Report - www.fur.ly/e14k

Report Overview

Submitted URL
www.fur.ly/e14k
IP
185.53.177.50
ASN
#61969 Team Internet AG
Submitted
2023-05-11 12:55:55
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-05-11	1.1 kB	33 kB	142.250.74.3
www.fur.ly	unknown	unknown	2013-04-18	2023-05-05	2.5 kB	4.0 kB	185.53.177.50
a.crystalcrafter.top	unknown	2023-04-29	2023-05-09	2023-05-11	2.7 kB	233 kB	104.21.7.3
qwfuu.altairaquilae.top	unknown	unknown	No data	No data	606 B	1.0 kB	172.67.142.37
qwfuu.crystalcrafter.top	unknown	2023-04-29	2023-05-10	2023-05-11	11 kB	304 kB	104.21.7.3
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-11	2.3 kB	4.9 kB	142.250.74.131
www.gstatic.com	unknown	2008-02-11	2016-07-26	2023-05-10	3.6 kB	82 kB	142.250.74.35
js.streampsh.top	unknown	2022-11-18	2023-05-01	2023-05-11	2.1 kB	182 kB	172.67.169.207
d38psrni17bvxu.cloudfront.net	unknown	2008-04-25	2022-09-22	2023-05-11	333 B	1.5 kB	54.230.245.8
go.proffering.xyz	unknown	2022-06-07	2022-06-08	2023-05-11	620 B	1.2 kB	20.113.67.50
b.crystalcrafter.top	unknown	2023-04-29	2023-05-09	2023-05-11	592 B	7.7 kB	104.21.7.3
d.crystalcrafter.top	unknown	2023-04-29	2023-05-09	2023-05-11	8.2 kB	278 kB	104.21.7.3
oxbnr.datingllfe.net	unknown	2023-04-28	2023-05-06	2023-05-11	1.4 kB	34 kB	63.32.216.166
fulbe-whs.com	unknown	2023-05-02	2023-05-02	2023-05-11	1.7 kB	4.0 kB	54.165.180.165
c.crystalcrafter.top	unknown	2023-04-29	2023-05-09	2023-05-11	2.0 kB	146 kB	104.21.7.3
feed.streampsh.top	unknown	2022-11-18	2023-05-01	2023-05-11	504 B	5.0 kB	172.67.169.207
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-05-11	932 B	12 kB	142.250.74.106
ocsp.r2m01.amazontrust.com	unknown	2007-05-11	2022-10-12	2023-05-11	340 B	1.0 kB	54.230.80.227
cdn-dimi.akamaized.net	unknown	2014-03-18	2022-07-07	2023-05-11	7.5 kB	2.0 MB	88.221.27.128

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-11 12:55:39	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-05-11	medium	oxbnr.datingllfe.net/ortb

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	cdn-dimi.akamaized.net/landings/277386/1674482702/js/vegas.js?1674482703	12 kB	2023-03-07	2024-03-04
Pretty URL cdn-dimi.akamaized.net/landings/277386/1674482702/js/vegas.js?1674482703 IP 88.221.27.128 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:43 Last Seen2024-03-04 11:45:24 Times Seen2745 Hash 9acc66fdf18dea05bd75165eb5a96259 f613c52a08155727d4f07536d7bc8df5b6fa0c84 4941450491d73ab79ffb428e660c4cb581acbbad86edf8e943211ea51fe3a6c1 Loading...

	oxbnr.datingllfe.net/?s1=43431&s2=1106323&s3=&s5=backuser&click_id=&iexpp=1&j1=1&j5=1&utm_source=da57dc555e50572d	0 B	2023-03-07	2024-04-26
Pretty URL oxbnr.datingllfe.net/?s1=43431&s2=1106323&s3=&s5=backuser&click_id=&iexpp=1&j1=1&j5=1&utm_source=da57dc555e50572d IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 08:57:02 Times Seen37087512 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdn-dimi.akamaized.net/landings/277386/1674482702/js/translates.js?1674482703	28 kB	2023-03-07	2023-11-27
Pretty URL cdn-dimi.akamaized.net/landings/277386/1674482702/js/translates.js?1674482703 IP 88.221.27.128 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:19 Last Seen2023-11-27 04:28:25 Times Seen1471 Hash 07cee83d1be10af1ca991d1c60abd6e2 b5f142d6aac82ede612b6cf96b1e7f25d797e87a 6fc50a9d3f16721904905fa44980c6cac2e3e82f5da71c18f84d289dd1bc54d3 Loading...

	oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1	2.1 kB	2023-05-11	2023-05-11
Pretty URL oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1 IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-11 14:56:09 Last Seen2023-05-11 14:56:09 Times Seen1 Hash a037383451d17f4b8ffce312cbfee146 8a855f1cd52b2f3242fc54f124a0c54d2c959059 04ba0c30baffd79127367d562c22f88914353037432be6b77711dfe5b76bb754 Loading...

	oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1	3.6 kB	2023-03-26	2023-05-17
Pretty URL oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1 IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 09:21:10 Last Seen2023-05-17 11:10:05 Times Seen17 Hash 8dd1849614c2371268c208f299970638 5c1c9aad0ee61fb0e6cabb1bfc9ca287b76a646d 7941ffaf4c1f078732bb0a353e91797b44dbf6be430bed59f9460680567dd4cd Loading...

	oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1	9.7 kB	2023-05-11	2023-05-11
Pretty URL oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1 IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-11 14:56:09 Last Seen2023-05-11 14:56:09 Times Seen1 Hash 6740cba82c017c57c78a397728462183 231b5499d6df4f27e925a930ded040b41ee0e0ec 6ddd0decdd97a2907a4efae998f33b90fa76d4515d32ccb7f6b89c9ca784168c Loading...

	cdn-dimi.akamaized.net/landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703	86 kB	2023-03-07	2024-04-26
Pretty URL cdn-dimi.akamaized.net/landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703 IP 88.221.27.128 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-26 08:39:21 Times Seen384573 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	cdn-dimi.akamaized.net/landings/277386/1674482702/js/tn_pHash.js?1674482703	252 B	2023-03-07	2023-12-04
Pretty URL cdn-dimi.akamaized.net/landings/277386/1674482702/js/tn_pHash.js?1674482703 IP 88.221.27.128 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:19 Last Seen2023-12-04 06:45:22 Times Seen1475 Hash 3544c08851825a863747a126548d6993 01882998e61b9f93d5f346386fa633f6b8d95b2d 9804b1c7443db74b2d7fe81cf11d84c8f0d9a7dee281b4fe8c15552bdc7eed69 Loading...

	cdn-dimi.akamaized.net/landings/277386/1674482702/js/function.js?1674482703	4.2 kB	2023-03-07	2024-01-30
Pretty URL cdn-dimi.akamaized.net/landings/277386/1674482702/js/function.js?1674482703 IP 88.221.27.128 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:43 Last Seen2024-01-30 06:51:41 Times Seen1355 Hash 5da2c51949f2a873bf0091a104658e72 89d122a536af95bd4183de41fa10e6947c9806e8 80a1aae3b07ee310419c80f52fb2f179bfebc74bf46598bc6b041455feef3201 Loading...

	cdn-dimi.akamaized.net/landings/277386/1674482702/js/title_tanslate.js?1674482703	3.0 kB	2023-03-08	2024-04-25
Pretty URL cdn-dimi.akamaized.net/landings/277386/1674482702/js/title_tanslate.js?1674482703 IP 88.221.27.128 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:05:28 Last Seen2024-04-25 01:45:40 Times Seen3633 Hash 5f373fa5bf21c44b9ad23b70ef96e73d 068ef5b63ab18924a286f2c0c3ec46545e08c678 7f40bc2c95ee280de5320ae7d33f2e57eeeb0cda5b5820f2c456a0c9ba50ed77 Loading...

	oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1	301 B	2023-05-11	2023-05-11
Pretty URL oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1 IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-11 14:56:09 Last Seen2023-05-11 14:56:09 Times Seen1 Hash e339073709f039c0c7bdbcfe35ea5cf0 770b41004bfb76f538f50459fb3704885e8bf06b 86a48039ba8ccf14c20d1f5f45a43d008576eac13796d7069a818e0bb984c3c1 Loading...

HTTP Transactions (92)

URL IP Response Size

www.fur.ly/e14k

185.53.177.50

1.4 kB

URL
www.fur.ly/e14k
IP
185.53.177.50:0
ASN
#61969 Team Internet AG

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (385)
Size
1.4 kB (1359 bytes)
Hash
b3c264b0f9524de18b9682c2cc21b79d
0503d68728b5cdc0d68afa8e74f95828468973c0
91e0fbdeb3e71be6d2f03707908eeb201e5c7336a97a470e6f3a86fb4d1925b4

HTTP Headers

GET /e14k HTTP/1.1
Host: www.fur.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 11 May 2023 12:55:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Redirect: zeropark_zeroclick
X-Buckets: bucket011
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_n9T1bbyJ+qVxmHr6IQra2Gs/CXd0bfmKarw9UjzZMwMAYKlfYCvdI4kA4y8MJRgXnVSipq84ctXB1Gt8FLgwBw==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Domain: fur.ly
X-Subdomain: www
Content-Encoding: gzip

d38psrni17bvxu.cloudfront.net/scripts/js3.js

54.230.245.8

1.1 kB

URL
d38psrni17bvxu.cloudfront.net/scripts/js3.js
IP
54.230.245.8:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (468)
Size
1.1 kB (1096 bytes)
Hash
a66b149a7ebc798955373415d683f32a
15ceaba8cfae8368600620ae97aa26ae7331d626
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9

HTTP Headers

GET /scripts/js3.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.fur.ly/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 1096
Connection: keep-alive
Server: nginx
Date: Thu, 11 May 2023 00:54:14 GMT
Last-Modified: Mon, 23 Jan 2023 11:12:07 GMT
Accept-Ranges: bytes
ETag: "63ce6b87-448"
X-Cache: Hit from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: TmL7pNANAHG2QRJVCnXrSddnyXmaN5DkzZEwKIpBuJyZgnX-O4PoIw==
Age: 43283

www.fur.ly/track.php?domain=fur.ly&toggle=browserjs&uid=MTY4MzgwOTczNi40MzYzOmQxODA1ZDMwYWZhMDllZGRkODllNzNkYTM3MjE0ODEzMGRmMzhlYTQ5MjdkYmUyNzM4ZTQzNDZiYjg1NTQ4YjU6NjQ1Y2U1Yzg2YTg1Yw%3D%3D

185.53.177.50

20 B

URL
www.fur.ly/track.php?domain=fur.ly&toggle=browserjs&uid=MTY4MzgwOTczNi40MzYzOmQxODA1ZDMwYWZhMDllZGRkODllNzNkYTM3MjE0ODEzMGRmMzhlYTQ5MjdkYmUyNzM4ZTQzNDZiYjg1NTQ4YjU6NjQ1Y2U1Yzg2YTg1Yw%3D%3D
IP
185.53.177.50:0
ASN
#61969 Team Internet AG

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /track.php?domain=fur.ly&toggle=browserjs&uid=MTY4MzgwOTczNi40MzYzOmQxODA1ZDMwYWZhMDllZGRkODllNzNkYTM3MjE0ODEzMGRmMzhlYTQ5MjdkYmUyNzM4ZTQzNDZiYjg1NTQ4YjU6NjQ1Y2U1Yzg2YTg1Yw%3D%3D HTTP/1.1
Host: www.fur.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.fur.ly/e14k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 11 May 2023 12:55:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.fur.ly/ls.php?t=645ce5c8&token=5d93a2b0aee13bf2edc5e5a1caf1934921995ff0

185.53.177.50

16 B

URL
www.fur.ly/ls.php?t=645ce5c8&token=5d93a2b0aee13bf2edc5e5a1caf1934921995ff0
IP
185.53.177.50:0
ASN
#61969 Team Internet AG

File type
JSON data\012- , ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

HTTP Headers

GET /ls.php?t=645ce5c8&token=5d93a2b0aee13bf2edc5e5a1caf1934921995ff0 HTTP/1.1
Host: www.fur.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.fur.ly/e14k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 201 Created
Server: nginx
Date: Thu, 11 May 2023 12:55:37 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 645ce5c9cbb1ae12c149b82f
Charset: utf-8
Access-Control-Allow-Origin: 
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_SthGFhu8YRJtztCMoxv/xb6aq6XfRRzOtUcILA1LREsv74sOXzxttuLCQA2R2b8zU3YrNtGpL4LnXWJABi6MVQ==

www.fur.ly/favicon.ico

185.53.177.50

0 B

URL
www.fur.ly/favicon.ico
IP
185.53.177.50:0
ASN
#61969 Team Internet AG

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.fur.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.fur.ly/e14k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 11 May 2023 12:55:37 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes

www.fur.ly/track.php?click=7d905f613654ea9b70e255b7bdd643a73d525fe6&domain=fur.ly&uid=MTY4MzgwOTczNi40MzYzOmQxODA1ZDMwYWZhMDllZGRkODllNzNkYTM3MjE0ODEzMGRmMzhlYTQ5MjdkYmUyNzM4ZTQzNDZiYjg1NTQ4YjU6NjQ1Y2U1Yzg2YTg1Yw%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NDVjZTVjODZhODQ3fHx8MTY4MzgwOTczNi43NzY2fDRkNDc0YzFlN2UzNmYxZDMzOGNhMWZlYTRjMDQ4N2RmYmQ5M2M3YTF8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXw1ZDkzYTJiMGFlZTEzYmYyZWRjNWU1YTFjYWYxOTM0OTIxOTk1ZmYwfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off

185.53.177.50

20 B

URL
www.fur.ly/track.php?click=7d905f613654ea9b70e255b7bdd643a73d525fe6&domain=fur.ly&uid=MTY4MzgwOTczNi40MzYzOmQxODA1ZDMwYWZhMDllZGRkODllNzNkYTM3MjE0ODEzMGRmMzhlYTQ5MjdkYmUyNzM4ZTQzNDZiYjg1NTQ4YjU6NjQ1Y2U1Yzg2YTg1Yw%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NDVjZTVjODZhODQ3fHx8MTY4MzgwOTczNi43NzY2fDRkNDc0YzFlN2UzNmYxZDMzOGNhMWZlYTRjMDQ4N2RmYmQ5M2M3YTF8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXw1ZDkzYTJiMGFlZTEzYmYyZWRjNWU1YTFjYWYxOTM0OTIxOTk1ZmYwfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off
IP
185.53.177.50:0
ASN
#61969 Team Internet AG

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /track.php?click=7d905f613654ea9b70e255b7bdd643a73d525fe6&domain=fur.ly&uid=MTY4MzgwOTczNi40MzYzOmQxODA1ZDMwYWZhMDllZGRkODllNzNkYTM3MjE0ODEzMGRmMzhlYTQ5MjdkYmUyNzM4ZTQzNDZiYjg1NTQ4YjU6NjQ1Y2U1Yzg2YTg1Yw%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NDVjZTVjODZhODQ3fHx8MTY4MzgwOTczNi43NzY2fDRkNDc0YzFlN2UzNmYxZDMzOGNhMWZlYTRjMDQ4N2RmYmQ5M2M3YTF8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXw1ZDkzYTJiMGFlZTEzYmYyZWRjNWU1YTFjYWYxOTM0OTIxOTk1ZmYwfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off HTTP/1.1
Host: www.fur.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.fur.ly/e14k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 11 May 2023 12:55:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-View-Match: true
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

ocsp.r2m01.amazontrust.com/

54.230.80.227

471 B

URL
ocsp.r2m01.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
9725f73e71e4f54dcb34e202fe548383
351bf2356874e65879585bbebcf586cc546b78b4
4f1ec94f3b97a6fcfe9c7d1bd43ddb0aadc4bdc9e9486632e0cd157e31305f23

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=160043
Date: Thu, 11 May 2023 12:55:38 GMT
Etag: "645c9dde-1d7"
Expires: Sat, 13 May 2023 09:23:01 GMT
Last-Modified: Thu, 11 May 2023 07:48:46 GMT
Server: ECAcc (nya/79CE)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 6VP3TB9ZQ0YAd6yP-jwWF6T2y-hN22sFRUhQZIu0NLBCBXsi7TIpyQ==
Age: 5655

fulbe-whs.com/zcvisitor/1fb24540-effb-11ed-a23f-128de1e45cb5/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97

54.165.180.165

1.1 kB

URL
fulbe-whs.com/zcvisitor/1fb24540-effb-11ed-a23f-128de1e45cb5/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97
IP
54.165.180.165:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.1 kB (1098 bytes)
Hash
7139926b66a257fe944c619b9725cbba
e94d6f83aadeae728288a5e9f4a0c194266471c9
f65332bb3941e39e86321f8bf13725bc8c1955c9ce251963f958b7925a4bc06c

HTTP Headers

GET /zcvisitor/1fb24540-effb-11ed-a23f-128de1e45cb5/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97 HTTP/1.1
Host: fulbe-whs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.fur.ly/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 11 May 2023 12:55:38 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: koZsQlxf

fulbe-whs.com/zcredirect?visitid=1fb24540-effb-11ed-a23f-128de1e45cb5&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false

34.238.227.119

462 B

URL
fulbe-whs.com/zcredirect?visitid=1fb24540-effb-11ed-a23f-128de1e45cb5&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false
IP
34.238.227.119:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
462 B (462 bytes)
Hash
080a1450502684703ef6fddb71dde6d9
b3e15bf6200ae40a0decee5c838be0752a6e8391
ca3bce791076e89f3bfd154f4d86c6e52c45d0ce29ed9a56f0f4d459710ccfec

HTTP Headers

GET /zcredirect?visitid=1fb24540-effb-11ed-a23f-128de1e45cb5&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: fulbe-whs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://fulbe-whs.com/zcvisitor/1fb24540-effb-11ed-a23f-128de1e45cb5/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 11 May 2023 12:55:39 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: WuaGCkjJ

fulbe-whs.com/favicon.ico

34.238.227.119

653 B

URL
fulbe-whs.com/favicon.ico
IP
34.238.227.119:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size
653 B (653 bytes)
Hash
ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: fulbe-whs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fulbe-whs.com/zcredirect?visitid=1fb24540-effb-11ed-a23f-128de1e45cb5&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 
Date: Thu, 11 May 2023 12:55:39 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: rnHvEloT

go.proffering.xyz/15GUIL?zoneid=lateritious-falcon&campaignid=2069719&target=alpha-ose-de7vlk3zw&cost=0.001200&external_id=NON-ADULT

20.113.67.50

312 B

URL
go.proffering.xyz/15GUIL?zoneid=lateritious-falcon&campaignid=2069719&target=alpha-ose-de7vlk3zw&cost=0.001200&external_id=NON-ADULT
IP
20.113.67.50:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, ASCII text, with very long lines (312), with no line terminators
Size
312 B (312 bytes)
Hash
22aecfea9f525e209f8b317133bcb485
334e6875ff3f6ec94f0330e7b58f31161d41fe67
10db18b5cc897a93b3d23d12bed39ccfc2e8079e10d20cc9483dfa04fa4171d1

HTTP Headers

GET /15GUIL?zoneid=lateritious-falcon&campaignid=2069719&target=alpha-ose-de7vlk3zw&cost=0.001200&external_id=NON-ADULT HTTP/1.1
Host: go.proffering.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://fulbe-whs.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.23.0
Date: Thu, 11 May 2023 12:55:39 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 312
Connection: keep-alive
X-Powered-By: Express
Set-Cookie: 15GUILo=20230511151683810348109; domain=.go.proffering.xyz; path=/;expires=Fri, 12 May 2023 12:55:39 GMT;  httpOnly=true;SameSite=None; Secure;
_pc_lc_id=15GUIL; domain=.go.proffering.xyz; path=/;expires=Fri, 12 May 2023 12:55:39 GMT;  httpOnly=true;SameSite=None; Secure;
peerclickcid=db399d8d777fb105ddeba94748ebdaf7-11246-0511; domain=.go.proffering.xyz; path=/;expires=Fri, 12 May 2023 12:55:39 GMT;  httpOnly=true;SameSite=None; Secure;
_norg=1; domain=.go.proffering.xyz; path=/;expires=Fri, 12 May 2023 12:55:39 GMT;  httpOnly=true;SameSite=None; Secure;
Location: https://qwfuu.altairaquilae.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511
Vary: Accept

qwfuu.altairaquilae.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511

172.67.142.37

0 B

URL
qwfuu.altairaquilae.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511
IP
172.67.142.37:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511 HTTP/1.1
Host: qwfuu.altairaquilae.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://fulbe-whs.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 11 May 2023 12:55:40 GMT
content-length: 0
location: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
set-cookie: W7-lkuObDEWXzHM4LgqUhA=19; max-age=345600; path=/; samesite=lax
__pl=dc1194f1-1bb7-4695-881e-6397955e8379; expires=Sun, 11 May 2025 12:55:40 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f0cFv92sTZoZxuzFpCDZcZbVyrg1PH0RmzfDEaCZWTIiE2aszlhYEn72%2Bobk7L5LKhOiAq54CzbORvLNSLIqlmmOSZpMIwHqtUxodVs6xc%2BbcKY%2FztqgE4YcJwhFY78kw6Tfn9kqqJBnuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c5a93db88e3b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

qwfuu.crystalcrafter.top/ph-new/assets/thumb-big.jpg

104.21.7.3

83 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/thumb-big.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Size
83 kB (82623 bytes)
Hash
cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788

HTTP Headers

GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:40 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-142bf"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1791
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DYex%2FG9VjmZZ5SAOuIzSIP%2FJyODWjIz2azkjfSjjlLphRaPQZxNkgacvu8gF4eecyJEUEV33ABT%2FvpOuZTo6%2FGoRbEs8u5nPAuhXJ6jLhGFZowa089vIzhL7h0DiFWNP6ekr6bJA%2F31OzZk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93dea94fb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/favicon.ico

104.21.7.3

0 B

URL
qwfuu.crystalcrafter.top/favicon.ico
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Thu, 11 May 2023 12:55:40 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1473
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c6RUkQZCyD8ymZN6r9HJxKMWQrMhfioL7HXBjQvvQ8pGbGQfBgupjtWmbnlwP1p%2FVx%2Fq6%2FcsJoXwPDnqYVNUCytPfHoTDZpwxCmxME%2F7Kv0DhSx%2FUEyqIic%2FjY9gqYU2WNrmArcYjTAZy8I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e04bb1b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
47272cb076c77e164e7570dd49d90025
0039db810fa5c031bdab6e71925d197e50906041
c87f1232b211dac41dd77de133a3017154e0d47ce5aa864a782b725a3b0f9b7f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 11 May 2023 12:55:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/firebasejs/8.4.1/firebase-app.js

142.250.74.35

6.8 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (21158)
Size
6.8 kB (6763 bytes)
Hash
e20da9cfaabf0b23d89c2335c06e2b03
b1af5616825acaba44bd714bd2685327abe896fd
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

HTTP Headers

GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 May 2023 06:18:54 GMT
expires: Fri, 10 May 2024 06:18:54 GMT
cache-control: public, max-age=31536000
age: 23807
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
47272cb076c77e164e7570dd49d90025
0039db810fa5c031bdab6e71925d197e50906041
c87f1232b211dac41dd77de133a3017154e0d47ce5aa864a782b725a3b0f9b7f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 11 May 2023 12:55:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 10 May 2023 00:16:42 GMT
expires: Thu, 09 May 2024 00:16:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 131939
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

qwfuu.crystalcrafter.top/ph-new/assets/rec-2.jpg

104.21.7.3

11 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-2.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
11 kB (10890 bytes)
Hash
dbe1dba764a2ef20cf6760ad30539988
e14dca406d4f5932a9a4683635bbdf87def79eba
b0fe8ace388ec8556bcdd46cd30a03ddaadcf80d124e9052f2a19a27061829f7

HTTP Headers

GET /ph-new/assets/rec-2.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: image/jpeg
content-length: 10890
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2a8a"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1555
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q2L4B0AyWH5rjLSEKCSxtPR%2FzrIIe1hfNoGVOq54Aiw4eLOIZzJ7FPWsszbW%2BUx%2FhRzNrweqtrpt39MEeji%2BflDje%2Fq2oaaRLo%2BYtz9uOWmNqR20b343nukD08MbS0wm5h6ZBcsrULRS2lc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e27ee2b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-3.jpg

104.21.7.3

15 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-3.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
15 kB (15217 bytes)
Hash
4d58cecaa4f40c979917c8e4d907033f
f0c6d616bcc3f4bd5a1dadbca8254d9f34f2921c
9ee7f1aecdeb64f4ce54c5d0b7ea3d92b2e9d06a7f9cb7b793e39262cda05996

HTTP Headers

GET /ph-new/assets/rec-3.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: image/jpeg
content-length: 15217
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3b71"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1555
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3g6Mzr4kruDj9428gFWpC25uwxEGTneqBDtVNZMWTtkfKxQAzKKKE0QPLyBlO9IjF7NN5S8j3HuAHGdqtuvI0%2B6etPA9tGdGudyUGqeZ8z5bxmgW2N9wFAgmjlS%2FUWEWehixP2bB%2BfiEWEg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e27ee6b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-1.jpg

104.21.7.3

14 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-1.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (14404 bytes)
Hash
b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47

HTTP Headers

GET /ph-new/assets/rec-1.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3844"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1555
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KDNa7LvYtfy74ORLZfK5IWK%2BACmFstxBhPtTzhQmfqyoWEmrJJ5NEOglZn0VUXxE3WfuxZeWyajmo4Z2NjrwUfywQCSkfHv8JSEzmDk4yuP9%2B0sAjOazVjvx55x%2BEzZ4Oy8mkc7p1mGXT5g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e27ee5b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-4.jpg

104.21.7.3

8.9 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-4.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
8.9 kB (8900 bytes)
Hash
8375f2a1249ce00f118c5b616ab71492
4e2d3bc095c01632578b0b39afbfc03f43e3fa42
f71320d61eb339fdb7b5d20249d4f6aa6e37e22e618dc83e8459da1db3f79483

HTTP Headers

GET /ph-new/assets/rec-4.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: image/jpeg
content-length: 8900
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-22c4"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1555
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4eb0otrcTItRzI2JJfgAjYIKolRNDiNR3QVrLZ0VT8FXgCujll0%2FZSyAyq8e4UVPJp5UNglwX7d28uJBC2XRgtC0s7u3CLul6CfQCi4opdQB0tfG4xtieoWKKphl6iiuhG8zh%2BcRklXUEdw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e28eedb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-5.jpg

104.21.7.3

13 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-5.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (13149 bytes)
Hash
f9ec603fbe19b12e8a8c1874eea3e5f2
0e24410f618ffa17dc6a9380a5b9a4c06dfba4a9
a77b6918c2799981aa1a09fc5f787ff109883093f2efd28beaf79031f5a8ac02

HTTP Headers

GET /ph-new/assets/rec-5.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: image/jpeg
content-length: 13149
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-335d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1555
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=de0EihIG%2FlO%2FPZdLrsmYq8LQBCHBdV2VwukYoWix50l3TclIeij8qSdO3Jhgccr5t9MmgYkjkHAbwQoZReI086hlqg7G81OKJ8vtDx1Dl2wY6kLWBZgULyTNEH2OLS7yVQUzmlKg6BbLqIg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e28ef0b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-6.jpg

104.21.7.3

16 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-6.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
16 kB (15988 bytes)
Hash
4887925f773d2ba9caea39686f764c7f
98c9abb09854fee425dbd78ad623af053cec6721
6e1e474a8fc326cd06593e0c1a55d0e73126ada3bf169713b847e82d28646773

HTTP Headers

GET /ph-new/assets/rec-6.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: image/jpeg
content-length: 15988
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3e74"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1555
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EDUB864ySionN1CpKqekI%2BDcYV5tYpUtVtLkgwN4cv2Ed9K0bKbczP1wlTQSaCNp51LVr0qncA1kQPbs9%2BztakHBjcM7wEaLLvmR7glAmEzyyhE6ZCdBdKzUtb8vAEXp5vTE36SuYAO%2FkIw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e28ef2b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-8.jpg

104.21.7.3

13 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-8.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (12992 bytes)
Hash
eb826882457e1589d8a7d3b3499c4556
91284882dec199a9cc02ffa3ef3c86505159ce12
4fad6c5d1cd5bdb7eea1b216774e831a6e59a11ddcc8b0881747a4d278d86940

HTTP Headers

GET /ph-new/assets/rec-8.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: image/jpeg
content-length: 12992
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-32c0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1555
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XBEAU0b5Z427hTTeLMpINeNzChgPk5YzJOhr6pXhFgOvb4wl9MpqESAUJgC56bePZj3msMeImOnHrqnnY9w52%2BAViKYeBqN7w8NUOXU1CvUo2GJDXJZAO%2F2FbxWV7KeUrfFKVqTFwQj3eno%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e29efcb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-7.jpg

104.21.7.3

14 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-7.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13963 bytes)
Hash
f8af6bb4bdbbf2788da61a614e2f214e
d4a22a315356fcbc5f4a6af2d8a15e96721abddc
edb8c2bdc0f5612a5bf789af233ccaa63dd3751fbfaffb01be48e6e43e78b0bc

HTTP Headers

GET /ph-new/assets/rec-7.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: image/jpeg
content-length: 13963
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-368b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1555
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XBYEEKP%2Bs98V%2Fd1L%2FjRD5EzCnAHaLOLNSWAnJNYEGds3GDwbT3vzJYTagwiVvtk1B9L7U%2FLMmUoHPYdwm7qEjVFUpeXfI%2BnIwOApKBdaK870X3FWkgC1%2FomCSXDFzal2gdfwD4auVN0KCuc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e29efeb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/2.jpg

104.21.7.3

21 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/2.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
21 kB (21253 bytes)
Hash
c3f3eb5d00c73ac19828309a4cde4e96
be66f4e10a00d90a0f8fdc0a5a4dbd19c143d97d
626b570f2ffdf83add77f51246ccb195fec4c15e4289173b8183cd47e7cfd763

HTTP Headers

GET /ph-new/assets/2.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: image/jpeg
content-length: 21253
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-5305"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1554
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4WlSC8NIyvABfv9%2FbjDLpSJv7r6G8UEGJqfSWxudnsEm9oOuTFH13AlAkkhQMBur6iNVYRYcH5a15sSr2tNfExPmtwK7dLfuCcnTSNfSwdYuCRbCeuKW4jV9axa70IV4Nz3JDz%2BeTV7qy%2Fw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e2bf32b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/1.jpg

104.21.7.3

14 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/1.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (14404 bytes)
Hash
b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47

HTTP Headers

GET /ph-new/assets/1.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3844"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1554
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WkpF7QTQAMzy4v7PXoNvA42JuN0J%2F9gYMbliYLsrcg5gvFp7g0Hq9ncH9UFv%2FORnFG%2BR1%2BcJcb3M8HqBiY1WALiTCN20qlQjHKetp1n6eFZH6Jr%2FZdsvtBxn6vQ8WdlF651SyickcmrRtMc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e2bf2fb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/5.jpg

104.21.7.3

12 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/5.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
12 kB (11713 bytes)
Hash
113d196991f086fe21f82ee35286eddc
093b74a20c8902f13be1ee735f90a93e397227f9
34a3bc9a7aee67e35d57d4bb0bdccf08c3639da85d2421c58f6c4a92f5eee5e1

HTTP Headers

GET /ph-new/assets/5.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: image/jpeg
content-length: 11713
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2dc1"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1554
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sSXT7zndNHSJv2wrmaNVgHG%2Bu%2FEAIjkul4jfHoOfZwzOwChW9HjfsXAvnumtyN09eSflU2NXBcwLkWLR3XX9sqNZ2QzayTGcO1PMgnPAhIK6uQFXevxTY7z9l1Op65Y5YHcILtQ1dUnvfyg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e2bf35b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/3.jpg

104.21.7.3

11 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/3.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
11 kB (11094 bytes)
Hash
3f9b232e4a112a89dedcae34ff319dda
5c633886ceeaf3b1185e24253df6be39378c8e85
55fddecdb3ed8e536018523555d995f39f85304bbc00f65ab96472236b57a49a

HTTP Headers

GET /ph-new/assets/3.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: image/jpeg
content-length: 11094
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2b56"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1554
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZf1VCxzVOxMST8gjqwg2%2B3HVGpcqeknmJmzRBs5CrTuvDuMZGI0LL55qR2xASdVpdZGu8BdFAbnHXvFmNoUahTte%2F1MivnLmp8FLUVS6%2BDBezWyUIsNDFUa%2FTrPPoYWIvCWdy3cTd0PqRY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e2bf33b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/4.jpg

104.21.7.3

14 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/4.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13611 bytes)
Hash
a4bef91e21afc13fed7f0bebcc6c4495
5dd2288d13e016a66fbe1f5605b2ed0fc3ad6326
44d3bf237a20f5d36a663aedd4a909a6118e6e35d6fe84971861f5638c070ecd

HTTP Headers

GET /ph-new/assets/4.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: image/jpeg
content-length: 13611
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-352b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1554
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FpWqFdc3%2B3IUrXcUtQrfXu3RKdBCnnwJgPkXTPYV7Sn74spW1NtFAeK6mo%2FvZHya1OOioVxGRZ6UOPfQdN95UAZDnoPml17HuHmL7eDDGideUQUatn4%2BiHnX2IrEP%2FiClo7%2F8rnEJdnjaRo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e2bf34b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/thumb-big.jpg

104.21.7.3

83 kB

URL
a.crystalcrafter.top/ph-new/assets/thumb-big.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Size
83 kB (82623 bytes)
Hash
cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788

HTTP Headers

GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-142bf"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1169
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hfGtSQJJ%2FzIIm18a2f0wCJ855CXBLyJyprunYbinnGOKqzM7N5TmMdg4YZLh04ZtofWZTAjP9f7Ha%2FhwqYCwZ5YL9F%2Fky5vXxhJgTrMDOGD%2BK%2FWm109Q3EcesVH2RXpGVSLHvu5VGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e46928b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040

104.21.7.3

19 kB

URL
a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4233), with CRLF line terminators
Size
19 kB (18695 bytes)
Hash
c916b0032230dc45461448a9d5191da9
cca43f6ac66a63721abbfe3382eeef1638621175
247b5e37452e79fe61fd06fb5c1448b2ae4a13b12128851dd8cdb0c7b71c236a

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040 HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VeSPNh26GdwR3QmXLCtivsWMLNTcbjO%2F4NePApRgJnndekfSYjF4BvkaKLiQR3iy2lRzs8P97Yi3HDmgobs6WupX4GNgGLTD6tRdNu3RNGZYVq%2FVg5wujzw07R4NMhMz7yIVLCxP9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c5a93e36802b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/style.css

104.21.7.3

19 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/style.css
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
19 kB (19380 bytes)
Hash
807d696b86114245f8eda3dce43f61ff
6d65ffaf8ec2107db8f1d29c410f152a8b809a56
7524af6d5f36df3e5d5c8148bc63e3956de050fa262fc0589e2a58dc606977bc

HTTP Headers

GET /ph-new/assets/style.css HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:40 GMT
content-type: text/css
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-5f33"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1791
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m5%2BDBoEm95k0I3RA18kwfUxAelvryJjxh9z2hzMDrwMA4wzNDjsPVeAg%2FBqaRI3nBBJuPjXicYcjqWgcjUSaFCE7W0WhLlgX0exAyOOJl88WJrMiDDMJoa8fqSjeqGpDKXI74YsdAs1yjVo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93dea94eb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 10 May 2023 00:16:42 GMT
expires: Thu, 09 May 2024 00:16:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 131939
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040

104.21.7.3

98 kB

URL
a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4233), with CRLF line terminators
Size
98 kB (98364 bytes)
Hash
c916b0032230dc45461448a9d5191da9
cca43f6ac66a63721abbfe3382eeef1638621175
247b5e37452e79fe61fd06fb5c1448b2ae4a13b12128851dd8cdb0c7b71c236a

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040 HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0lq24tkTA6rvAGcwzs%2FSDMGP6GYTkU3SvVRwB09iz83%2BQ3CXKklWQsLv7FP95uupB6iHf5RwrCJrkSOmr2MzCx%2FD7gHBoayd1QiO1w4LYGk7ZT7irBi1TTeKq7sO7nuhecUZBt%2FYZw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c5a93e4692eb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040

104.21.7.3

12 kB

URL
qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
12 kB (12152 bytes)
Hash
af4ac0950f5ba9d70448f48c47c304ce
0e46fed4d654b0a2895a625d722c95582812ad41
26ed863932cb08bf905f4d48df124c4cf6cbee1b9532dcac51588b3efce54c2c

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040 HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:40 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6o2W8knix50i7BBlaQOjbFca%2F0qiZQ5FrRj3ybZ%2BMJThqV8nnnBefR%2BdIgut%2Fg%2BGW1DBlOUL6GW8AQdc0eqvFaUF6dsGmXYadPvL%2BiGv7iykLu%2B9oNpe%2FmsgKQL63ilb0TDVLDza0jwENZQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c5a93dea951b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-app.js

142.250.74.35

6.8 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (21158)
Size
6.8 kB (6763 bytes)
Hash
e20da9cfaabf0b23d89c2335c06e2b03
b1af5616825acaba44bd714bd2685327abe896fd
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

HTTP Headers

GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 May 2023 06:18:54 GMT
expires: Fri, 10 May 2024 06:18:54 GMT
cache-control: public, max-age=31536000
age: 23808
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 10 May 2023 00:16:42 GMT
expires: Thu, 09 May 2024 00:16:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 131940
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

c.crystalcrafter.top/ph-new/assets/thumb-big.jpg

104.21.7.3

83 kB

URL
c.crystalcrafter.top/ph-new/assets/thumb-big.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Size
83 kB (82623 bytes)
Hash
cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788

HTTP Headers

GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:42 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-142bf"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7118
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rb4Ezwv3vo%2Bb5LH%2B8aDGPiNnO1y6iQ2Xwd3CaQij2E5Hi576aXvZ204iKHcVuOHlqwxu3zdLRysVizgbgKu3NTR9VBnziJv1Pyf%2FZWVwOJjJaySJwir1H3VyuCyax9dsphR9VFUauw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93eb2a5db511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

b.crystalcrafter.top/ph-new/assets/trls.js

104.21.7.3

7.0 kB

URL
b.crystalcrafter.top/ph-new/assets/trls.js
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
7.0 kB (7001 bytes)
Hash
2d452480e0a1246e5ed7e13278b99eee
dc1115b9c20884a07335bdf5abea5c399f5293d6
19b0897b045b6f67abdae0b9f6ca5987202456aa0d7bfc3b17128e94d2cf761d

HTTP Headers

GET /ph-new/assets/trls.js HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:42 GMT
content-type: application/javascript
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1e3f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 610
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TBBZeLbjJLgyXLSgHp72dPnPlHBTgC%2FMl7CF5rH1lUT%2BUVHClsMa3QnfZpG3QGeVouaZ%2Fmq1YJDEtYpIBshZDtKLlX81j4EsP0gWAi%2BizWxgapCBvsgiBLL65MkTpaUm%2B1I2zgxZgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e7ad81b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040

104.21.7.3

34 kB

URL
c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4233), with CRLF line terminators
Size
34 kB (34158 bytes)
Hash
c916b0032230dc45461448a9d5191da9
cca43f6ac66a63721abbfe3382eeef1638621175
247b5e37452e79fe61fd06fb5c1448b2ae4a13b12128851dd8cdb0c7b71c236a

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040 HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:42 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b6SO9AzlDn0BOpZTb9jrG5HQ%2B%2BhqRgNwGZIuzrvEU3pchjQI42CdORt%2BYOAiksvP%2FE2fTYi27M5XjVIxsoar5gf%2Fk66HzM9wCdYJccn4HV%2BepA%2BU3qONRY1LFG9eW%2FuZfQggKyJ9Xw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c5a93ea695eb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 10 May 2023 00:16:42 GMT
expires: Thu, 09 May 2024 00:16:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 131940
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

d.crystalcrafter.top/ph-new/assets/thumb-big.jpg

104.21.7.3

83 kB

URL
d.crystalcrafter.top/ph-new/assets/thumb-big.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Size
83 kB (82623 bytes)
Hash
cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788

HTTP Headers

GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:43 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-142bf"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7118
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LA5mJN%2FQThEVxSm2jlrHQgUJIM2P4kyj%2FJw0HUZqY%2F4uYaui6q6LIUUGGwNne6SNhicRkLQHxR0hQZLl7Qcm8zhNnqIK%2BcoUcwTiIfHIKEAPsjW622XJjZ8lB%2FrcGjl%2FdHBHjzihwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93eebf2cb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/favicon.ico

104.21.7.3

0 B

URL
d.crystalcrafter.top/favicon.ico
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Thu, 11 May 2023 12:55:43 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1139
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BXOVHyfk9hWZQfS5wbEdp1s0yNYmYhwfTfwdCq26mh4VI45w%2Fd%2F%2Bzpbvap%2Bww%2BEAjqerCYNE%2BWI9q4b7%2B1x3vgSjs6UfHSwZAp4K9iJGd4Cipk3%2FVrPfTAoZQDIfEEdyHa8jSfnXbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93f0190fb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-app.js

142.250.74.35

6.8 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (21158)
Size
6.8 kB (6763 bytes)
Hash
e20da9cfaabf0b23d89c2335c06e2b03
b1af5616825acaba44bd714bd2685327abe896fd
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

HTTP Headers

GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 May 2023 06:18:54 GMT
expires: Fri, 10 May 2024 06:18:54 GMT
cache-control: public, max-age=31536000
age: 23809
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 10 May 2023 00:16:42 GMT
expires: Thu, 09 May 2024 00:16:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 131941
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

d.crystalcrafter.top/ph-new/assets/rec-1.jpg

104.21.7.3

14 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-1.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (14404 bytes)
Hash
b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47

HTTP Headers

GET /ph-new/assets/rec-1.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:43 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3844"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5879
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mP3yCChH3wGJjnU4kJC8tdmTngEQ1%2ByTjzidyKgbXzbihwGslo267nzKIivw3ImM7U4nmEUVxjwdOcbcDtEwGesf1rYCxgnSc2MABtIWiX2nqeojNnGOjctzL1OztmEwC%2Bbduj18RA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93f26c06b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-2.jpg

104.21.7.3

11 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-2.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
11 kB (10890 bytes)
Hash
dbe1dba764a2ef20cf6760ad30539988
e14dca406d4f5932a9a4683635bbdf87def79eba
b0fe8ace388ec8556bcdd46cd30a03ddaadcf80d124e9052f2a19a27061829f7

HTTP Headers

GET /ph-new/assets/rec-2.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:43 GMT
content-type: image/jpeg
content-length: 10890
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2a8a"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5879
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FjpU9LRIlerzzLF9NbTt%2BnZniZy%2Bso3BLVSLjoRORiQAa7Xpy4i2uuZlwdll2XF0UOU03NodN5Mm1lfU1twQPPjgh5oeLTXZG%2FNTT4wy3TnS8AcFkJDD%2F8jvYic81gtp3Ov1JroKJw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93f27c0db511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-3.jpg

104.21.7.3

15 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-3.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
15 kB (15217 bytes)
Hash
4d58cecaa4f40c979917c8e4d907033f
f0c6d616bcc3f4bd5a1dadbca8254d9f34f2921c
9ee7f1aecdeb64f4ce54c5d0b7ea3d92b2e9d06a7f9cb7b793e39262cda05996

HTTP Headers

GET /ph-new/assets/rec-3.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:43 GMT
content-type: image/jpeg
content-length: 15217
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3b71"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5879
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8ZvywhV2mPSLKvoRVUnAuS4usLvLUze6H6UPJNt4X0XEEqKenr0Ww59IIC08FaXwzQDZyGcGRoepHbu3UnRLek3aFpFWD%2FHfooRt0AiT97CK3SY1wqFN10Wq%2BMt4SJK1%2FRXv0kLwRA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93f27c13b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-4.jpg

104.21.7.3

8.9 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-4.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
8.9 kB (8900 bytes)
Hash
8375f2a1249ce00f118c5b616ab71492
4e2d3bc095c01632578b0b39afbfc03f43e3fa42
f71320d61eb339fdb7b5d20249d4f6aa6e37e22e618dc83e8459da1db3f79483

HTTP Headers

GET /ph-new/assets/rec-4.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:43 GMT
content-type: image/jpeg
content-length: 8900
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-22c4"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5859
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mwCWENASX19DwLmZxE99SP2a1rUaEaNC759RVgu39nhJWV1XD7Rzz49qIoTEMqq9hDFaqyPqPWtYW%2FVfyi84yo0wHfndL7AMvjor8KtN%2BD059OQpZdkqC0BpD3hSvfE1uZn6wSeU8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93f28c24b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-5.jpg

104.21.7.3

13 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-5.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (13149 bytes)
Hash
f9ec603fbe19b12e8a8c1874eea3e5f2
0e24410f618ffa17dc6a9380a5b9a4c06dfba4a9
a77b6918c2799981aa1a09fc5f787ff109883093f2efd28beaf79031f5a8ac02

HTTP Headers

GET /ph-new/assets/rec-5.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:43 GMT
content-type: image/jpeg
content-length: 13149
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-335d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jTja2oj3bVNOhn3dQhWeS0IuPI%2Fs6Oi0DbkbJJxAd4tK8M6Mveax7Pu5Mz%2F67yS5yhRWHKE9F%2FUOvE6X5L146wVO7H9%2BTXDoTEsSxR7tm33VTg7nYXGiRw1RTzxLRDtHMYVIS%2FKtqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93f28c29b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-6.jpg

104.21.7.3

16 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-6.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
16 kB (15988 bytes)
Hash
4887925f773d2ba9caea39686f764c7f
98c9abb09854fee425dbd78ad623af053cec6721
6e1e474a8fc326cd06593e0c1a55d0e73126ada3bf169713b847e82d28646773

HTTP Headers

GET /ph-new/assets/rec-6.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:43 GMT
content-type: image/jpeg
content-length: 15988
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3e74"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0wo45U2IIpCgnFJTKZCUIQ6uNrS1zVxaDyzWzZYz%2BB32H6%2B2m3jXC3334aOzOPcEc2%2BIwr6j6dIYxXIlfTdUvt9LAAeuxKBq3GZEmAsn9UyxEn1ShQB%2F7uI3e4n7em9PvyREoQxXAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93f29c2eb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-7.jpg

104.21.7.3

14 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-7.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13963 bytes)
Hash
f8af6bb4bdbbf2788da61a614e2f214e
d4a22a315356fcbc5f4a6af2d8a15e96721abddc
edb8c2bdc0f5612a5bf789af233ccaa63dd3751fbfaffb01be48e6e43e78b0bc

HTTP Headers

GET /ph-new/assets/rec-7.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:43 GMT
content-type: image/jpeg
content-length: 13963
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-368b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2cq73RqkJUDsU48sxP47KzZUP8f8Gq3BHwq4b1dGE0rP7OhaTFPlohm9V3LfkYYhEq4fheu6FacQ7FtipDvVITfOfoiP7lUvlso%2FsjRq%2Bzsf82CCG%2BFIjXqMSYU0XUwom2Dx4e3%2BOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93f2ac43b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-8.jpg

104.21.7.3

13 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-8.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (12992 bytes)
Hash
eb826882457e1589d8a7d3b3499c4556
91284882dec199a9cc02ffa3ef3c86505159ce12
4fad6c5d1cd5bdb7eea1b216774e831a6e59a11ddcc8b0881747a4d278d86940

HTTP Headers

GET /ph-new/assets/rec-8.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:43 GMT
content-type: image/jpeg
content-length: 12992
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-32c0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SHoH7wQ3qVeEbZv%2BpxUOAMtad4V49%2Bwxg2tt4J9t%2FpYzaxef8d%2Bs2yYgNtFiWqaXYOrMgChn1VZvASwDANLfEILg%2FCxOwiv7qiY533eZhvq4Sy6h0C4tyqrLmvUxZQAUAdHC59oMaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93f2ac45b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040

104.21.7.3

41 kB

URL
d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4233), with CRLF line terminators
Size
41 kB (41117 bytes)
Hash
c916b0032230dc45461448a9d5191da9
cca43f6ac66a63721abbfe3382eeef1638621175
247b5e37452e79fe61fd06fb5c1448b2ae4a13b12128851dd8cdb0c7b71c236a

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040 HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:43 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9HvjAQykO%2Bn0hJCClCE6ua%2BDLI7rGug4G%2BLKkS7CwrM0A3oyqCVEiKlYIQXTOAAmWkjgSsU11cKWeQ33NBVZxVe96YSCDXNMpjYHp9om4YzE3%2FsgXkovKPX1qor%2Fp3aWyz2c6GaYOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c5a93ededf4b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/style.css

104.21.7.3

31 kB

URL
a.crystalcrafter.top/ph-new/assets/style.css
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
31 kB (30941 bytes)
Hash
807d696b86114245f8eda3dce43f61ff
6d65ffaf8ec2107db8f1d29c410f152a8b809a56
7524af6d5f36df3e5d5c8148bc63e3956de050fa262fc0589e2a58dc606977bc

HTTP Headers

GET /ph-new/assets/style.css HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: text/css
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-5f33"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1169
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vtsjI6H3eEzR2hIcQf%2BY8vlNmYEnLHqCCObCs6Z8yybggwWRWGEa%2Bi4omVn8z7Oqr%2By4oVh6gvdwREL%2Bo4tyArptfLxb2fC9MTBYK8NeffFXLK50u%2F1ImKsb1hK%2B%2FesK%2Fk3JG3PlZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e45913b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/1.jpg

104.21.7.3

14 kB

URL
d.crystalcrafter.top/ph-new/assets/1.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (14404 bytes)
Hash
b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47

HTTP Headers

GET /ph-new/assets/1.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:43 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3844"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5858
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h3rGnCtx%2FYG%2Feq21CoSH77l36P0ks6AQSYFUSxlje1CnUBaFYyrifDedKCuwxNDpwrhVUD4EKuY9vzV69aOEb2i%2FPcv05P1kzEKnRh%2FpYuJ%2Fp8ceGRgQVSC4yqidZvDpGx8tY9irbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93f2bc70b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040

104.21.7.3

26 kB

URL
d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
26 kB (25763 bytes)
Hash
11b9b62668ec7abae25dcb03ff733b02
91d97c88aa3e74f64df1c61b0cd273886d1ae87b
4a645b6feef4cb58811bf5b1f08d954bed82afc2fa2322eedcc8c19e85c0b078

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040 HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:43 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FP3TtiGLXlQyM8XHFRDGQ5Yfb0%2BDocsL0nr3pQyS5u0AfCUdVpecywTBg%2F17Ghx2OK8VMvtMBSy6ZdW6gf80snCDpep9dhORaV58McmnS5122GKhjBuke9N4%2BqRQsfZcT6EJ5u5gig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c5a93eedf71b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040

104.21.7.3

28 kB

URL
c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4233), with CRLF line terminators
Size
28 kB (27454 bytes)
Hash
c916b0032230dc45461448a9d5191da9
cca43f6ac66a63721abbfe3382eeef1638621175
247b5e37452e79fe61fd06fb5c1448b2ae4a13b12128851dd8cdb0c7b71c236a

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040 HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&hash=jvBbXCHTgr_BYRfMW8SEfA&exp=1683810040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:42 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c1yjyVc3NJ%2FVbooH3CJXE9IDV3OTSTjNPEh4oWBlDHJ5QsJ1B%2F38NjDDGZDTiFVAvkQld1dXKbVV1XhmZYvHhqxvFaSntduOrfvrgo2elk2o9OAeYX8fpWeE5e16zqpJbQwBHn%2BONg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c5a93eb2a5bb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn-dimi.akamaized.net/landings/277386/1674482702/css/style.css?1674482703

88.221.27.128

200 OK

3.0 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/css/style.css?1674482703
IP
88.221.27.128:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text
Size
3.0 kB (2985 bytes)
Hash
c0e91ee9eeac065a145dea1b96ebfd1e
6b6d48177a222b18dc1de0ff775de8f6cb963431
daccaf7e9b15704dc69729967a3be708994fff4d7b6c3f63f17b9d37be32cdc5

HTTP Headers

GET /landings/277386/1674482702/css/style.css?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.datingllfe.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: iOgibq5bwefJNmBXigm/qdf31H9uHOKWbNj1r4p/15+8eEKl+gz6QF7Oq9nqECsCF/0ArpYr5Z0=
x-amz-request-id: 6GM9SRD41YNSD1QV
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "c0e91ee9eeac065a145dea1b96ebfd1e"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 11 May 2023 12:55:44 GMT
Content-Length: 2985
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/css/popup.css?1674482703

88.221.27.128

200 OK

635 B

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/css/popup.css?1674482703
IP
88.221.27.128:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
assembler source, ASCII text
Size
635 B (635 bytes)
Hash
5a61d45142ce5764a2b36dc75343fcd5
c44070187c0c8cec4de3aeeb8151f435c2280036
2b2e25e182e13fa2e4da12040c95d9847871400a9f3e258439620499cf287a8c

HTTP Headers

GET /landings/277386/1674482702/css/popup.css?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.datingllfe.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: bv87+9sEAgmF+9LmuaJa+60f+HCwvQ7gaxcSgupAnxavvLT0mzlVWXHwU9nfTHQNVV6BjRfVYJc=
x-amz-request-id: KPETMBYZ91Z3NR3T
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "5a61d45142ce5764a2b36dc75343fcd5"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 11 May 2023 12:55:44 GMT
Content-Length: 635
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

js.streampsh.top/ps/pl.js?edg=true&fullscreen=true

172.67.169.207

4.5 kB

URL
js.streampsh.top/ps/pl.js?edg=true&fullscreen=true
IP
172.67.169.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2612), with no line terminators
Size
4.5 kB (4498 bytes)
Hash
0dba333948dfafc2c7425b4aadf8185d
9cd6d970a6bd52e0e8e54f8ad0e80ab13da7fc13
aa5200ce8a6b9c60f852ae45a468b47860a65f0b53e2824ef63c71db9157cef2

HTTP Headers

GET /ps/pl.js?edg=true&fullscreen=true HTTP/1.1
Host: js.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/
Cookie: __psu=242ce059-3b51-436e-9c21-441468b37bc9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:42 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2Fp1sI1%2BeC69mYG0thQTNd4odVcbrCaTnMeis0yjME4Z8dKoagL1Q7m4YB2NtwMrOO8sdjuTidwU4LtC1HqWUKcpVKMfMAE6jKqU47sZKYEnbc8Ss2VXifLN261iJSgjwFcN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93eb5d6db50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn-dimi.akamaized.net/landings/277386/1674482702/js/function.js?1674482703

88.221.27.128

200 OK

688 B

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/js/function.js?1674482703
IP
88.221.27.128:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text
Size
688 B (688 bytes)
Hash
5da2c51949f2a873bf0091a104658e72
89d122a536af95bd4183de41fa10e6947c9806e8
80a1aae3b07ee310419c80f52fb2f179bfebc74bf46598bc6b041455feef3201

HTTP Headers

GET /landings/277386/1674482702/js/function.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.datingllfe.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: /ugpl+ZA0b1doH5/3yLNYwjDAKG/jKCtMJkzvxvpvrzZL79aKEU2JjkQrEnyWNag7GXqsU0g1LQ=
x-amz-request-id: PQS3MC6QJD41C01W
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "5da2c51949f2a873bf0091a104658e72"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 11 May 2023 12:55:44 GMT
Content-Length: 688
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

js.streampsh.top/ps/pl.js?edg=true&fullscreen=true

172.67.169.207

33 kB

URL
js.streampsh.top/ps/pl.js?edg=true&fullscreen=true
IP
172.67.169.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2612), with no line terminators
Size
33 kB (33309 bytes)
Hash
0dba333948dfafc2c7425b4aadf8185d
9cd6d970a6bd52e0e8e54f8ad0e80ab13da7fc13
aa5200ce8a6b9c60f852ae45a468b47860a65f0b53e2824ef63c71db9157cef2

HTTP Headers

GET /ps/pl.js?edg=true&fullscreen=true HTTP/1.1
Host: js.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/
Cookie: __psu=242ce059-3b51-436e-9c21-441468b37bc9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZVf%2F3vw02bRBqECqeBcASsoJJ9tGirL%2FaHpFVt40SyensBzE5Dd4nH5fj4LIMGZdNqKI5nOU0Y2Pn81mejW5y0XJwGob3wOr3N05c2ZxiekWdfgj1deaP02dPoQAjtPuqFQt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e46be8b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn-dimi.akamaized.net/landings/277386/1674482702/js/tn_pHash.js?1674482703

88.221.27.128

200 OK

252 B

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/js/tn_pHash.js?1674482703
IP
88.221.27.128:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text
Size
252 B (252 bytes)
Hash
3544c08851825a863747a126548d6993
01882998e61b9f93d5f346386fa633f6b8d95b2d
9804b1c7443db74b2d7fe81cf11d84c8f0d9a7dee281b4fe8c15552bdc7eed69

HTTP Headers

GET /landings/277386/1674482702/js/tn_pHash.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.datingllfe.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: RKQIuPs47jw+GgV2YdzWtFHlInC0b1aKeP34MEdhK5mIMAIi06KYslboBYE8MYcQk0fLCThqxAk=
x-amz-request-id: 9VNGXFK5QS5WRCK2
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "3544c08851825a863747a126548d6993"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 252
Server: AmazonS3
Date: Thu, 11 May 2023 12:55:44 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/js/title_tanslate.js?1674482703

88.221.27.128

200 OK

1.3 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/js/title_tanslate.js?1674482703
IP
88.221.27.128:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
1.3 kB (1298 bytes)
Hash
5f373fa5bf21c44b9ad23b70ef96e73d
068ef5b63ab18924a286f2c0c3ec46545e08c678
7f40bc2c95ee280de5320ae7d33f2e57eeeb0cda5b5820f2c456a0c9ba50ed77

HTTP Headers

GET /landings/277386/1674482702/js/title_tanslate.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.datingllfe.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: womzwfdvfx122HJC0dkG0vHaksbMgIvli2lULFltXAz+5rgXrN7rmt336XJc+hVlIHRzOUBFSVk=
x-amz-request-id: 9VNRHSM75H7FXJE5
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "5f373fa5bf21c44b9ad23b70ef96e73d"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 11 May 2023 12:55:44 GMT
Content-Length: 1298
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703

88.221.27.128

200 OK

30 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703
IP
88.221.27.128:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text, with very long lines (32065)
Size
30 kB (29855 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.datingllfe.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: g0wEjRbeH4tQ2F6XZ6eWOYGJi3wq/1gm9Kh41qYfI2gKqV/7B6qWVpgtkKR5XQNvRcnILDnk9Xo=
x-amz-request-id: K8AFWKA9RCF1DXHJ
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "2f6b11a7e914718e0290410e85366fe9"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 11 May 2023 12:55:44 GMT
Content-Length: 29855
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo-white.png

88.221.27.128

200 OK

9.5 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo-white.png
IP
88.221.27.128:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
PNG image data, 300 x 124, 8-bit colormap, non-interlaced\012- data
Size
9.5 kB (9461 bytes)
Hash
27a8fdccc08741c52422bd4852f87c3a
b103730d95829f64c0746b97a85e0ada4f6c18a2
7afbc6f7cb728a9b4dfd7791a8207c60bdd255ea2f00ba12880bee15f7fbdff0

HTTP Headers

GET /landings/277386/1674482702/images/logo-white.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.datingllfe.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 88wUEndrDOVjhFDoJFuImNKhB1vuAo0EPKK1v0j+XWtpjdZgrqXQzMAcudO4WTDX7q7XpMg0zrg=
x-amz-request-id: G2MAJFMWPEEEC571
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "27a8fdccc08741c52422bd4852f87c3a"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 9461
Date: Thu, 11 May 2023 12:55:44 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo.png

88.221.27.128

200 OK

41 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo.png
IP
88.221.27.128:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
PNG image data, 1024 x 256, 8-bit/color RGBA, non-interlaced\012- data
Size
41 kB (40774 bytes)
Hash
c0647e470e90e4e76c886ef3f4c651ac
fe1dd72ac0432bd8f261672c7c336cf902503d3c
1d4ad487984a8f689c904f3c2532f034b03d361c081dae581752cdc20d983037

HTTP Headers

GET /landings/277386/1674482702/images/logo.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.datingllfe.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: saaPX+6fCw1usaKklFw/lLXMWpDahD/h8HepIyRfp7tUjVa7nFU3kzNWR8/Kzs6O4Gu2cP8tbQI=
x-amz-request-id: 40R9FR8B9BMRDAP2
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "c0647e470e90e4e76c886ef3f4c651ac"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 40774
Date: Thu, 11 May 2023 12:55:44 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/images/1.jpg

88.221.27.128

200 OK

62 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/1.jpg
IP
88.221.27.128:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 900x1280, components 3\012- data
Size
62 kB (62164 bytes)
Hash
765620bf3d6dcdb5495b70409b6b4ba8
f4a00a38ca93130e5e0398deea0ba2f928e2172b
e0d65a21b743f7fe6de2f4bd57316546e7f30c7810740d68322a44dfe3004373

HTTP Headers

GET /landings/277386/1674482702/images/1.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.datingllfe.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 0IGyT7tlwD+javoqF5rupwK8gjGVk52VprSOJLiY//EhvaPsm5EfkLCuvSE+02Fsv8gqBo8Z6P0=
x-amz-request-id: VE9X02YRNZABFEV2
Last-Modified: Mon, 23 Jan 2023 14:05:06 GMT
ETag: "765620bf3d6dcdb5495b70409b6b4ba8"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 62164
Date: Thu, 11 May 2023 12:55:44 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/images/110010_2.jpg

88.221.27.128

200 OK

29 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/110010_2.jpg
IP
88.221.27.128:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 682x388, components 3\012- data
Size
29 kB (29319 bytes)
Hash
2b8ac4e50a5bbbe4e6ea964bec7f3086
5486267315a7cd9eca01fa2fc6007060189c8b4f
8f700ae9dd68bd1130d528b77e1de92b4945e036060fdb01a02ccc148ab24ab3

HTTP Headers

GET /landings/277386/1674482702/images/110010_2.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.datingllfe.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: S10dPOpyBqY7oQzqzXfrZlfoHTUh6afcFTek1SEhaCO5C4zowvEWBZApe9rkVvRTn0os/h31WsI=
x-amz-request-id: 40R8K5Q3GPVDKC89
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "2b8ac4e50a5bbbe4e6ea964bec7f3086"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 29319
Date: Thu, 11 May 2023 12:55:44 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
730c274b5b712b90e34214ebc6644b46
a5f30db77c6b99a1926407426ffcd829ecf32529
ef2ede10f3c7aa6892aac44d7758e7b6ed4645349d4fc488ad7b8c53cae44b95

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 11 May 2023 12:55:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
730c274b5b712b90e34214ebc6644b46
a5f30db77c6b99a1926407426ffcd829ecf32529
ef2ede10f3c7aa6892aac44d7758e7b6ed4645349d4fc488ad7b8c53cae44b95

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 11 May 2023 12:55:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
730c274b5b712b90e34214ebc6644b46
a5f30db77c6b99a1926407426ffcd829ecf32529
ef2ede10f3c7aa6892aac44d7758e7b6ed4645349d4fc488ad7b8c53cae44b95

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 11 May 2023 12:55:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

oxbnr.datingllfe.net/ortb

63.32.216.166

200 OK

29 B

URL POST HTTP/2
oxbnr.datingllfe.net/ortb
IP
63.32.216.166:443
ASN
#16509 AMAZON-02

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerLet's Encrypt
Subject*.datingllfe.net
Fingerprint6E:78:51:54:0A:09:30:E7:C5:F3:45:BA:E7:E2:0D:49:42:4D:92:C5
ValidityFri, 28 Apr 2023 08:34:28 GMT - Thu, 27 Jul 2023 08:34:27 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
c453d1e33844d14bbd7ec2846eb408f6
b934f52ed7fbed0cee5874cb0fcafdd1cb450fcd
2b159267580e469b4eed0aaf47253e353fdf727043d52d969bd85cbff7fd4a1a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /ortb HTTP/1.1
Host: oxbnr.datingllfe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 330
Origin: https://oxbnr.datingllfe.net
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.datingllfe.net/?s1=43431&s2=1106323&s3=&s5=backuser&click_id=&iexpp=1&j1=1&j5=1&utm_source=da57dc555e50572d
Cookie: unique_id=645ce5cf0007c58a; unique_id2=645b9f510009be53; 645b9f510009be53_c=1; ref_token=43431; 645b9f510009be53_sl=[277386]
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 11 May 2023 12:55:45 GMT
content-type: text/plain; charset=utf-8
content-length: 29
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
47272cb076c77e164e7570dd49d90025
0039db810fa5c031bdab6e71925d197e50906041
c87f1232b211dac41dd77de133a3017154e0d47ce5aa864a782b725a3b0f9b7f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 11 May 2023 12:55:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
47272cb076c77e164e7570dd49d90025
0039db810fa5c031bdab6e71925d197e50906041
c87f1232b211dac41dd77de133a3017154e0d47ce5aa864a782b725a3b0f9b7f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 11 May 2023 12:55:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.3

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.3:443
ASN
#15169 GOOGLE

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintD2:67:59:66:D0:D5:C9:19:F4:2D:E4:65:4B:EA:E1:50:8D:D2:3E:1D
ValidityMon, 17 Apr 2023 08:25:28 GMT - Mon, 10 Jul 2023 08:25:27 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxbnr.datingllfe.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 06 May 2023 03:11:48 GMT
expires: Sun, 05 May 2024 03:11:48 GMT
cache-control: public, max-age=31536000
age: 467037
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

js.streampsh.top/ps/pl.js?edg=true&fullscreen=true

172.67.169.207

30 kB

URL
js.streampsh.top/ps/pl.js?edg=true&fullscreen=true
IP
172.67.169.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2612), with no line terminators
Size
30 kB (29606 bytes)
Hash
0dba333948dfafc2c7425b4aadf8185d
9cd6d970a6bd52e0e8e54f8ad0e80ab13da7fc13
aa5200ce8a6b9c60f852ae45a468b47860a65f0b53e2824ef63c71db9157cef2

HTTP Headers

GET /ps/pl.js?edg=true&fullscreen=true HTTP/1.1
Host: js.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/
Cookie: __psu=242ce059-3b51-436e-9c21-441468b37bc9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:42 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mjv%2FvWltOkL7frjqHdusYbJSySIRte4T8573XKymMxgWL7h6ahuj%2F3766gFkdOP8Yx882mN4DyKWtcpJKhYnrFbrSXnvou%2B3yfOMquNkH%2BW%2BuxctjxKvjx4AJTt2tmf67bAM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e7d884b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

feed.streampsh.top/ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA

172.67.169.207

4.3 kB

URL
feed.streampsh.top/ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA
IP
172.67.169.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
4.3 kB (4319 bytes)
Hash
94d0d575f775178a35588e080cfceef5
5dc7578ef1009f4435b49e8ec2020da3c8bea73d
39ab43d2c92eea10c3f21f346f4a137987f99da1efd496ddd3f132d166244e3d

HTTP Headers

GET /ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA HTTP/1.1
Host: feed.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/
Cookie: __psu=6ddde9b6-0a9d-4552-a7f2-a1c09f724771
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:41 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2Fu080vRZ3Wflh59vAasivp7YllN9my28VmKv7LJvx8pTVe%2F7HW1i7S65oZqZhfmhdMa6QXwSrbc402Bp7jiyOG%2B5yaLdjIuAPUoh4cR1Zd%2BOWHpy%2FIU2wz5gN6NaJoktU6ygm4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e5bdf5b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn-dimi.akamaized.net/landings/277386/1674482702/images/favicon.png?t=20230511125543

88.221.27.128

200 OK

4.1 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/favicon.png?t=20230511125543
IP
88.221.27.128:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4093 bytes)
Hash
40a54c3ecf143b64096b063ff793fdbb
017eafffc5e55226a2aec0dd3c03f1b6130a6bab
39b439471019cb16f819e05166d23492593310fd55cce8471062d8f2dc5de423

HTTP Headers

GET /landings/277386/1674482702/images/favicon.png?t=20230511125543 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.datingllfe.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: Rfspv8gcrUbdk91V4hkf0D5j2kxpCzqU6vPK2X1EPgTgzP2N+V97ZctRCurJCmL183Q6zyzLArI=
x-amz-request-id: S9G7NM7MNVV1FP6D
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "40a54c3ecf143b64096b063ff793fdbb"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4093
Date: Thu, 11 May 2023 12:55:45 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&appspot=

172.67.169.207

112 kB

URL
js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&appspot=
IP
172.67.169.207:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (23359), with no line terminators
Size
112 kB (111587 bytes)
Hash
0ebad74722b940ac15fc2fe8612617a8
5a7595bb7eb3215aaece1b18c0b1e0925c944907
eeb7ac95d81c4796d60a9fced50398c4e8044f67498ada36222c20a59935779e

HTTP Headers

GET /ps/ps.js?edg=true&fullscreen=true&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=db399d8d777fb105ddeba94748ebdaf7-11246-0511&sub_id=parkdom&appspot= HTTP/1.1
Host: js.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/
Cookie: __psu=242ce059-3b51-436e-9c21-441468b37bc9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 11 May 2023 12:55:42 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PBe5HcblRJKY43dnO0FrufmILMMlUGxigOVfQsWFMInoOEmcSqJCMUE7T%2F0LqlkwZ4cvlOK8LUHe7%2F9coNHoRVXlocGro6vm9AR6R%2FDLbNuiTaiHk1%2B7S%2FyYQtRTbljqJyHW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5a93e85927b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn-dimi.akamaized.net/landings/277386/1674482702/images/3.jpg

88.221.27.128

200 OK

150 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/3.jpg
IP
88.221.27.128:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1108x1280, components 3\012- data
Size
150 kB (149812 bytes)
Hash
8ff03d86c53d978e5527374b5bcd5114
2b63b0853d74e24d74d26dbf9622c407e3c74ea9
10dedae19a11a0cf1cea2db4646bde720e63e35140f38ae3453fa2a4e4649e1c

HTTP Headers

GET /landings/277386/1674482702/images/3.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.datingllfe.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: Xirc4fkz0JOSaRS7VBS3M8nzLP7O9RnlkHucQpuinBkelD+B+7nBZr41dGSTLSs2/GCSrwUj0pg=
x-amz-request-id: XJSRKQFA4YQZWMJS
Last-Modified: Mon, 23 Jan 2023 14:05:06 GMT
ETag: "8ff03d86c53d978e5527374b5bcd5114"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 149812
Date: Thu, 11 May 2023 12:55:46 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/images/1.mp4

88.221.27.128

206 Partial Content

1.6 MB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/1.mp4
IP
88.221.27.128:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
1.6 MB (1560164 bytes)
Hash
379ddec6d7d6e118bd7565d1c83dbb90
16becb1b44f3f35b0fa239668901338cba6eff06
5635dd2c6c23dfdc3e4eb82afc4231a27e8522ec332b8568a3fc7ae8755fec94

HTTP Headers

GET /landings/277386/1674482702/images/1.mp4 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.datingllfe.net/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 206 Partial Content
x-amz-id-2: 1Ax9N+Cfw91vDfS7SxXRZKuE+o4c4UcnjyTZdFm9/oi70hWYxtxdgby+ENQIv8dZ+MsudWMhl4o=
x-amz-request-id: FBRABVME30ZYGQHT
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "379ddec6d7d6e118bd7565d1c83dbb90"
Accept-Ranges: bytes
Content-Type: video/mp4
Server: AmazonS3
Date: Thu, 11 May 2023 12:55:46 GMT
Content-Range: bytes 0-1560163/1560164
Content-Length: 1560164
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/images/2.jpg

88.221.27.128

200 OK

103 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/2.jpg
IP
88.221.27.128:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 960x1280, components 3\012- data
Size
103 kB (102832 bytes)
Hash
3b8b455b24c71ae1f928266241e9517e
8b98ca60c92b83e039c3b996f090883ed8b7ca75
c8d05f7eda85f68f0a08307eeee4e481282fda95570dd53f300b8aadd4f504f6

HTTP Headers

GET /landings/277386/1674482702/images/2.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.datingllfe.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: hODAwaxhhoNUzaw+wGQIdlKGG1r6rlm0Gl11mKPn3J7w0gqE64598E1ANjtxBygXrh+DY1h3pjY=
x-amz-request-id: JTW6JJFVF42X0DH8
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "3b8b455b24c71ae1f928266241e9517e"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 102832
Date: Thu, 11 May 2023 12:55:46 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap

142.250.74.106

200 OK

6.8 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint78:3F:7F:CC:E7:90:DA:64:23:AC:13:1E:55:7A:62:1E:2B:E4:30:5C
ValidityMon, 17 Apr 2023 08:25:28 GMT - Mon, 10 Jul 2023 08:25:27 GMT

File type
ASCII text, with very long lines (7013), with no line terminators
Size
6.8 kB (6824 bytes)
Hash
49475c425d6c00477bb339179326c49b
bd97deeb753f44f43a21feafa92d98239fa511bd
598841a98ad357d2896d2f093ea3e4e1d44e24b3351268ffd45e61ff8c1d0e09

HTTP Headers

GET /css2?family=Roboto:wght@300;400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 11 May 2023 12:55:44 GMT
date: Thu, 11 May 2023 12:55:44 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Ubuntu:wght@400;700&display=swap

142.250.74.106

200 OK

3.8 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Ubuntu:wght@400;700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint78:3F:7F:CC:E7:90:DA:64:23:AC:13:1E:55:7A:62:1E:2B:E4:30:5C
ValidityMon, 17 Apr 2023 08:25:28 GMT - Mon, 10 Jul 2023 08:25:27 GMT

File type
ASCII text, with very long lines (3864), with no line terminators
Size
3.8 kB (3756 bytes)
Hash
614d0444eb71829995cb071257548a03
f40117d12bea2fade0d15f71577e9b1e4055bfc8
91a5302a57c4125e14bad34dd8e7be1a9c6a34d03ab7d85a2f22e1482ede7a02

HTTP Headers

GET /css2?family=Ubuntu:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 11 May 2023 12:55:44 GMT
date: Thu, 11 May 2023 12:55:44 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn-dimi.akamaized.net/landings/277386/1674482702/js/vegas.js?1674482703

88.221.27.128

200 OK

12 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/js/vegas.js?1674482703
IP
88.221.27.128:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text, with very long lines (11568), with CRLF line terminators
Size
12 kB (11583 bytes)
Hash
9acc66fdf18dea05bd75165eb5a96259
f613c52a08155727d4f07536d7bc8df5b6fa0c84
4941450491d73ab79ffb428e660c4cb581acbbad86edf8e943211ea51fe3a6c1

HTTP Headers

GET /landings/277386/1674482702/js/vegas.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.datingllfe.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: cnTKYV3j0ttH5Z4Sqnkq1TLYPTTKf16p6n7Tcz4Ajrk8GfHWfG08uqKcBGtoz81yZIyzVkp8T7k=
x-amz-request-id: K8ABFAWS7M4M20TR
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "9acc66fdf18dea05bd75165eb5a96259"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 11 May 2023 12:55:44 GMT
Content-Length: 3401
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1

63.32.216.166

200 OK

34 kB

URL User Request GET HTTP/2
oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
IP
63.32.216.166:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subject*.datingllfe.net
Fingerprint6E:78:51:54:0A:09:30:E7:C5:F3:45:BA:E7:E2:0D:49:42:4D:92:C5
ValidityFri, 28 Apr 2023 08:34:28 GMT - Thu, 27 Jul 2023 08:34:27 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (920)
Size
34 kB (33551 bytes)
Hash
9d44e504a1e171b49fe1352d8fde695e
5e3c22d2c266f912432da77bc1819eaf0ac083a0
0e315ced3d47bd004f4863c101989ada8576fc55ad156828f10abee40c51f167

HTTP Headers

GET /?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1 HTTP/1.1
Host: oxbnr.datingllfe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 11 May 2023 12:55:43 GMT
content-type: text/html; charset=utf-8
set-cookie: unique_id=645ce5cf0007c58a; Path=/; Expires=Mon, 10 Jul 2023 12:55:43 GMT; Secure; SameSite=None
unique_id2=645b9f510009be53; Path=/; Expires=Wed, 09 Aug 2023 12:55:43 GMT; Secure; SameSite=None
645b9f510009be53_c=1; Path=/; Expires=Wed, 09 Aug 2023 12:55:43 GMT; Secure; SameSite=None
ref_token=43431; Path=/; Expires=Sat, 10 Jun 2023 12:55:43 GMT; Secure; SameSite=None
impression=; Path=/; Expires=Thu, 11 May 2023 12:55:43 GMT; Secure; SameSite=None
645b9f510009be53_sl=[277386]; Path=/; Expires=Thu, 25 May 2023 12:55:43 GMT; Secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

cdn-dimi.akamaized.net/landings/277386/1674482702/js/translates.js?1674482703

88.221.27.128

200 OK

28 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/js/translates.js?1674482703
IP
88.221.27.128:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type

Size
28 kB (27673 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /landings/277386/1674482702/js/translates.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.datingllfe.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: TIW3vRFhKm0yCOx8VQ93CAm5ZLwnxLU8dQXppKANNofjPZl8kwWFGfOniviPbWsAJbMVgRtfaBs=
x-amz-request-id: K8AD9DT85B3KC9GP
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "07cee83d1be10af1ca991d1c60abd6e2"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 11 May 2023 12:55:44 GMT
Content-Length: 10048
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.3

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.3:443
ASN
#15169 GOOGLE

Requested by
https://oxbnr.datingllfe.net/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintD2:67:59:66:D0:D5:C9:19:F4:2D:E4:65:4B:EA:E1:50:8D:D2:3E:1D
ValidityMon, 17 Apr 2023 08:25:28 GMT - Mon, 10 Jul 2023 08:25:27 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxbnr.datingllfe.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 06 May 2023 07:44:41 GMT
expires: Sun, 05 May 2024 07:44:41 GMT
cache-control: public, max-age=31536000
age: 450664
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML