Report - www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.a119385af376881d977a941108a72bc39701515e47ea558ff9edc9bb9156dccb.1.4995656

Report Overview

Submitted URL
www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.a119385af376881d977a941108a72bc39701515e47ea558ff9edc9bb9156dccb.1.4995656
IP
185.53.179.170
ASN
#61969 Team Internet AG
Submitted
2023-05-13 20:44:51
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www2.megawebdeals.com	unknown	2009-05-19	2012-06-24	2023-05-12	3.5 kB	3.9 kB	185.53.179.170
ocsp.r2m01.amazontrust.com	unknown	2007-05-11	2022-10-12	2023-05-13	340 B	1.0 kB	143.204.48.16
oxbnr.amouronllne.com	unknown	2023-05-09	2023-05-11	2023-05-12	1.4 kB	34 kB	63.32.216.166
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-05-12	1.1 kB	33 kB	216.58.207.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-05-12	928 B	19 kB	142.250.74.74
go.proffering.xyz	unknown	2022-06-07	2022-06-08	2023-05-12	621 B	1.2 kB	20.113.187.208
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-12	2.0 kB	4.2 kB	142.250.74.131
www.gstatic.com	unknown	2008-02-11	2016-07-26	2023-05-12	3.6 kB	82 kB	142.250.74.35
a.crystalcrafter.top	unknown	2023-04-29	2023-05-09	2023-05-12	2.5 kB	124 kB	104.21.7.3
js.streampsh.top	unknown	2022-11-18	2023-05-01	2023-05-13	2.1 kB	44 kB	104.21.27.231
cdn-dimi.akamaized.net	unknown	2014-03-18	2022-07-07	2023-05-12	8.0 kB	2.0 MB	88.221.27.74
b.crystalcrafter.top	unknown	2023-04-29	2023-05-09	2023-05-12	1.4 kB	182 kB	104.21.7.3
d.crystalcrafter.top	unknown	2023-04-29	2023-05-09	2023-05-12	8.6 kB	267 kB	104.21.7.3
c.crystalcrafter.top	unknown	2023-04-29	2023-05-09	2023-05-12	746 B	43 kB	104.21.7.3
d38psrni17bvxu.cloudfront.net	unknown	2008-04-25	2022-09-22	2023-05-13	426 B	1.5 kB	54.230.245.138
fulbe-whs.com	unknown	2023-05-02	2023-05-02	2023-05-12	1.7 kB	4.0 kB	54.165.180.165
qwfuu.altairaquilae.top	unknown	2023-05-03	2023-05-11	2023-05-12	606 B	1.1 kB	104.21.94.247
qwfuu.crystalcrafter.top	unknown	2023-04-29	2023-05-10	2023-05-12	8.8 kB	284 kB	104.21.7.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-13 20:44:35	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-05-13	medium	oxbnr.amouronllne.com/ortb

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	oxbnr.amouronllne.com/?s1=43431&s2=1106323&s3=&s5=backuser&click_id=&iexpp=1&j1=1&j5=1&utm_source=da57dc555e50572d	0 B	2023-03-07	2024-05-05
Pretty URL oxbnr.amouronllne.com/?s1=43431&s2=1106323&s3=&s5=backuser&click_id=&iexpp=1&j1=1&j5=1&utm_source=da57dc555e50572d IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-05 03:38:46 Times Seen37352713 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdn-dimi.akamaized.net/landings/277386/1674482702/js/tn_pHash.js?1674482703	252 B	2023-03-07	2023-12-04
Pretty URL cdn-dimi.akamaized.net/landings/277386/1674482702/js/tn_pHash.js?1674482703 IP 88.221.27.74 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:19 Last Seen2023-12-04 06:45:22 Times Seen1475 Hash 3544c08851825a863747a126548d6993 01882998e61b9f93d5f346386fa633f6b8d95b2d 9804b1c7443db74b2d7fe81cf11d84c8f0d9a7dee281b4fe8c15552bdc7eed69 Loading...

	cdn-dimi.akamaized.net/landings/277386/1674482702/js/title_tanslate.js?1674482703	3.0 kB	2023-03-08	2024-05-04
Pretty URL cdn-dimi.akamaized.net/landings/277386/1674482702/js/title_tanslate.js?1674482703 IP 88.221.27.74 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:05:28 Last Seen2024-05-04 01:57:40 Times Seen3649 Hash 5f373fa5bf21c44b9ad23b70ef96e73d 068ef5b63ab18924a286f2c0c3ec46545e08c678 7f40bc2c95ee280de5320ae7d33f2e57eeeb0cda5b5820f2c456a0c9ba50ed77 Loading...

	oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1	2.1 kB	2023-05-13	2023-05-13
Pretty URL oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1 IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-13 22:44:55 Last Seen2023-05-13 22:44:55 Times Seen1 Hash 9667d2b089e295fb1683c1db14133733 7502af9917b15710144ff247159391eeb8a6b9c6 eb51d66ec3ebbcb4c29363b6edf5d70f40ce85c4de83641787a91b05ff5de220 Loading...

	cdn-dimi.akamaized.net/landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703	86 kB	2023-03-07	2024-05-05
Pretty URL cdn-dimi.akamaized.net/landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703 IP 88.221.27.74 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-05 00:45:15 Times Seen388441 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1	3.6 kB	2023-03-26	2023-05-17
Pretty URL oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1 IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 09:21:10 Last Seen2023-05-17 11:10:05 Times Seen17 Hash 8dd1849614c2371268c208f299970638 5c1c9aad0ee61fb0e6cabb1bfc9ca287b76a646d 7941ffaf4c1f078732bb0a353e91797b44dbf6be430bed59f9460680567dd4cd Loading...

	cdn-dimi.akamaized.net/landings/277386/1674482702/js/translates.js?1674482703	28 kB	2023-03-07	2023-11-27
Pretty URL cdn-dimi.akamaized.net/landings/277386/1674482702/js/translates.js?1674482703 IP 88.221.27.74 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:19 Last Seen2023-11-27 04:28:25 Times Seen1471 Hash 07cee83d1be10af1ca991d1c60abd6e2 b5f142d6aac82ede612b6cf96b1e7f25d797e87a 6fc50a9d3f16721904905fa44980c6cac2e3e82f5da71c18f84d289dd1bc54d3 Loading...

	oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1	9.7 kB	2023-05-13	2023-05-13
Pretty URL oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1 IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-13 22:44:55 Last Seen2023-05-13 22:44:55 Times Seen1 Hash 3e0ce728cc8d443dbceeff4f3a20ef90 a7977e48698460a099335e1d2c038db4ea14993f a60b8f251424a075a0bd88920ee3f102aa4d9945ee40010e90ee7ef4430b65fb Loading...

	cdn-dimi.akamaized.net/landings/277386/1674482702/js/function.js?1674482703	4.2 kB	2023-03-07	2024-01-30
Pretty URL cdn-dimi.akamaized.net/landings/277386/1674482702/js/function.js?1674482703 IP 88.221.27.74 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:43 Last Seen2024-01-30 06:51:41 Times Seen1355 Hash 5da2c51949f2a873bf0091a104658e72 89d122a536af95bd4183de41fa10e6947c9806e8 80a1aae3b07ee310419c80f52fb2f179bfebc74bf46598bc6b041455feef3201 Loading...

	cdn-dimi.akamaized.net/landings/277386/1674482702/js/vegas.js?1674482703	12 kB	2023-03-07	2024-03-04
Pretty URL cdn-dimi.akamaized.net/landings/277386/1674482702/js/vegas.js?1674482703 IP 88.221.27.74 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:43 Last Seen2024-03-04 11:45:24 Times Seen2745 Hash 9acc66fdf18dea05bd75165eb5a96259 f613c52a08155727d4f07536d7bc8df5b6fa0c84 4941450491d73ab79ffb428e660c4cb581acbbad86edf8e943211ea51fe3a6c1 Loading...

	oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1	302 B	2023-05-13	2023-05-13
Pretty URL oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1 IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-13 22:44:55 Last Seen2023-05-13 22:44:55 Times Seen1 Hash 19de8e51c9652e3baf37e06d0ca670af 752c497070ac3b14a29f2821f1e0fff91a02f3f5 c05f0ade0fa44ae1abcdcc299c642a9f710bf2835bd8156dd70a9aaafa35ac33 Loading...

HTTP Transactions (88)

URL IP Response Size

www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.a119385af376881d977a941108a72bc39701515e47ea558ff9edc9bb9156dccb.1.4995656

185.53.179.170

1.4 kB

URL
www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.a119385af376881d977a941108a72bc39701515e47ea558ff9edc9bb9156dccb.1.4995656
IP
185.53.179.170:0
ASN
#61969 Team Internet AG

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (397)
Size
1.4 kB (1376 bytes)
Hash
ef2ee57c8e749b04a532c90dfaea05b9
31ef75cf20dad8b05d6520848a8eaa41c29a1556
97a0fae9ed2b35d430fb0ba36ae33adea5ee4f89b8deeb018b6f8f40722b9938

HTTP Headers

GET /search.php?q=1234.1027.280.4096.0.a119385af376881d977a941108a72bc39701515e47ea558ff9edc9bb9156dccb.1.4995656 HTTP/1.1
Host: www2.megawebdeals.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 13 May 2023 20:44:32 GMT
Server: nginx
Vary: Accept-Encoding
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_YhP6fgrrgqIid9MPNK2Voh4/6ZdqJIcAooKZ8NqYvo2rzT6Y4ivRSFUrIlFc4vLEtOqxKB/aBMXG9sjtu+9dNw==
X-Buckets: bucket011,bucket077
X-Domain: megawebdeals.com
X-Language: norwegian
X-Redirect: zeropark_zeroclick
X-Subdomain: www2
X-Template: tpl_CleanPeppermintBlack_twoclick
Content-Length: 1376

d38psrni17bvxu.cloudfront.net/scripts/js3.js

54.230.245.138

1.1 kB

URL
d38psrni17bvxu.cloudfront.net/scripts/js3.js
IP
54.230.245.138:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (468)
Size
1.1 kB (1096 bytes)
Hash
a66b149a7ebc798955373415d683f32a
15ceaba8cfae8368600620ae97aa26ae7331d626
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9

HTTP Headers

GET /scripts/js3.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www2.megawebdeals.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
content-length: 1096
server: nginx
date: Sat, 13 May 2023 00:54:14 GMT
last-modified: Mon, 23 Jan 2023 11:12:07 GMT
accept-ranges: bytes
etag: "63ce6b87-448"
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -WyEHOa0WVD_se8rVedphKOGw-T1uwBrKRZjmOqKuWO8HKd-AuTgbA==
age: 71419
X-Firefox-Spdy: h2

www2.megawebdeals.com/track.php?domain=megawebdeals.com&toggle=browserjs&uid=MTY4NDAxMDY3Mi42MTk0OmYzZmNmNTg1N2NiMWE0NjBlYzQ2ZTExNDVhMzY2MzI5MWFiZGJlNGVkMjc0YmIwNzc1YzczNWYzNmYxNzBmMWU6NjQ1ZmY2YjA5NzNhMQ%3D%3D

185.53.179.170

20 B

URL
www2.megawebdeals.com/track.php?domain=megawebdeals.com&toggle=browserjs&uid=MTY4NDAxMDY3Mi42MTk0OmYzZmNmNTg1N2NiMWE0NjBlYzQ2ZTExNDVhMzY2MzI5MWFiZGJlNGVkMjc0YmIwNzc1YzczNWYzNmYxNzBmMWU6NjQ1ZmY2YjA5NzNhMQ%3D%3D
IP
185.53.179.170:0
ASN
#61969 Team Internet AG

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /track.php?domain=megawebdeals.com&toggle=browserjs&uid=MTY4NDAxMDY3Mi42MTk0OmYzZmNmNTg1N2NiMWE0NjBlYzQ2ZTExNDVhMzY2MzI5MWFiZGJlNGVkMjc0YmIwNzc1YzczNWYzNmYxNzBmMWU6NjQ1ZmY2YjA5NzNhMQ%3D%3D HTTP/1.1
Host: www2.megawebdeals.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.a119385af376881d977a941108a72bc39701515e47ea558ff9edc9bb9156dccb.1.4995656
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 13 May 2023 20:44:33 GMT
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Content-Length: 20

www2.megawebdeals.com/ls.php?t=645ff6b0&token=c411960853992077705f1709ab506152a4f97475

185.53.179.170

16 B

URL
www2.megawebdeals.com/ls.php?t=645ff6b0&token=c411960853992077705f1709ab506152a4f97475
IP
185.53.179.170:0
ASN
#61969 Team Internet AG

File type
JSON data\012- , ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

HTTP Headers

GET /ls.php?t=645ff6b0&token=c411960853992077705f1709ab506152a4f97475 HTTP/1.1
Host: www2.megawebdeals.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.a119385af376881d977a941108a72bc39701515e47ea558ff9edc9bb9156dccb.1.4995656
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 201 Created
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Origin: 
Access-Control-Max-Age: 86400
Charset: utf-8
Content-Type: text/javascript;charset=UTF-8
Date: Sat, 13 May 2023 20:44:33 GMT
Server: nginx
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_MWAu2FbQixiPyzCmzjSiyGSVBuDMumZtDK6dSpRnfurmuxP/WuUtpDjuyr4XnDcr4BeP2sIRTh1NfLWhki8drA==
X-Log-Success: 645ff6b125c79a674c36f56a
Content-Length: 16

www2.megawebdeals.com/favicon.ico

185.53.179.170

0 B

URL
www2.megawebdeals.com/favicon.ico
IP
185.53.179.170:0
ASN
#61969 Team Internet AG

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www2.megawebdeals.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.a119385af376881d977a941108a72bc39701515e47ea558ff9edc9bb9156dccb.1.4995656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 0
Content-Type: image/x-icon
Date: Sat, 13 May 2023 20:44:33 GMT
Etag: "5ebab1f0-0"
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
Server: nginx

www2.megawebdeals.com/track.php?click=56d0b9b8d2d42fdaaac132a90d0b3551e46e57c2&domain=megawebdeals.com&uid=MTY4NDAxMDY3Mi42MTk0OmYzZmNmNTg1N2NiMWE0NjBlYzQ2ZTExNDVhMzY2MzI5MWFiZGJlNGVkMjc0YmIwNzc1YzczNWYzNmYxNzBmMWU6NjQ1ZmY2YjA5NzNhMQ%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTEsYnVja2V0MDc3fHx8fHx8NjQ1ZmY2YjA5NzM4Ynx8fDE2ODQwMTA2NzIuOTA2M3w4Mjk3OWY2M2YzMmNlYjAyYTJmMzUxN2I3NWQyZTYyOGY4MGRjNTJkfHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18YzQxMTk2MDg1Mzk5MjA3NzcwNWYxNzA5YWI1MDYxNTJhNGY5NzQ3NXwwfGRwLXRlYW1pbnRlcm5ldDA3XzNwaHwwfDA%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off

185.53.179.170

20 B

URL
www2.megawebdeals.com/track.php?click=56d0b9b8d2d42fdaaac132a90d0b3551e46e57c2&domain=megawebdeals.com&uid=MTY4NDAxMDY3Mi42MTk0OmYzZmNmNTg1N2NiMWE0NjBlYzQ2ZTExNDVhMzY2MzI5MWFiZGJlNGVkMjc0YmIwNzc1YzczNWYzNmYxNzBmMWU6NjQ1ZmY2YjA5NzNhMQ%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTEsYnVja2V0MDc3fHx8fHx8NjQ1ZmY2YjA5NzM4Ynx8fDE2ODQwMTA2NzIuOTA2M3w4Mjk3OWY2M2YzMmNlYjAyYTJmMzUxN2I3NWQyZTYyOGY4MGRjNTJkfHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18YzQxMTk2MDg1Mzk5MjA3NzcwNWYxNzA5YWI1MDYxNTJhNGY5NzQ3NXwwfGRwLXRlYW1pbnRlcm5ldDA3XzNwaHwwfDA%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off
IP
185.53.179.170:0
ASN
#61969 Team Internet AG

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /track.php?click=56d0b9b8d2d42fdaaac132a90d0b3551e46e57c2&domain=megawebdeals.com&uid=MTY4NDAxMDY3Mi42MTk0OmYzZmNmNTg1N2NiMWE0NjBlYzQ2ZTExNDVhMzY2MzI5MWFiZGJlNGVkMjc0YmIwNzc1YzczNWYzNmYxNzBmMWU6NjQ1ZmY2YjA5NzNhMQ%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTEsYnVja2V0MDc3fHx8fHx8NjQ1ZmY2YjA5NzM4Ynx8fDE2ODQwMTA2NzIuOTA2M3w4Mjk3OWY2M2YzMmNlYjAyYTJmMzUxN2I3NWQyZTYyOGY4MGRjNTJkfHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18YzQxMTk2MDg1Mzk5MjA3NzcwNWYxNzA5YWI1MDYxNTJhNGY5NzQ3NXwwfGRwLXRlYW1pbnRlcm5ldDA3XzNwaHwwfDA%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off HTTP/1.1
Host: www2.megawebdeals.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.a119385af376881d977a941108a72bc39701515e47ea558ff9edc9bb9156dccb.1.4995656
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 13 May 2023 20:44:33 GMT
Server: nginx
Vary: Accept-Encoding
X-View-Match: true
Content-Length: 20

ocsp.r2m01.amazontrust.com/

143.204.48.16

471 B

URL
ocsp.r2m01.amazontrust.com/
IP
143.204.48.16:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ba677970202d212d192195e82d91106b
5f3a54df9ee3e6f04a77d013f90173f2d1847309
443d24c750b60876c2926f9c0fd54edd9059396b099ed97ec30ce65bfbbf7da8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=131039
Date: Sat, 13 May 2023 20:44:34 GMT
Etag: "645f40dc-1d7"
Expires: Mon, 15 May 2023 09:08:33 GMT
Last-Modified: Sat, 13 May 2023 07:48:44 GMT
Server: ECAcc (nya/79F3)
X-Cache: Miss from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NFFSis9R_iIMlHgmuQBsJAOOIaYqFzzJ42RjbxCPrCVC-iHAJdDM8Q==
Age: 4789

fulbe-whs.com/zcvisitor/f6ff5908-f1ce-11ed-99ec-0a6fd39e7289/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97

54.165.180.165

1.1 kB

URL
fulbe-whs.com/zcvisitor/f6ff5908-f1ce-11ed-99ec-0a6fd39e7289/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97
IP
54.165.180.165:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.1 kB (1098 bytes)
Hash
e8701ab20d42ec8f70e42c31cc777b40
72d63c09a775c78c5a53dad4511c7fe16d60aa9d
7c4144f71fc2da01f7983382bb822b35330c7846f8b510c6cfd50df99a0c929a

HTTP Headers

GET /zcvisitor/f6ff5908-f1ce-11ed-99ec-0a6fd39e7289/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97 HTTP/1.1
Host: fulbe-whs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Sat, 13 May 2023 20:44:34 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: fwKsgjGc

fulbe-whs.com/zcredirect?visitid=f6ff5908-f1ce-11ed-99ec-0a6fd39e7289&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false

34.238.227.119

464 B

URL
fulbe-whs.com/zcredirect?visitid=f6ff5908-f1ce-11ed-99ec-0a6fd39e7289&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false
IP
34.238.227.119:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
464 B (464 bytes)
Hash
e1dafd8c17ae37be2806e4a7ebebfc17
5cdbbbc7d2607e46e34a42462b985467ae6bd8aa
1ab4cb777b57bbd3f1c5eac5138103c2271464ec3a44bed723deac8418a781ec

HTTP Headers

GET /zcredirect?visitid=f6ff5908-f1ce-11ed-99ec-0a6fd39e7289&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: fulbe-whs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://fulbe-whs.com/zcvisitor/f6ff5908-f1ce-11ed-99ec-0a6fd39e7289/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Sat, 13 May 2023 20:44:35 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: eOKWjFMt

fulbe-whs.com/favicon.ico

34.238.227.119

653 B

URL
fulbe-whs.com/favicon.ico
IP
34.238.227.119:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size
653 B (653 bytes)
Hash
ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: fulbe-whs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fulbe-whs.com/zcredirect?visitid=f6ff5908-f1ce-11ed-99ec-0a6fd39e7289&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 
Date: Sat, 13 May 2023 20:44:35 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: eOKWjFMt

go.proffering.xyz/15GUIL?zoneid=lateritious-falcon&campaignid=2069719&target=delta-ads-k8e57xm7d9&cost=0.001200&external_id=NON-ADULT

20.113.187.208

312 B

URL
go.proffering.xyz/15GUIL?zoneid=lateritious-falcon&campaignid=2069719&target=delta-ads-k8e57xm7d9&cost=0.001200&external_id=NON-ADULT
IP
20.113.187.208:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, ASCII text, with very long lines (312), with no line terminators
Size
312 B (312 bytes)
Hash
2718600485100f7a290144a499abc298
40a1565ae47e7aa8af69a3f0fcf49c1adcbefcf0
40d51142a9b2a30b10d4ad609ff842f0b70a0d2948867c4f9a281b31f2b813b4

HTTP Headers

GET /15GUIL?zoneid=lateritious-falcon&campaignid=2069719&target=delta-ads-k8e57xm7d9&cost=0.001200&external_id=NON-ADULT HTTP/1.1
Host: go.proffering.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://fulbe-whs.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.23.0
Date: Sat, 13 May 2023 20:44:35 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 312
Connection: keep-alive
X-Powered-By: Express
Set-Cookie: 15GUILo=20230513231684011343391; domain=.go.proffering.xyz; path=/;expires=Sun, 14 May 2023 20:44:35 GMT;  httpOnly=true;SameSite=None; Secure;
_pc_lc_id=15GUIL; domain=.go.proffering.xyz; path=/;expires=Sun, 14 May 2023 20:44:35 GMT;  httpOnly=true;SameSite=None; Secure;
peerclickcid=3b3b5241deb780ea32462b7220ad957e-11246-0513; domain=.go.proffering.xyz; path=/;expires=Sun, 14 May 2023 20:44:35 GMT;  httpOnly=true;SameSite=None; Secure;
_norg=1; domain=.go.proffering.xyz; path=/;expires=Sun, 14 May 2023 20:44:35 GMT;  httpOnly=true;SameSite=None; Secure;
Location: https://qwfuu.altairaquilae.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513
Vary: Accept

qwfuu.altairaquilae.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513

104.21.94.247

0 B

URL
qwfuu.altairaquilae.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513
IP
104.21.94.247:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513 HTTP/1.1
Host: qwfuu.altairaquilae.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://fulbe-whs.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 13 May 2023 20:44:35 GMT
content-length: 0
location: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
set-cookie: W7-lkuObDEWXzHM4LgqUhA=19; max-age=345600; path=/; samesite=lax
__pl=c81ddb3e-9462-42da-a096-d8822f1c2e67; expires=Tue, 13 May 2025 20:44:35 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IeDnvYOIyAlx6rMyqZdG4GshZFGez2OhfUY7kFQ2MlEH%2BVavbLOYp2t77uXqZTDE%2FoKXSVBDFFxQrzkTGLTrhb87AkW%2FdwddcM4zaartVtcGDJ7KgoZv6O1riBN0%2FFeKeAALd1JanwvcTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c6dbd830cceb524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

qwfuu.crystalcrafter.top/ph-new/assets/thumb-big.jpg

104.21.7.3

83 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/thumb-big.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Size
83 kB (82623 bytes)
Hash
cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788

HTTP Headers

GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-142bf"
cache-control: max-age=14400
cf-cache-status: HIT
age: 297
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IerXhBy45WpQA8MIhHsCMsWAFkWHElfznFnfQX0N40BD%2B3MDiHP9CmB6iX1u3IROL2PPiRlQ2hIl3QHaKFoln8wWB5RUfvMSEM%2FA%2BjlRb2VGmTk2hFqRhvLs0bMBuBMz%2BxXcRBABIS%2FMN14%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd850df7b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

js.streampsh.top/ps/pl.js?edg=true&fullscreen=true

104.21.27.231

1.1 kB

URL
js.streampsh.top/ps/pl.js?edg=true&fullscreen=true
IP
104.21.27.231:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2612), with no line terminators
Size
1.1 kB (1097 bytes)
Hash
0dba333948dfafc2c7425b4aadf8185d
9cd6d970a6bd52e0e8e54f8ad0e80ab13da7fc13
aa5200ce8a6b9c60f852ae45a468b47860a65f0b53e2824ef63c71db9157cef2

HTTP Headers

GET /ps/pl.js?edg=true&fullscreen=true HTTP/1.1
Host: js.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wBLYeounatpHQ1A%2F0w7yXdkwRXRVidzPmqEZ69YKIigx5XIJnbvqtIyS4kpsiCx9WruBDnOxdmFXS3HL2UkW5yt8Q2XVjpicvui93MuFNnZ4rvVSG%2BfADddSsk6dzMqe1Lhs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd853eb0b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ae974c8f61823ca8658979a1109cbd2d
623d134c2263c62a20d2e7bfcb3cb0f89e842a10
cde1c25877913540c22c959d5d8dccdc8e162ed9b9c891f3309d73ac1f9cea5e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 13 May 2023 20:44:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/firebasejs/8.4.1/firebase-app.js

142.250.74.35

6.8 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (21158)
Size
6.8 kB (6763 bytes)
Hash
e20da9cfaabf0b23d89c2335c06e2b03
b1af5616825acaba44bd714bd2685327abe896fd
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

HTTP Headers

GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 May 2023 06:18:54 GMT
expires: Fri, 10 May 2024 06:18:54 GMT
cache-control: public, max-age=31536000
age: 224742
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ae974c8f61823ca8658979a1109cbd2d
623d134c2263c62a20d2e7bfcb3cb0f89e842a10
cde1c25877913540c22c959d5d8dccdc8e162ed9b9c891f3309d73ac1f9cea5e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 13 May 2023 20:44:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 10 May 2023 00:16:42 GMT
expires: Thu, 09 May 2024 00:16:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 332874
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

qwfuu.crystalcrafter.top/ph-new/assets/rec-1.jpg

104.21.7.3

14 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-1.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (14404 bytes)
Hash
b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47

HTTP Headers

GET /ph-new/assets/rec-1.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3844"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m4KIaCllIAjeQdOpHRgBEeT4yF3f3S%2FA6BNGILRjQG4gdVtyFVbf5LjAMTFiJqgbLzRGnA7t9B0r7MU%2BfJbpgtfC49tlED1i03Q1TzLxJRY8bBqsYqEIAa4CBh3PWvgmKHAu%2F2CXaviv%2BLU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd88ebc5b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-2.jpg

104.21.7.3

11 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-2.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
11 kB (10890 bytes)
Hash
dbe1dba764a2ef20cf6760ad30539988
e14dca406d4f5932a9a4683635bbdf87def79eba
b0fe8ace388ec8556bcdd46cd30a03ddaadcf80d124e9052f2a19a27061829f7

HTTP Headers

GET /ph-new/assets/rec-2.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: image/jpeg
content-length: 10890
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2a8a"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vgtt8Baq7owO859Remg4CeXkYlCgoMR4D1HOSjg7AAYdLknvmI0VFT9lTzJR76hMio%2BPWN4i0p9sJ6RzFNdUMlrTn8HEJWSxIVIlRMTHGOWlmjCTQ5Pf3crNNnjH%2FmqwrbGyBtrx0emuCHU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd88fbc8b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-3.jpg

104.21.7.3

15 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-3.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
15 kB (15217 bytes)
Hash
4d58cecaa4f40c979917c8e4d907033f
f0c6d616bcc3f4bd5a1dadbca8254d9f34f2921c
9ee7f1aecdeb64f4ce54c5d0b7ea3d92b2e9d06a7f9cb7b793e39262cda05996

HTTP Headers

GET /ph-new/assets/rec-3.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: image/jpeg
content-length: 15217
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3b71"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vTGCY5Lag2eMFbJPimcLhKe6ZgkW37z%2FHsEzSr%2BvnT9sQk%2FSyUnryVqM69QqTolaAHJtGPEGMyAMq%2Bv7hufOF06rTYBkgvQ2arC8ADZLV1%2BmIdaUD442o%2FiVr8pEttPoMM7lYvTfhNxpRq4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd88fbd0b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-6.jpg

104.21.7.3

16 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-6.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
16 kB (15988 bytes)
Hash
4887925f773d2ba9caea39686f764c7f
98c9abb09854fee425dbd78ad623af053cec6721
6e1e474a8fc326cd06593e0c1a55d0e73126ada3bf169713b847e82d28646773

HTTP Headers

GET /ph-new/assets/rec-6.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: image/jpeg
content-length: 15988
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3e74"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KML9jw%2BAJ7GXFt5nkzu4MrPl3z4kM9oYLQ8axHyNFN9WS0V8flPy1GvDAiwglivNV8X0GvhSXxKq%2F%2FS%2FOFq2Tf1%2F50gwTKgU66Ca9D3fXBLmqQ7H18f8HugwC3qbqIPtcnpjS3pqzLQ%2FI7U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd890beeb505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-4.jpg

104.21.7.3

8.9 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-4.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
8.9 kB (8900 bytes)
Hash
8375f2a1249ce00f118c5b616ab71492
4e2d3bc095c01632578b0b39afbfc03f43e3fa42
f71320d61eb339fdb7b5d20249d4f6aa6e37e22e618dc83e8459da1db3f79483

HTTP Headers

GET /ph-new/assets/rec-4.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: image/jpeg
content-length: 8900
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-22c4"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3xKjkX6OplOOTTXyoFSmOvkFLxFQFCDAbCGDZNkHjIIkkb6FOI1vA4umSlmlDR2Q871Z4qNvBF0sfOf4DYXgz1rqn%2BZpQbOkAeSZLDxiZxk2pv9Q42Tsx%2BLs0pjf1kgnEKgP%2FMiEWX%2F3UDE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd890bebb505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-7.jpg

104.21.7.3

14 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-7.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13963 bytes)
Hash
f8af6bb4bdbbf2788da61a614e2f214e
d4a22a315356fcbc5f4a6af2d8a15e96721abddc
edb8c2bdc0f5612a5bf789af233ccaa63dd3751fbfaffb01be48e6e43e78b0bc

HTTP Headers

GET /ph-new/assets/rec-7.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: image/jpeg
content-length: 13963
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-368b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=seVgZK%2FyaWHXwlDQ%2B4nHDddncAR5Er8GVLoYYyEc1gTjz702lOBohYqx3BR3yPLUHFJ1z6UZ2I3y%2BtW4k3WLGDyl4IlgzBklHztAV1YApq5XCpco2rceo3j7Lx3Yxupkw1GIEgiyAePzlXs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd890bf1b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-5.jpg

104.21.7.3

13 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-5.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (13149 bytes)
Hash
f9ec603fbe19b12e8a8c1874eea3e5f2
0e24410f618ffa17dc6a9380a5b9a4c06dfba4a9
a77b6918c2799981aa1a09fc5f787ff109883093f2efd28beaf79031f5a8ac02

HTTP Headers

GET /ph-new/assets/rec-5.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: image/jpeg
content-length: 13149
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-335d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MAbMam8ch%2BKCLqZsEGF05O%2FpJwsSZN9UC4U1dC0InHidLVPCHdRqpljmN6nUid%2BQhTUamSDwrOqMyEdy7%2Fy39J9T2IY43p5iVV%2BYWg8IPNH5HVusVZAcogGwMM6edJRzc1wLJz6rXZIz1U4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd890be9b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-8.jpg

104.21.7.3

13 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-8.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (12992 bytes)
Hash
eb826882457e1589d8a7d3b3499c4556
91284882dec199a9cc02ffa3ef3c86505159ce12
4fad6c5d1cd5bdb7eea1b216774e831a6e59a11ddcc8b0881747a4d278d86940

HTTP Headers

GET /ph-new/assets/rec-8.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: image/jpeg
content-length: 12992
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-32c0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kmZMDtOCNrhDd0QuruvAjwH9PUf4YWnqOecKnwU8Fe0rF11o8ik%2F9GqlVLI5NI3eCJwpaDlt7I3L8WjD2zywj418iihmIFzLwj0LZiyPOXWXrf8p67Ymk%2FsYZ4DTG76tiHmo3rECdPTi3F4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd890bf3b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/1.jpg

104.21.7.3

14 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/1.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (14404 bytes)
Hash
b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47

HTTP Headers

GET /ph-new/assets/1.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3844"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l17ce%2By2LuyBAxqMHNzZtluncHmw9ADmsOMh0FEhaJ8MsLHpprut254KCauizTMv5McROSbUXXVmRolLF6uMGRJIPXdRmWV8WlCUQTA9gD3QZ2jb9KDzXdMZEZdkaPuRT0TXAsS1UO3xb8o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd890bf7b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/2.jpg

104.21.7.3

21 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/2.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
21 kB (21253 bytes)
Hash
c3f3eb5d00c73ac19828309a4cde4e96
be66f4e10a00d90a0f8fdc0a5a4dbd19c143d97d
626b570f2ffdf83add77f51246ccb195fec4c15e4289173b8183cd47e7cfd763

HTTP Headers

GET /ph-new/assets/2.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: image/jpeg
content-length: 21253
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-5305"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pM2%2BwRcYpuGOcY6XpIJC0VX%2BkUBoyUBIffronUNLlKQzvWxV0Vvnrj9Ej3cm3X91ZUMQ9jFez%2B0IquS9YOLl1pS3BB3hxE720RW6aSp%2FND5xBCkDDhE8b7bjcFyioI9fewgUNlooSNmDY6M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd890bfbb505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&appspot=

104.21.27.231

20 kB

URL
js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&appspot=
IP
104.21.27.231:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (23360), with no line terminators
Size
20 kB (19633 bytes)
Hash
1df412764dad47f2ce19ea707dd8c7ed
e3260d7ae5f31a7e0e4aec479615135918d8285b
56a176df2fe5326cbddc5edb14f070d06cbb5db98e9591e1768ed4d4aad97bc2

HTTP Headers

GET /ps/ps.js?edg=true&fullscreen=true&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&appspot= HTTP/1.1
Host: js.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
set-cookie: __psu=52f98de2-78f5-4688-a629-9bba2d36b0dc; expires=Tue, 13 May 2025 20:44:36 GMT; path=/; secure; samesite=none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i5Lp13xHTp5mJIWYjw7ciTc8SPlN7ckyx2epo2X4Fb8MsKqoM7WoTHjv0tYP8WXjDUtq3G5i8Q4NjBPKxi2b50SH0zrs3Js9Ggo2ayDDfnVZyyM8jQUmN69pQW0erHXuq20x"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd85dad31c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/4.jpg

104.21.7.3

14 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/4.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13611 bytes)
Hash
a4bef91e21afc13fed7f0bebcc6c4495
5dd2288d13e016a66fbe1f5605b2ed0fc3ad6326
44d3bf237a20f5d36a663aedd4a909a6118e6e35d6fe84971861f5638c070ecd

HTTP Headers

GET /ph-new/assets/4.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: image/jpeg
content-length: 13611
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-352b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6tdvZbnJN9JBVJ5pPU1xO7vx7Na2l5iOjCkJkR2ZbGhRtj3XhZ8nvOYaMI%2Fj3AbkCL%2FSuTWEOpIurSLjwun%2FjyeGv4lp2JpzuTWE5oI5Vl2R4uBtYJhCYhFDZZ7pE4UkLYCYQ65CHi6GCtw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd891c13b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/5.jpg

104.21.7.3

12 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/5.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
12 kB (11713 bytes)
Hash
113d196991f086fe21f82ee35286eddc
093b74a20c8902f13be1ee735f90a93e397227f9
34a3bc9a7aee67e35d57d4bb0bdccf08c3639da85d2421c58f6c4a92f5eee5e1

HTTP Headers

GET /ph-new/assets/5.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: image/jpeg
content-length: 11713
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2dc1"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pZ6bkYpWATdiuimTXAxyWK6n5j8LzpulduiYKGUqcNBfMr5eHvggGonMAzYBPqWu1ZDNI59KKYxz5DyuojVfKASBnHcaYMWLrUzDscxdyvo32uEg4U5xyufwP63ydZzZU3tckbO6Py9oGcA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd891c14b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/thumb-big.jpg

104.21.7.3

83 kB

URL
a.crystalcrafter.top/ph-new/assets/thumb-big.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Size
83 kB (82623 bytes)
Hash
cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788

HTTP Headers

GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-142bf"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6753
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q3fPLoO8rrXpyp66AQLdoHQbyThNlPzMWmxg%2BC0tBHmoJH7LxQcn6GGDqiDqSWPmhzuxIPhMB70pKNuEXSJBVRi38EOmdjeE8%2FAtoz%2FyPwSg1Kftsj2TPB%2BbRo%2FLe5F0YYRgwozm%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd89acb4b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/favicon.ico

104.21.7.3

0 B

URL
a.crystalcrafter.top/favicon.ico
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Sat, 13 May 2023 20:44:36 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1881
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jjy14J%2F7nSso%2BMZYOvgbLQO%2Fdk8%2FT3cTSjbhV7yM0Q3VQobPHdHf6ijWzpYY5hgzdw7vHrpLDMAe25l9BzUL%2F4GR2xE0vcP13Vm8nnMvj9VtgvHEGvDz9WvYN3RnFb62qtBCqlZzWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd8b1ebcb505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&appspot=

104.21.27.231

16 kB

URL
js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&appspot=
IP
104.21.27.231:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (23360), with no line terminators
Size
16 kB (15528 bytes)
Hash
1df412764dad47f2ce19ea707dd8c7ed
e3260d7ae5f31a7e0e4aec479615135918d8285b
56a176df2fe5326cbddc5edb14f070d06cbb5db98e9591e1768ed4d4aad97bc2

HTTP Headers

GET /ps/ps.js?edg=true&fullscreen=true&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&appspot= HTTP/1.1
Host: js.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/
Cookie: __psu=52f98de2-78f5-4688-a629-9bba2d36b0dc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v0Upwo1VUTG6RShvRDnpGEuIpHoWKv2dy3mkIhXEJin9Wu5yxdlFo0ix8VH3YDCZw2KiXYi5ol9na4p0h3vt4fbw0CBNVmNqpLcxXkB8ycPzcCko0HEWXkKDoRLr4P%2BKGoRY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd8a4f9e1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 10 May 2023 00:16:42 GMT
expires: Thu, 09 May 2024 00:16:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 332875
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

b.crystalcrafter.top/ph-new/assets/thumb-big.jpg

104.21.7.3

83 kB

URL
b.crystalcrafter.top/ph-new/assets/thumb-big.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Size
83 kB (82623 bytes)
Hash
cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788

HTTP Headers

GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:37 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-142bf"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4508
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9GdzIwjtc9QD5n9YTOMkoRwrOfWjc9UpYAv4PeNcB2YaWqHAAvpJXPABqs1%2F4ZESkC7vCXpG%2Bg3a1T1kk4wEuxwM%2FMfhogE1R063%2BSsjM6XNbsH4Jya%2FoMs4iC0sf0lmbcbJWBHRCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd8d0973b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

js.streampsh.top/ps/pl.js?edg=true&fullscreen=true

104.21.27.231

5.2 kB

URL
js.streampsh.top/ps/pl.js?edg=true&fullscreen=true
IP
104.21.27.231:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2612), with no line terminators
Size
5.2 kB (5185 bytes)
Hash
0dba333948dfafc2c7425b4aadf8185d
9cd6d970a6bd52e0e8e54f8ad0e80ab13da7fc13
aa5200ce8a6b9c60f852ae45a468b47860a65f0b53e2824ef63c71db9157cef2

HTTP Headers

GET /ps/pl.js?edg=true&fullscreen=true HTTP/1.1
Host: js.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/
Cookie: __psu=52f98de2-78f5-4688-a629-9bba2d36b0dc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ruxUVjjqQYSR5jA%2BTxq1cAvbVzVsqEvhZmGErxYz2eDjee3ohKlytIrfA0jn8uOTLD4alKnt2BfhnkyKKejukIEMmHpwZQqn7jBzhFBt3Bg7IIJ7Uf8Qx7Fms9zFB8o9vI8V"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd89cf2e1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-app.js

142.250.74.35

6.8 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (21158)
Size
6.8 kB (6763 bytes)
Hash
e20da9cfaabf0b23d89c2335c06e2b03
b1af5616825acaba44bd714bd2685327abe896fd
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

HTTP Headers

GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 May 2023 06:18:54 GMT
expires: Fri, 10 May 2024 06:18:54 GMT
cache-control: public, max-age=31536000
age: 224743
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 10 May 2023 00:16:42 GMT
expires: Thu, 09 May 2024 00:16:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 332875
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975

104.21.7.3

98 kB

URL
b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4233), with CRLF line terminators
Size
98 kB (98364 bytes)
Hash
c916b0032230dc45461448a9d5191da9
cca43f6ac66a63721abbfe3382eeef1638621175
247b5e37452e79fe61fd06fb5c1448b2ae4a13b12128851dd8cdb0c7b71c236a

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975 HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:37 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t93D62DOsmwuVxjgL6xE9s0DXrcOqpKk8EUgcSXgB%2BH%2BTLEHOksNUE1r69QVrBdUzoIW1t2oSOxAOtk%2FUrDp18NrsmB72ZTWChmAo%2FksVQZtdQGI%2BkwWAO9V80aBEOlNdnkFFe%2BWDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c6dbd8d0974b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975

104.21.7.3

28 kB

URL
a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4233), with CRLF line terminators
Size
28 kB (27879 bytes)
Hash
c916b0032230dc45461448a9d5191da9
cca43f6ac66a63721abbfe3382eeef1638621175
247b5e37452e79fe61fd06fb5c1448b2ae4a13b12128851dd8cdb0c7b71c236a

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975 HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S5VpUbkzB3Xi6%2BOv%2Baw9ZgmDHIgiyo6MNJz6UmY7J3F4pDcHx7tv12ZtFXu3GlrN%2F2tZwtwT2sU2ieGYdk3Yx3xKp6SFGEDtGZyDHcfle7jH5dxBFzwcHeNhE0Vu9jP7NvuByYsiRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c6dbd88ebb1b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-app.js

142.250.74.35

6.8 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (21158)
Size
6.8 kB (6763 bytes)
Hash
e20da9cfaabf0b23d89c2335c06e2b03
b1af5616825acaba44bd714bd2685327abe896fd
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

HTTP Headers

GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 May 2023 06:18:54 GMT
expires: Fri, 10 May 2024 06:18:54 GMT
cache-control: public, max-age=31536000
age: 224744
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 10 May 2023 00:16:42 GMT
expires: Thu, 09 May 2024 00:16:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 332876
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

d.crystalcrafter.top/ph-new/assets/thumb-big.jpg

104.21.7.3

83 kB

URL
d.crystalcrafter.top/ph-new/assets/thumb-big.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Size
83 kB (82623 bytes)
Hash
cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788

HTTP Headers

GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:38 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-142bf"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1991
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g7UmE2MGVmf7OjpOpdBdjPxP%2B3n0sDN3spa6jg8T%2FaG6XEpvgg%2BU1U4P46JCe6Rv1Om3%2BXhfKETrxpbzU8NJCZF2GuAD7cqUeRwSYoP%2Bh3hg%2FPIRMlKfDwZXL4ugy1xd1qNX%2FAshQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd93cc2eb505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/trls.js

104.21.7.3

12 kB

URL
d.crystalcrafter.top/ph-new/assets/trls.js
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
12 kB (11452 bytes)
Hash
2d452480e0a1246e5ed7e13278b99eee
dc1115b9c20884a07335bdf5abea5c399f5293d6
19b0897b045b6f67abdae0b9f6ca5987202456aa0d7bfc3b17128e94d2cf761d

HTTP Headers

GET /ph-new/assets/trls.js HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:38 GMT
content-type: application/javascript
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1e3f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1991
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eXsNVO53dVcX3aqrOeqMxkpcsbokbp3Qo%2F05ggwZPpd1psX0Hrfe2KgpRENGgLYMUUA2d4miLol64iJeljGwDwhxWOtfNLPPagNVGZ8ABfELleba%2FK%2Bf7govDfhQ1YAm0BYRIgxiUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd93bc28b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/style.css

104.21.7.3

11 kB

URL
a.crystalcrafter.top/ph-new/assets/style.css
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
11 kB (11077 bytes)
Hash
807d696b86114245f8eda3dce43f61ff
6d65ffaf8ec2107db8f1d29c410f152a8b809a56
7524af6d5f36df3e5d5c8148bc63e3956de050fa262fc0589e2a58dc606977bc

HTTP Headers

GET /ph-new/assets/style.css HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: text/css
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-5f33"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6753
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=annM2wmGPyjBCpceFu61joMY3FdyCMUs%2F8AIhcG4g%2FVI9i6Wch2MJCIOwUf1LmZWJnIoGblMu6ZeJpMkD5Yn51z36N%2FYpfFhMYbyZf3hmmOW3uo%2FbDv%2FBVbHe70I1EvD8a%2Fyu1jI8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd89acb6b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 10 May 2023 00:16:42 GMT
expires: Thu, 09 May 2024 00:16:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 332876
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975

104.21.7.3

42 kB

URL
c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4233), with CRLF line terminators
Size
42 kB (42297 bytes)
Hash
c916b0032230dc45461448a9d5191da9
cca43f6ac66a63721abbfe3382eeef1638621175
247b5e37452e79fe61fd06fb5c1448b2ae4a13b12128851dd8cdb0c7b71c236a

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975 HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:37 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8X91FZEDUy3MywLw%2BccK7kTSSr4lAFvKFa7Fz5ioL4W%2BGfr1OcVHogjRPlmj5kdw0ejWV6fe3W4yUlxZ0rtg1um0rYfqp7VEnN2fSwLs6WQR%2B1Q3UONbCmcywVrS8GIf%2FewkOKOA2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c6dbd906e6fb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-2.jpg

104.21.7.3

11 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-2.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
11 kB (10890 bytes)
Hash
dbe1dba764a2ef20cf6760ad30539988
e14dca406d4f5932a9a4683635bbdf87def79eba
b0fe8ace388ec8556bcdd46cd30a03ddaadcf80d124e9052f2a19a27061829f7

HTTP Headers

GET /ph-new/assets/rec-2.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:38 GMT
content-type: image/jpeg
content-length: 10890
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2a8a"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PKn%2BRChpWqYPEfGoSgiyVdiHVnC3dRFxtHKM2Y7cAIEK6rJCWXbo1H90xJPMnIT3TpPUb4TA3fnAuGOKedG5sHSjbVxpQNKfKFoJV9k2zHGIp1vcdjh3S3DKTPsRpclzMHHprktcmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd9739f8b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-3.jpg

104.21.7.3

15 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-3.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
15 kB (15217 bytes)
Hash
4d58cecaa4f40c979917c8e4d907033f
f0c6d616bcc3f4bd5a1dadbca8254d9f34f2921c
9ee7f1aecdeb64f4ce54c5d0b7ea3d92b2e9d06a7f9cb7b793e39262cda05996

HTTP Headers

GET /ph-new/assets/rec-3.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:38 GMT
content-type: image/jpeg
content-length: 15217
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3b71"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=35Tdlz7OrXtILCKXz6b%2BxBDATfS0nlow%2BIY%2FbyCFWPg4LZaqkWfncfSLI69r%2FmRrrDeowNKwu291%2BADHx2Z1JTH0G4NGOX9sNJvUek8nSUACBUtUCbY2fHdqBokCzP%2F6ypaDhWa4dQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd973a00b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-4.jpg

104.21.7.3

8.9 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-4.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
8.9 kB (8900 bytes)
Hash
8375f2a1249ce00f118c5b616ab71492
4e2d3bc095c01632578b0b39afbfc03f43e3fa42
f71320d61eb339fdb7b5d20249d4f6aa6e37e22e618dc83e8459da1db3f79483

HTTP Headers

GET /ph-new/assets/rec-4.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:38 GMT
content-type: image/jpeg
content-length: 8900
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-22c4"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jy%2BOxwae73mYwPkYD2vtcLtSRcUjk%2FRscO3wopj9%2FWMMVOgNXcRmnHJga9BupdrkMZcUiT6LvAcY%2FTZlNywhf4eNQ3qAPAEq6WQefMQAaY9LSKb1KwOl1R9%2FvJ3lqPlIX9HkUZW%2F0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd974a15b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-5.jpg

104.21.7.3

13 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-5.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (13149 bytes)
Hash
f9ec603fbe19b12e8a8c1874eea3e5f2
0e24410f618ffa17dc6a9380a5b9a4c06dfba4a9
a77b6918c2799981aa1a09fc5f787ff109883093f2efd28beaf79031f5a8ac02

HTTP Headers

GET /ph-new/assets/rec-5.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:38 GMT
content-type: image/jpeg
content-length: 13149
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-335d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3456
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i6TXTivNWL8zBnq3f5AsclWSGNdCT2zD2FQBWLaBy9ygeph2iLgaJYVv2hU8GwMFyNs2%2B2MtnC2UzYGDdnJjGLbtwEz0DEGc946dKMD%2FPDIUhXmzcJzoQQnhDLNGPLHPj41QKwLDbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd974a17b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-6.jpg

104.21.7.3

16 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-6.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
16 kB (15988 bytes)
Hash
4887925f773d2ba9caea39686f764c7f
98c9abb09854fee425dbd78ad623af053cec6721
6e1e474a8fc326cd06593e0c1a55d0e73126ada3bf169713b847e82d28646773

HTTP Headers

GET /ph-new/assets/rec-6.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:38 GMT
content-type: image/jpeg
content-length: 15988
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3e74"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3456
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2FKU7kV%2B5RgKgvBC6wmVHzqXFdkwwSf7aZPOb%2BWOJVDWg7Kirh5o78it3SkYDFeKxlXaLtZWtTvL%2FL0G1Tb3IxnVw%2FMR2xCPMi%2BC7rBhTFPexOpc8jd1txrJqFxGi7mKJ6iFgoY0Ag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd974a1ab505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-7.jpg

104.21.7.3

14 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-7.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13963 bytes)
Hash
f8af6bb4bdbbf2788da61a614e2f214e
d4a22a315356fcbc5f4a6af2d8a15e96721abddc
edb8c2bdc0f5612a5bf789af233ccaa63dd3751fbfaffb01be48e6e43e78b0bc

HTTP Headers

GET /ph-new/assets/rec-7.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:38 GMT
content-type: image/jpeg
content-length: 13963
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-368b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3456
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yvp2YoXoM6tq4yAPTGgbaFoSUcUQw234FeUKXdmJvznO7KiDHU9cESfRljpDHE7dnGwvksVkDohJdzfXk51UEfT58s0V1R9GUdKfUzHsUrXnrm2%2BgBWRZcyGlf%2F44%2B5It78Nx85vig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd974a1bb505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-8.jpg

104.21.7.3

13 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-8.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (12992 bytes)
Hash
eb826882457e1589d8a7d3b3499c4556
91284882dec199a9cc02ffa3ef3c86505159ce12
4fad6c5d1cd5bdb7eea1b216774e831a6e59a11ddcc8b0881747a4d278d86940

HTTP Headers

GET /ph-new/assets/rec-8.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:38 GMT
content-type: image/jpeg
content-length: 12992
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-32c0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3456
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2BOChLatp8oaUW3k4UQAZFF84k%2F3YcXcBi%2BhbZ%2FkdgYtMz3Prgfo%2BCKrv5q1vte9BQLM1Y4mrUrXmPX2eB7oftnZUFNdrcWOerNhhjT6goZ5UifgiT2SbDR%2BoNI5se6MId0qZ2BsFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd974a19b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/2.jpg

104.21.7.3

21 kB

URL
d.crystalcrafter.top/ph-new/assets/2.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
21 kB (21253 bytes)
Hash
c3f3eb5d00c73ac19828309a4cde4e96
be66f4e10a00d90a0f8fdc0a5a4dbd19c143d97d
626b570f2ffdf83add77f51246ccb195fec4c15e4289173b8183cd47e7cfd763

HTTP Headers

GET /ph-new/assets/2.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:38 GMT
content-type: image/jpeg
content-length: 21253
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-5305"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3456
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NqIy5fvYYoRYGK6JXW0O8mkqy4kkN%2FggpnV0GbUWyaPbsy8p4%2FnW2FGJB2Jq%2BwCKrfw0Ip0vShjT%2Bx0roBltRJXWycZH9o0er%2FtYsIh%2FBaOalukPI9v3uc3PddKWnIdF%2FR%2FzIKDioA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd976a39b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/1.jpg

104.21.7.3

14 kB

URL
d.crystalcrafter.top/ph-new/assets/1.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (14404 bytes)
Hash
b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47

HTTP Headers

GET /ph-new/assets/1.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:38 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3844"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3953
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cschuMXiIoj6G6cUeIhn82d58NZOIPalXtPAimX%2Fw426y%2B2afsPLsDmIhqb3OQhZRvzO5K6jxDd70DWEEGKqMKZ6V6VRnY5UybEcKbpERWU1Ep016de335T3MXPjyfkrMmY6a%2F1Jog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd976a3bb505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/3.jpg

104.21.7.3

11 kB

URL
d.crystalcrafter.top/ph-new/assets/3.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
11 kB (11094 bytes)
Hash
3f9b232e4a112a89dedcae34ff319dda
5c633886ceeaf3b1185e24253df6be39378c8e85
55fddecdb3ed8e536018523555d995f39f85304bbc00f65ab96472236b57a49a

HTTP Headers

GET /ph-new/assets/3.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:38 GMT
content-type: image/jpeg
content-length: 11094
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2b56"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3456
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XUSzLWrJQ9yQcoZ0ZWB0eQ8ayODqyvrw9FzkzRjt8O1SsCucFnI9g6sPyyYRJ2rgJpYGZBn3%2FgBY6hsqRPxYhYxzLtMVIM311fnLpt%2Br07pOHzz26HW1pbPRfADZXfvbp01vHi3cFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd976a3ab505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/4.jpg

104.21.7.3

14 kB

URL
d.crystalcrafter.top/ph-new/assets/4.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13611 bytes)
Hash
a4bef91e21afc13fed7f0bebcc6c4495
5dd2288d13e016a66fbe1f5605b2ed0fc3ad6326
44d3bf237a20f5d36a663aedd4a909a6118e6e35d6fe84971861f5638c070ecd

HTTP Headers

GET /ph-new/assets/4.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:38 GMT
content-type: image/jpeg
content-length: 13611
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-352b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3456
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yNzrIJtrqvK8SUDybJ8p7G7XR93x1J2O%2Fbvd30enrATJCC5ErCTmdG8pRLtTyA1y7R%2BC8qm0BKtZJcIy1cci4JW4aOBYqXqDWOZEHo8ZUEs5OOZsCV3JTRsRznev9co9cm3lJI2JMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd976a3cb505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/5.jpg

104.21.7.3

12 kB

URL
d.crystalcrafter.top/ph-new/assets/5.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
12 kB (11713 bytes)
Hash
113d196991f086fe21f82ee35286eddc
093b74a20c8902f13be1ee735f90a93e397227f9
34a3bc9a7aee67e35d57d4bb0bdccf08c3639da85d2421c58f6c4a92f5eee5e1

HTTP Headers

GET /ph-new/assets/5.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:38 GMT
content-type: image/jpeg
content-length: 11713
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2dc1"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3456
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7IqbzuRYgvSBK9e%2BbacaIyD4fH88CbN4xAukqUW9d2r4Yj2a%2F4IRwUv5SferdmC5Qpli6l9rm9ZRdFZzYlGh4DcYBzMWEPe%2BPA341LSyyaTpCesyFLr7W0d4cHtXH6flLDdMtf9eWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c6dbd976a3db505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn-dimi.akamaized.net/landings/277386/1674482702/css/popup.css?1674482703

88.221.27.74

200 OK

635 B

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/css/popup.css?1674482703
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
assembler source, ASCII text
Size
635 B (635 bytes)
Hash
5a61d45142ce5764a2b36dc75343fcd5
c44070187c0c8cec4de3aeeb8151f435c2280036
2b2e25e182e13fa2e4da12040c95d9847871400a9f3e258439620499cf287a8c

HTTP Headers

GET /landings/277386/1674482702/css/popup.css?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: bv87+9sEAgmF+9LmuaJa+60f+HCwvQ7gaxcSgupAnxavvLT0mzlVWXHwU9nfTHQNVV6BjRfVYJc=
x-amz-request-id: KPETMBYZ91Z3NR3T
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "5a61d45142ce5764a2b36dc75343fcd5"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sat, 13 May 2023 20:44:39 GMT
Content-Length: 635
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/js/function.js?1674482703

88.221.27.74

200 OK

688 B

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/js/function.js?1674482703
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text
Size
688 B (688 bytes)
Hash
5da2c51949f2a873bf0091a104658e72
89d122a536af95bd4183de41fa10e6947c9806e8
80a1aae3b07ee310419c80f52fb2f179bfebc74bf46598bc6b041455feef3201

HTTP Headers

GET /landings/277386/1674482702/js/function.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: /ugpl+ZA0b1doH5/3yLNYwjDAKG/jKCtMJkzvxvpvrzZL79aKEU2JjkQrEnyWNag7GXqsU0g1LQ=
x-amz-request-id: PQS3MC6QJD41C01W
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "5da2c51949f2a873bf0091a104658e72"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sat, 13 May 2023 20:44:39 GMT
Content-Length: 688
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/js/translates.js?1674482703

88.221.27.74

200 OK

10 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/js/translates.js?1674482703
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text
Size
10 kB (10048 bytes)
Hash
07cee83d1be10af1ca991d1c60abd6e2
b5f142d6aac82ede612b6cf96b1e7f25d797e87a
6fc50a9d3f16721904905fa44980c6cac2e3e82f5da71c18f84d289dd1bc54d3

HTTP Headers

GET /landings/277386/1674482702/js/translates.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: TIW3vRFhKm0yCOx8VQ93CAm5ZLwnxLU8dQXppKANNofjPZl8kwWFGfOniviPbWsAJbMVgRtfaBs=
x-amz-request-id: K8AD9DT85B3KC9GP
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "07cee83d1be10af1ca991d1c60abd6e2"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sat, 13 May 2023 20:44:39 GMT
Content-Length: 10048
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/css/style.css?1674482703

88.221.27.74

200 OK

3.0 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/css/style.css?1674482703
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text
Size
3.0 kB (2985 bytes)
Hash
c0e91ee9eeac065a145dea1b96ebfd1e
6b6d48177a222b18dc1de0ff775de8f6cb963431
daccaf7e9b15704dc69729967a3be708994fff4d7b6c3f63f17b9d37be32cdc5

HTTP Headers

GET /landings/277386/1674482702/css/style.css?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: iOgibq5bwefJNmBXigm/qdf31H9uHOKWbNj1r4p/15+8eEKl+gz6QF7Oq9nqECsCF/0ArpYr5Z0=
x-amz-request-id: 6GM9SRD41YNSD1QV
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "c0e91ee9eeac065a145dea1b96ebfd1e"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sat, 13 May 2023 20:44:39 GMT
Content-Length: 2985
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/js/vegas.js?1674482703

88.221.27.74

200 OK

3.4 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/js/vegas.js?1674482703
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text, with very long lines (11568), with CRLF line terminators
Size
3.4 kB (3401 bytes)
Hash
9acc66fdf18dea05bd75165eb5a96259
f613c52a08155727d4f07536d7bc8df5b6fa0c84
4941450491d73ab79ffb428e660c4cb581acbbad86edf8e943211ea51fe3a6c1

HTTP Headers

GET /landings/277386/1674482702/js/vegas.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: cnTKYV3j0ttH5Z4Sqnkq1TLYPTTKf16p6n7Tcz4Ajrk8GfHWfG08uqKcBGtoz81yZIyzVkp8T7k=
x-amz-request-id: K8ABFAWS7M4M20TR
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "9acc66fdf18dea05bd75165eb5a96259"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sat, 13 May 2023 20:44:39 GMT
Content-Length: 3401
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703

88.221.27.74

200 OK

30 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text, with very long lines (32065)
Size
30 kB (29855 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: g0wEjRbeH4tQ2F6XZ6eWOYGJi3wq/1gm9Kh41qYfI2gKqV/7B6qWVpgtkKR5XQNvRcnILDnk9Xo=
x-amz-request-id: K8AFWKA9RCF1DXHJ
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "2f6b11a7e914718e0290410e85366fe9"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sat, 13 May 2023 20:44:39 GMT
Content-Length: 29855
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/js/tn_pHash.js?1674482703

88.221.27.74

200 OK

252 B

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/js/tn_pHash.js?1674482703
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text
Size
252 B (252 bytes)
Hash
3544c08851825a863747a126548d6993
01882998e61b9f93d5f346386fa633f6b8d95b2d
9804b1c7443db74b2d7fe81cf11d84c8f0d9a7dee281b4fe8c15552bdc7eed69

HTTP Headers

GET /landings/277386/1674482702/js/tn_pHash.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: RKQIuPs47jw+GgV2YdzWtFHlInC0b1aKeP34MEdhK5mIMAIi06KYslboBYE8MYcQk0fLCThqxAk=
x-amz-request-id: 9VNGXFK5QS5WRCK2
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "3544c08851825a863747a126548d6993"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 252
Server: AmazonS3
Date: Sat, 13 May 2023 20:44:39 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/js/title_tanslate.js?1674482703

88.221.27.74

200 OK

1.3 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/js/title_tanslate.js?1674482703
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
1.3 kB (1298 bytes)
Hash
5f373fa5bf21c44b9ad23b70ef96e73d
068ef5b63ab18924a286f2c0c3ec46545e08c678
7f40bc2c95ee280de5320ae7d33f2e57eeeb0cda5b5820f2c456a0c9ba50ed77

HTTP Headers

GET /landings/277386/1674482702/js/title_tanslate.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: womzwfdvfx122HJC0dkG0vHaksbMgIvli2lULFltXAz+5rgXrN7rmt336XJc+hVlIHRzOUBFSVk=
x-amz-request-id: 9VNRHSM75H7FXJE5
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "5f373fa5bf21c44b9ad23b70ef96e73d"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sat, 13 May 2023 20:44:39 GMT
Content-Length: 1298
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975

104.21.7.3

25 kB

URL
qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4233), with CRLF line terminators
Size
25 kB (25220 bytes)
Hash
c916b0032230dc45461448a9d5191da9
cca43f6ac66a63721abbfe3382eeef1638621175
247b5e37452e79fe61fd06fb5c1448b2ae4a13b12128851dd8cdb0c7b71c236a

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975 HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=3b3b5241deb780ea32462b7220ad957e-11246-0513&sub_id=parkdom&hash=OjGGNrUc1iKWyv8IazcnyA&exp=1684010975
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 13 May 2023 20:44:36 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EoYf%2BCtvd%2FtGqJNACln8xTYFmlR2zilkHsP7oaIAhcCn1kcawEHXnmTqpccywhDK0wFkHO1DdbSsdgG6jzDu4bahF%2Ba9CLEdRMQ6ePKBva9t%2FXaMfZb1kX6QwnFfJH6KRNzmc8ADMvPw77Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c6dbd850dfdb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo.png

88.221.27.74

200 OK

41 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo.png
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
PNG image data, 1024 x 256, 8-bit/color RGBA, non-interlaced\012- data
Size
41 kB (40774 bytes)
Hash
c0647e470e90e4e76c886ef3f4c651ac
fe1dd72ac0432bd8f261672c7c336cf902503d3c
1d4ad487984a8f689c904f3c2532f034b03d361c081dae581752cdc20d983037

HTTP Headers

GET /landings/277386/1674482702/images/logo.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: saaPX+6fCw1usaKklFw/lLXMWpDahD/h8HepIyRfp7tUjVa7nFU3kzNWR8/Kzs6O4Gu2cP8tbQI=
x-amz-request-id: 40R9FR8B9BMRDAP2
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "c0647e470e90e4e76c886ef3f4c651ac"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 40774
Date: Sat, 13 May 2023 20:44:39 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/images/110010_2.jpg

88.221.27.74

200 OK

29 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/110010_2.jpg
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 682x388, components 3\012- data
Size
29 kB (29319 bytes)
Hash
2b8ac4e50a5bbbe4e6ea964bec7f3086
5486267315a7cd9eca01fa2fc6007060189c8b4f
8f700ae9dd68bd1130d528b77e1de92b4945e036060fdb01a02ccc148ab24ab3

HTTP Headers

GET /landings/277386/1674482702/images/110010_2.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: S10dPOpyBqY7oQzqzXfrZlfoHTUh6afcFTek1SEhaCO5C4zowvEWBZApe9rkVvRTn0os/h31WsI=
x-amz-request-id: 40R8K5Q3GPVDKC89
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "2b8ac4e50a5bbbe4e6ea964bec7f3086"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 29319
Date: Sat, 13 May 2023 20:44:39 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/images/1.jpg

88.221.27.74

200 OK

62 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/1.jpg
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 900x1280, components 3\012- data
Size
62 kB (62164 bytes)
Hash
765620bf3d6dcdb5495b70409b6b4ba8
f4a00a38ca93130e5e0398deea0ba2f928e2172b
e0d65a21b743f7fe6de2f4bd57316546e7f30c7810740d68322a44dfe3004373

HTTP Headers

GET /landings/277386/1674482702/images/1.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 0IGyT7tlwD+javoqF5rupwK8gjGVk52VprSOJLiY//EhvaPsm5EfkLCuvSE+02Fsv8gqBo8Z6P0=
x-amz-request-id: VE9X02YRNZABFEV2
Last-Modified: Mon, 23 Jan 2023 14:05:06 GMT
ETag: "765620bf3d6dcdb5495b70409b6b4ba8"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 62164
Date: Sat, 13 May 2023 20:44:39 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
9be3fe14f68f6532597d14598507135b
60808c84e6454278fad41302a21f77b95c97e193
93e68f9214835f244c00eb7ba51a06c44a1c257b7d4c1a4c208c67d6a579d39b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 13 May 2023 20:44:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
9be3fe14f68f6532597d14598507135b
60808c84e6454278fad41302a21f77b95c97e193
93e68f9214835f244c00eb7ba51a06c44a1c257b7d4c1a4c208c67d6a579d39b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 13 May 2023 20:44:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css2?family=Ubuntu:wght@400;700&display=swap

142.250.74.74

200 OK

1.0 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Ubuntu:wght@400;700&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint9B:D0:53:C4:55:9D:41:A4:94:03:4A:2B:6A:5B:57:EB:EB:A5:F0:4A
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
gzip compressed data, max compression\012- data
Size
1.0 kB (1030 bytes)
Hash
3963b4f3bf9368b62d7447ec95ed6a1e
97558fe2fd1c97a1a1b8f4b524b5f7d88d20847e
89125b6a19f87a1ad4212a6b4afa0591fd95c2bf1f096141df7d0f551bd37869

HTTP Headers

GET /css2?family=Ubuntu:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 13 May 2023 20:44:39 GMT
date: Sat, 13 May 2023 20:44:39 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ae974c8f61823ca8658979a1109cbd2d
623d134c2263c62a20d2e7bfcb3cb0f89e842a10
cde1c25877913540c22c959d5d8dccdc8e162ed9b9c891f3309d73ac1f9cea5e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 13 May 2023 20:44:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ae974c8f61823ca8658979a1109cbd2d
623d134c2263c62a20d2e7bfcb3cb0f89e842a10
cde1c25877913540c22c959d5d8dccdc8e162ed9b9c891f3309d73ac1f9cea5e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 13 May 2023 20:44:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

oxbnr.amouronllne.com/ortb

63.32.216.166

200 OK

29 B

URL POST HTTP/2
oxbnr.amouronllne.com/ortb
IP
63.32.216.166:443
ASN
#16509 AMAZON-02

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerLet's Encrypt
Subject*.amouronllne.com
FingerprintF9:EC:62:24:A1:D6:2D:CD:91:E2:B4:81:1C:41:99:4A:3C:28:2C:2D
ValidityTue, 09 May 2023 08:01:37 GMT - Mon, 07 Aug 2023 08:01:36 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
c453d1e33844d14bbd7ec2846eb408f6
b934f52ed7fbed0cee5874cb0fcafdd1cb450fcd
2b159267580e469b4eed0aaf47253e353fdf727043d52d969bd85cbff7fd4a1a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /ortb HTTP/1.1
Host: oxbnr.amouronllne.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 330
Origin: https://oxbnr.amouronllne.com
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/?s1=43431&s2=1106323&s3=&s5=backuser&click_id=&iexpp=1&j1=1&j5=1&utm_source=da57dc555e50572d
Cookie: unique_id=645ff4e10009011d; unique_id2=645ff4e1000a94d3; 645ff4e1000a94d3_c=1; ref_token=1314_43431; 645ff4e1000a94d3_sl=[277386]
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 13 May 2023 20:44:39 GMT
content-type: text/plain; charset=utf-8
content-length: 29
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxbnr.amouronllne.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 13 May 2023 03:11:48 GMT
expires: Sun, 12 May 2024 03:11:48 GMT
cache-control: public, max-age=31536000
age: 63171
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap

142.250.74.74

200 OK

16 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint9B:D0:53:C4:55:9D:41:A4:94:03:4A:2B:6A:5B:57:EB:EB:A5:F0:4A
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
gzip compressed data, max compression\012- data
Size
16 kB (16438 bytes)
Hash
8b43bb61c3ca5de5afa71fe41a08e0b9
476a25c876fb48b0b52889e8a4893b80c873e7a0
f587d15772eac84ae6fcffa74c0c0de3db9db5be89c058f3b23a6184eb2eb059

HTTP Headers

GET /css2?family=Roboto:wght@300;400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 13 May 2023 20:44:39 GMT
date: Sat, 13 May 2023 20:44:39 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn-dimi.akamaized.net/landings/277386/1674482702/images/favicon.png?t=20230513204439

88.221.27.74

200 OK

4.1 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/favicon.png?t=20230513204439
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4093 bytes)
Hash
40a54c3ecf143b64096b063ff793fdbb
017eafffc5e55226a2aec0dd3c03f1b6130a6bab
39b439471019cb16f819e05166d23492593310fd55cce8471062d8f2dc5de423

HTTP Headers

GET /landings/277386/1674482702/images/favicon.png?t=20230513204439 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: Rfspv8gcrUbdk91V4hkf0D5j2kxpCzqU6vPK2X1EPgTgzP2N+V97ZctRCurJCmL183Q6zyzLArI=
x-amz-request-id: S9G7NM7MNVV1FP6D
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "40a54c3ecf143b64096b063ff793fdbb"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4093
Date: Sat, 13 May 2023 20:44:40 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/images/favicon.png?t=20230513204439

88.221.27.74

200 OK

4.1 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/favicon.png?t=20230513204439
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4093 bytes)
Hash
40a54c3ecf143b64096b063ff793fdbb
017eafffc5e55226a2aec0dd3c03f1b6130a6bab
39b439471019cb16f819e05166d23492593310fd55cce8471062d8f2dc5de423

HTTP Headers

GET /landings/277386/1674482702/images/favicon.png?t=20230513204439 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: Rfspv8gcrUbdk91V4hkf0D5j2kxpCzqU6vPK2X1EPgTgzP2N+V97ZctRCurJCmL183Q6zyzLArI=
x-amz-request-id: S9G7NM7MNVV1FP6D
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "40a54c3ecf143b64096b063ff793fdbb"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4093
Date: Sat, 13 May 2023 20:44:40 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/images/2.jpg

88.221.27.74

200 OK

103 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/2.jpg
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 960x1280, components 3\012- data
Size
103 kB (102832 bytes)
Hash
3b8b455b24c71ae1f928266241e9517e
8b98ca60c92b83e039c3b996f090883ed8b7ca75
c8d05f7eda85f68f0a08307eeee4e481282fda95570dd53f300b8aadd4f504f6

HTTP Headers

GET /landings/277386/1674482702/images/2.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: hODAwaxhhoNUzaw+wGQIdlKGG1r6rlm0Gl11mKPn3J7w0gqE64598E1ANjtxBygXrh+DY1h3pjY=
x-amz-request-id: JTW6JJFVF42X0DH8
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "3b8b455b24c71ae1f928266241e9517e"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 102832
Date: Sat, 13 May 2023 20:44:41 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/images/3.jpg

88.221.27.74

200 OK

150 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/3.jpg
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1108x1280, components 3\012- data
Size
150 kB (149812 bytes)
Hash
8ff03d86c53d978e5527374b5bcd5114
2b63b0853d74e24d74d26dbf9622c407e3c74ea9
10dedae19a11a0cf1cea2db4646bde720e63e35140f38ae3453fa2a4e4649e1c

HTTP Headers

GET /landings/277386/1674482702/images/3.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: Xirc4fkz0JOSaRS7VBS3M8nzLP7O9RnlkHucQpuinBkelD+B+7nBZr41dGSTLSs2/GCSrwUj0pg=
x-amz-request-id: XJSRKQFA4YQZWMJS
Last-Modified: Mon, 23 Jan 2023 14:05:06 GMT
ETag: "8ff03d86c53d978e5527374b5bcd5114"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 149812
Date: Sat, 13 May 2023 20:44:41 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/images/1.mp4

88.221.27.74

206 Partial Content

1.6 MB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/1.mp4
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
1.6 MB (1560164 bytes)
Hash
379ddec6d7d6e118bd7565d1c83dbb90
16becb1b44f3f35b0fa239668901338cba6eff06
5635dd2c6c23dfdc3e4eb82afc4231a27e8522ec332b8568a3fc7ae8755fec94

HTTP Headers

GET /landings/277386/1674482702/images/1.mp4 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 206 Partial Content
x-amz-id-2: 1Ax9N+Cfw91vDfS7SxXRZKuE+o4c4UcnjyTZdFm9/oi70hWYxtxdgby+ENQIv8dZ+MsudWMhl4o=
x-amz-request-id: FBRABVME30ZYGQHT
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "379ddec6d7d6e118bd7565d1c83dbb90"
Accept-Ranges: bytes
Content-Type: video/mp4
Server: AmazonS3
Date: Sat, 13 May 2023 20:44:41 GMT
Content-Range: bytes 0-1560163/1560164
Content-Length: 1560164
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxbnr.amouronllne.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 13 May 2023 07:44:41 GMT
expires: Sun, 12 May 2024 07:44:41 GMT
cache-control: public, max-age=31536000
age: 46798
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1

63.32.216.166

200 OK

34 kB

URL User Request GET HTTP/2
oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
IP
63.32.216.166:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subject*.amouronllne.com
FingerprintF9:EC:62:24:A1:D6:2D:CD:91:E2:B4:81:1C:41:99:4A:3C:28:2C:2D
ValidityTue, 09 May 2023 08:01:37 GMT - Mon, 07 Aug 2023 08:01:36 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (920)
Size
34 kB (33559 bytes)
Hash
9de9864e7ee8209a34751b9c34618531
1a2c9df8c087f79a988f159296719647ca267c52
f3a6bcc330e7a7db089b2d7867f11ae522a32caf9427cdd0437d8c554a1e73d0

HTTP Headers

GET /?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1 HTTP/1.1
Host: oxbnr.amouronllne.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 13 May 2023 20:44:39 GMT
content-type: text/html; charset=utf-8
set-cookie: unique_id=645ff4e10009011d; Path=/; Expires=Wed, 12 Jul 2023 20:44:39 GMT; Secure; SameSite=None
unique_id2=645ff4e1000a94d3; Path=/; Expires=Fri, 11 Aug 2023 20:44:39 GMT; Secure; SameSite=None
645ff4e1000a94d3_c=1; Path=/; Expires=Fri, 11 Aug 2023 20:44:39 GMT; Secure; SameSite=None
ref_token=1314_43431; Path=/; Expires=Mon, 12 Jun 2023 20:44:39 GMT; Secure; SameSite=None
impression=; Path=/; Expires=Sat, 13 May 2023 20:44:39 GMT; Secure; SameSite=None
645ff4e1000a94d3_sl=[277386]; Path=/; Expires=Sat, 27 May 2023 20:44:39 GMT; Secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo-white.png

88.221.27.74

200 OK

9.5 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo-white.png
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
PNG image data, 300 x 124, 8-bit colormap, non-interlaced\012- data
Size
9.5 kB (9461 bytes)
Hash
27a8fdccc08741c52422bd4852f87c3a
b103730d95829f64c0746b97a85e0ada4f6c18a2
7afbc6f7cb728a9b4dfd7791a8207c60bdd255ea2f00ba12880bee15f7fbdff0

HTTP Headers

GET /landings/277386/1674482702/images/logo-white.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 88wUEndrDOVjhFDoJFuImNKhB1vuAo0EPKK1v0j+XWtpjdZgrqXQzMAcudO4WTDX7q7XpMg0zrg=
x-amz-request-id: G2MAJFMWPEEEC571
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "27a8fdccc08741c52422bd4852f87c3a"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 9461
Date: Sat, 13 May 2023 20:44:39 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML