Report - x2.cima4u.icu/

Report Overview

Visited public
2023-12-03 22:42:59
Tags
URL
x2.cima4u.icu/
Finishing URL
a0.cima44u.online/
IP / ASN
172.67.176.9
#13335 CLOUDFLARENET
Title
السينما للجميع - Cima4U

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
a0.cima44u.online	unknown	2023-06-25	2023-09-10 18:09:08	2023-09-10 18:09:08	51 kB	2.9 MB	104.21.52.249
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-03 06:51:04	2.3 kB	744 kB	142.250.74.168
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-12-02 20:02:45	481 B	748 B	139.45.195.8
cdn.barscreative1.com	25648	2021-09-08	2021-09-16 13:14:42	2023-12-03 05:12:51	506 B	1.9 kB	45.133.44.3
inklinkor.com	unknown	2022-04-01	2022-04-01 13:44:00	2023-12-03 02:16:25	414 B	82 kB	104.21.91.63
entreatyfungusgaily.com	unknown	2023-07-09	2023-07-09 06:12:21	2023-11-08 07:42:11	1.8 kB	115 kB	173.233.137.52
glaultoa.com	unknown	2023-12-02	2023-12-02 17:41:25	2023-12-03 15:44:06	1.6 kB	24 kB	139.45.197.245
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-12-03 18:40:38	1.7 kB	258 kB	104.21.234.32
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-03 06:08:10	917 B	9.4 kB	142.250.74.106
overwhelmfarrier.com	unknown	2023-11-28	2023-11-29 00:59:03	2023-12-02 22:28:27	4.8 kB	7.4 kB	192.243.61.227
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2023-12-03 05:12:51	2.3 kB	1.3 kB	192.243.59.13
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-03 05:09:22	431 B	3.6 kB	151.101.66.137
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-03 07:59:58	445 B	34 kB	142.250.74.42
remedyabruptness.com	unknown	2022-02-17	2022-02-17 12:37:27	2023-07-19 00:22:56	453 B	16 kB	192.243.59.13
archaicin.com	unknown	2023-11-28	2023-11-28 15:15:37	2023-12-01 17:33:09	3.1 kB	53 kB	192.243.61.225
devoutdoubtfulsample.com	unknown	2023-11-28	2023-11-28 10:14:12	2023-12-01 00:21:51	3.1 kB	53 kB	192.243.59.20
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15 17:46:22	2023-12-03 18:40:41	2.3 kB	100 kB	172.64.109.10
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-12-03 05:12:09	2.3 kB	298 kB	45.133.44.9
x2.cima4u.icu	unknown	2021-01-04	2023-03-21 17:58:28	2023-11-08 03:08:26	482 B	129 kB	172.67.176.9
decorationhailstone.com	unknown	2023-11-28	2023-11-28 16:11:40	2023-12-03 20:07:05	505 B	469 B	192.243.61.227
sensualtestresume.com	unknown	unknown	No data	No data	3.1 kB	53 kB	192.243.61.227
netdna.bootstrapcdn.com	3413	2012-05-25	2012-09-07 17:11:00	2023-12-03 20:49:05	1.5 kB	126 kB	104.18.10.207
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-03 05:12:08	447 B	424 B	18.157.203.0
banquetunarmedgrater.com	unknown	2022-08-04	2022-08-04 17:12:50	2023-12-03 05:12:09	427 B	839 B	172.67.219.12
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-03 05:48:43	1.6 kB	65 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-03 22:42:41	medium	Client IP	Internal IP	ET INFO DNS Query for Suspicious .icu Domain
2023-12-03 22:42:41	medium	Client IP	172.67.176.9	ET INFO Suspicious Domain (*.icu) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-03	medium	sensualtestresume.com	Sinkholed
2023-12-03	medium	archaicin.com	Sinkholed
2023-12-03	medium	overwhelmfarrier.com	Sinkholed
2023-12-03	medium	devoutdoubtfulsample.com	Sinkholed
2023-12-03	medium	overwhelmfarrier.com	Sinkholed
2023-12-03	medium	unseenreport.com	Sinkholed
2023-12-03	medium	unseenreport.com	Sinkholed
2023-12-03	medium	overwhelmfarrier.com	Sinkholed
2023-12-03	medium	overwhelmfarrier.com	Sinkholed
2023-12-03	medium	devoutdoubtfulsample.com	Sinkholed
2023-12-03	medium	devoutdoubtfulsample.com	Sinkholed
2023-12-03	medium	archaicin.com	Sinkholed
2023-12-03	medium	unseenreport.com	Sinkholed
2023-12-03	medium	archaicin.com	Sinkholed
2023-12-03	medium	decorationhailstone.com	Sinkholed
2023-12-03	medium	sensualtestresume.com	Sinkholed
2023-12-03	medium	sensualtestresume.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (56)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	196 B	2023-12-03	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 23:43 Last Seen2024-08-20 16:53 Times Seen4 Hash 1f8da549c5efaf1709250bdc6145dfc5 ea2539a89d53ae10f2db453cbd7568009b0145a9 3540674d97a0d0151ee85470aac256ad7c09a4c23da5f62b96eac1c0763d7c62 Loading...

	a0.cima44u.online/	ScriptElement	712 B	2024-08-20	2024-08-20
Pretty URL a0.cima44u.online/ IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:53 Last Seen2024-08-20 16:53 Times Seen1 Hash 7ea5a30c9a19747971b22295f1c8dc9a bcf1c1521ed4c8dea8408fb1008fb7a18bd5a67c 59b90162b07401957dbaf13c13d7722ad88416ee80071f1682660549fae1822b Loading...

	code.jquery.com/jquery-migrate-1.2.1.min.js	ScriptElement	7.2 kB	2023-03-07	2025-05-11
Pretty URL code.jquery.com/jquery-migrate-1.2.1.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 16:23 Times Seen4937 Hash eb05d8d73b5b13d8d84308a4751ece96 743052320809514fb788fe1d3df37fc87ce90452 1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d Loading...

	a0.cima44u.online/templates/3arbserv/js/melody.dev.js	ScriptElement	8.2 kB	2023-07-29	2024-08-20
Pretty URL a0.cima44u.online/templates/3arbserv/js/melody.dev.js IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-29 18:52 Last Seen2024-08-20 16:53 Times Seen2 Hash c0bba8ad0e6f04019943568e63d94a53 4cc43165950ed2c93b02ec15edbe98db8854060d a78b98a84868541c7db011031cc37cc4102ffd59f51bd757f926588b6c08e1bc Loading...

	a0.cima44u.online/	ScriptElement	1.9 kB	2023-06-26	2024-08-20
Pretty URL a0.cima44u.online/ IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-26 18:07 Last Seen2024-08-20 16:53 Times Seen2 Hash 8d9c94b8f93e13a4f3012c3f13a67f56 ba7b0331065bdaa26f56a35ea23128f9f9c519bf 30f4590df849baa339376d19c32af53596d5973cd2b308058b2595f89b73d7e7 Loading...

	a0.cima44u.online/	ScriptElement	193 B	2023-03-26	2024-08-20
Pretty URL a0.cima44u.online/ IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 13:58 Last Seen2024-08-20 16:53 Times Seen4 Hash 913292dc9f43eb72f5dc4df6e5d43411 ab192458a938d5bcbafafdc02d055d62ef501ed0 efb96dec34382a5ecfd17c65a4ac03783fcc942a73dbe8f2d4482e81a465d1e4 Loading...

	a0.cima44u.online/	ScriptElement	341 B	2023-12-03	2024-08-20
Pretty URL a0.cima44u.online/ IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-03 23:43 Last Seen2024-08-20 16:53 Times Seen4 Hash a859a2f3880bdd4af5a3c1c9f5e3a3f7 256b7a98e44f8b4beefa86b0e0c3b404f4e811a4 b7630424638e651467f5a29449448b67387ecd498b160471bfb2941aa3392105 Loading...

	www.googletagmanager.com/gtag/js?id=UA-148155933-10	ScriptElement	135 kB	2023-12-03	2023-12-03
Pretty URL www.googletagmanager.com/gtag/js?id=UA-148155933-10 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 23:43 Last Seen2023-12-03 23:43 Times Seen1 Hash 72b90ef4d12428fd520e8149f542c54d 112aa8375321889eaf576ae0fff293095f629b16 6ba5e126250f40fa0116396feeb58bb586a38711be48c70d8b42e46752691cd2 Loading...

	a0.cima44u.online/sandbox%20eval%20code		147 B	2023-04-11	2025-05-11
Pretty URL a0.cima44u.online/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-11 17:17 Times Seen341962 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	a0.cima44u.online/js/jquery.typewatch.js	ScriptElement	1.8 kB	2023-03-10	2025-05-03
Pretty URL a0.cima44u.online/js/jquery.typewatch.js IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 10:35 Last Seen2025-05-03 14:30 Times Seen20 Hash bd666a19cb2dab58e5e7c3de307c64d4 8d48dd417271b532e02ea4e385fa5a9e300be0bd 52724aab34b710fead53381bbda890afd9adc1b386561cf89625dd590b67fdbb Loading...

	www.googletagmanager.com/gtag/js?id=G-QWVQ42TCTT	ScriptElement	281 kB	2023-12-03	2023-12-03
Pretty URL www.googletagmanager.com/gtag/js?id=G-QWVQ42TCTT IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 23:43 Last Seen2023-12-03 23:43 Times Seen1 Hash 8ba1cf420d2947f71de4c2571aadf69e e5d199c1f78ee6d926c55d741b3f71acbf147654 0041dc81f95547a9ef64406381d58b13fc9587e4832b34e4bccddb8b10935822 Loading...

	unknown	ScriptElement	3.3 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 16:53 Last Seen2024-08-20 16:53 Times Seen1 Hash add4d3cfc86604e0a94811155d9aa75d 4cd4af864ee64a959dbe0b576592365077e3eebf 77fd19a7042cf830169dacff619f71ca3053e4c5585ad2bff5bb7223ab5e1c8b Loading...

	unknown	ScriptElement	145 B	2023-03-10	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 12:28 Last Seen2024-08-20 16:53 Times Seen4 Hash d76eb1cc79916d190a95ca8e944bacf8 f290be05a7b2887386b1b1aebeb707b801ce49db d38e985db3ad9bb4e350240ff339eebf387b597fb0ed49e47dee6d0dd4af4775 Loading...

	www.googletagmanager.com/gtag/js?id=G-921WWXNG38&l=dataLayer&cx=c	ScriptElement	264 kB	2023-12-03	2023-12-03
Pretty URL www.googletagmanager.com/gtag/js?id=G-921WWXNG38&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 23:43 Last Seen2023-12-03 23:43 Times Seen1 Hash a19acd1f530cae9759e53a43a141c487 e2662d502f137539c1432a98214e117052192820 8e1b2e8827061b94582626dc68de8e611d69f3dff0d7adbb4390f4cfc59e2b17 Loading...

	sensualtestresume.com/89/ab/81/89ab81a3ced8118ab581c31212259e58.js	ScriptElement	43 kB	2023-12-03	2023-12-03
Pretty URL sensualtestresume.com/89/ab/81/89ab81a3ced8118ab581c31212259e58.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 23:43 Last Seen2023-12-03 23:43 Times Seen1 Hash 1c07c2d24c0522bf56bbc40bb5eaa67b 85ef31d96592daf071c840807bf5b4e4c47fae7f 622047877649abfdb841f02fd09fef8af59edc53941cc44e29b19388e8519976 Loading...

	www.googletagmanager.com/gtag/js?id=G-QWVQ42TCTT&l=dataLayer&cx=c	ScriptElement	281 kB	2023-12-03	2023-12-03
Pretty URL www.googletagmanager.com/gtag/js?id=G-QWVQ42TCTT&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 23:43 Last Seen2023-12-03 23:43 Times Seen1 Hash ca5575a31d51e6e2718fd8e79827f1b5 ada3ae290fb37f1fd5abc93447a610904e4df2b7 1503fe0abd9787b7b592f2e799a3f2060f07f6aef41ed0da50f8d30b2e522b9b Loading...

	a0.cima44u.online/	ScriptElement	156 B	2023-03-26	2024-08-20
Pretty URL a0.cima44u.online/ IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 13:58 Last Seen2024-08-20 16:53 Times Seen4 Hash a8413f00ee368c3777f555bcfc3e0195 4f5cac7db45cdbdd34f6fe5c36b5c6ecec0c9e4b 0f2870ae3a8ece9d4d276144ac76b8e86d1281fcfdd3e8fc25c3d4890fcac165 Loading...

	friendshipmale.com/sfp.js	ScriptElement	86 kB	2023-11-23	2024-08-20
Pretty URL friendshipmale.com/sfp.js IP 104.21.234.32 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 18:35 Last Seen2024-08-20 18:08 Times Seen6307 Hash 924e967bca1d599992556a8d139b1c5a 222b09dbf164ddc03d39100fd0524a22018d28b2 ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95 Loading...

	devoutdoubtfulsample.com/89/ab/81/89ab81a3ced8118ab581c31212259e58.js	ScriptElement	43 kB	2023-12-03	2023-12-03
Pretty URL devoutdoubtfulsample.com/89/ab/81/89ab81a3ced8118ab581c31212259e58.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 23:43 Last Seen2023-12-03 23:43 Times Seen1 Hash a7e51bb2fbea8e4063c84a10c25e6d11 1a98c26776115565d18d4de61674c4e5ddf10a5f 197ea0892b2425653a901975064ab1193130eace24ae630c24082b685c310de4 Loading...

	a0.cima44u.online/js/bootstrap-notify.min.js	ScriptElement	8.2 kB	2023-03-07	2025-05-03
Pretty URL a0.cima44u.online/js/bootstrap-notify.min.js IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:09 Last Seen2025-05-03 14:30 Times Seen27 Hash d06b21a34df8e48e1cef83fceeb0b878 25ccaa3fd65409aca4c8e7e553e5a69624c42d8a 406a926f73fd89000f83a0ad598ef4894f11115b2961c0f5445263dd34d24995 Loading...

	a0.cima44u.online/	ScriptElement	3.6 kB	2023-03-26	2024-08-20
Pretty URL a0.cima44u.online/ IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 13:58 Last Seen2024-08-20 16:53 Times Seen4 Hash a603407f2cd2cf1066ba5f5758c2c21e 666c16cd222232f32179058a89fedf5d05da2ec2 cf581015069fe551e13b6da54726126a40c515f18f5259e9f7641d1bbe75d3db Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-11
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-11 17:17 Times Seen341161 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	a0.cima44u.online/	ScriptElement	201 B	2023-03-26	2024-08-20
Pretty URL a0.cima44u.online/ IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 13:58 Last Seen2024-08-20 16:53 Times Seen4 Hash 3688fe95c1edde16438163ef250ade68 57c69d20154798df64aafad8ac2c83b870ccb486 fa48c4ba8f80619177706cc29cab84cf2485c093ceedb8c3dd4547d406859573 Loading...

	a0.cima44u.online/	ScriptElement	1.9 kB	2023-03-26	2024-08-20
Pretty URL a0.cima44u.online/ IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 13:58 Last Seen2024-08-20 16:53 Times Seen4 Hash 0c27be004eb549bbe4d122c062dd6857 39d1bdf9fca181d32e02d502b5c6fab148f5964f bdf69687945dcf6c8a2864283ad21e77c6acd36d25d21327c25e93ace4b159ae Loading...

	entreatyfungusgaily.com/1931fcb68f0ab7b9cbf203e33e515694/invoke.js	ScriptElement	30 kB	2023-12-03	2023-12-03
Pretty URL entreatyfungusgaily.com/1931fcb68f0ab7b9cbf203e33e515694/invoke.js IP 173.233.137.52 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 23:43 Last Seen2023-12-03 23:43 Times Seen1 Hash 7e0db46f31d3bc1312e528ad419957e9 9a0d8995627f6131598b4e2569245376c6bd1ba9 2640e704f6ff7c6d275da5e5d542794b33d66066ec7ed20e0848d96c50c87a0d Loading...

	a0.cima44u.online/	ScriptElement	779 B	2023-03-26	2024-08-20
Pretty URL a0.cima44u.online/ IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 13:58 Last Seen2024-08-20 16:53 Times Seen3 Hash 1dd70169ea52f1b4ceb0061f99c4473b 8314437623c33a201ae5f7ca4af03abb234d2c2f 4faa939895e7dbf34ba1d914e7f4c975f8d40f20b0281f2c20908798bde86354 Loading...

	a0.cima44u.online/	ScriptElement	302 B	2023-03-26	2024-08-20
Pretty URL a0.cima44u.online/ IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 13:58 Last Seen2024-08-20 16:53 Times Seen4 Hash 87f46a2ce1ea4550986fcad6f3006140 568b6cc4fdfdd688191f3aea31468ec5e416b3cd ab4be61f84c1092c024cb6bfb459ad4893ef85e7a4e88a46163e973346d38c5f Loading...

	cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-05-11
Pretty URL cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js IP 172.64.109.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 16:56 Times Seen7496 Hash 4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Loading...

	entreatyfungusgaily.com/1931fcb68f0ab7b9cbf203e33e515694/invoke.js	ScriptElement	30 kB	2023-12-03	2023-12-03
Pretty URL entreatyfungusgaily.com/1931fcb68f0ab7b9cbf203e33e515694/invoke.js IP 173.233.137.52 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 23:43 Last Seen2023-12-03 23:43 Times Seen1 Hash bb76f5726459131c450d2f20df701319 6e421143822707cb2d77752a6f8b09a16a512ea5 c39019f2a4667f383e9d6d2f29e0cd3bb7c2bc293f13b94f3033864b7c501657 Loading...

	unknown	EventHandler	0 B	0001-01-01	2025-05-11
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 17:21 Times Seen4656151 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	a0.cima44u.online/templates/3arbserv/js/jquery.plugins.b.js	ScriptElement	9.6 kB	2023-07-29	2024-08-20
Pretty URL a0.cima44u.online/templates/3arbserv/js/jquery.plugins.b.js IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-29 18:52 Last Seen2024-08-20 16:53 Times Seen2 Hash 0195f9cb9a8ccba9abc6b984d9fba1c3 3aba183132f6098728f9ca45d8d23b0c00365bfd fc0997b907717a5dd8d8321c791de9b12a3c149d62c6937d3c40e68cc118106d Loading...

	unknown	ScriptElement	1.3 kB	2023-07-15	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-15 18:56 Last Seen2024-08-20 16:53 Times Seen3 Hash d585a2a7b376c8ac81606a3b62bfe9c4 19878d1655aa56a0598f2ce28d4d8085e7355ad5 65e5139d20ffb4dc3106ecc69f144d1dccb45e163678dc72cb9c67374e00b763 Loading...

	a0.cima44u.online/	ScriptElement	223 B	2023-03-26	2024-08-20
Pretty URL a0.cima44u.online/ IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 13:58 Last Seen2024-08-20 16:53 Times Seen4 Hash cb8a54294a7b00d2ab2043bd8504a783 63f5ecd0618ac799de7b52e4747f88c1ec1ae737 e8cdaa244ffe5b470b8f8fc37dcff2b25734c32f91103b88c5b7351891724c25 Loading...

	archaicin.com/89/ab/81/89ab81a3ced8118ab581c31212259e58.js	ScriptElement	43 kB	2023-12-03	2023-12-03
Pretty URL archaicin.com/89/ab/81/89ab81a3ced8118ab581c31212259e58.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 23:43 Last Seen2023-12-03 23:43 Times Seen1 Hash df067185c441beefff04920c9ae311a9 c24cf522bbd9395c2d5561de44ad928148423a08 10467e8cc56403ebbc493ff73cb7617dfcfcaf513e149ac1ef0f89edd2ec4163 Loading...

	unknown	ScriptElement	3.4 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 16:53 Last Seen2024-08-20 16:53 Times Seen1 Hash 4d3fa6bf3e1be782e813badd4f32e44a 263346358698f52fac155ba8ecad603f6c9b4cb5 067667522182d011b66dfb4e3356b034a57af6236f80615531984f19e233745d Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js	ScriptElement	96 kB	2023-03-07	2025-05-11
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 17:10 Times Seen8474 Hash f03e5a3bf534f4a738bc350631fd05bd 37b1db88b57438f1072a8ebc7559c909c9d3a682 aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947 Loading...

	a0.cima44u.online/	ScriptElement	457 B	2023-03-26	2024-08-20
Pretty URL a0.cima44u.online/ IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 13:58 Last Seen2024-08-20 16:53 Times Seen4 Hash b656b5c024087e6243e038a650354fca 8aa26df47f88affa983c23d0808dfdc806bcce5b 3bfc9fc0a1004bcf5fa093ed2e12b8c29932d94c1b579d6d68b1a327ca2713e5 Loading...

	entreatyfungusgaily.com/0f/ff/55/0fff55c02cf2a71ee58ef898c5cdeb9d.js	ScriptElement	60 kB	2023-12-03	2023-12-03
Pretty URL entreatyfungusgaily.com/0f/ff/55/0fff55c02cf2a71ee58ef898c5cdeb9d.js IP 173.233.137.52 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 23:43 Last Seen2023-12-03 23:43 Times Seen1 Hash 44f7986e457a2ea82adf69de42c4d181 8c5ca764353e8dcd179e8705918a1a03673b4f74 d067e39927ec91c80ee3dc73a6c91b2c3395be6477c69a80a204dedfa5f654a2 Loading...

	netdna.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js	ScriptElement	32 kB	2023-03-07	2025-05-10
Pretty URL netdna.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-10 20:58 Times Seen2946 Hash abda843684d022f3bc22bc83927fe05f 26908395e7a9a4eab607d80aa50a81d65f3017cb 24cc29533598f962823c4229bc280487646a27a42a95257c31de1b9b18f3710f Loading...

	a0.cima44u.online/	ScriptElement	5.4 kB	2023-03-26	2024-08-20
Pretty URL a0.cima44u.online/ IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 13:58 Last Seen2024-08-20 16:53 Times Seen4 Hash f6408c520a95f90124ace4c39e115f62 90716390a03c407cd3a4e48db254ef93c1ca07ef 8e906a7273fe4ebfebd73f9bf3d525beff04ea24375a090e097a53a5a68ac749 Loading...

	a0.cima44u.online/templates/3arbserv/js/slick.min.js	ScriptElement	40 kB	2023-03-26	2023-12-13
Pretty URL a0.cima44u.online/templates/3arbserv/js/slick.min.js IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 13:58 Last Seen2023-12-13 00:43 Times Seen3 Hash 154f6c33b55354bd5962ca9b254ffb94 d027dfa09ad6e6c627f9a90c6c750f04cdcbefec efeadfb59fe7ea11b2f7fdef0250f347c408d84faa6d500967763ec9be2a1afa Loading...

	a0.cima44u.online/js/melody.dev.js	ScriptElement	24 kB	2023-07-29	2023-12-13
Pretty URL a0.cima44u.online/js/melody.dev.js IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-29 18:52 Last Seen2023-12-13 00:43 Times Seen2 Hash 1d0a966ae80281cd5d70ea5a9f26adbc addace911bdfac4f98f51ae7bfb99101028379f7 35e42f88cf619f9e49d0412cdc23eab7df775e9dbbc0cc76407fef0be69c6b63 Loading...

	a0.cima44u.online/templates/3arbserv/js/jquery.readmore.js	ScriptElement	3.4 kB	2023-07-29	2023-12-13
Pretty URL a0.cima44u.online/templates/3arbserv/js/jquery.readmore.js IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-29 18:52 Last Seen2023-12-13 00:43 Times Seen2 Hash 7b404a55818471e37de98a7bc1cd94af 3e1da00924fe6d8a16b2e8a687a2fac8d25be93b 9499613791dbc676c2b2ab6609218d239da3528f037be37a6d21989bf81de7ea Loading...

	a0.cima44u.online/templates/3arbserv/js/jquery.cropit.js	ScriptElement	28 kB	2023-07-29	2023-12-13
Pretty URL a0.cima44u.online/templates/3arbserv/js/jquery.cropit.js IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-29 18:52 Last Seen2023-12-13 00:43 Times Seen2 Hash c8e427194b3c84f938b4ec39a6246206 b169de2529e5511fcd2a661e37c9e503a1237e98 0470258f6855efc5839980fa61aecefef09783a8b4d250cbaf8109e59e2f8f8c Loading...

	entreatyfungusgaily.com/1931fcb68f0ab7b9cbf203e33e515694/invoke.js	ScriptElement	30 kB	2023-12-03	2023-12-03
Pretty URL entreatyfungusgaily.com/1931fcb68f0ab7b9cbf203e33e515694/invoke.js IP 173.233.137.52 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 23:43 Last Seen2023-12-03 23:43 Times Seen1 Hash 16df29cb6dc5178ab64e03fc9f5ade04 5083f9da017deae1ecba82e902465f83adc01d46 9caf1c17dd9c7695694f05e8d4c63a0b63e794d7b4e9e7b8bfbc3479ea7356cc Loading...

	unknown	ScriptElement	3.4 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 16:53 Last Seen2024-08-20 16:53 Times Seen1 Hash 70001f75241ab3a64387b10a39a4fd71 e6c8bb82dd48186df54050364cfd08522f5938b6 83a9ce2925e9bd3e1230e68d494ad167fe8bc9eef6b67821eb02049d3fe98ff7 Loading...

	www.googletagmanager.com/gtag/js?id=UA-148155933-10	ScriptElement	135 kB	2023-12-03	2023-12-03
Pretty URL www.googletagmanager.com/gtag/js?id=UA-148155933-10 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 23:43 Last Seen2023-12-03 23:43 Times Seen1 Hash d6758591f51ae0518e6a6d1fb629b123 1719f78bb4595d8ebed98a2088e649c8092947d3 b68a9d39fcd6f9372e5114fbfc45db37285f342c44946a7aa4f8378889c4bf9d Loading...

	inklinkor.com/tag.min.js	ScriptElement	81 kB	2023-12-02	2023-12-04
Pretty URL inklinkor.com/tag.min.js IP 104.21.91.63 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 19:24 Last Seen2023-12-04 21:52 Times Seen70 Hash fb7eb4b07c3e717cad649d3afa99ca57 ba3a9cdd70a5f99c0ed8a032d79a08a6edb673d2 e6aa84f006f03b6a1cf7f3a082a3d7470943d3f29253cc4b0d1ee0f3e2cc76ee Loading...

	remedyabruptness.com/48/06/00/480600c1e7abb4767667c412d0c8f89d.js	ScriptElement	43 kB	2023-12-03	2023-12-03
Pretty URL remedyabruptness.com/48/06/00/480600c1e7abb4767667c412d0c8f89d.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 23:43 Last Seen2023-12-03 23:43 Times Seen1 Hash ff55b44a8b447f737cce577cf90460d7 36de950ff81dbe42583f28503782fde1304760e3 dd9278596500f437777d6e9bbf3935ab8bf465ea9a5fee424b488e0e9bf48989 Loading...

	a0.cima44u.online/	ScriptElement	153 B	2023-12-03	2024-08-20
Pretty URL a0.cima44u.online/ IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-03 23:43 Last Seen2024-08-20 16:53 Times Seen4 Hash 6a53c174241534e917443aec3ac1227d b47afa98f7890dc4f02799147f61295ffe000386 4e7dd1118b1d0615886ac1d74458ded6fe98012f95988cfd6d4dacce71cbefb6 Loading...

	a0.cima44u.online/templates/3arbserv/js/jquery.plugins.a.js	ScriptElement	9.8 kB	2023-07-29	2024-08-20
Pretty URL a0.cima44u.online/templates/3arbserv/js/jquery.plugins.a.js IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-29 18:52 Last Seen2024-08-20 16:53 Times Seen2 Hash b16f8aa357d5a402b84f3f0878c6eae1 627141edcc5efb4238c0521fff3c5978da425afd d865c010b435047416b2798dd4a4452e0049cc3715f8f76356ff79003893baba Loading...

	a0.cima44u.online/templates/3arbserv/js/jasny-bootstrap.min.js	ScriptElement	20 kB	2023-03-26	2023-12-13
Pretty URL a0.cima44u.online/templates/3arbserv/js/jasny-bootstrap.min.js IP 104.21.52.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 13:58 Last Seen2023-12-13 00:43 Times Seen4 Hash 37ce83415fad2054ddb26757ae261760 a61db56d53263dd7f4b575dd391bdc14a7157c86 e604395daa09208224cb82ea0d26e56567865427759cb23c0e4effe14c75619c Loading...

		Size	First Seen	Last Seen
	#1 Eval - ff2011d0c6f12aacaa068841043114a2	2.1 kB	2024-08-20 16:53	2024-08-20 16:53
Pretty Observations First Seen2024-08-20 16:53 Last Seen2024-08-20 16:53 Times Seen1 Hash ff2011d0c6f12aacaa068841043114a2 1924befcb146c5762568cea9940ba39e319ceca6 944cba844ce2aa04a2d52761408e4942ea1c23c7e83ddf42eac0aef904ab6657 Loading...

	#2 Eval - 17633955a2b439717889b8bead0aa5d4	2.1 kB	2024-08-20 16:53	2024-08-20 16:53
Pretty Observations First Seen2024-08-20 16:53 Last Seen2024-08-20 16:53 Times Seen1 Hash 17633955a2b439717889b8bead0aa5d4 a2b20e7f68b44ebc10e7d84d647312cffb5d36a6 c79c5a469ca169a789c6b594783a0e6608473d401a791f471552120bff86669e Loading...

	#3 Eval - 88452e1390443911032282b39c5a87b4	2.1 kB	2024-08-20 16:53	2024-08-20 16:53
Pretty Observations First Seen2024-08-20 16:53 Last Seen2024-08-20 16:53 Times Seen1 Hash 88452e1390443911032282b39c5a87b4 389a473f416086ae0f300af17fc5870f8022150f 439386b115d4068b96926b7456ed48280b965a08420a9cb4cbf948ec142dfecb Loading...

		Size	First Seen	Last Seen
	#1 Write - 524ae2b3f44bcf14f5b3abfb7311c5ca	121 B	2023-12-03 23:43	2024-08-20 16:53
Pretty Observations First Seen2023-12-03 23:43 Last Seen2024-08-20 16:53 Times Seen4 Hash 524ae2b3f44bcf14f5b3abfb7311c5ca 68e02d8510ccad00fd302c708c638e22c5d9c285 0d912eaa2f874f593a96f3290012de9c518a37fb431530cf4d0dce09862f6611 Loading...

HTTP Transactions (152)

URL IP Response Size

code.jquery.com/jquery-migrate-1.2.1.min.js

151.101.66.137

200 OK

3.1 kB

URL GET HTTP/2
code.jquery.com/jquery-migrate-1.2.1.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://a0.cima44u.online/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7085)
Size
3.1 kB (3063 bytes)
Hash
eb05d8d73b5b13d8d84308a4751ece96
743052320809514fb788fe1d3df37fc87ce90452
1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d

HTTP Headers

GET /jquery-migrate-1.2.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-1c1f"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 03 Dec 2023 22:42:37 GMT
age: 6739561
x-served-by: cache-lga21931-LGA, cache-bma1633-BMA
x-cache: HIT, HIT
x-cache-hits: 26, 290588
x-timer: S1701643358.788937,VS0,VE0
vary: Accept-Encoding
content-length: 3063
X-Firefox-Spdy: h2

a0.cima44u.online/uploads/thumbs/dc7fdf218-1.jpg

104.21.52.249

200 OK

21 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/dc7fdf218-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 242x360, components 3\012- data
Size
21 kB (20928 bytes)
Hash
4d22ba8c510f4a2ead1f9d48af087576
f41e60a6e382e5c5f7be794fb3c2dc79f033cbaa
8e85ec1e2bb1da867a7563a58de3bd9f43318fd58012450b5464a2f0d5e26e79

HTTP Headers

GET /uploads/thumbs/dc7fdf218-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:07:06 GMT
vary: Accept-Encoding
etag: W/"63e92aca-4fe8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432100
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DBThxx1pFt%2Babl1cdy1oPhug5joSDYx9vbW16SKzoY9tP%2Bwp%2FUm9oG8qVuP5FRn4B9%2Bb5tHFpOhXVOD1unxfR3hX7%2B32TGheS%2Fqydwg70OwFcqeiEQG8JDshW9fbWqI7%2Bpmoiw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9aaa356a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/templates/3arbserv/js/jquery.readmore.js

104.21.52.249

200 OK

1.7 kB

URL GET HTTP/3
a0.cima44u.online/templates/3arbserv/js/jquery.readmore.js
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
HTML document, ASCII text, with very long lines (531), with CRLF, CR line terminators
Size
1.7 kB (1729 bytes)
Hash
7b404a55818471e37de98a7bc1cd94af
3e1da00924fe6d8a16b2e8a687a2fac8d25be93b
9499613791dbc676c2b2ab6609218d239da3528f037be37a6d21989bf81de7ea

HTTP Headers

GET /templates/3arbserv/js/jquery.readmore.js HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: application/javascript
last-modified: Tue, 27 Dec 2022 18:07:48 GMT
vary: Accept-Encoding
etag: W/"63ab3474-d6e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1020289
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MjEc2IYXsix0ZZj0hekMubIoMBMfNuFAqX9lwbJE2EWrPrwfMXf%2F3LUSbWJ2r25FjNjc0CVEM4mcELyYNk3p2zDCRSYzlq4R9DcyQvti%2BWVKy6vd7K6clCAyn47MclVbdRMrcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52ea0b2e56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js

142.250.74.42

200 OK

34 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (32038)
Size
34 kB (33507 bytes)
Hash
f03e5a3bf534f4a738bc350631fd05bd
37b1db88b57438f1072a8ebc7559c909c9d3a682
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

HTTP Headers

GET /ajax/libs/jquery/1.11.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33507
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 02 Dec 2023 11:16:17 GMT
expires: Sun, 01 Dec 2024 11:16:17 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 127581
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-148155933-10

142.250.74.168

200 OK

52 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=UA-148155933-10
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (2213)
Size
52 kB (51678 bytes)
Hash
72b90ef4d12428fd520e8149f542c54d
112aa8375321889eaf576ae0fff293095f629b16
6ba5e126250f40fa0116396feeb58bb586a38711be48c70d8b42e46752691cd2

HTTP Headers

GET /gtag/js?id=UA-148155933-10 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 03 Dec 2023 22:42:38 GMT
expires: Sun, 03 Dec 2023 22:42:38 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51678
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a0.cima44u.online/templates/3arbserv/css/animate.min.css

104.21.52.249

200 OK

98 kB

URL GET HTTP/3
a0.cima44u.online/templates/3arbserv/css/animate.min.css
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
ASCII text, with very long lines (319), with CRLF line terminators
Size
98 kB (97453 bytes)
Hash
1eff66a772a674e7212022945dc13a96
6cead8e27ef6dcfadf4117ac7ec2dde3dc767489
91cb2bddb87663665ac788700799e59c727081e6dea910ac0e2a1f4f268c5146

HTTP Headers

GET /templates/3arbserv/css/animate.min.css HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: text/css
last-modified: Tue, 27 Dec 2022 18:06:50 GMT
vary: Accept-Encoding
etag: W/"63ab343a-e5e5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 883565
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BR4P84oh2kAWrEOIadrzr%2BwTt2ZTvgClGg1QMtK5HMskESWJd6VyYGR%2FVwEB6b%2BQFmYK1RJqzNJrFXNLrv8AX4fUntBfa%2FZ424z4gDpyWMnwBRBHMjZN1QoKXMO6wjcCQv0wvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e96a4856a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/7d074c3dd-1.jpg

104.21.52.249

200 OK

13 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/7d074c3dd-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 244x360, components 3\012- data
Size
13 kB (12608 bytes)
Hash
9d9bfbdf863ac497425792511b9d3727
d2ecbad4df91681d22a57a8f592685f2b4d95f54
f8a8fbe05e09a93bee439bc9970886030ba59b38f752982c17ed788102b764c5

HTTP Headers

GET /uploads/thumbs/7d074c3dd-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:08:49 GMT
vary: Accept-Encoding
etag: W/"63e92b31-2f68"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2B08v2Q%2FfC%2BLr4mj8VAiMqvhjF4OhKmREDchXOarUiSXwQoJThci9MQ7fJwBVeB6xWFDN2XFz1yHFSja9P3S%2FCU7CCx%2Bh7bZr6rBxBjAKFNgHZcGmfGhzL%2BKPJxw3OWvOV8xJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9aaa056a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/72386f155-1.jpg

104.21.52.249

200 OK

29 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/72386f155-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 288x360, components 3\012- data
Size
29 kB (29283 bytes)
Hash
b267d0c1a4b706573a90a150d515c7df
39fbf83a3ccca218b9be575f6c2dce25b0364392
a8ced94d6db29fa366bb0fe6fb342034314417b5d93e48608b7fad43e1d851ee

HTTP Headers

GET /uploads/thumbs/72386f155-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:13:46 GMT
vary: Accept-Encoding
etag: W/"63e92c5a-708b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432101
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Or%2BYgVz9c2UxWyeyIDzzZ5hC2dfMQ2ML74KTFOFWmC9Z8UBqn3XU%2BOmvSq%2F6tKAPTt9abN66TxOuviH0wg2m191B1UKUJ6bWKXGjoYu%2Btg3Y4qqvYEWad%2BNna3TAdeh6eF8JVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9aa9d56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/8bfec7ef8-1.jpg

104.21.52.249

200 OK

14 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/8bfec7ef8-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 244x360, components 3\012- data
Size
14 kB (14433 bytes)
Hash
94c521425094ea384f3f90617a7259d0
c53d9893802b0455a2ecf8c715449056c92123fb
5eed2ad196bd6214e8f487c5bc1646ae48b001451713ee3aba5c4ec57fe461d0

HTTP Headers

GET /uploads/thumbs/8bfec7ef8-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:05:01 GMT
vary: Accept-Encoding
etag: W/"63e92a4d-366a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432100
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tsnUYvsq8kuO7guZ89enaghO05XHEzMs83X1eMDLFy%2Fb4U8Zf5grUnDWDNx%2BHp24Zz6z1g6ud9HT6oNiBPALZ36ri%2FTz04dWtrOl0Yrzxbxhfi25%2FECSw0WIBdynrGNq6igqzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9bab556a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/ab22893c6-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/ab22893c6-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 239x360, components 3\012- data
Size
18 kB (18039 bytes)
Hash
c4ab78fb8976e134f8a1323b7be92c2d
4e27dd7e16e58b260fc3d51a1d4d76200b2aa522
5b4c4f0626a07650e67a2d68b3e47006ffdbd8ada6367bae47c7a40dd08b5de8

HTTP Headers

GET /uploads/thumbs/ab22893c6-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:16:49 GMT
vary: Accept-Encoding
etag: W/"63e92d11-449f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432101
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HdjDwkB4BIqyy4Z1lN9TIBW5Yr6YwLpifsK9dQk%2F0Nh40b9pRsRSfzUUxpGnSpwjlywDvbv8MYMkrZ6adMlqm5KKNYM72foSkJcQSqVHg4ry3%2B4aWeWpzQrYAWA34MwWG8VokA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9aa9556a4-OSL
alt-svc: h3=":443"; ma=86400

netdna.bootstrapcdn.com/font-awesome/4.4.0/fonts/fontawesome-webfont.woff2?v=4.4.0

104.18.10.207

200 OK

64 kB

URL GET HTTP/3
netdna.bootstrapcdn.com/font-awesome/4.4.0/fonts/fontawesome-webfont.woff2?v=4.4.0
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint34:BC:91:5F:B9:EC:32:2C:D9:73:C7:88:C3:6C:FB:77:E7:70:8D:04
ValidityThu, 30 Nov 2023 00:15:17 GMT - Wed, 28 Feb 2024 00:15:16 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64464, version 4.262\012- data
Size
64 kB (64464 bytes)
Hash
4b5a84aaf1c9485e060c503a0ff8cadb
574ea2698c03ae9477db2ea3baf460ee32f1a7ea
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019

HTTP Headers

GET /font-awesome/4.4.0/fonts/fontawesome-webfont.woff2?v=4.4.0 HTTP/1.1
Host: netdna.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://a0.cima44u.online
DNT: 1
Connection: keep-alive
Referer: https://netdna.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:38 GMT
content-type: font/woff2
content-length: 64464
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "4b5a84aaf1c9485e060c503a0ff8cadb"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 10/31/2023 18:48:13
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 756
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: a6ff36fee829839c1b6c2e953d67497a
cdn-cache: HIT
cf-cache-status: HIT
age: 159404
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82ff52ee0bbf0b61-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/9b0b20d57-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/9b0b20d57-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 239x360, components 3\012- data
Size
18 kB (18039 bytes)
Hash
515cfc024ee7b28767c04480e929dd55
324c629b4e0a72c08f578b92810a6a606624a042
13927cbed111917959bf4664238f31e3c68587cb6a93f165f3b619c5b3e1b0b4

HTTP Headers

GET /uploads/thumbs/9b0b20d57-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:16:36 GMT
vary: Accept-Encoding
etag: W/"63e92d04-449f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T1E%2B0i3wjgj%2BF8s86Me708UimmhPG6gn7bXvn1gjZkxgqf2aIXplmXp0skAyvFCEcDIjJbrad6eQFcj5eudOA7CBDmZd9L891UFzE6IBC%2B1MaSn3HBk3CI%2BxqLjqHEcSzmtijw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9aa9756a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/c7f879d7b-1.jpg

104.21.52.249

200 OK

49 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/c7f879d7b-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 240x360, components 3\012- data
Size
49 kB (49342 bytes)
Hash
600d02540f0ffa20b74f207dd956e6ce
d86040cb12a346c8adb9eb32889321e3a06642c2
96de2b83f6bec2fdc27787b5bcae7fef0762081d6ab8fe0c8698bed3f6a2873b

HTTP Headers

GET /uploads/thumbs/c7f879d7b-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:08:38 GMT
vary: Accept-Encoding
etag: W/"63e92b26-46ae"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432100
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xqpZU71WsJayyeG11kAbQJVI%2BjJ%2FucVkHxTN5yjDwuRiZCaAlBiYsktWOTeecR33JUkyVr7oSR5aRhXqPvZmwZsisOqSQwpz%2FCVnmRNl6SU8IIQRK%2BInIuC3VEBkXhPypIE40w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9aaa156a4-OSL
alt-svc: h3=":443"; ma=86400

entreatyfungusgaily.com/0f/ff/55/0fff55c02cf2a71ee58ef898c5cdeb9d.js

173.233.137.52

200 OK

23 kB

URL GET HTTP/1.1
entreatyfungusgaily.com/0f/ff/55/0fff55c02cf2a71ee58ef898c5cdeb9d.js
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectentreatyfungusgaily.com
FingerprintDB:22:94:CB:0E:2C:71:4E:16:A8:04:37:1E:82:91:41:C6:F8:76:5C
ValidityMon, 06 Nov 2023 06:35:13 GMT - Sun, 04 Feb 2024 06:35:12 GMT

File type
ASCII text, with very long lines (59716), with no line terminators
Size
23 kB (23348 bytes)
Hash
44f7986e457a2ea82adf69de42c4d181
8c5ca764353e8dcd179e8705918a1a03673b4f74
d067e39927ec91c80ee3dc73a6c91b2c3395be6477c69a80a204dedfa5f654a2

HTTP Headers

GET /0f/ff/55/0fff55c02cf2a71ee58ef898c5cdeb9d.js HTTP/1.1
Host: entreatyfungusgaily.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:42:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e28f318bc11795003a64b9acad8b1499
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

a0.cima44u.online/uploads/thumbs/b14c494f7-1.jpg

104.21.52.249

200 OK

21 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/b14c494f7-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 255x360, components 3\012- data
Size
21 kB (21321 bytes)
Hash
af4538bab1760f5c2d4dc0956ad03a16
67140071a5b0b5c64620f0bd2455f468cda0094f
e93eadcbf240e8094a85bf3220b75adac7c977ebb52eb2ce03dad47c42f7d412

HTTP Headers

GET /uploads/thumbs/b14c494f7-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:22:35 GMT
vary: Accept-Encoding
etag: W/"63e92e6b-5171"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432104
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sjilMcBAp4W58Y9lSKiJiyPkq3VZd1HTAdpgclQFmGZTVawLvaGHJleu%2Fi1%2BQ%2F41YyR4i%2BUJEQtkla6wSv6aHjpn40JOYivxOgoI4JYewZrc4uesDfS1M54WPFHTWg3jRY2WFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e98a6556a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/9e5ccc1b8-1.jpg

104.21.52.249

200 OK

21 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/9e5ccc1b8-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 255x360, components 3\012- data
Size
21 kB (21352 bytes)
Hash
3adb6dedd8b05769448839b56ed42bbe
8d63decb38bae133fc64a7686c4459cb5bc5e6d5
43eecbef8779dbc361206c5afd2e7ac04dd8d3fac0cd428616275c1efe4df2c4

HTTP Headers

GET /uploads/thumbs/9e5ccc1b8-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:38 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:21:40 GMT
vary: Accept-Encoding
etag: W/"63e92e34-5171"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B1c4erUYGhNsJ7BD%2FDWA1C%2B8TJpgpDB08UWVr3AIrMwbqt88MgdFjcUlPuuCmzEC0tBSPkcV8WL28tr3SGPcxTxRo%2BPNsAFU9vYHxJjnRpAWlBBGTJ88q82mz366AFOoAP67oQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e98a6856a4-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Roboto:400,300,500,700|Noticia+Text:400,400italic,700

142.250.74.106

200 OK

1.4 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:400,300,500,700|Noticia+Text:400,400italic,700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
1.4 kB (1354 bytes)
Hash
534f475eae78f354a54674e1228061cb
4d40df181d0c1386f6bf2f3708d0a9fa4c11a86f
cff0f36a7e8dad6387e140de1585d9fffba2c9915daf4a0c5cb7b4088b89476f

HTTP Headers

GET /css?family=Roboto:400,300,500,700|Noticia+Text:400,400italic,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 03 Dec 2023 22:42:38 GMT
date: Sun, 03 Dec 2023 22:42:38 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a0.cima44u.online/uploads/thumbs/33314766d-1.jpg

104.21.52.249

200 OK

28 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/33314766d-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 239x360, components 3\012- data
Size
28 kB (28499 bytes)
Hash
1ad4e41742354d98fd3205f4ecc29585
89c57b176f304f031aebea7e8117391d7dbc325a
893a0ec50f78fbecea3cbfe60b879b2f2753d16787b88d91b30682affc88a9f5

HTTP Headers

GET /uploads/thumbs/33314766d-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:18:17 GMT
vary: Accept-Encoding
etag: W/"63e92d69-449f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432101
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jEOZVxdMCu%2BgcACy3edIUXZ1J786UzeVd8CAJofBoSiispF2k%2B%2BYCxNsKiAAMjOYcdcVHo4NB0MfBgyJbSzZnmoQLau2ABBa3K%2F3QgZsZskZ0lQ3oEMQk2CIUfPidKKVg83NEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e99a7f56a4-OSL
alt-svc: h3=":443"; ma=86400

proftrafficcounter.com/stats

18.157.203.0

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.157.203.0:443
ASN
#16509 AMAZON-02

Requested by
https://a0.cima44u.online/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
5b9272ae27d187679531f143d09e87fa
095df3edbf93abec03a24b6fe5bb96a04c2974cd
d5d69c6676dd19a21c714b21ddab194983130506578474aff3784e3cf65af0a2

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a0.cima44u.online
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:42:38 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://a0.cima44u.online
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=5e5f27aa-18d1-4f09-9914-4125358308b5:3:1; expires=Wed, 30 Nov 2033 22:42:38 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

remedyabruptness.com/48/06/00/480600c1e7abb4767667c412d0c8f89d.js

192.243.59.13

200 OK

16 kB

URL GET HTTP/1.1
remedyabruptness.com/48/06/00/480600c1e7abb4767667c412d0c8f89d.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectremedyabruptness.com
FingerprintED:75:A8:C1:35:0A:5D:0D:7C:B3:59:2D:DB:F2:32:43:C4:D6:02:38
ValidityThu, 12 Oct 2023 07:12:18 GMT - Wed, 10 Jan 2024 07:12:17 GMT

File type
ASCII text, with very long lines (42822), with no line terminators
Size
16 kB (15457 bytes)
Hash
ff55b44a8b447f737cce577cf90460d7
36de950ff81dbe42583f28503782fde1304760e3
dd9278596500f437777d6e9bbf3935ab8bf465ea9a5fee424b488e0e9bf48989

HTTP Headers

GET /48/06/00/480600c1e7abb4767667c412d0c8f89d.js HTTP/1.1
Host: remedyabruptness.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 22:42:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 01d73c69e57a1f3ae3c07c988ff0d37e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

a0.cima44u.online/uploads/thumbs/800667e5c-1.jpg

104.21.52.249

200 OK

21 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/800667e5c-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 255x360, components 3\012- data
Size
21 kB (20889 bytes)
Hash
a1f8d9b06ee55083dcd7a8ddf3dff295
e8fe6354b8926ec8ce0e3ee10de10624beebfe06
3b49e71d2a9bb1ce4168212cacdae8acc7547301a2deb9b3e02dd820c6432421

HTTP Headers

GET /uploads/thumbs/800667e5c-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:22:10 GMT
vary: Accept-Encoding
etag: W/"63e92e52-5171"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432104
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1urCb0KZHkwr%2FRmJuKgTXq3nQwx%2F5ZpqoMwGBsx81PsgYbVnkpHo8d8e7abXPWRo1aJTBcxzr8t%2Ft9ubftHRZnE%2B6tMkekRfhq6o%2FnqJAO%2F4HnjYFoMLatcynzYMWsKppcJITg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e98a6756a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/

104.21.52.249

200 OK

25 kB

URL User Request GET HTTP/2
a0.cima44u.online/
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (534), with CRLF, LF line terminators
Size
25 kB (25166 bytes)
Hash
229e9f839057772c66641341b3cc49e3
8193495d8812b0f84d264688037489d4e6766b99
2b9cfe47172af182dfe1169bbe310d0dafa4725a93372c1eaa743f25485d00ee

HTTP Headers

GET / HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; path=/
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Eq3PhMV107cz4C%2FgRbmefrTh8b8%2BwtcnL4rnn%2FPZ7TBPNQQhmmkXszIT9o8fpKyvRjk%2FLT1yF7M3orj4kqFEnfCbWhOGZUyweLSYnoIDcORnVNdac1inNImlENNj47zdx5prWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e26bec1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

a0.cima44u.online/uploads/thumbs/4aa276e63-1.jpg

104.21.52.249

200 OK

21 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/4aa276e63-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 255x360, components 3\012- data
Size
21 kB (20849 bytes)
Hash
8fbb523f2019bd7ec02bbd15b2c137d1
541ba75c4a85c21ed7af372add47baed1453a661
4abe5d10c4ed35d95ca87dfac26d599f28cbb74cd369a9ccd0a5b4cdd0b38f83

HTTP Headers

GET /uploads/thumbs/4aa276e63-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:21:19 GMT
vary: Accept-Encoding
etag: W/"63e92e1f-5171"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432102
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CUmkiDOR4bNMpjspD5ogiBPvYTHZaIlpwgAB4E3037K2Tm%2Ft%2BWyeLmSVoi%2BYCitCZ1TOvsMx5qT8PXYtlIngjafNG6FvSbfnoMRqc3FBon0Re%2Fr3hxPLsAaTU8UGSU3IfwbrUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e98a6d56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/ajax.php?p=stats&do=show&aid=1&at=1

104.21.52.249

200 OK

11 kB

URL GET HTTP/3
a0.cima44u.online/ajax.php?p=stats&do=show&aid=1&at=1
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
11 kB (10970 bytes)
Hash
0e751db5d4633b2124e4f306f9808c4c
96c54f7744c163d2ff0d8ddab1b51f6cb27bc859
b202612777456efa03b6e36eea00fcd225ada5c3f72fd649f413370006ca49d6

HTTP Headers

GET /ajax.php?p=stats&do=show&aid=1&at=1 HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/gif
vary: Accept-Encoding
pragma: no-cache
expires: Wed, 5 Feb 1986 06:06:06 GMT
cache-control: must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FMYf6YjBxxkoXqgah6M%2FUz4eO8loUx7qpyvSoigkdHGsxAeNmAFjrN8%2Bk25buyHRBkgkgDMPWh49AXKoRNMQk9Pmh04LhVS8a6PkvPW%2Fnv9dcAULRVEhcdgzV8ffeCwbKCup5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e97a5e56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/4e0b712ab-1.jpg

104.21.52.249

200 OK

30 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/4e0b712ab-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 202x360, components 3\012- data
Size
30 kB (30271 bytes)
Hash
e98e272c6550d891ed44009eee1baf69
334951ae256dafef85a6f2b84b668d04dcdb50bf
f79b90d496527c3a6d8c23b32cefc0f0b1c6bd4394b429316196ff47d7c6bb99

HTTP Headers

GET /uploads/thumbs/4e0b712ab-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Thu, 02 Feb 2023 09:21:53 GMT
vary: Accept-Encoding
etag: W/"63db80b1-4c96"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JYDcaKKAMBkeBXpFyy9jiCxo9%2FuSiF1IJHS8zRg7pwa%2FhPbIYF%2FLQQYlePSYRigbvISgSneZX%2BJiVvQLTvuVSq%2FQfx1yNYvWUFYVcUJ2ko%2F8Q%2FSSeY3TcNjc3tRY%2F3hROXBE0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f17a6156a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/e69c976be-1.jpg

104.21.52.249

200 OK

138 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/e69c976be-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 202x360, components 3\012- data
Size
138 kB (138043 bytes)
Hash
e81a883c8704a679eef2ae818202e71e
d175a5c2cf632846a3655d2c327e76359e657898
fd3a54cbd5359c6773704041d2c2752c163c2d5a00f3f6643aab7ffc1a5659dc

HTTP Headers

GET /uploads/thumbs/e69c976be-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:05:25 GMT
vary: Accept-Encoding
etag: W/"63e92a65-2be3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432100
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3KET0CCXBP2qt6KW%2B6KpOwsuLmfYI9YGm0rRh7%2BMdGTJoQPInVcuuGizuvenaD3E%2B5MyQgXMFsVCTZ6C6cth%2BBmRRun6njj%2Fh41nviyb7%2FatQNRgqI8avBMR1BrMW0h19VSS8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9baaa56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/238d911cf-1.jpg

104.21.52.249

200 OK

126 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/238d911cf-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 239x360, components 3\012- data
Size
126 kB (126522 bytes)
Hash
89211ec858896f54eb8f4aadc1e08b09
3a893b81c79b189d6303a5913442702463a1b2fe
af75d1e75f898d649078234b6fe91b40285d3bc87f894a1dfd9d4458a686ef71

HTTP Headers

GET /uploads/thumbs/238d911cf-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:18:49 GMT
vary: Accept-Encoding
etag: W/"63e92d89-449f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L0FjZAKcspG0hV9%2F46KtIZ8784CFMTVmbi25JBU%2BfostlRrWKesBBZ92Dl49nAd%2BAAugWoQOEUeS%2Bsc8lQv%2BCn7GuZ%2Bi%2B0NvKR2TUnXWTuLLtoFe5Z7BQH%2FsDykkL3JqKFmjEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e98a7e56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/6c1924a2e-1.jpg

104.21.52.249

200 OK

44 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/6c1924a2e-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 255x360, components 3\012- data
Size
44 kB (44489 bytes)
Hash
90e780ff7f20817eaa768e08b784b1f8
cfc17d830b22c38602707a5872566e8c93bfac9f
7a2b74a6387f2169caaed768b32a6b2e80fbc2b631f174b200bc336bcf9afa51

HTTP Headers

GET /uploads/thumbs/6c1924a2e-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:38 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:21:17 GMT
vary: Accept-Encoding
etag: W/"63e92e1d-5171"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1O0vzju4BjY9wplhrGEQ6VoQ78DcWtXFJdeM%2BjG1o2ddzyrMRSsfDvF0a2Dz%2BxJ0N8UwNCpnh9DyDgpk%2FMoq43DMF3d28pWwOscsdL%2Fmu2pUNrZL83Osd6bC%2FbGWhpZHmWKHOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e98a6e56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/a91099673-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/a91099673-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 240x360, components 3\012- data
Size
18 kB (17479 bytes)
Hash
ef0837bc298351583031524afdb8b4eb
43d4bca90ee60ae9bea4c02939af386b791ea3f6
0f7c75c93f4ee4709f49ca4f7bccc66b569240e0f1337972a7ed972fbd53082c

HTTP Headers

GET /uploads/thumbs/a91099673-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 17:58:54 GMT
vary: Accept-Encoding
etag: W/"63e928de-4250"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432101
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kBPQ6XjCI1D5hNntUs0L08PBzQF%2F%2BilS3%2Ft17YE3Hrj8sCbLq6Ec7OqVDOtTIKGYVw3Vxt852uUJFYpil1Xx%2F4XkRDE%2BYxVfgP2lW%2B3z2uKizj%2BYg3MahvxDnBkbOR8LJBpE0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f2ab9e56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/00cd6a07b-1.jpg

104.21.52.249

200 OK

38 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/00cd6a07b-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 255x360, components 3\012- data
Size
38 kB (38105 bytes)
Hash
a1fbd917f54ef153eb9d09e7ed0cc328
7ebaf04204d9800b966ab6e728a6862891b68823
124dd2f14d7acb2344715b04742ef8e4be5a8aad69a07a46301e465d8096a709

HTTP Headers

GET /uploads/thumbs/00cd6a07b-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:22:54 GMT
vary: Accept-Encoding
etag: W/"63e92e7e-5171"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432104
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HwJ7xT8iOOVCrWS%2B%2B2CZ241r2tqjM%2FcdzaUCYsrC8VBQb%2FdL8cXwuxgkJlNGjf1Vd%2FkvdFR6wujM3d8F9U%2BRJB2sfTO33hLVswwdYDd2%2B533M17%2B%2BW%2B95bpvgY0ZAE7hGWyOFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e98a6456a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/38d72ae6e-1.jpg

104.21.52.249

200 OK

60 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/38d72ae6e-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 239x360, components 3\012- data
Size
60 kB (60148 bytes)
Hash
2382612bf92ddf2451b56d098059a7f9
dbb7ed42162fd91c9c7db123bb94b0f030e9b9ce
90cd595291cd0ff471e2042cc27019da14095ffd7f766fcbe5bad39f8d8e6f01

HTTP Headers

GET /uploads/thumbs/38d72ae6e-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:20:55 GMT
vary: Accept-Encoding
etag: W/"63e92e07-449f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432102
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q8a%2Fly2jajJXhg9QRR4X39oQbwn9tcQDr6bfClNRtNO0HTY6aM%2Fr%2Fpa02d6Nbhds97lCOMpSRnuID%2Fzhg3PD0v18ddWyggvCvW2n51m%2BCraGQAkJQGT1VjMfST2AXulWLPOjbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e98a7156a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/e2bde508a-1.jpg

104.21.52.249

200 OK

41 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/e2bde508a-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 239x360, components 3\012- data
Size
41 kB (40891 bytes)
Hash
774b1fa7754ce62f55265283cdb1b03c
f9e82309f3655e2c59d664b108593a5d25bfc332
329f9797d8d2552a67052d8289882c1aa230767868d07dde5f8c33557c207176

HTTP Headers

GET /uploads/thumbs/e2bde508a-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:20:48 GMT
vary: Accept-Encoding
etag: W/"63e92e00-449f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vSbKJj8%2FSNSGc9px81vaBmImZZEijUkBpjjZSZwzSOYeicXLuMRE7LiI38k%2Bkw5l%2B%2FQCYk1XCEcIr8DVaspfdqrJo8sgY8mZrPXkoIwLy%2F5E%2B%2BQ%2BCZhEHdJfUjmMETbdQ8ELWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e98a7356a4-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=UA-148155933-10

142.250.74.168

200 OK

52 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=UA-148155933-10
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (2213)
Size
52 kB (51680 bytes)
Hash
d6758591f51ae0518e6a6d1fb629b123
1719f78bb4595d8ebed98a2088e649c8092947d3
b68a9d39fcd6f9372e5114fbfc45db37285f342c44946a7aa4f8378889c4bf9d

HTTP Headers

GET /gtag/js?id=UA-148155933-10 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 03 Dec 2023 22:42:39 GMT
expires: Sun, 03 Dec 2023 22:42:39 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51680
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=G-QWVQ42TCTT&l=dataLayer&cx=c

142.250.74.168

200 OK

93 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-QWVQ42TCTT&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (5955)
Size
93 kB (93159 bytes)
Hash
ca5575a31d51e6e2718fd8e79827f1b5
ada3ae290fb37f1fd5abc93447a610904e4df2b7
1503fe0abd9787b7b592f2e799a3f2060f07f6aef41ed0da50f8d30b2e522b9b

HTTP Headers

GET /gtag/js?id=G-QWVQ42TCTT&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 03 Dec 2023 22:42:39 GMT
expires: Sun, 03 Dec 2023 22:42:39 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 93159
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

a0.cima44u.online/uploads/thumbs/c4e795bf0-1.jpg

104.21.52.249

200 OK

45 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/c4e795bf0-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 255x360, components 3\012- data
Size
45 kB (45404 bytes)
Hash
3e91b3737d671429cea75512c39aba94
2269cd6bc948b01b6739e5ea8a4b5b8919ba1987
72c6e959b0da72bff2351be51d4768ee7b6c381998d7f3139ce2583b7f36c707

HTTP Headers

GET /uploads/thumbs/c4e795bf0-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:23:09 GMT
vary: Accept-Encoding
etag: W/"63e92e8d-5171"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432104
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2FxGfUT2Mf8E8NOKMxT1NPRzxm7N7Ecn21CcJqyj5V4l1b1LYEgUBLqIpA3h8AnIgTguIYj8GwDyUa3KOy9jIHAAfTrEkVm2VSjLmvtYLnwdMjApyBjU3g6DOIDXtFT0L9FaKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e98a6256a4-OSL
alt-svc: h3=":443"; ma=86400

glaultoa.com/5/5694207/?oo=1&js_build=iclick-v1.635.5-auto

139.45.197.245

200 OK

19 kB

URL GET HTTP/2
glaultoa.com/5/5694207/?oo=1&js_build=iclick-v1.635.5-auto
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectglaultoa.com
Fingerprint76:62:43:3F:4B:5F:3A:A9:C6:00:2D:6B:18:2F:1C:90:5D:34:A8:A0
ValiditySat, 02 Dec 2023 14:50:24 GMT - Fri, 01 Mar 2024 14:50:23 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
19 kB (18920 bytes)
Hash
7b3a56841124bb55d9703563c40f3879
2829437885c96c732452971c1dafa435e70cd660
33d1dd11fe304ff32990e28887947358546548ffe44480dca0dda6dd9aebf174

HTTP Headers

GET /5/5694207/?oo=1&js_build=iclick-v1.635.5-auto HTTP/1.1
Host: glaultoa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a0.cima44u.online
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: application/json
x-trace-id: 02c8a7d7c4e98d3ada2e45d91028dbad
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://a0.cima44u.online
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=2a19ad1150a54c83a3a987907561b148; expires=Mon, 02 Dec 2024 22:42:39 GMT; path=/; secure; SameSite=None
oaidts=1701643359; expires=Mon, 02 Dec 2024 22:42:39 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

a0.cima44u.online/uploads/thumbs/bfad618db-1.jpg

104.21.52.249

200 OK

26 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/bfad618db-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 256x360, components 3\012- data
Size
26 kB (26072 bytes)
Hash
82c4113ea828827369e0f703e7965a71
10cf3d403619dd0ece16315c2dc1151b011ea5cd
20dfb73607d1e8bbe0005f9abdeb0066cb514c5b6819b38176b6d907a5bc0d5b

HTTP Headers

GET /uploads/thumbs/bfad618db-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 17:54:29 GMT
vary: Accept-Encoding
etag: W/"63e927d5-65d8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432101
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UiNHzQHV6VR9Yb%2BRjcxL3aJZGPXRXMz%2B4Zdk8HvHs%2FCjoyFLXO0jeVcSyQb4XSYeEGVI6CRApts8kWuTW6yZGZAkFsW2d9qQH%2F4pBZI%2F0c1cpVkVq3KAsqyalia4368jQGNDcg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f2cbcb56a4-OSL
alt-svc: h3=":443"; ma=86400

sensualtestresume.com/watch.251327103554.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1&shu=4f3e86e69c20932058de85cb4575b475c047a5b640a8b918361cd11c7bb56ccacff346e76f74cd82e6bb8d9a4a8953b12185331bcfb52ea37b27f4f87629921024924ccda7f4c76c64a48cded322fe48547693293ae52ad098d236e92f293e27f9&pst=1701643419&rmtc=t

192.243.61.227

200 OK

2.1 kB

URL GET HTTP/1.1
sensualtestresume.com/watch.251327103554.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1&shu=4f3e86e69c20932058de85cb4575b475c047a5b640a8b918361cd11c7bb56ccacff346e76f74cd82e6bb8d9a4a8953b12185331bcfb52ea37b27f4f87629921024924ccda7f4c76c64a48cded322fe48547693293ae52ad098d236e92f293e27f9&pst=1701643419&rmtc=t
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectsensualtestresume.com
Fingerprint8A:B9:2B:DF:06:40:60:0F:2B:17:C0:4F:CF:AA:B5:00:E4:03:D3:A0
ValidityTue, 28 Nov 2023 11:01:45 GMT - Mon, 26 Feb 2024 11:01:44 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2659)
Size
2.1 kB (2106 bytes)
Hash
ed5b178a1ac3a6593f939166e2f1efb2
e3879e4da66a1678a7f76af0c14240f974f23f16
251ddc2edfab9730a48776fa2b6f9d803da6ea082272d1f1984b3680d109fa0e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.251327103554.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1&shu=4f3e86e69c20932058de85cb4575b475c047a5b640a8b918361cd11c7bb56ccacff346e76f74cd82e6bb8d9a4a8953b12185331bcfb52ea37b27f4f87629921024924ccda7f4c76c64a48cded322fe48547693293ae52ad098d236e92f293e27f9&pst=1701643419&rmtc=t HTTP/1.1
Host: sensualtestresume.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a0.cima44u.online
Referer: https://a0.cima44u.online/
DNT: 1
Connection: keep-alive
Cookie: u_pl=16345501; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjM0NTUwMSwiayI6IjE5MzFmY2I2OGYwYWI3YjljYmYyMDNlMzNlNTE1Njk0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTIyNjMzLCJwaWQiOjI5ODczNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJrNnR4YzRxNjYiLCJjcGtzIjp7IjI5IjoiODlhYjgxYTNjZWQ4MTE4YWI1ODFjMzEyMTIyNTllNTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYTAuY2ltYTQ0dS5vbmxpbmUvIiwiYXIiOltdfX0.9FqjmEEMhzOO4nOcdY19N9XBTJDiNQyBt5Q-jdnsp9E
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:42:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://a0.cima44u.online
Access-Control-Allow-Origin: https://a0.cima44u.online
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=5e5f27aa-18d1-4f09-9914-4125358308b5:3:1; expires=Sun, 10 Dec 2023 22:42:39 GMT; secure; SameSite=None
iprcbb9dfb81a043c53a7e2a16e2c1b0b762=3569808; expires=Mon, 04 Dec 2023 02:42:39 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 04 Dec 2023 22:42:39 GMT; secure; SameSite=None
uncs=1; expires=Mon, 04 Dec 2023 22:42:39 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 04 Dec 2023 22:42:39 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 04 Dec 2023 22:42:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c8cfa7e1a269ddee05d89993a32ca31e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

friendshipmale.com/sfp.js

104.21.234.32

200 OK

43 kB

URL GET HTTP/3
friendshipmale.com/sfp.js
IP
104.21.234.32:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
43 kB (42585 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: a68350f546353b55db9ffb3c3e2cd1e0
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 03 Dec 2023 22:42:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=StzIIeTjbLqVasxgDxokAT5WBnPrim5kkvfhC2VH8vsSwoaSzg3IXSWomXCU5%2ByYV29IDgCkCdTxO6LH47pqFLgRhD%2B3I%2FLoQ9hqxPM0tIyP%2FipPyIaJ7pPuTgOkXMPmjWzna3M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff52f12fa8d95b-HEL
content-encoding: br
alt-svc: h3=":443"; ma=86400

archaicin.com/watch.869525107390.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1&shu=8478c3491ce45286d14fe722a78cd1e2c256d3ed2111aface943bc50d784634d5067bcc37a7e5655a07409309ec3ab72637c97907f007fb63b3ec15b1132c9945c7582ed774a8a1d69397c2e067214bcb293d64e1cb485b9a12f884c551710c5c7dbe4&pst=1701643419&rmtc=t

192.243.61.225

200 OK

2.1 kB

URL GET HTTP/1.1
archaicin.com/watch.869525107390.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1&shu=8478c3491ce45286d14fe722a78cd1e2c256d3ed2111aface943bc50d784634d5067bcc37a7e5655a07409309ec3ab72637c97907f007fb63b3ec15b1132c9945c7582ed774a8a1d69397c2e067214bcb293d64e1cb485b9a12f884c551710c5c7dbe4&pst=1701643419&rmtc=t
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectarchaicin.com
FingerprintCB:13:5A:BD:C5:13:07:1E:02:F1:E3:B3:05:D7:5C:2F:4A:25:2E:67
ValidityTue, 28 Nov 2023 10:53:01 GMT - Mon, 26 Feb 2024 10:53:00 GMT

File type
HTML document, ASCII text, with very long lines (2538)
Size
2.1 kB (2061 bytes)
Hash
dab1111d60af7d8774c36b6d15a076c0
b10990f3123d3c36b5422b9b95347009dfc636a8
49bbd72684247e0d1979a6346510ecabd77feaf09e66f4469fca9811db301aee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.869525107390.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1&shu=8478c3491ce45286d14fe722a78cd1e2c256d3ed2111aface943bc50d784634d5067bcc37a7e5655a07409309ec3ab72637c97907f007fb63b3ec15b1132c9945c7582ed774a8a1d69397c2e067214bcb293d64e1cb485b9a12f884c551710c5c7dbe4&pst=1701643419&rmtc=t HTTP/1.1
Host: archaicin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a0.cima44u.online
Referer: https://a0.cima44u.online/
DNT: 1
Connection: keep-alive
Cookie: u_pl=16345501; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjM0NTUwMSwiayI6IjE5MzFmY2I2OGYwYWI3YjljYmYyMDNlMzNlNTE1Njk0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTIyNjMzLCJwaWQiOjI5ODczNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJrNnR4YzRxNjYiLCJjcGtzIjp7IjI5IjoiODlhYjgxYTNjZWQ4MTE4YWI1ODFjMzEyMTIyNTllNTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYTAuY2ltYTQ0dS5vbmxpbmUvIiwiYXIiOltdfX0.9FqjmEEMhzOO4nOcdY19N9XBTJDiNQyBt5Q-jdnsp9E
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:42:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://a0.cima44u.online
Access-Control-Allow-Origin: https://a0.cima44u.online
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=5e5f27aa-18d1-4f09-9914-4125358308b5:3:1; expires=Sun, 10 Dec 2023 22:42:39 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 04 Dec 2023 22:42:39 GMT; secure; SameSite=None
uncs=1; expires=Mon, 04 Dec 2023 22:42:39 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 04 Dec 2023 22:42:39 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 04 Dec 2023 22:42:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8384721094c0b640f327681d7c6dd091
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

banquetunarmedgrater.com/advertisers.js

172.67.219.12

200 OK

0 B

URL GET HTTP/2
banquetunarmedgrater.com/advertisers.js
IP
172.67.219.12:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectbanquetunarmedgrater.com
Fingerprint92:8E:AD:72:AC:AD:3B:21:99:CD:21:A0:9F:BD:F2:AF:0D:98:D8:57
ValidityThu, 09 Nov 2023 11:40:15 GMT - Wed, 07 Feb 2024 11:40:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: application/javascript
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=172800
x-request-id: 3ff8c5f6d0bce610522fffc2a016fd9d
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 03 Dec 2023 22:42:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ARM6FbjK%2Be3SV1gn4xFJX42ef3lFoNvNfRG5CirG9T3ffNQ4rRTJ%2FxJLVh63USga6BZRvCltLVB8SUHaVDlURKZyVOQOpvw8beCt%2FdVuw78krXoRze0lloHj5tLZvsuEvSUzOhMz1TbEerM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff52f74ad8b527-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

104.21.234.32

200 OK

28 kB

URL GET HTTP/3
friendshipmale.com/sfp.js
IP
104.21.234.32:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27625 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: e74a86bfa0a38ca6502313c84dc6f21a
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 03 Dec 2023 22:42:39 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FV%2Fu89yQoymqqcfwEG0yldujgL7bYv63%2BBlunedps7aqc9MRcgbfMWYfOR3UA39wIRD3NgWuQ85%2Byy0PtB091qlgXT%2BzH%2BKAN2GPfFQv%2BcDNS4R4LvgX8iOXgR%2BK1TfrvizxX4I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff52f66a0fd95b-HEL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/f7bebd9ab-1.jpg

104.21.52.249

200 OK

23 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/f7bebd9ab-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 255x360, components 3\012- data
Size
23 kB (23228 bytes)
Hash
5bed0366c9ec05deaed49bea0b275f64
08d59a7b2555ec74d44808d6c71351fed1e62a4d
e188c26b0fc27468c45a365fcfcc31c40b42c7afd122997bf943effca82464f7

HTTP Headers

GET /uploads/thumbs/f7bebd9ab-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:21:33 GMT
vary: Accept-Encoding
etag: W/"63e92e2d-5171"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432103
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XBwnadgG6hiRM06sBfXp7kN9rxGmI4%2BQFWQUwD8800Fzxdaz6r81ScTRBTS7xtjZMTusy0SkDbk7uLGEjvycxl%2FlbRHaB67hkIhqsJ7rq3hOxX7YXRjgHOEiLaMFPZneVamFKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e98a6a56a4-OSL
alt-svc: h3=":443"; ma=86400

overwhelmfarrier.com/sbar.json?key=480600c1e7abb4767667c412d0c8f89d&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1

192.243.61.227

200 OK

4.2 kB

URL GET HTTP/1.1
overwhelmfarrier.com/sbar.json?key=480600c1e7abb4767667c412d0c8f89d&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectoverwhelmfarrier.com
Fingerprint73:29:36:67:DF:86:C1:29:CD:54:5E:05:D2:63:9A:F4:E2:BA:9C:C1
ValidityTue, 28 Nov 2023 10:35:32 GMT - Mon, 26 Feb 2024 10:35:31 GMT

File type
JSON data\012- , ASCII text, with very long lines (6006), with no line terminators
Size
4.2 kB (4191 bytes)
Hash
2988b5b7129a330595da17957a5139a1
e7ab5fd7cdc0592d04cc09f53a31af8d5ace4e30
bd446af3f141ef1b50ab14da8e93cbffee6a9a1f3dc526e3fdc96026dd5473d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=480600c1e7abb4767667c412d0c8f89d&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1 HTTP/1.1
Host: overwhelmfarrier.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a0.cima44u.online
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:42:40 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://a0.cima44u.online
Access-Control-Allow-Origin: https://a0.cima44u.online
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16393455; expires=Mon, 04 Dec 2023 22:42:39 GMT; secure; SameSite=None
uid_id2=5e5f27aa-18d1-4f09-9914-4125358308b5:3:1; expires=Sun, 10 Dec 2023 22:42:39 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 04 Dec 2023 22:42:40 GMT; secure; SameSite=None
uncs=1; expires=Mon, 04 Dec 2023 22:42:40 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 04 Dec 2023 22:42:40 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 04 Dec 2023 22:42:40 GMT; secure; SameSite=None
slec480600c1e7abb4767667c412d0c8f89d=[4766299]; expires=Sun, 03 Dec 2023 22:42:45 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 96c7565bda31f47f67659e4fe8bcd4e8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

a0.cima44u.online/uploads/thumbs/5022099fb-1.jpg

104.21.52.249

200 OK

19 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/5022099fb-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 288x360, components 3\012- data
Size
19 kB (18607 bytes)
Hash
8e6a7faa0f380460e4108bd7e70755df
11e3afa73e850fb334e7bfe4fb39cd77ea311098
a23710e70d30cde8e408d2dad46962ea0069b1358b801d78fcb5bd51749ad181

HTTP Headers

GET /uploads/thumbs/5022099fb-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Thu, 02 Feb 2023 09:28:04 GMT
vary: Accept-Encoding
etag: W/"63db8224-48af"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XD5joEngWgropQMvHYolj4C4LqhNO3Xf26wl2PwZqwNKDVKe1UXlJp93Di5c9ojN6ytxDGsc%2FqnuhNbhGZXz9I%2FCSqqY5ZyCgLfAZ7wbVW70jd3cb9Ng6GYAegBiGHFe7VQQdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f1aa9456a4-OSL
alt-svc: h3=":443"; ma=86400

cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png

45.133.44.9

200 OK

106 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced\012- data
Size
106 kB (105910 bytes)
Hash
a36b92bb68d9b579458560ba9b94862a
782d2932ccd3a56e5aad1cca7e6e7fb4a3cf23d6
9de12cf85ad80cae34d8bdaeb59169d75e3bd4f8b931ec90ea2c3be166647c0e

HTTP Headers

GET /cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:42:40 GMT
content-type: image/png
content-length: 105910
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:08:06 GMT
etag: "62e11c96-19db6"
expires: Tue, 05 Dec 2023 22:42:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/bi/de/5f/a7/de5fa75eed31cf1b1253381113fdb31c/1632784317.jpg

45.133.44.9

200 OK

63 kB

URL GET HTTP/2
cdn.cloudimagesb.com/bi/de/5f/a7/de5fa75eed31cf1b1253381113fdb31c/1632784317.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 22.5 (Windows), datetime=2021:09:24 14:16:31], baseline, precision 8, 728x90, components 3\012- data
Size
63 kB (63391 bytes)
Hash
2e640502826699d6b47a038f5d2c502c
36563151831eb835fc5f8f7b0f0454a7d0dd7d35
084c632d1c895f33f72af57b92ca6d8d7755b4cfc73770ee333a3918c5be3ab3

HTTP Headers

GET /bi/de/5f/a7/de5fa75eed31cf1b1253381113fdb31c/1632784317.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:42:40 GMT
content-type: image/jpeg
content-length: 63391
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 23:12:07 GMT
etag: "61524fc7-f79f"
expires: Tue, 05 Dec 2023 22:42:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

a0.cima44u.online/uploads/thumbs/6bcfa0df2-1.jpg

104.21.52.249

200 OK

36 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/6bcfa0df2-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 253x360, components 3\012- data
Size
36 kB (35532 bytes)
Hash
08e38546ff37ad0500623ab95b21357b
69bfa249c7fed98ecb99b8d6efb10fed2211fa3c
ec6e0925e762ad90aea5e9700f98d733c8124c29f3a4d0f6faad30794da1ff09

HTTP Headers

GET /uploads/thumbs/6bcfa0df2-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Thu, 02 Feb 2023 09:31:32 GMT
vary: Accept-Encoding
etag: W/"63db82f4-4e71"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uxcNN4EXSKenq11SQMWJFqQSSCxbrLUDDbw2t9jVyur5kfd53UaDecNkiMWv3dgo4z%2FijifXrcwlhg0sJQbedlXDbEKg0ANdo4kcrKoyHVufw%2B6tgfgrveRvw%2BbWFN7rAxRXhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f1aa9656a4-OSL
alt-svc: h3=":443"; ma=86400

devoutdoubtfulsample.com/watch.548399070676.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1&shu=dfb7f0161cc40703e8bd4f1e49256e9bffc4df09d56e517547024fb2a118040e6839643870a841ae4586138d513384d9a4576ea16df3a572141051e287098dc62c4efe72eb7cde845eb245fcc43f0a6d70cd28973354cbb50fcecdcb896e6e&pst=1701643420&rmtc=t

192.243.59.20

200 OK

2.1 kB

URL GET HTTP/1.1
devoutdoubtfulsample.com/watch.548399070676.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1&shu=dfb7f0161cc40703e8bd4f1e49256e9bffc4df09d56e517547024fb2a118040e6839643870a841ae4586138d513384d9a4576ea16df3a572141051e287098dc62c4efe72eb7cde845eb245fcc43f0a6d70cd28973354cbb50fcecdcb896e6e&pst=1701643420&rmtc=t
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectdevoutdoubtfulsample.com
Fingerprint46:DE:76:4D:52:45:B0:2F:13:58:87:BE:89:D2:89:F5:9B:CA:E2:5F
ValidityTue, 28 Nov 2023 08:12:35 GMT - Mon, 26 Feb 2024 08:12:34 GMT

File type
HTML document, ASCII text, with very long lines (2549)
Size
2.1 kB (2063 bytes)
Hash
857a839bcd185f2ad638334ee82ea014
fa9dd870fa0cacd18084d43dca294b54c4e2f1e4
7e1336921f7c63920b69fc01c5eca4652f624465e814386219c66c5c743f3f7e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.548399070676.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1&shu=dfb7f0161cc40703e8bd4f1e49256e9bffc4df09d56e517547024fb2a118040e6839643870a841ae4586138d513384d9a4576ea16df3a572141051e287098dc62c4efe72eb7cde845eb245fcc43f0a6d70cd28973354cbb50fcecdcb896e6e&pst=1701643420&rmtc=t HTTP/1.1
Host: devoutdoubtfulsample.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a0.cima44u.online
Referer: https://a0.cima44u.online/
DNT: 1
Connection: keep-alive
Cookie: u_pl=16345501; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjM0NTUwMSwiayI6IjE5MzFmY2I2OGYwYWI3YjljYmYyMDNlMzNlNTE1Njk0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTIyNjMzLCJwaWQiOjI5ODczNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJrNnR4YzRxNjYiLCJjcGtzIjp7IjI5IjoiODlhYjgxYTNjZWQ4MTE4YWI1ODFjMzEyMTIyNTllNTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYTAuY2ltYTQ0dS5vbmxpbmUvIiwiYXIiOltdfX0.9FqjmEEMhzOO4nOcdY19N9XBTJDiNQyBt5Q-jdnsp9E
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 22:42:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://a0.cima44u.online
Access-Control-Allow-Origin: https://a0.cima44u.online
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=5e5f27aa-18d1-4f09-9914-4125358308b5:3:1; expires=Sun, 10 Dec 2023 22:42:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 04 Dec 2023 22:42:40 GMT; secure; SameSite=None
uncs=1; expires=Mon, 04 Dec 2023 22:42:40 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 04 Dec 2023 22:42:40 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 04 Dec 2023 22:42:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8429668ad7c5e857dde21c93cb4e2b30
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

friendshipmale.com/sfp.js

104.21.234.32

200 OK

125 kB

URL GET HTTP/3
friendshipmale.com/sfp.js
IP
104.21.234.32:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
125 kB (125286 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:40 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 5a1215a99cb09906c71a03eb28aa396a
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 03 Dec 2023 22:42:39 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f8YbT70AF4nVzxC%2FjKHGv04IbiBJo4%2F6Yy8b%2BITw4PncElPqP03ZUazyrO5J3xYArTmCUN%2BuNG3iIH1KQWjblcaXcmPv7o7KLFJGT92x6I9MiPHZQbfl6ajM6k%2FN%2FUIcvF1fUcM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff52f7ecfbd95b-HEL
content-encoding: br
alt-svc: h3=":443"; ma=86400

overwhelmfarrier.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxRutTvZ3%2BuFBCYgHYQ45RHBnq2e65485BGNMDMYk5A978GJ1VfVsudVdTVX39Ox4WQxITjKCB4%2B9b3azGEMwHgVBZr2EBcHxIHtwQbxHQcjBk8zswOh3qO9736vDe6%2Fqk53imPgo2NHN98xQac3WwjqtnVtXqTClq12%2FU%2FNpnZ6vrau0FZyvDWaH7b%2Fh07BOX6tdkXzTrDWoT6lP%2FdplZWVsBmtzFip71PXrXVoPGnU%2FDDCw%2F8Wu8OCYB9E%2FJi9Bien%2FNp4%2BgeITpMnXl6TbzE32%2BttJoVluLPpi%2F266mZoyRbIcY%2BshTvcXt2HclJAvTsGk%2BwsHMP3dmQNEakq8X3xE6f5CJqL%2B3onSSEOmiMT%2FUfYnkHoCxSbg5h6U%2BIkAXOD6DaTJg%2BvGlmzrhGUzdkpWnv8FVU7Jyq9nkCaPL2o1qN02usiVSR0GcQU1mED1JsiKA%2BRDD6o8AM8%2FhhI%2FkrXn15AmuzecNlDi6Gwow7jRZmzV7wh%2FNYhpd7Xb9YPVwG%2BEzbDTpJ0onEek1AQqnkDLEZg7jcJ5KJSHIvZQZB4ScVRjYTemtB1HcbPZCTjnzSbnYaclQtEMOjFFwWceRsizEbgegdttZHYbm2oEW3wPt1HBCQ8uJ%2BiLCqUkKB1ByQhKRVDmBGW%2F2hPaNVz1QGhXRP6iNxa9WY1N3ttheybvyZSA2dFOdkxenIf399k%2FsCmPakGHtijlvmyzKArarXar1eaB3xCUd%2BJOV8CpCsqdAnMehmpKXj7%2FFJmakpVP%2F0TEDuD0AbjywIpXwcpxu0HBNsZBh2KYPky2uEpYnbMEwlTI8hXkW96OPiavzFW88%2B37kPzwwufD3648PvMRuK2Q2Qofqh8Ievr%2B%2BJYpye4tUzry5EaWq0QN2ex5b%2Bcsl6cfviu3SmPF1Utu9OWbfEbMxkd3pMuvsVSotOfIVxeVENJeNpZL8t1Vty6jm4XbuFjYtMiu3Xzr8tUks9I5ZdIJmJoS8uwbcDUlLzxz86977u7vUHYCW1RIikOyKChzAJ5tw2XLnTMEVi9xlHkoi2psG9FyqRWBlkvMogruXzhazjvuPnrWA8vvIU0q9G2Fvq7A9AiuOD3OM3t44efmvBBpbxxp6%2B1G2urPTsJ16qgmw5jGkjZkFHejuM2o6MZBN2JdX7ajkPnI3VQmKx%2F8AwAA%2F%2F8BAAD%2F%2F0qEzaaSBAAA

192.243.61.227

200 OK

7 B

URL GET HTTP/1.1
overwhelmfarrier.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxRutTvZ3%2BuFBCYgHYQ45RHBnq2e65485BGNMDMYk5A978GJ1VfVsudVdTVX39Ox4WQxITjKCB4%2B9b3azGEMwHgVBZr2EBcHxIHtwQbxHQcjBk8zswOh3qO9736vDe6%2Fqk53imPgo2NHN98xQac3WwjqtnVtXqTClq12%2FU%2FNpnZ6vrau0FZyvDWaH7b%2Fh07BOX6tdkXzTrDWoT6lP%2FdplZWVsBmtzFip71PXrXVoPGnU%2FDDCw%2F8Wu8OCYB9E%2FJi9Bien%2FNp4%2BgeITpMnXl6TbzE32%2BttJoVluLPpi%2F266mZoyRbIcY%2BshTvcXt2HclJAvTsGk%2BwsHMP3dmQNEakq8X3xE6f5CJqL%2B3onSSEOmiMT%2FUfYnkHoCxSbg5h6U%2BIkAXOD6DaTJg%2BvGlmzrhGUzdkpWnv8FVU7Jyq9nkCaPL2o1qN02usiVSR0GcQU1mED1JsiKA%2BRDD6o8AM8%2FhhI%2FkrXn15AmuzecNlDi6Gwow7jRZmzV7wh%2FNYhpd7Xb9YPVwG%2BEzbDTpJ0onEek1AQqnkDLEZg7jcJ5KJSHIvZQZB4ScVRjYTemtB1HcbPZCTjnzSbnYaclQtEMOjFFwWceRsizEbgegdttZHYbm2oEW3wPt1HBCQ8uJ%2BiLCqUkKB1ByQhKRVDmBGW%2F2hPaNVz1QGhXRP6iNxa9WY1N3ttheybvyZSA2dFOdkxenIf399k%2FsCmPakGHtijlvmyzKArarXar1eaB3xCUd%2BJOV8CpCsqdAnMehmpKXj7%2FFJmakpVP%2F0TEDuD0AbjywIpXwcpxu0HBNsZBh2KYPky2uEpYnbMEwlTI8hXkW96OPiavzFW88%2B37kPzwwufD3648PvMRuK2Q2Qofqh8Ievr%2B%2BJYpye4tUzry5EaWq0QN2ex5b%2Bcsl6cfviu3SmPF1Utu9OWbfEbMxkd3pMuvsVSotOfIVxeVENJeNpZL8t1Vty6jm4XbuFjYtMiu3Xzr8tUks9I5ZdIJmJoS8uwbcDUlLzxz86977u7vUHYCW1RIikOyKChzAJ5tw2XLnTMEVi9xlHkoi2psG9FyqRWBlkvMogruXzhazjvuPnrWA8vvIU0q9G2Fvq7A9AiuOD3OM3t44efmvBBpbxxp6%2B1G2urPTsJ16qgmw5jGkjZkFHejuM2o6MZBN2JdX7ajkPnI3VQmKx%2F8AwAA%2F%2F8BAAD%2F%2F0qEzaaSBAAA
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectoverwhelmfarrier.com
Fingerprint73:29:36:67:DF:86:C1:29:CD:54:5E:05:D2:63:9A:F4:E2:BA:9C:C1
ValidityTue, 28 Nov 2023 10:35:32 GMT - Mon, 26 Feb 2024 10:35:31 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxRutTvZ3%2BuFBCYgHYQ45RHBnq2e65485BGNMDMYk5A978GJ1VfVsudVdTVX39Ox4WQxITjKCB4%2B9b3azGEMwHgVBZr2EBcHxIHtwQbxHQcjBk8zswOh3qO9736vDe6%2Fqk53imPgo2NHN98xQac3WwjqtnVtXqTClq12%2FU%2FNpnZ6vrau0FZyvDWaH7b%2Fh07BOX6tdkXzTrDWoT6lP%2FdplZWVsBmtzFip71PXrXVoPGnU%2FDDCw%2F8Wu8OCYB9E%2FJi9Bien%2FNp4%2BgeITpMnXl6TbzE32%2BttJoVluLPpi%2F266mZoyRbIcY%2BshTvcXt2HclJAvTsGk%2BwsHMP3dmQNEakq8X3xE6f5CJqL%2B3onSSEOmiMT%2FUfYnkHoCxSbg5h6U%2BIkAXOD6DaTJg%2BvGlmzrhGUzdkpWnv8FVU7Jyq9nkCaPL2o1qN02usiVSR0GcQU1mED1JsiKA%2BRDD6o8AM8%2FhhI%2FkrXn15AmuzecNlDi6Gwow7jRZmzV7wh%2FNYhpd7Xb9YPVwG%2BEzbDTpJ0onEek1AQqnkDLEZg7jcJ5KJSHIvZQZB4ScVRjYTemtB1HcbPZCTjnzSbnYaclQtEMOjFFwWceRsizEbgegdttZHYbm2oEW3wPt1HBCQ8uJ%2BiLCqUkKB1ByQhKRVDmBGW%2F2hPaNVz1QGhXRP6iNxa9WY1N3ttheybvyZSA2dFOdkxenIf399k%2FsCmPakGHtijlvmyzKArarXar1eaB3xCUd%2BJOV8CpCsqdAnMehmpKXj7%2FFJmakpVP%2F0TEDuD0AbjywIpXwcpxu0HBNsZBh2KYPky2uEpYnbMEwlTI8hXkW96OPiavzFW88%2B37kPzwwufD3648PvMRuK2Q2Qofqh8Ievr%2B%2BJYpye4tUzry5EaWq0QN2ex5b%2Bcsl6cfviu3SmPF1Utu9OWbfEbMxkd3pMuvsVSotOfIVxeVENJeNpZL8t1Vty6jm4XbuFjYtMiu3Xzr8tUks9I5ZdIJmJoS8uwbcDUlLzxz86977u7vUHYCW1RIikOyKChzAJ5tw2XLnTMEVi9xlHkoi2psG9FyqRWBlkvMogruXzhazjvuPnrWA8vvIU0q9G2Fvq7A9AiuOD3OM3t44efmvBBpbxxp6%2B1G2urPTsJ16qgmw5jGkjZkFHejuM2o6MZBN2JdX7ajkPnI3VQmKx%2F8AwAA%2F%2F8BAAD%2F%2F0qEzaaSBAAA HTTP/1.1
Host: overwhelmfarrier.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: u_pl=16393455; uid_id2=5e5f27aa-18d1-4f09-9914-4125358308b5:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:42:40 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ecca2ef3e39059df6359c7dcc5d5e0bc
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png

172.64.109.10

200 OK

591 B

URL GET HTTP/3
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size
591 B (591 bytes)
Hash
9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:41 GMT
content-type: image/png
content-length: 591
last-modified: Mon, 21 Feb 2022 10:06:44 GMT
etag: "62136434-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1693673
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uCVjfOUbZC5HLNE%2FBXALtu1ZoyBpH8uXcQyjZ%2B%2BGqoW9GsaDNNeNbvKmdNfDtnPFAdhEwwHM2tcCgAPgERmTTCJd1lDohy%2BRjoQeNX9Dij4jRd9AAK3GM99RhLD%2B3UGDrThwJkY5HtGJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff5300ecbb3859-LHR
alt-svc: h3=":443"; ma=86400

friendshipmale.com/sfp.js

104.21.234.32

200 OK

58 kB

URL GET HTTP/3
friendshipmale.com/sfp.js
IP
104.21.234.32:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
58 kB (58448 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:40 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 4354ec13d3b7ed78eff06800c68cd544
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 03 Dec 2023 22:42:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EdLsFQV0GAr3agdhzdTfnOmhARcteuKcQQsQx%2BXadNbEpeDAETK%2Bc9A%2FZMJ%2BXOC4xGUAcDUmbsGEkGPt76iy0Q1Bymr%2Fti7lC6b7mTgRtvph7jTdcTba8wFEKMhtqt78ToB96Ew%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff52fa895fd95b-HEL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.cloudimagesb.com/si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png

45.133.44.9

200 OK

20 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
20 kB (20001 bytes)
Hash
ea31001ce8fa95eb2ac1617515105332
d505ca04808c25cfa33a555c96886f421ddbbde7
0267f5cd21fe5609405724c20d6f021b8932a696ada766b8e86e42c670000ab3

HTTP Headers

GET /si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:42:41 GMT
content-type: image/png
content-length: 20001
server: nginx/1.21.6
last-modified: Mon, 20 Nov 2023 14:52:40 GMT
etag: "655b72b8-4e21"
expires: Tue, 05 Dec 2023 22:42:41 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=5e5f27aa-18d1-4f09-9914-4125358308b5&eb=c80cb6f7f73f00cad5a4f4398f817bd4&te=fbc0cb225bdaf1792b10ddca0f237860&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=89ab81a3ced8118ab581c31212259e58&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22

192.243.59.13

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=5e5f27aa-18d1-4f09-9914-4125358308b5&eb=c80cb6f7f73f00cad5a4f4398f817bd4&te=fbc0cb225bdaf1792b10ddca0f237860&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=89ab81a3ced8118ab581c31212259e58&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=5e5f27aa-18d1-4f09-9914-4125358308b5&eb=c80cb6f7f73f00cad5a4f4398f817bd4&te=fbc0cb225bdaf1792b10ddca0f237860&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=89ab81a3ced8118ab581c31212259e58&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 22:42:41 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 73b01bf00a678ecebdd948538ec2ed27
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=5e5f27aa-18d1-4f09-9914-4125358308b5&eb=c80cb6f7f73f00cad5a4f4398f817bd4&te=fbc0cb225bdaf1792b10ddca0f237860&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=480600c1e7abb4767667c412d0c8f89d&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22

192.243.59.13

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=5e5f27aa-18d1-4f09-9914-4125358308b5&eb=c80cb6f7f73f00cad5a4f4398f817bd4&te=fbc0cb225bdaf1792b10ddca0f237860&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=480600c1e7abb4767667c412d0c8f89d&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=5e5f27aa-18d1-4f09-9914-4125358308b5&eb=c80cb6f7f73f00cad5a4f4398f817bd4&te=fbc0cb225bdaf1792b10ddca0f237860&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=480600c1e7abb4767667c412d0c8f89d&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 22:42:41 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1b5da50375795006207746389b59e97a
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/animate.css

172.64.109.10

200 OK

5.5 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/animate.css
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text
Size
5.5 kB (5542 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a0.cima44u.online
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:42:41 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:06:42 GMT
etag: W/"62136432-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Ft7TfKk2VJOk6sUPPnHZyLRtHmIA7zipZ5oTUSscZeaaIZuBYqYjvIp9c%2BWA9mAFazGqubTUR%2BQvRDGiieuaCiDoatP5WJ9xPljEDhQaOQksZ1hv8hYUE1YyBTNTy8S3FUEr0%2FgLxT9v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff52fd7fbb7777-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://a0.cima44u.online
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:13:56 GMT
expires: Thu, 28 Nov 2024 21:13:56 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 350925
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://a0.cima44u.online
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 323107
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

overwhelmfarrier.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST4gcxRutTvZ3%2BuFBCYgHYQ45RHBnu2e6Z3rMIRhjYnDdXfKHPXixuqp6ttzqrqaqe3p2vCwGJCcZwYPH3je7WYwhGI%2BCILNewoLgeJA9uCDeoyDk4ElmdmD0O9T3ve%2FV4b1X9clecUo8FPRk4z09kErRlaDu1i5typTr0tbW7tQ8t%2B5erm3KtOVfrvWnh%2Bm94blB3X2tdkOwbb3ScD3X9Vyvdl0aEev%2ByoyFzB51vHrHrfuNuhf46Jv%2FYls4sNQB752SlyD55H9bT59AsjHS5Otrwm7nOnv97aRQNNcGPX54N91OdZkiWYyxcRCnh%2FPb0HZCyBfnoNPDuQPo3v7UASI5Ic4vHqL0cC4TUe%2FgTGmkIFJE%2FP8oe2MINYakYzB9D5L%2FRADGsbaONHmwpk1Jd85YOmUnZOn5X5DlhCz9egFp8viqkv3aba2KXOrUoh9XkP0xZHeMrDhCPnAgyyOw%2FGNI%2FiNZeb6KNNlft0pD8pOLgQjiRpvSZS%2Fk3rIfu53lTsfzl32vETSDsOmGUTCLSMoxZDyGEkNQex6FdVBIB0XsoMgcJPykRoNO7LrtOIqbzdBnjDWbjAVhiwe86Yexi4JNPQyRZ0MwNQQzu8jMLrblEKb4HnarguUObE7Q4xVKQVBagpISlJKgzAnKXnXAlW3Y6gFXtoi8eW%2FMe7Ma6by7Rw903hUpATXDveyUvDgL7%2B%2BLf2BbnNT80G25LvNEm0aR3261W602870Gd1kYhx0OKytIew7UOhjICXn58lNkckKWPv0TET2CVUdg0gEtXgUtR%2B2GC7o18kMXg%2FRhssNkQuuMJuC6QpYvId9x9tQpeWWm4p1v34dgx1c%2BH%2Fx24%2FGFj8BMhcxU%2BFD%2BQNBV90e3dEn2b%2BnSkifrWS4TOaDT572d01ycf%2Fiu2Cm14Tev2eGXb7IpMR0f3RE2X6Upl2nXkq%2BuSs6Fua4NE%2BS7m3ZTRBuF3bpamLTIVjfeun4zyYywVup0DConhDz7BkxOyAvP7OzrXrr7O6QZwxQVkuKYzAtSH4Flu7DZYmc1gVELHGUOyqIamUa0WCpJoMQC06iC%2FReOFvOevY%2BucUDze0iTCj1ToacqUDWELc6P8swcX%2Fm5OStEyhlFyjj7kTLqs7NwrTypBZ4vwihsM84jwbjXbjTDpus2OPfbHeF1kNuJSJY%2B%2BAcAAP%2F%2FAQAA%2F%2F9ejENAkgQAAA%3D%3D

192.243.61.227

200 OK

7 B

URL GET HTTP/1.1
overwhelmfarrier.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST4gcxRutTvZ3%2BuFBCYgHYQ45RHBnu2e6Z3rMIRhjYnDdXfKHPXixuqp6ttzqrqaqe3p2vCwGJCcZwYPH3je7WYwhGI%2BCILNewoLgeJA9uCDeoyDk4ElmdmD0O9T3ve%2FV4b1X9clecUo8FPRk4z09kErRlaDu1i5typTr0tbW7tQ8t%2B5erm3KtOVfrvWnh%2Bm94blB3X2tdkOwbb3ScD3X9Vyvdl0aEev%2ByoyFzB51vHrHrfuNuhf46Jv%2FYls4sNQB752SlyD55H9bT59AsjHS5Otrwm7nOnv97aRQNNcGPX54N91OdZkiWYyxcRCnh%2FPb0HZCyBfnoNPDuQPo3v7UASI5Ic4vHqL0cC4TUe%2FgTGmkIFJE%2FP8oe2MINYakYzB9D5L%2FRADGsbaONHmwpk1Jd85YOmUnZOn5X5DlhCz9egFp8viqkv3aba2KXOrUoh9XkP0xZHeMrDhCPnAgyyOw%2FGNI%2FiNZeb6KNNlft0pD8pOLgQjiRpvSZS%2Fk3rIfu53lTsfzl32vETSDsOmGUTCLSMoxZDyGEkNQex6FdVBIB0XsoMgcJPykRoNO7LrtOIqbzdBnjDWbjAVhiwe86Yexi4JNPQyRZ0MwNQQzu8jMLrblEKb4HnarguUObE7Q4xVKQVBagpISlJKgzAnKXnXAlW3Y6gFXtoi8eW%2FMe7Ma6by7Rw903hUpATXDveyUvDgL7%2B%2BLf2BbnNT80G25LvNEm0aR3261W602870Gd1kYhx0OKytIew7UOhjICXn58lNkckKWPv0TET2CVUdg0gEtXgUtR%2B2GC7o18kMXg%2FRhssNkQuuMJuC6QpYvId9x9tQpeWWm4p1v34dgx1c%2BH%2Fx24%2FGFj8BMhcxU%2BFD%2BQNBV90e3dEn2b%2BnSkifrWS4TOaDT572d01ycf%2Fiu2Cm14Tev2eGXb7IpMR0f3RE2X6Upl2nXkq%2BuSs6Fua4NE%2BS7m3ZTRBuF3bpamLTIVjfeun4zyYywVup0DConhDz7BkxOyAvP7OzrXrr7O6QZwxQVkuKYzAtSH4Flu7DZYmc1gVELHGUOyqIamUa0WCpJoMQC06iC%2FReOFvOevY%2BucUDze0iTCj1ToacqUDWELc6P8swcX%2Fm5OStEyhlFyjj7kTLqs7NwrTypBZ4vwihsM84jwbjXbjTDpus2OPfbHeF1kNuJSJY%2B%2BAcAAP%2F%2FAQAA%2F%2F9ejENAkgQAAA%3D%3D
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectoverwhelmfarrier.com
Fingerprint73:29:36:67:DF:86:C1:29:CD:54:5E:05:D2:63:9A:F4:E2:BA:9C:C1
ValidityTue, 28 Nov 2023 10:35:32 GMT - Mon, 26 Feb 2024 10:35:31 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST4gcxRutTvZ3%2BuFBCYgHYQ45RHBnu2e6Z3rMIRhjYnDdXfKHPXixuqp6ttzqrqaqe3p2vCwGJCcZwYPH3je7WYwhGI%2BCILNewoLgeJA9uCDeoyDk4ElmdmD0O9T3ve%2FV4b1X9clecUo8FPRk4z09kErRlaDu1i5typTr0tbW7tQ8t%2B5erm3KtOVfrvWnh%2Bm94blB3X2tdkOwbb3ScD3X9Vyvdl0aEev%2ByoyFzB51vHrHrfuNuhf46Jv%2FYls4sNQB752SlyD55H9bT59AsjHS5Otrwm7nOnv97aRQNNcGPX54N91OdZkiWYyxcRCnh%2FPb0HZCyBfnoNPDuQPo3v7UASI5Ic4vHqL0cC4TUe%2FgTGmkIFJE%2FP8oe2MINYakYzB9D5L%2FRADGsbaONHmwpk1Jd85YOmUnZOn5X5DlhCz9egFp8viqkv3aba2KXOrUoh9XkP0xZHeMrDhCPnAgyyOw%2FGNI%2FiNZeb6KNNlft0pD8pOLgQjiRpvSZS%2Fk3rIfu53lTsfzl32vETSDsOmGUTCLSMoxZDyGEkNQex6FdVBIB0XsoMgcJPykRoNO7LrtOIqbzdBnjDWbjAVhiwe86Yexi4JNPQyRZ0MwNQQzu8jMLrblEKb4HnarguUObE7Q4xVKQVBagpISlJKgzAnKXnXAlW3Y6gFXtoi8eW%2FMe7Ma6by7Rw903hUpATXDveyUvDgL7%2B%2BLf2BbnNT80G25LvNEm0aR3261W602870Gd1kYhx0OKytIew7UOhjICXn58lNkckKWPv0TET2CVUdg0gEtXgUtR%2B2GC7o18kMXg%2FRhssNkQuuMJuC6QpYvId9x9tQpeWWm4p1v34dgx1c%2BH%2Fx24%2FGFj8BMhcxU%2BFD%2BQNBV90e3dEn2b%2BnSkifrWS4TOaDT572d01ycf%2Fiu2Cm14Tev2eGXb7IpMR0f3RE2X6Upl2nXkq%2BuSs6Fua4NE%2BS7m3ZTRBuF3bpamLTIVjfeun4zyYywVup0DConhDz7BkxOyAvP7OzrXrr7O6QZwxQVkuKYzAtSH4Flu7DZYmc1gVELHGUOyqIamUa0WCpJoMQC06iC%2FReOFvOevY%2BucUDze0iTCj1ToacqUDWELc6P8swcX%2Fm5OStEyhlFyjj7kTLqs7NwrTypBZ4vwihsM84jwbjXbjTDpus2OPfbHeF1kNuJSJY%2B%2BAcAAP%2F%2FAQAA%2F%2F9ejENAkgQAAA%3D%3D HTTP/1.1
Host: overwhelmfarrier.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: u_pl=16393455; uid_id2=5e5f27aa-18d1-4f09-9914-4125358308b5:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:42:41 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3c0e5b27faa5cadc3d219a294dc8d51c
Strict-Transport-Security: max-age=0; includeSubdomains

overwhelmfarrier.com/pixel/sbs?c=1

173.233.137.52

200 OK

0 B

URL GET HTTP/1.1
overwhelmfarrier.com/pixel/sbs?c=1
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectoverwhelmfarrier.com
Fingerprint73:29:36:67:DF:86:C1:29:CD:54:5E:05:D2:63:9A:F4:E2:BA:9C:C1
ValidityTue, 28 Nov 2023 10:35:32 GMT - Mon, 26 Feb 2024 10:35:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: overwhelmfarrier.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: u_pl=16393455; uid_id2=5e5f27aa-18d1-4f09-9914-4125358308b5:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:42:42 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

a0.cima44u.online/uploads/thumbs/d56996695-1.jpg

104.21.52.249

200 OK

10 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/d56996695-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 242x360, components 3\012- data
Size
10 kB (10162 bytes)
Hash
a1a235a9141d5423850ea9d9dfde34b6
e5224750f7e430dd79ef34487c9d90b01c918758
ab3600d3be73eec730fa4ff760183964043d8bc73f6238c63a3d62f7cd0cd47a

HTTP Headers

GET /uploads/thumbs/d56996695-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:14:05 GMT
vary: Accept-Encoding
etag: W/"63e92c6d-27b2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432105
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WPKuW2%2F0TgiDFb9R8bl%2BLwr5IP5k%2F0Gl98bj8W37V90h2NFZGpcPZ4%2BT7ZpqQ7plP4L3AGLLrx%2B3ILnE%2BNJqE%2FAJ%2FMkwZJ25mKSa44oyEQHSvXWVsQsB63fYio39lrHd4EJF1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f29b8556a4-OSL
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js

172.64.109.10

200 OK

958 B

URL GET HTTP/3
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (1009), with no line terminators
Size
958 B (958 bytes)
Hash
04835fd7dd7f8cfbad901bee8cff2170
38e9ed1e93f8f0beba9447a99afe3995e63b6f3e
be63bbd38c66ca9a9ee1c8abfed042fd5fc090c40b91ad561e922744ece47c41

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a0.cima44u.online
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:41 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-3be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ebQbi9PjF%2Be62npIJkUG6ylz7xz2gEUUthxUSyH39iq88wS%2BNe7u9x8Gk6k6MVl3YVNrIfvkyxkkVRqqrPaeU80Pij5aXSL94E5EdpQJDRp2Tvs6mGYCT0VpqOQB4tr6X9hZBdcc1XEN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff5301ee083859-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/9cdb8ff63-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/9cdb8ff63-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 239x360, components 3\012- data
Size
18 kB (17567 bytes)
Hash
cdd64ebb2625b058bbf4e87373248c31
2f888e06e24cda7aa203ee292247021a1c139d82
ea0f7a347958ad799586d206a57da20b6118dc6841935ff2c41c420bbe6750ca

HTTP Headers

GET /uploads/thumbs/9cdb8ff63-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:17:32 GMT
vary: Accept-Encoding
etag: W/"63e92d3c-449f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zBogRJp7MZSebVWxTJ4YbLe5lh08vyD00g%2Flf3D4QNurVwqRxVFrmyqKDudKcirTB0QfZCk2DHxqmIOCFV6jwrU3MGsVeiwk6rbT7yIBRK%2FRjsiN%2BxPs8iFdi7lu630QNY3HDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e99a8756a4-OSL
alt-svc: h3=":443"; ma=86400

cdn.cloudimagesb.com/bi/93/1c/a4/931ca4d6c325a07d3fe1c2e46c7bebcb/1676970728.jpg

45.133.44.9

200 OK

98 kB

URL GET HTTP/2
cdn.cloudimagesb.com/bi/93/1c/a4/931ca4d6c325a07d3fe1c2e46c7bebcb/1676970728.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2023:02:16 19:14:19], baseline, precision 8, 728x90, components 3\012- data
Size
98 kB (98164 bytes)
Hash
765bff430ded079ca20961983d3add17
3363ea55bcbd7ee4392fe2f32251ea92a0cd9230
a24da59e7bef68f901aeacaf5656f5589c9a7745d3c11b5a945fed5385074908

HTTP Headers

GET /bi/93/1c/a4/931ca4d6c325a07d3fe1c2e46c7bebcb/1676970728.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:42:40 GMT
content-type: image/jpeg
content-length: 98164
server: nginx/1.21.6
last-modified: Tue, 21 Feb 2023 09:12:16 GMT
etag: "63f48af0-17f74"
expires: Tue, 05 Dec 2023 22:42:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

a0.cima44u.online/templates/3arbserv/css/echo.css

104.21.52.249

200 OK

342 kB

URL GET HTTP/3
a0.cima44u.online/templates/3arbserv/css/echo.css
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
ASCII text, with CRLF, CR line terminators
Size
342 kB (341484 bytes)
Hash
95a19405d1f75ce17d8afc642901b7df
882b244b16bf75030e9d601f440c694f340caa59
d081ac0b26348a2045c23fd6f1fd282180c29ca9642cf8f4f4a79e2d0c6b0054

HTTP Headers

GET /templates/3arbserv/css/echo.css HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: text/css
last-modified: Tue, 27 Dec 2022 18:06:46 GMT
vary: Accept-Encoding
etag: W/"63ab3436-535ec"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X7uobvZXoKfnOI%2Fj4xYkckRVNAEncaRkipSwyTPKHOjN88s1FuHLggcbHrouqG8K6gPo1NAGv8hhLzHKOTv0NB7P8ZsTeCMMDI6v%2BU6NnqSmbAUAhgvOwVtVRptn%2BWsA1LdidQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e96a4556a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

entreatyfungusgaily.com/1931fcb68f0ab7b9cbf203e33e515694/invoke.js

173.233.137.52

200 OK

30 kB

URL GET HTTP/1.1
entreatyfungusgaily.com/1931fcb68f0ab7b9cbf203e33e515694/invoke.js
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectentreatyfungusgaily.com
FingerprintDB:22:94:CB:0E:2C:71:4E:16:A8:04:37:1E:82:91:41:C6:F8:76:5C
ValidityMon, 06 Nov 2023 06:35:13 GMT - Sun, 04 Feb 2024 06:35:12 GMT

File type
exported SGML document, ASCII text, with very long lines (29650), with no line terminators
Size
30 kB (29650 bytes)
Hash
7e0db46f31d3bc1312e528ad419957e9
9a0d8995627f6131598b4e2569245376c6bd1ba9
2640e704f6ff7c6d275da5e5d542794b33d66066ec7ed20e0848d96c50c87a0d

HTTP Headers

GET /1931fcb68f0ab7b9cbf203e33e515694/invoke.js HTTP/1.1
Host: entreatyfungusgaily.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:42:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 55f1f6f1afa6cd83c9d2185b5df5d792
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

a0.cima44u.online/uploads/thumbs/345b2c314-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/345b2c314-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 239x360, components 3\012- data
Size
18 kB (17567 bytes)
Hash
cdd64ebb2625b058bbf4e87373248c31
2f888e06e24cda7aa203ee292247021a1c139d82
ea0f7a347958ad799586d206a57da20b6118dc6841935ff2c41c420bbe6750ca

HTTP Headers

GET /uploads/thumbs/345b2c314-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:19:23 GMT
vary: Accept-Encoding
etag: W/"63e92dab-449f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UHxfD5TlTgavVtQoe9JwB0GbZP%2BEpgj4YG3LiCLWj8ITVUpXKvswaqeFLEcppZzWKaYDdqrr6hbACW9l2DcX2faHNKdkEPOEwNJ5BwA1NAHqSaJ5ESh8YzmwbKlnTyYRYVogsw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e98a7d56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/854a80854-1.jpg

104.21.52.249

200 OK

23 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/854a80854-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 246x360, components 3\012- data
Size
23 kB (22821 bytes)
Hash
9a6323ce8a09e67a4ff8fd60b843ae70
c1b455e5fc158e282431c03045ab2c1afe233659
88718aec9d021dc2496355a2502e1a704bb7852f37cfa0bd7996fafb9ff95103

HTTP Headers

GET /uploads/thumbs/854a80854-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 17:44:30 GMT
vary: Accept-Encoding
etag: W/"63e9257e-5925"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ejZZ262y19w1F%2F9xBZ0zDi740jztXYn8D%2FLQqEbAdD70TkjCCIjqonXB1TdIM0c6d3lAi8d%2Fs8o2DFY%2BvrfObvfaXR3C3AEHkmpIgNgYL9F6QA275ChGNGxxBc2DiY0d1KebaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f2cbd056a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/templates/3arbserv/css/bootstrap.min.css

104.21.52.249

200 OK

121 kB

URL GET HTTP/3
a0.cima44u.online/templates/3arbserv/css/bootstrap.min.css
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
ASCII text, with very long lines (65354), with CRLF, CR line terminators
Size
121 kB (121259 bytes)
Hash
e310704466bade424ddbcac9b584737b
f13be92adf1aa5ee1d6cdcb1b731d9d0c93c546b
dd705e1b31a56604e4d6cfb9da5b96bf18ce605510d30abd7c8ec8eadfc041b1

HTTP Headers

GET /templates/3arbserv/css/bootstrap.min.css HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: text/css
last-modified: Tue, 27 Dec 2022 18:06:50 GMT
vary: Accept-Encoding
etag: W/"63ab343a-1d9ab"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 377359
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qCiqCepp44KWYZDIhrI7fRspFTUOQPZPoUiwTLDRgfVVYft9Z4NWpp%2FEwgQUOL1YdEp7SHPyycGFGZLvGXgPmAj9QCsjzognsDXUcoaH9RMvxVo2MXvn6VAFzRQ6vTauIeSqYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e96a4156a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/3267674df-1.jpg

104.21.52.249

200 OK

23 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/3267674df-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 248x360, components 3\012- data
Size
23 kB (22697 bytes)
Hash
efb9353d3fe046555bd30c29ab8669eb
ab4684e820b6762021679bccadb02363e4aeeddd
942e54fdc6a30d691ebe5bd9100fbb14ed45689a3be4337c612963a779d8295a

HTTP Headers

GET /uploads/thumbs/3267674df-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:05:07 GMT
vary: Accept-Encoding
etag: W/"63e92a53-58a9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hYir%2FaLqUGV4Ey3uhR5TYnKaHILjdrnMIEsPXwuN2l3Ob5KeI%2Bj5G%2BqNC6iOu9eR0Jx8dwYQxTJhlUIaGRaKey3U%2F8CVQfcpUZ6CYXOkGpHEsUdCnszU6fefuRDYDqlR0jECyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9baac56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/templates/3arbserv/js/jquery.cropit.js

104.21.52.249

200 OK

28 kB

URL GET HTTP/3
a0.cima44u.online/templates/3arbserv/js/jquery.cropit.js
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
ASCII text, with very long lines (27266), with CRLF line terminators
Size
28 kB (27579 bytes)
Hash
c8e427194b3c84f938b4ec39a6246206
b169de2529e5511fcd2a661e37c9e503a1237e98
0470258f6855efc5839980fa61aecefef09783a8b4d250cbaf8109e59e2f8f8c

HTTP Headers

GET /templates/3arbserv/js/jquery.cropit.js HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: application/javascript
last-modified: Tue, 27 Dec 2022 18:07:52 GMT
vary: Accept-Encoding
etag: W/"63ab3478-6bbb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 929358
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VtdSqdRV7U6GEw1V5STW8ZP6VK71IFq1vySw3ijWrhTx%2BExW6kwoqF7aGoQRP2LXhvRPfDailjDXivWRuKni09zEDd%2FtxuJPst%2BXue94AvKpCKFIennhpzRtrA39pCuCbJbWAw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52ea2b3e56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/f680a893b-1.jpg

104.21.52.249

200 OK

15 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/f680a893b-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 248x360, components 3\012- data
Size
15 kB (15339 bytes)
Hash
bccae696981506b2e463791ddc247eaa
a61270cd214ba6b410d36bb815be33efa018bc07
67415b0e2947d657a7861863191510f14049be0ece942035dfd2d85a8fecb16c

HTTP Headers

GET /uploads/thumbs/f680a893b-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Thu, 02 Feb 2023 09:23:39 GMT
vary: Accept-Encoding
etag: W/"63db811b-3beb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PhY1sI5Azk2ZWPCTV97uHdK0L3C3AaGgpC5NuKWsELFnYbO8FU4kWn%2BHuz5arj4dtTbcRbq6bFXa9Vk5llw%2FkiKWH0kUC0XdLkZe1%2FTYDA4VsMIxgD3DTfHz7jN8uvcja9JZyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f19a8a56a4-OSL
alt-svc: h3=":443"; ma=86400

netdna.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css

104.18.10.207

200 OK

27 kB

URL GET HTTP/2
netdna.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint34:BC:91:5F:B9:EC:32:2C:D9:73:C7:88:C3:6C:FB:77:E7:70:8D:04
ValidityThu, 30 Nov 2023 00:15:17 GMT - Wed, 28 Feb 2024 00:15:16 GMT

File type
ASCII text, with very long lines (26548)
Size
27 kB (26711 bytes)
Hash
0831cba6a670e405168b84aa20798347
05ea25bc9b3ac48993e1fee322d3bc94b49a6e22
936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829

HTTP Headers

GET /font-awesome/4.4.0/css/font-awesome.min.css HTTP/1.1
Host: netdna.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"0831cba6a670e405168b84aa20798347"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 11/18/2022 06:19:10
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 863
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 2562857f0a167db0963d48453a4431f8
cdn-cache: HIT
cf-cache-status: HIT
age: 933639
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82ff52e9c82b1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

glaultoa.com/?rb=Jvi4nlnMUULM6rUKxhjM7MsgmMgAoXJ3t-0-qG7NX2jGbo2APLiQDJqbaOn3q8HHzReSBv2cS7u_3VjwmWi_kDzz0wnL6FDYKh-UwEaCtJTSx9eJYJlfpRH2DoqwGDbAFTACwU00JjRAeQ3DvJLLSD9I229MFvCgCF9160TUFjXrfVD4tndaXOIH8TSyv8WV6AHcLkDx3uQ7t_xEDxEkr3sPvWgGUNGyHmGEyYRjmuBh2JAJ&request_ab2=0&zoneid=5694207&js_build=iclick-v1.635.5-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fa0.cima44u.online%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.635.5-auto&bs=51539fa3-3315-403d-8b93-9507dd219927&userId=2a19ad1150a54c83a3a987907561b148&m=link

139.45.197.245

200 OK

2.4 kB

URL GET HTTP/2
glaultoa.com/?rb=Jvi4nlnMUULM6rUKxhjM7MsgmMgAoXJ3t-0-qG7NX2jGbo2APLiQDJqbaOn3q8HHzReSBv2cS7u_3VjwmWi_kDzz0wnL6FDYKh-UwEaCtJTSx9eJYJlfpRH2DoqwGDbAFTACwU00JjRAeQ3DvJLLSD9I229MFvCgCF9160TUFjXrfVD4tndaXOIH8TSyv8WV6AHcLkDx3uQ7t_xEDxEkr3sPvWgGUNGyHmGEyYRjmuBh2JAJ&request_ab2=0&zoneid=5694207&js_build=iclick-v1.635.5-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fa0.cima44u.online%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.635.5-auto&bs=51539fa3-3315-403d-8b93-9507dd219927&userId=2a19ad1150a54c83a3a987907561b148&m=link
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectglaultoa.com
Fingerprint76:62:43:3F:4B:5F:3A:A9:C6:00:2D:6B:18:2F:1C:90:5D:34:A8:A0
ValiditySat, 02 Dec 2023 14:50:24 GMT - Fri, 01 Mar 2024 14:50:23 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2461), with no line terminators
Size
2.4 kB (2432 bytes)
Hash
8a600c3df470c5f24f2a6864fa33d0b6
1e1f002358d0a9e55b503c68016e523d39f355bb
072e53d0ce72640ae832fda94cb31330e05bd27e0b4210994c1745bc45f4c05d

HTTP Headers

GET /?rb=Jvi4nlnMUULM6rUKxhjM7MsgmMgAoXJ3t-0-qG7NX2jGbo2APLiQDJqbaOn3q8HHzReSBv2cS7u_3VjwmWi_kDzz0wnL6FDYKh-UwEaCtJTSx9eJYJlfpRH2DoqwGDbAFTACwU00JjRAeQ3DvJLLSD9I229MFvCgCF9160TUFjXrfVD4tndaXOIH8TSyv8WV6AHcLkDx3uQ7t_xEDxEkr3sPvWgGUNGyHmGEyYRjmuBh2JAJ&request_ab2=0&zoneid=5694207&js_build=iclick-v1.635.5-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fa0.cima44u.online%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.635.5-auto&bs=51539fa3-3315-403d-8b93-9507dd219927&userId=2a19ad1150a54c83a3a987907561b148&m=link HTTP/1.1
Host: glaultoa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a0.cima44u.online/
Origin: https://a0.cima44u.online
DNT: 1
Connection: keep-alive
Cookie: OAID=2a19ad1150a54c83a3a987907561b148; oaidts=1701643359
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 22:42:40 GMT
content-type: application/json
x-trace-id: 51450b11f34c6a09202b2a90bc57974d
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://a0.cima44u.online
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=2a19ad1150a54c83a3a987907561b148; expires=Mon, 02 Dec 2024 22:42:39 GMT; path=/; secure; SameSite=None
oaidts=1701643359; expires=Mon, 02 Dec 2024 22:42:39 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 10 Dec 2023 22:42:39 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

a0.cima44u.online/uploads/thumbs/74cc9f8b2-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/74cc9f8b2-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 239x360, components 3\012- data
Size
18 kB (17567 bytes)
Hash
cdd64ebb2625b058bbf4e87373248c31
2f888e06e24cda7aa203ee292247021a1c139d82
ea0f7a347958ad799586d206a57da20b6118dc6841935ff2c41c420bbe6750ca

HTTP Headers

GET /uploads/thumbs/74cc9f8b2-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:17:14 GMT
vary: Accept-Encoding
etag: W/"63e92d2a-449f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1GRAL86IZMt22fRBQt0%2B8EtKUadp%2FsjcxMypMNrry4RKLVmQyR2umwJ9G8nybCGDJO5gbwXZcXTyOwdzk%2BLHL4lRbUa4zXEuKinusvAI9oAut%2FhCMYfxZgourFy1CVzhwALF%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9aa9256a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/templates/3arbserv/js/slick.min.js

104.21.52.249

200 OK

40 kB

URL GET HTTP/3
a0.cima44u.online/templates/3arbserv/js/slick.min.js
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
ASCII text, with very long lines (32012), with CRLF line terminators
Size
40 kB (40478 bytes)
Hash
154f6c33b55354bd5962ca9b254ffb94
d027dfa09ad6e6c627f9a90c6c750f04cdcbefec
efeadfb59fe7ea11b2f7fdef0250f347c408d84faa6d500967763ec9be2a1afa

HTTP Headers

GET /templates/3arbserv/js/slick.min.js HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: application/javascript
last-modified: Tue, 27 Dec 2022 18:07:42 GMT
vary: Accept-Encoding
etag: W/"63ab346e-9e1e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432104
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=04nMGytr0Ao0OJ2kOp4QWOeK%2F7x3qX3O%2BmAztkpCUnIUuYZwH2KvbcOZYhrouP%2BaxvYcyGiK8WZYLROCnhSUROvtuWsJVXI%2Bre99j9c9dBF3KholzOJea9O1AnS2ZvioDUvP9w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9dad956a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/favicons/favicon-16x16.png

104.21.52.249

200 OK

1.0 kB

URL GET HTTP/3
a0.cima44u.online/favicons/favicon-16x16.png
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
1.0 kB (1017 bytes)
Hash
2f9e3795889ec567bbb1124b6b1f73c8
1587f8e10111dda099a9453850224807334ec44b
c994effa2226581104a4963c1c0ced8b6009e06a8ac49b4cdb09ce1c84443a65

HTTP Headers

GET /favicons/favicon-16x16.png HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1; pp_main_0fff55c02cf2a71ee58ef898c5cdeb9d=1; sb_main_480600c1e7abb4767667c412d0c8f89d=1; sb_count_480600c1e7abb4767667c412d0c8f89d=1; _ga_921WWXNG38=GS1.1.1701643365.1.0.1701643365.0.0.0; _ga=GA1.1.1003168250.1701643365; _ga_QWVQ42TCTT=GS1.1.1701643365.1.0.1701643365.0.0.0; prefetchAd_5694207=true; pbpr0tpuw4isk85t8yg3jb2lj5vqf=overwhelmfarrier.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:40 GMT
content-type: image/png
last-modified: Tue, 27 Dec 2022 17:49:54 GMT
vary: Accept-Encoding
etag: W/"63ab3042-3f9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hx2QUkfIgtX%2Ba6j%2F28jkmfZKcf7jMzrMrAZBaUgbvMISgP3M2AJODJ%2FRYhtp7%2F%2Bv%2B235VUg5JbH0XAbDUDcmwezOknGRzPU8JKMidLF7ZpZMWEjLNkwFPvl4DZix4fbILwOQxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52fbfc9656a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/c71de40bf-1.jpg

104.21.52.249

200 OK

19 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/c71de40bf-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 242x360, components 3\012- data
Size
19 kB (19311 bytes)
Hash
629e048a2268cab23166a5d606fca182
6a4d0cc3932f917929e715a34d8c892a9b0a10ef
c7a202e31fbc4bd753950fd97c344a7b81cc65ca93e1f0a1d447adf8a5f2e9cb

HTTP Headers

GET /uploads/thumbs/c71de40bf-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:03:54 GMT
vary: Accept-Encoding
etag: W/"63e92a0a-4b6f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432100
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dSVwRMJTyD06SVDKIEvMirttrmy1uZS7newGQ3e4OjfTijS%2FBr867dL3QtM5z7kqGuqUp0VjifdBDF9fChf2j36gU6NpU5xng%2F1WdMk2x0uAW0L6uvEKT%2FDGOiQ6kMdIfI13%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9bab656a4-OSL
alt-svc: h3=":443"; ma=86400

entreatyfungusgaily.com/1931fcb68f0ab7b9cbf203e33e515694/invoke.js

173.233.137.52

200 OK

30 kB

URL GET HTTP/1.1
entreatyfungusgaily.com/1931fcb68f0ab7b9cbf203e33e515694/invoke.js
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectentreatyfungusgaily.com
FingerprintDB:22:94:CB:0E:2C:71:4E:16:A8:04:37:1E:82:91:41:C6:F8:76:5C
ValidityMon, 06 Nov 2023 06:35:13 GMT - Sun, 04 Feb 2024 06:35:12 GMT

File type
exported SGML document, ASCII text, with very long lines (29641), with no line terminators
Size
30 kB (29641 bytes)
Hash
16df29cb6dc5178ab64e03fc9f5ade04
5083f9da017deae1ecba82e902465f83adc01d46
9caf1c17dd9c7695694f05e8d4c63a0b63e794d7b4e9e7b8bfbc3479ea7356cc

HTTP Headers

GET /1931fcb68f0ab7b9cbf203e33e515694/invoke.js HTTP/1.1
Host: entreatyfungusgaily.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:42:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7726dcdb46ee9f39a486270fe9588d6f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

a0.cima44u.online/templates/3arbserv/css/bootstrap.min.rtl.css

104.21.52.249

200 OK

36 kB

URL GET HTTP/3
a0.cima44u.online/templates/3arbserv/css/bootstrap.min.rtl.css
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
ASCII text, with very long lines (540), with CRLF, CR line terminators
Size
36 kB (36353 bytes)
Hash
1fb5a0b71599ff347a72e179f4a3c811
19e931c1eb4d282153df01edf046c402837badcd
567a1f1900bc0eca570462dd3f5be63c8e33a02f6b94a32d1fc96cb4bfbad09a

HTTP Headers

GET /templates/3arbserv/css/bootstrap.min.rtl.css HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: text/css
last-modified: Tue, 27 Dec 2022 18:06:50 GMT
vary: Accept-Encoding
etag: W/"63ab343a-8e01"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1010248
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CgRgXKif%2FvsxmNpIcg9QgxRSpi0%2FxVI6BhTLLuLPgmAPLH4uYNa5Aa%2F2WGsvybu7NF8lN2kfqWP25EJjGfDvqJiBKzU59ELul5oKbqZcYmj0HEHcIlD4O8xy6vX8RWjclC8bZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e96a4956a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/0c0e5c976-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/0c0e5c976-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 239x360, components 3\012- data
Size
18 kB (17567 bytes)
Hash
cdd64ebb2625b058bbf4e87373248c31
2f888e06e24cda7aa203ee292247021a1c139d82
ea0f7a347958ad799586d206a57da20b6118dc6841935ff2c41c420bbe6750ca

HTTP Headers

GET /uploads/thumbs/0c0e5c976-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:17:07 GMT
vary: Accept-Encoding
etag: W/"63e92d23-449f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=naelkEF4sqO1GyN3hi%2BAIXmEGUuDQIOuW8Rp%2BEAdxTbz7JERgtLUqjrm%2F0rptazP8TItMAWgJWiT07TudqE3vIYSnoiSWkKNLbX4Nl7aaYZCbQnv9s%2Br2p8xGzlR1EVX7C1MMA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9aa9356a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/0dd392b8d-1.jpg

104.21.52.249

200 OK

13 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/0dd392b8d-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 244x360, components 3\012- data
Size
13 kB (12810 bytes)
Hash
e701f0afa3492dfb2808af804cb0f102
03fabdbf4aaa7644f7505f3ea920c45cd1565e63
bfd9a6ea4205f0acd1475afbc3d07e5708f0143e0acd53478f69f2d7c16313ea

HTTP Headers

GET /uploads/thumbs/0dd392b8d-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:08:31 GMT
vary: Accept-Encoding
etag: W/"63e92b1f-320a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432102
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tRbG8bywBvkuKvhw3%2BuRs0AZPlxbU%2B0t0DAlwKtjuM%2FVEk6ZCUA9%2F97hKxzdNAlCrbJNu8Lhnrk4xzOKzmt8kEEpUmsCplgbypeKrMhGn%2FXtZfwCxO014oyiD3mo%2FF0FjUgzXw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f29b8e56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/56bd09dab-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/56bd09dab-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 242x360, components 3\012- data
Size
18 kB (17533 bytes)
Hash
7b1c40a45c0914b1efed96c4758dbc05
0b4634f2dfaa410e0242140d8478947e6bc2afd7
99d59048d0d0c266bcf84821e3eebc177eda6504e7f04b7e12aea4bdedec90de

HTTP Headers

GET /uploads/thumbs/56bd09dab-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:10:29 GMT
vary: Accept-Encoding
etag: W/"63e92b95-447d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432102
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fD4ztpiPMsafEQjbxn8mHwLXXsLAr9eqrkQ1us2YAKAVygZDP39g5K5O1q0SjAPck1kqS1UnzmmO%2FK9Ox6qPwm0SaMI4pykDIdk3nQfxdCKPmDa%2FERYpNLR6YhnJsiY%2BHq1JGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f29b8d56a4-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/ea/droidarabickufi/v6/DroidKufi-Regular.woff2

216.58.207.227

200 OK

31 kB

URL GET HTTP/2
fonts.gstatic.com/ea/droidarabickufi/v6/DroidKufi-Regular.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 31248, version 1.0\012- data
Size
31 kB (31248 bytes)
Hash
436938da6ed799ca17110e719e4d2e51
b7ef31b6085a9f0963dffe7939abca527724d389
a7b09bb9c8e8e2fb189204e08ed94bd8096c118780b5e926847cf2748ca7c5c2

HTTP Headers

GET /ea/droidarabickufi/v6/DroidKufi-Regular.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://a0.cima44u.online
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31248
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 18:33:14 GMT
expires: Thu, 28 Nov 2024 18:33:14 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Aug 2014 16:50:04 GMT
content-type: font/woff2
vary: Accept-Encoding
age: 360564
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a0.cima44u.online/uploads/thumbs/b5184d12c-1.jpg

104.21.52.249

200 OK

15 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/b5184d12c-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 244x360, components 3\012- data
Size
15 kB (15139 bytes)
Hash
c32599acb7ab1974df4999c57caec13f
b1dfd83b622814ca98b826ecd5ad5a5cf4628fcf
74d3c29067b0dc24d199223c373b0eb79003158a149c2b0633d70f710cfb378c

HTTP Headers

GET /uploads/thumbs/b5184d12c-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 17:58:03 GMT
vary: Accept-Encoding
etag: W/"63e928ab-3b23"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yumW88v2OUTAAhlwM6g2j5LilDQAtsGe3xZkL3%2BftbcKVg%2F6Ie6iEKlY48EGkaMrDl6FeeVK4gdp3i5RnzPVoCU6Q3AZc84q1OX5mtinOptvwcaSwf47nJNzUpcw9psVjnxC0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9cab756a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/134cb7796-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/134cb7796-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 281x360, components 3\012- data
Size
18 kB (18091 bytes)
Hash
e3ac4e90d18daaf89758bd63feb16e05
2e703f07345830a9d5e8863d00132b0ad2dec5aa
e5c88dccfa6684ab668a1db5eaefdd7c1fe49be8d734ef3379a2a159013ffb9d

HTTP Headers

GET /uploads/thumbs/134cb7796-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:07:14 GMT
vary: Accept-Encoding
etag: W/"63e92ad2-46ab"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432102
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VUpUUyiX%2BNuv5QzTAdOpONGH%2B5wpcEM9UnLMcpixzHOsQfWIw5HHYCV06TQWH170cXm3alYUZXSROIqyKBd72tkrdXF3%2Bz%2F%2FQ%2BskQ4rSzZfkcTh7xvMsoAL3tmmJYwFxMjdWqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f29b9156a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/0e7cc0b25-1.jpg

104.21.52.249

200 OK

19 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/0e7cc0b25-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 360x360, components 3\012- data
Size
19 kB (18643 bytes)
Hash
f2f152dbe80b5e5e67c39553e69dd30c
91f78f86f2fbb8ed424d36947290a36f4ba76f25
373dcd4da290fb91ef2ffbcd10210e5992a1c0be0f06d2b0191b36077aa8c369

HTTP Headers

GET /uploads/thumbs/0e7cc0b25-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:12:33 GMT
vary: Accept-Encoding
etag: W/"63e92c11-48d3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432105
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dsN%2F8J7WDiZ9%2FPkEV%2Fjo0A0bOn%2FjQhFVzbLiNVXXAuKQI1nhVYjCxfSnwWOILN5wBMtbLAAjpCQdzK3gqbYFcoRUs%2Bm%2BqFcIx5gHIT1AT7QSXZPmfLsz7Hn3Tq1fXwabwoMkjw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f29b8756a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/bd098a6ef-1.jpg

104.21.52.249

200 OK

16 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/bd098a6ef-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 259x360, components 3\012- data
Size
16 kB (16181 bytes)
Hash
b54ca363369c9413a9a4b5c4f91ce391
80ffb11033a23f164170c91211105b74f636ec81
f702343f7d99f955ec6bcfa54b7230fa4fca6a940147157347e7ecfccb916f00

HTTP Headers

GET /uploads/thumbs/bd098a6ef-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 17:49:52 GMT
vary: Accept-Encoding
etag: W/"63e926c0-3f35"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432101
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i3247GeQIjXujPHLarQd%2BoywffYjI05CR614MGlRIKtAoVrQ%2BqUw976iCHRcMTf8BsXkwCWlWuAtIk2ESvKpGzmxg642bxN1MPrgK0xR0Tus%2FIz%2Ba8Awp%2B%2FWZUCP8515FlI1KQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f2cbcd56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/433906266-1.jpg

104.21.52.249

200 OK

20 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/433906266-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 242x360, components 3\012- data
Size
20 kB (20090 bytes)
Hash
8c20f9f86a59cf1e7a7f36b1fa5f5b2f
cd2e696c943de8f3677872613a6c9f8b0ce5b9f6
56dc671b563ff643fbeb81c0738dfe16424b11a8baac340df19ef589d9fadd96

HTTP Headers

GET /uploads/thumbs/433906266-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Thu, 02 Feb 2023 09:34:37 GMT
vary: Accept-Encoding
etag: W/"63db83ad-4e7a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sq88PGc2HMK5LrkrcolOEgSSnV1sb117QHvqSkHXzazBW4GzOP6uqPaYwlWY34unBaZ4aSw3luppZLGwATPjrK%2BiH8Ygw7mp0dULlm%2BqSIhSQaXy8kADIf5mANVjMn4ZguSgLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f1aa9956a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/6f152699b-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/6f152699b-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 240x360, components 3\012- data
Size
18 kB (17834 bytes)
Hash
56bc4a5d8356ae8b9c529c4b85d79dbd
e6b12f805636f7c6c05efc73bc302a47a5862459
53829a9ed63628425727444210a2da1ac62a160bc008e9f43b9d534eb581d3c7

HTTP Headers

GET /uploads/thumbs/6f152699b-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 17:58:21 GMT
vary: Accept-Encoding
etag: W/"63e928bd-45aa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432101
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vs8C3QJJ4wVGqmwZMEp7T30G8lhC011ZW%2FZvqNTT8GKz48dwyk59BFYdohEXBs%2Fo3EpVRtv9X%2FcxHcdPJEnHuz%2FXHk1aCpH%2BcJKw8UikxXa5zHfBnPpGVwSr5dZgL9ESuivtJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f2aba756a4-OSL
alt-svc: h3=":443"; ma=86400

devoutdoubtfulsample.com/89/ab/81/89ab81a3ced8118ab581c31212259e58.js

192.243.59.20

200 OK

43 kB

URL GET HTTP/1.1
devoutdoubtfulsample.com/89/ab/81/89ab81a3ced8118ab581c31212259e58.js
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectdevoutdoubtfulsample.com
Fingerprint46:DE:76:4D:52:45:B0:2F:13:58:87:BE:89:D2:89:F5:9B:CA:E2:5F
ValidityTue, 28 Nov 2023 08:12:35 GMT - Mon, 26 Feb 2024 08:12:34 GMT

File type
ASCII text, with very long lines (42804), with no line terminators
Size
43 kB (42804 bytes)
Hash
a7e51bb2fbea8e4063c84a10c25e6d11
1a98c26776115565d18d4de61674c4e5ddf10a5f
197ea0892b2425653a901975064ab1193130eace24ae630c24082b685c310de4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /89/ab/81/89ab81a3ced8118ab581c31212259e58.js HTTP/1.1
Host: devoutdoubtfulsample.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 22:42:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e2dd5c52de4c1763a70ee7dcc00d8043
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

a0.cima44u.online/uploads/thumbs/2fa51cdd6-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/2fa51cdd6-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 239x360, components 3\012- data
Size
18 kB (17567 bytes)
Hash
cdd64ebb2625b058bbf4e87373248c31
2f888e06e24cda7aa203ee292247021a1c139d82
ea0f7a347958ad799586d206a57da20b6118dc6841935ff2c41c420bbe6750ca

HTTP Headers

GET /uploads/thumbs/2fa51cdd6-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:20:26 GMT
vary: Accept-Encoding
etag: W/"63e92dea-449f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VQ5guvNsAz418J7Bx%2F2fNgbRU3K8GLtY9vHJiJkoViueZznJbvdE%2BLMwy6CjORQcsOeZ%2B1%2BOgXZQYrUrbbGfCFRABQG5l7SpjMvcqT1%2BKFzPcPwOYIl4StUsRO%2Bnsk0%2BzVBChA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e98a7a56a4-OSL
alt-svc: h3=":443"; ma=86400

my.rtmark.net/gid.js?userId=2a19ad1150a54c83a3a987907561b148

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=2a19ad1150a54c83a3a987907561b148
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
432cf817792a7a19131463a71f607f9f
2a214b55187053ff6ce9d48cdce2a438d17ff359
4af9882365efd725ec681de32b34f80a9f6eb8284a052872f2ca1364df060517

HTTP Headers

GET /gid.js?userId=2a19ad1150a54c83a3a987907561b148 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a0.cima44u.online
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://a0.cima44u.online
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=2a19ad1150a54c83a3a987907561b148; expires=Mon, 02 Dec 2024 22:42:39 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html

45.133.44.3

200 OK

1.5 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html
IP
45.133.44.3:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint55:06:B7:F1:EF:E9:55:FB:7C:8C:4F:5D:DB:05:C9:15:19:90:9B:2F
ValiditySat, 11 Nov 2023 03:00:51 GMT - Fri, 09 Feb 2024 03:00:50 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (1639), with no line terminators
Size
1.5 kB (1538 bytes)
Hash
97b357c624104a8e915d01424dfe16ce
6bd7fcedfb7986b149601b1bc840f525b67a8f06
8d010e7163298acf3671bb429a2e0b1d69033a5adc314fa4bddebf74b9775e6e

HTTP Headers

GET /sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a0.cima44u.online
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:42:40 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Tue, 29 Mar 2022 08:27:10 GMT
etag: W/"6242c2de-602"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 03 Dec 2023 23:42:40 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

a0.cima44u.online/templates/3arbserv/css/jasny-bootstrap.min.css

104.21.52.249

200 OK

14 kB

URL GET HTTP/3
a0.cima44u.online/templates/3arbserv/css/jasny-bootstrap.min.css
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
ASCII text, with very long lines (13803), with CRLF, CR line terminators
Size
14 kB (14009 bytes)
Hash
643524e4ec0f4da89ae4e2041e4de594
4238429fe9396ba35406d7a499e447250c757f9f
57c1ff07290f9d5afc7c89cd5817fcd59159513e16370613ad6f59b7c7d15e3e

HTTP Headers

GET /templates/3arbserv/css/jasny-bootstrap.min.css HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: text/css
last-modified: Tue, 27 Dec 2022 18:06:42 GMT
vary: Accept-Encoding
etag: W/"63ab3432-36b9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 755120
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8urHpTy%2F6oQYfBW8TLaUy%2FMXsJzOpCQLrpvZf5rXrIk2ZV7TK9sdvtWjytep9TwaG7WQCkf0E7qXQfPNxaBzzuyh%2F2BSjpPMkRg5jzK8aPJCZ8pvD4SHrXJ9fq9PobnuaClaag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e96a4356a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/50cb35656-1.jpg

104.21.52.249

200 OK

21 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/50cb35656-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 255x360, components 3\012- data
Size
21 kB (20849 bytes)
Hash
8fbb523f2019bd7ec02bbd15b2c137d1
541ba75c4a85c21ed7af372add47baed1453a661
4abe5d10c4ed35d95ca87dfac26d599f28cbb74cd369a9ccd0a5b4cdd0b38f83

HTTP Headers

GET /uploads/thumbs/50cb35656-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:21:27 GMT
vary: Accept-Encoding
etag: W/"63e92e27-5171"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wNRhKq%2FzmBMJXHv5GGUQWAbmEGbgNBIIi1hpnvCRflnSYJlbek%2BomR9YIO1WouyskTWroFLFqDr%2F%2F%2FM7%2F2DtA47HAfQviUXYwgDx1KgUKlS%2FSlgONbCkElRTuT0%2FLqcVPPT%2BhA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e98a6b56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/templates/3arbserv/img/icon-play-32.png

104.21.52.249

200 OK

2.4 kB

URL GET HTTP/3
a0.cima44u.online/templates/3arbserv/img/icon-play-32.png
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
2.4 kB (2413 bytes)
Hash
35bd95e97ff446debcc363482550378d
91c8d90e0524e5346aa4f3ae0806893db5d95959
eee224146191f9cc5fabac0a105fe5b9b34750f8afe16823dbb593259d8a1d75

HTTP Headers

GET /templates/3arbserv/img/icon-play-32.png HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/templates/3arbserv/css/echo.css
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:38 GMT
content-type: image/png
last-modified: Tue, 27 Dec 2022 18:07:24 GMT
vary: Accept-Encoding
etag: W/"63ab345c-96d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 377353
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A6F19r%2BpMLKJUB%2F1yf4fmC2FsJdrpFnYbS5dVHLI9kuLE0at5Yus%2B6OPNBFPVVX9QbSZm7TbhkPqnFh4MvjUeGuV4c8uhyChdxGt8UvEnPvQrTNCG5GBfR9l9m1wE1%2BEt4%2Bthw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f1aaa356a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/38209d2c1-1.jpg

104.21.52.249

200 OK

16 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/38209d2c1-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 230x360, components 3\012- data
Size
16 kB (16201 bytes)
Hash
1157b53514f670a6431b891d9550b37a
101ae4401d377c49679ba72a199b4e77c1fcc1bf
fd289266155c142850c36f7c1a5f4faac54fd115662ae16aff08899cc829437d

HTTP Headers

GET /uploads/thumbs/38209d2c1-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:00:48 GMT
vary: Accept-Encoding
etag: W/"63e92950-3f49"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oqDQWeqT0BdEcL%2BwDK1QbbjbZRcGTiXG4mzp7soYlqH9vkdwpZpUF71SF95u62Lwb4xSOEQbPzOpn7J8dK16H3yR%2Bw86hHhuPc1dypFQ3dS33B0bGNOTlIg%2BrMjZ8EdDqriXDw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f29b9456a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/templates/3arbserv/js/theme.js

104.21.52.249

200 OK

45 kB

URL GET HTTP/3
a0.cima44u.online/templates/3arbserv/js/theme.js
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type

Size
45 kB (44943 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /templates/3arbserv/js/theme.js HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: application/javascript
last-modified: Tue, 27 Dec 2022 18:07:42 GMT
vary: Accept-Encoding
etag: W/"63ab346e-af8f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=59CTGqp%2BJl%2B05ODNr6wX4576e9APhVtnNETJ6EgK%2F0oC7VuoegR59QbO1yiz1Uamd3P4zrtm6FOH3Lh5qtAU%2FcL9UXBnmobFwDjaXQ%2BwYKL4%2FbnOPst6pL43Qii1fjX5fjqafw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9dada56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/templates/3arbserv/js/jasny-bootstrap.min.js

104.21.52.249

200 OK

20 kB

URL GET HTTP/3
a0.cima44u.online/templates/3arbserv/js/jasny-bootstrap.min.js
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
ASCII text, with very long lines (343), with CRLF line terminators
Size
20 kB (20348 bytes)
Hash
37ce83415fad2054ddb26757ae261760
a61db56d53263dd7f4b575dd391bdc14a7157c86
e604395daa09208224cb82ea0d26e56567865427759cb23c0e4effe14c75619c

HTTP Headers

GET /templates/3arbserv/js/jasny-bootstrap.min.js HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: application/javascript
last-modified: Tue, 27 Dec 2022 18:07:56 GMT
vary: Accept-Encoding
etag: W/"63ab347c-4f7c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 377356
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xFoGLZD0NNSPoK%2FVK2lruNAayRMSoNr97SWa5zFXPtOrAvMut0iU8ZAp6CwWSPOqWf3gcvMb7XseK5Vd%2FfLujibzB4I8eJYY6WvtHN5ZGpOOYkeyXWjE35XYuWq1U9Okk4qdYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52ea0b1d56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/edffa0c75-1.jpg

104.21.52.249

200 OK

20 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/edffa0c75-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 248x360, components 3\012- data
Size
20 kB (20084 bytes)
Hash
f1118cff8dbf587c44dbab7981d55ea1
fc6248acfa40cd249c8b224294a67a0ca9358c56
52ae769507e2add1a75aa7ee876ed7c56e1a9f90f4879712ae676ad439795bcd

HTTP Headers

GET /uploads/thumbs/edffa0c75-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Thu, 02 Feb 2023 09:22:31 GMT
vary: Accept-Encoding
etag: W/"63db80d7-4e74"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WhUN5J7urek6PWcUr2g0km4jE0zIVGtx6pNiOJds6VVBCyhGay52hcrbZhc9fzkoA796ufi4fWxDotLV45GUqQe7%2F550t6KdOjH5CxQvnowGhj5e9UlzN6snBBKKbOerj1w6GA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f19a7e56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/templates/3arbserv/css/custom2.css?v=1

104.21.52.249

200 OK

47 kB

URL GET HTTP/3
a0.cima44u.online/templates/3arbserv/css/custom2.css?v=1
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
ASCII text, with very long lines (6169), with CRLF, CR line terminators
Size
47 kB (46580 bytes)
Hash
b23020d09c3c867f7d66c094311c9070
950c0ed9df867d00ad96782433608022c0354244
916131ae951b69de39a189fe3db871e7b65b028695e457e0b69d5368ef8642be

HTTP Headers

GET /templates/3arbserv/css/custom2.css?v=1 HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: text/css
last-modified: Tue, 27 Dec 2022 18:06:46 GMT
vary: Accept-Encoding
etag: W/"63ab3436-b5f4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 771206
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CD0%2BXd5d1OuOVnnRca%2B7tdqOlPDECO7tA7KqQgob6UZbE7IKjE%2FXIZ9wYaRSHAb88ypR2AjqcUm6gywmP%2Fzv84BeE9dTP9jYGFKsugwuCXjWFYD8ChVqzzp6G1%2F2jmNGk%2Brj%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e97a5c56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/8be950659-1.jpg

104.21.52.249

200 OK

24 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/8be950659-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 242x360, components 3\012- data
Size
24 kB (23781 bytes)
Hash
79bfbdd2792587f3ac7338cda10e207f
02365af2b1036a4e42810d4b0f4752919c2bf364
1993175aff40d46abca79c7d15e03ebc58b3f5d99f4921293555a2d1cb15b7be

HTTP Headers

GET /uploads/thumbs/8be950659-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:14:47 GMT
vary: Accept-Encoding
etag: W/"63e92c97-5ce5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432101
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bf69ygybDPkuXHJkwfs3qsHawTKM%2BFD1XKj0mP2d85tOYSH2D7gxOgyGAZXbThRbU0xzCCV5Wy0lf9kqyI%2BSXmMmYCw5AxcmpQbNxZ%2B9%2Bp4Z%2F%2F5xzpdHCEs6wkajx8leqUoR8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9aa9b56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/templates/3arbserv/css/echo.rtl.css

104.21.52.249

200 OK

24 kB

URL GET HTTP/3
a0.cima44u.online/templates/3arbserv/css/echo.rtl.css
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
ASCII text, with CRLF, CR line terminators
Size
24 kB (23513 bytes)
Hash
669aad7cfb499782d8e97cc2204393f9
c7cb46f97eb602bb2f5058b400c6de73691e2d2f
606eddd9c35531bf131a2694e7141a385d3c84b39493b06aff0d5a92488af826

HTTP Headers

GET /templates/3arbserv/css/echo.rtl.css HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: text/css
last-modified: Tue, 27 Dec 2022 18:06:44 GMT
vary: Accept-Encoding
etag: W/"63ab3434-5bd9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nTiuWGcT8UC9fZdVOQZ5REaOJTQBynSjsjBpYTL2IIMcd18JFsf%2BU1SATBSNW7yhFa2RNpHf%2BF8J4c8ipSM1w7QJGyou%2FF0FKUg1uEaqIAxBF8bYsl7GQqhMvmSJZLlr7FmabA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e96a4a56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/templates/3arbserv/js/jquery.plugins.b.js

104.21.52.249

200 OK

9.6 kB

URL GET HTTP/3
a0.cima44u.online/templates/3arbserv/js/jquery.plugins.b.js
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
Unicode text, UTF-8 text, with very long lines (9926), with no line terminators
Size
9.6 kB (9561 bytes)
Hash
92632136d498b1a1d06162710fa31f15
6ca1fccfbde1c5887329bd4062bf59e31652f819
bb82d5b3df712f03858c3c862cd61f7acb2a9a447447f43fef88de4c2803fd6b

HTTP Headers

GET /templates/3arbserv/js/jquery.plugins.b.js HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: application/javascript
last-modified: Tue, 27 Dec 2022 18:07:50 GMT
vary: Accept-Encoding
etag: W/"63ab3476-2559"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 377356
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=24pblRoEtPvCVE8sPu17dn2ptJ5hqnlqJvxvpwp%2FZhr4MxvwgBjDax42gpCycibvHmvg6KVVeccEoFUrp%2BUVKDdTpW4A3VpwXwb9nz4nWIDwA9qnH95h0lWvhqlwCVMY8%2FbD9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52ea0b2156a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/js/melody.dev.js

104.21.52.249

200 OK

24 kB

URL GET HTTP/3
a0.cima44u.online/js/melody.dev.js
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
ASCII text, with CRLF line terminators
Size
24 kB (23865 bytes)
Hash
1d0a966ae80281cd5d70ea5a9f26adbc
addace911bdfac4f98f51ae7bfb99101028379f7
35e42f88cf619f9e49d0412cdc23eab7df775e9dbbc0cc76407fef0be69c6b63

HTTP Headers

GET /js/melody.dev.js HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: application/javascript
last-modified: Tue, 27 Dec 2022 17:59:56 GMT
vary: Accept-Encoding
etag: W/"63ab329c-5d39"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 929358
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lqIPQmhwC4h1lumoQqWrIcHb%2FHawesQWsdboBNwBWJc7cT37yPieK1jgpHew0Ij8R5jVROXWbyySitCCvIYVqIkm%2FuXUSje%2F5LBMxOEtj9OthU50uyzNhAVSThgcVxaVkvab4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9eae556a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/templates/3arbserv/js/jquery.plugins.a.js

104.21.52.249

200 OK

9.8 kB

URL GET HTTP/3
a0.cima44u.online/templates/3arbserv/js/jquery.plugins.a.js
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
ASCII text, with very long lines (10107), with no line terminators
Size
9.8 kB (9818 bytes)
Hash
21e878c3d1a8537111ea448daaf8b2b2
bbd948b6a36aedd368e01fa86112872f3b191f81
8bb185d6bbad2fc40cf9b76d92815150ea1505f019795a9b05f075a0320e4832

HTTP Headers

GET /templates/3arbserv/js/jquery.plugins.a.js HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: application/javascript
last-modified: Tue, 27 Dec 2022 18:07:50 GMT
vary: Accept-Encoding
etag: W/"63ab3476-265a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a2FiEg%2BWpF%2BRcz60bS5ut6gUpxTSUXi2Tyh6opYiTfteOCmtodeBLCbSkGrQaW3Fm%2Bi4jZ5MWndAJcBOFkIeSEWUTsrsIk%2Fvfo14GWG%2BiAitBwyZg8uEifxDyExeD6DlOhtWaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9dadb56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/style.css

172.64.109.10

200 OK

4.2 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/style.css
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (4404), with no line terminators
Size
4.2 kB (4168 bytes)
Hash
68b1992666e9738c9fe476446c9554c6
7ed918e75115fd3be8bd1df1f6106d3f53129c78
c3ca1c3bc15dfab20c6c3733049214afc18b2deaba8d9685c57cc3f238b687d8

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a0.cima44u.online
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:42:41 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:59:09 GMT
etag: W/"6213707d-1048"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rzJD88mR8CicdgsGbhPodrqGIa9ZISXHUoDsuAmaYFKJS0BrwElcMtB%2FD5rX6OB7iXrfjaoDAcVc639x5TzCblGsAOltwsaqB38BPhl8E6PQtm2vhVz5AMXil778uEbbCkqAgieBL6vG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff52fd8fc37777-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

a0.cima44u.online/uploads/thumbs/529343b8e-1.jpg

104.21.52.249

200 OK

16 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/529343b8e-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 259x360, components 3\012- data
Size
16 kB (15958 bytes)
Hash
f884e46e60809a77d82bc8ce07c85c93
626e5a4c0bf5a03f528da994d93c8e925a98c58e
76fdfa63b626835af10432a4b07da92cdb6a04f2b1f985a5c7dedc81fb438cd1

HTTP Headers

GET /uploads/thumbs/529343b8e-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 17:52:14 GMT
vary: Accept-Encoding
etag: W/"63e9274e-3e56"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432101
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bR2KcRz8EUZgg8fl4zbfU4BOEQWmHhjwA4ScHieLh9DYwFR%2F5cEBQRIv247aRJOBcGJB40wkTPOmDGqYud91aUUWhZjVFFffRhwbt2KTokuk3ve4LDJePtvqMCPhD2I%2Fi9b73g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f2cbcc56a4-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

6.8 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (7013), with no line terminators
Size
6.8 kB (6824 bytes)
Hash
49475c425d6c00477bb339179326c49b
bd97deeb753f44f43a21feafa92d98239fa511bd
598841a98ad357d2896d2f093ea3e4e1d44e24b3351268ffd45e61ff8c1d0e09

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 03 Dec 2023 22:42:41 GMT
date: Sun, 03 Dec 2023 22:42:41 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

a0.cima44u.online/uploads/thumbs/fd1d3c4f5-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/fd1d3c4f5-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 239x360, components 3\012- data
Size
18 kB (17567 bytes)
Hash
cdd64ebb2625b058bbf4e87373248c31
2f888e06e24cda7aa203ee292247021a1c139d82
ea0f7a347958ad799586d206a57da20b6118dc6841935ff2c41c420bbe6750ca

HTTP Headers

GET /uploads/thumbs/fd1d3c4f5-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:16:42 GMT
vary: Accept-Encoding
etag: W/"63e92d0a-449f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iZF1pAy%2BE4yqsHp%2BpxGzLpiU1Jc8ufqHZ3eVHjOMpT8lPZ5pCW%2BDcmhExPPWH4imeLzlVoa28labHMBWXFtalpHv%2BROaDXtRHwbYkmgw5JE62dkOhaHJEsHyrIemQ2ZX42vlxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9aa9656a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/6f3d07cf3-1.jpg

104.21.52.249

200 OK

17 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/6f3d07cf3-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 259x360, components 3\012- data
Size
17 kB (17191 bytes)
Hash
1a8189d841bb8aae64fa2206c6a98d29
40b04a4328ba4c488fa7ae26e96fb9c1972c5d79
226b8377b3475f318b21c6e7e1d17fcf2b415a0362e195244a69ce064a668d41

HTTP Headers

GET /uploads/thumbs/6f3d07cf3-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 17:46:25 GMT
vary: Accept-Encoding
etag: W/"63e925f1-4327"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432101
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mGl4eIO1jCrSyV4mz9j%2Bb%2B8HuE8ZnWqpq%2Fe2X9E5kziTLYfktwm9moJO8vDuZQE09EvxSUyHdl89IHD4XWNHQo2J%2FXkeCiLIyhfjVyYJhR%2BIBAVMyJJ5pHe%2FW3WQ8cKwbHP0dw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f2cbcf56a4-OSL
alt-svc: h3=":443"; ma=86400

192.243.59.20

307 Temporary Redirect

3.4 kB

URL GET HTTP/1.1
devoutdoubtfulsample.com/watch.548399070676.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectdevoutdoubtfulsample.com
Fingerprint46:DE:76:4D:52:45:B0:2F:13:58:87:BE:89:D2:89:F5:9B:CA:E2:5F
ValidityTue, 28 Nov 2023 08:12:35 GMT - Mon, 26 Feb 2024 08:12:34 GMT

File type

Size
3.4 kB (3425 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.548399070676.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1 HTTP/1.1
Host: devoutdoubtfulsample.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a0.cima44u.online
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 22:42:40 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://a0.cima44u.online
Access-Control-Allow-Origin: https://a0.cima44u.online
Access-Control-Allow-Credentials: true
Location: https://devoutdoubtfulsample.com/watch.548399070676.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1&shu=dfb7f0161cc40703e8bd4f1e49256e9bffc4df09d56e517547024fb2a118040e6839643870a841ae4586138d513384d9a4576ea16df3a572141051e287098dc62c4efe72eb7cde845eb245fcc43f0a6d70cd28973354cbb50fcecdcb896e6e&pst=1701643420&rmtc=t
Set-Cookie: u_pl=16345501; expires=Mon, 04 Dec 2023 22:42:40 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjM0NTUwMSwiayI6IjE5MzFmY2I2OGYwYWI3YjljYmYyMDNlMzNlNTE1Njk0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTIyNjMzLCJwaWQiOjI5ODczNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJrNnR4YzRxNjYiLCJjcGtzIjp7IjI5IjoiODlhYjgxYTNjZWQ4MTE4YWI1ODFjMzEyMTIyNTllNTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYTAuY2ltYTQ0dS5vbmxpbmUvIiwiYXIiOltdfX0.9FqjmEEMhzOO4nOcdY19N9XBTJDiNQyBt5Q-jdnsp9E; expires=Sun, 03 Dec 2023 22:43:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d2bee85fba356fccb45dbf701b8ed5be
Strict-Transport-Security: max-age=0; includeSubdomains

a0.cima44u.online/favicons/android-icon-192x192.png

104.21.52.249

200 OK

22 kB

URL GET HTTP/3
a0.cima44u.online/favicons/android-icon-192x192.png
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
22 kB (22310 bytes)
Hash
dcf7d645053c0bb7e0edd25960004324
5951f5ffde7d819e499f69540b0d95cc39d0a8bd
ce2f656adb31855d7886fbcf54add26d85fe22f49a1712cde1779bc905384700

HTTP Headers

GET /favicons/android-icon-192x192.png HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1; pp_main_0fff55c02cf2a71ee58ef898c5cdeb9d=1; sb_main_480600c1e7abb4767667c412d0c8f89d=1; sb_count_480600c1e7abb4767667c412d0c8f89d=1; _ga_921WWXNG38=GS1.1.1701643365.1.0.1701643365.0.0.0; _ga=GA1.1.1003168250.1701643365; _ga_QWVQ42TCTT=GS1.1.1701643365.1.0.1701643365.0.0.0; prefetchAd_5694207=true; pbpr0tpuw4isk85t8yg3jb2lj5vqf=overwhelmfarrier.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:40 GMT
content-type: image/png
last-modified: Tue, 27 Dec 2022 17:49:58 GMT
vary: Accept-Encoding
etag: W/"63ab3046-5726"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8FQFtqpvtxg%2FYvP6779QOzrjrkT6uhM4uP8nYr0DYkorhHQFnptJIADA62jkscnJLI7dvDL5EBN6tREio5LIUKcM7u7i8ZaLP5p2OAxtZiBqWzf5uqJJ3ucrgC%2BIWgZTsXySxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52fbfc9156a4-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-QWVQ42TCTT

142.250.74.168

200 OK

281 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-QWVQ42TCTT
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (5955)
Size
281 kB (280912 bytes)
Hash
8ba1cf420d2947f71de4c2571aadf69e
e5d199c1f78ee6d926c55d741b3f71acbf147654
0041dc81f95547a9ef64406381d58b13fc9587e4832b34e4bccddb8b10935822

HTTP Headers

GET /gtag/js?id=G-QWVQ42TCTT HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 03 Dec 2023 22:42:38 GMT
expires: Sun, 03 Dec 2023 22:42:38 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 93121
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a0.cima44u.online/uploads/thumbs/966fd594e-1.jpg

104.21.52.249

200 OK

21 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/966fd594e-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 255x360, components 3\012- data
Size
21 kB (20849 bytes)
Hash
8fbb523f2019bd7ec02bbd15b2c137d1
541ba75c4a85c21ed7af372add47baed1453a661
4abe5d10c4ed35d95ca87dfac26d599f28cbb74cd369a9ccd0a5b4cdd0b38f83

HTTP Headers

GET /uploads/thumbs/966fd594e-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:23:02 GMT
vary: Accept-Encoding
etag: W/"63e92e86-5171"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432104
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uSUMCFRU1faiNCFrmeBbHDYIHfdPU5NERH4cP6n3kSuzKXk3bHHpHQpN39hVHmt4kwjJZrwfJOehNqO7maAMFEzR3DoicC7sdxcSyahaUkUxwTbFuXJaPbe2L6HWHDC2T6O1vg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e98a6356a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/templates/3arbserv/js/melody.dev.js

104.21.52.249

200 OK

8.2 kB

URL GET HTTP/3
a0.cima44u.online/templates/3arbserv/js/melody.dev.js
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
ASCII text, with very long lines (9614), with no line terminators
Size
8.2 kB (8245 bytes)
Hash
84b0bf377d021f0d57fc3d46772c63de
49bb165348b7e2b8fc9ffd09a14bb086c69eb867
875597dce1abd19b5ab43ff2e1a225cae668da2e95f94fe3f1a1b25c746dc998

HTTP Headers

GET /templates/3arbserv/js/melody.dev.js HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: application/javascript
last-modified: Tue, 27 Dec 2022 18:07:46 GMT
vary: Accept-Encoding
etag: W/"63ab3472-2035"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 929358
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eJ2QxGNiPK8M%2BTWVLKDnZ%2F8%2F0dGlHcA1u2MBrEmbdAEZcSzat%2FzYg554bIlam3YfGDawo6EJHoARVI5iHmAWkfrTxV7DMKzcwEUQwtMN8P%2FgEYomt11E2jmXs8xNKBjRiozqkw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9fb0e56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/fa9db1381-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/fa9db1381-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 239x360, components 3\012- data
Size
18 kB (17567 bytes)
Hash
cdd64ebb2625b058bbf4e87373248c31
2f888e06e24cda7aa203ee292247021a1c139d82
ea0f7a347958ad799586d206a57da20b6118dc6841935ff2c41c420bbe6750ca

HTTP Headers

GET /uploads/thumbs/fa9db1381-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:20:42 GMT
vary: Accept-Encoding
etag: W/"63e92dfa-449f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432102
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xD6AJ5rAufDGan6mwAik6uq0ZZOYcbnG5U2a9ELAU0JhCi6ZcadZe37S5xKuFjR%2BM9iKfY2CxbaZ%2Bj0HBWhy5b3Yr3uDIlLF2%2FC7Z9W8RdxgbFHwSYTI9pkLuRdzAEdjA19zGg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e98a7656a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/db103cebf-1.jpg

104.21.52.249

200 OK

12 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/db103cebf-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 242x360, components 3\012- data
Size
12 kB (11615 bytes)
Hash
21f864dc6c2bdc111034a97622d94bb7
21dfd4e666c2b1f528f6acf73602da8ac6b26e59
c6db4aaa3ee62b96846f62e2862d1bf97c9b993af328145251ac3d599c414fff

HTTP Headers

GET /uploads/thumbs/db103cebf-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 17:57:46 GMT
vary: Accept-Encoding
etag: W/"63e9289a-2d5f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mcr%2Fo6u77xQRS1EiSSu%2F0CWehPUM0ouyOOxE8diisZQ2RA4skiGohLmG9eW%2BA9cH3BqaP7o8bNbEB%2B9dd1iOZ5lgIKP4VnMuaOy2bVIaYUwvLPs%2FPmSy9wJFknhj%2BMQZLIRHZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f2bbb456a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/236a31115-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/236a31115-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 256x360, components 3\012- data
Size
18 kB (18028 bytes)
Hash
ba37b9b4a100cfdd8ed06c83e4d6a5ba
9572539d61d698dfd6da137134b5797f4c3f0b11
d5ebdc647038e5f00c599618b2d9e3b94801c136970fda5ab0ae2362877d1c5d

HTTP Headers

GET /uploads/thumbs/236a31115-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 17:59:50 GMT
vary: Accept-Encoding
etag: W/"63e92916-466c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432102
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tCIYbTZCMdZqvlJ1hKsI7ij5Ua3tw6aIYRBJcdlUdaosYc6DZCYNwyEE5xpkx907QI87gzqm%2BAhaX2s5dovnC%2Fzz9RTmX9vyvBDLyOm%2FGgtPzSqh2xRo9MBduBysHCvnHtlGFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f29b9656a4-OSL
alt-svc: h3=":443"; ma=86400

archaicin.com/89/ab/81/89ab81a3ced8118ab581c31212259e58.js

192.243.61.225

200 OK

43 kB

URL GET HTTP/1.1
archaicin.com/89/ab/81/89ab81a3ced8118ab581c31212259e58.js
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectarchaicin.com
FingerprintCB:13:5A:BD:C5:13:07:1E:02:F1:E3:B3:05:D7:5C:2F:4A:25:2E:67
ValidityTue, 28 Nov 2023 10:53:01 GMT - Mon, 26 Feb 2024 10:53:00 GMT

File type
ASCII text, with very long lines (42864), with no line terminators
Size
43 kB (42864 bytes)
Hash
df067185c441beefff04920c9ae311a9
c24cf522bbd9395c2d5561de44ad928148423a08
10467e8cc56403ebbc493ff73cb7617dfcfcaf513e149ac1ef0f89edd2ec4163

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /89/ab/81/89ab81a3ced8118ab581c31212259e58.js HTTP/1.1
Host: archaicin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:42:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 40f5f39f1ae37c56889d5ccb7f77e1f6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

a0.cima44u.online/uploads/thumbs/287f5df49-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/287f5df49-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 245x360, components 3\012- data
Size
18 kB (18278 bytes)
Hash
0549978d97c602d25fc08d34c5bdfafa
092f7e5bb0127c787e60fe402a6a9f032628c3e4
2a5b429e5d4bfa8bdb34d5613a217da95bcde98f6b504469a6f9f5226e46ff4d

HTTP Headers

GET /uploads/thumbs/287f5df49-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:05:43 GMT
vary: Accept-Encoding
etag: W/"63e92a77-4766"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432100
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fOimO%2BCr4g5dcx2Krc53%2FmM8E%2F1Ww2WZrKCcAOTu1KwTsQ%2Bs3emP%2BNsMlJXIaujqN6Qkw4r5apse4thHM6xNzu0sD1Qv4%2BHJwKfc80sBBS2YBl9SuXL6Uv9sImGyWt%2FkugN4%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9aaa456a4-OSL
alt-svc: h3=":443"; ma=86400

x2.cima4u.icu/

172.67.176.9

301 Moved Permanently

128 kB

URL User Request GET HTTP/2
x2.cima4u.icu/
IP
172.67.176.9:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectcima4u.icu
Fingerprint08:15:05:A3:BF:2C:D1:B5:B1:91:9B:41:EA:DF:17:7F:60:7A:97:9F
ValidityFri, 01 Dec 2023 22:57:24 GMT - Thu, 29 Feb 2024 22:57:23 GMT

File type

Size
128 kB (128533 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: x2.cima4u.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sun, 03 Dec 2023 22:42:36 GMT
content-type: text/html; charset=iso-8859-1
location: https://a0.cima44u.online/
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EG9CM%2FkRwj6LO%2FCsBqfzVf%2FVAA8lO03s6P2y9O3d4YK2xxFc8PCYPUPZCZBqhesaSvQaqw0AbDFlhovT4DmXcJjUNbFdQV8K4RwxkbfCehLUdMkTL4m6Y7qlRyLzea5h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52dfb99156b4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

a0.cima44u.online/uploads/thumbs/a1630e1bc-1.jpg

104.21.52.249

200 OK

24 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/a1630e1bc-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 289x360, components 3\012- data
Size
24 kB (24469 bytes)
Hash
648176342b9fb7f3f3f267266e8ce4d7
d6afc19d1f4d3fa76100cebe8ce42f46e6e761bf
58ddb672272e4f33566a53c130354e3ce6721682797cd1314646abdf05942fec

HTTP Headers

GET /uploads/thumbs/a1630e1bc-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Thu, 02 Feb 2023 09:25:23 GMT
vary: Accept-Encoding
etag: W/"63db8183-5f95"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WQpkSisYl%2FlYA5209TTl5%2B1gJcOWvuttscCxFD4V5EJDzkrHLdEcczClzA4zKg%2BIKkOgl4c75u8mAxNwQesseEQhnpSaDTUU%2BDdiQYn9IA6Rn6bo4xbs4uykWn6wPYX4gbLNlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f19a8b56a4-OSL
alt-svc: h3=":443"; ma=86400

unseenreport.com/pxf.gif?uuid=5e5f27aa-18d1-4f09-9914-4125358308b5&eb=c80cb6f7f73f00cad5a4f4398f817bd4&te=fbc0cb225bdaf1792b10ddca0f237860&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=0fff55c02cf2a71ee58ef898c5cdeb9d&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22

192.243.59.13

200 OK

0 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=5e5f27aa-18d1-4f09-9914-4125358308b5&eb=c80cb6f7f73f00cad5a4f4398f817bd4&te=fbc0cb225bdaf1792b10ddca0f237860&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=0fff55c02cf2a71ee58ef898c5cdeb9d&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=5e5f27aa-18d1-4f09-9914-4125358308b5&eb=c80cb6f7f73f00cad5a4f4398f817bd4&te=fbc0cb225bdaf1792b10ddca0f237860&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=0fff55c02cf2a71ee58ef898c5cdeb9d&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 22:42:41 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8863e68b379a76555c5028ad8bda735e
Strict-Transport-Security: max-age=0; includeSubdomains

a0.cima44u.online/js/jquery.typewatch.js

104.21.52.249

200 OK

1.8 kB

URL GET HTTP/3
a0.cima44u.online/js/jquery.typewatch.js
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
ASCII text, with very long lines (1824), with no line terminators
Size
1.8 kB (1758 bytes)
Hash
08252c1ebbbd0d2c16c3a47dc808f90b
d72afef58f39ec9599b90928c7c25c7971e81e30
be52a91461c8b7ec81a1e0b3617c12b2e20f16493bb913cf921e3c497c97c0c5

HTTP Headers

GET /js/jquery.typewatch.js HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: application/javascript
last-modified: Tue, 27 Dec 2022 17:59:56 GMT
vary: Accept-Encoding
etag: W/"63ab329c-6de"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 377356
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a4nFpAeXYLlp3NcBDiFNjMVTON1fpDAKbzC0iW2C84e7JRaZboiuycSDIvTeq8oGk5%2BG23bW7%2FX9rbaoulAkWHSSTgNlIus7muYME86dsmhrkZIkYDGEHbctpXsiUTRWlrupnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9dadd56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

192.243.61.225

307 Temporary Redirect

3.4 kB

URL GET HTTP/1.1
archaicin.com/watch.869525107390.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectarchaicin.com
FingerprintCB:13:5A:BD:C5:13:07:1E:02:F1:E3:B3:05:D7:5C:2F:4A:25:2E:67
ValidityTue, 28 Nov 2023 10:53:01 GMT - Mon, 26 Feb 2024 10:53:00 GMT

File type

Size
3.4 kB (3414 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.869525107390.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1 HTTP/1.1
Host: archaicin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a0.cima44u.online
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:42:39 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://a0.cima44u.online
Access-Control-Allow-Origin: https://a0.cima44u.online
Access-Control-Allow-Credentials: true
Location: https://archaicin.com/watch.869525107390.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1&shu=8478c3491ce45286d14fe722a78cd1e2c256d3ed2111aface943bc50d784634d5067bcc37a7e5655a07409309ec3ab72637c97907f007fb63b3ec15b1132c9945c7582ed774a8a1d69397c2e067214bcb293d64e1cb485b9a12f884c551710c5c7dbe4&pst=1701643419&rmtc=t
Set-Cookie: u_pl=16345501; expires=Mon, 04 Dec 2023 22:42:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjM0NTUwMSwiayI6IjE5MzFmY2I2OGYwYWI3YjljYmYyMDNlMzNlNTE1Njk0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTIyNjMzLCJwaWQiOjI5ODczNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJrNnR4YzRxNjYiLCJjcGtzIjp7IjI5IjoiODlhYjgxYTNjZWQ4MTE4YWI1ODFjMzEyMTIyNTllNTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYTAuY2ltYTQ0dS5vbmxpbmUvIiwiYXIiOltdfX0.9FqjmEEMhzOO4nOcdY19N9XBTJDiNQyBt5Q-jdnsp9E; expires=Sun, 03 Dec 2023 22:43:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f4eca2c52dddc20c8ace41b5f58cebe7
Strict-Transport-Security: max-age=0; includeSubdomains

a0.cima44u.online/uploads/thumbs/fa0c72098-1.jpg

104.21.52.249

200 OK

21 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/fa0c72098-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 255x360, components 3\012- data
Size
21 kB (20849 bytes)
Hash
8fbb523f2019bd7ec02bbd15b2c137d1
541ba75c4a85c21ed7af372add47baed1453a661
4abe5d10c4ed35d95ca87dfac26d599f28cbb74cd369a9ccd0a5b4cdd0b38f83

HTTP Headers

GET /uploads/thumbs/fa0c72098-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:38 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:22:19 GMT
vary: Accept-Encoding
etag: W/"63e92e5b-5171"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nH1VWoCCBVGz3apcafBpRCwrUA8rn3X2BWT0i4VGbmHNzW%2B9Ovrk%2Bz9vXS0e0bJ7CHTNTHlUlBPvN2bBo41glMuU2RJgJJovurmbHimnTqZJwFJKDTr7x18mftN%2FcDbaQwoFmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e98a6656a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/b2096ca19-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/b2096ca19-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 239x360, components 3\012- data
Size
18 kB (17567 bytes)
Hash
cdd64ebb2625b058bbf4e87373248c31
2f888e06e24cda7aa203ee292247021a1c139d82
ea0f7a347958ad799586d206a57da20b6118dc6841935ff2c41c420bbe6750ca

HTTP Headers

GET /uploads/thumbs/b2096ca19-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:16:21 GMT
vary: Accept-Encoding
etag: W/"63e92cf5-449f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cgo6Mb0nI58lFbpJlCwkdUlm%2F1Z2EFswgcbL4RlGJHylU6ndSI0LT3mr1kDtYDPvQE%2FusnvWm6oL%2FdCIqyx7UDsRqBCXU6teQp62EoxoGEM6uQqiD9BneGZ%2BXihshVqchRDbXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9aa9a56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/f1ff51e98-1.jpg

104.21.52.249

200 OK

21 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/f1ff51e98-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 255x360, components 3\012- data
Size
21 kB (20849 bytes)
Hash
8fbb523f2019bd7ec02bbd15b2c137d1
541ba75c4a85c21ed7af372add47baed1453a661
4abe5d10c4ed35d95ca87dfac26d599f28cbb74cd369a9ccd0a5b4cdd0b38f83

HTTP Headers

GET /uploads/thumbs/f1ff51e98-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:23:48 GMT
vary: Accept-Encoding
etag: W/"63e92eb4-5171"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432104
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B0IvimSwkPoxlnrP6ykF5xg52UuB2PfvCyg%2BQZ%2BcXg9D61QhbDz2IEaGtZcKsDx2pZ3QbcwBb%2B5c%2FPpYSo7E7S8MXRlSbLvdVu3dvNCneaTjk97uLoSY5VCgrmx9cL55RZLQcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e97a5f56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/ajax.php?p=stats&do=show&aid=2&at=1

104.21.52.249

200 OK

42 B

URL GET HTTP/3
a0.cima44u.online/ajax.php?p=stats&do=show&aid=2&at=1
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
9b5e8704c89f018cff215cb5ed3e0128
2a9fa3661b326c503e492b89cdd9130d12ead03d
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

HTTP Headers

GET /ajax.php?p=stats&do=show&aid=2&at=1 HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/gif
vary: Accept-Encoding
pragma: no-cache
expires: Wed, 5 Feb 1986 06:06:06 GMT
cache-control: must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=itHUEjixEnR3ROpWjrTgn2x5N3E7X75Pl1S8YNzTn15s3g7HxWrenNTLdGhKOmr8WwDiLLg3y5AVnXhnz6cN2xJFfS5yb3N172Q0CPH8DLNJWqV2ClPe%2B8cJpeLLcKvatmXy%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9cac056a4-OSL
alt-svc: h3=":443"; ma=86400

inklinkor.com/tag.min.js

104.21.91.63

200 OK

81 kB

URL GET HTTP/2
inklinkor.com/tag.min.js
IP
104.21.91.63:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectinklinkor.com
Fingerprint5D:E8:2B:4E:1D:87:E7:D0:24:0C:11:4B:6D:AF:1B:8A:38:CB:A3:6E
ValidityMon, 23 Oct 2023 14:48:09 GMT - Sun, 21 Jan 2024 14:48:08 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
81 kB (81177 bytes)
Hash
fb7eb4b07c3e717cad649d3afa99ca57
ba3a9cdd70a5f99c0ed8a032d79a08a6edb673d2
e6aa84f006f03b6a1cf7f3a082a3d7470943d3f29253cc4b0d1ee0f3e2cc76ee

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:42:38 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 5572cc271c1e156d93a24cc2315e2037
cache-control: max-age=86400
last-modified: Sat, 02 Dec 2023 17:37:01 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Mon, 04 Dec 2023 22:10:28 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 1930
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z3M0B2HlIttuD29qCYE4VGkN03wmvkMIPP9%2FkRblN4YArG3n2fFmzF%2BCLEuRtJZrFJOuVopZ3MFTYxH0%2FMqdbAXLBViPZGI4VFp5%2FHxAhpQA0RM3%2ByVE7yLW%2FPI7E%2FFO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff52efca19b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png

45.133.44.9

200 OK

9.0 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
9.0 kB (9016 bytes)
Hash
a56f06ca83ee06488a213b352e00bd90
aec437b74eb6f1143683872fb2d664286da4a664
7144c526762a9d91bdde1939194c2835f2cb1afe0ebac298bbdf1e9239b539ec

HTTP Headers

GET /si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:42:41 GMT
content-type: image/png
content-length: 9016
server: nginx/1.21.6
last-modified: Mon, 20 Nov 2023 14:51:52 GMT
etag: "655b7288-2338"
expires: Tue, 05 Dec 2023 22:42:41 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

a0.cima44u.online/templates/3arbserv/css/fonts/Material-Icon-PHP-Melody.ttf?206bv4

104.21.52.249

200 OK

127 kB

URL GET HTTP/3
a0.cima44u.online/templates/3arbserv/css/fonts/Material-Icon-PHP-Melody.ttf?206bv4
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, Material-Icon-PHP-Melody\012- data
Size
127 kB (126808 bytes)
Hash
c66525c487d980ccda56d4668eccd47b
e9b984773ce1a225a851ac1769875b57e2e4a3f9
48ab864568194da965b383bf041943f4fbd6d13e5e7f60da9556c4667eb052f6

HTTP Headers

GET /templates/3arbserv/css/fonts/Material-Icon-PHP-Melody.ttf?206bv4 HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/templates/3arbserv/css/echo.css
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: application/octet-stream
content-length: 126808
last-modified: Tue, 27 Dec 2022 18:07:00 GMT
etag: "63ab3444-1ef58"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6XSOSN2KDPRhNrpvaRNdp28IDiAGEWLQU4r%2FO6xgsK60mQIwAvkFgh0Hpbo%2FmRgmVvJCT9PBxy0CUs%2BO6y9qkVmN6hZRClK7V8fMbHyl7tTztajdYcPlVc5MK1z%2F%2Fix%2BBAnzPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff52f1bab356a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/4d4887fc7-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/4d4887fc7-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 239x360, components 3\012- data
Size
18 kB (17567 bytes)
Hash
cdd64ebb2625b058bbf4e87373248c31
2f888e06e24cda7aa203ee292247021a1c139d82
ea0f7a347958ad799586d206a57da20b6118dc6841935ff2c41c420bbe6750ca

HTTP Headers

GET /uploads/thumbs/4d4887fc7-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:15:38 GMT
vary: Accept-Encoding
etag: W/"63e92cca-449f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zAtU4IR9bX0hiJ1ayfCqX%2F2vAXvnuQtxhlxu74sXJjvQk2C094aq7dSkmG%2BkkYrhznQOBwrGFjPFHX7Fu%2BuYF%2F9nazNhzY1%2B8XWoq2k%2Fyni1X1Njz6%2BOc4Tp%2F%2FkCAnDwjtb1EA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f28b8156a4-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-921WWXNG38&l=dataLayer&cx=c

142.250.74.168

200 OK

264 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-921WWXNG38&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (5955)
Size
264 kB (263450 bytes)
Hash
a19acd1f530cae9759e53a43a141c487
e2662d502f137539c1432a98214e117052192820
8e1b2e8827061b94582626dc68de8e611d69f3dff0d7adbb4390f4cfc59e2b17

HTTP Headers

GET /gtag/js?id=G-921WWXNG38&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 03 Dec 2023 22:42:39 GMT
expires: Sun, 03 Dec 2023 22:42:39 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 89349
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

decorationhailstone.com/pixel/purst?dl=0&th=0&sc=0&rs=2559&rd=2559&fd=993&bv=23.11.v.9&tmpl=70

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
decorationhailstone.com/pixel/purst?dl=0&th=0&sc=0&rs=2559&rd=2559&fd=993&bv=23.11.v.9&tmpl=70
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectdecorationhailstone.com
Fingerprint97:BF:02:A7:DD:87:B5:D8:53:E0:C8:45:18:D1:1C:1C:06:D7:12:AF
ValidityTue, 28 Nov 2023 10:46:39 GMT - Mon, 26 Feb 2024 10:46:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=2559&rd=2559&fd=993&bv=23.11.v.9&tmpl=70 HTTP/1.1
Host: decorationhailstone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:42:39 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

a0.cima44u.online/js/bootstrap-notify.min.js

104.21.52.249

200 OK

8.2 kB

URL GET HTTP/3
a0.cima44u.online/js/bootstrap-notify.min.js
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
HTML document, ASCII text, with very long lines (8572), with no line terminators
Size
8.2 kB (8232 bytes)
Hash
af5a2498d8a0d0f4b92df4f20b70d3af
5781fb0b51622ca2ff2a0e14373a24c84ea4a431
3ce3726619c8936ffb2a2fcfe711ba7bfa2801e1d5a51e7fa3bbe1bf4599b378

HTTP Headers

GET /js/bootstrap-notify.min.js HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: application/javascript
last-modified: Tue, 27 Dec 2022 18:00:02 GMT
vary: Accept-Encoding
etag: W/"63ab32a2-2028"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1020290
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PG8y0fXdSXaSJ3ju2kPAidkJRRjl7oIgTK4x9Ezx3%2BOW3RM%2BGS5wz9C%2FyWR69xVzfRlY9cJBRiny3Zgc%2F29RnlhTgBTu8dg8flDUlqw0kr%2B%2Bd5fXyzPlgpy7KRlazZF%2B9sXn5A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9eae456a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/f65a6fe1c-1.jpg

104.21.52.249

200 OK

20 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/f65a6fe1c-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 202x360, components 3\012- data
Size
20 kB (19606 bytes)
Hash
762251f30a35eaf16c40aea8b07bdba1
f32ff51df6d20ff3a2d510c35e7525f5dd42a2d0
15cd492dd1bf145044f35e3faab2e7178b230486e47b911161633b70878fbedc

HTTP Headers

GET /uploads/thumbs/f65a6fe1c-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Thu, 02 Feb 2023 09:22:00 GMT
vary: Accept-Encoding
etag: W/"63db80b8-4c96"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v5U5i%2FlG%2BjC96WRQK76CIrZerclw0yZ%2Bo%2FTlVN0RB%2FfMnIqKW8CrDub9CI86GH0tvrL3785AwFQKDzsjKaMyFysYUnRpBz7N8h0uTipzmsVJFn7BMtFfc5OYXoCJdqoQtIIX9w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f18a7b56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/ef6f6f80e-1.jpg

104.21.52.249

200 OK

21 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/ef6f6f80e-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 285x360, components 3\012- data
Size
21 kB (20920 bytes)
Hash
aa99d4d8cdff22f6a51809d84237f687
7fc3d880c82ee937d641447d1648802b30cdee47
6665acf79ef635bd3a167838787d4b5fdcba0b6864c65afd77b8b4968bed8e67

HTTP Headers

GET /uploads/thumbs/ef6f6f80e-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Thu, 02 Feb 2023 09:23:17 GMT
vary: Accept-Encoding
etag: W/"63db8105-51b8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TPjh4e%2BjqbWQIGsxCJHpAsW6ax2yUS1RXKRTckPrdd0tkw%2BUIoUH4dV%2BU%2BrbYQf1grgTJRoOfaESuwBRG88TZ0xL62wKpyiwjgu5ul%2FTEcjGN8g59Kg7qeUwyB6k0Wcyoh67KQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f19a8156a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/f2571a24c-1.jpg

104.21.52.249

200 OK

24 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/f2571a24c-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 254x360, components 3\012- data
Size
24 kB (24052 bytes)
Hash
ae3dbf2c21cadb5453ba9a8c27b7dc17
930b2f10460892feeea4f470dec5f7ab9d324f79
eb3cd163e446a7d760c7f1caa94b6cddcc3699782bd50ffe39fb720d58e532f4

HTTP Headers

GET /uploads/thumbs/f2571a24c-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 17:58:30 GMT
vary: Accept-Encoding
etag: W/"63e928c6-5df4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5dQzAgdgS63m0HDZ9q0isK0w3tQMd0SzP2O8mw4n0Ib3AR5TGhs3MAgTbDg9hZAy242e7gO2p2f42yYdBJhO77U7hHgtWUbUO23zTL7tlUFA%2BLnBrxU6iIwojAmIY%2F24H6xTtA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f2aba556a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/0991693a5-1.jpg

104.21.52.249

200 OK

13 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/0991693a5-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 239x360, components 3\012- data
Size
13 kB (12706 bytes)
Hash
9b4201843fe9ccebdd994dc3cc2827db
8ff2a21fc98a18f7a0739c408f4443b5f0e93743
089b3e5694929521d84fc12ed9f7984340565fc050165cd8c413a80d0f881a31

HTTP Headers

GET /uploads/thumbs/0991693a5-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 17:42:16 GMT
vary: Accept-Encoding
etag: W/"63e924f8-31a2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c97LdEX5715G3qXVMtVUSymHjKe9r%2Fb4tGFk3o4KynKgxoxpAtNp0w0ICh8Os%2Bvx%2Fz4r2%2FkLyN9bwmX4AzXD2TA3Fr5ejrzY6TeCVezCCHsPj2PEmaovVeSN8z0woT7Faw1GaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f2cbd156a4-OSL
alt-svc: h3=":443"; ma=86400

173.233.137.44

307 Temporary Redirect

3.5 kB

URL GET HTTP/1.1
sensualtestresume.com/watch.251327103554.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
IP
173.233.137.44:443
ASN
#7979 SERVERS-COM

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectsensualtestresume.com
Fingerprint8A:B9:2B:DF:06:40:60:0F:2B:17:C0:4F:CF:AA:B5:00:E4:03:D3:A0
ValidityTue, 28 Nov 2023 11:01:45 GMT - Mon, 26 Feb 2024 11:01:44 GMT

File type

Size
3.5 kB (3535 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.251327103554.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1 HTTP/1.1
Host: sensualtestresume.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a0.cima44u.online
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:42:39 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://a0.cima44u.online
Access-Control-Allow-Origin: https://a0.cima44u.online
Access-Control-Allow-Credentials: true
Location: https://sensualtestresume.com/watch.251327103554.js?key=1931fcb68f0ab7b9cbf203e33e515694&kw=%5B%22%D8%A7%D9%84%D8%B3%D9%8A%D9%86%D9%85%D8%A7%22%2C%22%D9%84%D9%84%D8%AC%D9%85%D9%8A%D8%B9%22%2C%22-%22%2C%22cima4u%22%5D&refer=https%3A%2F%2Fa0.cima44u.online%2F&tz=0&dev=e&res=14.3095&uuid=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1&shu=4f3e86e69c20932058de85cb4575b475c047a5b640a8b918361cd11c7bb56ccacff346e76f74cd82e6bb8d9a4a8953b12185331bcfb52ea37b27f4f87629921024924ccda7f4c76c64a48cded322fe48547693293ae52ad098d236e92f293e27f9&pst=1701643419&rmtc=t
Set-Cookie: u_pl=16345501; expires=Mon, 04 Dec 2023 22:42:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjM0NTUwMSwiayI6IjE5MzFmY2I2OGYwYWI3YjljYmYyMDNlMzNlNTE1Njk0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTIyNjMzLCJwaWQiOjI5ODczNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJrNnR4YzRxNjYiLCJjcGtzIjp7IjI5IjoiODlhYjgxYTNjZWQ4MTE4YWI1ODFjMzEyMTIyNTllNTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYTAuY2ltYTQ0dS5vbmxpbmUvIiwiYXIiOltdfX0.9FqjmEEMhzOO4nOcdY19N9XBTJDiNQyBt5Q-jdnsp9E; expires=Sun, 03 Dec 2023 22:43:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 488a7366114fc2c90d7fff701d2efa45
Strict-Transport-Security: max-age=0; includeSubdomains

a0.cima44u.online/uploads/thumbs/74f0ce881-1.jpg

104.21.52.249

200 OK

22 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/74f0ce881-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 242x360, components 3\012- data
Size
22 kB (21967 bytes)
Hash
77b4a97dbc7400def93545feaaef4419
bb6c9a904c19a5a572ef4c55f7053c19bc869dae
cd702b69db627ff3368191c192edb3687c70c6841f2669400e71d1341d6a2508

HTTP Headers

GET /uploads/thumbs/74f0ce881-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:08:55 GMT
vary: Accept-Encoding
etag: W/"63e92b37-55cf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uni2QlyDmDt9c1BJ2QMepcxtkoQb2DLslcxtDiT6A4b5ZDUKJupz683dsYgoBig00ti0eRa43bX0mUclZ8WEnZPVmCboL7e6AiUlmf7wL1vHpMd5La3PCuwApeqoA9uFW%2BnF%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9aa9e56a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/e87b40c04-1.jpg

104.21.52.249

200 OK

26 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/e87b40c04-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 240x360, components 3\012- data
Size
26 kB (25980 bytes)
Hash
dbeee69ff3b971ea34111ae0561086ec
daced36b460163849bb9d1b8508ec018fd553929
8123ab778fe485cede243e190842d9fb90697c400b4fd189b1c1868bee2360e9

HTTP Headers

GET /uploads/thumbs/e87b40c04-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Thu, 02 Feb 2023 09:31:46 GMT
vary: Accept-Encoding
etag: W/"63db8302-657c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5K2VT2Uf46Tikr5YJwjAxZnO8aCNpH4wKeUqVz%2B8o%2Fufh8IehJbFvdBCUPkSRcD4QmoPaFAwXDGlRQxuF1gLnskLzlL7jUy1D8BZWluciwRfHDJ6bNQEJdWSf3dowrgL05P51w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f1aa9856a4-OSL
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js

172.64.109.10

200 OK

84 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (32025)
Size
84 kB (84380 bytes)
Hash
4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:41 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 491958
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oo44cdF2lzg3Dsc2yDBJgapDO0FLRoHTIbuD%2BRQwm6NZyQKXs%2B46vwYpxoPZKCQ4twaL9LtIjjH4tdLBHjjBcVmdWIz0UyY%2FLOIV6tKJDkAt7epMyvoFSfxInAnVtd2OJzm7WqNDUFxc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff5300fccd3859-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

netdna.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js

104.18.10.207

200 OK

32 kB

URL GET HTTP/2
netdna.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint34:BC:91:5F:B9:EC:32:2C:D9:73:C7:88:C3:6C:FB:77:E7:70:8D:04
ValidityThu, 30 Nov 2023 00:15:17 GMT - Wed, 28 Feb 2024 00:15:16 GMT

File type
ASCII text, with very long lines (31650)
Size
32 kB (31819 bytes)
Hash
abda843684d022f3bc22bc83927fe05f
26908395e7a9a4eab607d80aa50a81d65f3017cb
24cc29533598f962823c4229bc280487646a27a42a95257c31de1b9b18f3710f

HTTP Headers

GET /bootstrap/3.2.0/js/bootstrap.min.js HTTP/1.1
Host: netdna.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"abda843684d022f3bc22bc83927fe05f"
last-modified: Mon, 25 Jan 2021 22:03:57 GMT
cdn-cachedat: 05/01/2023 21:10:53
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 874
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: f68ebb2ba27044455e99c567be520fcb
cdn-cache: HIT
cf-cache-status: HIT
age: 576165
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82ff52e9d8351bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

a0.cima44u.online/uploads/thumbs/736747b71-1.jpg

104.21.52.249

200 OK

20 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/736747b71-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 242x360, components 3\012- data
Size
20 kB (19768 bytes)
Hash
2da9cfcf42c9b458c80f97b6aac23938
efe5b6131aa1bf15779bb4fb60032d6722e3d67a
1c20e6b61495a65a81efce0f5e80a900aa2d9a6dac65b0bb40bef6e485e7c726

HTTP Headers

GET /uploads/thumbs/736747b71-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5e5f27aa-18d1-4f09-9914-4125358308b5%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:39 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 17:57:06 GMT
vary: Accept-Encoding
etag: W/"63e92872-4d38"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432101
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1YEtvKhOMV6xAV1LHhHoG1uxkkqNTwooYQq6OK2rR8YggpbJXNwIhBC9Jn1oyr%2FswUo4xT30v5D%2FWbrdXul8GHMUyFUhVHjlx1sMFlj9hjEdg51Hzj66bCphuzwNSGPN8hA0DA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52f2cbc956a4-OSL
alt-svc: h3=":443"; ma=86400

a0.cima44u.online/uploads/thumbs/68f77f272-1.jpg

104.21.52.249

200 OK

18 kB

URL GET HTTP/3
a0.cima44u.online/uploads/thumbs/68f77f272-1.jpg
IP
104.21.52.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a0.cima44u.online/
Certificate
IssuerGoogle Trust Services LLC
Subjectcima44u.online
Fingerprint60:D0:0E:62:C1:14:52:4C:35:67:E4:AD:25:40:26:A1:E5:0A:A7:90
ValiditySat, 21 Oct 2023 09:52:48 GMT - Fri, 19 Jan 2024 09:52:47 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 239x360, components 3\012- data
Size
18 kB (17567 bytes)
Hash
cdd64ebb2625b058bbf4e87373248c31
2f888e06e24cda7aa203ee292247021a1c139d82
ea0f7a347958ad799586d206a57da20b6118dc6841935ff2c41c420bbe6750ca

HTTP Headers

GET /uploads/thumbs/68f77f272-1.jpg HTTP/1.1
Host: a0.cima44u.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Cookie: PHPSESSID=92ut689qinnssjjrjtb9h2tvkn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:42:37 GMT
content-type: image/jpeg
last-modified: Sun, 12 Feb 2023 18:16:56 GMT
vary: Accept-Encoding
etag: W/"63e92d18-449f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ah0Kkm5oE5TfK6lzDPbrcX38ypTr2Bc6sEnSLBZaT3usDSXVXxidurv7X6ye26ts2QPakU8CKdmATfXW4BK8xDEbjbs0GEmfEWYDx68xovxPYGrmxTcoBUon07gF9JWAAFknGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff52e9aa9456a4-OSL
alt-svc: h3=":443"; ma=86400

sensualtestresume.com/89/ab/81/89ab81a3ced8118ab581c31212259e58.js

192.243.61.227

200 OK

43 kB

URL GET HTTP/1.1
sensualtestresume.com/89/ab/81/89ab81a3ced8118ab581c31212259e58.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectsensualtestresume.com
Fingerprint8A:B9:2B:DF:06:40:60:0F:2B:17:C0:4F:CF:AA:B5:00:E4:03:D3:A0
ValidityTue, 28 Nov 2023 11:01:45 GMT - Mon, 26 Feb 2024 11:01:44 GMT

File type
ASCII text, with very long lines (42840), with no line terminators
Size
43 kB (42840 bytes)
Hash
1c07c2d24c0522bf56bbc40bb5eaa67b
85ef31d96592daf071c840807bf5b4e4c47fae7f
622047877649abfdb841f02fd09fef8af59edc53941cc44e29b19388e8519976

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /89/ab/81/89ab81a3ced8118ab581c31212259e58.js HTTP/1.1
Host: sensualtestresume.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:42:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: db7d8ce58589d9c84c10d2ef7e08bb7f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

entreatyfungusgaily.com/1931fcb68f0ab7b9cbf203e33e515694/invoke.js

173.233.137.52

200 OK

30 kB

URL GET HTTP/1.1
entreatyfungusgaily.com/1931fcb68f0ab7b9cbf203e33e515694/invoke.js
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://a0.cima44u.online/
Certificate
IssuerLet's Encrypt
Subjectentreatyfungusgaily.com
FingerprintDB:22:94:CB:0E:2C:71:4E:16:A8:04:37:1E:82:91:41:C6:F8:76:5C
ValidityMon, 06 Nov 2023 06:35:13 GMT - Sun, 04 Feb 2024 06:35:12 GMT

File type
exported SGML document, ASCII text, with very long lines (29617), with no line terminators
Size
30 kB (29617 bytes)
Hash
bb76f5726459131c450d2f20df701319
6e421143822707cb2d77752a6f8b09a16a512ea5
c39019f2a4667f383e9d6d2f29e0cd3bb7c2bc293f13b94f3033864b7c501657

HTTP Headers

GET /1931fcb68f0ab7b9cbf203e33e515694/invoke.js HTTP/1.1
Host: entreatyfungusgaily.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a0.cima44u.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:42:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9e590ea25decbed68416a61d4762a608
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (56)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash