message.puebrothencleeth.gq Open in urlscan Pro
2606:4700:3030::ac43:98a8 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://message.puebrothencleeth.gq/
Submission: On December 17 via api (December 17th 2022, 12:42:01 pm UTC) from US — Scanned from US

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 2 countries across 9 domains to perform 10 HTTP transactions. The main IP is 2606:4700:3030::ac43:98a8, located in United States and belongs to CLOUDFLARENET, US. The main domain is message.puebrothencleeth.gq.

This is the only time message.puebrothencleeth.gq was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3030::ac43:98a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:81d::200a	15169 (GOOGLE) (GOOGLE)
1	2600:3c00::f0... 2600:3c00::f03c:91ff:fe50:b5c9	63949 (LINODE-AP...) (LINODE-AP Linode)
1 1	91.195.241.232 91.195.241.232	47846 (SEDO-AS) (SEDO-AS)
1	2606:4700::68... 2606:4700::6810:55b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.153.165 172.67.153.165	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2607:f8b0:400... 2607:f8b0:4006:809::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3030::6815:28e9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3037::ac43:8ba9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	8

1 2606:4700:3030::ac43:98a8 (United States)

ASN13335 (CLOUDFLARENET, US)

message.puebrothencleeth.gq	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81d::200a (Nutley, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:3c00::f03c:91ff:fe50:b5c9 (Richardson, United States)

ASN63949 (LINODE-AP Linode, LLC, US)

seantraverse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.195.241.232 (Germany) 1 redirects

ASN47846 (SEDO-AS, DE)

caneton.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:55b (United States)

ASN13335 (CLOUDFLARENET, US)

sedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.153.165 (United States)

ASN13335 (CLOUDFLARENET, US)

aujourdhui.ma	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:809::2003 (Nutley, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::6815:28e9 (United States)

ASN13335 (CLOUDFLARENET, US)

sweetweekend.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::ac43:8ba9 (United States)

ASN13335 (CLOUDFLARENET, US)

www.exotic-africa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	gstatic.com fonts.gstatic.com	54 KB
1	exotic-africa.com www.exotic-africa.com
1	sweetweekend.ru sweetweekend.ru	47 KB
1	aujourdhui.ma aujourdhui.ma — Cisco Umbrella Rank: 674523	14 KB
1	sedo.com sedo.com — Cisco Umbrella Rank: 75609
1	caneton.fr 1 redirects caneton.fr	159 B
1	seantraverse.com seantraverse.com	219 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	1 KB
1	puebrothencleeth.gq message.puebrothencleeth.gq	15 KB
10	9

	Domain	Requested by
3	fonts.gstatic.com	fonts.googleapis.com
1	www.exotic-africa.com	message.puebrothencleeth.gq
1	sweetweekend.ru	message.puebrothencleeth.gq
1	aujourdhui.ma	message.puebrothencleeth.gq
1	sedo.com	message.puebrothencleeth.gq
1	caneton.fr	1 redirects
1	seantraverse.com	message.puebrothencleeth.gq
1	fonts.googleapis.com	message.puebrothencleeth.gq
1	message.puebrothencleeth.gq
10	9

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-06` - `2023-06-05`	a year	crt.sh
*.sweetweekend.ru E1	`2022-12-05` - `2023-03-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://message.puebrothencleeth.gq/
Frame ID: F2260E5AFACF475419DE5CB3AB16BEAD
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

massage prostate gode ceinture un experte eotique

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

10
Requests

30 %
HTTPS

78 %
IPv6

9
Domains

9
Subdomains

8
IPs

2
Countries

349 kB
Transfer

383 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://caneton.fr/images/577710.jpg HTTP 301
https://sedo.com/search/details/?domain=caneton.fr&campaignId=329145&origin=sales_lander_15

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
message.puebrothencleeth.gq/ 45 KB
15 KB 443ms
195ms Document
text/html 2606:4700:3030::ac43:98a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://message.puebrothencleeth.gq/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:98a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94bfbcaa51b57a8cb9fdeb2eefb89c1cdc3588f10a62e30fcfaf7990814cd60a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 77afbc55a8d232f0-EWR
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 17 Dec 2022 12:41:55 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2FaFVcqnmp5rM9HOkPoZQDANI6LFbn%2FIYsoKpBqDmJqXbD3eIxYiLaZSMQUi3wNBG9U19cX0CLziLLzuHtosPdilfhiMSvLxssmPrJ5Lx%2BA%2BmJBp3ghL9jGErbNT4ODa76%2FPAqcEUuEmWCetGRGWx2M8gh6jTdgxKxo%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK css
fonts.googleapis.com/ 8 KB
1 KB 59ms
37ms Stylesheet
text/css 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Libre+Franklin%3A300%2C300i%2C400%2C400i%2C600%2C600i%2C800%2C800i&subset=latin%2Clatin-ext

Requested by

Host: message.puebrothencleeth.gq
URL: http://message.puebrothencleeth.gq/

Protocol

HTTP/1.1

Server

2607:f8b0:4006:81d::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

629b012c851f4242e4e12f5f51c9e02609423e89cafee41bc838631114ac9455

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: http://message.puebrothencleeth.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sat, 17 Dec 2022 12:41:55 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
X-XSS-Protection: 0
Last-Modified: Sat, 17 Dec 2022 11:21:12 GMT
Server: ESF
Cross-Origin-Opener-Policy: same-origin-allow-popups
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sat, 17 Dec 2022 12:41:55 GMT

GET
H/1.1 200
OK Airport2.jpg
seantraverse.com/2018turkmenistan/pics/ 218 KB
219 KB 180ms
42ms Image
image/jpeg 2600:3c00::f03c:91ff:fe50:b5c9
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://seantraverse.com/2018turkmenistan/pics/Airport2.jpg
Requested by: Host: message.puebrothencleeth.gq
URL: http://message.puebrothencleeth.gq/
Protocol: HTTP/1.1
Server: 2600:3c00::f03c:91ff:fe50:b5c9 Richardson, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 1194fe421774e12fd0a7f9d9f6451fe19f6b8c936d85eca27e430b333c483ce0

Request headers

accept-language: en-US,en;q=0.9
Referer: http://message.puebrothencleeth.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sat, 17 Dec 2022 12:41:55 GMT
Last-Modified: Thu, 12 Apr 2018 08:01:47 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "369bd-569a22ace2065"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 223677

GET
H2

200

/
sedo.com/search/details/
Redirect Chain

https://caneton.fr/images/577710.jpg
https://sedo.com/search/details/?domain=caneton.fr&campaignId=329145&origin=sales_lander_15

0
0

787ms
334ms

Image
text/html

2606:4700::6810:55b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sedo.com/search/details/?domain=caneton.fr&campaignId=329145&origin=sales_lander_15
Requested by: Host: message.puebrothencleeth.gq
URL: http://message.puebrothencleeth.gq/
Protocol: H2
Server: 2606:4700::6810:55b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: http://message.puebrothencleeth.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

location: https://sedo.com/search/details/?domain=caneton.fr&campaignId=329145&origin=sales_lander_15
date: Sat, 17 Dec 2022 12:41:55 GMT
x-sedo-request-id: 5a5c19683a359146e3c644c7af8a55b1
content-length: 166
content-type: text/html

GET
H2 200 Khadija-Sakarine-Actrice-amazighe-300x153.jpg
aujourdhui.ma/wp-content/uploads/2019/09/ 13 KB
14 KB 1220ms
212ms Image
image/jpeg 172.67.153.165
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aujourdhui.ma/wp-content/uploads/2019/09/Khadija-Sakarine-Actrice-amazighe-300x153.jpg
Requested by: Host: message.puebrothencleeth.gq
URL: http://message.puebrothencleeth.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.153.165 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / W3 Total Cache/2.2.7
Resource Hash: 5753559095ed9cccd218ecc34c62593414890e92e95b065401e39e688d6e0689

Request headers

accept-language: en-US,en;q=0.9
Referer: http://message.puebrothencleeth.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 17 Dec 2022 12:41:56 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: W3 Total Cache/2.2.7
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13516
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 18 Sep 2019 11:58:02 GMT
server: cloudflare
etag: "34cc-592d28c870680"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GrQULVPPmeSGEqGl4PTJMNGkGo2uuGTHvtydxCEYTW9Hj1eFyTHc6EWiiLDV%2Bbi5Sw8S4TWkp3dQ%2FcqPaeeQHRjunEswVeEebr2dU75h%2FfKQg09i1BTVbJu01M%2Fg%2BNad"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000, s-maxage=10
accept-ranges: bytes
cf-ray: 77afbc5d7bfe334e-EWR
expires: Sun, 17 Dec 2023 12:41:56 GMT

GET
H/1.1 200
OK jizDREVItHgc8qDIbSTKq4XkRiUf2zc.woff2
fonts.gstatic.com/s/librefranklin/v13/ 27 KB
27 KB 48ms
27ms Font
font/woff2 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/librefranklin/v13/jizDREVItHgc8qDIbSTKq4XkRiUf2zc.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Libre+Franklin%3A300%2C300i%2C400%2C400i%2C600%2C600i%2C800%2C800i&subset=latin%2Clatin-ext

Protocol

HTTP/1.1

Server

2607:f8b0:4006:809::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c5b68b3ae23054815d89c5a2230ad7edf2d4b68732b4463d6be74cacb974055

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://message.puebrothencleeth.gq
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sat, 17 Dec 2022 07:55:00 GMT
X-Content-Type-Options: nosniff
Age: 17215
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 27268
X-XSS-Protection: 0
Last-Modified: Mon, 11 Jul 2022 18:56:23 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Sun, 17 Dec 2023 07:55:00 GMT

GET
H/1.1 200
OK jizDREVItHgc8qDIbSTKq4XkRiUR2zcLig.woff2
fonts.gstatic.com/s/librefranklin/v13/ 18 KB
19 KB 42ms
21ms Font
font/woff2 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/librefranklin/v13/jizDREVItHgc8qDIbSTKq4XkRiUR2zcLig.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Libre+Franklin%3A300%2C300i%2C400%2C400i%2C600%2C600i%2C800%2C800i&subset=latin%2Clatin-ext

Protocol

HTTP/1.1

Server

2607:f8b0:4006:809::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0be68bcd0dbf1541293e54e45da4c525bc5f3165d050fef4e25f8036ed20fb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://message.puebrothencleeth.gq
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 15 Dec 2022 00:39:15 GMT
X-Content-Type-Options: nosniff
Age: 216160
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 18676
X-XSS-Protection: 0
Last-Modified: Mon, 11 Jul 2022 18:55:09 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Fri, 15 Dec 2023 00:39:15 GMT

GET
H2 200 f4706c346c7618f7041a9e1c28b899cf.jpg
sweetweekend.ru/img/ 47 KB
47 KB 781ms
441ms Image
image/jpeg 2606:4700:3030::6815:28e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweetweekend.ru/img/f4706c346c7618f7041a9e1c28b899cf.jpg
Requested by: Host: message.puebrothencleeth.gq
URL: http://message.puebrothencleeth.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:28e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.4.16
Resource Hash: 5047e55fcd18c9b0babc1b46e3616ec2c22bfc878afef106b8092c745a79c61b

Request headers

accept-language: en-US,en;q=0.9
Referer: http://message.puebrothencleeth.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 17 Dec 2022 12:41:55 GMT
cf-cache-status: MISS
last-modified: Sat, 17 Dec 2022 12:41:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/5.4.16
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HS3KaC0G8tgJLHamTrXS2Kmy1lGoVbvPrVsnFFDq5m0DRzTYltAfxsUcQ5QQelRbKSMxJ9AGLxV0YRCpaI2MgoXTfYRleLsSgjXBJXSPsevO3ktq2O8rQyFgZBNa4XsEsA6n2xz6H039jY1GGXc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
cf-ray: 77afbc59afdd19aa-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 403 15831554133822-400x600.jpg
www.exotic-africa.com/wp-content/uploads/1557115218852/ 0
0 123ms
29ms Image
text/html 2606:4700:3037::ac43:8ba9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.exotic-africa.com/wp-content/uploads/1557115218852/15831554133822-400x600.jpg
Requested by: Host: message.puebrothencleeth.gq
URL: http://message.puebrothencleeth.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8ba9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: http://message.puebrothencleeth.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H/1.1 200
OK jizDREVItHgc8qDIbSTKq4XkRiUQ2zcLig.woff2
fonts.gstatic.com/s/librefranklin/v13/ 7 KB
7 KB 21ms
21ms Font
font/woff2 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/librefranklin/v13/jizDREVItHgc8qDIbSTKq4XkRiUQ2zcLig.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Libre+Franklin%3A300%2C300i%2C400%2C400i%2C600%2C600i%2C800%2C800i&subset=latin%2Clatin-ext

Protocol

HTTP/1.1

Server

2607:f8b0:4006:809::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07dcd9ffda41441f7d545c2c5888018540fcf841c8b0b29784d8116d9802ad2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://message.puebrothencleeth.gq
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 15 Dec 2022 05:45:57 GMT
X-Content-Type-Options: nosniff
Age: 197758
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 6668
X-XSS-Protection: 0
Last-Modified: Mon, 11 Jul 2022 18:54:27 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Fri, 15 Dec 2023 05:45:57 GMT

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			message.puebrothencleeth.gq/	1969-12-31 23:59:59	Name: ch1c Value: b
			.sedo.com/	1970-01-20 08:14:42	Name: __cf_bm Value: CsQs_vOc6ZAbpd3ElFWvpB5nnoTh6XIrpWdsrwMcNfQ-1671280916-0-ARrPqZfe37Jzjxw/WrVjyCGx0dxR5G4fpcTs6kYGMI9QWnUqIgpmhaL36VTsA30zPlmGBhwpK5GwRLtboTWGQmA=

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.exotic-africa.com/wp-content/uploads/1557115218852/15831554133822-400x600.jpg Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aujourdhui.ma
caneton.fr
fonts.googleapis.com
fonts.gstatic.com
message.puebrothencleeth.gq
seantraverse.com
sedo.com
sweetweekend.ru
www.exotic-africa.com
172.67.153.165
2600:3c00::f03c:91ff:fe50:b5c9
2606:4700:3030::6815:28e9
2606:4700:3030::ac43:98a8
2606:4700:3037::ac43:8ba9
2606:4700::6810:55b
2607:f8b0:4006:809::2003
2607:f8b0:4006:81d::200a
91.195.241.232
07dcd9ffda41441f7d545c2c5888018540fcf841c8b0b29784d8116d9802ad2a
0c5b68b3ae23054815d89c5a2230ad7edf2d4b68732b4463d6be74cacb974055
1194fe421774e12fd0a7f9d9f6451fe19f6b8c936d85eca27e430b333c483ce0
5047e55fcd18c9b0babc1b46e3616ec2c22bfc878afef106b8092c745a79c61b
5753559095ed9cccd218ecc34c62593414890e92e95b065401e39e688d6e0689
629b012c851f4242e4e12f5f51c9e02609423e89cafee41bc838631114ac9455
94bfbcaa51b57a8cb9fdeb2eefb89c1cdc3588f10a62e30fcfaf7990814cd60a
a0be68bcd0dbf1541293e54e45da4c525bc5f3165d050fef4e25f8036ed20fb7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

message.puebrothencleeth.gq Open in urlscan Pro 2606:4700:3030::ac43:98a8 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

30 %HTTPS

78 %IPv6

9 Domains

9 Subdomains

8 IPs

2 Countries

349 kBTransfer

383 kBSize

2 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

message.puebrothencleeth.gq Open in urlscan Pro
2606:4700:3030::ac43:98a8 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

30 %
HTTPS

78 %
IPv6

9
Domains

9
Subdomains

8
IPs

2
Countries

349 kB
Transfer

383 kB
Size

2
Cookies

10 HTTP transactions
0 data transactions