:37:65:99:C2:A0:C3:78:74:04:E3:8D:18:A9:B6:60:97:57 ValiditySun, 14 Apr 2024 05:10:47 GMT - Sat, 13 Jul 2024 05:10:46 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: glugherg.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://glugherg.net/4/6662145
Cookie: OAID=008056e6262d4b98e72d049861615987; oaidts=1715191544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 08 May 2024 18:05:44 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2
|
|
| glugherg.net/?z=6662145&syncedCookie=true&rhd=false | 139.45.197.237 | | 0 B |
URL User Request POST glugherg.net/?z=6662145&syncedCookie=true&rhd=false IP139.45.197.237:0
CertificateIssuerLet's Encrypt Subjectglugherg.net Fingerprint32:41:21:37:65:99:C2:A0:C3:78:74:04:E3:8D:18:A9:B6:60:97:57 ValiditySun, 14 Apr 2024 05:10:47 GMT - Sat, 13 Jul 2024 05:10:46 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /?z=6662145&syncedCookie=true&rhd=false HTTP/1.1
Host: glugherg.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 520
Origin: https://glugherg.net
DNT: 1
Connection: keep-alive
Referer: https://glugherg.net/afu.php?zoneid=6662145&var=6662145&rid=XXz4jyvWNyEJSqRKY8d18w%3D%3D&rhd=false&ab2r=0&sf=1
Cookie: OAID=008056e6262d4b98e72d049861615987; oaidts=1715191544
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Wed, 08 May 2024 18:05:45 GMT
content-length: 0
location: https://track-eu.trackingtraffo.com/pop/imp?auth=3z7uj5&c=C1-uvFwmzVoIuVPVguQStXKZ1vgg7VH1wZ-vk1hSpLDGGtHdkHlZDV5N2Svl8WIFeaa_K-eVqevJScl7OEpmLtId-Kife6Udyv4EZTas1sNTsoP41lqM1nj7VzVmCVkKUYptR0YzlUU98FLpueUnXoZCtzgC-zCUtrSUSRz5JGz4YhrA7b-NRsFBs8dJUnRGecA3CkoJm-VE7LhJYJsKOAomYTlmz3_O2TCUtLa329RWat-L385HVPO6YJa8kYjd01dDomY5Jks1o9sYJ9xHSgKyrunKvt_3OXk-l8gfiyG_l6BpztThYdUUo0DYoHyDlD-NvEWAa6Y3AsE7cX36rnfePpqrId3VIvwTh0cIAWo1H7ghnLU5ZD7HTz42ndFU83wSc4Dp43AS6D03im3svI7rScj3EK_utz0CPbaT7XuBpN6GoBKsTx7KQ4FtD36mn_gCfy64uoTlxK80NzMNWTomwTxO7uhohWPSLN2OEwMM9oaHD_sDFuty7YbvzCZU-4h4ezFhplLgE-O2Ke0of7xsGGrHhpJnkeUUM28FA_B_ODYwBHW8dvPn78kLy2DEC6v51cSPra91kGoty5EX5pbUoqw8LeBJBE0ojsagoN8kz6GRoEC7dlodl8Szy89JFLKpDnknBHLC5PIg8EFwgHOjLG8Fj-ZKpH8JJxlwRNKNsdCH
x-trace-id: 5e016e1e56fdb0f72974bc2eb9f2c3c3
link: <https://track-eu.trackingtraffo.com>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://glugherg.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008056e6262d4b98e72d049861615987; expires=Thu, 08 May 2025 18:05:45 GMT; path=/; secure; SameSite=None
oaidts=1715191544; expires=Thu, 08 May 2025 18:05:45 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 15 May 2024 18:05:45 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| cdnstatic.check-tl-ver-94-2.com/ps/tb?id=dR1J35fCDkibR45g1XXjgg&sm=allow-button&sub_id=23070551&click_id=29c30us7vgxa8hq802&nrid=0615313468ddc724bef6211122b26ae4&reason=tb_exit&attempt=2 | 172.67.189.129 | | 6.0 kB |
URL cdnstatic.check-tl-ver-94-2.com/ps/tb?id=dR1J35fCDkibR45g1XXjgg&sm=allow-button&sub_id=23070551&click_id=29c30us7vgxa8hq802&nrid=0615313468ddc724bef6211122b26ae4&reason=tb_exit&attempt=2 IP172.67.189.129:0
File typeHTML document, ASCII text, with CRLF line terminators Hashf6dcca680a4d5fe1e3c9a5e8035b5c90 9362a4e50a3aaa0115daae01b4d28778c9bca070 5dd762ac2af693c86641ae5dc26c78566329fc590b7ca72dc34ed53151feafe3
GET /ps/tb?id=dR1J35fCDkibR45g1XXjgg&sm=allow-button&sub_id=23070551&click_id=29c30us7vgxa8hq802&nrid=0615313468ddc724bef6211122b26ae4&reason=tb_exit&attempt=2 HTTP/1.1
Host: cdnstatic.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ta.check-tl-ver-94-2.com/
Cookie: __psu=a3a1ca24-6606-4148-b74c-b1ca566bd7dc
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:44 GMT
content-type: text/html
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bY%2BtilEQUWQWj6DHNUx7y7NRYWa%2BQ%2BVDwfZGZuhb4MSY6PytPANpg04TOTsZNLE9hIpaBUh3mvtoA5oG0mRpbTs98EYfvTwS1QmYMc7viml6VStMfYezfsknNHEMTUsFOuayh8xOgxVEYYZxEmnB39ZE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b612f59cb568e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| glugherg.net/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=2f1ab75a-8982-40e3-99e3-e3ef841903d3 | 0.0.0.0 | | 0 B |
URL POST glugherg.net/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=2f1ab75a-8982-40e3-99e3-e3ef841903d3 IP0.0.0.0:0
Requested byhttps://glugherg.net/4/6662145 CertificateIssuerLet's Encrypt Subjectglugherg.net Fingerprint32:41:21:37:65:99:C2:A0:C3:78:74:04:E3:8D:18:A9:B6:60:97:57 ValiditySun, 14 Apr 2024 05:10:47 GMT - Sat, 13 Jul 2024 05:10:46 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=2f1ab75a-8982-40e3-99e3-e3ef841903d3 HTTP/1.1
Host: glugherg.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1381
Origin: https://glugherg.net
DNT: 1
Connection: keep-alive
Referer: https://glugherg.net/4/6662145
Cookie: OAID=008056e6262d4b98e72d049861615987; oaidts=1715191544
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
|
|
| track-eu.trackingtraffo.com/pop/imp?auth=3z7uj5&c=C1-uvFwmzVoIuVPVguQStXKZ1vgg7VH1wZ-vk1hSpLDGGtHdkHlZDV5N2Svl8WIFeaa_K-eVqevJScl7OEpmLtId-Kife6Udyv4EZTas1sNTsoP41lqM1nj7VzVmCVkKUYptR0YzlUU98FLpueUnXoZCtzgC-zCUtrSUSRz5JGz4YhrA7b-NRsFBs8dJUnRGecA3CkoJm-VE7LhJYJsKOAomYTlmz3_O2TCUtLa329RWat-L385HVPO6YJa8kYjd01dDomY5Jks1o9sYJ9xHSgKyrunKvt_3OXk-l8gfiyG_l6BpztThYdUUo0DYoHyDlD-NvEWAa6Y3AsE7cX36rnfePpqrId3VIvwTh0cIAWo1H7ghnLU5ZD7HTz42ndFU83wSc4Dp43AS6D03im3svI7rScj3EK_utz0CPbaT7XuBpN6GoBKsTx7KQ4FtD36mn_gCfy64uoTlxK80NzMNWTomwTxO7uhohWPSLN2OEwMM9oaHD_sDFuty7YbvzCZU-4h4ezFhplLgE-O2Ke0of7xsGGrHhpJnkeUUM28FA_B_ODYwBHW8dvPn78kLy2DEC6v51cSPra91kGoty5EX5pbUoqw8LeBJBE0ojsagoN8kz6GRoEC7dlodl8Szy89JFLKpDnknBHLC5PIg8EFwgHOjLG8Fj-ZKpH8JJxlwRNKNsdCH | 0.0.0.0 | | 0 B |
URL User Request GET track-eu.trackingtraffo.com/pop/imp?auth=3z7uj5&c=C1-uvFwmzVoIuVPVguQStXKZ1vgg7VH1wZ-vk1hSpLDGGtHdkHlZDV5N2Svl8WIFeaa_K-eVqevJScl7OEpmLtId-Kife6Udyv4EZTas1sNTsoP41lqM1nj7VzVmCVkKUYptR0YzlUU98FLpueUnXoZCtzgC-zCUtrSUSRz5JGz4YhrA7b-NRsFBs8dJUnRGecA3CkoJm-VE7LhJYJsKOAomYTlmz3_O2TCUtLa329RWat-L385HVPO6YJa8kYjd01dDomY5Jks1o9sYJ9xHSgKyrunKvt_3OXk-l8gfiyG_l6BpztThYdUUo0DYoHyDlD-NvEWAa6Y3AsE7cX36rnfePpqrId3VIvwTh0cIAWo1H7ghnLU5ZD7HTz42ndFU83wSc4Dp43AS6D03im3svI7rScj3EK_utz0CPbaT7XuBpN6GoBKsTx7KQ4FtD36mn_gCfy64uoTlxK80NzMNWTomwTxO7uhohWPSLN2OEwMM9oaHD_sDFuty7YbvzCZU-4h4ezFhplLgE-O2Ke0of7xsGGrHhpJnkeUUM28FA_B_ODYwBHW8dvPn78kLy2DEC6v51cSPra91kGoty5EX5pbUoqw8LeBJBE0ojsagoN8kz6GRoEC7dlodl8Szy89JFLKpDnknBHLC5PIg8EFwgHOjLG8Fj-ZKpH8JJxlwRNKNsdCH IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pop/imp?auth=3z7uj5&c=C1-uvFwmzVoIuVPVguQStXKZ1vgg7VH1wZ-vk1hSpLDGGtHdkHlZDV5N2Svl8WIFeaa_K-eVqevJScl7OEpmLtId-Kife6Udyv4EZTas1sNTsoP41lqM1nj7VzVmCVkKUYptR0YzlUU98FLpueUnXoZCtzgC-zCUtrSUSRz5JGz4YhrA7b-NRsFBs8dJUnRGecA3CkoJm-VE7LhJYJsKOAomYTlmz3_O2TCUtLa329RWat-L385HVPO6YJa8kYjd01dDomY5Jks1o9sYJ9xHSgKyrunKvt_3OXk-l8gfiyG_l6BpztThYdUUo0DYoHyDlD-NvEWAa6Y3AsE7cX36rnfePpqrId3VIvwTh0cIAWo1H7ghnLU5ZD7HTz42ndFU83wSc4Dp43AS6D03im3svI7rScj3EK_utz0CPbaT7XuBpN6GoBKsTx7KQ4FtD36mn_gCfy64uoTlxK80NzMNWTomwTxO7uhohWPSLN2OEwMM9oaHD_sDFuty7YbvzCZU-4h4ezFhplLgE-O2Ke0of7xsGGrHhpJnkeUUM28FA_B_ODYwBHW8dvPn78kLy2DEC6v51cSPra91kGoty5EX5pbUoqw8LeBJBE0ojsagoN8kz6GRoEC7dlodl8Szy89JFLKpDnknBHLC5PIg8EFwgHOjLG8Fj-ZKpH8JJxlwRNKNsdCH HTTP/1.1
Host: track-eu.trackingtraffo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| | 139.45.197.237 | 200 OK | 34 kB |
URL User Request GET HTTP/2IP139.45.197.237:443
CertificateIssuerLet's Encrypt Subjectglugherg.net Fingerprint32:41:21:37:65:99:C2:A0:C3:78:74:04:E3:8D:18:A9:B6:60:97:57 ValiditySun, 14 Apr 2024 05:10:47 GMT - Sat, 13 Jul 2024 05:10:46 GMT
File typeHTML document, ASCII text, with very long lines (18247) Hasha00ffe0b0d72818f347f7fe3ff5e2b2d a6611d073e72d6b5a66778afec3b5f9565badecf 4f7c44bd7d13b78c397d3e8d8c12627c138d2f43b88cc08cb4e10252812674db
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /4/6662145 HTTP/1.1
Host: glugherg.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:05:44 GMT
content-type: text/html; charset=utf8
x-trace-id: 7c31316891e9d4385a533079c3b9ed3d
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008056e6262d4b98e72d049861615987; expires=Thu, 08 May 2025 18:05:44 GMT; path=/; secure; SameSite=None
oaidts=1715191544; expires=Thu, 08 May 2025 18:05:44 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|