tomsguidecoa.pages.dev Open in urlscan Pro
172.66.47.152 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://tomsguidecoa.pages.dev/posts/netflix-and-the-cw-just-canceled-three-shows-and-people-are-upset/
Submission Tags: @ecarlesi possiblethreat phishing netflix Search All
Submission: On January 22 via api (January 22nd 2024, 9:35:44 am UTC) from IT — Scanned from IT

Summary HTTP 27 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 10 IPs in 4 countries across 10 domains to perform 27 HTTP transactions. The main IP is 172.66.47.152, located in United States and belongs to CLOUDFLARENET, US. The main domain is tomsguidecoa.pages.dev.
TLS certificate: Issued by E1 on January 21st 2024. Valid for: 3 months.

This is the only time tomsguidecoa.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fake Adobe Update

Domain & IP information

	IP Address	AS Autonomous System
4	172.66.47.152 172.66.47.152	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	173.233.137.44 173.233.137.44	7979 (SERVERS-COM) (SERVERS-COM)
4	18.165.183.27 18.165.183.27	16509 (AMAZON-02) (AMAZON-02)
1	104.21.234.32 104.21.234.32	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.121.75.187 3.121.75.187	16509 (AMAZON-02) (AMAZON-02)
1	104.20.80.99 104.20.80.99	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	149.56.240.31 149.56.240.31	16276 (OVH) (OVH)
8	192.243.59.13 192.243.59.13	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	172.67.74.218 172.67.74.218	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	172.64.130.3 172.64.130.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
27	10

4 172.66.47.152 (United States)

ASN13335 (CLOUDFLARENET, US)

tomsguidecoa.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.233.137.44 (United States)

ASN7979 (SERVERS-COM, US)

mentallyissue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.165.183.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-183-27.zrh55.r.cloudfront.net

mos.fie.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.234.32 (None, )

ASN13335 (CLOUDFLARENET, US)

friendshipmale.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.121.75.187 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-75-187.eu-central-1.compute.amazonaws.com

proftrafficcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.80.99 (None, )

ASN13335 (CLOUDFLARENET, US)

s10.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 149.56.240.31 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ns534110.ip-149-56-240.net

s4.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 192.243.59.13 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

lostcorky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
unseenreport.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.74.218 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.yourwebbars.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.64.130.3 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.creative-bars1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	lostcorky.com lostcorky.com	9 KB
5	creative-bars1.com cdn.creative-bars1.com — Cisco Umbrella Rank: 27267	49 KB
4	futurecdn.net mos.fie.futurecdn.net — Cisco Umbrella Rank: 26646	15 KB
4	pages.dev tomsguidecoa.pages.dev	54 KB
2	histats.com s10.histats.com — Cisco Umbrella Rank: 14576 s4.histats.com — Cisco Umbrella Rank: 14129	5 KB
1	yourwebbars.com cdn.yourwebbars.com — Cisco Umbrella Rank: 50056	962 B
1	unseenreport.com unseenreport.com — Cisco Umbrella Rank: 21727	425 B
1	proftrafficcounter.com proftrafficcounter.com — Cisco Umbrella Rank: 15666	306 B
1	friendshipmale.com friendshipmale.com — Cisco Umbrella Rank: 18684	27 KB
1	mentallyissue.com mentallyissue.com	16 KB
27	10

	Domain	Requested by
7	lostcorky.com	mentallyissue.com
5	cdn.creative-bars1.com	mentallyissue.com
4	mos.fie.futurecdn.net	tomsguidecoa.pages.dev
4	tomsguidecoa.pages.dev	tomsguidecoa.pages.dev
1	cdn.yourwebbars.com	mentallyissue.com
1	unseenreport.com
1	s4.histats.com	s10.histats.com
1	s10.histats.com	tomsguidecoa.pages.dev
1	proftrafficcounter.com	mentallyissue.com
1	friendshipmale.com	mentallyissue.com
1	mentallyissue.com	tomsguidecoa.pages.dev
27	11

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.linkedin.com
reddit.com
facebook.com
api.whatsapp.com
telegram.me

Subject Issuer	Validity	Valid
tomsguidecoa.pages.dev E1	`2024-01-21` - `2024-04-20`	3 months	crt.sh
mentallyissue.com R3	`2023-12-14` - `2024-03-13`	3 months	crt.sh
mos.fie.futurecdn.net Amazon RSA 2048 M03	`2023-11-15` - `2024-12-13`	a year	crt.sh
friendshipmale.com Cloudflare Inc ECC CA-3	`2024-01-18` - `2024-12-31`	a year	crt.sh
proftrafficcounter.com Amazon RSA 2048 M03	`2023-11-21` - `2024-12-19`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-13` - `2024-05-11`	a year	crt.sh
histats.com R3	`2023-11-23` - `2024-02-21`	3 months	crt.sh
lostcorky.com R3	`2024-01-17` - `2024-04-16`	3 months	crt.sh
*.unseenreport.com R3	`2024-01-21` - `2024-04-20`	3 months	crt.sh
creative-bars1.com GTS CA 1P5	`2023-12-19` - `2024-03-18`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://tomsguidecoa.pages.dev/posts/netflix-and-the-cw-just-canceled-three-shows-and-people-are-upset/
Frame ID: 973A23B2B5DCEBC375EA394F0DC42BC7
Requests: 24 HTTP requests in this frame

Frame: https://cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/img/close.svg
Frame ID: FF5E3932FE6CE6B1CE23D45EE21B13D5
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Netflix And The Cw Just Canceled Three Shows And People Are Upset | tomsguide

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

27
Requests

100 %
HTTPS

0 %
IPv6

10
Domains

11
Subdomains

10
IPs

4
Countries

176 kB
Transfer

436 kB
Size

19
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/intent/tweet/?text=Netflix%20And%20The%20Cw%20Just%20Canceled%20Three%20Shows%20And%20People%20Are%20Upset&url=https%3a%2f%2ftomsguidecoa.pages.dev%2fposts%2fnetflix-and-the-cw-just-canceled-three-shows-and-people-are-upset%2f&hashtags=

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2ftomsguidecoa.pages.dev%2fposts%2fnetflix-and-the-cw-just-canceled-three-shows-and-people-are-upset%2f&title=Netflix%20And%20The%20Cw%20Just%20Canceled%20Three%20Shows%20And%20People%20Are%20Upset&summary=Netflix%20And%20The%20Cw%20Just%20Canceled%20Three%20Shows%20And%20People%20Are%20Upset&source=https%3a%2f%2ftomsguidecoa.pages.dev%2fposts%2fnetflix-and-the-cw-just-canceled-three-shows-and-people-are-upset%2f

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https%3a%2f%2ftomsguidecoa.pages.dev%2fposts%2fnetflix-and-the-cw-just-canceled-three-shows-and-people-are-upset%2f&title=Netflix%20And%20The%20Cw%20Just%20Canceled%20Three%20Shows%20And%20People%20Are%20Upset

Search URL Search Domain Scan URL

URL: https://facebook.com/sharer/sharer.php?u=https%3a%2f%2ftomsguidecoa.pages.dev%2fposts%2fnetflix-and-the-cw-just-canceled-three-shows-and-people-are-upset%2f

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=Netflix%20And%20The%20Cw%20Just%20Canceled%20Three%20Shows%20And%20People%20Are%20Upset%20-%20https%3a%2f%2ftomsguidecoa.pages.dev%2fposts%2fnetflix-and-the-cw-just-canceled-three-shows-and-people-are-upset%2f

Search URL Search Domain Scan URL

URL: https://telegram.me/share/url?text=Netflix%20And%20The%20Cw%20Just%20Canceled%20Three%20Shows%20And%20People%20Are%20Upset&url=https%3a%2f%2ftomsguidecoa.pages.dev%2fposts%2fnetflix-and-the-cw-just-canceled-three-shows-and-people-are-upset%2f

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
tomsguidecoa.pages.dev/posts/netflix-and-the-cw-just-canceled-three-shows-and-people-are-upset/ 40 KB
9 KB 543ms
127ms Document
text/html 172.66.47.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tomsguidecoa.pages.dev/posts/netflix-and-the-cw-just-canceled-three-shows-and-people-are-upset/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.47.152 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73e3b56b4c396d0d3a3d1c70d6dbadd2acb932151eb5ae5526f7577e41fd85f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 8496cedc18190f66-MXP
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 22 Jan 2024 09:35:38 GMT
etag: W/"a81825caa5774b72dd67563f48cc4055"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xzoTuTSV6f9VJnDOjbyvkM1wM1UUElEBk9rr2gjdI%2BQOMO5VNOfSc7osGGCl2NmWU7PkifEKY719AgWk2tmIrlCjd0uezOD5bS2HVPhjbQmruUropZi5El4mZ3CChsFa%2BcrXnAS5K5ic"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 stylesheet.bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20.css
tomsguidecoa.pages.dev/assets/css/ 15 KB
5 KB 113ms
113ms Stylesheet
text/css 172.66.47.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tomsguidecoa.pages.dev/assets/css/stylesheet.bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20.css

Requested by

Host: tomsguidecoa.pages.dev
URL: https://tomsguidecoa.pages.dev/posts/netflix-and-the-cw-just-canceled-three-shows-and-people-are-upset/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.47.152 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tomsguidecoa.pages.dev/posts/netflix-and-the-cw-just-canceled-three-shows-and-people-are-upset/
Origin: https://tomsguidecoa.pages.dev
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:35:39 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"f108b214fb6120365bec7dd12fdc643d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gpLLen3xXHC20vd3IRtKhnMyS8LOS7dnaHNNiqNkXGVN6lPj912uuktRUpwpVPuUpOve%2FhWPntzHF1TCzzMBeYLI3yR1a8dYrvWDkuTcHRhah6NDcgL%2Fx9zYZZ0h2vx0OVgDVu6XasrL"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8496cedcf9120f66-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js Show response
tomsguidecoa.pages.dev/assets/js/ 99 KB
34 KB 127ms
127ms Script
application/javascript 172.66.47.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tomsguidecoa.pages.dev/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js

Requested by

Host: tomsguidecoa.pages.dev
URL: https://tomsguidecoa.pages.dev/posts/netflix-and-the-cw-just-canceled-three-shows-and-people-are-upset/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.47.152 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tomsguidecoa.pages.dev/posts/netflix-and-the-cw-just-canceled-three-shows-and-people-are-upset/
Origin: https://tomsguidecoa.pages.dev
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:35:39 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"dda7edef669c7759f6319eb141ff1406"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PBv%2F06R3o4QNLhMNW2GMPghMKDtPI6UfmoYPXlGvaeJwJ7HtYi2xRY%2FlTgT4itZ5YXYvjFht%2Bevk%2FQXnljUzvzet2rSDmsdl0PbOggTbbNZsmHFYYQG92992Smq4lemTNticj%2BoIckV9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8496cedcf9160f66-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 404 apple-touch-icon.png
tomsguidecoa.pages.dev/ 6 KB
6 KB 131ms
130ms Image
text/html 172.66.47.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tomsguidecoa.pages.dev/apple-touch-icon.png

Requested by

Host: tomsguidecoa.pages.dev
URL: https://tomsguidecoa.pages.dev/posts/netflix-and-the-cw-just-canceled-three-shows-and-people-are-upset/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.47.152 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52aa20675b2af3667fd7b51ac8442bd891f4e3a3f8364b126960864bb60cca33

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/posts/netflix-and-the-cw-just-canceled-three-shows-and-people-are-upset/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:35:39 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uPg4DRcMl%2FaOo1x0MLvd7Ll1%2FN%2BU0x2LATDxUpmtusFr975Z%2FLRSjogYIOcY9%2FOn1pbScPqAOPxQ8y3aCC8wCyGiNtPXkZyjRGKiYrNqvSYsDUx%2BcZraoM8p4F6Q3TVFud1HUUxcqIxB"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cf-ray: 8496cedd09210f66-MXP
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK 6e2dfcd302096687d74df82cf0da4496.js Show response
mentallyissue.com/6e/2d/fc/ 42 KB
16 KB 750ms
154ms Script
application/javascript 173.233.137.44
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://mentallyissue.com/6e/2d/fc/6e2dfcd302096687d74df82cf0da4496.js

Requested by

Host: tomsguidecoa.pages.dev
URL: https://tomsguidecoa.pages.dev/posts/netflix-and-the-cw-just-canceled-three-shows-and-people-are-upset/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

173.233.137.44 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx/1.21.6 /

Resource Hash

352b833d69d98d582d603e90a6ed8023bfdc3091178d690a76fddcbad2856203

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 22 Jan 2024 09:35:39 GMT
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
X-Request-ID: f33a5156cf85d0463ec3395ea7af83c4
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 wxcm7ehqpbyqgslp-16147956194019-100-80.jpg
mos.fie.futurecdn.net/logos/merchants/ 2 KB
2 KB 169ms
61ms Image
image/jpeg 18.165.183.27
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mos.fie.futurecdn.net/logos/merchants/wxcm7ehqpbyqgslp-16147956194019-100-80.jpg

Requested by

Host: tomsguidecoa.pages.dev
URL: https://tomsguidecoa.pages.dev/posts/netflix-and-the-cw-just-canceled-three-shows-and-people-are-upset/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.165.183.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-165-183-27.zrh55.r.cloudfront.net

Software

nginx /

Resource Hash

7333163f8d44aacc9d622a45276fc2cbb50233fcd645bb141c7fc68ead051555

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 06:56:54 GMT
via: 1.1 2aefdd231d9806ea2eced3399f411f80.cloudfront.net (CloudFront)
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: ZRH55-P1
age: 2255922
x-cache: Hit from cloudfront
x-ftr-dc: uk-lon2
x-ftr-realm: pip
x-ftr-backend: s3-futureplc-engineering-accessors, mos
alt-svc: h3=":443"; ma=86400
content-length: 1569
x-ftr-balancer: cleversafe-proxy-1, bulkproxyprodred
x-ftr-request-id: 00000000:DE52_00000000:0050_658BCAB9_8F9FBF0:78BA, 00000000:CC1E_00000000:0050_658BCAB9_16E021C:53A5
last-modified: Wed, 03 Mar 2021 18:20:19 GMT
server: nginx
etag: "0d24c83b0d066a633b70343c7c495667"
content-type: image/jpeg
x-ftr-backend-server: cs-acc-s3-futureplc-engineering-3.corp, mos03
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: Pp2VPHU0royeTeaU47mh1dBmApWUtzmwHL0grBGdiFBim_1OJuud0Q==
access-control-allow-method: GET,OPTIONS
expires: Fri, 26 Jan 2024 06:56:54 GMT

GET
H2 200 4jux2ksyaejjbfha-15470429625709-100-80.png
mos.fie.futurecdn.net/logos/networks/ 2 KB
3 KB 189ms
81ms Image
image/png 18.165.183.27
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mos.fie.futurecdn.net/logos/networks/4jux2ksyaejjbfha-15470429625709-100-80.png

Requested by

Host: tomsguidecoa.pages.dev
URL: https://tomsguidecoa.pages.dev/posts/netflix-and-the-cw-just-canceled-three-shows-and-people-are-upset/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.165.183.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-165-183-27.zrh55.r.cloudfront.net

Software

nginx /

Resource Hash

7cae8bac9f678b64c4c3d4955e729cc6e7fb75ca5b9cc1b4796e46913792a593

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 05:26:48 GMT
via: 1.1 2aefdd231d9806ea2eced3399f411f80.cloudfront.net (CloudFront)
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: ZRH55-P1
age: 2002132
x-cache: Hit from cloudfront
x-ftr-dc: uk-lon2
x-ftr-realm: pip
x-ftr-backend: s3-futureplc-engineering-accessors, mos
alt-svc: h3=":443"; ma=86400
content-length: 1996
x-ftr-balancer: cleversafe-proxy-1, bulkproxyprodred
x-ftr-request-id: 00000000:E96C_00000000:0050_658FAA17_669E7FD:78B9, 00000000:11B6_00000000:0050_658FAA17_1F96BF3:53A5
last-modified: Wed, 09 Jan 2019 14:09:23 GMT
server: nginx
etag: W/"38db8fad9d3107955bbcac98e2e88f5e"
content-type: image/png
x-ftr-backend-server: cs-acc-s3-futureplc-engineering-5.corp, mos05
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: pmMxXb6q4uN5E3kRVg1IJwil60gAsdV4d_KO9sYgTv_s65vpgMrM4A==
access-control-allow-method: GET,OPTIONS
expires: Mon, 29 Jan 2024 05:26:48 GMT

GET
H2 200 x4mavtpdopla3hjg-15735685231975-100-80.png
mos.fie.futurecdn.net/logos/networks/ 6 KB
6 KB 179ms
71ms Image
image/png 18.165.183.27
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mos.fie.futurecdn.net/logos/networks/x4mavtpdopla3hjg-15735685231975-100-80.png

Requested by

Host: tomsguidecoa.pages.dev
URL: https://tomsguidecoa.pages.dev/posts/netflix-and-the-cw-just-canceled-three-shows-and-people-are-upset/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.165.183.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-165-183-27.zrh55.r.cloudfront.net

Software

nginx /

Resource Hash

db7b9448a2c535230aa677bd472eeac811b4ded4fd51b978dc19fa4ef2c5c2c6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 23:14:27 GMT
via: 1.1 2aefdd231d9806ea2eced3399f411f80.cloudfront.net (CloudFront)
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: ZRH55-P1
age: 1074070
x-cache: Hit from cloudfront
x-ftr-dc: uk-lon2
x-ftr-realm: pip
x-ftr-backend: s3-futureplc-engineering-accessors, mos
alt-svc: h3=":443"; ma=86400
content-length: 5750
x-ftr-balancer: cleversafe-proxy-2, bulkproxyprodred
x-ftr-request-id: 00000000:D41E_00000000:0050_659DD355_EEF99F1:17F4E, 00000000:6812_00000000:0050_659DD350_3E5E060:53A5
last-modified: Tue, 12 Nov 2019 14:22:04 GMT
server: nginx
etag: "8fe0b7fcafa3b3c7c6f4e216677925e4"
content-type: image/png
x-ftr-backend-server: cs-acc-s3-futureplc-engineering-4.corp, mos03
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: CuMgcDpKHWgK5htj3xQn5wN05OA1VaUp-1rHanlwB0DxlF31nLT6MA==
access-control-allow-method: GET,OPTIONS
expires: Thu, 08 Feb 2024 23:14:27 GMT

GET
H2 200 i2sugv8sipbctrqt-15470432987395-100-80.png
mos.fie.futurecdn.net/logos/networks/ 2 KB
3 KB 190ms
82ms Image
image/png 18.165.183.27
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mos.fie.futurecdn.net/logos/networks/i2sugv8sipbctrqt-15470432987395-100-80.png

Requested by

Host: tomsguidecoa.pages.dev
URL: https://tomsguidecoa.pages.dev/posts/netflix-and-the-cw-just-canceled-three-shows-and-people-are-upset/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.165.183.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-165-183-27.zrh55.r.cloudfront.net

Software

nginx /

Resource Hash

04a8e9e7155d989eb4bdaaa902fc5f984b39c75f5b4ab6e4a3e76cb0823cb8e4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 08:04:54 GMT
via: 1.1 2aefdd231d9806ea2eced3399f411f80.cloudfront.net (CloudFront)
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: ZRH55-P1
age: 1301444
x-cache: Hit from cloudfront
x-ftr-dc: uk-lon2
x-ftr-realm: pip
x-ftr-backend: s3-futureplc-engineering-accessors, mos
alt-svc: h3=":443"; ma=86400
content-length: 2403
x-ftr-balancer: cleversafe-proxy-2, bulkproxyprodred
x-ftr-request-id: 00000000:90F7_00000000:0050_659A5B27_61D1E5E:17F4D, 00000000:2C32_00000000:0050_659A5B27_3715B0B:53A5
last-modified: Wed, 09 Jan 2019 14:14:59 GMT
server: nginx
etag: "d29da5c09f5efb68cd6d3f9320b8270b"
content-type: image/png
x-ftr-backend-server: cs-acc-s3-futureplc-engineering-3.corp, mos03
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: yFib64zzjaVEReXlnlqIpVCaHgA1ovtOVzt_WbLopQIc6RxVEPoNIA==
access-control-allow-method: GET,OPTIONS
expires: Tue, 06 Feb 2024 08:04:54 GMT

GET
H2 200 sfp.js Show response
friendshipmale.com/ 83 KB
27 KB 545ms
159ms Script
application/javascript 104.21.234.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://friendshipmale.com/sfp.js

Requested by

Host: mentallyissue.com
URL: https://mentallyissue.com/6e/2d/fc/6e2dfcd302096687d74df82cf0da4496.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.234.32 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:35:40 GMT
strict-transport-security: max-age=0; includeSubdomains
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
alt-svc: h3=":443"; ma=86400
x-request-id: dfd209d82d19432fa399f98bbf7b053d
last-modified: Mon, 22 Jan 2024 09:35:40 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3HxtTS2%2BKQvHZslONEUc25G2Eu8lmXPM9iV%2BWftbwX1jbWpJyPjw%2Byyqq8g9GmUSUeb4NAN%2F5ZQE1H2GTQCHJsyXTg8LW037QJ5npur6f%2FO5x7cnErw8l26To6wCnpcumvYHKh8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 8496cee4b8403757-MXP
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 stats Show response
proftrafficcounter.com/ 40 B
306 B 151ms
36ms XHR
text/html 3.121.75.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://proftrafficcounter.com/stats
Requested by: Host: mentallyissue.com
URL: https://mentallyissue.com/6e/2d/fc/6e2dfcd302096687d74df82cf0da4496.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.121.75.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-75-187.eu-central-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: 42bf5875c352cb1d5df2c2f2681ff31d0cc561548aedfa5208bfdc6b66e90967

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin: https://tomsguidecoa.pages.dev
date: Mon, 22 Jan 2024 09:35:40 GMT
access-control-allow-credentials: true
server: fasthttp
content-length: 40
vary: Origin
content-type: text/html; charset=UTF-8

GET
H2 200 js15_as.js Show response
s10.histats.com/ 11 KB
5 KB 427ms
48ms Script
text/javascript 104.20.80.99
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s10.histats.com/js15_as.js
Requested by: Host: tomsguidecoa.pages.dev
URL: https://tomsguidecoa.pages.dev/posts/netflix-and-the-cw-just-canceled-three-shows-and-people-are-upset/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.80.99 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:35:40 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
server: cloudflare
age: 9374
etag: "-375139978"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8496cee4bd860d53-MXP
content-length: 4547

GET
H/1.1 200
OK 0.php Show response
s4.histats.com/stats/ 51 B
185 B 387ms
119ms Script
text/html 149.56.240.31
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://s4.histats.com/stats/0.php?4595848&@f16&@g1&@h1&@i1&@j1705916140331&@k0&@l1&@mNetflix%20And%20The%20Cw%20Just%20Canceled%20Three%20Shows%20And%20People%20Are%20Upset%20%7C%20tomsguide&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:125366425&@b3:1705916140&@b4:js15_as.js&@b5:60&@a-_0.2.1&@vhttps%3A%2F%2Ftomsguidecoa.pages.dev%2Fposts%2Fnetflix-and-the-cw-just-canceled-three-shows-and-people-are-upset%2F&@w
Requested by: Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.240.31 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns534110.ip-149-56-240.net
Software: /
Resource Hash: 24b46ca679fcf0cc927befc21be37e3a0e004d8d615234c3f83e14e717c23a40

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 22 Jan 2024 09:35:37 GMT
Connection: close
Content-Length: 51
Content-Type: text/html;charset=UTF-8

GET
H/1.1 200
OK sbar.json Show response
lostcorky.com/ 6 KB
5 KB 867ms
613ms XHR
text/plain 192.243.59.13
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lostcorky.com/sbar.json?key=6e2dfcd302096687d74df82cf0da4496&uuid=702b893c-4e66-44fd-9bfd-454496923c46%3A1%3A1

Requested by

Host: mentallyissue.com
URL: https://mentallyissue.com/6e/2d/fc/6e2dfcd302096687d74df82cf0da4496.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

07483cd5d7ddce0b709165bffcdac95cac7c8804e373ed6be585b8a3fc725b64

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 22 Jan 2024 09:35:41 GMT
Custom-Referer: https://tomsguidecoa.pages.dev
Content-Encoding: gzip
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://tomsguidecoa.pages.dev
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Request-ID: 4d807724d6c36f4c6913780a65ab0ba6
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK pxf.gif
unseenreport.com/ 1 B
425 B 396ms
120ms Image
image/gif 192.243.59.13
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://unseenreport.com/pxf.gif?uuid=702b893c-4e66-44fd-9bfd-454496923c46&eb=33f93ff28a290334f62b93270ee6d095&te=713b63649efa506845fb3bc23d2c8693&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F120.0.6099.224%20Safari%2F537.36&dev=r&res=14.31&b_frame=0&pk=6e2dfcd302096687d74df82cf0da4496&bl=en-US&sr=1200x1600&sz=1200x1600&hjs=10

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 22 Jan 2024 09:35:41 GMT
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 1
X-Request-ID: 2de853748731733faf185480b215dc9d
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 index.html Show response
cdn.yourwebbars.com/sb/interstitial/software/flash/multi/2/ 2 KB
962 B 1049ms
614ms XHR
text/html 172.67.74.218
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.yourwebbars.com/sb/interstitial/software/flash/multi/2/index.html
Requested by: Host: mentallyissue.com
URL: https://mentallyissue.com/6e/2d/fc/6e2dfcd302096687d74df82cf0da4496.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.74.218 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f9d30e4c63260fc23122fab2bb70483d342972a0118a0ca72d0935b8e5a20d3

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:35:42 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 19 Jan 2024 14:19:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MFxrviTMUzBK0oguT6tMLPIXBjha5x0zlLZv00rB7QeaWt3KICAGigVocPQcGjdx%2FNHJ0pyGLdRAfxmOt2AVS%2FAcTigs3VcnUzgj20iEzo%2FDIPKcFo2JZSIU5nPGxDsppGLsmOE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: public, max-age=315360000
cf-ray: 8496ceedaab8baa0-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK ren.gif
lostcorky.com/ 7 B
641 B 336ms
335ms Image
image/gif 192.243.59.13
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lostcorky.com/ren.gif?sid=H4sIAAAAAAAC%2F1yST4gcxRfHq5Pw%2Bx30ogdFRGjBQ4LZ2f43PTNEDPlj4rqJhmRlr1ZXVc%2BWW9PVVFVPb%2FYUDEq8jRcNeOn9zm4W%2FwU9eFOU2YDKgsh4cS97EY%2BCF4%2BCzO7Cgg%2Ba9%2Fp932v4fPu9t1HtkxAV3XPX9bpUis63W4F%2FelkWXNfWf33JD4NWcM5flkWanPPX0uSMf6EslVgW2aJ08%2B2404pT%2F%2FTiq0vXr531lVwV%2FlXBVvUZ%2F9KK0QMxH0ZBK2ilQa%2FXiqLEv0VzauTRHmT5MOy2W2Gv20qjmY4189%2BOrTxY6oEP98mTkHz6%2BE%2F%2Bj5BsgmLw5WVhV50uz74yqBR12mDIt98sVgtdFxgcl7nxkBfbR9PQdkrI%2FRPQxfYRKfRwc0aKTE6J98%2FLyIoHhwDIhuMwCpApSIeMP416OIFQE0g6AdN3IbkC41hYQjHYWnBU3T6U6Eyakv999A1kPSX%2Ff%2Fc%2BisEXV5XOqPJv6soJg7W8gVybQPYnKKsduHUPst4Bc%2B9A8p9JoM7NvnpdKlpA8r0XOkGUdXsxm0tEms4lSc7nelnO55J2kvTSXhSzJD0wR8oJZD6BEiNQ66GaPdJDlXuoSg8DvueLOOE8jBLWYzwMw6wdxYnohhGjebebhAIVmzGM4MoRmBqBmTsozR2syhFM9T3sSgPLPVhHMOQNakFQW4KaEtSSoHYE9bDZ4spGtnnAla2y8ChHRzluxtr1N%2BiWdn1REFAz2ij3yRMz87yn5l%2FCqtjzUxHxnPE4iIJemnY7vJPwvBuxPOB0Bg4rG0h74gB1XU7JMwunUMopOfHhLWR0B1btgMmToNVzoPW4EwWgK%2BOkG2C9%2BNrp0slS2lamdN%2BW2rWYHoDrBqU7BXfb21D75NmDv%2FnaDy9CsN3zv%2FmPPt76fQnMNChNg7flI4K%2Buje%2BqWuyeVPXlnz1RunkQK5TJ3Vxy1EnTn26KG7X2vCFy3b0yQU2E2bl50vCumu04LLoW%2FLZRcm5MFe0YYJ8u2CXRXajsisXK1NU5bUbl64sDEojrJW6mIDO7vXS32BySh67sX1wv8%2FXi5BmAlM1GFS75Cgg9Q5YeQe23D0%2F%2BeWPty6834HVBEYdz2Slh7pqxibKjptKEihx%2FE6zBlYcm5CJ3e%2F%2BOtTGhs62qWw27D30jQfq7qIYNBiaBkPVgKoRbHVy7Eqze%2F7X%2BCCQKW%2BcKeNtZsqoDw5ttnLPTyIe9yKWtmmcxUkcZmEnTYK828lFnPF2B85OxcP0z38BAAD%2F%2FwEAAP%2F%2FZj1Kt8kEAAA%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 22 Jan 2024 09:35:41 GMT
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 7
X-Request-ID: edb8b35da9a441e20ad2208e6abd5b05
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 style.css Show response
cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/css/ 6 KB
2 KB 705ms
303ms XHR
text/css 172.64.130.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/css/style.css
Requested by: Host: mentallyissue.com
URL: https://mentallyissue.com/6e/2d/fc/6e2dfcd302096687d74df82cf0da4496.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.130.3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 273e92086cf737823b8a77e794ae16085c04a5273d123bc3222822fcaeb48e05

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:35:43 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jan 2024 14:19:30 GMT
server: cloudflare
etag: W/"65aa84f2-1870"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=smfwVfWg5vsoVhiXrG%2BNaVFYlJwK5xSUKBrEIIkWfTEFRuCRBnsK9EaRJcKK%2FbAQQ5l%2FUnCzBVPoqCHxfbt9gTOPK459St9jnXveVS2XlIOiEEEXS7sgWhp7Nrw7h6KFiDpE2IgYT8Im"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: public, max-age=315360000
cf-ray: 8496cef42fa54dc0-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK sbls
lostcorky.com/pixel/ 0
469 B 113ms
113ms Image
text/plain 192.243.59.13
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lostcorky.com/pixel/sbls?bv=24.4.2063&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Finterstitial%2Fsoftware%2Fflash%2Fmulti%2F2%2Findex.html&l=1631&fd=1049.9000005722046
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.19.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 22 Jan 2024 09:35:42 GMT
Server: nginx/1.19.5
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Cache-Control: no-cache
Connection: keep-alive
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 close.svg
cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/img/ Frame FF5E 1 KB
1 KB 428ms
40ms Image
image/svg+xml 172.64.130.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/img/close.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.130.3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:35:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6480539
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 30 Sep 2021 13:29:05 GMT
server: cloudflare
etag: W/"6155bba1-4ff"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hGQuCOYvFmnATTc5swsihGIHFghttxjkPU5uWJq%2BGWS%2FgEbOStdaygMEsqTfNoVW4Px2uUd9jGWhHaspNJN2aWqo5Q%2BrVmnfq2uuKzf4qwB0ohXYhCmxC4v0e4k%2BU5GPtBTWs3t5ZGZR"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: public, max-age=315360000
cf-ray: 8496cef49db03737-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fine.png
cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/img/ Frame FF5E 7 KB
7 KB 429ms
42ms Image
image/png 172.64.130.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/img/fine.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.130.3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4c14d0156315e5c1655e51cf2478e5e350772b1bf3ec62f17e01fe18ea01cbe

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:35:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4600920
alt-svc: h3=":443"; ma=86400
content-length: 7308
last-modified: Thu, 30 Sep 2021 13:29:06 GMT
server: cloudflare
etag: "6155bba2-1c8c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NQKasLXnSw9gfLaPLk0PPt8Zx1qmJiHnJe7kNh5s%2FCs2UKrQbheRbtbXB0dnYa5P0EuMAW86K1be%2FCmygT4OcQM6wq8jC1Z2GS1fTuMeJWR9Gsrm3jI9mz6aU%2BQlQPzmzgyixEzrDRRu"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 8496cef49db23737-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/js/ Frame FF5E 85 KB
31 KB 447ms
60ms Script
application/javascript 172.64.130.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/js/jquery.min.js
Requested by: Host: mentallyissue.com
URL: https://mentallyissue.com/6e/2d/fc/6e2dfcd302096687d74df82cf0da4496.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.130.3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:35:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4501401
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 30 Sep 2021 13:29:08 GMT
server: cloudflare
etag: W/"6155bba4-15391"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wiASBFXCCJ17fUsTsFesRU6pcmnFXYA%2FPNPWB17ko3NFe7NeCQeuOA9A04F9A6Woqi8DsLJO3Ji7whjDDS%2Fvw%2BOItIRx%2BjCpQ6cg%2F9hGD1JT0Ch1vNhxz0awV3meSw7NPL3k8X4R4U01"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: public, max-age=315360000
cf-ray: 8496cef49db43737-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 script.js Show response
cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/js/ 20 KB
8 KB 402ms
402ms XHR
application/javascript 172.64.130.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/js/script.js
Requested by: Host: mentallyissue.com
URL: https://mentallyissue.com/6e/2d/fc/6e2dfcd302096687d74df82cf0da4496.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.130.3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c7017f080260371622bffa59e57591c58271e6184fc55aa8f4c4f23359e9f9c

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:35:43 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jan 2024 14:19:30 GMT
server: cloudflare
etag: W/"65aa84f2-51ec"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o90GyjcLlWF7hGVEqd3EaXQqdvDajasHRq%2FlSazwWpIHGI8g5L7L0%2BrWh3o4wQnZJMd3o3Gh0o768ybH6AZcYzpLY2Juo9nTTyjshsENqC7KlEAFnb34i2JYC4x%2FRwapU2d4VbsZ%2F1j3"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: public, max-age=315360000
cf-ray: 8496cef528d94dc0-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK sbls
lostcorky.com/pixel/ 0
469 B 122ms
122ms Image
text/plain 192.243.59.13
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lostcorky.com/pixel/sbls?bv=24.4.2063&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fflash%2Fmulti%2F2%2Fcss%2Fstyle.css&l=6256&fd=706.5
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.19.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 22 Jan 2024 09:35:43 GMT
Server: nginx/1.19.5
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Cache-Control: no-cache
Connection: keep-alive
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK sbls
lostcorky.com/pixel/ 0
469 B 115ms
114ms Image
text/plain 192.243.59.13
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lostcorky.com/pixel/sbls?bv=24.4.2063&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fflash%2Fmulti%2F2%2Fjs%2Fscript.js&l=17311&fd=412.5999994277954
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.19.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 22 Jan 2024 09:35:43 GMT
Server: nginx/1.19.5
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Cache-Control: no-cache
Connection: keep-alive
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK impr.gif
lostcorky.com/ 7 B
641 B 231ms
122ms Image
image/gif 192.243.59.13
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lostcorky.com/impr.gif?sid=H4sIAAAAAAAC%2F1yST4gcxRfHq5Pw%2Bx30ogdFRGjBQ4LZ2f63PTNEDPlj4rqJhmRlr1ZXVc%2BWW9PVVFVPb%2FYUDEq8jRcNeOn9zm4W%2FwU9eFOU2YDKgsh4cS97EY%2BCF4%2BCzO7Agg%2Ba9%2Fp932v4fPu9t1kdkBAV3XfX9YZUis4vtAL%2F9IosuK6t%2F%2FqyHwat4Jy%2FIos0Oeevp8kZ%2F0JZKrEisiXp5hfiditO%2FdNLry5fv3bWV3JN%2BFcFW9Nn%2FEurRvfFfBgFraCVBt1uK4oS%2FxbNqZGzPcjyYdhZaIXdTiuNpjrWzX87tvJgqQc%2BOCBPQvLJ4z%2F5P0KyMYr%2Bl5eFXXO6PPtKv1LUaYMB33mzWCt0XaB%2FXObGQ17szKah7YSQ%2Byegi50ZKfRga0qKTE6I98%2FLyIoHRwDIBqMwCpApSIeMP416MIZQY0g6BtN3IbkC41hcRtHfXnRU3T6S6FSakP999A1kPSH%2Ff%2Fc%2Biv4XV5XOqPJv6soJg%2FW8gVwfQ%2FbGKKtduA0Pst4Fc%2B9A8p9JoM5Nv3pdKlpA8v0X2kGUdboxm0tEms4lSc7nulnO55KFJOmm3ShmSXpojpRjyHwMJYag1kM1faSHKvdQlR76fN8XccJ5GCWsy3gYhtlCFCeiE0aM5p1OEgpUbMowhCuHYGoIZu6gNHewJocw1fewqw0s92AdwYA3qAVBbQlqSlBLgtoR1INmmysb2eYBV7bKwlmOZjluRtr1Num2dj1REFAz3CwPyBNT87yn5l%2FCmtj3UxHxnPE4iIJumnbavJ3wvBOxPOB0Cg4rG0h74hB1Q07IM4unUMoJOfHhLWR0F1btgsmToNVzoPWoHQWgq6OkE2Cj%2BNrp0slS2lamdM%2BW2rWY7oPrBqU7BXfb21QH5NnDv%2FnaDy9CsL3zv%2FmPPt7%2BfRnMNChNg7flI4Keuje6qWuydVPXlnz1RulkX25QJ3Vxy1EnTn26JG7X2vDFy3b4yQU2Fabl58vCumu04LLoWfLZRcm5MFe0YYJ8u2hXRHajsqsXK1NU5bUbl64s9ksjrJW6GINO7%2FXS32ByQh67sXN4v8%2FXS5BmDFM16Fd7ZBaQehesvANb7p0f%2F%2FLHWxfeb8NqAqOOZ7LSQ101IxNlx00lCZQ4fqdZAyuOTcjE3nd%2FHWkjQ6fbVDab9h56xgN1d1H0GwxMg4FqQNUQtjo5cqXZO%2F9rfBjIlDfKlPG2MmXUB0c2W7nvJ6zDkjRLYx4ttKMkTkLB21maZzSOQxZzODsRD9M%2F%2FwUAAP%2F%2FAQAA%2F%2F%2F7Z%2BwhyQQAAA%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 22 Jan 2024 09:35:43 GMT
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 7
X-Request-ID: c5a859c94a9dfcede31985f7d5713cdf
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK sbs
lostcorky.com/pixel/ 0
469 B 348ms
115ms Image
text/plain 192.243.59.13
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lostcorky.com/pixel/sbs?c=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.19.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://tomsguidecoa.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 22 Jan 2024 09:35:43 GMT
Server: nginx/1.19.5
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Cache-Control: no-cache
Connection: keep-alive
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fake Adobe Update

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
proftrafficcounter.com/	1970-01-21 03:27:56	Name: uid_id2 Value: 702b893c-4e66-44fd-9bfd-454496923c46:1:1
tomsguidecoa.pages.dev/	1970-01-20 18:02:00	Name: dom3ic8zudi28v8lr6fgphwffqoz0j6c Value: 702b893c-4e66-44fd-9bfd-454496923c46%3A1%3A1
tomsguidecoa.pages.dev/	1970-01-21 02:37:32	Name: HstCfa4595848 Value: 1705916140331
tomsguidecoa.pages.dev/	1970-01-21 02:37:32	Name: HstCla4595848 Value: 1705916140331
tomsguidecoa.pages.dev/	1970-01-21 02:37:32	Name: HstCmu4595848 Value: 1705916140331
tomsguidecoa.pages.dev/	1970-01-21 02:37:32	Name: HstPn4595848 Value: 1
tomsguidecoa.pages.dev/	1970-01-21 02:37:32	Name: HstPt4595848 Value: 1
tomsguidecoa.pages.dev/	1970-01-21 02:37:32	Name: HstCnv4595848 Value: 1
tomsguidecoa.pages.dev/	1970-01-21 02:37:32	Name: HstCns4595848 Value: 1
tomsguidecoa.pages.dev/	1970-01-20 17:52:03	Name: sb_main_6e2dfcd302096687d74df82cf0da4496 Value: 1
tomsguidecoa.pages.dev/	1970-01-20 17:52:03	Name: sb_count_6e2dfcd302096687d74df82cf0da4496 Value: 1
lostcorky.com/	1970-01-20 17:53:22	Name: u_pl Value: 18231100
lostcorky.com/	1970-01-20 18:02:00	Name: uid_id2 Value: 702b893c-4e66-44fd-9bfd-454496923c46:1:1
lostcorky.com/	1970-01-20 17:53:22	Name: pdhtkv Value: true
lostcorky.com/	1970-01-20 17:53:22	Name: uncs Value: 1
lostcorky.com/	1970-01-20 17:53:22	Name: pdhtkv29 Value: true
lostcorky.com/	1970-01-20 17:53:22	Name: uncs29 Value: 1
lostcorky.com/	1970-01-20 17:51:56	Name: slec6e2dfcd302096687d74df82cf0da4496 Value: [4900651]
tomsguidecoa.pages.dev/	1970-01-20 17:51:56	Name: pbpr0tpuw4isk85t8yg3jb2lj5vqf Value: lostcorky.com

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://tomsguidecoa.pages.dev/apple-touch-icon.png Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.creative-bars1.com
cdn.yourwebbars.com
friendshipmale.com
lostcorky.com
mentallyissue.com
mos.fie.futurecdn.net
proftrafficcounter.com
s10.histats.com
s4.histats.com
tomsguidecoa.pages.dev
unseenreport.com
104.20.80.99
104.21.234.32
149.56.240.31
172.64.130.3
172.66.47.152
172.67.74.218
173.233.137.44
18.165.183.27
192.243.59.13
3.121.75.187
04a8e9e7155d989eb4bdaaa902fc5f984b39c75f5b4ab6e4a3e76cb0823cb8e4
07483cd5d7ddce0b709165bffcdac95cac7c8804e373ed6be585b8a3fc725b64
24b46ca679fcf0cc927befc21be37e3a0e004d8d615234c3f83e14e717c23a40
273e92086cf737823b8a77e794ae16085c04a5273d123bc3222822fcaeb48e05
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
352b833d69d98d582d603e90a6ed8023bfdc3091178d690a76fddcbad2856203
3f9d30e4c63260fc23122fab2bb70483d342972a0118a0ca72d0935b8e5a20d3
42bf5875c352cb1d5df2c2f2681ff31d0cc561548aedfa5208bfdc6b66e90967
4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de
52aa20675b2af3667fd7b51ac8442bd891f4e3a3f8364b126960864bb60cca33
7333163f8d44aacc9d622a45276fc2cbb50233fcd645bb141c7fc68ead051555
73e3b56b4c396d0d3a3d1c70d6dbadd2acb932151eb5ae5526f7577e41fd85f0
7c7017f080260371622bffa59e57591c58271e6184fc55aa8f4c4f23359e9f9c
7cae8bac9f678b64c4c3d4955e729cc6e7fb75ca5b9cc1b4796e46913792a593
9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95
bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20
db7b9448a2c535230aa677bd472eeac811b4ded4fd51b978dc19fa4ef2c5c2c6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0
f4c14d0156315e5c1655e51cf2478e5e350772b1bf3ec62f17e01fe18ea01cbe

tomsguidecoa.pages.dev Open in urlscan Pro 172.66.47.152 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

27 Requests

100 %HTTPS

0 %IPv6

10 Domains

11 Subdomains

10 IPs

4 Countries

176 kBTransfer

436 kBSize

19 Cookies

6 Outgoing links

Redirected requests

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

19 Cookies

tomsguidecoa.pages.dev Open in urlscan Pro
172.66.47.152 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

27
Requests

100 %
HTTPS

0 %
IPv6

10
Domains

11
Subdomains

10
IPs

4
Countries

176 kB
Transfer

436 kB
Size

19
Cookies

27 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!