Report - v.worldactualnewz.com/submenu/5234825/

Report Overview

Submitted URL
v.worldactualnewz.com/submenu/5234825/
IP
172.64.162.37
ASN
#13335 CLOUDFLARENET
Submitted
2023-05-24 09:28:00
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
qwfuu.altairaquilae.top	unknown	2023-05-03	2023-05-11	2023-05-23	620 B	1.1 kB	172.67.142.37
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-23	2.0 kB	4.2 kB	142.250.74.131
c.crystalcrafter.top	unknown	2023-04-29	2023-05-09	2023-05-24	2.7 kB	236 kB	104.21.7.3
go.cmtrkg.com	unknown	2022-01-24	2022-01-24	2023-05-23	579 B	1.5 kB	172.255.248.105
lpmedia.servefilesonly.com	unknown	2022-03-17	2022-03-22	2023-05-23	9.6 kB	1.1 MB	104.18.11.149
main.proffering.xyz	unknown	2022-06-07	2022-10-31	2023-05-23	589 B	1.2 kB	20.113.188.243
js.streampsh.top	unknown	2022-11-18	2023-05-01	2023-05-23	1.1 kB	32 kB	104.21.27.231
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2023-05-23	435 B	31 kB	142.250.74.42
v.worldactualnewz.com	unknown	2023-01-21	2023-01-21	2023-05-10	476 B	658 B	172.64.163.37
my.rtmark.net	9054	2014-10-29	2015-02-04	2023-05-23	400 B	681 B	139.45.195.8
qwfuu.crystalcrafter.top	unknown	2023-04-29	2023-05-10	2023-05-24	11 kB	307 kB	104.21.7.3
www.gstatic.com	unknown	2008-02-11	2016-07-26	2023-05-23	3.1 kB	74 kB	216.58.211.3
a.crystalcrafter.top	unknown	2023-04-29	2023-05-09	2023-05-24	10 kB	306 kB	104.21.7.3
b.crystalcrafter.top	unknown	2023-04-29	2023-05-09	2023-05-24	8.0 kB	243 kB	104.21.7.3
feed.streampsh.top	unknown	2022-11-18	2023-05-01	2023-05-24	504 B	7.7 kB	104.21.27.231
www.milffinder.com	unknown	2002-05-08	2021-03-25	2023-05-24	730 B	22 kB	104.18.6.174
ocsp.usertrust.com	899	1997-12-05	2012-05-21	2023-05-23	332 B	1.0 kB	172.64.155.188
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2023-05-23	462 B	32 kB	104.18.10.207
www.highrevenuegate.com	unknown	2023-03-02	2023-03-03	2023-05-23	2.3 kB	3.9 kB	192.243.61.227
d.crystalcrafter.top	unknown	2023-04-29	2023-05-09	2023-05-24	8.1 kB	203 kB	104.21.7.3
o-2741.cloudtraff.com	392225	2019-07-17	2020-10-21	2023-05-23	637 B	1.2 kB	104.18.24.64
cdn.onesignal.com	3015	2011-09-10	2015-04-22	2023-05-23	419 B	10 kB	104.18.214.59
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-05-23	443 B	2.8 kB	142.250.74.74
czohf.rdtk.io	unknown	unknown	No data	No data	494 B	1.0 kB	37.48.87.182

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-24 09:27:45	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-05-24	medium	highrevenuegate.com
2023-05-24	medium	highrevenuegate.com

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	lpmedia.servefilesonly.com/build/templates/MobileChat2/scripts.min.js?1056004	1.5 kB	2023-05-20	2023-06-18
Pretty URL lpmedia.servefilesonly.com/build/templates/MobileChat2/scripts.min.js?1056004 IP 104.18.11.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-20 12:43:46 Last Seen2023-06-18 04:16:45 Times Seen43 Hash 4730f4ffbcd23964b68470b15563b32e 450eec9b922af410c8d87eeb80419061b690cb10 621506e149fa8b98f8eec600e16e90d2de61840859ff6e827358cdfd3cf755b7 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js	87 kB	2023-03-07	2024-04-25
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-25 13:55:36 Times Seen62354 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	cdn.onesignal.com/sdks/OneSignalSDK.js	9.2 kB	2023-04-01	2023-07-07
Pretty URL cdn.onesignal.com/sdks/OneSignalSDK.js IP 104.18.214.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 11:10:47 Last Seen2023-07-07 21:10:10 Times Seen4378 Hash 06f50014011c1fcd9e21b6b0481979de 3abc04cc0a3ee2e844f2b8bb6e50baa451882aa0 194addf8fd862999286b33cf83116babe8c700ba3a28111777f49ca72c429970 Loading...

	www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6	2.9 kB	2023-04-09	2024-04-25
Pretty URL www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6 IP 104.18.6.174 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-09 09:07:56 Last Seen2024-04-25 10:48:24 Times Seen348 Hash b1179cc35e215404754550cf55456472 c75791468a5cab7571a2124d0c798f64e8bc997e 4398ac008f8f1d6af018a5e670797343450e8b8712fa8455cbd29e3945e024e1 Loading...

	lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/scripts.min.js?1056004	22 kB	2023-03-10	2023-06-30
Pretty URL lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/scripts.min.js?1056004 IP 104.18.11.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:26:52 Last Seen2023-06-30 23:37:26 Times Seen139 Hash a60036b86607b092a2aa198436024e7b 07a9c9d37c6300684eac861f78b476bab9c35844 a1dca8107ce4f619cc1b33257c1f1cbacd657697d91a0551c1feef4803627c45 Loading...

	www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6	2.9 kB	2023-05-20	2023-10-17
Pretty URL www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6 IP 104.18.6.174 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-20 12:43:46 Last Seen2023-10-17 13:05:01 Times Seen47 Hash c36070bd9a98b2ac5d6ff91dceadde1c bbc3e71d8987f3a6c5772c7a3d1c2004caf13038 018fd2e67b9b5cde5e0d7af17940ce9400b27b8840a68051b3717807a5a5dbf6 Loading...

	lpmedia.servefilesonly.com/build/widgets/loginFormBuilder/scripts.min.js?1056004	3.2 kB	2023-03-09	2024-04-25
Pretty URL lpmedia.servefilesonly.com/build/widgets/loginFormBuilder/scripts.min.js?1056004 IP 104.18.11.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 21:24:56 Last Seen2024-04-25 10:48:24 Times Seen443 Hash 234d284d774d94a57afe158f4b75b9c1 db4bbb819f03d1c3785b96648f83526d993f9b8a 5d37e562434311caef8e5421351c7432ad680b84739fd104258f88efc25249c7 Loading...

HTTP Transactions (114)

URL IP Response Size

v.worldactualnewz.com/favicon.ico

172.64.163.37

0 B

URL
v.worldactualnewz.com/favicon.ico
IP
172.64.163.37:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: v.worldactualnewz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=cd81db2bb8f54a64bdae24aff8e79b89; oaidts=1684920458
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Wed, 24 May 2023 09:27:39 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=86400
cf-cache-status: HIT
age: 6183
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q4uws4iopdj9h%2BtoAwtKRDXDa8xD%2BenL0KsH2UE3NECkk1zDyTdRY45XNiBcAk6Y%2BiFRni1t9HMVyJBiOPKT1Jd9VoOyDY5cTYDZdKaRpmKXp%2BldWMJzA0leZSLSHr5%2FTou4sQZNeFw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc48108feee75cb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

ocsp.usertrust.com/

172.64.155.188

471 B

URL
ocsp.usertrust.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
f6ff55f98f519064127a0ccf4ee860c5
7f632f03553a79fd9d436d4fc20f6fff46185ba6
235182150246b0b69ae32e585756be4a30a9a0218156c30ddadb88295dbb68a7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 May 2023 09:27:39 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 22 May 2023 22:07:34 GMT
Expires: Mon, 29 May 2023 22:07:33 GMT
Etag: "7f632f03553a79fd9d436d4fc20f6fff46185ba6"
Cache-Control: max-age=602644,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7cc481092ea3fab8-OSL

my.rtmark.net/img.gif?f=merge&userId=cd81db2bb8f54a64bdae24aff8e79b89

139.45.195.8

43 B

URL
my.rtmark.net/img.gif?f=merge&userId=cd81db2bb8f54a64bdae24aff8e79b89
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

POST /img.gif?f=merge&userId=cd81db2bb8f54a64bdae24aff8e79b89 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Wed, 24 May 2023 09:27:39 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=cd81db2bb8f54a64bdae24aff8e79b89; expires=Thu, 23 May 2024 09:27:39 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

czohf.rdtk.io/646d9f4be54ddc000111d83c

37.48.87.182

222 B

URL
czohf.rdtk.io/646d9f4be54ddc000111d83c
IP
37.48.87.182:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document text\012- HTML document, ASCII text
Size
222 B (222 bytes)
Hash
a4947783458b9def4b4b9e03d77e8038
f7ebdd0ca23fb2be7035a7bf7c2e4b2442bc2d54
32511ad2bedc5e075d316b2852576d073e6c1474d90fc7028b6c13ceb0035914

HTTP Headers

GET /646d9f4be54ddc000111d83c HTTP/1.1
Host: czohf.rdtk.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 24 May 2023 09:27:39 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 222
Connection: keep-alive
Set-Cookie: redcmps=W3siaWQiOiI2NDZkOWY0YmU1NGRkYzAwMDExMWQ4M2MiLCJ0IjoiMjAyMy0wNS0yNFQwOToyNzozOS43ODEyMDM1NDNaIn1d; Path=/; Domain=czohf.rdtk.io; Expires=Thu, 25 May 2023 09:27:39 GMT; Secure; SameSite=None
redhash=NjQ2ZGQ4OGIyNzFlYWMwMDAxOGFjMmFifDB8NjQ2ZDlmNGJlNTRkZGMwMDAxMTFkODNjfHw1N2I2ZDQ4Yi0yZjYyLTQ5NDgtYjE5Ni03NWYyNzA0YzI0MmJ8MTY4NDkyMDQ1OQ==; Path=/; Domain=czohf.rdtk.io; Expires=Thu, 23 May 2024 09:27:39 GMT; Secure; SameSite=None
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

www.highrevenuegate.com/bvwfcpe7?key=427fb3ddeb513a807a1cf1f1de77f6c1

192.243.61.227

1.3 kB

URL
www.highrevenuegate.com/bvwfcpe7?key=427fb3ddeb513a807a1cf1f1de77f6c1
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (376)
Size
1.3 kB (1311 bytes)
Hash
796260b0d01b24e54e114b98f8064076
ca6091721e86d4e3f781c6eecf275005f8af15e8
28059857c41cf5c915527768940245baf5532078009ad612f9af45e60fac2497

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bvwfcpe7?key=427fb3ddeb513a807a1cf1f1de77f6c1 HTTP/1.1
Host: www.highrevenuegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 09:27:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=19391989; expires=Thu, 25 May 2023 09:27:40 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTM5MTk4OSwiayI6IjQyN2ZiM2RkZWI1MTNhODA3YTFjZjFmMWRlNzdmNmMxIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNTU2ODExLCJwaWQiOjkyMTg3NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjoyOCwicHQiOjQsInBrIjoiYnZ3ZmNwZTciLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MTc5MDg4OTQ4LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjEyNDM4NiwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMTEuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIn19.ZBMLoh5nHDNHtHAZDE2Oe7TfwBOmDovJoIR2lm2kzb4; expires=Wed, 24 May 2023 09:28:40 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b02507325610caffc0720b9e51dc85dd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.highrevenuegate.com/api/users?token=L2J2d2ZjcGU3P2tleT00MjdmYjNkZGViNTEzYTgwN2ExY2YxZjFkZTc3ZjZjMSZwc3Q9MTY4NDkyMDUyMCZybXRjPXQmc2h1PTQyZTU3MzQzMWQyZTAxNmY4MmZmYTkwZjc5YjE5ZjhjOWI0MmZhYWRlODU4MTM2NmQzNWE2NjUzNjIwOTFmNmJmOGFmOWMwMTQ1OGMwNDk2MWEzNmU5YjM4ZjkzOWI0OGM5ZDA4MGU0OTM0ODIyNjQwMWFhZGE4YjIwNDVlMzEzMzU3Mjk0MzY5Y2FiYTA2MTkwMTZhZTYwNzgxOTVkMDY5ZDJlNzA%3D&uuid=&pii=&in=false

173.233.137.52

0 B

URL
www.highrevenuegate.com/api/users?token=L2J2d2ZjcGU3P2tleT00MjdmYjNkZGViNTEzYTgwN2ExY2YxZjFkZTc3ZjZjMSZwc3Q9MTY4NDkyMDUyMCZybXRjPXQmc2h1PTQyZTU3MzQzMWQyZTAxNmY4MmZmYTkwZjc5YjE5ZjhjOWI0MmZhYWRlODU4MTM2NmQzNWE2NjUzNjIwOTFmNmJmOGFmOWMwMTQ1OGMwNDk2MWEzNmU5YjM4ZjkzOWI0OGM5ZDA4MGU0OTM0ODIyNjQwMWFhZGE4YjIwNDVlMzEzMzU3Mjk0MzY5Y2FiYTA2MTkwMTZhZTYwNzgxOTVkMDY5ZDJlNzA%3D&uuid=&pii=&in=false
IP
173.233.137.52:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /api/users?token=L2J2d2ZjcGU3P2tleT00MjdmYjNkZGViNTEzYTgwN2ExY2YxZjFkZTc3ZjZjMSZwc3Q9MTY4NDkyMDUyMCZybXRjPXQmc2h1PTQyZTU3MzQzMWQyZTAxNmY4MmZmYTkwZjc5YjE5ZjhjOWI0MmZhYWRlODU4MTM2NmQzNWE2NjUzNjIwOTFmNmJmOGFmOWMwMTQ1OGMwNDk2MWEzNmU5YjM4ZjkzOWI0OGM5ZDA4MGU0OTM0ODIyNjQwMWFhZGE4YjIwNDVlMzEzMzU3Mjk0MzY5Y2FiYTA2MTkwMTZhZTYwNzgxOTVkMDY5ZDJlNzA%3D&uuid=&pii=&in=false HTTP/1.1
Host: www.highrevenuegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.highrevenuegate.com/bvwfcpe7?key=a969ca5c9ad2611762f11b79a526e2d2&submetric=19391989
Cookie: u_pl=19391989; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTM5MTk4OSwiayI6IjQyN2ZiM2RkZWI1MTNhODA3YTFjZjFmMWRlNzdmNmMxIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNTU2ODExLCJwaWQiOjkyMTg3NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjoyOCwicHQiOjQsInBrIjoiYnZ3ZmNwZTciLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MTc5MDg4OTQ4LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjEyNDM4NiwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMTEuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIn19.ZBMLoh5nHDNHtHAZDE2Oe7TfwBOmDovJoIR2lm2kzb4; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Wed, 24 May 2023 09:27:41 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://main.proffering.xyz/15GW0z?zoneid=19391989&campaignid=781963&category=Social&cost=0.000520
Set-Cookie: iprc0695ff38ebba21dd6034fd032f928a4f=4223315; expires=Wed, 31 May 2023 09:27:41 GMT
pdhtkv=true; expires=Thu, 25 May 2023 09:27:41 GMT
uncs=1; expires=Thu, 25 May 2023 09:27:41 GMT
pdhtkv28=true; expires=Thu, 25 May 2023 09:27:41 GMT
uncs28=1; expires=Thu, 25 May 2023 09:27:41 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6ac4bf325dfc26d2cf05cbf4d4831816
Strict-Transport-Security: max-age=0; includeSubdomains

main.proffering.xyz/15GW0z?zoneid=19391989&campaignid=781963&category=Social&cost=0.000520

20.113.188.243

318 B

URL
main.proffering.xyz/15GW0z?zoneid=19391989&campaignid=781963&category=Social&cost=0.000520
IP
20.113.188.243:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, ASCII text, with very long lines (318), with no line terminators
Size
318 B (318 bytes)
Hash
7d33886a48a23d1635e9e38361a2e2ce
193dc725dd26a727faa23b67207a5732a68a15d3
b7b4c6e368296a745e4e8be6aef979c579302135dfaa140561ca26c6d2c376a6

HTTP Headers

GET /15GW0z?zoneid=19391989&campaignid=781963&category=Social&cost=0.000520 HTTP/1.1
Host: main.proffering.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highrevenuegate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.23.0
Date: Wed, 24 May 2023 09:27:45 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 318
Connection: keep-alive
X-Powered-By: Express
Set-Cookie: 15GW0zo=20230524121684920844646; domain=.main.proffering.xyz; path=/;expires=Thu, 25 May 2023 09:27:42 GMT;  httpOnly=true;SameSite=None; Secure;
_pc_lc_id=15GW0z; domain=.main.proffering.xyz; path=/;expires=Thu, 25 May 2023 09:27:42 GMT;  httpOnly=true;SameSite=None; Secure;
peerclickcid=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524; domain=.main.proffering.xyz; path=/;expires=Thu, 25 May 2023 09:27:45 GMT;  httpOnly=true;SameSite=None; Secure;
_norg=1; domain=.main.proffering.xyz; path=/;expires=Thu, 25 May 2023 09:27:45 GMT;  httpOnly=true;SameSite=None; Secure;
Location: https://qwfuu.altairaquilae.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=teradsmain&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524
Vary: Accept

qwfuu.altairaquilae.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=teradsmain&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524

172.67.142.37

0 B

URL
qwfuu.altairaquilae.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=teradsmain&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524
IP
172.67.142.37:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=teradsmain&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524 HTTP/1.1
Host: qwfuu.altairaquilae.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highrevenuegate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 24 May 2023 09:27:45 GMT
content-length: 0
location: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
set-cookie: W7-lkuObDEWXzHM4LgqUhA=19; max-age=345600; path=/; samesite=lax
__pl=fcb8499a-6100-4fd2-a662-831be44ce922; expires=Sat, 24 May 2025 09:27:45 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=afOLS2cAuMg4VZHgX%2FfZ9EJgbPImWMEYJsVg0Z3mVTI%2BEMsgnOJPOP5xolLgTYO1aPoO3pZIofHsvYBS6CAta4esuFmAxFN%2FLrRPgUNW2MLxzf4xI01nRaVzcbf2VIFsn1I9fLOng8iCyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cc4812dc9d7b4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

qwfuu.crystalcrafter.top/ph-new/assets/thumb-big.jpg

104.21.7.3

83 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/thumb-big.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Size
83 kB (82623 bytes)
Hash
cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788

HTTP Headers

GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:45 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-142bf"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4722
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zY%2FTmQvGiXMNXcDJZHdbeCsxpHxepE4bj%2Fg%2FA2AgK%2BhG4X2vMBtrRoz5hugPpav6aViyOUx51tH53T5qrM%2BBMeAxSILtknJg9Y72bEStD1Zgr%2F1hdT23O1V5ca%2BLJj44%2B668VkBhqO4koN0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481303c30b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/favicon.ico

104.21.7.3

0 B

URL
qwfuu.crystalcrafter.top/favicon.ico
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Wed, 24 May 2023 09:27:46 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4702
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=13f%2BKLxxHVOF0sltjHKn5wJncDsBWCsc2FK3RFTS0s9YNJ%2FnttFfjjI2c40JODMVN6Fs5CSapb%2B1cppLIMVFYNUO%2FhhB%2FhsVezFi0ROOXyVr%2F9%2B4BnB%2BmtygZZlEZaHNC5zkW3k8hXnoiRY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481323ffeb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0e2a51fc0a704370c246690b8e25c332
28b056e0210c4e5139982c887bbd5b416a7c888e
639b72f46177c45cf6faed4c59c70f988ba038216aceeb1a9734de3364da854d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 09:27:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/firebasejs/8.4.1/firebase-app.js

216.58.211.3

6.8 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (21158)
Size
6.8 kB (6763 bytes)
Hash
e20da9cfaabf0b23d89c2335c06e2b03
b1af5616825acaba44bd714bd2685327abe896fd
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

HTTP Headers

GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 May 2023 06:18:59 GMT
expires: Fri, 17 May 2024 06:18:59 GMT
cache-control: public, max-age=31536000
age: 529727
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0e2a51fc0a704370c246690b8e25c332
28b056e0210c4e5139982c887bbd5b416a7c888e
639b72f46177c45cf6faed4c59c70f988ba038216aceeb1a9734de3364da854d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 09:27:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

qwfuu.crystalcrafter.top/ph-new/assets/rec-1.jpg

104.21.7.3

14 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-1.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (14404 bytes)
Hash
b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47

HTTP Headers

GET /ph-new/assets/rec-1.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:46 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3844"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4723
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rT9uOgMjNpWGv0Z1FO3ZWiZ0lYSv4KG2zxjDFdNi8fi7wWlwpdCx07mcL1fhCFjs9sDb7qGpke8cIf77Vti0QQ8IQUi%2B2CvX%2FHQus3Czuab2ibAAfKFs4cXPNI%2FOCD595wZ0yzLTex529FQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481348bbeb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-3.jpg

104.21.7.3

15 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-3.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
15 kB (15217 bytes)
Hash
4d58cecaa4f40c979917c8e4d907033f
f0c6d616bcc3f4bd5a1dadbca8254d9f34f2921c
9ee7f1aecdeb64f4ce54c5d0b7ea3d92b2e9d06a7f9cb7b793e39262cda05996

HTTP Headers

GET /ph-new/assets/rec-3.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:46 GMT
content-type: image/jpeg
content-length: 15217
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3b71"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4723
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nGKeaOY8y8aGfuasqOhBOg2RkkaufWlwav%2FOVTVkXTYsXYAcLNOQlBlsPxHLPMZ1Pwj%2F7kfocOo0Eofrc8qJ%2FQUQGTy5llrx%2FPWHYuwB9sXvcypzJgNGGeuMffOXMp08igRMYyQU3NxGXfU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481349bc4b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-2.jpg

104.21.7.3

11 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-2.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
11 kB (10890 bytes)
Hash
dbe1dba764a2ef20cf6760ad30539988
e14dca406d4f5932a9a4683635bbdf87def79eba
b0fe8ace388ec8556bcdd46cd30a03ddaadcf80d124e9052f2a19a27061829f7

HTTP Headers

GET /ph-new/assets/rec-2.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:46 GMT
content-type: image/jpeg
content-length: 10890
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2a8a"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4723
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hAo8xhBMiu02je5sktRmfBM7VaS0FJo2TFTDgya44MuA4J0p5X9a1JGrMtQRBEhhIZCwYGDhfxJy%2B8IamhcJ2EpoRln1nSxd4P%2BTnJbDc95bnzf2wXiLcgO1EaDOdqy%2FYgel076hgYdxF7Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481349bc2b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-5.jpg

104.21.7.3

13 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-5.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (13149 bytes)
Hash
f9ec603fbe19b12e8a8c1874eea3e5f2
0e24410f618ffa17dc6a9380a5b9a4c06dfba4a9
a77b6918c2799981aa1a09fc5f787ff109883093f2efd28beaf79031f5a8ac02

HTTP Headers

GET /ph-new/assets/rec-5.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:46 GMT
content-type: image/jpeg
content-length: 13149
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-335d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4723
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QyGXI79t04%2BsS2aUbMu9sQlm%2BEP2vRuYkLMgu1wsZpnKe8uzYmkZ%2F6tzAD5uUdGxLpg7liroKUDUZoJsSYq%2Bw%2B4pCLncvU73JxmU0fQxHA9LUdUKejyoWV0HPWukawDdBJAJUrI6v8XCzXM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481349bccb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-4.jpg

104.21.7.3

8.9 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-4.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
8.9 kB (8900 bytes)
Hash
8375f2a1249ce00f118c5b616ab71492
4e2d3bc095c01632578b0b39afbfc03f43e3fa42
f71320d61eb339fdb7b5d20249d4f6aa6e37e22e618dc83e8459da1db3f79483

HTTP Headers

GET /ph-new/assets/rec-4.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:46 GMT
content-type: image/jpeg
content-length: 8900
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-22c4"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4723
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BCwRVhvsavBIZScDsHMquyPblPh7JQxLmZCKiJMxny4P5TNPjUooy3IwfFDWpOS0m8mrJWXLM8C1O6ZUo3HDc3Nsny3woOf4oPIjenV2lNvqlQ%2FppbqzfuQB%2BPENP%2F4uKfLlSNspcty0UxU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481349bc9b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-7.jpg

104.21.7.3

14 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-7.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13963 bytes)
Hash
f8af6bb4bdbbf2788da61a614e2f214e
d4a22a315356fcbc5f4a6af2d8a15e96721abddc
edb8c2bdc0f5612a5bf789af233ccaa63dd3751fbfaffb01be48e6e43e78b0bc

HTTP Headers

GET /ph-new/assets/rec-7.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:46 GMT
content-type: image/jpeg
content-length: 13963
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-368b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4723
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BoNjGm9FWEtdzfrofI8OhEaa1FT5OlR9wpyPjePDXpa6C0K3OoUYCOkSSv%2FOzUsc7lKoDWraTKUVBMwJu1iRBdBG5ikI2UHGAM%2BoLJQMKIQKyXFGtMtvJV5ELmx3eisFmJ2jvG5fW6lcS%2Fo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481349bd5b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-6.jpg

104.21.7.3

16 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-6.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
16 kB (15988 bytes)
Hash
4887925f773d2ba9caea39686f764c7f
98c9abb09854fee425dbd78ad623af053cec6721
6e1e474a8fc326cd06593e0c1a55d0e73126ada3bf169713b847e82d28646773

HTTP Headers

GET /ph-new/assets/rec-6.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:46 GMT
content-type: image/jpeg
content-length: 15988
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3e74"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4723
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HXpSFHj5zUKqxYZoMpeTAT4ZB5ip5BbeWqV9zAh0WPXrzwv%2BzuSuERRbMT7bnTJMwfUjl1it%2Bo5wP9LbfpwG5rQzvbiZY2FlyIGy1hJO6o5EehlNd9kqB6BbsdAJV%2FFHOHAtf8K8iW%2FvTsQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481349bd8b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-8.jpg

104.21.7.3

13 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-8.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (12992 bytes)
Hash
eb826882457e1589d8a7d3b3499c4556
91284882dec199a9cc02ffa3ef3c86505159ce12
4fad6c5d1cd5bdb7eea1b216774e831a6e59a11ddcc8b0881747a4d278d86940

HTTP Headers

GET /ph-new/assets/rec-8.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:46 GMT
content-type: image/jpeg
content-length: 12992
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-32c0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4723
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VAkQYBnnRLQJEYeXhyRbZ8fRXZmrBvJZIfwtT2qXTDNZhrGPEhJMM1R0jXUADBgTOuGkWI7PONZhZIVeSrYnhMJ8tF%2BX1btnErHC0j3cPiSn6StOXWbWcu8yWTNDPd7xg%2BS41NDBh3RQyVE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481349bdab4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/1.jpg

104.21.7.3

14 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/1.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (14404 bytes)
Hash
b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47

HTTP Headers

GET /ph-new/assets/1.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:46 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3844"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4723
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ixLrvnrgbb9kkzpSOLqA8QsHpvHaCNBGuibKjH7zBYm%2F05BtNQ9VUvy5ANoDWwULOHZRLaJQ%2B7aODfSR%2Bx3E3UYoLtJIQPF4%2Fpgcwby7%2BYBMgjTY6onHK23bHwVnfs6%2FsvS0Owc3N71ETL8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc48134abefb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/2.jpg

104.21.7.3

21 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/2.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
21 kB (21253 bytes)
Hash
c3f3eb5d00c73ac19828309a4cde4e96
be66f4e10a00d90a0f8fdc0a5a4dbd19c143d97d
626b570f2ffdf83add77f51246ccb195fec4c15e4289173b8183cd47e7cfd763

HTTP Headers

GET /ph-new/assets/2.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:46 GMT
content-type: image/jpeg
content-length: 21253
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-5305"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4723
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bSW8MRwHYwwwYo8yWI1BQnDyUhmwKsjFWKidtUEbZrOz2dPbCAYL60Gwv8uieuufICgY22VTkeLmihnmWoPFMvZn2Yt5I72dnBeKL7gnwUCsMc8VyXPtKD9oKRdK8t%2BaigiKbYlWxb13RcY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc48134bc0db4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/3.jpg

104.21.7.3

11 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/3.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
11 kB (11094 bytes)
Hash
3f9b232e4a112a89dedcae34ff319dda
5c633886ceeaf3b1185e24253df6be39378c8e85
55fddecdb3ed8e536018523555d995f39f85304bbc00f65ab96472236b57a49a

HTTP Headers

GET /ph-new/assets/3.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:46 GMT
content-type: image/jpeg
content-length: 11094
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2b56"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4723
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E3Mt1n%2F51JShN6lzJ9nM1VmgsT8Lv47csJIryj6oX1IiqqKvVdTMiVkoRdtRfasR8AyeDryOL%2FBOiIcH9c1CcN%2FS%2F8azOZrGPZJ5uWqjEJ9COSnEVFYTiiBPwgZNMk7hubV%2BG%2B4215UOz6c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc48134bc0cb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/4.jpg

104.21.7.3

14 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/4.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13611 bytes)
Hash
a4bef91e21afc13fed7f0bebcc6c4495
5dd2288d13e016a66fbe1f5605b2ed0fc3ad6326
44d3bf237a20f5d36a663aedd4a909a6118e6e35d6fe84971861f5638c070ecd

HTTP Headers

GET /ph-new/assets/4.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:46 GMT
content-type: image/jpeg
content-length: 13611
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-352b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4723
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FCBAW4s%2Bye1mAr%2Fmm2M2igplGir6OOdNjIAoKhe9Y52rRDWbQWulOZ047xVs3lplzUrsqwPWtYRPiTNoqbt52ridovj5jPjO6sCyA%2FoyZtAuzIfOUECmfRHV3wyhOol7YswKTVYcmO7vz7k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc48134bc0ab4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/5.jpg

104.21.7.3

12 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/5.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
12 kB (11713 bytes)
Hash
113d196991f086fe21f82ee35286eddc
093b74a20c8902f13be1ee735f90a93e397227f9
34a3bc9a7aee67e35d57d4bb0bdccf08c3639da85d2421c58f6c4a92f5eee5e1

HTTP Headers

GET /ph-new/assets/5.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:46 GMT
content-type: image/jpeg
content-length: 11713
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2dc1"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4723
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F5g8bGTO%2Bg7mN3hd6VXiqBxd8qAwiGuY7w3DkVFz0ra841red8nMDOYgxR2mpxm6yE87geNgx%2B9biXdk8j6ftnoeUHanvOLQ%2BoY8HN5jzL%2B3PmaMmwM7EXeMgA%2BbUbhj7T1M6ChJmY2KCsY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc48134bc15b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

216.58.211.3

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 18:53:40 GMT
expires: Wed, 22 May 2024 18:53:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 52446
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

a.crystalcrafter.top/ph-new/assets/thumb-big.jpg

104.21.7.3

83 kB

URL
a.crystalcrafter.top/ph-new/assets/thumb-big.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Size
83 kB (82623 bytes)
Hash
cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788

HTTP Headers

GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-142bf"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4659
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qabylKTN8ohrNV3sZcqTtUsAtOHX0%2B%2B5Ue%2BJEyDGzv2ZjHahXJNG3nOEg9b3ig2ujutRdoTx%2B5YZJxNUCg9LLL1%2BdQR1fQhitMdhS%2Fg6aic7tFKh%2B4UZocvfug2pHuOHusi80B%2BI0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc48137b8f6b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/trls.js

104.21.7.3

2.9 kB

URL
a.crystalcrafter.top/ph-new/assets/trls.js
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
2.9 kB (2913 bytes)
Hash
2d452480e0a1246e5ed7e13278b99eee
dc1115b9c20884a07335bdf5abea5c399f5293d6
19b0897b045b6f67abdae0b9f6ca5987202456aa0d7bfc3b17128e94d2cf761d

HTTP Headers

GET /ph-new/assets/trls.js HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: application/javascript
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1e3f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4659
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fx6olzzqQH83s9wE2mzYdpSnuIqYp13YbBJddxQp3mC0VoNITAIDk1ZC9jd1GQAJuh3aNy0KC%2FBAk5VC6y%2BuCblIuafA3JVIxOp723wRj2gtoJQwVfcbhIojJ4w6twTKHVd6ESTAgg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc48137b8e9b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-app.js

216.58.211.3

6.8 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (21158)
Size
6.8 kB (6763 bytes)
Hash
e20da9cfaabf0b23d89c2335c06e2b03
b1af5616825acaba44bd714bd2685327abe896fd
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

HTTP Headers

GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 May 2023 06:18:59 GMT
expires: Fri, 17 May 2024 06:18:59 GMT
cache-control: public, max-age=31536000
age: 529728
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

216.58.211.3

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 18:53:40 GMT
expires: Wed, 22 May 2024 18:53:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 52447
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

js.streampsh.top/ps/pl.js?edg=true&fullscreen=true

104.21.27.231

16 kB

URL
js.streampsh.top/ps/pl.js?edg=true&fullscreen=true
IP
104.21.27.231:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2763), with no line terminators
Size
16 kB (15571 bytes)
Hash
c8409dd7d34d07dcb58bcc964fb674da
09110579eed1a3a7cedf79aa258bd337a74bd644
daa69a5e86f32de4ab6cdac3ee241b8a3b7a30d60ecb335bfc20236fb675cbdb

HTTP Headers

GET /ps/pl.js?edg=true&fullscreen=true HTTP/1.1
Host: js.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/
Cookie: __psu=d37384f9-d0bc-4527-97d6-49296ee568e6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EC4hheIHVg6fVzh3Ly%2BFX2gy%2F%2BJnb98VnzM1xKv3UK%2BhRTfgD%2Fu76qupMXaNfUGEKejWF1S7FAMIfMnjSIWXexxOo8Et6NGkgJtkDd1gXgAWYW4ddHlZlL4JRBqc8MjZnDMZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc48137ce68b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/rec-2.jpg

104.21.7.3

200 OK

11 kB

URL GET HTTP/3
a.crystalcrafter.top/ph-new/assets/rec-2.jpg
IP
104.21.7.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Certificate
IssuerGoogle Trust Services LLC
Subjectcrystalcrafter.top
FingerprintAA:77:B0:4A:B9:CD:D5:08:E1:89:68:2F:19:DE:3D:71:8F:BA:91:97
ValiditySat, 29 Apr 2023 20:46:27 GMT - Fri, 28 Jul 2023 20:46:26 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
11 kB (10890 bytes)
Hash
dbe1dba764a2ef20cf6760ad30539988
e14dca406d4f5932a9a4683635bbdf87def79eba
b0fe8ace388ec8556bcdd46cd30a03ddaadcf80d124e9052f2a19a27061829f7

HTTP Headers

GET /ph-new/assets/rec-2.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: image/jpeg
content-length: 10890
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2a8a"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4659
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uit9LXCv2bSCsoPiiqE9husBKUVBmwZXJK3M57DzCUmsX%2FJphPEmRxNpebuzwIghMmbV8wRx7S3nVsx9xwBGU4X%2BJeCCT6Vo0CigLLV4M1GInY94zV1heSvdPiU2yevj4Hjxrpo%2B5A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4813b8f6cb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/rec-4.jpg

104.21.7.3

200 OK

8.9 kB

URL GET HTTP/3
a.crystalcrafter.top/ph-new/assets/rec-4.jpg
IP
104.21.7.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Certificate
IssuerGoogle Trust Services LLC
Subjectcrystalcrafter.top
FingerprintAA:77:B0:4A:B9:CD:D5:08:E1:89:68:2F:19:DE:3D:71:8F:BA:91:97
ValiditySat, 29 Apr 2023 20:46:27 GMT - Fri, 28 Jul 2023 20:46:26 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
8.9 kB (8900 bytes)
Hash
8375f2a1249ce00f118c5b616ab71492
4e2d3bc095c01632578b0b39afbfc03f43e3fa42
f71320d61eb339fdb7b5d20249d4f6aa6e37e22e618dc83e8459da1db3f79483

HTTP Headers

GET /ph-new/assets/rec-4.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: image/jpeg
content-length: 8900
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-22c4"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4659
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I3irOWS3J%2BUGd7z8dLf0%2Bu4sIirfGQ6gqxClu35ZM3%2BgXvp4G3R4xtkSEfcIMLh5izjV3K6bqaZ%2Bk%2BXHS%2Frr0mwy7HEVV%2FBc2h228%2BG74flmZ35%2BzGyDm9nAmWdIqIgyizStbhz3BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4813b8f75b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/rec-3.jpg

104.21.7.3

200 OK

15 kB

URL GET HTTP/3
a.crystalcrafter.top/ph-new/assets/rec-3.jpg
IP
104.21.7.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Certificate
IssuerGoogle Trust Services LLC
Subjectcrystalcrafter.top
FingerprintAA:77:B0:4A:B9:CD:D5:08:E1:89:68:2F:19:DE:3D:71:8F:BA:91:97
ValiditySat, 29 Apr 2023 20:46:27 GMT - Fri, 28 Jul 2023 20:46:26 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
15 kB (15217 bytes)
Hash
4d58cecaa4f40c979917c8e4d907033f
f0c6d616bcc3f4bd5a1dadbca8254d9f34f2921c
9ee7f1aecdeb64f4ce54c5d0b7ea3d92b2e9d06a7f9cb7b793e39262cda05996

HTTP Headers

GET /ph-new/assets/rec-3.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: image/jpeg
content-length: 15217
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3b71"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4659
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y3WWP77PFXeIyn81i%2FS3DCUP%2FJchb34iqKN%2FycXLk41kmuHmIANP7z5lXcVLyguBIIClfq0ZQ0ez0JCBB2%2FLqAskTj9%2BAznfw8tgghUrDGdv%2F5N%2FP%2FHC9b0D2SqL7disgDRRG%2FuP%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4813b8f70b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/rec-6.jpg

104.21.7.3

200 OK

16 kB

URL GET HTTP/3
a.crystalcrafter.top/ph-new/assets/rec-6.jpg
IP
104.21.7.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Certificate
IssuerGoogle Trust Services LLC
Subjectcrystalcrafter.top
FingerprintAA:77:B0:4A:B9:CD:D5:08:E1:89:68:2F:19:DE:3D:71:8F:BA:91:97
ValiditySat, 29 Apr 2023 20:46:27 GMT - Fri, 28 Jul 2023 20:46:26 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
16 kB (15988 bytes)
Hash
4887925f773d2ba9caea39686f764c7f
98c9abb09854fee425dbd78ad623af053cec6721
6e1e474a8fc326cd06593e0c1a55d0e73126ada3bf169713b847e82d28646773

HTTP Headers

GET /ph-new/assets/rec-6.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: image/jpeg
content-length: 15988
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3e74"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4659
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s7p%2FaXBSZ0KDoZZ9zzYXEgsUD%2FUhdg4J9Hvg51KYQkPruNGvy%2FpZMXNnXP3PAUZFRYDT522SaTwrGgOWtNymM8Mj545VKkgQmueWRpP1LKV%2BMHBkGx1TOPgIMc8dWegRXJ2IG0K1Og%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4813b8f7db4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/rec-7.jpg

104.21.7.3

200 OK

14 kB

URL GET HTTP/3
a.crystalcrafter.top/ph-new/assets/rec-7.jpg
IP
104.21.7.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Certificate
IssuerGoogle Trust Services LLC
Subjectcrystalcrafter.top
FingerprintAA:77:B0:4A:B9:CD:D5:08:E1:89:68:2F:19:DE:3D:71:8F:BA:91:97
ValiditySat, 29 Apr 2023 20:46:27 GMT - Fri, 28 Jul 2023 20:46:26 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13963 bytes)
Hash
f8af6bb4bdbbf2788da61a614e2f214e
d4a22a315356fcbc5f4a6af2d8a15e96721abddc
edb8c2bdc0f5612a5bf789af233ccaa63dd3751fbfaffb01be48e6e43e78b0bc

HTTP Headers

GET /ph-new/assets/rec-7.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: image/jpeg
content-length: 13963
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-368b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4659
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q%2FYEk4g36V8objUdP032ZM0eay3C1G%2FC0hdhf31s9RPSzkDWMVYUok6f0MaKww6zrT2w%2BPQ5QKoTdYvqlMV6wwVOPVwJRlSwvHraLV5TrVhnZ9%2FDbO4h4h633uW%2BiNfMaS%2BxKhIAKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4813b8f83b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/rec-8.jpg

104.21.7.3

200 OK

13 kB

URL GET HTTP/3
a.crystalcrafter.top/ph-new/assets/rec-8.jpg
IP
104.21.7.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Certificate
IssuerGoogle Trust Services LLC
Subjectcrystalcrafter.top
FingerprintAA:77:B0:4A:B9:CD:D5:08:E1:89:68:2F:19:DE:3D:71:8F:BA:91:97
ValiditySat, 29 Apr 2023 20:46:27 GMT - Fri, 28 Jul 2023 20:46:26 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (12992 bytes)
Hash
eb826882457e1589d8a7d3b3499c4556
91284882dec199a9cc02ffa3ef3c86505159ce12
4fad6c5d1cd5bdb7eea1b216774e831a6e59a11ddcc8b0881747a4d278d86940

HTTP Headers

GET /ph-new/assets/rec-8.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: image/jpeg
content-length: 12992
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-32c0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4659
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ErH67pGojKUOExXLQZYkw25VSnb0o%2BsawJHqObZwwtdSCdAa8rephVL%2FkDAkpdyRq%2FB5olDkPG2LpVC9D1%2Fdh5EdPmzMcZP4NpzbM8TUum38y54qbWoM%2FRgqdyuVf4kDs3E1ddeVqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4813b8f87b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/rec-5.jpg

104.21.7.3

200 OK

13 kB

URL GET HTTP/3
a.crystalcrafter.top/ph-new/assets/rec-5.jpg
IP
104.21.7.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Certificate
IssuerGoogle Trust Services LLC
Subjectcrystalcrafter.top
FingerprintAA:77:B0:4A:B9:CD:D5:08:E1:89:68:2F:19:DE:3D:71:8F:BA:91:97
ValiditySat, 29 Apr 2023 20:46:27 GMT - Fri, 28 Jul 2023 20:46:26 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (13149 bytes)
Hash
f9ec603fbe19b12e8a8c1874eea3e5f2
0e24410f618ffa17dc6a9380a5b9a4c06dfba4a9
a77b6918c2799981aa1a09fc5f787ff109883093f2efd28beaf79031f5a8ac02

HTTP Headers

GET /ph-new/assets/rec-5.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: image/jpeg
content-length: 13149
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-335d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4659
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jt4l5RYCcd7kMu3xx1fkq20A1glNWzl%2BZMLEov%2F1RQneubnY5TroEialB4NmV%2FjNoWLkrHmYo15G6ibA6ir1WVKn1bUrhXM7SNXC%2Bawix6Rc%2BM2BtBw%2FKuRafOQZTD9PsMfx58hWOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4813b8f76b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/5.jpg

104.21.7.3

200 OK

12 kB

URL GET HTTP/3
a.crystalcrafter.top/ph-new/assets/5.jpg
IP
104.21.7.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Certificate
IssuerGoogle Trust Services LLC
Subjectcrystalcrafter.top
FingerprintAA:77:B0:4A:B9:CD:D5:08:E1:89:68:2F:19:DE:3D:71:8F:BA:91:97
ValiditySat, 29 Apr 2023 20:46:27 GMT - Fri, 28 Jul 2023 20:46:26 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
12 kB (11713 bytes)
Hash
113d196991f086fe21f82ee35286eddc
093b74a20c8902f13be1ee735f90a93e397227f9
34a3bc9a7aee67e35d57d4bb0bdccf08c3639da85d2421c58f6c4a92f5eee5e1

HTTP Headers

GET /ph-new/assets/5.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: image/jpeg
content-length: 11713
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2dc1"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4659
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rQsp1BQgkRhOG9yAmt5RpFHBOjJT7wtzJCK64aEDQQgytWquIDiZLxuXdmj468L0gA3hZ9g%2Bc%2BS8l5mJMvIUbgxFR%2BKsL5BmE1VP22UWRc5OQlQITTmF8qZVNhsblZ7CKJl%2BS4VGCA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4813bbfd1b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/4.jpg

104.21.7.3

200 OK

14 kB

URL GET HTTP/3
a.crystalcrafter.top/ph-new/assets/4.jpg
IP
104.21.7.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Certificate
IssuerGoogle Trust Services LLC
Subjectcrystalcrafter.top
FingerprintAA:77:B0:4A:B9:CD:D5:08:E1:89:68:2F:19:DE:3D:71:8F:BA:91:97
ValiditySat, 29 Apr 2023 20:46:27 GMT - Fri, 28 Jul 2023 20:46:26 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13611 bytes)
Hash
a4bef91e21afc13fed7f0bebcc6c4495
5dd2288d13e016a66fbe1f5605b2ed0fc3ad6326
44d3bf237a20f5d36a663aedd4a909a6118e6e35d6fe84971861f5638c070ecd

HTTP Headers

GET /ph-new/assets/4.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: image/jpeg
content-length: 13611
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-352b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4659
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eKJNaobkolaEkx1hjxr3I%2FPCwttp3k%2BTaj5l47aZZ235IiGRo%2FYpgaUrYFhK9YqvCU33mfjmTIINYiwWWinQqhvodF2ve8L1utwiqdCcYf4Yol394IvYd7ADXR8XeNt53KVmKzhsmA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4813bbfd2b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/1.jpg

104.21.7.3

200 OK

14 kB

URL GET HTTP/3
a.crystalcrafter.top/ph-new/assets/1.jpg
IP
104.21.7.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Certificate
IssuerGoogle Trust Services LLC
Subjectcrystalcrafter.top
FingerprintAA:77:B0:4A:B9:CD:D5:08:E1:89:68:2F:19:DE:3D:71:8F:BA:91:97
ValiditySat, 29 Apr 2023 20:46:27 GMT - Fri, 28 Jul 2023 20:46:26 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (14404 bytes)
Hash
b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47

HTTP Headers

GET /ph-new/assets/1.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3844"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4659
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FOh3GQZ1K0imvGDIRFEXWPqd095xXiTSw0WhA30rcyZYo3jwgg0N7P%2BjQoi7or7qt52roO16fRkxxbwG6bGrxJPCr9xKPcwr66v6bzUPMddPofoXfL%2BKFTuQeX%2F228LS8N%2Bdp%2B91Nw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4813bbfd0b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/2.jpg

104.21.7.3

200 OK

21 kB

URL GET HTTP/3
a.crystalcrafter.top/ph-new/assets/2.jpg
IP
104.21.7.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Certificate
IssuerGoogle Trust Services LLC
Subjectcrystalcrafter.top
FingerprintAA:77:B0:4A:B9:CD:D5:08:E1:89:68:2F:19:DE:3D:71:8F:BA:91:97
ValiditySat, 29 Apr 2023 20:46:27 GMT - Fri, 28 Jul 2023 20:46:26 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
21 kB (21253 bytes)
Hash
c3f3eb5d00c73ac19828309a4cde4e96
be66f4e10a00d90a0f8fdc0a5a4dbd19c143d97d
626b570f2ffdf83add77f51246ccb195fec4c15e4289173b8183cd47e7cfd763

HTTP Headers

GET /ph-new/assets/2.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: image/jpeg
content-length: 21253
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-5305"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4659
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wChKic0zRKzte5KjWtxJCuWIufg4lsUsl835qZa12Wut5x0Z9jx%2Bk%2FCPZhHljFgGgdAEstD%2F6wGTn0awQs0RJC8TZ1N%2F0kuh5%2BidjSCBLZ%2FAP6jTbv4rDDAAw03EgRE%2FcX9ZmrqtXw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4813bbfcdb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/3.jpg

104.21.7.3

200 OK

11 kB

URL GET HTTP/3
a.crystalcrafter.top/ph-new/assets/3.jpg
IP
104.21.7.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Certificate
IssuerGoogle Trust Services LLC
Subjectcrystalcrafter.top
FingerprintAA:77:B0:4A:B9:CD:D5:08:E1:89:68:2F:19:DE:3D:71:8F:BA:91:97
ValiditySat, 29 Apr 2023 20:46:27 GMT - Fri, 28 Jul 2023 20:46:26 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
11 kB (11094 bytes)
Hash
3f9b232e4a112a89dedcae34ff319dda
5c633886ceeaf3b1185e24253df6be39378c8e85
55fddecdb3ed8e536018523555d995f39f85304bbc00f65ab96472236b57a49a

HTTP Headers

GET /ph-new/assets/3.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: image/jpeg
content-length: 11094
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2b56"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4659
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JEZ60WJwXYovwOxXPlUm5pAh2xlM83MaEaxby8ZRV%2FCoVxKsITj9C85dNABtmAvw88bs1I6HdEYLkvMKSBVFBKB3wSaE3%2BLUs4pKRhQnZhbXzlwe4NqHxUW2nci%2Bmbht4lVNh024Hg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4813bbfcbb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

b.crystalcrafter.top/ph-new/assets/thumb-big.jpg

104.21.7.3

83 kB

URL
b.crystalcrafter.top/ph-new/assets/thumb-big.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Size
83 kB (82623 bytes)
Hash
cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788

HTTP Headers

GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:48 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-142bf"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=inggR%2F4MHMjUT4Vu%2BoqS9ipTLN56PPFKWlhW0%2BuX6a%2BcQSlhK22gkeCnmP9GUzTmgUEMT37n7knsAXSCyYJjZ1AlvdohMTkzkkC8So%2B4wxWH7ua3TxN%2FVdozI%2BmGxTcNs%2BrumbyXHA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4813d09a9b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/style.css

104.21.7.3

4.1 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/style.css
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
4.1 kB (4088 bytes)
Hash
807d696b86114245f8eda3dce43f61ff
6d65ffaf8ec2107db8f1d29c410f152a8b809a56
7524af6d5f36df3e5d5c8148bc63e3956de050fa262fc0589e2a58dc606977bc

HTTP Headers

GET /ph-new/assets/style.css HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:45 GMT
content-type: text/css
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-5f33"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4723
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I5CD4W9v3m%2BDmImBAzDia6IAy4HuCJgpEnY6EDYB7YbCZS3G9vdZ5Bbu6d2feUYEteoWXPtL7%2BW0KWEr9%2Bv409KQA4LzFjda9%2B1gaiTvaATLAmzj%2FewMRMZwSPI4VyT1MgrW801Yyo3rs4M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481303c26b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&appspot=

104.21.27.231

16 kB

URL
js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&appspot=
IP
104.21.27.231:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (23339), with no line terminators
Size
16 kB (15559 bytes)
Hash
200bccc4ab01362c779656e8cf81d2ab
2bbf89aa29b6fa5030f06052028264f65e377577
652a86f8d8bb3e2d925f14ef75499a436af3435d9e3b5187414502d9f24f78ea

HTTP Headers

GET /ps/ps.js?edg=true&fullscreen=true&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&appspot= HTTP/1.1
Host: js.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/
Cookie: __psu=d37384f9-d0bc-4527-97d6-49296ee568e6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:48 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9xWUFV%2Few%2FDtpn9FGF2Jt%2B1ZlZFJZr31byL8aNjnYWI4ySK9yWJHuMww62dnXFEB6Hl67eslayKmyboJcDAh9ji4t5dnDB1fCGpiKRe8EshvcEpwrb%2Bma5P6P%2FF6Ku4gZgPy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4813dced4b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

216.58.211.3

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 18:53:40 GMT
expires: Wed, 22 May 2024 18:53:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 52448
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765

104.21.7.3

31 kB

URL
a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4233), with CRLF line terminators
Size
31 kB (31363 bytes)
Hash
c916b0032230dc45461448a9d5191da9
cca43f6ac66a63721abbfe3382eeef1638621175
247b5e37452e79fe61fd06fb5c1448b2ae4a13b12128851dd8cdb0c7b71c236a

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765 HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7KdpIjKhFREWNHRijQwr3Eb1I6ZfnzMVi8VD3lZetjX3ZQdaNUMv05TAav0CwJcDk99tU8V3TcIJUmJqTFdJmoRCqsB0B4sMCkEQKj9RJqf0ObNCGlCABy2umfX3NSQAdQDAmQRnRg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cc48137b8f9b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765

104.21.7.3

31 kB

URL
qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4233), with CRLF line terminators
Size
31 kB (30958 bytes)
Hash
c916b0032230dc45461448a9d5191da9
cca43f6ac66a63721abbfe3382eeef1638621175
247b5e37452e79fe61fd06fb5c1448b2ae4a13b12128851dd8cdb0c7b71c236a

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765 HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:46 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sr%2FdsZqxU0sEPLAjC47f%2Bn1DMqXa8GlAueuX4YMW1gXVEbuJx2W7UpVPG7ETDjQAlkEi7j%2FZc17rkYvUj4XeKbFKXus9sH4lahT68nxyDtSfiuZ8aiMNCPYwKxkpY4rLZi8uSTz3%2B3aAgI4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cc481303c38b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

b.crystalcrafter.top/ph-new/assets/rec-2.jpg

104.21.7.3

11 kB

URL
b.crystalcrafter.top/ph-new/assets/rec-2.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
11 kB (10890 bytes)
Hash
dbe1dba764a2ef20cf6760ad30539988
e14dca406d4f5932a9a4683635bbdf87def79eba
b0fe8ace388ec8556bcdd46cd30a03ddaadcf80d124e9052f2a19a27061829f7

HTTP Headers

GET /ph-new/assets/rec-2.jpg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:48 GMT
content-type: image/jpeg
content-length: 10890
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2a8a"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4612
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G4VQgox6l9UXvMnz07eTe1I7l82UH12auQ0k1nDEHGSgNczXvft8SBdS6ON4JbLQgxWQ68rLSYV6uH%2BnsUYGjzMsidTNdVhFWNq2L1rIRvXevY%2BlYPLsmS3ixPff87hhJtBTEjlz4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc48140efd4b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

b.crystalcrafter.top/ph-new/assets/rec-4.jpg

104.21.7.3

8.9 kB

URL
b.crystalcrafter.top/ph-new/assets/rec-4.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
8.9 kB (8900 bytes)
Hash
8375f2a1249ce00f118c5b616ab71492
4e2d3bc095c01632578b0b39afbfc03f43e3fa42
f71320d61eb339fdb7b5d20249d4f6aa6e37e22e618dc83e8459da1db3f79483

HTTP Headers

GET /ph-new/assets/rec-4.jpg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:48 GMT
content-type: image/jpeg
content-length: 8900
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-22c4"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4436
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DBEFg9fyJW6EfP3YIaaTcVNQKiBHGSoC1dZium0f21ki9CFJbdsy7QUd6Q50ACNWw%2Fo%2BBaTYcGbma3Gm469ty732XqSp5ZPTEtFrxWMNBtflPJToV9AOoIf8mJsW9Ibl0NQoDnpRsw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481410ffeb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

b.crystalcrafter.top/ph-new/assets/rec-7.jpg

104.21.7.3

14 kB

URL
b.crystalcrafter.top/ph-new/assets/rec-7.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13963 bytes)
Hash
f8af6bb4bdbbf2788da61a614e2f214e
d4a22a315356fcbc5f4a6af2d8a15e96721abddc
edb8c2bdc0f5612a5bf789af233ccaa63dd3751fbfaffb01be48e6e43e78b0bc

HTTP Headers

GET /ph-new/assets/rec-7.jpg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:48 GMT
content-type: image/jpeg
content-length: 13963
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-368b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4436
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E%2FGtdtgcqMVzHeT2%2B1xjnLI5EFsP4NL5%2FwBaZ%2BCgsdbiSSetCxTFismslVu1f%2FklfGnEMOHsxWt38lsKrMyjZj%2FWRSw%2FcTHgAVaMazwNQ6bLep6MUpzIST18kh%2BTYe%2BN%2FxZWEu0eiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc48141281eb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

b.crystalcrafter.top/ph-new/assets/rec-8.jpg

104.21.7.3

13 kB

URL
b.crystalcrafter.top/ph-new/assets/rec-8.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (12992 bytes)
Hash
eb826882457e1589d8a7d3b3499c4556
91284882dec199a9cc02ffa3ef3c86505159ce12
4fad6c5d1cd5bdb7eea1b216774e831a6e59a11ddcc8b0881747a4d278d86940

HTTP Headers

GET /ph-new/assets/rec-8.jpg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:48 GMT
content-type: image/jpeg
content-length: 12992
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-32c0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4436
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CAtT0eArfinUsPfPqvYpMlwt8vYdjMURAEvg8sLK8Q6Kr7CGjR9QtXHQcbDkERDf7On7m5yX5wLm4TWq4b5LvIaGDZgc2Un5keKBqNlx8NgErBcTrXydnNZUzBeaIAQv7z1GxvMNHA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481412820b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

b.crystalcrafter.top/ph-new/assets/1.jpg

104.21.7.3

14 kB

URL
b.crystalcrafter.top/ph-new/assets/1.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (14404 bytes)
Hash
b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47

HTTP Headers

GET /ph-new/assets/1.jpg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:48 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3844"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4436
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=30%2BcaMGyi49ghZxyf6uKcRi7i%2FqSi96kMwD4J45QQnCQSKmQlSKIujWYf1su1Y0HNjPjeU%2FSA%2Bx8rZhrl4F69%2BmpzN0U%2BR0TZwd3gj79Ui7aGVoA%2BfLj0GGbpcllok44gGcY%2BZXZ5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481412826b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

b.crystalcrafter.top/ph-new/assets/rec-5.jpg

104.21.7.3

13 kB

URL
b.crystalcrafter.top/ph-new/assets/rec-5.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (13149 bytes)
Hash
f9ec603fbe19b12e8a8c1874eea3e5f2
0e24410f618ffa17dc6a9380a5b9a4c06dfba4a9
a77b6918c2799981aa1a09fc5f787ff109883093f2efd28beaf79031f5a8ac02

HTTP Headers

GET /ph-new/assets/rec-5.jpg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:48 GMT
content-type: image/jpeg
content-length: 13149
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-335d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4436
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yVIPrJzoDCoD604%2FPrtAEqWQiw8IeQyft0h5Y2KgW9f0umSuqfvdunHVdVrN1YZx2YJfryq8g3XyIBLt1yX8HXinlNfl5gMZwDMYrnugEkCrWEPLVNgAiLJhFj%2B58fS8AH0Hz99jlA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc48141281fb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

b.crystalcrafter.top/ph-new/assets/rec-6.jpg

104.21.7.3

16 kB

URL
b.crystalcrafter.top/ph-new/assets/rec-6.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
16 kB (15988 bytes)
Hash
4887925f773d2ba9caea39686f764c7f
98c9abb09854fee425dbd78ad623af053cec6721
6e1e474a8fc326cd06593e0c1a55d0e73126ada3bf169713b847e82d28646773

HTTP Headers

GET /ph-new/assets/rec-6.jpg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:48 GMT
content-type: image/jpeg
content-length: 15988
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3e74"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4436
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=irHPkwNw%2BiX2I7jnt5GLltmQZ4YQwI54diktaASP%2Bmh1jWHYsumzekMzbbnswcU%2BAfWbWVjwAANTPwLCUc6yS9t3x6TloyqtsSNYKQGrEqJXFt%2B813%2BgZ2Z%2FgKM39osol7M2qSr7wQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc48141281cb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

b.crystalcrafter.top/ph-new/assets/2.jpg

104.21.7.3

21 kB

URL
b.crystalcrafter.top/ph-new/assets/2.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
21 kB (21253 bytes)
Hash
c3f3eb5d00c73ac19828309a4cde4e96
be66f4e10a00d90a0f8fdc0a5a4dbd19c143d97d
626b570f2ffdf83add77f51246ccb195fec4c15e4289173b8183cd47e7cfd763

HTTP Headers

GET /ph-new/assets/2.jpg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:48 GMT
content-type: image/jpeg
content-length: 21253
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-5305"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4436
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7g3oRolSWjjABMNs0dAZGZ5wBDz1MzdoPsPARYWhoiEdOqeyEcp2y34YSFk%2BlW1EU3BnC%2BfkzIBezcAt%2F6LcTq6b12g4KnPgFeRy2rvmylo6gbk6N6O9v5pU1QwuI9i6%2F%2F81zGepVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481413839b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

b.crystalcrafter.top/ph-new/assets/3.jpg

104.21.7.3

11 kB

URL
b.crystalcrafter.top/ph-new/assets/3.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
11 kB (11094 bytes)
Hash
3f9b232e4a112a89dedcae34ff319dda
5c633886ceeaf3b1185e24253df6be39378c8e85
55fddecdb3ed8e536018523555d995f39f85304bbc00f65ab96472236b57a49a

HTTP Headers

GET /ph-new/assets/3.jpg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:48 GMT
content-type: image/jpeg
content-length: 11094
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2b56"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4436
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bowtt9XDtaNqNCIDJwjTk5nALyj2prGCsX7KmQUQQ7lLH5hKj1f48YhpCxx7ojQMqGo4zLRfDovygS3TOJDCsBb62o7l99W%2F9%2BTI%2B3%2BnLZtpGjHZ2ZlvrNHy0PolEiqhSny2z%2B1wbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481414856b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

b.crystalcrafter.top/ph-new/assets/4.jpg

104.21.7.3

14 kB

URL
b.crystalcrafter.top/ph-new/assets/4.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13611 bytes)
Hash
a4bef91e21afc13fed7f0bebcc6c4495
5dd2288d13e016a66fbe1f5605b2ed0fc3ad6326
44d3bf237a20f5d36a663aedd4a909a6118e6e35d6fe84971861f5638c070ecd

HTTP Headers

GET /ph-new/assets/4.jpg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:48 GMT
content-type: image/jpeg
content-length: 13611
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-352b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4436
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=axq3FbnehuKRNXYT0jACOKA9uTbrmTsHRRZ2wmjJFvA2asOkdIuPNtKjl2sEYEYCzNgRyo2vQ1wsZGZcU6i8gnhazNdIf4SX3QShrVFLzX1GJZFmgxXr%2B9AR8l23x8tpouJxM0WWhA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc48141485bb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

b.crystalcrafter.top/ph-new/assets/5.jpg

104.21.7.3

12 kB

URL
b.crystalcrafter.top/ph-new/assets/5.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
12 kB (11713 bytes)
Hash
113d196991f086fe21f82ee35286eddc
093b74a20c8902f13be1ee735f90a93e397227f9
34a3bc9a7aee67e35d57d4bb0bdccf08c3639da85d2421c58f6c4a92f5eee5e1

HTTP Headers

GET /ph-new/assets/5.jpg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:48 GMT
content-type: image/jpeg
content-length: 11713
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2dc1"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4436
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=89IzMoYSCISS1doxOVuprFVmfffyZfS4ImJbM2cwbPHifHApLw7YQ0whGuPHrHI7qm0B%2BxEJmtH8CGFBue4IeL3vVNklMozlf%2FOt9e0fygwvlggx5ED%2B14YQNDoR%2Bxt7ujkCeyN20w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481415862b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

c.crystalcrafter.top/ph-new/assets/thumb-big.jpg

104.21.7.3

83 kB

URL
c.crystalcrafter.top/ph-new/assets/thumb-big.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Size
83 kB (82623 bytes)
Hash
cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788

HTTP Headers

GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:48 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-142bf"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4612
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=52pmFRzSlc9nYi5D11pvvVbkoZiq5CY7VMgldsqwrH2PSlba1DfhULtgxokEQJFXCuje0Qo%2BAQ2voCXOY%2B2bhrvjgjkmzHwHeJsSrSxkEHMxD%2F0akgVzOl2HmVHTc%2B9C0SijU%2Fm9EA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481432a7db4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

b.crystalcrafter.top/ph-new/assets/trls.js

104.21.7.3

2.9 kB

URL
b.crystalcrafter.top/ph-new/assets/trls.js
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
2.9 kB (2913 bytes)
Hash
2d452480e0a1246e5ed7e13278b99eee
dc1115b9c20884a07335bdf5abea5c399f5293d6
19b0897b045b6f67abdae0b9f6ca5987202456aa0d7bfc3b17128e94d2cf761d

HTTP Headers

GET /ph-new/assets/trls.js HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: application/javascript
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1e3f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4612
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gCEkVXE2CcR%2FjlxLSnDdjPy%2FGALY4awkNoUEWYS%2FJ0Im4lBwyz2w7aGj%2Fd55rX2n1NAhScQEyToeqWFiSef5rp2YR6GlClFeeNEHZbUA9FOqmKm0g5wSUXC6znoP3GtPLQY3Sp8Uog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4813ce980b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

c.crystalcrafter.top/ph-new/assets/trls.js

104.21.7.3

18 kB

URL
c.crystalcrafter.top/ph-new/assets/trls.js
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
18 kB (18239 bytes)
Hash
2d452480e0a1246e5ed7e13278b99eee
dc1115b9c20884a07335bdf5abea5c399f5293d6
19b0897b045b6f67abdae0b9f6ca5987202456aa0d7bfc3b17128e94d2cf761d

HTTP Headers

GET /ph-new/assets/trls.js HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:48 GMT
content-type: application/javascript
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1e3f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4612
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bpgfu9FbFllUdnxvb1kXDWS9CHxfYFZTuIg%2FMMel7OwnUx7aJQAQjnx6SD%2FM3zLG%2FEYiHJAQymf%2FurmPKBv6uj3FgGzyV6WBM7%2BHBlhygeQmXXMNEYr8Xys8zMp8H9JYAhIPHAScMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481431a77b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

216.58.211.3

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 18:53:40 GMT
expires: Wed, 22 May 2024 18:53:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 52449
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765

104.21.7.3

98 kB

URL
c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4233), with CRLF line terminators
Size
98 kB (98380 bytes)
Hash
c916b0032230dc45461448a9d5191da9
cca43f6ac66a63721abbfe3382eeef1638621175
247b5e37452e79fe61fd06fb5c1448b2ae4a13b12128851dd8cdb0c7b71c236a

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765 HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:49 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IDVISicKRtqxUOG9ukgbUqEiirdiMOebKaqy79llQ2NPZIwq6lbf8KXWPUVKw%2BRXp%2B9D3V4%2F%2BWPfyFAjWVwXSlZblcOX3R9wYculYbNzUEKilm0mrjmxVQ901zpzKrQ6czE8wzm8OQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cc481434aa6b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765

104.21.7.3

34 kB

URL
c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4233), with CRLF line terminators
Size
34 kB (34361 bytes)
Hash
c916b0032230dc45461448a9d5191da9
cca43f6ac66a63721abbfe3382eeef1638621175
247b5e37452e79fe61fd06fb5c1448b2ae4a13b12128851dd8cdb0c7b71c236a

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765 HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:48 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gYOrgIqNtDMB3VvObA00de3vYY%2FUSIBdShRu4Q5jKFnXGlTTjnwyg6axsiAd5lUW6QXoyygRlmfac0ntiAytKuZfxvR7UjqbYon1rPLwxN4ThRQ%2B4JsDr5D3jHtfubzqKlhju7ioNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cc481401e85b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

feed.streampsh.top/ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA

104.21.27.231

7.0 kB

URL
feed.streampsh.top/ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA
IP
104.21.27.231:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
7.0 kB (6996 bytes)
Hash
7b9735de10e6d0a2ffe8e42f8986c659
38a544a3f6c7d28319cd944b2ae755c7d192cf1a
bc8f01c22a60dbb9098f8be9baa7e484bce7ec5335a6dcf02fee212202fb2045

HTTP Headers

GET /ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA HTTP/1.1
Host: feed.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/
Cookie: __psu=a3be89a2-5ba1-4493-b2c2-0a694c622300
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:50 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pQT5Ffk0n%2BNnEHPqldbi3sdmKbz932LxoHMifBLz0%2FzORVYQzj4r%2B9hnBkL6Yd3mdG9KEZvFonsX4ZJEJBQhQIklhTkUYaG4GGWcIJ5%2F9Fc3wAAEqrtwH5%2Bxjad%2BrYkdN8EUmWY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc48149487bb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

216.58.211.3

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 18:53:40 GMT
expires: Wed, 22 May 2024 18:53:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 52450
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

go.cmtrkg.com/aff_c?offer_id=5993&aff_id=64923&url_id=0&aff_sub=back&aff_sub5=other

172.255.248.105

302 Found

358 B

URL User Request GET HTTP/1.1
go.cmtrkg.com/aff_c?offer_id=5993&aff_id=64923&url_id=0&aff_sub=back&aff_sub5=other
IP
172.255.248.105:443
ASN
#7979 SERVERS-COM

Certificate
IssuerLet's Encrypt
Subjecttrack.cpamatica.com
Fingerprint9A:36:F9:B4:87:E5:1D:5F:B7:4A:4C:4A:07:91:41:9A:C4:B6:F4:52
ValidityMon, 06 Mar 2023 10:07:02 GMT - Sun, 04 Jun 2023 10:07:01 GMT

File type
HTML document, ASCII text, with very long lines (358), with no line terminators
Size
358 B (358 bytes)
Hash
f24eccf599881bf38ee499c92489d1d7
4a4aeef1e34e4d7699ba25f29ed39b9b0b5cd811
6dd4567b0f2d597fc4a3f7061ccd93600331bffc76505055b7799bb58d287995

HTTP Headers

GET /aff_c?offer_id=5993&aff_id=64923&url_id=0&aff_sub=back&aff_sub5=other HTTP/1.1
Host: go.cmtrkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Wed, 24 May 2023 09:27:50 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 358
Connection: keep-alive
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: language=en; Domain=go.cmtrkg.com; Path=/; Expires=Fri, 23 Jun 2023 09:27:50 GMT
test=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
5993=37_64923_5993_03f9fb29be7ca2ed43d35c6e91c7d9d2; Domain=go.cmtrkg.com; Path=/; Expires=Fri, 23 Jun 2023 09:27:50 GMT
op_5993=0; Domain=go.cmtrkg.com; Path=/; Expires=Fri, 23 Jun 2023 09:27:50 GMT
user_id=9fc07d8d-1220-4589-a199-ad52dde9c41b_d9a280c4a52dd172cf7acdf2486297aa; Domain=go.cmtrkg.com; Path=/; Expires=Mon, 22 May 2028 09:27:50 GMT; Secure; SameSite=None
Location: https://o-2741.cloudtraff.com/2128747a-aeb9-4790-b5a7-94f137c5a931?subPublisher=64923&source=&clicktag=37_64923_5993_03f9fb29be7ca2ed43d35c6e91c7d9d2
Vary: Accept
Cache-Control: no-store, no-cache

d.crystalcrafter.top/ph-new/assets/rec-1.jpg

104.21.7.3

14 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-1.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (14404 bytes)
Hash
b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47

HTTP Headers

GET /ph-new/assets/rec-1.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:50 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3844"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i3xvFsRWIdK9Yupy%2F0YFdwMWIDb6zK%2FxZS3MH3MTiHKJ62wi9ftLfcx5Mg8GucupkY22%2B6MgF6rLsVq%2FkPhDKQLv18kg26hLLOy%2BniZRrM0FbjzcZKd5nacsKv1cK0ha2Xmhx8sdbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4814b587db4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765

104.21.7.3

27 kB

URL
d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4233), with CRLF line terminators
Size
27 kB (26695 bytes)
Hash
c916b0032230dc45461448a9d5191da9
cca43f6ac66a63721abbfe3382eeef1638621175
247b5e37452e79fe61fd06fb5c1448b2ae4a13b12128851dd8cdb0c7b71c236a

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765 HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:49 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mBOpJqFqugj5j%2BInMzdEqY%2FaTd2gwJhX5DJK7GBLTiaJzMJZXbEeSCC0%2Bx4aVBmikY50Tj4xX%2FBuqOYouyWPoLMx%2BOL5DdcTvhvFMG4n4jcYoIAQu3Q0%2FHLuU60LWK4kmDks%2BF0XPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cc48147ca9eb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-3.jpg

104.21.7.3

15 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-3.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
15 kB (15217 bytes)
Hash
4d58cecaa4f40c979917c8e4d907033f
f0c6d616bcc3f4bd5a1dadbca8254d9f34f2921c
9ee7f1aecdeb64f4ce54c5d0b7ea3d92b2e9d06a7f9cb7b793e39262cda05996

HTTP Headers

GET /ph-new/assets/rec-3.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:50 GMT
content-type: image/jpeg
content-length: 15217
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3b71"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=todpc250Pk645R7DR4fDprEunamJSA9UFUA6KhqgKDfqPnL3xla6%2FWWnlyta3KGrzNapgInBxb6DcK%2B8L19rIFt79JOhxjD1pBeR3aYS755uapoH9qLH6MC1Ghso4e82k2kT0rpjcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4814b6889b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-4.jpg

104.21.7.3

8.9 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-4.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
8.9 kB (8900 bytes)
Hash
8375f2a1249ce00f118c5b616ab71492
4e2d3bc095c01632578b0b39afbfc03f43e3fa42
f71320d61eb339fdb7b5d20249d4f6aa6e37e22e618dc83e8459da1db3f79483

HTTP Headers

GET /ph-new/assets/rec-4.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:50 GMT
content-type: image/jpeg
content-length: 8900
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-22c4"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ysqgMBnH%2FvOQvE9UBkLt4F6MVXTLIYbgTf%2Bz999FmzLkh%2FxGXiY9Z93jB4gGD%2BeJj07Jgf0AVePG7ss7s1PPe8XtmWtAZzn%2B49w1DJMtM0dr9g39QXSl5igNnqQvh6BQN6%2F0SY7qlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4814b789bb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-6.jpg

104.21.7.3

16 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-6.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
16 kB (15988 bytes)
Hash
4887925f773d2ba9caea39686f764c7f
98c9abb09854fee425dbd78ad623af053cec6721
6e1e474a8fc326cd06593e0c1a55d0e73126ada3bf169713b847e82d28646773

HTTP Headers

GET /ph-new/assets/rec-6.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:50 GMT
content-type: image/jpeg
content-length: 15988
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3e74"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=by0UDxaj15NcQNWrXBp6FJRgRXPug6s3U3kUaXB254HfXXaD%2FGiktNu%2FBtM65lYM7W%2FBsZPnEdpAAzdiOOsZHRjfghRwjtVZEkLPoF258yBhpSCrGupExaIlvc7Fhti%2FuwzdTnkMmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4814b7898b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-5.jpg

104.21.7.3

13 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-5.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (13149 bytes)
Hash
f9ec603fbe19b12e8a8c1874eea3e5f2
0e24410f618ffa17dc6a9380a5b9a4c06dfba4a9
a77b6918c2799981aa1a09fc5f787ff109883093f2efd28beaf79031f5a8ac02

HTTP Headers

GET /ph-new/assets/rec-5.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:50 GMT
content-type: image/jpeg
content-length: 13149
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-335d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XJjR1cjrHdOUHFtDYicxIrUVhQdnW%2B2TcjpxTGU4pX9rZnU0ZZMEnwxgmhsnVgOe2%2F4eYroLTvQvn%2Fa260WFS6QmaVdSkdC610iZY4JKwsTnhD9JnWtkXfITsDgeEHSkt3O6%2B6IgqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4814b789cb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-7.jpg

104.21.7.3

14 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-7.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13963 bytes)
Hash
f8af6bb4bdbbf2788da61a614e2f214e
d4a22a315356fcbc5f4a6af2d8a15e96721abddc
edb8c2bdc0f5612a5bf789af233ccaa63dd3751fbfaffb01be48e6e43e78b0bc

HTTP Headers

GET /ph-new/assets/rec-7.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:50 GMT
content-type: image/jpeg
content-length: 13963
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-368b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CcKKdW2ad2TAt93d3LQakFPxhoGcBt67xW4MacIo7yDkOpZ%2F%2FUAzhBD6KcVWSRu5ZVefFt5OVyKepYE4d%2F0jcgJNM8zYgQ9XOmanuy94wRITTK%2FWtbKtQwZZzBdgMHvhl0DJ%2BcHoPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4814ba8e4b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-8.jpg

104.21.7.3

13 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-8.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (12992 bytes)
Hash
eb826882457e1589d8a7d3b3499c4556
91284882dec199a9cc02ffa3ef3c86505159ce12
4fad6c5d1cd5bdb7eea1b216774e831a6e59a11ddcc8b0881747a4d278d86940

HTTP Headers

GET /ph-new/assets/rec-8.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:50 GMT
content-type: image/jpeg
content-length: 12992
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-32c0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jLQyjZjYhZ%2BeFXYg4IhtgTdTxCr9ROh5PgPNKG6Vll9MECSUfBdq8hllEbESobs2H9Y6yeAtJuDE8cIU44SeftkzL6HpiyDu3EFJ7joD7TcUq7eJeA%2FbGIXsuVhyaUVdpJzSR6De%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4814bc905b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/1.jpg

104.21.7.3

14 kB

URL
d.crystalcrafter.top/ph-new/assets/1.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (14404 bytes)
Hash
b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47

HTTP Headers

GET /ph-new/assets/1.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:50 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3844"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hMmyo89jmbQqm3uNzg63206s2YF0pTBS6tziCdTuKeO1avu6k%2FZtsQFjx%2FhgLxX97jBJ1pUo%2FFlQ9zcTmgP6PSElrqBV1F1B4B5KYe9ZvvUvO%2B7IZJyuXXaUuoRH84OimpGFAQyMPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4814bd917b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/2.jpg

104.21.7.3

21 kB

URL
d.crystalcrafter.top/ph-new/assets/2.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
21 kB (21253 bytes)
Hash
c3f3eb5d00c73ac19828309a4cde4e96
be66f4e10a00d90a0f8fdc0a5a4dbd19c143d97d
626b570f2ffdf83add77f51246ccb195fec4c15e4289173b8183cd47e7cfd763

HTTP Headers

GET /ph-new/assets/2.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:50 GMT
content-type: image/jpeg
content-length: 21253
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-5305"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4BlkNO9%2FIcwzT5lRhIUyQFiqRQjF9gD15lrSy11Vo%2F05H1N22OmRsMqLOZTcEpBp%2FxOjvhy%2BQLtOSh8uJRSqjqyrWVH1ZoZZ08q83%2FLV4E%2BKkz9zg4O0r2DZjed6HQZCFpuS3Oh7jw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4814bf942b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/3.jpg

104.21.7.3

11 kB

URL
d.crystalcrafter.top/ph-new/assets/3.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
11 kB (11094 bytes)
Hash
3f9b232e4a112a89dedcae34ff319dda
5c633886ceeaf3b1185e24253df6be39378c8e85
55fddecdb3ed8e536018523555d995f39f85304bbc00f65ab96472236b57a49a

HTTP Headers

GET /ph-new/assets/3.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:50 GMT
content-type: image/jpeg
content-length: 11094
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2b56"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VJM3GteF4t%2BVvqY8yNFoPRazJILorYHcKM%2FthbbSLNWKNGouxDkJ4aQpc3ui4AibHn3m%2FB3eTBn1seNDMAU2yGBK6hSS%2B7Ih%2F0bh7%2F2BLgGjD9TU%2FZJNdw5jMGoPhKRlIlpep9w09A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4814c198bb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/5.jpg

104.21.7.3

12 kB

URL
d.crystalcrafter.top/ph-new/assets/5.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
12 kB (11713 bytes)
Hash
113d196991f086fe21f82ee35286eddc
093b74a20c8902f13be1ee735f90a93e397227f9
34a3bc9a7aee67e35d57d4bb0bdccf08c3639da85d2421c58f6c4a92f5eee5e1

HTTP Headers

GET /ph-new/assets/5.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:50 GMT
content-type: image/jpeg
content-length: 11713
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2dc1"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c4VAwVezANQrbWWYWXBLEUyqEXKpEBd9On2rZvhJ4SRw8RnfQTWJX0xCUgnoLA26PfzhmM1RYX0WVqRtoUCGUrwSPF9f698wNVHF3Fy0PSxuOn%2FjRbWY2goEjc57SvU6uyFBISBPMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4814c1997b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/4.jpg

104.21.7.3

14 kB

URL
d.crystalcrafter.top/ph-new/assets/4.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13611 bytes)
Hash
a4bef91e21afc13fed7f0bebcc6c4495
5dd2288d13e016a66fbe1f5605b2ed0fc3ad6326
44d3bf237a20f5d36a663aedd4a909a6118e6e35d6fe84971861f5638c070ecd

HTTP Headers

GET /ph-new/assets/4.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:50 GMT
content-type: image/jpeg
content-length: 13611
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-352b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jTD9GdwzgcZVmQbyfGViI4ICMf59TKe7UxeFuUz16Q2DT9tiqUJmCovRV8%2FzIALu%2BPrmrOoEe7k7ZvkJFJUMOcUh71gmyPWyueFypTdTj%2BEUQNySVZq1K4nIwlYU2srFSOdOO2Ycng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4814c1995b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

o-2741.cloudtraff.com/2128747a-aeb9-4790-b5a7-94f137c5a931?subPublisher=64923&source=&clicktag=37_64923_5993_03f9fb29be7ca2ed43d35c6e91c7d9d2

104.18.24.64

302 Found

0 B

URL User Request GET HTTP/2
o-2741.cloudtraff.com/2128747a-aeb9-4790-b5a7-94f137c5a931?subPublisher=64923&source=&clicktag=37_64923_5993_03f9fb29be7ca2ed43d35c6e91c7d9d2
IP
104.18.24.64:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectcloudtraff.com
Fingerprint7C:14:30:3E:F3:0A:69:20:04:C4:BF:E5:98:10:EA:9A:A8:4D:EF:46
ValidityMon, 15 May 2023 14:53:02 GMT - Sun, 13 Aug 2023 14:53:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2128747a-aeb9-4790-b5a7-94f137c5a931?subPublisher=64923&source=&clicktag=37_64923_5993_03f9fb29be7ca2ed43d35c6e91c7d9d2 HTTP/1.1
Host: o-2741.cloudtraff.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://d.crystalcrafter.top/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 24 May 2023 09:27:50 GMT
content-length: 0
location: https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
set-cookie: attrk=yes;Version=1;Max-Age=86400
vcid=%7B%22id%22%3A%229b08c1f1-d501-4ed3-8230-3e05d107bbc7%22%2C%22firstTime%22%3A%22May+24%2C+2023+9%3A27%3A50+AM%22%2C%22visitCount%22%3A1%2C%22firstTimeDay%22%3A%22May+24%2C+2023+9%3A27%3A50+AM%22%2C%22visitDays%22%3A1%2C%22origin%22%3A%22routing%22%2C%22lastLocation%22%3A%22routing%22%2C%22ageInSecs%22%3A0%7D;Version=1;Domain=cloudtraff.com;Path=/;Max-Age=2147483647;Expires=Mon, 11 Jun 2091 12:41:57 GMT
__cf_bm=6wxlXaeYUW4K5Jke5U_K6ZUhkXbu2X9BLq1R.QSi8bI-1684920470-0-AUmwNF2mlHGpBLkkfoweYWO3vUb+IrYyUXubH1Gz7pM0hwT4Z0UFQr0et65iAseKq5CAY45q0Vfw7AYcxkB6g4s=; path=/; expires=Wed, 24-May-23 09:57:50 GMT; domain=.cloudtraff.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc4814b796bb4ff-OSL
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/img/_logos/milffinder.png

104.18.11.149

200 OK

26 kB

URL GET HTTP/2
lpmedia.servefilesonly.com/img/_logos/milffinder.png
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
PNG image data, 1467 x 300, 8-bit colormap, non-interlaced\012- data
Size
26 kB (26089 bytes)
Hash
7d54af67f8ed1b8a0b1698272d1e02cf
6c9cdaf1d9193f1d7f077286531a890fde3a1b91
5cfb135c5c7a2ed537035316b3ef1a75f7d46eeb2dc1f9080883936aee2060dd

HTTP Headers

GET /img/_logos/milffinder.png HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: image/png
content-length: 26089
last-modified: Tue, 16 May 2023 03:22:58 GMT
etag: "6462f712-65e9"
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-cache-status: HIT
age: 521596
expires: Thu, 01 Jun 2023 09:27:51 GMT
accept-ranges: bytes
set-cookie: __cf_bm=Tj5mtEW_VzFNprTFMUHOF5NYCw.r7Nk4psr__ABKMEg-1684920471-0-AfGlQLZzLq53/t66A0bSW0pSZ01crrZFhyklni+GpAJpwC0TcTPhMKXCeZTbjPMVJth4kX/H6gPovLSz9LNJ/3o=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481514f2bb4f3-OSL
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/img/_patterns/mc-bg8.jpg

104.18.11.149

200 OK

78 kB

URL GET HTTP/2
lpmedia.servefilesonly.com/img/_patterns/mc-bg8.jpg
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 960x840, components 3\012- data
Size
78 kB (78074 bytes)
Hash
8b5f071d597b07e16bf91b5e52e21afe
590ed078a12a6412630dca42f4d5200adcf785e7
13d2474ddabfdd98ee6b4f1fb8a46c1e284eb96582cfa91469573110896a3de3

HTTP Headers

GET /img/_patterns/mc-bg8.jpg HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: image/jpeg
content-length: 78074
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: public, max-age=691200
etag: "6462f712-130fa"
last-modified: Tue, 16 May 2023 03:22:58 GMT
cf-cache-status: HIT
age: 410926
expires: Thu, 01 Jun 2023 09:27:51 GMT
accept-ranges: bytes
set-cookie: __cf_bm=tRD8JKTpBtXriIwbUwL4XFGAZUNnCezb7opDOtr4Yu0-1684920471-0-AXjMCs+mFAL4nryTiNsnhuZRe5H4CbKf5OvOFUOJVZVdWCHVYoCm4KS2yD5ItbiCKufObgursEYbpXsz9K3e3Ws=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc481514f33b4f3-OSL
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c02ea2eb31eb1af30ad378cddf6f94b5
f6190e85f669f8282ec9c4a36cf7f552c82f4989
e218cdd31cbdc6f9019a3ba5dbcd1451c74d4c9704bb0187b0b2dcc7481a4daa

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 09:27:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c02ea2eb31eb1af30ad378cddf6f94b5
f6190e85f669f8282ec9c4a36cf7f552c82f4989
e218cdd31cbdc6f9019a3ba5dbcd1451c74d4c9704bb0187b0b2dcc7481a4daa

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 09:27:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js

142.250.74.42

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint9B:D0:53:C4:55:9D:41:A4:94:03:4A:2B:6A:5B:57:EB:EB:A5:F0:4A
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
ASCII text, with very long lines (32058)
Size
30 kB (30306 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30306
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 10:44:17 GMT
expires: Wed, 22 May 2024 10:44:17 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 81815
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c02ea2eb31eb1af30ad378cddf6f94b5
f6190e85f669f8282ec9c4a36cf7f552c82f4989
e218cdd31cbdc6f9019a3ba5dbcd1451c74d4c9704bb0187b0b2dcc7481a4daa

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 09:27:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c02ea2eb31eb1af30ad378cddf6f94b5
f6190e85f669f8282ec9c4a36cf7f552c82f4989
e218cdd31cbdc6f9019a3ba5dbcd1451c74d4c9704bb0187b0b2dcc7481a4daa

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 09:27:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

lpmedia.servefilesonly.com/js/popwin.js?1056004

104.18.11.149

200 OK

521 B

URL GET HTTP/2
lpmedia.servefilesonly.com/js/popwin.js?1056004
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
gzip compressed data, from Unix\012- data
Size
521 B (521 bytes)
Hash
20b91978cb91c841a3b61348e7f5dac6
87d328b6ed966daf45f354d362018fbf64149c72
4f20c932dbb60ef1358786b58bed885c953a4c43381e67e98e1a0208e2cea7c3

HTTP Headers

GET /js/popwin.js?1056004 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1177
access-control-allow-origin: *
cache-control: public, max-age=691200
etag: W/"646c91d7-499"
last-modified: Tue, 23 May 2023 10:13:43 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 82661
expires: Thu, 01 Jun 2023 09:27:51 GMT
set-cookie: __cf_bm=lgZK78nFRkeJwqMussdOrDeGprhYsCFMeaaou05OhG8-1684920471-0-AS5RBUKTYbAA71dW4Pk2eqnbDdHr3JAsKUJ98CcUscTpMb3rw1QAvuTyqKI05aAMYJRHSVSBdeVerXNzGdOY8fo=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc481514f2ab4f3-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/img/_favicons/milffinder_fav.png?1056004

104.18.11.149

18 kB

URL
lpmedia.servefilesonly.com/img/_favicons/milffinder_fav.png?1056004
IP
104.18.11.149:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
PNG image data, 362 x 300, 8-bit colormap, non-interlaced\012- data
Size
18 kB (18477 bytes)
Hash
76a102208d3c9d3ca70454be09db9d23
a09a414ffd56303a158feefb6101c960115bac2b
e12cf0530a763d71536909e5ccf229e7d02c197a997765e90ab699c7c8a660f9

HTTP Headers

GET /img/_favicons/milffinder_fav.png?1056004 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Cookie: __cf_bm=kezCI_nKSajOM0MZj3JTO9he_XHcfI0YaQPvHVhSwdU-1684920471-0-AbLSkhydTC/aeSEKSbXry8XAnqFDI89YbCriN9Vd9ucXYlzBcDi10xEwDoDkO8IFAOgCT6elHMJ7q21yc53x0Eo=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:52 GMT
content-type: image/png
content-length: 18477
last-modified: Tue, 23 May 2023 10:08:54 GMT
etag: "646c90b6-482d"
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-cache-status: HIT
age: 82588
expires: Thu, 01 Jun 2023 09:27:52 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc48158bcc5b4f3-OSL
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/img/_btns/icon_chat.svg

104.18.11.149

200 OK

1.8 kB

URL GET HTTP/2
lpmedia.servefilesonly.com/img/_btns/icon_chat.svg
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1816), with no line terminators
Size
1.8 kB (1776 bytes)
Hash
234b70010c0d843f5bcc8475665ac2d7
475168eecbddcbb689a2d9ba4003469b29f741ee
e15c68ef80e9b7c7258d920bb8c368379db17754e39d5c1951310aa9911eb215

HTTP Headers

GET /img/_btns/icon_chat.svg HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: image/svg+xml
last-modified: Thu, 11 May 2023 07:56:21 GMT
vary: Accept-Encoding
etag: W/"645c9fa5-6f0"
content-encoding: gzip
cf-cache-status: HIT
age: 591013
expires: Thu, 01 Jun 2023 09:27:51 GMT
cache-control: public, max-age=691200
set-cookie: __cf_bm=YVcUbgeqF0OWSxyoimdUrc9MRZn2J7l2fvlBjy5PDSA-1684920471-0-AQo8XT4XfPCgOgpTqvGUEqWEutJOoDMbbvUeZcq8FCCjQr0+UbcrHh6xSPtoCAhISxmr+W7ZMf5XSugfWmYpois=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc481514f38b4f3-OSL
X-Firefox-Spdy: h2

www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6

104.18.6.174

200 OK

22 kB

URL User Request GET HTTP/2
www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
IP
104.18.6.174:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject*.milffinder.com
Fingerprint11:4C:D4:30:05:7C:37:6C:04:E5:3B:57:E8:14:3A:72:5D:80:A6:F7
ValidityTue, 11 Apr 2023 13:45:23 GMT - Mon, 10 Jul 2023 13:45:22 GMT

File type

Size
22 kB (21455 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6 HTTP/1.1
Host: www.milffinder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://d.crystalcrafter.top/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=0, private, must-revalidate, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type, Accept, Origin, Authorization
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD
pragma: no-cache
cf-cache-status: DYNAMIC
set-cookie: PHPSESSID=t2uqc4fp5n2tke656i0sandlag; path=/
__cf_bm=BIUEXeE5vGW5i0ADGFdFK2R..M.bYH2XpIBSewh3tYY-1684920470-0-AZHS1CiIds+PeSJTpp4scKiUjF7Je6oczOkkTSf4sfXnqXVbQtIXCtK5gAPkT7ban5HIlQAUMG+vP+ldlJSqoUs=; path=/; expires=Wed, 24-May-23 09:57:50 GMT; domain=.milffinder.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc4814d2b941c02-OSL
content-encoding: br
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/img/_btns/icon_back.svg

104.18.11.149

200 OK

1.1 kB

URL GET HTTP/2
lpmedia.servefilesonly.com/img/_btns/icon_back.svg
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1105), with no line terminators
Size
1.1 kB (1061 bytes)
Hash
b2dcb2bd29fa03ba489ed4a6e5b13004
c631e45723e49fd373fc04647afc2b5846717572
78408b688f091137fd494429f874fdc404f8d87a15c4353defbf40c2543934cd

HTTP Headers

GET /img/_btns/icon_back.svg HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: image/svg+xml
last-modified: Tue, 16 May 2023 03:22:58 GMT
vary: Accept-Encoding
etag: W/"6462f712-425"
content-encoding: gzip
cf-cache-status: HIT
age: 591013
expires: Thu, 01 Jun 2023 09:27:51 GMT
cache-control: public, max-age=691200
set-cookie: __cf_bm=lrkkFOC7NR4FvEGfQunR5eAihNM4E_mwu4OAFgaHCS4-1684920471-0-AdoIYOGfJp4FdqtBKVtJutStJASRK95OdV1dc5JJsF+5MGdDfLxzVdtGk6zm7aJKKCkcS9X4m/eb7Ol8unEgI2k=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc481514f2cb4f3-OSL
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/build/templates/MobileChat2/scripts.min.js?1056004

104.18.11.149

200 OK

1.5 kB

URL GET HTTP/2
lpmedia.servefilesonly.com/build/templates/MobileChat2/scripts.min.js?1056004
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
ASCII text, with very long lines (1568), with no line terminators
Size
1.5 kB (1501 bytes)
Hash
02ca3f13be2a450e201cc44b16554ed4
4c75e2c243b57e617c1895659524f60afb7b5f4f
1beff1b09d320d96f11d11fd3ed6c192268779c57b4fbfae27c1ff3eedd929d1

HTTP Headers

GET /build/templates/MobileChat2/scripts.min.js?1056004 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: application/javascript
last-modified: Tue, 23 May 2023 10:08:46 GMT
vary: Accept-Encoding
etag: W/"646c90ae-5dd"
access-control-allow-origin: *
cache-control: public, max-age=691200
content-encoding: gzip
cf-cache-status: HIT
age: 81854
expires: Thu, 01 Jun 2023 09:27:51 GMT
set-cookie: __cf_bm=biagjc_IGuGVlgCYdWwtPiUfZrh_Mo6GL8aosIG6Doc-1684920471-0-ASdwsgSeRj2rDfDBEq40nHrlV1H4st0vq1GusxxzeDTDdnsUri/ActN+mThDIMeVQAInHM0QHFDSzf5/diLxF8w=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc481514f29b4f3-OSL
X-Firefox-Spdy: h2

a.crystalcrafter.top/ph-new/assets/rec-1.jpg

104.21.7.3

200 OK

14 kB

URL GET HTTP/3
a.crystalcrafter.top/ph-new/assets/rec-1.jpg
IP
104.21.7.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Certificate
IssuerGoogle Trust Services LLC
Subjectcrystalcrafter.top
FingerprintAA:77:B0:4A:B9:CD:D5:08:E1:89:68:2F:19:DE:3D:71:8F:BA:91:97
ValiditySat, 29 Apr 2023 20:46:27 GMT - Fri, 28 Jul 2023 20:46:26 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (14404 bytes)
Hash
b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47

HTTP Headers

GET /ph-new/assets/rec-1.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=ca64635a4098b45b6b2cb6cd3b038b70-11246-0524&sub_id=teradsmain&hash=rek-HNZdTlsFXjwlBVgGfg&exp=1684920765
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 May 2023 09:27:47 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3844"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4659
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v727RowQLAZkWzQq8q8j%2FLjPHVj0qrGNWAl%2BBBlLsPtMJ1zGI9FzEyLOxeo4k2d%2BQX8sGaG729OZ8LtNklfNbegQskSlw3FaU99LcfvunyoI9I4MDjbSHBpfanbRao3SELJdcjKDTg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc4813b7f66b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

lpmedia.servefilesonly.com/img/_btns/icon_send.svg

104.18.11.149

200 OK

1.0 kB

URL GET HTTP/2
lpmedia.servefilesonly.com/img/_btns/icon_send.svg
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1071), with no line terminators
Size
1.0 kB (1029 bytes)
Hash
654e46b6d1669ba28d8fabe22fab52ef
15837496946a3767f2eab2525182579cab6c2eff
ce4dce8d577329f74028601a8451fa9bf650d79f1530f1b20c59b11de9e61e19

HTTP Headers

GET /img/_btns/icon_send.svg HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: image/svg+xml
last-modified: Tue, 16 May 2023 03:22:58 GMT
vary: Accept-Encoding
etag: W/"6462f712-405"
content-encoding: gzip
cf-cache-status: HIT
age: 591013
expires: Thu, 01 Jun 2023 09:27:51 GMT
cache-control: public, max-age=691200
set-cookie: __cf_bm=qevXCVA2dP5NmxRjpj5C_CZ2.bU9LQAmqFt3ORXMN_I-1684920471-0-AXne4H458qEI6K0BIcx+ppwqkuK58o/JCOpFD+2D5b7OelrGiJ3bCCJL6/pgfM6pNBEl+zen5iX0Jje0WYJRqck=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc481514f3ab4f3-OSL
X-Firefox-Spdy: h2

cdn.onesignal.com/sdks/OneSignalSDK.js

104.18.214.59

200 OK

9.2 kB

URL GET HTTP/2
cdn.onesignal.com/sdks/OneSignalSDK.js
IP
104.18.214.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint68:AF:AC:17:CA:79:7A:8F:ED:F8:D8:57:93:79:CA:FB:69:50:9B:19
ValidityWed, 03 May 2023 00:00:00 GMT - Thu, 02 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9410), with no line terminators
Size
9.2 kB (9204 bytes)
Hash
b30f8e0720209139bd8407b8cbbbb308
f91073b3bfd85715e26dce820a38a503bdff9f0f
38f8be9be63b049e818ef7edefd3a09c0724deaaec765aa1aff8d9efc103a585

HTTP Headers

GET /sdks/OneSignalSDK.js HTTP/1.1
Host: cdn.onesignal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: application/javascript
etag: W/"06f50014011c1fcd9e21b6b0481979de"
access-control-allow-headers: OneSignal-Subscription-Id
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 2433
expires: Sat, 27 May 2023 09:27:51 GMT
cache-control: public, max-age=259200
set-cookie: __cf_bm=wlygobPOg0lsJf6kPpyyZsxJubc41jZej0TraGBlEjc-1684920471-0-ASPbuNP2Xv67cEnMpwsXXW1EPqrspUJOq42N8ouvGWBaXmGErUYG/9MDhVruPG2fu0fE9tup93l2v102hzeCs+Y=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.onesignal.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 7cc48151bf47b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/build/templates/MobileChat2/style.min.css?1056004

104.18.11.149

200 OK

16 kB

URL GET HTTP/2
lpmedia.servefilesonly.com/build/templates/MobileChat2/style.min.css?1056004
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
ASCII text, with very long lines (15859)
Size
16 kB (15860 bytes)
Hash
1c3aea4e28abf97fd80c1519bff3f90b
78d1f5d41c23484a50784f4544058f5d73ecd629
0d7cba5b18481d2412642d349aaf3c16c2f1b8856af09438505444cab69aa548

HTTP Headers

GET /build/templates/MobileChat2/style.min.css?1056004 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: text/css
last-modified: Tue, 23 May 2023 10:08:46 GMT
vary: Accept-Encoding
etag: W/"646c90ae-3df4"
access-control-allow-origin: *
cache-control: public, max-age=691200
content-encoding: gzip
cf-cache-status: HIT
age: 81854
expires: Thu, 01 Jun 2023 09:27:51 GMT
set-cookie: __cf_bm=.NtesbitWKftWwgbVXnVmKWeBZFXiVGE.ib_FBTQBJQ-1684920471-0-AVLq+75viyaGn929hbrLO+ihL3DW7YX7FHwNF+pPE2gs6FyhItLdWkmWeJZLBh4n4ubSJ8Y1U967JUlMB0/zswM=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc48151bfefb4f3-OSL
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/img/_btns/icon_nav.svg

104.18.11.149

200 OK

1.6 kB

URL GET HTTP/2
lpmedia.servefilesonly.com/img/_btns/icon_nav.svg
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1711), with no line terminators
Size
1.6 kB (1614 bytes)
Hash
ec5d6dd43ce7ee49afcdaf8949b20a98
e882e0508117ca24090444114b97445ce77e48d7
478ac9b4d2e6fcee3ee086b865227a5da769af74e9469cf4c35cf4fc6a5ec2dc

HTTP Headers

GET /img/_btns/icon_nav.svg HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: image/svg+xml
last-modified: Thu, 11 May 2023 07:56:21 GMT
vary: Accept-Encoding
etag: W/"645c9fa5-64e"
content-encoding: gzip
cf-cache-status: HIT
age: 507244
expires: Thu, 01 Jun 2023 09:27:51 GMT
cache-control: public, max-age=691200
set-cookie: __cf_bm=apWh4hEGeKuQhJj1yTQZWq1Gz2XKQj4h0n52LzvOlDE-1684920471-0-AW84L7PmodzCyuyJb6MC1BQESGuLrHf6R6i62UFRh+5CGQa7dhtjkpMNAcZKGABMaGLdAgYg9sOMtKXWt6lMdl8=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc481514f30b4f3-OSL
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/build/widgets/loginFormBuilder/styles-1.min.css?1056004

104.18.11.149

200 OK

4.4 kB

URL GET HTTP/2
lpmedia.servefilesonly.com/build/widgets/loginFormBuilder/styles-1.min.css?1056004
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
ASCII text, with very long lines (4353), with no line terminators
Size
4.4 kB (4352 bytes)
Hash
3e9603229494bbcd0e6fb7a6da4c2c0f
99b2e0c0deb90f9940d9077b76c44f78e5fcd07f
7171e52e3eb93734e6bba71a021a1171dee9c59348c2a1e698f02a926394d1f3

HTTP Headers

GET /build/widgets/loginFormBuilder/styles-1.min.css?1056004 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: text/css
last-modified: Tue, 23 May 2023 10:08:46 GMT
vary: Accept-Encoding
etag: W/"646c90ae-1100"
access-control-allow-origin: *
cache-control: public, max-age=691200
content-encoding: gzip
cf-cache-status: HIT
age: 82641
expires: Thu, 01 Jun 2023 09:27:51 GMT
set-cookie: __cf_bm=zFa6CvlJD1qtCe1RMVJZpUdW675_yIrIH6oxmXM8AeI-1684920471-0-ATLJW6hApReabgat7sntMy3To0gEyyt1gM63mYFZUQvZzUKHhtI9qUpMcFFCnlZodseKzlIpMidv7hDKpo1SpDY=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc481520849b4f3-OSL
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Lato:300,400,700

142.250.74.74

200 OK

2.2 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Lato:300,400,700
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint9B:D0:53:C4:55:9D:41:A4:94:03:4A:2B:6A:5B:57:EB:EB:A5:F0:4A
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
ASCII text, with very long lines (2215), with no line terminators
Size
2.2 kB (2167 bytes)
Hash
23d64d8a16cb30ebb2dc683b1766c86d
6c9812e82de801ed3c13be46e8364ae2e202483e
f49f5434f08845654c514764e328ccf05b4b3a01e67837cdeaee6e7525bbaa49

HTTP Headers

GET /css?family=Lato:300,400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 24 May 2023 09:27:51 GMT
date: Wed, 24 May 2023 09:27:51 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/widgets/corner/corner.css?1056004

104.18.11.149

200 OK

170 B

URL GET HTTP/2
lpmedia.servefilesonly.com/widgets/corner/corner.css?1056004
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
ASCII text, with no line terminators
Size
170 B (170 bytes)
Hash
2bb8e3e66eb7a44da67d7e0192a1a609
4fc2cefaadae9bc06db4605094871bb1687e35a9
af20ecf90d909e4e11697221b69426777e9570321c28455ff39ed4e421fcb181

HTTP Headers

GET /widgets/corner/corner.css?1056004 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=246
access-control-allow-origin: *
cache-control: public, max-age=691200
etag: W/"646c91e3-f6"
last-modified: Tue, 23 May 2023 10:13:55 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 82662
expires: Thu, 01 Jun 2023 09:27:51 GMT
set-cookie: __cf_bm=5W99U2HWP8oBXZ8PdCLBCtoEBbBLp34DeQnDAJAM7Gg-1684920471-0-AYjgpYrE+vH5UObzjZ8wqnnmkE1w+mbavLRZvioxElo6Ze87W8t0tZqz3n+gs39eHPDL6aqOT7rTr9cX6nSnFOQ=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc481514f26b4f3-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/img/_btns/icon_gift.svg

104.18.11.149

200 OK

3.4 kB

URL GET HTTP/2
lpmedia.servefilesonly.com/img/_btns/icon_gift.svg
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3459), with no line terminators
Size
3.4 kB (3352 bytes)
Hash
0f4581764adac658508089523c48e0da
7aa76b26775164d170503220f83d66881ff06b9a
16ebdeea27ebc21048e4705200e773ed9a9efaad3142469a276e3bf80b32ca19

HTTP Headers

GET /img/_btns/icon_gift.svg HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: image/svg+xml
last-modified: Tue, 16 May 2023 03:22:58 GMT
vary: Accept-Encoding
etag: W/"6462f712-d18"
content-encoding: gzip
cf-cache-status: HIT
age: 591013
expires: Thu, 01 Jun 2023 09:27:51 GMT
cache-control: public, max-age=691200
set-cookie: __cf_bm=SgsT40LlXttQqy.Dhtxf8YY6u92eDHpLA8KJZwCy0sw-1684920471-0-AQSv+IiLNnel4EEO9FcmbXorc5//jJ0QOK1NXO+3RJVSL52wD5JdQtwAtP0XRUDBAoJrGWQAGZ+dilQG0U7uDaI=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc481514f37b4f3-OSL
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/scripts.min.js?1056004

104.18.11.149

200 OK

22 kB

URL GET HTTP/2
lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/scripts.min.js?1056004
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type

Size
22 kB (21474 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /build/widgets/registrationFormBuilder/scripts.min.js?1056004 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: application/javascript
last-modified: Tue, 23 May 2023 10:08:46 GMT
vary: Accept-Encoding
etag: W/"646c90ae-53e2"
access-control-allow-origin: *
cache-control: public, max-age=691200
content-encoding: gzip
cf-cache-status: HIT
age: 82641
expires: Thu, 01 Jun 2023 09:27:51 GMT
set-cookie: __cf_bm=MYDIZS8t2FnSZEMivSJXtzsswxKwtpONwUDx2Ui.rZ8-1684920471-0-ARqIIKML1gcoU6pGPSOBg+RODIUbxQ2+FVMG037ydgMllMPBT2ydQYlw0ioG8qknslM+PeFuaebEn05jp+TrGkQ=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc481520855b4f3-OSL
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/styles.min.css?1056004

104.18.11.149

200 OK

4.9 kB

URL GET HTTP/2
lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/styles.min.css?1056004
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
ASCII text, with very long lines (4933), with no line terminators
Size
4.9 kB (4922 bytes)
Hash
b9d030ee4f9a845726838c359dc47bbb
f45f7a0dd58e07bf9c9f06081aa7f93f25b4a224
6ae27150f6d1ba72dd71a32d78a1eaa04b806cac9e285157b145a31cc635c10e

HTTP Headers

GET /build/widgets/registrationFormBuilder/styles.min.css?1056004 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: text/css
last-modified: Tue, 23 May 2023 10:08:46 GMT
vary: Accept-Encoding
etag: W/"646c90ae-133a"
access-control-allow-origin: *
cache-control: public, max-age=691200
content-encoding: gzip
cf-cache-status: HIT
age: 82641
expires: Thu, 01 Jun 2023 09:27:51 GMT
set-cookie: __cf_bm=m_4HfoCxxRQeWEkGs5lfh0UAmap0z742dpt8eeeE2j8-1684920471-0-AQP8XHa0ETGw6mMsAsy8/spy1J2uAJDm715l7Eh8vEJ/Giyfq3Iqvtsm7wiPufgz2nZmtAui69MF0ybes6bkJGA=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc48151cff7b4f3-OSL
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/img/_btns/icon_smile.svg

104.18.11.149

200 OK

1.7 kB

URL GET HTTP/2
lpmedia.servefilesonly.com/img/_btns/icon_smile.svg
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1758), with no line terminators
Size
1.7 kB (1694 bytes)
Hash
698e52eeb750419b18d256e0c6878d48
f2d74d29a670075f4fde0e3afc3502af18fb5fdb
0645237dbecb1c90303578109d8256f92d5807367af3429bf7e29dfe46d5777d

HTTP Headers

GET /img/_btns/icon_smile.svg HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: image/svg+xml
last-modified: Wed, 17 May 2023 07:24:17 GMT
vary: Accept-Encoding
etag: W/"64648121-69e"
content-encoding: gzip
cf-cache-status: HIT
age: 419344
expires: Thu, 01 Jun 2023 09:27:51 GMT
cache-control: public, max-age=691200
set-cookie: __cf_bm=00UU6Gimptmavx3EuN1s8ja4yrJVJEa5eywIl4r40OQ-1684920471-0-ASucrvz/UfvcnCOQG3hgEK1Tj6Bgv5ADxeDV+9JwViUaXYDkBB9mUq5+DPiTUuL8+Btz03ZGNdTlS4XMxMCmZJQ=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc481514f39b4f3-OSL
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/build/widgets/loginFormBuilder/scripts.min.js?1056004

104.18.11.149

200 OK

3.2 kB

URL GET HTTP/2
lpmedia.servefilesonly.com/build/widgets/loginFormBuilder/scripts.min.js?1056004
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
ASCII text, with very long lines (3356), with no line terminators
Size
3.2 kB (3234 bytes)
Hash
a141d1a2501178b34d2a20fcb6919b7c
9a045eed5613925cf377d71ee6473909207fefff
59e82223ca848d2b2e2716940892cb5e75168a718dfc094fc578db34dde35721

HTTP Headers

GET /build/widgets/loginFormBuilder/scripts.min.js?1056004 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: application/javascript
last-modified: Tue, 23 May 2023 10:08:46 GMT
vary: Accept-Encoding
etag: W/"646c90ae-ca2"
access-control-allow-origin: *
cache-control: public, max-age=691200
content-encoding: gzip
cf-cache-status: HIT
age: 82641
expires: Thu, 01 Jun 2023 09:27:51 GMT
set-cookie: __cf_bm=kezCI_nKSajOM0MZj3JTO9he_XHcfI0YaQPvHVhSwdU-1684920471-0-AbLSkhydTC/aeSEKSbXry8XAnqFDI89YbCriN9Vd9ucXYlzBcDi10xEwDoDkO8IFAOgCT6elHMJ7q21yc53x0Eo=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc48152085eb4f3-OSL
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/img/_btns/icon_kiss.svg

104.18.11.149

200 OK

1.9 kB

URL GET HTTP/2
lpmedia.servefilesonly.com/img/_btns/icon_kiss.svg
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1935), with no line terminators
Size
1.9 kB (1877 bytes)
Hash
36f70d15268845e4dfc7880bf3e76a9b
b93ed2c284263d70e5aac9bde232ebfbb3f8df3f
cc924f9e55201ad0d9bc79e405ee4e9aacee1320de4b0c213aa1a73e8379b1b4

HTTP Headers

GET /img/_btns/icon_kiss.svg HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: image/svg+xml
last-modified: Tue, 16 May 2023 03:22:58 GMT
vary: Accept-Encoding
etag: W/"6462f712-755"
content-encoding: gzip
cf-cache-status: HIT
age: 591013
expires: Thu, 01 Jun 2023 09:27:51 GMT
cache-control: public, max-age=691200
set-cookie: __cf_bm=up6KdUvG9P6YcgdFHYOIRimdp0lnbsAqI_oSNeT6F_Y-1684920471-0-Afw9k+XDXYGc7z4/yuCtsJBlxExoyucv8orVee8WmP80e4yzLifTjKGonjvv0DpYqKcJsqO1/6CulM4iTAojwjQ=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc481514f35b4f3-OSL
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

104.18.10.207

200 OK

31 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (30837)
Size
31 kB (31000 bytes)
Hash
269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

HTTP Headers

GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"269550530cc127b6aa5a35925a7de6ce"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 11/18/2022 06:18:29
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 722
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 86fd96f5aa4c1b4ae340363f44e3ac4f
cdn-cache: HIT
cf-cache-status: HIT
age: 649293
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7cc48150e9e4b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/img/_btns/icon_favorit.svg

104.18.11.149

200 OK

1.0 kB

URL GET HTTP/2
lpmedia.servefilesonly.com/img/_btns/icon_favorit.svg
IP
104.18.11.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1088), with no line terminators
Size
1.0 kB (1046 bytes)
Hash
9f4094eced08e4cc8cf20ea8338a9870
181557fdc343d3cef440f25b6bbdc28fd18bc205
a1fc541caceca412cc822fe9bdd7b233005b16df580cedba7c85e65fe6538386

HTTP Headers

GET /img/_btns/icon_favorit.svg HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.milffinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:51 GMT
content-type: image/svg+xml
last-modified: Tue, 16 May 2023 03:22:58 GMT
vary: Accept-Encoding
etag: W/"6462f712-416"
content-encoding: gzip
cf-cache-status: HIT
age: 591013
expires: Thu, 01 Jun 2023 09:27:51 GMT
cache-control: public, max-age=691200
set-cookie: __cf_bm=pTDLDeTcN_iaiQMVKJOPSn3NJLl5pWJF3YnEEagHukI-1684920471-0-AWwqbJMryplLYfcvFTa1ZMID1//E/I/4O2LlXB9JTWyxlY33Ibk9wcAxxIN/c0/kPGqCk20jyJld8mg3N2wqnjU=; path=/; expires=Wed, 24-May-23 09:57:51 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cc481514f34b4f3-OSL
X-Firefox-Spdy: h2

lpmedia.servefilesonly.com/img/_patterns/mc-chat-desktop.svg

0.0.0.0

870 kB

URL GET
lpmedia.servefilesonly.com/img/_patterns/mc-chat-desktop.svg
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.milffinder.com/landing/mc8102?clickId=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tracker=SGM_Pro&publisher=1510&subPublisher=64923&zz=true&hit_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6&tp_redirect_id=42c901ef-1e33-4d8b-9b4a-4d2ebaaed1e6
Certificate
IssuerLet's Encrypt
Subjectservefilesonly.com
Fingerprint58:67:72:4B:FE:27:72:21:AB:10:C8:F8:0D:4A:44:4D:9E:85:02:47
ValidityTue, 18 Apr 2023 13:48:15 GMT - Mon, 17 Jul 2023 13:48:14 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8493)
Size
870 kB (870122 bytes)
Hash
e4f68122ce486c9d357f4aca4d23ae30
ce65c6cac7abe82f8033cf32d1ef9c341ed38d59
cc48b2338528e5d48dee7b6e016aee14d384a7f7a8bcefc95c3e9ccd366ca050

HTTP Headers

GET /img/_patterns/mc-chat-desktop.svg HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lpmedia.servefilesonly.com/build/templates/MobileChat2/style.min.css?1056004
Cookie: __cf_bm=kezCI_nKSajOM0MZj3JTO9he_XHcfI0YaQPvHVhSwdU-1684920471-0-AbLSkhydTC/aeSEKSbXry8XAnqFDI89YbCriN9Vd9ucXYlzBcDi10xEwDoDkO8IFAOgCT6elHMJ7q21yc53x0Eo=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 09:27:52 GMT
content-type: image/svg+xml
last-modified: Wed, 17 May 2023 07:24:17 GMT
vary: Accept-Encoding
etag: W/"64648121-d46ea"
content-encoding: gzip
cf-cache-status: HIT
age: 48708
expires: Thu, 01 Jun 2023 09:27:52 GMT
cache-control: public, max-age=691200
server: cloudflare
cf-ray: 7cc481578acab4f3-OSL
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (114)

URL

IP

ASN

File type