Report - uploadev.org/Download.html

Report Overview

Submitted URL
uploadev.org/Download.html
IP
104.21.58.16
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 07:52:22
Access
public
Website Title
Bit GPT App Ai
Final URL
prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
uploadev.org	216469	2018-10-12	2019-02-07	2023-11-24	480 B	913 B	104.21.58.16
slushhelmetmirth.com	unknown	2022-04-30	2022-06-03	2024-01-31	2.4 kB	4.2 kB	192.243.59.20
www.highcpmgate.com	unknown	2024-04-19	2024-04-23	2024-04-28	1.9 kB	1.4 kB	192.243.59.12
gzeao.canopusacrux.com	unknown	2024-03-26	2024-04-14	2024-04-14	586 B	1.1 kB	172.67.131.194
mgkstatic33.b-cdn.net	unknown	2016-04-25	2023-05-23	2024-04-17	5.1 kB	1.3 MB	194.242.11.186
nylonnickel.xyz	unknown	2024-01-02	2024-01-02	2024-04-09	874 B	597 B	192.64.81.118
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-09	523 B	678 B	139.45.195.8
cdnstatic.check-tl-ver-94-1.com	unknown	2024-04-09	2024-04-19	2024-05-07	749 B	5.2 kB	188.114.96.1
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-10	2.2 kB	196 kB	216.58.207.227
g.mtrck.org	unknown	2023-02-27	2024-03-14	2024-04-18	523 B	32 kB	76.223.57.231
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-05-10	4.1 kB	94 kB	142.250.74.35
cdnstatic.check-tl-ver-154-1.com	unknown	2024-04-15	2024-04-17	2024-04-26	1.0 kB	14 kB	172.67.139.242
nb.check-tl-ver-154-1.com	unknown	unknown	No data	No data	2.6 kB	43 kB	188.114.97.1
gzeao.check-tl-ver-94-1.com	unknown	unknown	No data	No data	636 B	16 kB	188.114.96.1
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-10	756 B	89 kB	142.250.74.106
secureltrk.com	unknown	2023-10-10	2024-01-09	2024-05-09	647 B	501 B	176.97.112.149
prfectnewoffers.net	unknown	unknown	No data	No data	13 kB	605 kB	188.114.96.1
rqqlj.canopusacrux.com	unknown	unknown	No data	No data	587 B	1.1 kB	188.114.96.1
rqqlj.check-tl-ver-154-1.com	unknown	unknown	No data	No data	3.3 kB	56 kB	188.114.97.1
na.check-tl-ver-154-1.com	unknown	unknown	No data	No data	2.6 kB	26 kB	188.114.97.1
wifescamara.click	unknown	2023-07-05	2023-07-06	2024-04-29	875 B	597 B	192.64.81.118
ba.check-tl-ver-94-1.com	unknown	unknown	No data	No data	719 B	24 kB	188.114.96.1
glugherg.net	unknown	2022-07-14	2022-07-14	2024-03-02	2.2 kB	2.6 kB	139.45.197.237
static-133.b-cdn.net	unknown	2016-04-25	2021-10-05	2024-04-17	2.8 kB	2.6 MB	194.242.11.186

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 07:51:56	medium	192.64.81.118	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)
2024-05-10 07:51:56	medium	192.64.81.118	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	highcpmgate.com	Sinkholed
2024-05-10	medium	glugherg.net	Sinkholed
2024-05-10	medium	glugherg.net	Sinkholed
2024-05-10	medium	glugherg.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	prfectnewoffers.net/js/l.js?id=f699e0c1aa11fe1bdd00	422 kB	2024-03-26	2024-05-17
Pretty URL prfectnewoffers.net/js/l.js?id=f699e0c1aa11fe1bdd00 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 16:50:07 Last Seen2024-05-17 17:54:38 Times Seen284 Hash f699e0c1aa11fe1bdd00a7400b51ac84 4193182e4873223501193aa85eedade88d531ce5 392c15facf9c22c83c1e8c4e47d73ea5875e4b7aaccd0b828874e56975081017 Loading...

	prfectnewoffers.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-05-20
Pretty URL prfectnewoffers.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-20 19:52:07 Times Seen57835 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	mgkstatic33.b-cdn.net/43461/build/funnel.js	735 kB	2024-03-14	2024-05-17
Pretty URL mgkstatic33.b-cdn.net/43461/build/funnel.js IP 194.242.11.186 ASN #34989 ServeTheWorld AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-14 16:59:11 Last Seen2024-05-17 17:54:38 Times Seen313 Hash 154334f976eb4c2bbea602efb4ad82ce 419f09216939d9817c52e4f8f928e4e40c7e0cb4 c0bc7d84863d6352319f4638e7f027022d4e008ce7d0680148b6a884fcbdb8ca Loading...

	prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=	397 B	2024-03-14	2024-05-17
Pretty URL prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language= IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-14 16:59:11 Last Seen2024-05-17 17:54:38 Times Seen249 Hash a497a0afc16d3a49105f9199bffe7e9d f23d60f9f223603e9854a743f67e30a5d957124d c3e9748d0a3225d2b4471fd0721919c6b783eca4e9d21b0d51581b50e425d184 Loading...

	prfectnewoffers.net/js/redirect.js?id=7205070985cfaaa84a2b	2.7 kB	2023-03-11	2024-05-17
Pretty URL prfectnewoffers.net/js/redirect.js?id=7205070985cfaaa84a2b IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:40:28 Last Seen2024-05-17 17:54:38 Times Seen326 Hash 7205070985cfaaa84a2b7e4b4312342a 9142390fc87574c77705c78b2b869ab9644756c4 5fd8e205f7ba2def2d0a5b7212189d9b8766ca0c515b09c39412531d49fcc655 Loading...

HTTP Transactions (74)

URL IP Response Size

uploadev.org/Download.html

104.21.58.16

143 B

URL
uploadev.org/Download.html
IP
104.21.58.16:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with CRLF line terminators
Size
143 B (143 bytes)
Hash
cb7b8f439b04c00f4a2d78160ddfee8d
9aa44b5d68f6359f10de0dcd24ea3e12548d9bd4
12755429beb15d5eb57eafa45b8dba326343dd099bf0552038694c3856e8860e

HTTP Headers

GET /Download.html HTTP/1.1
Host: uploadev.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 10 May 2024 07:51:55 GMT
content-type: text/html
content-length: 143
location: https://slushhelmetmirth.com/fngewghh?key=ccf2058f1f665acab28229d3a3b26045
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jia4QrMaX2aYAGBaa27OH2EdWPF2Sb68FhYLrPNwRUxHLzbh3FbKSKVB92%2BXir0ep1eiquOhZ71r5UTgVKa%2B04QPbnntBEZMwZvyhFe464YS%2FkpSjjK6YWl1MGtMmqo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881858c9dc4d1c02-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

slushhelmetmirth.com/fngewghh?key=ccf2058f1f665acab28229d3a3b26045

192.243.59.20

1.3 kB

URL
slushhelmetmirth.com/fngewghh?key=ccf2058f1f665acab28229d3a3b26045
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document, ASCII text, with very long lines (418)
Size
1.3 kB (1348 bytes)
Hash
843198cfc0d8a71bc7f665b2e792d6cf
0e2945b70c8edf93e858498dfe9ad12a6a8d2529
ff8bf4b8bd159567c803e838e7a604a6ea062dc4dfd68826b91e20236e11ce66

HTTP Headers

GET /fngewghh?key=ccf2058f1f665acab28229d3a3b26045 HTTP/1.1
Host: slushhelmetmirth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 07:51:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17537640; expires=Sat, 11 May 2024 07:51:55 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzUzNzY0MCwiayI6ImNjZjIwNThmMWY2NjVhY2FiMjgyMjlkM2EzYjI2MDQ1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjk0OTUxLCJwaWQiOjg2NjQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MSwiYWlkIjoyOCwicHQiOjQsInBrIjoiZm5nZXdnaGgiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6IiIsImFyIjpbXX19.5y3GoaLgvCPOzT7xW0VZr_behsTd_W5_T0FBMSTOwXM; expires=Fri, 10 May 2024 07:52:55 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a0b68a5030342e5545f152f432b0a875
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

slushhelmetmirth.com/api/users?token=L2ZuZ2V3Z2hoP2tleT1jY2YyMDU4ZjFmNjY1YWNhYjI4MjI5ZDNhM2IyNjA0NSZwc3Q9MTcxNTMyNzU3NSZybXRjPXQmc2h1PWI4YjA0YmNlZTViNWE0ZGI2OWExNTIzNmIwYTE1MDBmOTI0YzZiNzMxMTdiODQ2YTViYTdmODhhZjdkZTZiMDE0YzUzZDJhM2I1Y2UyNmQzMTJlOWZhMDNkY2I2NTg1MTU3ZGIwODc5NjBhODhmOGMwMTAxYzYyMjVjYjkzNWI2ZTRlMjZkYmVmN2VkODQ2Y2I3ZmM5M2NkNTE5YTUyNzIyNzlmMzhiNGRjY2JlYmI5NzM5NTIwMDIxZmI4YWY2Y2Q4ZDYzMw&uuid=&pii=&in=false

172.240.108.68

0 B

URL
slushhelmetmirth.com/api/users?token=L2ZuZ2V3Z2hoP2tleT1jY2YyMDU4ZjFmNjY1YWNhYjI4MjI5ZDNhM2IyNjA0NSZwc3Q9MTcxNTMyNzU3NSZybXRjPXQmc2h1PWI4YjA0YmNlZTViNWE0ZGI2OWExNTIzNmIwYTE1MDBmOTI0YzZiNzMxMTdiODQ2YTViYTdmODhhZjdkZTZiMDE0YzUzZDJhM2I1Y2UyNmQzMTJlOWZhMDNkY2I2NTg1MTU3ZGIwODc5NjBhODhmOGMwMTAxYzYyMjVjYjkzNWI2ZTRlMjZkYmVmN2VkODQ2Y2I3ZmM5M2NkNTE5YTUyNzIyNzlmMzhiNGRjY2JlYmI5NzM5NTIwMDIxZmI4YWY2Y2Q4ZDYzMw&uuid=&pii=&in=false
IP
172.240.108.68:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/users?token=L2ZuZ2V3Z2hoP2tleT1jY2YyMDU4ZjFmNjY1YWNhYjI4MjI5ZDNhM2IyNjA0NSZwc3Q9MTcxNTMyNzU3NSZybXRjPXQmc2h1PWI4YjA0YmNlZTViNWE0ZGI2OWExNTIzNmIwYTE1MDBmOTI0YzZiNzMxMTdiODQ2YTViYTdmODhhZjdkZTZiMDE0YzUzZDJhM2I1Y2UyNmQzMTJlOWZhMDNkY2I2NTg1MTU3ZGIwODc5NjBhODhmOGMwMTAxYzYyMjVjYjkzNWI2ZTRlMjZkYmVmN2VkODQ2Y2I3ZmM5M2NkNTE5YTUyNzIyNzlmMzhiNGRjY2JlYmI5NzM5NTIwMDIxZmI4YWY2Y2Q4ZDYzMw&uuid=&pii=&in=false HTTP/1.1
Host: slushhelmetmirth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://slushhelmetmirth.com/api/users?token=L2ZuZ2V3Z2hoP2tleT0wZjIyYzFmZDYwOWYxM2NiNzk0N2M4Y2FiZmUxYTkwZCZzdWJtZXRyaWM9MTc1Mzc2NDA
Cookie: u_pl=17537640; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzUzNzY0MCwiayI6ImNjZjIwNThmMWY2NjVhY2FiMjgyMjlkM2EzYjI2MDQ1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjk0OTUxLCJwaWQiOjg2NjQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MSwiYWlkIjoyOCwicHQiOjQsInBrIjoiZm5nZXdnaGgiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6IiIsImFyIjpbXX19.5y3GoaLgvCPOzT7xW0VZr_behsTd_W5_T0FBMSTOwXM; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Fri, 10 May 2024 07:51:56 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://nylonnickel.xyz/c9b2l0k.php?key=725l9nmctij07aovqopa&SUB_ID_SHORT=39fcaa7a89460fecadad9cb15026b68a&COST_CPC=&PLACEMENT_ID=17537640&CAMPAIGN_ID=1036794&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2918465
Set-Cookie: pdhtkv=true; expires=Sat, 11 May 2024 07:51:56 GMT
uncs=1; expires=Sat, 11 May 2024 07:51:56 GMT
pdhtkv28=true; expires=Sat, 11 May 2024 07:51:56 GMT
uncs28=1; expires=Sat, 11 May 2024 07:51:56 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ec5237b384cc79dd3b87b7b6218c1d61
Strict-Transport-Security: max-age=0; includeSubdomains

nylonnickel.xyz/c9b2l0k.php?key=725l9nmctij07aovqopa&SUB_ID_SHORT=39fcaa7a89460fecadad9cb15026b68a&COST_CPC=&PLACEMENT_ID=17537640&CAMPAIGN_ID=1036794&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2918465

192.64.81.118

0 B

URL
nylonnickel.xyz/c9b2l0k.php?key=725l9nmctij07aovqopa&SUB_ID_SHORT=39fcaa7a89460fecadad9cb15026b68a&COST_CPC=&PLACEMENT_ID=17537640&CAMPAIGN_ID=1036794&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2918465
IP
192.64.81.118:0
ASN
#19318 IS-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c9b2l0k.php?key=725l9nmctij07aovqopa&SUB_ID_SHORT=39fcaa7a89460fecadad9cb15026b68a&COST_CPC=&PLACEMENT_ID=17537640&CAMPAIGN_ID=1036794&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2918465 HTTP/1.1
Host: nylonnickel.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://slushhelmetmirth.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Fri, 10 May 2024 07:51:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=usojsca0us; expires=Sat, 11-May-2024 07:51:56 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=usojsca0us-usojsca0us-fyyd-0-us8pwj-g5us0-g5pm3y-079bf9; expires=Sat, 11-May-2024 07:51:56 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://rqqlj.canopusacrux.com/?pl=4l9EZwXc2kSH_LKKjogwWA&click_id=a9f24usojsca0usf40&sub_id=17537640
Strict-Transport-Security: max-age=31536000

rqqlj.canopusacrux.com/?pl=4l9EZwXc2kSH_LKKjogwWA&click_id=a9f24usojsca0usf40&sub_id=17537640

188.114.96.1

0 B

URL
rqqlj.canopusacrux.com/?pl=4l9EZwXc2kSH_LKKjogwWA&click_id=a9f24usojsca0usf40&sub_id=17537640
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=4l9EZwXc2kSH_LKKjogwWA&click_id=a9f24usojsca0usf40&sub_id=17537640 HTTP/1.1
Host: rqqlj.canopusacrux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://slushhelmetmirth.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 10 May 2024 07:51:56 GMT
content-length: 0
location: https://rqqlj.check-tl-ver-154-1.com/eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816
set-cookie: 4l9EZwXc2kSH_LKKjogwWA=5; max-age=345600; path=/; samesite=lax
__pl=29947476-8b94-4489-a243-320ac166d49e; expires=Sun, 10 May 2026 07:51:56 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FL%2BCrUfNOCmQocDW5fqAHykIKOnjffcOwEiAoQZmwaOabNCW0NzZuSq6B0RFp8dyHC6BAQS2JompVbjbd%2Bu7FcPhoMMdjCIwHgvsmvWRoS2NAT0m%2Bj4muvoEfcYeOKO6szArteQa216l"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881858d4fbfa712f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

rqqlj.check-tl-ver-154-1.com/eyes-robot/assets/1.png

188.114.97.1

11 kB

URL
rqqlj.check-tl-ver-154-1.com/eyes-robot/assets/1.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 179 x 278, 8-bit colormap, non-interlaced
Size
11 kB (10591 bytes)
Hash
a6fa8154cc36da494df7b5103329c15a
3a2310088bcec14f7c0187f8409a5af5395665e8
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837

HTTP Headers

GET /eyes-robot/assets/1.png HTTP/1.1
Host: rqqlj.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:51:57 GMT
content-type: image/png
content-length: 10591
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-295f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2351
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pGVHgAx8rluRnryd060I0Sw2oW8fcxxOoOpdfFyjBjVjSivCDB6oOiyimNSQmukAA8YKU8WpM%2Fc5gl8F5Sl7PZl47iOhl%2F1V5RsPbXfeL2JUX5lr%2Fhq5cWGdTwkgTyqeZikr0z2fga4FZXuAyGvp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881858d74f57b524-OSL
alt-svc: h3=":443"; ma=86400

rqqlj.check-tl-ver-154-1.com/eyes-robot/assets/2.png

188.114.97.1

1.1 kB

URL
rqqlj.check-tl-ver-154-1.com/eyes-robot/assets/2.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 19, 8-bit colormap, non-interlaced
Size
1.1 kB (1061 bytes)
Hash
d708fbf0358752a082f5a394b74adda8
231c1527b4b039eb3af7d7e9eb5587ed87f6ea81
09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5

HTTP Headers

GET /eyes-robot/assets/2.png HTTP/1.1
Host: rqqlj.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:51:57 GMT
content-type: image/png
content-length: 1061
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-425"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2351
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qSsZEoYRCs5bJ1BiK%2BCY9i%2BOOx2U%2BudB8xnm6UEsyf6AAYU7bjjoOjiB%2BmccMQHglctAL7YqBPtFDRxSGvhd2OWAGImsI4NnhWGhCqQi5ItVbBnAk3gM8%2BsOCAh2uKuMy%2BTM3m%2BpyuEgpeJANkf3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881858d74f61b524-OSL
alt-svc: h3=":443"; ma=86400

rqqlj.check-tl-ver-154-1.com/eyes-robot/assets/style.css

188.114.97.1

12 kB

URL
rqqlj.check-tl-ver-154-1.com/eyes-robot/assets/style.css
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
12 kB (11976 bytes)
Hash
39ce920a79d229d0ff2ed73be3afec1c
ee9472f19debc0be3b07c94458f0d36bd7d828ed
179ed7f3d7e5c406a8ac89d8b70ea4fa5d47ab23fe622a1fd9096316b063081c

HTTP Headers

GET /eyes-robot/assets/style.css HTTP/1.1
Host: rqqlj.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:51:57 GMT
content-type: text/css
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: W/"6627c958-cf6"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 2351
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zZeLPUHpPz90%2BjMt%2B6tDhTva5lqrfDwzCX3Xo6IrxqMwzep3PPF%2Fow6JprVSnojjh0WX8hIC%2FYVNQr6XEL2YoWxVefawQ%2B9mcuEjsx6t3PWf4GKkd25zx98Gb1m75zn%2BZH7%2BwEpMAuykeNTdaEJ4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881858d73f53b524-OSL
alt-svc: h3=":443"; ma=86400

rqqlj.check-tl-ver-154-1.com/favicon.ico

188.114.97.1

0 B

URL
rqqlj.check-tl-ver-154-1.com/favicon.ico
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: rqqlj.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Fri, 10 May 2024 07:51:57 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5971
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lpjRipeAnlXKqlCfrrbtkDXurdZuIW4ZvwfBczXBwiqAPN7xORONOebY8tcvWJqXOhIH98G7zebnTbgqVYT6xWudpqbVvR%2B%2FcQpeLTFYJFAT98%2BOwAcrUjEt9dJhvMmo%2FaNCLy6s9ru774s925sE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881858d818eeb524-OSL
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.35

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 06:28:12 GMT
expires: Sat, 10 May 2025 06:28:12 GMT
cache-control: public, max-age=31536000
age: 5025
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnstatic.check-tl-ver-154-1.com/ps/config.js?id=4l9EZwXc2kSH_LKKjogwWA

172.67.139.242

10 kB

URL
cdnstatic.check-tl-ver-154-1.com/ps/config.js?id=4l9EZwXc2kSH_LKKjogwWA
IP
172.67.139.242:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (38233), with CRLF, LF line terminators
Size
10 kB (10186 bytes)
Hash
f5a2c251cc0ab9c8dbff856a86737c60
e07dfcac034aa2cb79e7fbe0bf82d8f6259f9bc7
f4aa040b1647114218966b416b6a235c1c040fba6471bc6fed915e614ef0c1fc

HTTP Headers

GET /ps/config.js?id=4l9EZwXc2kSH_LKKjogwWA HTTP/1.1
Host: cdnstatic.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/
Cookie: __psu=7a7b963e-da94-4f5b-8c6b-55797e515751
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 07:51:57 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-encoding: gzip
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ueso0LYq2gfRaXRFYNY6xUqHrYaJ7XbnVUt0e%2Fp4L4%2FFJ%2BcE5KSACgXJW9J9hxS%2BkBVQTil9Tb6FREyNv%2FzVODN%2Fo5UzgkidfRRsnP8ms6hT3qPBsN%2BLXJ7SD8FASY8UK59mfbw7AolKwkaCl%2BeJEWPT1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881858d82a3e56a5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

na.check-tl-ver-154-1.com/eyes-robot/assets/1.png

188.114.97.1

11 kB

URL
na.check-tl-ver-154-1.com/eyes-robot/assets/1.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 179 x 278, 8-bit colormap, non-interlaced
Size
11 kB (10591 bytes)
Hash
a6fa8154cc36da494df7b5103329c15a
3a2310088bcec14f7c0187f8409a5af5395665e8
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837

HTTP Headers

GET /eyes-robot/assets/1.png HTTP/1.1
Host: na.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://na.check-tl-ver-154-1.com/eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:51:57 GMT
content-type: image/png
content-length: 10591
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-295f"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H%2BjOHJev67ISNOlb5Wzaik3gt%2FgCuc29p8HmIkcYoNhJFdXOuIZRlVoo0OUMOm1q4DMWSVc5fxf%2FAuCETo2w%2B5ArfjeLYcLvptuREtvwQZPSKXa8wEubxB6JrVfOs5reMcHEXZvMIr297haO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881858da1c43b524-OSL
alt-svc: h3=":443"; ma=86400

na.check-tl-ver-154-1.com/eyes-robot/assets/2.png

188.114.97.1

1.1 kB

URL
na.check-tl-ver-154-1.com/eyes-robot/assets/2.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 19, 8-bit colormap, non-interlaced
Size
1.1 kB (1061 bytes)
Hash
d708fbf0358752a082f5a394b74adda8
231c1527b4b039eb3af7d7e9eb5587ed87f6ea81
09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5

HTTP Headers

GET /eyes-robot/assets/2.png HTTP/1.1
Host: na.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://na.check-tl-ver-154-1.com/eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:51:57 GMT
content-type: image/png
content-length: 1061
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-425"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hAP2SedDnK8ysliI7benGieFO%2Bqii%2BVCm1UPD16yP%2F%2Fl03g1lCMG0khNBHr02X7c4fIKIASzM5Zh%2BeoPPOuH9R7kEiA4zKm%2FuH0DJSWNujhQzy%2BlL38yhVlBXma7kb3uHKMXKSQNENY1Hrg%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881858da1c45b524-OSL
alt-svc: h3=":443"; ma=86400

na.check-tl-ver-154-1.com/eyes-robot/assets/style.css

188.114.97.1

12 kB

URL
na.check-tl-ver-154-1.com/eyes-robot/assets/style.css
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
12 kB (11976 bytes)
Hash
39ce920a79d229d0ff2ed73be3afec1c
ee9472f19debc0be3b07c94458f0d36bd7d828ed
179ed7f3d7e5c406a8ac89d8b70ea4fa5d47ab23fe622a1fd9096316b063081c

HTTP Headers

GET /eyes-robot/assets/style.css HTTP/1.1
Host: na.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://na.check-tl-ver-154-1.com/eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:51:57 GMT
content-type: text/css
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: W/"6627c958-cf6"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fNYyPKpQF657b8eXI2FnYE%2FaphCqVLaP2MshVtytcqtsidu3IGrDMGkLsdaSC92fR%2BeUwjoT1KZ8LO7HYi5oD2uPiMSn3E1TnlvfkLzaTYVxMDVzXUCzN4jgX4xXFGI1xFvuQgJfGQjkGJgi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881858da1c40b524-OSL
alt-svc: h3=":443"; ma=86400

na.check-tl-ver-154-1.com/favicon.ico

188.114.97.1

0 B

URL
na.check-tl-ver-154-1.com/favicon.ico
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: na.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://na.check-tl-ver-154-1.com/eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Fri, 10 May 2024 07:51:57 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6909
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HvaWOtFVNNxADrPtHCwUSXSLdAYMM7KdbJqAip12BThozWeEIkV0XzHgjKT%2BTe93xdclvxNnCwis1jA7hxEYAplmHwisinz1V4Hi7bRjlGLgSrR8sQXFA207SXZYbcssUiP4niHzcQmZ9Swy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881858db1e03b524-OSL
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.35

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://na.check-tl-ver-154-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 06:28:12 GMT
expires: Sat, 10 May 2025 06:28:12 GMT
cache-control: public, max-age=31536000
age: 5025
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.35

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://na.check-tl-ver-154-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:47:38 GMT
expires: Fri, 09 May 2025 02:47:38 GMT
cache-control: public, max-age=31536000
age: 104660
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

nb.check-tl-ver-154-1.com/eyes-robot/assets/2.png

188.114.97.1

1.1 kB

URL
nb.check-tl-ver-154-1.com/eyes-robot/assets/2.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 19, 8-bit colormap, non-interlaced
Size
1.1 kB (1061 bytes)
Hash
d708fbf0358752a082f5a394b74adda8
231c1527b4b039eb3af7d7e9eb5587ed87f6ea81
09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5

HTTP Headers

GET /eyes-robot/assets/2.png HTTP/1.1
Host: nb.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nb.check-tl-ver-154-1.com/eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:51:58 GMT
content-type: image/png
content-length: 1061
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-425"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v9WzuuZlYzyhcJ0LeOaxTVEe0vFggZByj2mhJPbqAyCAdJz6lD5695aUZ8RQnDO9ZoldYXGZ7uovym5DyBeTdXCUh6%2FROI2ote%2B7vzwmUbqp0bdbZeRy7HC7bFgi%2BIaA1TGyeEY72Kj92ppr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881858dca89db524-OSL
alt-svc: h3=":443"; ma=86400

nb.check-tl-ver-154-1.com/eyes-robot/assets/1.png

188.114.97.1

11 kB

URL
nb.check-tl-ver-154-1.com/eyes-robot/assets/1.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 179 x 278, 8-bit colormap, non-interlaced
Size
11 kB (10591 bytes)
Hash
a6fa8154cc36da494df7b5103329c15a
3a2310088bcec14f7c0187f8409a5af5395665e8
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837

HTTP Headers

GET /eyes-robot/assets/1.png HTTP/1.1
Host: nb.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nb.check-tl-ver-154-1.com/eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:51:58 GMT
content-type: image/png
content-length: 10591
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-295f"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CoSLaOTnE4Ht5zj%2F9vakDn2zlwbpKD83krCaqu1%2FRIVm%2FTVjBDzh%2B3h9KvoZRT71YzLZP7R9I52zZdMYdSdM4ydp8igQxsVNTV88XFUxjPTCpDkJZteGb3GYHCPUnlgrCq%2F8Zmpk4LanAB%2FI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881858dca898b524-OSL
alt-svc: h3=":443"; ma=86400

nb.check-tl-ver-154-1.com/eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816

188.114.97.1

13 kB

URL
nb.check-tl-ver-154-1.com/eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
13 kB (13220 bytes)
Hash
666203c2cfc7ee8aafbd1cbf9ec04c69
7d74e745174fe6140ee2fbe1fe8b8c2ae33ade9a
57027a083c9c7eaf8a078a7090c454b254216a4a94782e2445fb71629725531b

HTTP Headers

GET /eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816 HTTP/1.1
Host: nb.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://na.check-tl-ver-154-1.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:51:58 GMT
content-type: text/html
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BfH9haRbhlbO6CWcpOf01maibyBHyylUd5ZxzTbzRGnVnKlqSHNFRW9jSFyKB9Za75H7Kjq%2FeltIExncJ9FaqgjIy3TWWBQfb64mkTla4mlF53RoRajACFPN7EiVJU1IKMkCSPU%2FTgrk8Jzw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881858dc0f81b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.35

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nb.check-tl-ver-154-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 06:28:12 GMT
expires: Sat, 10 May 2025 06:28:12 GMT
cache-control: public, max-age=31536000
age: 5026
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.35

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nb.check-tl-ver-154-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:47:38 GMT
expires: Fri, 09 May 2025 02:47:38 GMT
cache-control: public, max-age=31536000
age: 104660
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdnstatic.check-tl-ver-154-1.com/ps/config.js?id=4l9EZwXc2kSH_LKKjogwWA

172.67.139.242

1.8 kB

URL
cdnstatic.check-tl-ver-154-1.com/ps/config.js?id=4l9EZwXc2kSH_LKKjogwWA
IP
172.67.139.242:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
1.8 kB (1771 bytes)
Hash
1bf3b095e5a9946352da4c5e157c470d
c09878d5000c3614a7ffcec050e4aab4544ca50b
985bf24568f6470d2d746ad4cd90baf733c23f2a22c26b0e8ffb1784094d982b

HTTP Headers

GET /ps/config.js?id=4l9EZwXc2kSH_LKKjogwWA HTTP/1.1
Host: cdnstatic.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nb.check-tl-ver-154-1.com/
Cookie: __psu=7a7b963e-da94-4f5b-8c6b-55797e515751
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:51:58 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-encoding: gzip
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3EhmBxoVABFdopciI1DpnzZqj7RyQzU%2FysDjwm6XYsbCmDlXGEy28F8bz96EECMzk2mZ4AXjH09ALano3s%2FbzX4oT%2BHYZrfefc9wdMYBe2HjBA4y%2Fu%2F9WyFY%2FFG7Mv2%2FG9OVPTS5aWiay%2ByYiVWU6JBrDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881858ddaa221c02-OSL
alt-svc: h3=":443"; ma=86400

www.highcpmgate.com/api/users?token=L2cwcmN5YWFhYjc_a2V5PTk1ZTZmMjFjZDM5M2Y1OWExODMzYjEwMzRkODk1MWVjJnBzdD0xNzE1MzI3NTc4JnJtdGM9dCZzaHU9ZjM1YzZiOThmODhlMWEwYmE2NWJhNGJhYzk5ZjBlNDEwNTgzYWNiY2QyODU5MDA5NDcyYjM5M2U4MGE2OTgxNTk2YTgzZWQxYWZmZGIzZGFiNWZjZTA4MDg4ZjUyOWRkYjM1ZjFiNzQ3M2I5ZDJiNDE0MTliYmFmNzhlYzhlZGE1NzY3Y2JkOTE1YmRkZTg0OTQxMWQwMmY2NmNiOTE2MDc2MTAzYmU1NTRjNjI0MDYzZGMyNjMwZDI0YmU4MmQ1&uuid=&pii=&in=false

192.243.59.12

0 B

URL
www.highcpmgate.com/api/users?token=L2cwcmN5YWFhYjc_a2V5PTk1ZTZmMjFjZDM5M2Y1OWExODMzYjEwMzRkODk1MWVjJnBzdD0xNzE1MzI3NTc4JnJtdGM9dCZzaHU9ZjM1YzZiOThmODhlMWEwYmE2NWJhNGJhYzk5ZjBlNDEwNTgzYWNiY2QyODU5MDA5NDcyYjM5M2U4MGE2OTgxNTk2YTgzZWQxYWZmZGIzZGFiNWZjZTA4MDg4ZjUyOWRkYjM1ZjFiNzQ3M2I5ZDJiNDE0MTliYmFmNzhlYzhlZGE1NzY3Y2JkOTE1YmRkZTg0OTQxMWQwMmY2NmNiOTE2MDc2MTAzYmU1NTRjNjI0MDYzZGMyNjMwZDI0YmU4MmQ1&uuid=&pii=&in=false
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2cwcmN5YWFhYjc_a2V5PTk1ZTZmMjFjZDM5M2Y1OWExODMzYjEwMzRkODk1MWVjJnBzdD0xNzE1MzI3NTc4JnJtdGM9dCZzaHU9ZjM1YzZiOThmODhlMWEwYmE2NWJhNGJhYzk5ZjBlNDEwNTgzYWNiY2QyODU5MDA5NDcyYjM5M2U4MGE2OTgxNTk2YTgzZWQxYWZmZGIzZGFiNWZjZTA4MDg4ZjUyOWRkYjM1ZjFiNzQ3M2I5ZDJiNDE0MTliYmFmNzhlYzhlZGE1NzY3Y2JkOTE1YmRkZTg0OTQxMWQwMmY2NmNiOTE2MDc2MTAzYmU1NTRjNjI0MDYzZGMyNjMwZDI0YmU4MmQ1&uuid=&pii=&in=false HTTP/1.1
Host: www.highcpmgate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.highcpmgate.com/api/users?token=L2cwcmN5YWFhYjc_a2V5PWE5NjljYTVjOWFkMjYxMTc2MmYxMWI3OWE1MjZlMmQyJnN1Ym1ldHJpYz0yMzA3MDU1MQ
Cookie: u_pl=23070551; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzA3MDU1MSwiayI6Ijk1ZTZmMjFjZDM5M2Y1OWExODMzYjEwMzRkODk1MWVjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNzk1OTI5LCJwaWQiOjE4MjM3NzAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MzEsImFpZCI6MjgsInB0Ijo0LCJwayI6ImcwcmN5YWFhYjciLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6IiIsImFyIjpbXX19.U2ebwFjEv1emnUSOTmNQTe-4rPP39OWIepgfVbZEwNQ; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Fri, 10 May 2024 07:51:59 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://wifescamara.click/c9b2l0k.php?key=j9bvotykda242i8ilk8f&SUB_ID_SHORT=39f0f7a2cd18535bda7675bf0065335a&COST_CPC=&PLACEMENT_ID=23070551&CAMPAIGN_ID=1030445&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2904296
Set-Cookie: iprc2460fccdcf7c0b576f718a64e17aeef6=5206192; expires=Sat, 11 May 2024 07:51:59 GMT
pdhtkv=true; expires=Sat, 11 May 2024 07:51:59 GMT
uncs=1; expires=Sat, 11 May 2024 07:51:59 GMT
pdhtkv28=true; expires=Sat, 11 May 2024 07:51:59 GMT
uncs28=1; expires=Sat, 11 May 2024 07:51:59 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 12dd75a9366286b7b34126e4456a64b1
Strict-Transport-Security: max-age=0; includeSubdomains

wifescamara.click/c9b2l0k.php?key=j9bvotykda242i8ilk8f&SUB_ID_SHORT=39f0f7a2cd18535bda7675bf0065335a&COST_CPC=&PLACEMENT_ID=23070551&CAMPAIGN_ID=1030445&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2904296

192.64.81.118

0 B

URL
wifescamara.click/c9b2l0k.php?key=j9bvotykda242i8ilk8f&SUB_ID_SHORT=39f0f7a2cd18535bda7675bf0065335a&COST_CPC=&PLACEMENT_ID=23070551&CAMPAIGN_ID=1030445&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2904296
IP
192.64.81.118:0
ASN
#19318 IS-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c9b2l0k.php?key=j9bvotykda242i8ilk8f&SUB_ID_SHORT=39f0f7a2cd18535bda7675bf0065335a&COST_CPC=&PLACEMENT_ID=23070551&CAMPAIGN_ID=1030445&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2904296 HTTP/1.1
Host: wifescamara.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highcpmgate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Fri, 10 May 2024 07:52:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=usojsca07s; expires=Sat, 11-May-2024 07:52:00 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=usojsca07s-usojsca07s-uoxs-0-usa30-9rq5dz-9rq5bl-976ca0; expires=Sat, 11-May-2024 07:52:00 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://gzeao.canopusacrux.com/?pl=dR1J35fCDkibR45g1XXjgg&click_id=f875dusojsca07s006&sub_id=23070551
Strict-Transport-Security: max-age=31536000

gzeao.canopusacrux.com/?pl=dR1J35fCDkibR45g1XXjgg&click_id=f875dusojsca07s006&sub_id=23070551

172.67.131.194

0 B

URL
gzeao.canopusacrux.com/?pl=dR1J35fCDkibR45g1XXjgg&click_id=f875dusojsca07s006&sub_id=23070551
IP
172.67.131.194:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=dR1J35fCDkibR45g1XXjgg&click_id=f875dusojsca07s006&sub_id=23070551 HTTP/1.1
Host: gzeao.canopusacrux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highcpmgate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 10 May 2024 07:52:00 GMT
content-length: 0
location: https://gzeao.check-tl-ver-94-1.com/allow-button/?pl=dR1J35fCDkibR45g1XXjgg&sm=allow-button&click_id=f875dusojsca07s006&sub_id=23070551&nrid=af30b87f0d9040a9b1136487f3a38846&hash=e0TRBENK05NfTyZg1TKoEQ&exp=1715327820
set-cookie: dR1J35fCDkibR45g1XXjgg=2; max-age=345600; path=/; samesite=lax
__pl=6a9caeff-5976-4b85-bde2-e9f8a7743179; expires=Sun, 10 May 2026 07:52:00 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0JQLgDssVkzGyFJvYb0N54JxrBhKk1YwgenHE8YPky1OrS%2FQP56gI7CatidDW1FoZ78zK%2FCuAbJ73vLP1fonee0sqvKxDPUnwM3Je8D5Pbc5cFj4iNXgB%2BH9Izdw%2FLTGd8423ufH%2FM4W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881858e9384b568b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

gzeao.check-tl-ver-94-1.com/allow-button/assets/trls.js

188.114.96.1

15 kB

URL
gzeao.check-tl-ver-94-1.com/allow-button/assets/trls.js
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
15 kB (15411 bytes)
Hash
d4a23c4124d49f909abaef62a8bf47a5
e7b26553db1400d07f1b12137053ebe7b066972f
3efcd61ce47244f47b15c9f5d5749f79b2ddd57e51ebf995267ab02d4dcf2180

HTTP Headers

GET /allow-button/assets/trls.js HTTP/1.1
Host: gzeao.check-tl-ver-94-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gzeao.check-tl-ver-94-1.com/allow-button/?pl=dR1J35fCDkibR45g1XXjgg&sm=allow-button&click_id=f875dusojsca07s006&sub_id=23070551&nrid=af30b87f0d9040a9b1136487f3a38846&hash=e0TRBENK05NfTyZg1TKoEQ&exp=1715327820
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:52:00 GMT
content-type: application/javascript
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: W/"6627c958-1e6a"
cache-control: max-age=14400
cf-cache-status: HIT
age: 414
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2cwWG9xssx2%2F10Ajqiu9k9%2F58sH9yMHA0yxhJczlJSbz%2FWQ4IoYFvo1W9uMp%2FlRHy2qKEVPAND3hMzRz1agVVWLxuOcfstJSEOL%2BqYUZq5Vo5gUGy7VBW%2FjyMfLgYXCyoZqnL8RpXp2d%2F%2BjEhWk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881858eb6a8bb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.35

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gzeao.check-tl-ver-94-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 06:28:12 GMT
expires: Sat, 10 May 2025 06:28:12 GMT
cache-control: public, max-age=31536000
age: 5028
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.35

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gzeao.check-tl-ver-94-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:47:38 GMT
expires: Fri, 09 May 2025 02:47:38 GMT
cache-control: public, max-age=31536000
age: 104662
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Early-Data: accepted

ba.check-tl-ver-94-1.com/allow-button/?pl=dR1J35fCDkibR45g1XXjgg&sm=allow-button&click_id=f875dusojsca07s006&sub_id=23070551&nrid=af30b87f0d9040a9b1136487f3a38846&hash=e0TRBENK05NfTyZg1TKoEQ&exp=1715327820

188.114.96.1

23 kB

URL
ba.check-tl-ver-94-1.com/allow-button/?pl=dR1J35fCDkibR45g1XXjgg&sm=allow-button&click_id=f875dusojsca07s006&sub_id=23070551&nrid=af30b87f0d9040a9b1136487f3a38846&hash=e0TRBENK05NfTyZg1TKoEQ&exp=1715327820
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (10169)
Size
23 kB (23300 bytes)
Hash
80f93dbb557a8864dc665d0ce557af58
963f36ccd9c2e63967ea3a66d051a8b4b7e08ab6
ee4d53ba73ffa074d944eae12df6386888e842ce4ca82d0ca6d6779256257f3b

HTTP Headers

GET /allow-button/?pl=dR1J35fCDkibR45g1XXjgg&sm=allow-button&click_id=f875dusojsca07s006&sub_id=23070551&nrid=af30b87f0d9040a9b1136487f3a38846&hash=e0TRBENK05NfTyZg1TKoEQ&exp=1715327820 HTTP/1.1
Host: ba.check-tl-ver-94-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gzeao.check-tl-ver-94-1.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:52:00 GMT
content-type: text/html
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Mqdh%2B7qmbCmR3GbIIxuG8XSwP8Ga7X3G5yCcAOm%2FfQnSAdO7i%2Bpo4ODNql41%2BvK%2FHxH3p6mrY%2F3A3SFDiQ1R2qOl9cVI3%2F9GXpPmIAeizrtBXPhm3OwXEKt5v2AJDCakkLwrr4VUt%2BXKis%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881858edbf0db4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.35

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ba.check-tl-ver-94-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 06:28:12 GMT
expires: Sat, 10 May 2025 06:28:12 GMT
cache-control: public, max-age=31536000
age: 5029
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.35

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ba.check-tl-ver-94-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:47:38 GMT
expires: Fri, 09 May 2025 02:47:38 GMT
cache-control: public, max-age=31536000
age: 104663
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

glugherg.net/sftouch?userId=0080586160d0472df990f0788aa64c07&z=6662145&p_rid=f887d0e4-d80f-4032-a99a-f990ee6021a2&p_src=sf&branchId=0&rb=K4G-as7zkAqrTBhxTFVGDTpllmMfUtsceNTc2RWiaFTPFqq-A7_MBbfJTPb_BdXz7Y7ObNAoyECMFO8mOxPXvuj4nui6GAj5UVcdDPLtTmeN-mvZWTnLA0X4g3-qEu2AXIxaSklnVl7C9L2gnYMyjYezC1ydnNsP0kv_6cD3Cctl0hDzkFwtvgKAy8Ylorzvm4QcIo_HArG0GT6GsN1X2zf8JEllpqifuvtH_2xLrAs=

139.45.197.237

2 B

URL
glugherg.net/sftouch?userId=0080586160d0472df990f0788aa64c07&z=6662145&p_rid=f887d0e4-d80f-4032-a99a-f990ee6021a2&p_src=sf&branchId=0&rb=K4G-as7zkAqrTBhxTFVGDTpllmMfUtsceNTc2RWiaFTPFqq-A7_MBbfJTPb_BdXz7Y7ObNAoyECMFO8mOxPXvuj4nui6GAj5UVcdDPLtTmeN-mvZWTnLA0X4g3-qEu2AXIxaSklnVl7C9L2gnYMyjYezC1ydnNsP0kv_6cD3Cctl0hDzkFwtvgKAy8Ylorzvm4QcIo_HArG0GT6GsN1X2zf8JEllpqifuvtH_2xLrAs=
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sftouch?userId=0080586160d0472df990f0788aa64c07&z=6662145&p_rid=f887d0e4-d80f-4032-a99a-f990ee6021a2&p_src=sf&branchId=0&rb=K4G-as7zkAqrTBhxTFVGDTpllmMfUtsceNTc2RWiaFTPFqq-A7_MBbfJTPb_BdXz7Y7ObNAoyECMFO8mOxPXvuj4nui6GAj5UVcdDPLtTmeN-mvZWTnLA0X4g3-qEu2AXIxaSklnVl7C9L2gnYMyjYezC1ydnNsP0kv_6cD3Cctl0hDzkFwtvgKAy8Ylorzvm4QcIo_HArG0GT6GsN1X2zf8JEllpqifuvtH_2xLrAs= HTTP/1.1
Host: glugherg.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://glugherg.net
DNT: 1
Connection: keep-alive
Referer: https://glugherg.net/4/6662145
Cookie: OAID=0080586160d0472df990f0788aa64c07; oaidts=1715327521
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 07:52:01 GMT
content-type: text/plain
content-length: 2
x-trace-id: 7bee61f98bf322ccb206bb7e8897440e
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://glugherg.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=merge&userId=0080586160d0472df990f0788aa64c07&z=6662145&p_rid=f887d0e4-d80f-4032-a99a-f990ee6021a2&p_src=sf

139.45.195.8

43 B

URL
my.rtmark.net/img.gif?f=merge&userId=0080586160d0472df990f0788aa64c07&z=6662145&p_rid=f887d0e4-d80f-4032-a99a-f990ee6021a2&p_src=sf
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=merge&userId=0080586160d0472df990f0788aa64c07&z=6662145&p_rid=f887d0e4-d80f-4032-a99a-f990ee6021a2&p_src=sf HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://glugherg.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 07:52:01 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080586160d0472df990f0788aa64c07; expires=Sat, 10 May 2025 07:52:01 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

glugherg.net/favicon.ico

139.45.197.237

0 B

URL
glugherg.net/favicon.ico
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: glugherg.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://glugherg.net/4/6662145
Cookie: OAID=0080586160d0472df990f0788aa64c07; oaidts=1715327521
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 10 May 2024 07:52:01 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2

glugherg.net/?z=6662145&syncedCookie=true&rhd=false

139.45.197.237

302 Found

0 B

URL User Request POST HTTP/2
glugherg.net/?z=6662145&syncedCookie=true&rhd=false
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectglugherg.net
Fingerprint32:41:21:37:65:99:C2:A0:C3:78:74:04:E3:8D:18:A9:B6:60:97:57
ValiditySun, 14 Apr 2024 05:10:47 GMT - Sat, 13 Jul 2024 05:10:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /?z=6662145&syncedCookie=true&rhd=false HTTP/1.1
Host: glugherg.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 520
Origin: https://glugherg.net
DNT: 1
Connection: keep-alive
Referer: https://glugherg.net/afu.php?zoneid=6662145&var=6662145&rid=XXz4jyvWNyEJSqRKY8d18w%3D%3D&rhd=false&ab2r=0&sf=1
Cookie: OAID=0080586160d0472df990f0788aa64c07; oaidts=1715327521
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Fri, 10 May 2024 07:52:02 GMT
content-length: 0
location: https://secureltrk.com/click?key=964a6cb724a8ed441ad5&visitor_id=812705128263193365&cost=0.001050&zoneid=6662145&campaignid=7910866&banner=20283117&zone_type={zone_type}&user_activity=high&subzone_id=0
x-trace-id: 804e1980e05fd42e942f4e4dc73ee81e
link: <https://secureltrk.com>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://glugherg.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0080586160d0472df990f0788aa64c07; expires=Sat, 10 May 2025 07:52:01 GMT; path=/; secure; SameSite=None
oaidts=1715327521; expires=Sat, 10 May 2025 07:52:01 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 17 May 2024 07:52:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

secureltrk.com/click?key=964a6cb724a8ed441ad5&visitor_id=812705128263193365&cost=0.001050&zoneid=6662145&campaignid=7910866&banner=20283117&zone_type={zone_type}&user_activity=high&subzone_id=0

176.97.112.149

307 Temporary Redirect

0 B

URL User Request GET HTTP/2
secureltrk.com/click?key=964a6cb724a8ed441ad5&visitor_id=812705128263193365&cost=0.001050&zoneid=6662145&campaignid=7910866&banner=20283117&zone_type={zone_type}&user_activity=high&subzone_id=0
IP
176.97.112.149:443
ASN
#43180 Virtual Systems LLC

Certificate
IssuerLet's Encrypt
Subjectsecureltrk.com
Fingerprint91:A8:57:2C:3B:9E:B5:B7:A7:E4:55:0C:08:59:E7:45:9D:A9:4C:9D
ValidityFri, 22 Mar 2024 12:23:21 GMT - Thu, 20 Jun 2024 12:23:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?key=964a6cb724a8ed441ad5&visitor_id=812705128263193365&cost=0.001050&zoneid=6662145&campaignid=7910866&banner=20283117&zone_type={zone_type}&user_activity=high&subzone_id=0 HTTP/1.1
Host: secureltrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
date: Fri, 10 May 2024 07:52:02 GMT
location: https://g.mtrck.org/c?aid=xoLG2W&lpid=9trgqE&aff_sub5b=cout48la6vts73c58qe0
server: Caddy
set-cookie: uclick=nr3cwQtab9I1h7fxamCY4yqYhziLo/ChnBbJxlQa/BoPjypkpj4dTO966GrhJDoftM8d8A==; Max-Age=31536000; SameSite=Lax
bcid=cout48la6vts73c58qe0; Max-Age=31536000; SameSite=Lax
cid=cout48la6vts73c58qe0; Max-Age=31536000; SameSite=Lax
x-request-id: 6f695321-b176-4a99-a3dd-11d13a85a9e5
content-length: 0
X-Firefox-Spdy: h2

prfectnewoffers.net/images/check-icon.png

188.114.96.1

200 OK

45 kB

URL GET HTTP/3
prfectnewoffers.net/images/check-icon.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerLet's Encrypt
Subjectprfectnewoffers.net
FingerprintFF:D8:95:43:76:67:B6:52:98:93:00:95:5A:76:EF:D4:D3:15:07:F3
ValidityWed, 10 Apr 2024 05:08:54 GMT - Tue, 09 Jul 2024 05:08:53 GMT

File type
PNG image data, 900 x 520, 8-bit/color RGBA, non-interlaced
Size
45 kB (45018 bytes)
Hash
678be8aead34ae53e3a53f79ba30c820
a90e388c192e1287fb9132385e0e9960a1f7c15e
79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

HTTP Headers

GET /images/check-icon.png HTTP/1.1
Host: prfectnewoffers.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Cookie: XSRF-TOKEN=eyJpdiI6IlZ4YmpYdFwvQkd0S1wvUmZsMG54MDhqUT09IiwidmFsdWUiOiJjY3JOSmlzaW82TGZLMUNNRmFja1NrS2d3MTlsY1lPTE1VdzhTSWU2ZkpYcGYxelBoUXd0SG85alExVklzVzluIiwibWFjIjoiMjVkYjk3YjA5ZjBlNGVkMDc0NDg2OTU4ZWYxNzY2ZDE1MjA4OGRjMDk1Y2FlMzU3NDRjMmVhNDk4MjM0NDM1NiJ9; c=eyJpdiI6ImMxcHRQVHdcL0ZGMGx5bHZyMmlMTWdRPT0iLCJ2YWx1ZSI6IkVLXC9Udkd0K2JEaWdxcXo2Z21maWJQYzhxXC9tY3ZwUitCVXBERzUwdExwZU1lSHlVTjN5dGduSGZxNW9xWWcySiIsIm1hYyI6ImIzZThlYmI5MGQ3ZTVkZDBiMjRmMjZlZTM4MWNmYzEwNzA3MjgxZTc0Y2ZiZWI0ZTU3Mzg2ZTc1MDUzMDRkMTAifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:52:02 GMT
content-type: image/png
content-length: 45018
last-modified: Fri, 26 Apr 2024 12:53:43 GMT
etag: "662ba3d7-afda"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 2
cache-control: max-age=14400
cf-cache-status: HIT
age: 2881
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XcyglVdgG9OERWnG94wQ3PUQ%2BHGDf5dcfYNTlgdLtd2R508gzG2R8OZpxWfSthyQFLwSRPQXH%2BLVr8SgiWb1dfPtLz9GtNwS7ZsPZ0Cx5AEbSY%2FbqW2d8j38J24nwtD0bxpSXIY3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881858fa8efd56cc-OSL
alt-svc: h3=":443"; ma=86400

cdnstatic.check-tl-ver-94-1.com/ps/tb?id=dR1J35fCDkibR45g1XXjgg&sm=allow-button&sub_id=23070551&click_id=f875dusojsca07s006&nrid=db06d9f55884b6e3b533f5d0af9e0f0c&reason=tb_exit&attempt=2

188.114.96.1

4.5 kB

URL
cdnstatic.check-tl-ver-94-1.com/ps/tb?id=dR1J35fCDkibR45g1XXjgg&sm=allow-button&sub_id=23070551&click_id=f875dusojsca07s006&nrid=db06d9f55884b6e3b533f5d0af9e0f0c&reason=tb_exit&attempt=2
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with CRLF line terminators
Size
4.5 kB (4485 bytes)
Hash
f6dcca680a4d5fe1e3c9a5e8035b5c90
9362a4e50a3aaa0115daae01b4d28778c9bca070
5dd762ac2af693c86641ae5dc26c78566329fc590b7ca72dc34ed53151feafe3

HTTP Headers

GET /ps/tb?id=dR1J35fCDkibR45g1XXjgg&sm=allow-button&sub_id=23070551&click_id=f875dusojsca07s006&nrid=db06d9f55884b6e3b533f5d0af9e0f0c&reason=tb_exit&attempt=2 HTTP/1.1
Host: cdnstatic.check-tl-ver-94-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ba.check-tl-ver-94-1.com/
Cookie: __psu=b266f1d3-5141-476c-8f17-7b775c0f067e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:52:01 GMT
content-type: text/html
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0uYIRGiRyI4rSLw4JnplPpCbLi5%2FTaxYui%2FJ2%2B8zfSuivxd8Na7DIzpe8kv6WshyFKrGdgpUzoKYyp%2Bz5OMiU8qfyHjmj6EQP9NjOQM3R7DeJo8nlvlfLRIPvnto0P5e61A4PdbOB51pw3%2FNe5pDteOR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881858f01af7b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

mgkstatic33.b-cdn.net/43461/images/Icon-awesome-download.png

194.242.11.186

200 OK

3.8 kB

URL GET HTTP/2
mgkstatic33.b-cdn.net/43461/images/Icon-awesome-download.png
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
PNG image data, 78 x 78, 8-bit/color RGBA, non-interlaced
Size
3.8 kB (3776 bytes)
Hash
2973d7d42cbc07bd0099eec135a5de96
a657b46c370c998c751368bd9231d9729e2b8d23
cd37a4eede36ce73ad4388f7f6a0483c87455e888b16eaee0c9e076abf7882dc

HTTP Headers

GET /43461/images/Icon-awesome-download.png HTTP/1.1
Host: mgkstatic33.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: image/png
content-length: 3776
server: BunnyCDN-NO1-830
cdn-pullzone: 1367785
cdn-uid: 6f116605-ddce-4644-a514-65e3765b9786
cdn-requestcountrycode: NO
cache-control: max-age=3600
etag: "2973d7d42cbc07bd0099eec135a5de96"
last-modified: Wed, 13 Mar 2024 15:17:26 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx0000096a6b8a15cae6941-0065f29eca-5281cd35-ams3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: b0c9cd13-c401-4707-9471-40949c09e155
cf-cache-status: HIT
cf-ray: 869c8b74dc1c0b55-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 03/25/2024 05:36:41
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: e0ac052140c36a9eb97f29a9fbf3a773
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

mgkstatic33.b-cdn.net/43461/images/Icon-awesome-rocket.png

194.242.11.186

200 OK

3.7 kB

URL GET HTTP/2
mgkstatic33.b-cdn.net/43461/images/Icon-awesome-rocket.png
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
Size
3.7 kB (3717 bytes)
Hash
e26549054b8a37aff472cc3c68ca9f92
6d982d6d54f9f1af0ee1b88992dd25a16c66d77d
7cdbc2c72709df7bd0a11927adf1f751a7fc681d3e032267a2b9c4e328dcf40b

HTTP Headers

GET /43461/images/Icon-awesome-rocket.png HTTP/1.1
Host: mgkstatic33.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: image/png
content-length: 3717
server: BunnyCDN-NO1-830
cdn-pullzone: 1367785
cdn-uid: 6f116605-ddce-4644-a514-65e3765b9786
cdn-requestcountrycode: NO
cache-control: max-age=3600
etag: "e26549054b8a37aff472cc3c68ca9f92"
last-modified: Wed, 13 Mar 2024 15:17:28 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx000001277ebaeb444c088-0065f29eca-52830f45-ams3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: b0c9cd13-c401-4707-9471-40949c09e155
cf-cache-status: HIT
cf-ray: 87f725d979d356c4-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 05/06/2024 07:09:58
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: f64617621ed78282361e494321f03ecd
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

prfectnewoffers.net/css/flow.css?id=1a2dada5ba76c1b29ae1

188.114.96.1

200 OK

678 B

URL GET HTTP/3
prfectnewoffers.net/css/flow.css?id=1a2dada5ba76c1b29ae1
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerLet's Encrypt
Subjectprfectnewoffers.net
FingerprintFF:D8:95:43:76:67:B6:52:98:93:00:95:5A:76:EF:D4:D3:15:07:F3
ValidityWed, 10 Apr 2024 05:08:54 GMT - Tue, 09 Jul 2024 05:08:53 GMT

File type
gzip compressed data, from Unix
Size
678 B (678 bytes)
Hash
eb7b4e061a7729e00f0b0f7eb7b9d2ef
30b7080978e8d0fa0199c07ac7af771afbf0b241
aed711dc1397326739c585ab0c471bc1e8aafea2305f327eb44853d5210bf3d3

HTTP Headers

GET /css/flow.css?id=1a2dada5ba76c1b29ae1 HTTP/1.1
Host: prfectnewoffers.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Cookie: XSRF-TOKEN=eyJpdiI6IlZ4YmpYdFwvQkd0S1wvUmZsMG54MDhqUT09IiwidmFsdWUiOiJjY3JOSmlzaW82TGZLMUNNRmFja1NrS2d3MTlsY1lPTE1VdzhTSWU2ZkpYcGYxelBoUXd0SG85alExVklzVzluIiwibWFjIjoiMjVkYjk3YjA5ZjBlNGVkMDc0NDg2OTU4ZWYxNzY2ZDE1MjA4OGRjMDk1Y2FlMzU3NDRjMmVhNDk4MjM0NDM1NiJ9; c=eyJpdiI6ImMxcHRQVHdcL0ZGMGx5bHZyMmlMTWdRPT0iLCJ2YWx1ZSI6IkVLXC9Udkd0K2JEaWdxcXo2Z21maWJQYzhxXC9tY3ZwUitCVXBERzUwdExwZU1lSHlVTjN5dGduSGZxNW9xWWcySiIsIm1hYyI6ImIzZThlYmI5MGQ3ZTVkZDBiMjRmMjZlZTM4MWNmYzEwNzA3MjgxZTc0Y2ZiZWI0ZTU3Mzg2ZTc1MDUzMDRkMTAifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:52:02 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 12:57:10 GMT
vary: Accept-Encoding
etag: W/"662ba4a6-181"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 1
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 2881
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sE0H32KLURTLkpVQDJ0sVqSjqqpQSQYwDG3gOrvGqDDI%2BvoE1oSJtd11C2x1wqyD7e2qC3UQghSxEtneRthsCdXsy0%2BUwQVGIKMF%2FltkFuE4Hn3K%2B9CsSTeQ%2BWC7DxRXeRSMzaDj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881858fa8eef56cc-OSL
alt-svc: h3=":443"; ma=86400

prfectnewoffers.net/media/sad-face.svg

188.114.96.1

200 OK

1.1 kB

URL GET HTTP/3
prfectnewoffers.net/media/sad-face.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerLet's Encrypt
Subjectprfectnewoffers.net
FingerprintFF:D8:95:43:76:67:B6:52:98:93:00:95:5A:76:EF:D4:D3:15:07:F3
ValidityWed, 10 Apr 2024 05:08:54 GMT - Tue, 09 Jul 2024 05:08:53 GMT

File type
gzip compressed data, from Unix
Size
1.1 kB (1144 bytes)
Hash
947bcdd5b2ee2f8ec62ee27b97b36ba2
0f3b4f810f99c3e7eb6c3f3458a3380d8f79d8d9
c8a9257207d3f2f2f8da78eecfa46031b0c5f91308d04ef5be266f9ee4a8184f

HTTP Headers

GET /media/sad-face.svg HTTP/1.1
Host: prfectnewoffers.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Cookie: XSRF-TOKEN=eyJpdiI6IlZ4YmpYdFwvQkd0S1wvUmZsMG54MDhqUT09IiwidmFsdWUiOiJjY3JOSmlzaW82TGZLMUNNRmFja1NrS2d3MTlsY1lPTE1VdzhTSWU2ZkpYcGYxelBoUXd0SG85alExVklzVzluIiwibWFjIjoiMjVkYjk3YjA5ZjBlNGVkMDc0NDg2OTU4ZWYxNzY2ZDE1MjA4OGRjMDk1Y2FlMzU3NDRjMmVhNDk4MjM0NDM1NiJ9; c=eyJpdiI6ImMxcHRQVHdcL0ZGMGx5bHZyMmlMTWdRPT0iLCJ2YWx1ZSI6IkVLXC9Udkd0K2JEaWdxcXo2Z21maWJQYzhxXC9tY3ZwUitCVXBERzUwdExwZU1lSHlVTjN5dGduSGZxNW9xWWcySiIsIm1hYyI6ImIzZThlYmI5MGQ3ZTVkZDBiMjRmMjZlZTM4MWNmYzEwNzA3MjgxZTc0Y2ZiZWI0ZTU3Mzg2ZTc1MDUzMDRkMTAifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: image/svg+xml
last-modified: Fri, 26 Apr 2024 12:57:38 GMT
vary: Accept-Encoding
etag: W/"662ba4c2-5dc"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 3
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 2882
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gEYECFY4B26xM2%2Bjwzp5%2BLiBZ4plI50ad0SN27XsSAhIrI4DTY%2Fp1ckZG3BeQulpUK9zcfMKkrtg%2FQVQmr3cr2192XcOyVcQ5GT9hz3ay1Rra5wF5MGQEeMUH42C98PP2Yohml3m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881858fabf3456cc-OSL
alt-svc: h3=":443"; ma=86400

mgkstatic33.b-cdn.net/43461/images/0PTcCKIlgr.gif

194.242.11.186

200 OK

18 kB

URL GET HTTP/2
mgkstatic33.b-cdn.net/43461/images/0PTcCKIlgr.gif
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
GIF image data, version 89a, 64 x 64
Size
18 kB (17963 bytes)
Hash
313d1440d21ae95e5dcfa2f447f14456
8c850ce459c6b12090b887f19b3d824f49049a23
f95799c3fd4e8f9124459f03b697451744cec2c9fbc74626d2dd50c17e5c72bb

HTTP Headers

GET /43461/images/0PTcCKIlgr.gif HTTP/1.1
Host: mgkstatic33.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: image/gif
content-length: 17963
server: BunnyCDN-NO1-830
cdn-pullzone: 1367785
cdn-uid: 6f116605-ddce-4644-a514-65e3765b9786
cdn-requestcountrycode: NO
cache-control: max-age=3600
etag: "313d1440d21ae95e5dcfa2f447f14456"
last-modified: Wed, 13 Mar 2024 15:17:39 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx0000020d12b6785ad2760-0065f29eca-52830f45-ams3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: b0c9cd13-c401-4707-9471-40949c09e155
cf-cache-status: REVALIDATED
cf-ray: 877c41d2ee4e56be-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 04/21/2024 09:13:16
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 312d640e8926dd2ffe06a26525ee48d3
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

prfectnewoffers.net/js/redirect.js?id=7205070985cfaaa84a2b

188.114.96.1

200 OK

1.6 kB

URL GET HTTP/3
prfectnewoffers.net/js/redirect.js?id=7205070985cfaaa84a2b
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerLet's Encrypt
Subjectprfectnewoffers.net
FingerprintFF:D8:95:43:76:67:B6:52:98:93:00:95:5A:76:EF:D4:D3:15:07:F3
ValidityWed, 10 Apr 2024 05:08:54 GMT - Tue, 09 Jul 2024 05:08:53 GMT

File type
gzip compressed data, from Unix
Size
1.6 kB (1593 bytes)
Hash
b6c50024dd288da8a849d4ee893c6504
d25624eb9af04135edd704f62984a38b9e907732
7a5b0724d420048d1c152829bf93e17a797bf0f1d6a201933e21136f3d39e964

HTTP Headers

GET /js/redirect.js?id=7205070985cfaaa84a2b HTTP/1.1
Host: prfectnewoffers.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Cookie: XSRF-TOKEN=eyJpdiI6IlZ4YmpYdFwvQkd0S1wvUmZsMG54MDhqUT09IiwidmFsdWUiOiJjY3JOSmlzaW82TGZLMUNNRmFja1NrS2d3MTlsY1lPTE1VdzhTSWU2ZkpYcGYxelBoUXd0SG85alExVklzVzluIiwibWFjIjoiMjVkYjk3YjA5ZjBlNGVkMDc0NDg2OTU4ZWYxNzY2ZDE1MjA4OGRjMDk1Y2FlMzU3NDRjMmVhNDk4MjM0NDM1NiJ9; c=eyJpdiI6ImMxcHRQVHdcL0ZGMGx5bHZyMmlMTWdRPT0iLCJ2YWx1ZSI6IkVLXC9Udkd0K2JEaWdxcXo2Z21maWJQYzhxXC9tY3ZwUitCVXBERzUwdExwZU1lSHlVTjN5dGduSGZxNW9xWWcySiIsIm1hYyI6ImIzZThlYmI5MGQ3ZTVkZDBiMjRmMjZlZTM4MWNmYzEwNzA3MjgxZTc0Y2ZiZWI0ZTU3Mzg2ZTc1MDUzMDRkMTAifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 12:57:43 GMT
vary: Accept-Encoding
etag: W/"662ba4c7-ab2"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 2
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 2882
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=14ZO6GTM30P%2B1W2sOpcxB76NdVQqI0%2FFb%2F26bDl0P5uoTRoemMLcnNAyLUaOT%2B9CSGL3RM3FNpNTcqVdqB9zcBGRdDHUE1D%2FU3ecnM4tq0nIyncXSIWhJKLk%2FSrAs7dCN5sNm1ar"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881858fabf3d56cc-OSL
alt-svc: h3=":443"; ma=86400

mgkstatic33.b-cdn.net/43461/images/Polygon-10.png

194.242.11.186

200 OK

465 B

URL GET HTTP/2
mgkstatic33.b-cdn.net/43461/images/Polygon-10.png
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
PNG image data, 46 x 69, 8-bit/color RGBA, non-interlaced
Size
465 B (465 bytes)
Hash
250d763ae00c38fc8d960305e2f11950
130acf813f4c80c9cc7db53decc8799c28e3eb43
d074af86e879deab518c017c9078083a6dc2214d6ca96b892c245bab5c94ceb1

HTTP Headers

GET /43461/images/Polygon-10.png HTTP/1.1
Host: mgkstatic33.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: image/png
content-length: 465
server: BunnyCDN-NO1-830
cdn-pullzone: 1367785
cdn-uid: 6f116605-ddce-4644-a514-65e3765b9786
cdn-requestcountrycode: NO
cache-control: max-age=3600
etag: "250d763ae00c38fc8d960305e2f11950"
last-modified: Wed, 13 Mar 2024 15:17:46 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx000003cd7736e5659ab25-0065f1c7cc-52830f45-ams3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: b0c9cd13-c401-4707-9471-40949c09e155
cf-cache-status: HIT
cf-ray: 87b0bdba1c7756ae-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 04/27/2024 18:05:30
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: d79eb314e9fbbbf1eb83dd016f1e0a9e
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

mgkstatic33.b-cdn.net/43461/images/logo.png

194.242.11.186

200 OK

12 kB

URL GET HTTP/2
mgkstatic33.b-cdn.net/43461/images/logo.png
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
PNG image data, 436 x 130, 8-bit/color RGBA, non-interlaced
Size
12 kB (12510 bytes)
Hash
34156c9cf33b3a62f654c05dce790379
3e937d90138e64ceb158a1d7940e88551e7d3ae4
d13af073b360ef22d6fae9f4553a70389ba215b9d4dff52a9e2358417be6921c

HTTP Headers

GET /43461/images/logo.png HTTP/1.1
Host: mgkstatic33.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: image/png
content-length: 12510
server: BunnyCDN-NO1-830
cdn-pullzone: 1367785
cdn-uid: 6f116605-ddce-4644-a514-65e3765b9786
cdn-requestcountrycode: NO
cache-control: max-age=3600
etag: "34156c9cf33b3a62f654c05dce790379"
last-modified: Wed, 13 Mar 2024 15:17:34 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx000008b1c89a4d0b15148-0065f29eca-5280acec-ams3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: b0c9cd13-c401-4707-9471-40949c09e155
cf-cache-status: HIT
cf-ray: 864461ec3802b51d-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 03/14/2024 12:49:13
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 4c8cd13a5b4bc6a48f389d9189750ddc
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

mgkstatic33.b-cdn.net/43461/images/Icon-ionic-md-trophy.png

194.242.11.186

200 OK

4.0 kB

URL GET HTTP/2
mgkstatic33.b-cdn.net/43461/images/Icon-ionic-md-trophy.png
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
PNG image data, 71 x 72, 8-bit/color RGBA, non-interlaced
Size
4.0 kB (3992 bytes)
Hash
aa55fd19e5efcaea20c5baf81e722bbc
6e5466aa0c4bf4586f1d6e53ae63f9c1fc1a3f56
3d25d49488fafac19a1fd40686a0d901d245e613db1d0b1ddb9a38fa101c659e

HTTP Headers

GET /43461/images/Icon-ionic-md-trophy.png HTTP/1.1
Host: mgkstatic33.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: image/png
content-length: 3992
server: BunnyCDN-NO1-830
cdn-pullzone: 1367785
cdn-uid: 6f116605-ddce-4644-a514-65e3765b9786
cdn-requestcountrycode: NO
cache-control: max-age=3600
etag: "aa55fd19e5efcaea20c5baf81e722bbc"
last-modified: Wed, 13 Mar 2024 15:17:30 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx0000052d3ae9d438c6d95-0065f1c7cc-52830f45-ams3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: b0c9cd13-c401-4707-9471-40949c09e155
cf-cache-status: HIT
cf-ray: 869c8b73bf9f0b45-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 03/25/2024 05:36:41
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 875f3818a6510450969a50e6d509a7b5
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

mgkstatic33.b-cdn.net/43461/images/phone-with-shadow-bitbotapp.png

194.242.11.186

200 OK

101 kB

URL GET HTTP/2
mgkstatic33.b-cdn.net/43461/images/phone-with-shadow-bitbotapp.png
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
PNG image data, 522 x 848, 8-bit/color RGBA, non-interlaced
Size
101 kB (101329 bytes)
Hash
8d3c7b42fdd79ef3c7d81aee046465c8
933e6035c9082dc87418519e8c4e6550c3f1d8a1
f6d18c1ec94df13f3f335ee98f1cdc6010656e117c6a5bd0b47812580c188123

HTTP Headers

GET /43461/images/phone-with-shadow-bitbotapp.png HTTP/1.1
Host: mgkstatic33.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: image/png
content-length: 101329
server: BunnyCDN-NO1-830
cdn-pullzone: 1367785
cdn-uid: 6f116605-ddce-4644-a514-65e3765b9786
cdn-requestcountrycode: NO
cache-control: max-age=3600
etag: "8d3c7b42fdd79ef3c7d81aee046465c8"
last-modified: Wed, 13 Mar 2024 15:17:30 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx000001497924583aa2f5c-0065f1c7cc-5281cd5d-ams3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: b0c9cd13-c401-4707-9471-40949c09e155
cf-cache-status: REVALIDATED
cf-ray: 865fdc830eae56a4-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 03/17/2024 20:51:30
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 40fcf396ac2742f9a6f86da0b4104378
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

mgkstatic33.b-cdn.net/43461/images/robot-and-phone-final-img.png

194.242.11.186

200 OK

405 kB

URL GET HTTP/2
mgkstatic33.b-cdn.net/43461/images/robot-and-phone-final-img.png
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
PNG image data, 960 x 795, 8-bit/color RGBA, non-interlaced
Size
405 kB (405350 bytes)
Hash
b961c9e7e178aa1bb10a1ed8bbc37f76
5a4ae86e986118b8792a85c6c561e07c1f23ee03
15775556fc3dd033df8b911c03448a47cc4e14f26e36aecc2ac378f76c9307d8

HTTP Headers

GET /43461/images/robot-and-phone-final-img.png HTTP/1.1
Host: mgkstatic33.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: image/png
content-length: 405350
server: BunnyCDN-NO1-830
cdn-pullzone: 1367785
cdn-uid: 6f116605-ddce-4644-a514-65e3765b9786
cdn-requestcountrycode: NO
cache-control: max-age=3600
etag: "b961c9e7e178aa1bb10a1ed8bbc37f76"
last-modified: Wed, 13 Mar 2024 15:17:46 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx00000d699074756f91dc7-0065f1c7cc-5281cd5d-ams3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: b0c9cd13-c401-4707-9471-40949c09e155
cf-cache-status: HIT
cf-ray: 87f725dc9d3e56c9-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 05/06/2024 07:09:59
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 9fba7bfd5ffc6a170c8562b58069a51a
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

mgkstatic33.b-cdn.net/43461/build/funnel.css

194.242.11.186

200 OK

22 kB

URL GET HTTP/2
mgkstatic33.b-cdn.net/43461/build/funnel.css
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
ASCII text, with very long lines (45962)
Size
22 kB (21774 bytes)
Hash
670878add58e57bb842fb7530256b6f7
4e642526889846d2b06727762c71c5ec59a60f16
8db1af5a48d72fa1716165f347f781448ac6228b5fd21ec8b9008c2758e87b83

HTTP Headers

GET /43461/build/funnel.css HTTP/1.1
Host: mgkstatic33.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: text/css
server: BunnyCDN-NO1-830
cdn-pullzone: 1367785
cdn-uid: 6f116605-ddce-4644-a514-65e3765b9786
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=3600
etag: W/"670878add58e57bb842fb7530256b6f7"
last-modified: Wed, 13 Mar 2024 15:17:25 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx000003038141ea2822112-0065f1c7cc-5280ad0f-ams3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: b0c9cd13-c401-4707-9471-40949c09e155
cf-cache-status: REVALIDATED
cf-ray: 877c41ce290a56be-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 04/21/2024 09:13:15
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: b5176b000dd11930223a4dd4e65f7a47
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2

static-133.b-cdn.net/43461/images/hero-img-new.jpg

194.242.11.186

200 OK

394 kB

URL GET HTTP/2
static-133.b-cdn.net/43461/images/hero-img-new.jpg
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 1920x935, components 3
Size
394 kB (393575 bytes)
Hash
8867f07ab37b30a70556531fab9ab745
b38438f367b8db496568700d6f07ffc17a185151
d74199bd755af51a2080d1caad0f8655afebbd5da7b56ee3302699c7bd856b0a

HTTP Headers

GET /43461/images/hero-img-new.jpg HTTP/1.1
Host: static-133.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgkstatic33.b-cdn.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: image/jpeg
content-length: 393575
server: BunnyCDN-NO1-830
cdn-pullzone: 561175
cdn-uid: 6f116605-ddce-4644-a514-65e3765b9786
cdn-requestcountrycode: NO
cache-control: max-age=3600
etag: "8867f07ab37b30a70556531fab9ab745"
last-modified: Wed, 13 Mar 2024 15:17:40 GMT
cf-bgj: h2pri
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: tx000001c2614e59fb41b02-0065f1c7cc-52827f33-ams3c
x-do-cdn-uuid: b0c9cd13-c401-4707-9471-40949c09e155
x-rgw-object-type: Normal
cf-cache-status: HIT
cf-ray: 87f725f5199256c9-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 05/06/2024 07:10:03
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 33b38e2c466e7102735a01f65db1944a
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

static-133.b-cdn.net/43461/images/bg-img-2.jpg

194.242.11.186

200 OK

242 kB

URL GET HTTP/2
static-133.b-cdn.net/43461/images/bg-img-2.jpg
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x788, components 3
Size
242 kB (241782 bytes)
Hash
87ea1d39178e8229c5e1d3f4820d371b
ffbc7e6774a0e1fdcbc0fa2dea5fa1ee91b2095f
762daaf85334b0f65ee1a790a52257782cef0f4481df7ce04715bfd2acf0f633

HTTP Headers

GET /43461/images/bg-img-2.jpg HTTP/1.1
Host: static-133.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgkstatic33.b-cdn.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: image/jpeg
content-length: 241782
server: BunnyCDN-NO1-830
cdn-pullzone: 561175
cdn-uid: 6f116605-ddce-4644-a514-65e3765b9786
cdn-requestcountrycode: NO
cache-control: max-age=3600
etag: "87ea1d39178e8229c5e1d3f4820d371b"
last-modified: Wed, 13 Mar 2024 15:17:40 GMT
cf-bgj: h2pri
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: tx0000090b60f5f7e80b015-0065f29eca-52830f45-ams3c
x-do-cdn-uuid: b0c9cd13-c401-4707-9471-40949c09e155
x-rgw-object-type: Normal
cf-cache-status: HIT
cf-ray: 87b0bdbe6fd55685-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 04/27/2024 18:05:31
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: f260eee865b3d821fab84959acf18fc6
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

static-133.b-cdn.net/43461/images/bg-img-3.jpg

194.242.11.186

200 OK

246 kB

URL GET HTTP/2
static-133.b-cdn.net/43461/images/bg-img-3.jpg
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 1920x473, components 3
Size
246 kB (246271 bytes)
Hash
1b514cd6bf37cbbb0738a585510fd600
e171926ee51ece136dc499e19c1adbb118f26f35
9d89491bdea31bb858e17bb9add38046eefa867be00184f3b653798969e3a7ea

HTTP Headers

GET /43461/images/bg-img-3.jpg HTTP/1.1
Host: static-133.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgkstatic33.b-cdn.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: image/jpeg
content-length: 246271
server: BunnyCDN-NO1-830
cdn-pullzone: 561175
cdn-uid: 6f116605-ddce-4644-a514-65e3765b9786
cdn-requestcountrycode: NO
cache-control: max-age=3600
etag: "1b514cd6bf37cbbb0738a585510fd600"
last-modified: Wed, 13 Mar 2024 15:17:38 GMT
cf-bgj: h2pri
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: tx000000225d7167c00f3db-0065f29eca-52827f33-ams3c
x-do-cdn-uuid: b0c9cd13-c401-4707-9471-40949c09e155
x-rgw-object-type: Normal
cf-cache-status: HIT
cf-ray: 8673df3bdb3556cb-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 03/20/2024 07:08:37
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 69b738773caaaf290b683afe0b602c10
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

static-133.b-cdn.net/43461/images/mockup-three-phone.png

194.242.11.186

200 OK

965 kB

URL GET HTTP/2
static-133.b-cdn.net/43461/images/mockup-three-phone.png
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
PNG image data, 1920 x 808, 8-bit/color RGBA, non-interlaced
Size
965 kB (964789 bytes)
Hash
d656e316c5f67a3d7eadc3a4e8a9c1f2
41d0a52bb6ad7351526c739589b85b9c275e963d
2236f4e50c3ddd56f65a30164785676c5d3a1569fa9297418679f25f6ff0bd90

HTTP Headers

GET /43461/images/mockup-three-phone.png HTTP/1.1
Host: static-133.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgkstatic33.b-cdn.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: image/png
content-length: 964789
server: BunnyCDN-NO1-830
cdn-pullzone: 561175
cdn-uid: 6f116605-ddce-4644-a514-65e3765b9786
cdn-requestcountrycode: NO
cache-control: max-age=3600
etag: "d656e316c5f67a3d7eadc3a4e8a9c1f2"
last-modified: Wed, 13 Mar 2024 15:17:29 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx000002dd9f695ca30bbb0-0065f29eca-5281cd35-ams3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: b0c9cd13-c401-4707-9471-40949c09e155
cf-cache-status: HIT
cf-ray: 87f731f95c8d5684-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 05/06/2024 07:18:15
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: ad944adf6c0cb8104b1b74914daf158a
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

static-133.b-cdn.net/43461/images/brush-stroke.svg

194.242.11.186

200 OK

422 kB

URL GET HTTP/2
static-133.b-cdn.net/43461/images/brush-stroke.svg
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
422 kB (422342 bytes)
Hash
2affaa6cbada4631a14b44e4390b0358
e7ad09b7af15b3c1aaff622222a654343e358dfe
d8783d3e7e17ac28d426e6d7b992027af21ba4f86976b1526b9a1e53a047d169

HTTP Headers

GET /43461/images/brush-stroke.svg HTTP/1.1
Host: static-133.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgkstatic33.b-cdn.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: image/svg+xml
vary: Accept-Encoding
server: BunnyCDN-NO1-830
cdn-pullzone: 561175
cdn-uid: 6f116605-ddce-4644-a514-65e3765b9786
cdn-requestcountrycode: NO
cache-control: max-age=3600
etag: W/"2affaa6cbada4631a14b44e4390b0358"
last-modified: Wed, 13 Mar 2024 15:17:35 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx000005c4296c53e680ad2-0065f29eca-5281cd5d-ams3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: b0c9cd13-c401-4707-9471-40949c09e155
cf-cache-status: HIT
cf-ray: 869c8b777a0b56ae-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 03/25/2024 05:36:42
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 7d8be12ec8d208e9ef66bd33c39f23d0
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2

prfectnewoffers.net/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

188.114.96.1

200 OK

71 kB

URL GET HTTP/3
prfectnewoffers.net/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerLet's Encrypt
Subjectprfectnewoffers.net
FingerprintFF:D8:95:43:76:67:B6:52:98:93:00:95:5A:76:EF:D4:D3:15:07:F3
ValidityWed, 10 Apr 2024 05:08:54 GMT - Tue, 09 Jul 2024 05:08:53 GMT

File type
PNG image data, 5652 x 15, 8-bit/color RGBA, non-interlaced
Size
71 kB (70857 bytes)
Hash
416250f60d785a2e02f17e054d2e4e44
21572c9751e5a3dc20395befa0fcb349c32c4811
0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

HTTP Headers

GET /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44 HTTP/1.1
Host: prfectnewoffers.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/css/forms.css?id=f996a15d4340ce7f6a99
Cookie: XSRF-TOKEN=eyJpdiI6IlZ4YmpYdFwvQkd0S1wvUmZsMG54MDhqUT09IiwidmFsdWUiOiJjY3JOSmlzaW82TGZLMUNNRmFja1NrS2d3MTlsY1lPTE1VdzhTSWU2ZkpYcGYxelBoUXd0SG85alExVklzVzluIiwibWFjIjoiMjVkYjk3YjA5ZjBlNGVkMDc0NDg2OTU4ZWYxNzY2ZDE1MjA4OGRjMDk1Y2FlMzU3NDRjMmVhNDk4MjM0NDM1NiJ9; c=eyJpdiI6ImMxcHRQVHdcL0ZGMGx5bHZyMmlMTWdRPT0iLCJ2YWx1ZSI6IkVLXC9Udkd0K2JEaWdxcXo2Z21maWJQYzhxXC9tY3ZwUitCVXBERzUwdExwZU1lSHlVTjN5dGduSGZxNW9xWWcySiIsIm1hYyI6ImIzZThlYmI5MGQ3ZTVkZDBiMjRmMjZlZTM4MWNmYzEwNzA3MjgxZTc0Y2ZiZWI0ZTU3Mzg2ZTc1MDUzMDRkMTAifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:52:04 GMT
content-type: image/png
content-length: 70857
last-modified: Fri, 26 Apr 2024 12:57:43 GMT
etag: "662ba4c7-114c9"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 2
cache-control: max-age=14400
cf-cache-status: HIT
age: 2806
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gb4ZIbyWJTaH4g36uX9sL1m8TW9QX7lHcTJbpFFOwyuXMqrXWGif%2BH0Rl%2B%2BHE%2Bn%2BBxgHc06sEnsNb1fJezpUAS1JaYqoiyuUFxgubfXf4LtfWtNRuFhM8xKA9yP7vOKX50F2j7AP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881859011aac56cc-OSL
alt-svc: h3=":443"; ma=86400

nb.check-tl-ver-154-1.com/eyes-robot/assets/style.css

188.114.97.1

15 kB

URL
nb.check-tl-ver-154-1.com/eyes-robot/assets/style.css
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
15 kB (15197 bytes)
Hash
78fb4ac9c508146eb0acf838cc0a51ea
ff9ba3268e428cbeadeb1ba171c8e5384b4d76e0
772238fafd8304cadaacc9626d0e4e8a3ec7feb6f932732449d84869da15725c

HTTP Headers

GET /eyes-robot/assets/style.css HTTP/1.1
Host: nb.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nb.check-tl-ver-154-1.com/eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 07:51:58 GMT
content-type: text/css
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: W/"6627c958-cf6"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ddDZMvkGZG%2BHAgnUA8y9bxZIFu56GAA28mJ1qx0%2BsZ48DOlUspJ%2FOwT62Z4gLr%2F8GZE%2F7Nl08bmC0pPxM4aSUev03tiWgp5LpG%2FlylvC%2FFppkzlc%2F3JdGmtTMSNf896aejNnn3vdinaUqeUf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881858dca889b524-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://prfectnewoffers.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:35:00 GMT
expires: Fri, 09 May 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 105424
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://prfectnewoffers.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:35:00 GMT
expires: Fri, 09 May 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 105424
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://prfectnewoffers.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:35:00 GMT
expires: Fri, 09 May 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 105424
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://prfectnewoffers.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:35:00 GMT
expires: Fri, 09 May 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 105424
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mgkstatic33.b-cdn.net/43461/images/favicon.png

194.242.11.186

200 OK

1.8 kB

URL GET HTTP/2
mgkstatic33.b-cdn.net/43461/images/favicon.png
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1805 bytes)
Hash
482ce499d40d67a9f4e12e5c992e98ce
9b8ce74d23795fdafa1bd6ca98a45a402e77dcc8
a7e3b96b4eab4a0a983b1db97750021b9d18574877b51f5a23a600514694a887

HTTP Headers

GET /43461/images/favicon.png HTTP/1.1
Host: mgkstatic33.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:04 GMT
content-type: image/png
content-length: 1805
server: BunnyCDN-NO1-830
cdn-pullzone: 1367785
cdn-uid: 6f116605-ddce-4644-a514-65e3765b9786
cdn-requestcountrycode: NO
cache-control: max-age=3600
etag: "482ce499d40d67a9f4e12e5c992e98ce"
last-modified: Wed, 13 Mar 2024 15:17:45 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx00000931254d7e4b970d6-0065f1c7a0-5280acec-ams3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: b0c9cd13-c401-4707-9471-40949c09e155
cf-cache-status: HIT
cf-ray: 874b2f61f8dd56ba-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 04/15/2024 10:17:18
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 64a18495ee82555b6f1571f1a567347a
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

rqqlj.check-tl-ver-154-1.com/eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816

188.114.97.1

30 kB

URL
rqqlj.check-tl-ver-154-1.com/eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
30 kB (29505 bytes)
Hash
666203c2cfc7ee8aafbd1cbf9ec04c69
7d74e745174fe6140ee2fbe1fe8b8c2ae33ade9a
57027a083c9c7eaf8a078a7090c454b254216a4a94782e2445fb71629725531b

HTTP Headers

GET /eyes-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=eyes-robot&click_id=a9f24usojsca0usf40&sub_id=17537640&nrid=1c1dcd012a9b42748936d83e6045846a&hash=_BBBE3nth8_f32LTEobM8A&exp=1715327816 HTTP/1.1
Host: rqqlj.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://slushhelmetmirth.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 07:51:57 GMT
content-type: text/html
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bEfkXtM4g1tyYfAMgV5B%2FgIk4P8AYcaByDS83ACB24u7irYeOK9Ddvnu4N3Lg80AKoGXAkGT10pGGBt%2FQ7jA3sJ9TyXfhqZOORkIeeEv9sWVif0a4rizQhGCk8HkVH9xpPR5lQv3t8qIw3ycSUaY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881858d5aa361c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

g.mtrck.org/c?aid=xoLG2W&lpid=9trgqE&aff_sub5b=cout48la6vts73c58qe0

76.223.57.231

302 Found

30 kB

URL User Request GET HTTP/2
g.mtrck.org/c?aid=xoLG2W&lpid=9trgqE&aff_sub5b=cout48la6vts73c58qe0
IP
76.223.57.231:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectg.mtrck.org
FingerprintB1:97:7C:87:E0:27:AF:43:D2:96:20:A4:78:6D:0C:61:EF:62:F7:69
ValidityThu, 14 Mar 2024 05:51:05 GMT - Wed, 12 Jun 2024 05:51:04 GMT

File type

Size
30 kB (30120 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c?aid=xoLG2W&lpid=9trgqE&aff_sub5b=cout48la6vts73c58qe0 HTTP/1.1
Host: g.mtrck.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: no-cache, private
content-type: text/html; charset=UTF-8
date: Fri, 10 May 2024 07:52:02 GMT
location: https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
server: Caddy, nginx
set-cookie: XSRF-TOKEN=eyJpdiI6IkdXSFhjSXhiRkVyekFjS3NkNkkxTHc9PSIsInZhbHVlIjoiVUxUTG9jMmdWcEl2OURJNUt1TjMwejFjby8rQTE3QVNkOC9KYSt0QWZWa0ZOemdBZkpiWGJCMkhXOWE0MXpHWlBjRkdLSWhKaktxeWJpQWQ4YlowUkpYNk5UYlYwUCthZlpudXRsUWcwNzRFMjkzOEZFLzgrVTdGNkZZZkNJY00iLCJtYWMiOiJhZGI5N2JjZGY2NTA4MzI0ODY1MDkxNGYxOTlhNjNmM2U1NDAyMWQ1OTI0MmU5NDE3Yjk4NzdiYmUyY2I1ODJmIiwidGFnIjoiIn0%3D; expires=Fri, 10-May-2024 09:52:02 GMT; Max-Age=7200; path=/; samesite=lax
clickbit_session=eyJpdiI6IjBrMEFFZ1kzQU9waTgwdUU4N1pIMEE9PSIsInZhbHVlIjoiNzFheXVTdUZWc3lBZUswOENlUE5OVVlKZlVNUXpydExsSUN3ZXNSN2s2bEhRZ0ZWV3ZwT053TTFLbDhRaXorSXFHaGIyN3VIVm12U3lQVkNUTjMvUGtDaHJPNDFmMWhnQndqYXdKZXIzZEsxVVEyVUs1ZlN0ekVPTEFlUE9VdFAiLCJtYWMiOiIyYmFkMWNmMTU0NjVlOWJjMzcwMTI0OTc2ZTQxZDUzYWM5OGI4NjNiYjViZWY2YzE2YzEyMTI3NTI3OWM1NTMzIiwidGFnIjoiIn0%3D; expires=Fri, 10-May-2024 09:52:02 GMT; Max-Age=7200; path=/; httponly; samesite=lax
cid=eyJpdiI6IjVqd3QzKzZQZjdLODVtRU9Gb0xMNFE9PSIsInZhbHVlIjoiN3FHcDVBN2Flck5JaWttb1BUQ2VSWmZ5SkE3K3ExaGNYUGEyb3FtL0Z5MGVmQTdabVdINmxxbytmVmRHMGZkN3NieTJnK1NMcmU2VzUybUJEbk5RSXcxc216eDdCTitRT1E1cXpsNHp0STA9IiwibWFjIjoiZjhhM2MyMDNhNmQ2YzUyODVkMDZjMmU2MWFmNjA3OTAxYWY1Y2ViMzQ3NzQ5NzBjMGRiMmMzOTRlZDYwOTlkYyIsInRhZyI6IiJ9; expires=Tue, 30-Aug-2078 18:08:41 GMT; Max-Age=1713780999; path=/; httponly; samesite=lax
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Lato:ital,wght@0,300;0,400;0,700;0,900;1,300;1,400;1,700;1,900&family=Montserrat:wght@300;400;500;600;700&family=Noto+Sans:wght@300;400;500;600;700;800;900&family=Open+Sans:wght@400;500;600;700;800&family=Quicksand:wght@300;400;500;600;700&family=Roboto:wght@300;400;500;700;900&family=Tajawal:wght@300;400;500;700&display=swap

142.250.74.106

200 OK

88 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Lato:ital,wght@0,300;0,400;0,700;0,900;1,300;1,400;1,700;1,900&family=Montserrat:wght@300;400;500;600;700&family=Noto+Sans:wght@300;400;500;600;700;800;900&family=Open+Sans:wght@400;500;600;700;800&family=Quicksand:wght@300;400;500;600;700&family=Roboto:wght@300;400;500;700;900&family=Tajawal:wght@300;400;500;700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (1572)
Size
88 kB (88472 bytes)
Hash
6a4571112dc1d4b0e37c6df7eba27cac
196e9eec0684faa62878e6f5e476710bd11f27bd
84675537119f9cc7f7a12120e2cf7ebe9cf645accde5cffca6d6da0c6ed03b32

HTTP Headers

GET /css2?family=Lato:ital,wght@0,300;0,400;0,700;0,900;1,300;1,400;1,700;1,900&family=Montserrat:wght@300;400;500;600;700&family=Noto+Sans:wght@300;400;500;600;700;800;900&family=Open+Sans:wght@400;500;600;700;800&family=Quicksand:wght@300;400;500;600;700&family=Roboto:wght@300;400;500;700;900&family=Tajawal:wght@300;400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgkstatic33.b-cdn.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 07:52:03 GMT
date: Fri, 10 May 2024 07:52:03 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static-133.b-cdn.net/43461/images/bg-img-4.jpg

194.242.11.186

200 OK

375 kB

URL GET HTTP/2
static-133.b-cdn.net/43461/images/bg-img-4.jpg
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x692, components 3
Size
375 kB (374893 bytes)
Hash
ca2af1e0db4ffa75dc11257debbca866
9a4ecbbbb46dc174daa5eb39d804d00914602fdf
26c2c413b4a6d8f79064e6a92528e0a886da3e41f99acf7e5b8a01ff082f3f97

HTTP Headers

GET /43461/images/bg-img-4.jpg HTTP/1.1
Host: static-133.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgkstatic33.b-cdn.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: image/jpeg
content-length: 374893
server: BunnyCDN-NO1-830
cdn-pullzone: 561175
cdn-uid: 6f116605-ddce-4644-a514-65e3765b9786
cdn-requestcountrycode: NO
cache-control: max-age=3600
etag: "ca2af1e0db4ffa75dc11257debbca866"
last-modified: Wed, 13 Mar 2024 15:17:41 GMT
cf-bgj: h2pri
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: tx000003769d44dac3c04af-0065f1c7cc-5280acec-ams3c
x-do-cdn-uuid: b0c9cd13-c401-4707-9471-40949c09e155
x-rgw-object-type: Normal
cf-cache-status: HIT
cf-ray: 869c8b777cce0b55-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 03/25/2024 05:36:42
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 54d614c3f5fb8f23292d05ace7fa4229
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

mgkstatic33.b-cdn.net/43461/build/funnel.js

194.242.11.186

200 OK

735 kB

URL GET HTTP/2
mgkstatic33.b-cdn.net/43461/build/funnel.js
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type

Size
735 kB (735343 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /43461/build/funnel.js HTTP/1.1
Host: mgkstatic33.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: application/javascript
server: BunnyCDN-NO1-830
cdn-pullzone: 1367785
cdn-uid: 6f116605-ddce-4644-a514-65e3765b9786
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
cache-control: max-age=3600
etag: W/"154334f976eb4c2bbea602efb4ad82ce"
last-modified: Wed, 13 Mar 2024 15:17:26 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx00000171f16e097b1d7c2-0065f29eca-5281cd5d-ams3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: b0c9cd13-c401-4707-9471-40949c09e155
cf-cache-status: HIT
cf-ray: 869b6440a89156bb-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 03/25/2024 02:15:10
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 5f34bfe2041bb25e094d49229bd14873
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2

prfectnewoffers.net/locate

188.114.96.1

200 OK

144 B

URL GET HTTP/3
prfectnewoffers.net/locate
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerLet's Encrypt
Subjectprfectnewoffers.net
FingerprintFF:D8:95:43:76:67:B6:52:98:93:00:95:5A:76:EF:D4:D3:15:07:F3
ValidityWed, 10 Apr 2024 05:08:54 GMT - Tue, 09 Jul 2024 05:08:53 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
144 B (144 bytes)
Hash
a78c1f9242aa33a87bd5f7a7f6cf21af
61484ea912efce8fe8b9aef0eb79eacadecd0968
47ba1d847752b8b99d6b67a2eaa654648624b7035ae2780c5efcbb328b09749e

HTTP Headers

GET /locate HTTP/1.1
Host: prfectnewoffers.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-XSRF-TOKEN: eyJpdiI6IlZ4YmpYdFwvQkd0S1wvUmZsMG54MDhqUT09IiwidmFsdWUiOiJjY3JOSmlzaW82TGZLMUNNRmFja1NrS2d3MTlsY1lPTE1VdzhTSWU2ZkpYcGYxelBoUXd0SG85alExVklzVzluIiwibWFjIjoiMjVkYjk3YjA5ZjBlNGVkMDc0NDg2OTU4ZWYxNzY2ZDE1MjA4OGRjMDk1Y2FlMzU3NDRjMmVhNDk4MjM0NDM1NiJ9
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Cookie: XSRF-TOKEN=eyJpdiI6IlZ4YmpYdFwvQkd0S1wvUmZsMG54MDhqUT09IiwidmFsdWUiOiJjY3JOSmlzaW82TGZLMUNNRmFja1NrS2d3MTlsY1lPTE1VdzhTSWU2ZkpYcGYxelBoUXd0SG85alExVklzVzluIiwibWFjIjoiMjVkYjk3YjA5ZjBlNGVkMDc0NDg2OTU4ZWYxNzY2ZDE1MjA4OGRjMDk1Y2FlMzU3NDRjMmVhNDk4MjM0NDM1NiJ9; c=eyJpdiI6ImMxcHRQVHdcL0ZGMGx5bHZyMmlMTWdRPT0iLCJ2YWx1ZSI6IkVLXC9Udkd0K2JEaWdxcXo2Z21maWJQYzhxXC9tY3ZwUitCVXBERzUwdExwZU1lSHlVTjN5dGduSGZxNW9xWWcySiIsIm1hYyI6ImIzZThlYmI5MGQ3ZTVkZDBiMjRmMjZlZTM4MWNmYzEwNzA3MjgxZTc0Y2ZiZWI0ZTU3Mzg2ZTc1MDUzMDRkMTAifQ%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 07:52:04 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IktNVHB3N1lxSEQ2eVI0NkJlRUZYUlE9PSIsInZhbHVlIjoiV2kyc1lmMVNkYTN6bWVrWlwvUDljREJWd01kbWJHQ1FQYmJmZGV2VVdMUVhrK3U1Z2NQYkdRaUtVd0lXeUJVUjkiLCJtYWMiOiIyZTYyYTVmOTdmZTEzNmM1ZDMzZjc3YjVkZTQ1ODBlNjI5ZWY5YjAwNDE5YTVjYzlkY2I0YzkxMjI4YmQzN2I3In0%3D; expires=Fri, 10-May-2024 09:52:04 GMT; Max-Age=7200; path=/
c=eyJpdiI6IlkyTTY2K05STmJQa0ptb1BBNzhyRmc9PSIsInZhbHVlIjoiRVQ2ZytHSm1TUUFTdGUzOGpQXC9haFl0alFkSm5CYnpGd2U0eGpsN25mSWxubExoOTc2bFVOT05hNFBqN2FFeEgiLCJtYWMiOiI2MGQzOWY5MjYyYTEzNDlhNjllOGUyMzZlMDQ0MGQ2MWIzNjcyOWQ0NWFkMDM0ZTdhNjQ2ZjJhZGM0ZDA1Zjg1In0%3D; expires=Fri, 10-May-2024 09:52:04 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 1
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cQuoJsZ%2BQA0LFISEhoF5ZJ9dldFv5xtahnJiw6StjrlJir2VS46elIMsONwjT95%2F4dby52BDWL0gy2GVuUDi%2BVWDOKWiU4j7SgSOvNJNYlm3HGPiOsGBrT6W0F1QpacDLXPYy0yW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88185901cbcf56cc-OSL
alt-svc: h3=":443"; ma=86400

prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=

188.114.96.1

200 OK

30 kB

URL User Request GET HTTP/2
prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectprfectnewoffers.net
FingerprintFF:D8:95:43:76:67:B6:52:98:93:00:95:5A:76:EF:D4:D3:15:07:F3
ValidityWed, 10 Apr 2024 05:08:54 GMT - Tue, 09 Jul 2024 05:08:53 GMT

File type

Size
30 kB (30120 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language= HTTP/1.1
Host: prfectnewoffers.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 07:52:02 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlZ4YmpYdFwvQkd0S1wvUmZsMG54MDhqUT09IiwidmFsdWUiOiJjY3JOSmlzaW82TGZLMUNNRmFja1NrS2d3MTlsY1lPTE1VdzhTSWU2ZkpYcGYxelBoUXd0SG85alExVklzVzluIiwibWFjIjoiMjVkYjk3YjA5ZjBlNGVkMDc0NDg2OTU4ZWYxNzY2ZDE1MjA4OGRjMDk1Y2FlMzU3NDRjMmVhNDk4MjM0NDM1NiJ9; expires=Fri, 10-May-2024 09:52:02 GMT; Max-Age=7200; path=/
c=eyJpdiI6ImMxcHRQVHdcL0ZGMGx5bHZyMmlMTWdRPT0iLCJ2YWx1ZSI6IkVLXC9Udkd0K2JEaWdxcXo2Z21maWJQYzhxXC9tY3ZwUitCVXBERzUwdExwZU1lSHlVTjN5dGduSGZxNW9xWWcySiIsIm1hYyI6ImIzZThlYmI5MGQ3ZTVkZDBiMjRmMjZlZTM4MWNmYzEwNzA3MjgxZTc0Y2ZiZWI0ZTU3Mzg2ZTc1MDUzMDRkMTAifQ%3D%3D; expires=Fri, 10-May-2024 09:52:02 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1JZHMOd%2FFrYeAGUZKkBioDl4Ctw29AOHj5xTdlBdXhJmk0XCIA3t0582AwAJFgqUxioJdxvUrb1f2glSOCp%2FYw3kHV6wHTbzXrDDPfPGcwU8aR69EemYYHeC%2B7OlBG%2FvqecqMacN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881858f75b640b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

prfectnewoffers.net/css/forms.css?id=f996a15d4340ce7f6a99

188.114.96.1

200 OK

22 kB

URL GET HTTP/3
prfectnewoffers.net/css/forms.css?id=f996a15d4340ce7f6a99
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerLet's Encrypt
Subjectprfectnewoffers.net
FingerprintFF:D8:95:43:76:67:B6:52:98:93:00:95:5A:76:EF:D4:D3:15:07:F3
ValidityWed, 10 Apr 2024 05:08:54 GMT - Tue, 09 Jul 2024 05:08:53 GMT

File type
ASCII text, with very long lines (19895)
Size
22 kB (22282 bytes)
Hash
f996a15d4340ce7f6a994015a99c95d9
e59e2ce631dcf0619e149659a0052285e374def4
f93e02936033f95f052bec10b8041b15ec34b661a699957113f8646875c81718

HTTP Headers

GET /css/forms.css?id=f996a15d4340ce7f6a99 HTTP/1.1
Host: prfectnewoffers.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Cookie: XSRF-TOKEN=eyJpdiI6IlZ4YmpYdFwvQkd0S1wvUmZsMG54MDhqUT09IiwidmFsdWUiOiJjY3JOSmlzaW82TGZLMUNNRmFja1NrS2d3MTlsY1lPTE1VdzhTSWU2ZkpYcGYxelBoUXd0SG85alExVklzVzluIiwibWFjIjoiMjVkYjk3YjA5ZjBlNGVkMDc0NDg2OTU4ZWYxNzY2ZDE1MjA4OGRjMDk1Y2FlMzU3NDRjMmVhNDk4MjM0NDM1NiJ9; c=eyJpdiI6ImMxcHRQVHdcL0ZGMGx5bHZyMmlMTWdRPT0iLCJ2YWx1ZSI6IkVLXC9Udkd0K2JEaWdxcXo2Z21maWJQYzhxXC9tY3ZwUitCVXBERzUwdExwZU1lSHlVTjN5dGduSGZxNW9xWWcySiIsIm1hYyI6ImIzZThlYmI5MGQ3ZTVkZDBiMjRmMjZlZTM4MWNmYzEwNzA3MjgxZTc0Y2ZiZWI0ZTU3Mzg2ZTc1MDUzMDRkMTAifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 07:52:02 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 12:57:38 GMT
vary: Accept-Encoding
etag: W/"662ba4c2-570a"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 3
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 3016
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gnPHhXE%2F8%2Fe6rjeTMAPXmCJxyB3tcRtY6h1Iw9pDHW2xz9776GfAv%2F7IBy125PpQkDu2YFno%2BXv6wyc11OiF8wVbw8p18Z5%2Bk82Iyz1Np%2Bl3UjZZOg4O1Wo1RUwTnU%2FHXDPEya%2F%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881858fa8eea56cc-OSL
alt-svc: h3=":443"; ma=86400

prfectnewoffers.net/event?hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8

188.114.96.1

201 Created

2 B

URL POST HTTP/3
prfectnewoffers.net/event?hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerLet's Encrypt
Subjectprfectnewoffers.net
FingerprintFF:D8:95:43:76:67:B6:52:98:93:00:95:5A:76:EF:D4:D3:15:07:F3
ValidityWed, 10 Apr 2024 05:08:54 GMT - Tue, 09 Jul 2024 05:08:53 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

HTTP Headers

POST /event?hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8 HTTP/1.1
Host: prfectnewoffers.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
X-XSRF-TOKEN: eyJpdiI6IktNVHB3N1lxSEQ2eVI0NkJlRUZYUlE9PSIsInZhbHVlIjoiV2kyc1lmMVNkYTN6bWVrWlwvUDljREJWd01kbWJHQ1FQYmJmZGV2VVdMUVhrK3U1Z2NQYkdRaUtVd0lXeUJVUjkiLCJtYWMiOiIyZTYyYTVmOTdmZTEzNmM1ZDMzZjc3YjVkZTQ1ODBlNjI5ZWY5YjAwNDE5YTVjYzlkY2I0YzkxMjI4YmQzN2I3In0=
Content-Length: 182
Origin: https://prfectnewoffers.net
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Cookie: XSRF-TOKEN=eyJpdiI6IktNVHB3N1lxSEQ2eVI0NkJlRUZYUlE9PSIsInZhbHVlIjoiV2kyc1lmMVNkYTN6bWVrWlwvUDljREJWd01kbWJHQ1FQYmJmZGV2VVdMUVhrK3U1Z2NQYkdRaUtVd0lXeUJVUjkiLCJtYWMiOiIyZTYyYTVmOTdmZTEzNmM1ZDMzZjc3YjVkZTQ1ODBlNjI5ZWY5YjAwNDE5YTVjYzlkY2I0YzkxMjI4YmQzN2I3In0%3D; c=eyJpdiI6IlkyTTY2K05STmJQa0ptb1BBNzhyRmc9PSIsInZhbHVlIjoiRVQ2ZytHSm1TUUFTdGUzOGpQXC9haFl0alFkSm5CYnpGd2U0eGpsN25mSWxubExoOTc2bFVOT05hNFBqN2FFeEgiLCJtYWMiOiI2MGQzOWY5MjYyYTEzNDlhNjllOGUyMzZlMDQ0MGQ2MWIzNjcyOWQ0NWFkMDM0ZTdhNjQ2ZjJhZGM0ZDA1Zjg1In0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 201 Created
date: Fri, 10 May 2024 07:52:04 GMT
content-type: application/json
cache-control: no-cache, private
access-control-allow-origin: https://prfectnewoffers.net
vary: Origin
set-cookie: XSRF-TOKEN=eyJpdiI6IjF6WTg1ZzMzYVFwOWt4Ynk5RjFuV1E9PSIsInZhbHVlIjoiaDJBa1EzYVAzUFV5NjQ1Q2c0YWpNZ2JzQnhueDJ1eWNZK3JrcmRtMThsXC9FOUxuUEg4QWFORWpaQTA1MkQ1SWsiLCJtYWMiOiJmMjkxMjQwZDkwYTc2ZjU2NTY1M2IzOWIwZjU0ODI1MGNkYjYwMWFhZTA2MWJmM2Y0YTliOWNhMTk4ZjNiMGI2In0%3D; expires=Fri, 10-May-2024 09:52:04 GMT; Max-Age=7200; path=/
c=eyJpdiI6IjdcL3c4Q0Jtenlvd0hHYlV1dDBrN0dBPT0iLCJ2YWx1ZSI6IlZkSnNwUWw4VzhpUldNd0pDN1VTMVQ5czZQUTVGQ01ZRDdRTlIwcTd0UWgzSDJ3bGdjS0ZwY3RWZHFvZ2pwNmoiLCJtYWMiOiIzNTgyYTExZTQ0YjllMTY2OWY2MWZhNjY2OThkMGI3ODFiMjMzYmQ0MTY0N2FmN2NhZDM0MDRjZjQ2OGExNTU5In0%3D; expires=Fri, 10-May-2024 09:52:04 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 2
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dbqdpdNEpDPp2D5UaEaP4zA5vXvhujqLDORHOAokcgZvvsNPtzbEr4g5FyQttdeZqb%2F%2B%2F%2B8lTRQuae%2FPisz0451nOb7sTOeiaHYdBiuF1JuO4hO7SwJ%2FnUNattFg6gBBkyYJE2uj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881859035ed956cc-OSL
alt-svc: h3=":443"; ma=86400

prfectnewoffers.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

188.114.96.1

200 OK

1.2 kB

URL GET HTTP/3
prfectnewoffers.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerLet's Encrypt
Subjectprfectnewoffers.net
FingerprintFF:D8:95:43:76:67:B6:52:98:93:00:95:5A:76:EF:D4:D3:15:07:F3
ValidityWed, 10 Apr 2024 05:08:54 GMT - Tue, 09 Jul 2024 05:08:53 GMT

File type
HTML document, ASCII text, with very long lines (1271), with no line terminators
Size
1.2 kB (1239 bytes)
Hash
40d981045a7516cdadd00e8dccc9c58d
8b8d9a48c6b9d2fba596034ef5db3dd0f2f781c3
71c7d5fc630ff38080f71945be1e8b0c43140d8c25338056b752495e18739c0c

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: prfectnewoffers.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Cookie: XSRF-TOKEN=eyJpdiI6IlZ4YmpYdFwvQkd0S1wvUmZsMG54MDhqUT09IiwidmFsdWUiOiJjY3JOSmlzaW82TGZLMUNNRmFja1NrS2d3MTlsY1lPTE1VdzhTSWU2ZkpYcGYxelBoUXd0SG85alExVklzVzluIiwibWFjIjoiMjVkYjk3YjA5ZjBlNGVkMDc0NDg2OTU4ZWYxNzY2ZDE1MjA4OGRjMDk1Y2FlMzU3NDRjMmVhNDk4MjM0NDM1NiJ9; c=eyJpdiI6ImMxcHRQVHdcL0ZGMGx5bHZyMmlMTWdRPT0iLCJ2YWx1ZSI6IkVLXC9Udkd0K2JEaWdxcXo2Z21maWJQYzhxXC9tY3ZwUitCVXBERzUwdExwZU1lSHlVTjN5dGduSGZxNW9xWWcySiIsIm1hYyI6ImIzZThlYmI5MGQ3ZTVkZDBiMjRmMjZlZTM4MWNmYzEwNzA3MjgxZTc0Y2ZiZWI0ZTU3Mzg2ZTc1MDUzMDRkMTAifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 07:52:02 GMT
content-type: application/javascript
last-modified: Wed, 08 May 2024 09:31:53 GMT
etag: W/"663b4689-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BtKUtaC%2BQ%2BJbFSDUHuRVkPWc%2BHSobsRI5Lqs3tLYxugBCaiBvSuqGTvINClNS%2FAaxUq%2FE%2FJwP5eSmDAXciS%2Fy6S%2F49K%2BypaXhMxqXXn6RUeYc9Q7cixyoQJ6VTh8FV9C%2BrQCBQEV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881858fabf3c56cc-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sun, 12 May 2024 07:52:02 GMT
cache-control: max-age=172800, public
content-encoding: gzip

prfectnewoffers.net/js/l.js?id=f699e0c1aa11fe1bdd00

188.114.96.1

200 OK

422 kB

URL GET HTTP/3
prfectnewoffers.net/js/l.js?id=f699e0c1aa11fe1bdd00
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Certificate
IssuerLet's Encrypt
Subjectprfectnewoffers.net
FingerprintFF:D8:95:43:76:67:B6:52:98:93:00:95:5A:76:EF:D4:D3:15:07:F3
ValidityWed, 10 Apr 2024 05:08:54 GMT - Tue, 09 Jul 2024 05:08:53 GMT

File type

Size
422 kB (421698 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/l.js?id=f699e0c1aa11fe1bdd00 HTTP/1.1
Host: prfectnewoffers.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prfectnewoffers.net/bit-gpt-pp-ai/?oid=133&qze=1&hitid=9c0214c3-b83c-4b2f-aaa3-4b32ef246af8&aff_sub=&saf=&cvu=&action=&aff_sub5=&url_id=133&aff_sub2=&aff_sub3=&aff_sub4=&tracker=cg&language=
Cookie: XSRF-TOKEN=eyJpdiI6IlZ4YmpYdFwvQkd0S1wvUmZsMG54MDhqUT09IiwidmFsdWUiOiJjY3JOSmlzaW82TGZLMUNNRmFja1NrS2d3MTlsY1lPTE1VdzhTSWU2ZkpYcGYxelBoUXd0SG85alExVklzVzluIiwibWFjIjoiMjVkYjk3YjA5ZjBlNGVkMDc0NDg2OTU4ZWYxNzY2ZDE1MjA4OGRjMDk1Y2FlMzU3NDRjMmVhNDk4MjM0NDM1NiJ9; c=eyJpdiI6ImMxcHRQVHdcL0ZGMGx5bHZyMmlMTWdRPT0iLCJ2YWx1ZSI6IkVLXC9Udkd0K2JEaWdxcXo2Z21maWJQYzhxXC9tY3ZwUitCVXBERzUwdExwZU1lSHlVTjN5dGduSGZxNW9xWWcySiIsIm1hYyI6ImIzZThlYmI5MGQ3ZTVkZDBiMjRmMjZlZTM4MWNmYzEwNzA3MjgxZTc0Y2ZiZWI0ZTU3Mzg2ZTc1MDUzMDRkMTAifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 07:52:03 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 12:57:38 GMT
vary: Accept-Encoding
etag: W/"662ba4c2-66f42"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 3
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 2882
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=df6PzbfxEjQbp6cmf14VyGMsB1y7axWokLzjYrNN9o9IU5mfNzJGosi4gx26PjY%2BP63GzXS8pwe415cuAWRGWfkBV18E%2BI6Fzt33tZFYoGocwUt8LRv1zFOoaKTSivlicZiPaCQV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881858fabf3e56cc-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (74)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type