Report - gus168.com/cso/csol_gg88_v48

Report Overview

Submitted URL
gus168.com/cso/csol_gg88_v48_pe3.rar
IP
103.224.212.221
ASN
#133618 Trellian Pty. Limited
Submitted
2023-05-15 01:42:17
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
d38psrni17bvxu.cloudfront.net	unknown	2008-04-25	2022-09-22	2023-05-14	338 B	1.5 kB	54.230.245.8
ocsp.r2m01.amazontrust.com	unknown	2007-05-11	2022-10-12	2023-05-14	340 B	1.0 kB	143.204.48.16
gus168.com	unknown	2023-03-22	2012-08-04	2023-05-14	492 B	307 B	103.224.212.221
ww38.gus168.com	unknown	2023-03-22	2023-03-01	2023-04-11	2.6 kB	4.1 kB	13.248.148.254
d.crystalcrafter.top	unknown	2023-04-29	2023-05-09	2023-05-14	5.5 kB	199 kB	104.21.7.3
cdn-dimi.akamaized.net	unknown	2014-03-18	2022-07-07	2023-05-13	4.3 kB	1.2 MB	88.221.27.74
oxbnr.amouronllne.com	unknown	2023-05-09	2023-05-11	2023-05-14	1.5 kB	36 kB	63.32.216.166
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-05-14	462 B	2.2 kB	142.250.74.106
qwfuu.crystalcrafter.top	unknown	2023-04-29	2023-05-10	2023-05-14	11 kB	296 kB	104.21.7.3
js.streampsh.top	unknown	2022-11-18	2023-05-01	2023-05-14	435 B	13 kB	172.67.169.207
a.crystalcrafter.top	unknown	2023-04-29	2023-05-09	2023-05-14	3.3 kB	305 kB	104.21.7.3
c.crystalcrafter.top	unknown	2023-04-29	2023-05-09	2023-05-14	2.0 kB	101 kB	104.21.7.3
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-05-14	1.0 kB	48 kB	216.58.207.227
b.crystalcrafter.top	unknown	2023-04-29	2023-05-09	2023-05-14	1.2 kB	24 kB	104.21.7.3
fulbe-whs.com	unknown	2023-05-02	2023-05-02	2023-05-14	1.7 kB	4.0 kB	54.165.180.165
go.proffering.xyz	unknown	2022-06-07	2022-06-08	2023-05-13	620 B	1.2 kB	20.113.67.50
qwfuu.altairaquilae.top	unknown	2023-05-03	2023-05-11	2023-05-14	606 B	1.0 kB	172.67.142.37
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-14	2.0 kB	4.2 kB	142.250.74.131
www.gstatic.com	unknown	2008-02-11	2016-07-26	2023-05-14	2.7 kB	58 kB	142.250.74.35
feed.streampsh.top	unknown	2022-11-18	2023-05-01	2023-05-14	1.5 kB	31 kB	172.67.169.207

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-15 01:42:03	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-15	medium	gus168.com/cso/csol_gg88_v48_pe3.rar
2023-05-15	medium	ww38.gus168.com/cso/csol_gg88_v48_pe3.rar
2023-05-15	medium	oxbnr.amouronllne.com/ortb

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1	2.1 kB	2023-05-15	2023-05-15
Pretty URL oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1 IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-15 03:42:21 Last Seen2023-05-15 03:42:21 Times Seen1 Hash 5c82472412845912d3555bba34e0668e 362b3de8f90fff1f6bc75a94707a2908c50f59ee b7336dab4d1e90e44b17bf92d9011a925746603a8619526f9701b976b51822c6 Loading...

	cdn-dimi.akamaized.net/landings/279205/1680702419/js/jquery.min.js?1680702420	86 kB	2023-03-07	2024-04-25
Pretty URL cdn-dimi.akamaized.net/landings/279205/1680702419/js/jquery.min.js?1680702420 IP 88.221.27.74 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-25 07:53:57 Times Seen383800 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1	3.6 kB	2023-03-26	2023-05-17
Pretty URL oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1 IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 09:21:10 Last Seen2023-05-17 11:10:05 Times Seen17 Hash 8dd1849614c2371268c208f299970638 5c1c9aad0ee61fb0e6cabb1bfc9ca287b76a646d 7941ffaf4c1f078732bb0a353e91797b44dbf6be430bed59f9460680567dd4cd Loading...

	oxbnr.amouronllne.com/?s1=43431&s2=1106323&s3=&s5=backuser&click_id=&iexpp=1&j1=1&j5=1&utm_source=da57dc555e50572d	0 B	2023-03-07	2024-04-25
Pretty URL oxbnr.amouronllne.com/?s1=43431&s2=1106323&s3=&s5=backuser&click_id=&iexpp=1&j1=1&j5=1&utm_source=da57dc555e50572d IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 07:53:45 Times Seen37056616 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1	9.7 kB	2023-05-15	2023-05-15
Pretty URL oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1 IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-15 03:42:21 Last Seen2023-05-15 03:42:21 Times Seen1 Hash 59d39e3cf57ed14e3a61eeddcf1e497d 9c342e231406afcef65a5e53e0c0b33c2b800a95 db79c613dc58115abcc1a6db0d288f8ba29e3ec41839bfa720f7b343dbc13a15 Loading...

	cdn-dimi.akamaized.net/landings/279205/1680702419/js/scripts.js?1680702420	511 B	2023-03-25	2024-04-24
Pretty URL cdn-dimi.akamaized.net/landings/279205/1680702419/js/scripts.js?1680702420 IP 88.221.27.74 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-25 22:54:24 Last Seen2024-04-24 22:23:07 Times Seen566 Hash 69e75e0997cdd1b51ef2d8f78358e937 f816503aceb6edd2fd9f0cc3f911b99817ca611d 40c9bae2946917f32864946aabede4750f809cf9f3ab600669faab410b82526c Loading...

	cdn-dimi.akamaized.net/landings/279205/1680702419/js/translates.js?1680702420	24 kB	2023-03-25	2024-01-07
Pretty URL cdn-dimi.akamaized.net/landings/279205/1680702419/js/translates.js?1680702420 IP 88.221.27.74 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-25 22:54:23 Last Seen2024-01-07 22:49:29 Times Seen456 Hash 09375f18dc5bfd539f211887b6a178e6 01151d9836502715a56f01db102da22f462821d2 74e9cb9fca7f14f9de2c6416b1d99b3e28e0fd9c0501c848d8276de3a7036d5c Loading...

	oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1	302 B	2023-05-15	2023-05-15
Pretty URL oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1 IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-15 03:42:21 Last Seen2023-05-15 03:42:21 Times Seen1 Hash f0eed53a9bce448ebbdf26516ecdffcc 06e87e88126fdd8d5d4041192ab5af2019d8b483 0f4b1966f71551458133b41882fece1d09bc921342fbacd0b6a2a1b051256ee3 Loading...

HTTP Transactions (79)

URL IP Response Size

gus168.com/cso/csol_gg88_v48_pe3.rar

103.224.212.221

0 B

URL
gus168.com/cso/csol_gg88_v48_pe3.rar
IP
103.224.212.221:0
ASN
#133618 Trellian Pty. Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cso/csol_gg88_v48_pe3.rar HTTP/1.1
Host: gus168.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
date: Mon, 15 May 2023 01:41:59 GMT
server: Apache
set-cookie: __tad=1684114919.3674644; expires=Thu, 12-May-2033 01:41:59 GMT; Max-Age=315360000
location: http://ww38.gus168.com/cso/csol_gg88_v48_pe3.rar
content-length: 0
content-type: text/html; charset=UTF-8
connection: close

ww38.gus168.com/cso/csol_gg88_v48_pe3.rar

13.248.148.254

1.4 kB

URL
ww38.gus168.com/cso/csol_gg88_v48_pe3.rar
IP
13.248.148.254:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (385)
Size
1.4 kB (1362 bytes)
Hash
568d17384c2f8a45dc8a8123810b3983
18584afecadf61613f4cc60d3ab977efbfeeb420
a80434921dff1ccbb5e02f3022edcfd0250edb95a390f66e151d9691f1074730

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cso/csol_gg88_v48_pe3.rar HTTP/1.1
Host: ww38.gus168.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 15 May 2023 01:42:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: zeropark_zeroclick
X-Buckets: bucket011
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_lDThO+YUlYZ4rHmr4Fo7ew3TLl8NJSJXB1hJZ7FSrgHDT5IHlYc2V8y13VvgLmj75EVwbGdKsagwZJqLUPYulw==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Domain: gus168.com
X-Subdomain: ww38
Content-Encoding: gzip

d38psrni17bvxu.cloudfront.net/scripts/js3.js

54.230.245.8

1.1 kB

URL
d38psrni17bvxu.cloudfront.net/scripts/js3.js
IP
54.230.245.8:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (468)
Size
1.1 kB (1096 bytes)
Hash
a66b149a7ebc798955373415d683f32a
15ceaba8cfae8368600620ae97aa26ae7331d626
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9

HTTP Headers

GET /scripts/js3.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.gus168.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 1096
Connection: keep-alive
Server: nginx
Date: Mon, 15 May 2023 00:54:15 GMT
Last-Modified: Mon, 23 Jan 2023 11:12:07 GMT
Accept-Ranges: bytes
ETag: "63ce6b87-448"
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: fR2YZzTRAw5sv9P8ACNo9nVebHcC9U63QVLwhpSB2Coun4zS6-ZUWA==
Age: 2865

ww38.gus168.com/track.php?domain=gus168.com&toggle=browserjs&uid=MTY4NDExNDkyMC4xMTA5OjBlN2M3YjY3YmFkYTViNGVkMTQ2ZTQxNDE2M2NkZjY0ZjNiZWJlMjg3ZWVjMWFiYTU3YWZmYjc4OTQ5Mzg3ZWU6NjQ2MThkZTgxYjEyNw%3D%3D

13.248.148.254

20 B

URL
ww38.gus168.com/track.php?domain=gus168.com&toggle=browserjs&uid=MTY4NDExNDkyMC4xMTA5OjBlN2M3YjY3YmFkYTViNGVkMTQ2ZTQxNDE2M2NkZjY0ZjNiZWJlMjg3ZWVjMWFiYTU3YWZmYjc4OTQ5Mzg3ZWU6NjQ2MThkZTgxYjEyNw%3D%3D
IP
13.248.148.254:0
ASN
#16509 AMAZON-02

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /track.php?domain=gus168.com&toggle=browserjs&uid=MTY4NDExNDkyMC4xMTA5OjBlN2M3YjY3YmFkYTViNGVkMTQ2ZTQxNDE2M2NkZjY0ZjNiZWJlMjg3ZWVjMWFiYTU3YWZmYjc4OTQ5Mzg3ZWU6NjQ2MThkZTgxYjEyNw%3D%3D HTTP/1.1
Host: ww38.gus168.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.gus168.com/cso/csol_gg88_v48_pe3.rar
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 15 May 2023 01:42:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

ww38.gus168.com/ls.php?t=64618de8&token=07d7e49e0a366f25a1f47e35dc934041e2da05cc

13.248.148.254

16 B

URL
ww38.gus168.com/ls.php?t=64618de8&token=07d7e49e0a366f25a1f47e35dc934041e2da05cc
IP
13.248.148.254:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

HTTP Headers

GET /ls.php?t=64618de8&token=07d7e49e0a366f25a1f47e35dc934041e2da05cc HTTP/1.1
Host: ww38.gus168.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.gus168.com/cso/csol_gg88_v48_pe3.rar
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 201 Created
Date: Mon, 15 May 2023 01:42:01 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 64618de905a3d94321473ece
Charset: utf-8
Access-Control-Allow-Origin: 
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_P7WJjXeLDNccyAkSKNlei567LuMEg2GGGW69fdSgKoiTkErGjVfW5BYZjuSEfcb0Htn3si84bHDxHuNmxAzlmw==

ww38.gus168.com/favicon.ico

13.248.148.254

0 B

URL
ww38.gus168.com/favicon.ico
IP
13.248.148.254:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ww38.gus168.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.gus168.com/cso/csol_gg88_v48_pe3.rar
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 15 May 2023 01:42:01 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes

ww38.gus168.com/track.php?click=5f91c3ec687beba0dd5147fc491e95ff166fd5a4&domain=gus168.com&uid=MTY4NDExNDkyMC4xMTA5OjBlN2M3YjY3YmFkYTViNGVkMTQ2ZTQxNDE2M2NkZjY0ZjNiZWJlMjg3ZWVjMWFiYTU3YWZmYjc4OTQ5Mzg3ZWU6NjQ2MThkZTgxYjEyNw%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NDYxOGRlODFiMTAwfHx8MTY4NDExNDkyMC40MjA4fGJmMTVmYjI1ODBkZTlmOWZiNGFhODFlOGQ3ZWI4N2JjODUyODk2NGJ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXwwN2Q3ZTQ5ZTBhMzY2ZjI1YTFmNDdlMzVkYzkzNDA0MWUyZGEwNWNjfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off

13.248.148.254

20 B

URL
ww38.gus168.com/track.php?click=5f91c3ec687beba0dd5147fc491e95ff166fd5a4&domain=gus168.com&uid=MTY4NDExNDkyMC4xMTA5OjBlN2M3YjY3YmFkYTViNGVkMTQ2ZTQxNDE2M2NkZjY0ZjNiZWJlMjg3ZWVjMWFiYTU3YWZmYjc4OTQ5Mzg3ZWU6NjQ2MThkZTgxYjEyNw%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NDYxOGRlODFiMTAwfHx8MTY4NDExNDkyMC40MjA4fGJmMTVmYjI1ODBkZTlmOWZiNGFhODFlOGQ3ZWI4N2JjODUyODk2NGJ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXwwN2Q3ZTQ5ZTBhMzY2ZjI1YTFmNDdlMzVkYzkzNDA0MWUyZGEwNWNjfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off
IP
13.248.148.254:0
ASN
#16509 AMAZON-02

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /track.php?click=5f91c3ec687beba0dd5147fc491e95ff166fd5a4&domain=gus168.com&uid=MTY4NDExNDkyMC4xMTA5OjBlN2M3YjY3YmFkYTViNGVkMTQ2ZTQxNDE2M2NkZjY0ZjNiZWJlMjg3ZWVjMWFiYTU3YWZmYjc4OTQ5Mzg3ZWU6NjQ2MThkZTgxYjEyNw%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NDYxOGRlODFiMTAwfHx8MTY4NDExNDkyMC40MjA4fGJmMTVmYjI1ODBkZTlmOWZiNGFhODFlOGQ3ZWI4N2JjODUyODk2NGJ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXwwN2Q3ZTQ5ZTBhMzY2ZjI1YTFmNDdlMzVkYzkzNDA0MWUyZGEwNWNjfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off HTTP/1.1
Host: ww38.gus168.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.gus168.com/cso/csol_gg88_v48_pe3.rar
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 15 May 2023 01:42:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-View-Match: true
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

ocsp.r2m01.amazontrust.com/

143.204.48.16

471 B

URL
ocsp.r2m01.amazontrust.com/
IP
143.204.48.16:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
f319b1f89e68ab7e46587ed71ca8dd0f
faa2faddaf0a6af33672183b40a2adcf97459f42
2d48d4141543e8379011423e32176bf1c28885347cc7fed9be38f0ecd367b4b6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=111743
Date: Mon, 15 May 2023 01:42:01 GMT
Etag: "64609260-1d7"
Expires: Tue, 16 May 2023 08:44:24 GMT
Last-Modified: Sun, 14 May 2023 07:48:48 GMT
Server: ECAcc (nya/7970)
X-Cache: Miss from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: n0J-IUSKGdozWbXCHgX7tiaedeuvuEiqWLAQA_pB10rc9zQJULdtlA==
Age: 3336

fulbe-whs.com/zcvisitor/af57cc1b-f2c1-11ed-a892-0ac864ebb01b/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97

54.165.180.165

1.1 kB

URL
fulbe-whs.com/zcvisitor/af57cc1b-f2c1-11ed-a892-0ac864ebb01b/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97
IP
54.165.180.165:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.1 kB (1098 bytes)
Hash
1b8c548ae836d0f90467537b7ede74ab
4531c20517ae04f66583b6ea45428430fda4120c
3cfa121f622f180e2ad5b051e8bb3aa6ed5bab24f5b21da4adf13b88a0a21e20

HTTP Headers

GET /zcvisitor/af57cc1b-f2c1-11ed-a892-0ac864ebb01b/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97 HTTP/1.1
Host: fulbe-whs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww38.gus168.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Mon, 15 May 2023 01:42:02 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: nhHREYRq

fulbe-whs.com/zcredirect?visitid=af57cc1b-f2c1-11ed-a892-0ac864ebb01b&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false

54.165.180.165

462 B

URL
fulbe-whs.com/zcredirect?visitid=af57cc1b-f2c1-11ed-a892-0ac864ebb01b&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false
IP
54.165.180.165:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
462 B (462 bytes)
Hash
7eadeafce12ec24df8b1a59f09fc5fe9
295ea21e1e5951bf4abd97e6ba3874f49dcd0bfb
cf78ed5f68f768fd66f4b6ff5b43b7bb109aab20ef78d69801516c138ae67dea

HTTP Headers

GET /zcredirect?visitid=af57cc1b-f2c1-11ed-a892-0ac864ebb01b&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: fulbe-whs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://fulbe-whs.com/zcvisitor/af57cc1b-f2c1-11ed-a892-0ac864ebb01b/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Mon, 15 May 2023 01:42:02 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: gOxOARlo

fulbe-whs.com/favicon.ico

54.165.180.165

653 B

URL
fulbe-whs.com/favicon.ico
IP
54.165.180.165:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size
653 B (653 bytes)
Hash
ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: fulbe-whs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://fulbe-whs.com/zcredirect?visitid=af57cc1b-f2c1-11ed-a892-0ac864ebb01b&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 
Date: Mon, 15 May 2023 01:42:03 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: IyRxgjTk

go.proffering.xyz/15GUIL?zoneid=lateritious-falcon&campaignid=2069719&target=lima-not-vqplrm6jg4&cost=0.001200&external_id=NON-ADULT

20.113.67.50

312 B

URL
go.proffering.xyz/15GUIL?zoneid=lateritious-falcon&campaignid=2069719&target=lima-not-vqplrm6jg4&cost=0.001200&external_id=NON-ADULT
IP
20.113.67.50:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, ASCII text, with very long lines (312), with no line terminators
Size
312 B (312 bytes)
Hash
eaeb05b16690af0df3f84e07d4179b6f
c7420309fd10d8c381bfe6dc81226293b769fe64
4c0bfb5da9348e73159f80577fb26e421f6edeb1281669373f201d7e60bc2463

HTTP Headers

GET /15GUIL?zoneid=lateritious-falcon&campaignid=2069719&target=lima-not-vqplrm6jg4&cost=0.001200&external_id=NON-ADULT HTTP/1.1
Host: go.proffering.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://fulbe-whs.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.23.0
Date: Mon, 15 May 2023 01:42:03 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 312
Connection: keep-alive
X-Powered-By: Express
Set-Cookie: 15GUILo=20230515041684115224829; domain=.go.proffering.xyz; path=/;expires=Tue, 16 May 2023 01:42:03 GMT;  httpOnly=true;SameSite=None; Secure;
_pc_lc_id=15GUIL; domain=.go.proffering.xyz; path=/;expires=Tue, 16 May 2023 01:42:03 GMT;  httpOnly=true;SameSite=None; Secure;
peerclickcid=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515; domain=.go.proffering.xyz; path=/;expires=Tue, 16 May 2023 01:42:03 GMT;  httpOnly=true;SameSite=None; Secure;
_norg=1; domain=.go.proffering.xyz; path=/;expires=Tue, 16 May 2023 01:42:03 GMT;  httpOnly=true;SameSite=None; Secure;
Location: https://qwfuu.altairaquilae.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515
Vary: Accept

qwfuu.altairaquilae.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515

172.67.142.37

0 B

URL
qwfuu.altairaquilae.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515
IP
172.67.142.37:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515 HTTP/1.1
Host: qwfuu.altairaquilae.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://fulbe-whs.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 15 May 2023 01:42:03 GMT
content-length: 0
location: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
set-cookie: W7-lkuObDEWXzHM4LgqUhA=19; max-age=345600; path=/; samesite=lax
__pl=700f6117-c479-4fff-bd0d-9f334716a635; expires=Thu, 15 May 2025 01:42:03 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zu7KkdtFs8dn%2FO8HHyO3fVVjRH91cEOL8xJvRAAYLmwsFsTEh6WSJkjXvWGJUUzIPRem1kdrPoASEXXBwBdG63gFh2n1dJoDwdYOprkLCVbeIF2R31X%2FvlZOZQUPzib0QRMlPyxaqGnjsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c77aea02916b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

qwfuu.crystalcrafter.top/ph-new/assets/thumb-big.jpg

104.21.7.3

83 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/thumb-big.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Size
83 kB (82623 bytes)
Hash
cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788

HTTP Headers

GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:03 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-142bf"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3518
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bggk1QhjShQkNmLaD4fe3zHh068lLGsQ505znRUSdEvScYbhgbJ5UdiQpllnbTkmrDLktK2x0hRh8Db6xCxhcRdhJGaAVyAowuiaAX9cWo10Ve5zPhebh06GjvRIM3Dbd9CfVzRO6s%2BebN4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea28a8fb521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/favicon.ico

104.21.7.3

0 B

URL
qwfuu.crystalcrafter.top/favicon.ico
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Mon, 15 May 2023 01:42:04 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2924
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tduuOykWyg62lQ6QZ5OuY2%2BoHbG2AlqxiXbqNycwlXFTymNgfEwgXBi0v1DGFt5HCbSOq8gEdu7L4C37RujXaF1ERANXdd%2FnFPm%2FoZRmIwBPA4ZmYdjApaaCyiNokTEhmlYo%2Fq88KbPdpGw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea41b60b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2d0ce7be8ebb8dec95f0e8badd56e463
bf29996b22abb22c181d7749959c23a6774725dc
768a8875c5a2a3f5685231639d7ef76e684130e728068fcb2823dc63a5e1d597

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 15 May 2023 01:42:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/firebasejs/8.4.1/firebase-app.js

142.250.74.35

6.8 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (21158)
Size
6.8 kB (6763 bytes)
Hash
e20da9cfaabf0b23d89c2335c06e2b03
b1af5616825acaba44bd714bd2685327abe896fd
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

HTTP Headers

GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 May 2023 06:18:54 GMT
expires: Fri, 10 May 2024 06:18:54 GMT
cache-control: public, max-age=31536000
age: 328990
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2d0ce7be8ebb8dec95f0e8badd56e463
bf29996b22abb22c181d7749959c23a6774725dc
768a8875c5a2a3f5685231639d7ef76e684130e728068fcb2823dc63a5e1d597

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 15 May 2023 01:42:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

qwfuu.crystalcrafter.top/ph-new/assets/rec-1.jpg

104.21.7.3

14 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-1.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (14404 bytes)
Hash
b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47

HTTP Headers

GET /ph-new/assets/rec-1.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3844"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2844
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zd5gu%2FndqLgteRlRh8IEd%2Bh6sIPeETn7d39%2FqLvCjfLIhrK3VOAMo0V92myqFCIH5t%2Fq6jx7AkVaDx3w937rrKh%2FoKdXo%2BBPFvNt3Zmfd25L2VAqh7eEUABTPVEQkVW2JQjDXF13PIydzBk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea60c91b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-2.jpg

104.21.7.3

11 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-2.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
11 kB (10890 bytes)
Hash
dbe1dba764a2ef20cf6760ad30539988
e14dca406d4f5932a9a4683635bbdf87def79eba
b0fe8ace388ec8556bcdd46cd30a03ddaadcf80d124e9052f2a19a27061829f7

HTTP Headers

GET /ph-new/assets/rec-2.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: image/jpeg
content-length: 10890
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2a8a"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2844
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PhpYV6Ay5tqcv5kCognJ1vxBB5Ma0DBCKV0BilQ1dFphtxZnaeF%2BSRV0kKSpc7ZQQgrD2DbqNBZJkkhxCZZG5SGUOx1HLLENDKFWt66ZYgE8w2cq1cle8OiW%2BtHv%2FUfeSn6ON5j8SwmTkpc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea60c93b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-3.jpg

104.21.7.3

15 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-3.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
15 kB (15217 bytes)
Hash
4d58cecaa4f40c979917c8e4d907033f
f0c6d616bcc3f4bd5a1dadbca8254d9f34f2921c
9ee7f1aecdeb64f4ce54c5d0b7ea3d92b2e9d06a7f9cb7b793e39262cda05996

HTTP Headers

GET /ph-new/assets/rec-3.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: image/jpeg
content-length: 15217
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3b71"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2844
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=321YE2y53b2P7S1jY%2BtmUxCg9dLNiCIURByXrAMrVjQFwNoCZrmdtgWKPLy4bDmHRaVBaJz5%2B4Lazq6p4GHkKDPNKnWS1Rlkry8S8gII52eNhB43ahyESND19kwWBewTmUdal74fqm%2FG1GA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea61c95b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-4.jpg

104.21.7.3

8.9 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-4.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
8.9 kB (8900 bytes)
Hash
8375f2a1249ce00f118c5b616ab71492
4e2d3bc095c01632578b0b39afbfc03f43e3fa42
f71320d61eb339fdb7b5d20249d4f6aa6e37e22e618dc83e8459da1db3f79483

HTTP Headers

GET /ph-new/assets/rec-4.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: image/jpeg
content-length: 8900
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-22c4"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2844
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X74KiUCqI%2FyiWlEVhJ%2Fe%2Bt0wU7Q%2Fr5DdgJbNbuzxMtSf2ljbV6QTE61L%2FaiLOctvBup75kudht1o33u9bK5VvqUUyZQFEDPcU%2FzrPSBzsnvKi3NbDOmklPABO5zqLHfV%2B6yCYBLlC6BOheQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea61c96b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-5.jpg

104.21.7.3

13 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-5.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (13149 bytes)
Hash
f9ec603fbe19b12e8a8c1874eea3e5f2
0e24410f618ffa17dc6a9380a5b9a4c06dfba4a9
a77b6918c2799981aa1a09fc5f787ff109883093f2efd28beaf79031f5a8ac02

HTTP Headers

GET /ph-new/assets/rec-5.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: image/jpeg
content-length: 13149
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-335d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2844
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FR2EBdOqeW%2FSzxLb5h0Jf4C3SIshbJuKkd%2BYmtrgkh%2BGvYj2F8b4432auQqkAqfUdBVarBLLPl9LVMFs6TIDkzM1CJe1DE618d2Fb%2B2irfXC%2Bx%2BS2o6xlgiOiD%2BA5yFwvOn3E1buCQkY0C8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea61c98b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-6.jpg

104.21.7.3

16 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-6.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
16 kB (15988 bytes)
Hash
4887925f773d2ba9caea39686f764c7f
98c9abb09854fee425dbd78ad623af053cec6721
6e1e474a8fc326cd06593e0c1a55d0e73126ada3bf169713b847e82d28646773

HTTP Headers

GET /ph-new/assets/rec-6.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: image/jpeg
content-length: 15988
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3e74"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2844
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UWdZPOSS0HiopYRDWa2BFP1wv1ovKLUeM05fK2NRXQu%2BaULZoOdosJxJVz8dTTREl2Qx0cLoDcBX67KcsUTLvggMq%2BGaS5ij4zaUh6%2BBVVzZcM%2B6rsRJMe9fbbFBhEJu%2Fp73URdeCwe26ME%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea61c9ab521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-8.jpg

104.21.7.3

13 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-8.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (12992 bytes)
Hash
eb826882457e1589d8a7d3b3499c4556
91284882dec199a9cc02ffa3ef3c86505159ce12
4fad6c5d1cd5bdb7eea1b216774e831a6e59a11ddcc8b0881747a4d278d86940

HTTP Headers

GET /ph-new/assets/rec-8.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: image/jpeg
content-length: 12992
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-32c0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2844
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EfnV1kI2cU36sugp%2B2hJj3qXTQeVI4MDynb5i%2ByMIQND1W6vhVdWUqGVaLh8dndbDlv%2B8h%2B0GVrXhslCvEC%2F4fZUyiRHIOlJsbPxPqzM%2Fabja1eXO%2BbCSzCW7mjEtjq0ZqryoMUZChojjSk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea61c9db521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/rec-7.jpg

104.21.7.3

14 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/rec-7.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13963 bytes)
Hash
f8af6bb4bdbbf2788da61a614e2f214e
d4a22a315356fcbc5f4a6af2d8a15e96721abddc
edb8c2bdc0f5612a5bf789af233ccaa63dd3751fbfaffb01be48e6e43e78b0bc

HTTP Headers

GET /ph-new/assets/rec-7.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: image/jpeg
content-length: 13963
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-368b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2844
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oAIFpAm63Yoc%2FqxlOsVUPkYJubtmLqiampJnjY2d95rEV%2FFisgPHOjjBkmS0BWYsd8rTG8qiztDHr4h0BGuN6lHow%2BfSXlqIuvKBo2GQKSBF3l5as6M6cjEEdVa%2B7N37Pa2AaisTgJBDv%2BE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea61c9cb521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/1.jpg

104.21.7.3

14 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/1.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (14404 bytes)
Hash
b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47

HTTP Headers

GET /ph-new/assets/1.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3844"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2844
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B92f7yikZJDDIEPmNG6tTokCTCPwKet3Un%2FFEj2UsCNbXqkqrqeO8xdxU0BzXrk9BA7N%2BQSibS5pbgquqpGLtVss%2BENIksb68ObVRbpmGZi3VVRUXyMeOQtQ6fqrc767EpbE4F%2BXZO3BNhw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea61c9eb521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/2.jpg

104.21.7.3

21 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/2.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
21 kB (21253 bytes)
Hash
c3f3eb5d00c73ac19828309a4cde4e96
be66f4e10a00d90a0f8fdc0a5a4dbd19c143d97d
626b570f2ffdf83add77f51246ccb195fec4c15e4289173b8183cd47e7cfd763

HTTP Headers

GET /ph-new/assets/2.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: image/jpeg
content-length: 21253
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-5305"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2844
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MMFis6%2BLQynJdaqw7A6e%2Brg5Ru3d9JJpgvAKYTcp8q2YHHh8%2BnXm14el8AWqpwnr14eE%2F5jPJ9kfrb8VlBQ9avTBH%2B85YbQ1%2B4qjqclih9t2qJi5d52uCKWVKU6ezqVvi2JtLtkvH3Fzi6o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea62ca5b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/3.jpg

104.21.7.3

11 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/3.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
11 kB (11094 bytes)
Hash
3f9b232e4a112a89dedcae34ff319dda
5c633886ceeaf3b1185e24253df6be39378c8e85
55fddecdb3ed8e536018523555d995f39f85304bbc00f65ab96472236b57a49a

HTTP Headers

GET /ph-new/assets/3.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: image/jpeg
content-length: 11094
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2b56"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2844
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8kz9Vh7AxDkcKBzpcia157UbrzgMhBhKAiVGXdTs%2BKRjiP9%2Bt7vAf6NoCPd4H2zKxEG8fwJtAMuylxqay2ff8s4fWiXy9iMUOJBVgUeA%2BoOzY2fLR9MsIztcMoEtXpFF4ri8A3gzUmHXaKY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea62ca6b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/4.jpg

104.21.7.3

14 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/4.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13611 bytes)
Hash
a4bef91e21afc13fed7f0bebcc6c4495
5dd2288d13e016a66fbe1f5605b2ed0fc3ad6326
44d3bf237a20f5d36a663aedd4a909a6118e6e35d6fe84971861f5638c070ecd

HTTP Headers

GET /ph-new/assets/4.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: image/jpeg
content-length: 13611
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-352b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2844
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1tlN2r2kA4ZvkR0kERF99MLtCaC1Lehe7d6YUpNXNQ%2BXqRqFaV1hiNV5zNZhXEtqNLHYKhcWuMtU5VEje66Otk5TGeLddiDKrJJZSHd6v1c6U9QlIXKjvDb3fUsc2k3Cm8hPMDCs3RoGCbk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea62ca7b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/5.jpg

104.21.7.3

12 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/5.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
12 kB (11713 bytes)
Hash
113d196991f086fe21f82ee35286eddc
093b74a20c8902f13be1ee735f90a93e397227f9
34a3bc9a7aee67e35d57d4bb0bdccf08c3639da85d2421c58f6c4a92f5eee5e1

HTTP Headers

GET /ph-new/assets/5.jpg HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: image/jpeg
content-length: 11713
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2dc1"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2844
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YRVFKcDZNc9bgdyldlXy6yVzVZctUAW7y1jBS15b%2Bmw8HnAt2nhuEWq7WpB3M8zkbTF9AIxLHUW02Q0oZhsISuXxnUPPt48BFCC7HtgP2InC0ISwBRLny5Gjj6QJeAST12nu85Mp9irDA4o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea63ca8b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

js.streampsh.top/ps/pl.js?edg=true&fullscreen=true

172.67.169.207

12 kB

URL
js.streampsh.top/ps/pl.js?edg=true&fullscreen=true
IP
172.67.169.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2612), with no line terminators
Size
12 kB (12005 bytes)
Hash
0dba333948dfafc2c7425b4aadf8185d
9cd6d970a6bd52e0e8e54f8ad0e80ab13da7fc13
aa5200ce8a6b9c60f852ae45a468b47860a65f0b53e2824ef63c71db9157cef2

HTTP Headers

GET /ps/pl.js?edg=true&fullscreen=true HTTP/1.1
Host: js.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q4dDRmBvsF0vU7H2VlDmIHrYgeqTS2FLukN2dEK6COIMKyF02UvSyJXoA8%2FEyE7Fbjd%2BHgeD6E%2FqoR51wreG%2FAoOCbZjJQwLvgV5b2jOD74jENqNLpgEJuNfyfnMRHZIcHjR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea2e9f00afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

a.crystalcrafter.top/ph-new/assets/thumb-big.jpg

104.21.7.3

83 kB

URL
a.crystalcrafter.top/ph-new/assets/thumb-big.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Size
83 kB (82623 bytes)
Hash
cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788

HTTP Headers

GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-142bf"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2448
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4CcVm6K%2F%2F6LMCzFbUjGgDvdrKEnH8r1PGiVBnvtRsGdPudWO26PY9x6%2FI3NbpPMw15eHHvcswEdK%2FTF8fgEFm8y7I7UVW6MaSv8tUuIwkG8JnF8kUJpRMma8xV1u0XU4zBuPuGd%2BmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea7dd55b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/assets/trls.js

104.21.7.3

2.9 kB

URL
qwfuu.crystalcrafter.top/ph-new/assets/trls.js
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
2.9 kB (2913 bytes)
Hash
2d452480e0a1246e5ed7e13278b99eee
dc1115b9c20884a07335bdf5abea5c399f5293d6
19b0897b045b6f67abdae0b9f6ca5987202456aa0d7bfc3b17128e94d2cf761d

HTTP Headers

GET /ph-new/assets/trls.js HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:03 GMT
content-type: application/javascript
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1e3f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3519
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZTdC8U77sA3chyHpY%2FWObpTgJDcpRraJiwEqMsv%2BwRJf7XOcsc1COlnXKuuDAdT65j6jSHKcU7KM0cuKkjBlfS3szofY675VJkj%2BaxiuUvcVIzqw%2B1F7TIi1dPxfVSyMmsaVgfpDyOohdHM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea28a8cb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

feed.streampsh.top/ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA

172.67.169.207

7.0 kB

URL
feed.streampsh.top/ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA
IP
172.67.169.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
7.0 kB (6989 bytes)
Hash
94d0d575f775178a35588e080cfceef5
5dc7578ef1009f4435b49e8ec2020da3c8bea73d
39ab43d2c92eea10c3f21f346f4a137987f99da1efd496ddd3f132d166244e3d

HTTP Headers

GET /ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA HTTP/1.1
Host: feed.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/
Cookie: __psu=d02ccc98-c3cb-4dfb-baa6-9c21aa509bae
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:05 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=znnbhzKZJHlUQqt7tIAd0kO7qV7u4jjhnZu0G79f7WbrHdjRDVzjew%2Fo5T1q78KLac4zoSCzGqFPI0bd9LykY4uZyToOvZ1uYSkk5%2F%2BXFzOSfP7T6fkkOUxei86zETLwBE44NJ8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea94be6b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/trls.js

104.21.7.3

14 kB

URL
a.crystalcrafter.top/ph-new/assets/trls.js
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
14 kB (13821 bytes)
Hash
2d452480e0a1246e5ed7e13278b99eee
dc1115b9c20884a07335bdf5abea5c399f5293d6
19b0897b045b6f67abdae0b9f6ca5987202456aa0d7bfc3b17128e94d2cf761d

HTTP Headers

GET /ph-new/assets/trls.js HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: application/javascript
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1e3f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2448
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2tUEDirc%2FsUx6qzCge%2BX0k6jJDDwC93FhjUHgUs3P7u3ew4DNrNtetFgeRyMKxUtswd79mED9JXixNs2Qlt%2FpVGqof4JRIDwovPDY1U8yoYXrrCuHiJTFozAL3q7Dn%2BwSPXrP7RIcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea7dd53b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/assets/style.css

104.21.7.3

87 kB

URL
a.crystalcrafter.top/ph-new/assets/style.css
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
87 kB (86711 bytes)
Hash
807d696b86114245f8eda3dce43f61ff
6d65ffaf8ec2107db8f1d29c410f152a8b809a56
7524af6d5f36df3e5d5c8148bc63e3956de050fa262fc0589e2a58dc606977bc

HTTP Headers

GET /ph-new/assets/style.css HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: text/css
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-5f33"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2448
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZssZBp%2F1USA3OGHrLIyMBuTwy6hdng3Gyv%2F3kU68PVJcMKbZ6cDoEzSqcGS9UyfKBt7yB6NqkOIz8CCNnp50DhzInvznfgKK31IstumwOi8km6I3JbpoFUsYKc7MueRtBpM6IC%2FxuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aea7dd54b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

b.crystalcrafter.top/ph-new/assets/trls.js

104.21.7.3

4.0 kB

URL
b.crystalcrafter.top/ph-new/assets/trls.js
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
4.0 kB (4010 bytes)
Hash
2d452480e0a1246e5ed7e13278b99eee
dc1115b9c20884a07335bdf5abea5c399f5293d6
19b0897b045b6f67abdae0b9f6ca5987202456aa0d7bfc3b17128e94d2cf761d

HTTP Headers

GET /ph-new/assets/trls.js HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:05 GMT
content-type: application/javascript
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1e3f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6554
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xMrKvs%2Fq9VhnF4pouHQCBJ2sqoqt%2FGNwDCa8nYgiLkER4vROe5bt5kfH6qBGUGYtBg%2FaW4iABnQq8gd0vCdKC%2FkDJM40oAikREHGKZVNhTxgSNXdLlVLSzQii7sSy%2B9DHDTAYVIAXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aeab4ed9b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

feed.streampsh.top/ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA

172.67.169.207

7.0 kB

URL
feed.streampsh.top/ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA
IP
172.67.169.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
7.0 kB (6989 bytes)
Hash
94d0d575f775178a35588e080cfceef5
5dc7578ef1009f4435b49e8ec2020da3c8bea73d
39ab43d2c92eea10c3f21f346f4a137987f99da1efd496ddd3f132d166244e3d

HTTP Headers

GET /ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA HTTP/1.1
Host: feed.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/
Cookie: __psu=d02ccc98-c3cb-4dfb-baa6-9c21aa509bae
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:05 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ixoLiGnCiDFA1cOj1U92%2Fwr8w317xupE26iISqALu%2FJbK5NY3R8wjOqETiq7qAVkxw9uxZt82xjXYJtdozPlB6KpNjxIf9SZgx%2F9mFH3%2B%2FCGK8OFLNwDKFnfv3QWYfByPPv9DAg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aeacbd08b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 10 May 2023 00:16:42 GMT
expires: Thu, 09 May 2024 00:16:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 437123
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223

104.21.7.3

98 kB

URL
a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4233), with CRLF line terminators
Size
98 kB (98428 bytes)
Hash
c916b0032230dc45461448a9d5191da9
cca43f6ac66a63721abbfe3382eeef1638621175
247b5e37452e79fe61fd06fb5c1448b2ae4a13b12128851dd8cdb0c7b71c236a

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223 HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Om4RiNZGem5936%2BXWiaFua0FianwG2MlKN4LTlmt4d8%2BYysxjKUZ%2FqXIUvUBdYjw2xHvS5qy6gkvNIOqXPZ5IRhloMGq%2BC7Bs%2B%2B9Ww4xuhgG8PwYjSj4xlQweMHeuGiyA09Ch0W%2FAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c77aea7dd59b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223

104.21.7.3

21 kB

URL
qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
21 kB (20724 bytes)
Hash
c8fbff6e3254ea5f89f31b88dfbaa15b
5b9a5654145be6bd8dd640a8d5932e188210da43
43bf42fb02010ab09a32e3a18b34586665a53a3aa1925eeab97c03332c250fe6

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223 HTTP/1.1
Host: qwfuu.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U2O8foiLvAOl0VaJIrDNGSbPy9Y6V6LGljuTLpex%2BAHTvc%2BeMUCIiy6bPInMYa8xQcYoofxMvI2NiZLXXMEx%2BJqSyNhGARTPZtqX5HNwSaCk1IEgIKKocQy102kbzm20QGlr1o9%2BBgXb%2Bno%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c77aea29a91b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-app.js

142.250.74.35

6.8 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (21158)
Size
6.8 kB (6763 bytes)
Hash
e20da9cfaabf0b23d89c2335c06e2b03
b1af5616825acaba44bd714bd2685327abe896fd
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

HTTP Headers

GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 May 2023 06:18:54 GMT
expires: Fri, 10 May 2024 06:18:54 GMT
cache-control: public, max-age=31536000
age: 328992
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 10 May 2023 00:16:42 GMT
expires: Thu, 09 May 2024 00:16:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 437124
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

d.crystalcrafter.top/ph-new/assets/thumb-big.jpg

104.21.7.3

83 kB

URL
d.crystalcrafter.top/ph-new/assets/thumb-big.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Size
83 kB (82623 bytes)
Hash
cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788

HTTP Headers

GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:06 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-142bf"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3312
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fWmQKevWzbjQT6HShccTWbqajxt%2Bjb%2F1m671ZTZ02bHSq7ecb%2BNRshDe3Xh8OSD6Y9HkRyIn4GHIPodT0RDPKtNapqY0zMMPYxd0AtRZHPsY5zaa5MEb3%2FRjhjq8cQH0028bS37qWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aeb1f951b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223

104.21.7.3

20 kB

URL
a.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4233), with CRLF line terminators
Size
20 kB (19815 bytes)
Hash
c916b0032230dc45461448a9d5191da9
cca43f6ac66a63721abbfe3382eeef1638621175
247b5e37452e79fe61fd06fb5c1448b2ae4a13b12128851dd8cdb0c7b71c236a

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223 HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwfuu.crystalcrafter.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:04 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BbydgxK%2BZ03eIoiWspp0iriq3jJTQbss8khZGFgW%2FwwoMT6KTRxt4CBPEcH39eYVmbUtqRrT5H8DSwYUO9J1c6pSMsdksuXz5TkZx7PTsWLajGZOVt8ETsBj5RialfeXQG2k21yuMA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c77aea6ecfeb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-app.js

142.250.74.35

6.8 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (21158)
Size
6.8 kB (6763 bytes)
Hash
e20da9cfaabf0b23d89c2335c06e2b03
b1af5616825acaba44bd714bd2685327abe896fd
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

HTTP Headers

GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 May 2023 06:18:54 GMT
expires: Fri, 10 May 2024 06:18:54 GMT
cache-control: public, max-age=31536000
age: 328992
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 10 May 2023 00:16:42 GMT
expires: Thu, 09 May 2024 00:16:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 437124
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

feed.streampsh.top/ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA

172.67.169.207

15 kB

URL
feed.streampsh.top/ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA
IP
172.67.169.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
15 kB (14630 bytes)
Hash
94d0d575f775178a35588e080cfceef5
5dc7578ef1009f4435b49e8ec2020da3c8bea73d
39ab43d2c92eea10c3f21f346f4a137987f99da1efd496ddd3f132d166244e3d

HTTP Headers

GET /ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA HTTP/1.1
Host: feed.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/
Cookie: __psu=d02ccc98-c3cb-4dfb-baa6-9c21aa509bae
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:06 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yDx%2F0bsyPyvgm3Ax7%2FqggqVCsCFRWVRJm68IdGgjCQoxlPKebsZHiBeUF5LvjNxDUKiTYgIq0RlgsPd4QD%2BR%2FmXAkjPIFMavIuttQoLKA197y%2FUnte8KCX6CFXzdWFFwWUC6lMo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aeb35fe5b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223

104.21.7.3

33 kB

URL
c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
33 kB (32679 bytes)
Hash
07e9892cf66c8d1e88a1cb78bc42cd8e
d2df01773fb2f6afce037e5e57063ec97ad80c3b
0e8194caf701658532b38eba8f2093715f04d4fadb3f1048713dada52b733d1c

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223 HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:05 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TfUEdB7g2wcPY2yflA1lVDhNZ0hWmgShyXcUQR4Uf%2BrVq%2FWalhWN%2BItxZEs4UoeBcui5q5k0I9YZK%2FoRXQ5eT%2FsvsYE%2FQBjq%2FxF3A76iuOfqqxvB7PRt5CeBjbcpSJVhC1FGSR%2BlfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c77aeaea825b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-3.jpg

104.21.7.3

15 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-3.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
15 kB (15217 bytes)
Hash
4d58cecaa4f40c979917c8e4d907033f
f0c6d616bcc3f4bd5a1dadbca8254d9f34f2921c
9ee7f1aecdeb64f4ce54c5d0b7ea3d92b2e9d06a7f9cb7b793e39262cda05996

HTTP Headers

GET /ph-new/assets/rec-3.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:06 GMT
content-type: image/jpeg
content-length: 15217
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3b71"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6476
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QdPD%2BPZNqku2wMFX8r7v1VY3iB0R03a8IPtModHvW1WQkDA0yl28TLdQOlJl6yRbKQS1MgDevCd8R0QOOoKjO%2BsLtlGMRWcJSwuTrE8IORLkehvupRLAWhNkJCxYE0baN6J1Oez6tw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aeb56a89b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/style.css

104.21.7.3

13 kB

URL
d.crystalcrafter.top/ph-new/assets/style.css
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
13 kB (12988 bytes)
Hash
807d696b86114245f8eda3dce43f61ff
6d65ffaf8ec2107db8f1d29c410f152a8b809a56
7524af6d5f36df3e5d5c8148bc63e3956de050fa262fc0589e2a58dc606977bc

HTTP Headers

GET /ph-new/assets/style.css HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:06 GMT
content-type: text/css
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-5f33"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3313
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DL2ymSZM2LaM7GHoZdWwcs5zLYWdq5Wv%2Fd9DMe4pApxgzfi6L7p%2FhpSiynYyQUzeZZTzyWUJf4AJJLj572ESHWWSdHfTngtSQgdvQgxWnykR2c29TRAptWA7ei6gKOD8qBe7An8OFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aeb1f950b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/trls.js

104.21.7.3

16 kB

URL
d.crystalcrafter.top/ph-new/assets/trls.js
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
16 kB (16062 bytes)
Hash
2d452480e0a1246e5ed7e13278b99eee
dc1115b9c20884a07335bdf5abea5c399f5293d6
19b0897b045b6f67abdae0b9f6ca5987202456aa0d7bfc3b17128e94d2cf761d

HTTP Headers

GET /ph-new/assets/trls.js HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:06 GMT
content-type: application/javascript
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1e3f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3312
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jjpJ46fjfcv1Eg%2FEvS5XiuPYGldSnNXcTL77qqda8%2F3LcTqjapFJHpkNq6h27tzoZ1QCotd34x%2BXs%2FjHE5tDhyNcuo7F7De5kZ%2BLP%2BfeBUrqg8%2FV0mteqy2tZ8n7cLZWtAepNagFgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aeb1e94db521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-6.jpg

104.21.7.3

16 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-6.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
16 kB (15988 bytes)
Hash
4887925f773d2ba9caea39686f764c7f
98c9abb09854fee425dbd78ad623af053cec6721
6e1e474a8fc326cd06593e0c1a55d0e73126ada3bf169713b847e82d28646773

HTTP Headers

GET /ph-new/assets/rec-6.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:06 GMT
content-type: image/jpeg
content-length: 15988
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3e74"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4582
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bdIQ25uA%2F3Iifpg%2Bv1PXsqkd2D9b5xWkMb5WV8iXAZMcier87Ddk2WjjIEi7NZQcdb18vMBi0KXEV%2BA%2FaC%2Ba51JRTr83FNGrMG9hG68jqJ0%2FDdTgTjVvobDIDz0L0rR18VMS69vAdA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aeb57a92b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-7.jpg

104.21.7.3

14 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-7.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
14 kB (13963 bytes)
Hash
f8af6bb4bdbbf2788da61a614e2f214e
d4a22a315356fcbc5f4a6af2d8a15e96721abddc
edb8c2bdc0f5612a5bf789af233ccaa63dd3751fbfaffb01be48e6e43e78b0bc

HTTP Headers

GET /ph-new/assets/rec-7.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:06 GMT
content-type: image/jpeg
content-length: 13963
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-368b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4582
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=skfnAE0JstJnh%2BjmnqqSvH0LnhH%2Fgo6WGqUe1ghyy7mMUkYUTbFqOvI0YTi5DHl9URzQuwjQaVo3wA6qXDUqeQbSQr%2FfVjqdTS3HJecUGNPjcyCfLmuVeWv074na9U3ayu4ZNBs4bA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aeb57a91b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/rec-8.jpg

104.21.7.3

13 kB

URL
d.crystalcrafter.top/ph-new/assets/rec-8.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
13 kB (12992 bytes)
Hash
eb826882457e1589d8a7d3b3499c4556
91284882dec199a9cc02ffa3ef3c86505159ce12
4fad6c5d1cd5bdb7eea1b216774e831a6e59a11ddcc8b0881747a4d278d86940

HTTP Headers

GET /ph-new/assets/rec-8.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:06 GMT
content-type: image/jpeg
content-length: 12992
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-32c0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4582
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VFkIR6DSMydm5tPxe87EGOqfhfIUIrRuM%2ByRafvlD6ZPkh3mBHKWU11iPT08SmLlpFKOzaA1YYCnw%2FpF2hVFkcG8YEXbjFzHXM9IWB9xYMg5AbfJwtddXHWUvLVnUBWHIedqOW2u2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aeb57a94b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

b.crystalcrafter.top/ph-new/assets/style.css

104.21.7.3

18 kB

URL
b.crystalcrafter.top/ph-new/assets/style.css
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
18 kB (18492 bytes)
Hash
807d696b86114245f8eda3dce43f61ff
6d65ffaf8ec2107db8f1d29c410f152a8b809a56
7524af6d5f36df3e5d5c8148bc63e3956de050fa262fc0589e2a58dc606977bc

HTTP Headers

GET /ph-new/assets/style.css HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:05 GMT
content-type: text/css
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-5f33"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6554
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=30BDj3n2IoISaTMBZtwLEZtv2KqqB38leoEanhHbAVECfOFn4M%2FGdB8HzDS2tCYk4EjQOtJr9nJn8IgRzFx6HTSYAKV85EqcG0m%2BVZLaapxdOYtmhbEPQIh%2FxGB4QYEekDidYTnyTg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aeab4edab521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223

104.21.7.3

38 kB

URL
c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4233), with CRLF line terminators
Size
38 kB (38077 bytes)
Hash
c916b0032230dc45461448a9d5191da9
cca43f6ac66a63721abbfe3382eeef1638621175
247b5e37452e79fe61fd06fb5c1448b2ae4a13b12128851dd8cdb0c7b71c236a

HTTP Headers

GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223 HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:05 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J0r0l4II8SUdnlRlYNcftr6A1QC5ADDfD%2F5YusaJ7RnVJ%2F5VNus0NFQhoWwHiXOHLI2Nl6ECTuEjj4UAK8A8Z8rSv%2BtOGfY59hnQ4K6QDAAoRUf6pHWWNseEIVZNiIexD%2FdV56x2TA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c77aeadbfa2b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

c.crystalcrafter.top/ph-new/assets/trls.js

104.21.7.3

29 kB

URL
c.crystalcrafter.top/ph-new/assets/trls.js
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
29 kB (28731 bytes)
Hash
2d452480e0a1246e5ed7e13278b99eee
dc1115b9c20884a07335bdf5abea5c399f5293d6
19b0897b045b6f67abdae0b9f6ca5987202456aa0d7bfc3b17128e94d2cf761d

HTTP Headers

GET /ph-new/assets/trls.js HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:05 GMT
content-type: application/javascript
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1e3f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5494
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y1xuNTmUtbB8B2HgQkF%2BN49MDCl4BGd06rQynOjeTEnZoy5Fi79svLB3qbtVibpxqRxAfloLnqjUTv3eNPUsOr7aRSGBXj30wQbZmmImfNyBmO1W5FxZaPEgktxwP0EpDs9O5NLAAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aeaea822b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/3.jpg

104.21.7.3

11 kB

URL
d.crystalcrafter.top/ph-new/assets/3.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
11 kB (11094 bytes)
Hash
3f9b232e4a112a89dedcae34ff319dda
5c633886ceeaf3b1185e24253df6be39378c8e85
55fddecdb3ed8e536018523555d995f39f85304bbc00f65ab96472236b57a49a

HTTP Headers

GET /ph-new/assets/3.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:06 GMT
content-type: image/jpeg
content-length: 11094
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2b56"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4582
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C90iKr2MiYHbPxFWMNgq%2F4bCqqwlnXGCfZTa8QqPNKvDFFcZ%2BaaT0WIWFbEM22UAEIxV6r72Xab1LZUtgw1LCF1IlmVxkow%2ButS0qeGeW50JJGTyhb26NU%2FRtW34f6VKwRAwlLoy4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aeb59aa9b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

d.crystalcrafter.top/ph-new/assets/5.jpg

104.21.7.3

12 kB

URL
d.crystalcrafter.top/ph-new/assets/5.jpg
IP
104.21.7.3:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Size
12 kB (11713 bytes)
Hash
113d196991f086fe21f82ee35286eddc
093b74a20c8902f13be1ee735f90a93e397227f9
34a3bc9a7aee67e35d57d4bb0bdccf08c3639da85d2421c58f6c4a92f5eee5e1

HTTP Headers

GET /ph-new/assets/5.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=c2a69c481401bfccd7a8cbd0bc3d4786-11246-0515&sub_id=parkdom&hash=7goXiZv9aMpoEQSxDyPcwg&exp=1684115223
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 May 2023 01:42:06 GMT
content-type: image/jpeg
content-length: 11713
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-2dc1"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4582
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x6nWy8nqt9ygcI%2B9GSd3udibBG3SABEOTAN59Hg9NSse9Nfw4ZYYbnpLwUcSfKZMNuk0B7JzinGM%2BL2eUQqTfUeZtoAw8x1XaJhzL1lyswBtWNy6hK37uxBgKoMh3rEQlpfJi6ZKEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c77aeb59aafb521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn-dimi.akamaized.net/landings/279205/1680702419/css/reset.min.css?1680702420

88.221.27.74

200 OK

527 B

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/279205/1680702419/css/reset.min.css?1680702420
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
CSV text\012- , ASCII text
Size
527 B (527 bytes)
Hash
36f11c31f5b3885dc017f41ed8f5817c
e928be87b659d200361c277fcc3ed1fd13b2a472
b59fdf3a529889ad3a8d013a347d5586f3da8361e71291cc9215edb830d1e45e

HTTP Headers

GET /landings/279205/1680702419/css/reset.min.css?1680702420 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: LtnYcwF7qTAFlBfrxyADIGajZc+geyQxPQV3XeGqnxILmL5iVz0l4nGUOzbBTSGrNN19ohwyMng=
x-amz-request-id: W0QJ5N133CDCS9ZT
Last-Modified: Wed, 05 Apr 2023 13:47:02 GMT
ETag: "36f11c31f5b3885dc017f41ed8f5817c"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 15 May 2023 01:42:07 GMT
Content-Length: 527
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/279205/1680702419/js/translates.js?1680702420

88.221.27.74

200 OK

8.6 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/279205/1680702419/js/translates.js?1680702420
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text
Size
8.6 kB (8568 bytes)
Hash
09375f18dc5bfd539f211887b6a178e6
01151d9836502715a56f01db102da22f462821d2
74e9cb9fca7f14f9de2c6416b1d99b3e28e0fd9c0501c848d8276de3a7036d5c

HTTP Headers

GET /landings/279205/1680702419/js/translates.js?1680702420 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: ihF+7WS69Ppedi67qpJZALNe+9vtpDK0+Ytji38YaGJnlPzfiooZWljbf7IvwLpH0Ygzl/S1M5Q=
x-amz-request-id: W0QRD486WW44J37N
Last-Modified: Wed, 05 Apr 2023 13:47:02 GMT
ETag: "09375f18dc5bfd539f211887b6a178e6"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 15 May 2023 01:42:07 GMT
Content-Length: 8568
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/279205/1680702419/css/style.css?1680702420

88.221.27.74

200 OK

1.8 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/279205/1680702419/css/style.css?1680702420
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text
Size
1.8 kB (1835 bytes)
Hash
50e68ca989043b052b196b593868c50d
7a4de8942d19d16e9e83445404fafecb0616f971
163b87d940693d2035ff0a922f4fbebbba23f553520fbb4a400b739c16f862aa

HTTP Headers

GET /landings/279205/1680702419/css/style.css?1680702420 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: j+27pqCM9t+G1oW/eriMhMhPpALAAOW4oFiVhZ8QpbRRVn7giwlJpWufboPRXMeV8vMiaJumG5U=
x-amz-request-id: W0QKN40YSDZYSQFG
Last-Modified: Wed, 05 Apr 2023 13:47:02 GMT
ETag: "50e68ca989043b052b196b593868c50d"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 15 May 2023 01:42:07 GMT
Content-Length: 1835
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/279205/1680702419/js/jquery.min.js?1680702420

88.221.27.74

200 OK

30 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/279205/1680702419/js/jquery.min.js?1680702420
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text, with very long lines (32065)
Size
30 kB (29855 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /landings/279205/1680702419/js/jquery.min.js?1680702420 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: hiFP51vu+VEpSNCMXvQLhmxh1XSOdhShdQzI3jY8oKX4rmDiM9drKHVDzuJlIj7eFWSdpTn446U=
x-amz-request-id: W0QZQR5JRXZF1HSN
Last-Modified: Wed, 05 Apr 2023 13:47:02 GMT
ETag: "2f6b11a7e914718e0290410e85366fe9"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 15 May 2023 01:42:07 GMT
Content-Length: 29855
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/279205/1680702419/js/scripts.js?1680702420

88.221.27.74

200 OK

511 B

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/279205/1680702419/js/scripts.js?1680702420
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text
Size
511 B (511 bytes)
Hash
69e75e0997cdd1b51ef2d8f78358e937
f816503aceb6edd2fd9f0cc3f911b99817ca611d
40c9bae2946917f32864946aabede4750f809cf9f3ab600669faab410b82526c

HTTP Headers

GET /landings/279205/1680702419/js/scripts.js?1680702420 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: ngAdpUyo5S3IouCcIddDAI3extShReTAI4tnb3fQtjqId41amE8XVf/dde9Tg14GiLBwPrX3cwA=
x-amz-request-id: W0QQ8RHJQTJW7E20
Last-Modified: Wed, 05 Apr 2023 13:47:02 GMT
ETag: "69e75e0997cdd1b51ef2d8f78358e937"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Content-Length: 511
Date: Mon, 15 May 2023 01:42:07 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/279205/1680702419/images/logo.svg

88.221.27.74

200 OK

11 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/279205/1680702419/images/logo.svg
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (4864)
Size
11 kB (10652 bytes)
Hash
89efea4d57e53488be96c41f813895c2
4ace0a06591c30d245809c58f7cf3aad9e602959
ea91bcc64cbe5159a96da591bdec4939528366b64226c688cc4462baf74dfdd3

HTTP Headers

GET /landings/279205/1680702419/images/logo.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: veAHZI7SrMIBUKDmQi5j1fg2D/+RAnUkAw4mUsGTzF8+zeUDewKeqT7upCV6hLUmbqNP0oGVvSk=
x-amz-request-id: W0QTMZ8PB972G1ZG
Last-Modified: Wed, 05 Apr 2023 13:47:01 GMT
ETag: "89efea4d57e53488be96c41f813895c2"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 10652
Date: Mon, 15 May 2023 01:42:07 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/279205/1680702419/images/girl-ico.png

88.221.27.74

200 OK

1.5 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/279205/1680702419/images/girl-ico.png
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
1.5 kB (1540 bytes)
Hash
87fa20787233a7ac89d1ee83563832c6
2fd58653f791912508d469a274fbdffbc7177bf6
2cb1de63c827301236cb47fc705964c827deb48b360148e11a28c15ea9ef66d0

HTTP Headers

GET /landings/279205/1680702419/images/girl-ico.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 351uxSSSUuvjOlEnzCiJToMTg4LQ2WE6wyukgNOv59T6Sket5qIN7UKjFq4O4xYTarYobpB7M58=
x-amz-request-id: W0QQQ62XRND3SAE4
Last-Modified: Wed, 05 Apr 2023 13:47:01 GMT
ETag: "87fa20787233a7ac89d1ee83563832c6"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 1540
Date: Mon, 15 May 2023 01:42:07 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1b65234d17a96b0f4e13aa8c4fa234bc
431fcdde0cc0c92a88c9dcfbf3cc907c66f450f9
cbc49a826b5616db80122a0d3aa95ab772bf36e2cd8e1ee28bd84079b43cb3e6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 15 May 2023 01:42:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1b65234d17a96b0f4e13aa8c4fa234bc
431fcdde0cc0c92a88c9dcfbf3cc907c66f450f9
cbc49a826b5616db80122a0d3aa95ab772bf36e2cd8e1ee28bd84079b43cb3e6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 15 May 2023 01:42:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2d0ce7be8ebb8dec95f0e8badd56e463
bf29996b22abb22c181d7749959c23a6774725dc
768a8875c5a2a3f5685231639d7ef76e684130e728068fcb2823dc63a5e1d597

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 15 May 2023 01:42:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

oxbnr.amouronllne.com/ortb

63.32.216.166

200 OK

29 B

URL POST HTTP/2
oxbnr.amouronllne.com/ortb
IP
63.32.216.166:443
ASN
#16509 AMAZON-02

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerLet's Encrypt
Subject*.amouronllne.com
FingerprintF9:EC:62:24:A1:D6:2D:CD:91:E2:B4:81:1C:41:99:4A:3C:28:2C:2D
ValidityTue, 09 May 2023 08:01:37 GMT - Mon, 07 Aug 2023 08:01:36 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
c453d1e33844d14bbd7ec2846eb408f6
b934f52ed7fbed0cee5874cb0fcafdd1cb450fcd
2b159267580e469b4eed0aaf47253e353fdf727043d52d969bd85cbff7fd4a1a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /ortb HTTP/1.1
Host: oxbnr.amouronllne.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 330
Origin: https://oxbnr.amouronllne.com
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/?s1=43431&s2=1106323&s3=&s5=backuser&click_id=&iexpp=1&j1=1&j5=1&utm_source=da57dc555e50572d
Cookie: unique_id=646141d80008948d; unique_id2=645ff4e1000a94d3; 645ff4e1000a94d3_c=1; ref_token=1156_191490_193913_187050_43431; 645ff4e1000a94d3_sl=[279205]
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 15 May 2023 01:42:07 GMT
content-type: text/plain; charset=utf-8
content-length: 29
X-Firefox-Spdy: h2

cdn-dimi.akamaized.net/landings/279205/1680702419/images/video-1.mp4

88.221.27.74

206 Partial Content

1.1 MB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/279205/1680702419/images/video-1.mp4
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
1.1 MB (1132123 bytes)
Hash
d5f9fbb8667b2e86bbaaf15275a9be13
c84c479303ff26a5d32ef557e379fbe8b13feca2
80206cf6a74ae1964057fa05d339f7edb224536a94b91c235205710feed9e027

HTTP Headers

GET /landings/279205/1680702419/images/video-1.mp4 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 206 Partial Content
x-amz-id-2: rGiG0yKvS30l9MRynR3XlM1j98vofI0t3KjCcjg7hEuFnYd+QHHSVbTJBE29yBOCZE2NJjd2Sew=
x-amz-request-id: 0BRDJXNQ886S2Z5F
Last-Modified: Wed, 05 Apr 2023 13:47:01 GMT
ETag: "d5f9fbb8667b2e86bbaaf15275a9be13"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: video/mp4
Server: AmazonS3
Date: Mon, 15 May 2023 01:42:07 GMT
Content-Range: bytes 0-1132122/1132123
Content-Length: 1132123
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f4fea5cf544471669f24229f47d96622
e21aa81232c02d605863b3193c4ce0d27eba07ec
216eb082f9386c239a730dfe8d0414192c3af67ccba8db2865a250d2e13ed7d4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 15 May 2023 01:42:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

216.58.207.227

200 OK

24 kB

URL GET HTTP/2
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxbnr.amouronllne.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 May 2023 04:04:41 GMT
expires: Fri, 10 May 2024 04:04:41 GMT
cache-control: public, max-age=31536000
age: 337046
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

216.58.207.227

200 OK

23 kB

URL GET HTTP/2
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Size
23 kB (23040 bytes)
Hash
de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

HTTP Headers

GET /s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxbnr.amouronllne.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 May 2023 09:09:22 GMT
expires: Fri, 10 May 2024 09:09:22 GMT
cache-control: public, max-age=31536000
age: 318765
last-modified: Tue, 02 May 2023 15:07:25 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn-dimi.akamaized.net/landings/279205/1680702419/images/favicon.ico?t=20230515014207

88.221.27.74

200 OK

14 kB

URL GET HTTP/1.1
cdn-dimi.akamaized.net/landings/279205/1680702419/images/favicon.ico?t=20230515014207
IP
88.221.27.74:443
ASN
#20940 Akamai International B.V.

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel\012- data
Size
14 kB (13868 bytes)
Hash
135aeed168833e38d0839e1709e41891
a689caccb7b0a9918ff731bef2a1e3d04aff07ec
74d44e795ea62dcb66e995bfc7a0914e4fb64041567e05cc9118cfc8608caa45

HTTP Headers

GET /landings/279205/1680702419/images/favicon.ico?t=20230515014207 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oxbnr.amouronllne.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: xX3crrrmXiw9/xzUuURp1NJ/2DKSo8/+Ao00dOX1uBXHueGnrDRiqHkUHcp10ASQxpz6u2vYT6o=
x-amz-request-id: W0QKAKMMQ9RR65Q7
Last-Modified: Wed, 05 Apr 2023 13:47:01 GMT
ETag: "135aeed168833e38d0839e1709e41891"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/x-icon
Server: AmazonS3
Content-Length: 13868
Date: Mon, 15 May 2023 01:42:08 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1

63.32.216.166

200 OK

35 kB

URL User Request GET HTTP/2
oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
IP
63.32.216.166:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subject*.amouronllne.com
FingerprintF9:EC:62:24:A1:D6:2D:CD:91:E2:B4:81:1C:41:99:4A:3C:28:2C:2D
ValidityTue, 09 May 2023 08:01:37 GMT - Mon, 07 Aug 2023 08:01:36 GMT

File type

Size
35 kB (34694 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1 HTTP/1.1
Host: oxbnr.amouronllne.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 15 May 2023 01:42:07 GMT
content-type: text/html; charset=utf-8
set-cookie: unique_id=646141d80008948d; Path=/; Expires=Fri, 14 Jul 2023 01:42:07 GMT; Secure; SameSite=None
unique_id2=645ff4e1000a94d3; Path=/; Expires=Sun, 13 Aug 2023 01:42:07 GMT; Secure; SameSite=None
645ff4e1000a94d3_c=1; Path=/; Expires=Sun, 13 Aug 2023 01:42:07 GMT; Secure; SameSite=None
ref_token=1156_191490_193913_187050_43431; Path=/; Expires=Wed, 14 Jun 2023 01:42:07 GMT; Secure; SameSite=None
impression=; Path=/; Expires=Mon, 15 May 2023 01:42:07 GMT; Secure; SameSite=None
645ff4e1000a94d3_sl=[279205]; Path=/; Expires=Mon, 29 May 2023 01:42:07 GMT; Secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Lato:wght@400;700&display=swap

142.250.74.106

200 OK

1.5 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Lato:wght@400;700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://oxbnr.amouronllne.com/?utm_source=da57dc555e50572d&s1=43431&s2=1106323&s5=back&j1=1&j5=1
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint9B:D0:53:C4:55:9D:41:A4:94:03:4A:2B:6A:5B:57:EB:EB:A5:F0:4A
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
ASCII text, with very long lines (1566), with no line terminators
Size
1.5 kB (1530 bytes)
Hash
bef54a4f8ad5d25fc816b34ad3298c30
6e7414798c5ddeccd9b28f79316617dbe59c30ae
6f1630b5aa4ebf650967d76a891d2690f3ad4478da4875b9ad564335c40366c3

HTTP Headers

GET /css2?family=Lato:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 15 May 2023 01:42:07 GMT
date: Mon, 15 May 2023 01:42:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML