techwormnea.pages.dev Open in urlscan Pro
172.66.44.125 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://techwormnea.pages.dev/posts/netflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month/
Submission Tags: @ecarlesi possiblethreat phishing netflix Search All
Submission: On January 20 via api (January 20th 2024, 5:03:35 am UTC) from IT — Scanned from IT

Summary HTTP 23 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 10 IPs in 4 countries across 9 domains to perform 23 HTTP transactions. The main IP is 172.66.44.125, located in United States and belongs to CLOUDFLARENET, US. The main domain is techwormnea.pages.dev.
TLS certificate: Issued by GTS CA 1P5 on January 19th 2024. Valid for: 3 months.

This is the only time techwormnea.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fake Adobe Update

Domain & IP information

	IP Address	AS Autonomous System
4	172.66.44.125 172.66.44.125	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	173.233.139.164 173.233.139.164	7979 (SERVERS-COM) (SERVERS-COM)
1	104.21.234.32 104.21.234.32	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.121.75.187 3.121.75.187	16509 (AMAZON-02) (AMAZON-02)
1	104.20.79.99 104.20.79.99	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	192.243.59.12 192.243.59.12	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	149.56.240.127 149.56.240.127	16276 (OVH) (OVH)
1	192.243.59.20 192.243.59.20	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	104.26.6.19 104.26.6.19	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	172.64.130.3 172.64.130.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
23	10

4 172.66.44.125 (United States)

ASN13335 (CLOUDFLARENET, US)

techwormnea.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.233.139.164 (United States)

ASN7979 (SERVERS-COM, US)

mentallyissue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.234.32 (None, )

ASN13335 (CLOUDFLARENET, US)

friendshipmale.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.121.75.187 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-75-187.eu-central-1.compute.amazonaws.com

proftrafficcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.79.99 (None, )

ASN13335 (CLOUDFLARENET, US)

s10.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 192.243.59.12 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

tendernessexcavatorfugitive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 149.56.240.127 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ns534295.ip-149-56-240.net

s4.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.243.59.20 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

unseenreport.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.6.19 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.yourwebbars.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.64.130.3 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.creative-bars1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	tendernessexcavatorfugitive.com tendernessexcavatorfugitive.com	9 KB
5	creative-bars1.com cdn.creative-bars1.com — Cisco Umbrella Rank: 27267	49 KB
4	pages.dev techwormnea.pages.dev	53 KB
2	histats.com s10.histats.com — Cisco Umbrella Rank: 14576 s4.histats.com — Cisco Umbrella Rank: 14129	5 KB
1	yourwebbars.com cdn.yourwebbars.com — Cisco Umbrella Rank: 50056	976 B
1	unseenreport.com unseenreport.com — Cisco Umbrella Rank: 21727	425 B
1	proftrafficcounter.com proftrafficcounter.com — Cisco Umbrella Rank: 15666	305 B
1	friendshipmale.com friendshipmale.com — Cisco Umbrella Rank: 18684	27 KB
1	mentallyissue.com mentallyissue.com	16 KB
23	9

	Domain	Requested by
7	tendernessexcavatorfugitive.com	mentallyissue.com
5	cdn.creative-bars1.com	mentallyissue.com
4	techwormnea.pages.dev	techwormnea.pages.dev
1	cdn.yourwebbars.com	mentallyissue.com
1	unseenreport.com
1	s4.histats.com	s10.histats.com
1	s10.histats.com	techwormnea.pages.dev
1	proftrafficcounter.com	mentallyissue.com
1	friendshipmale.com	mentallyissue.com
1	mentallyissue.com	techwormnea.pages.dev
23	10

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.linkedin.com
reddit.com
facebook.com
api.whatsapp.com
telegram.me

Subject Issuer	Validity	Valid
techwormnea.pages.dev GTS CA 1P5	`2024-01-19` - `2024-04-18`	3 months	crt.sh
mentallyissue.com R3	`2023-12-14` - `2024-03-13`	3 months	crt.sh
friendshipmale.com Cloudflare Inc ECC CA-3	`2024-01-18` - `2024-12-31`	a year	crt.sh
proftrafficcounter.com Amazon RSA 2048 M03	`2023-11-21` - `2024-12-19`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-13` - `2024-05-11`	a year	crt.sh
tendernessexcavatorfugitive.com R3	`2024-01-17` - `2024-04-16`	3 months	crt.sh
histats.com R3	`2023-11-23` - `2024-02-21`	3 months	crt.sh
*.unseenreport.com R3	`2023-11-22` - `2024-02-20`	3 months	crt.sh
creative-bars1.com GTS CA 1P5	`2023-12-19` - `2024-03-18`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://techwormnea.pages.dev/posts/netflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month/
Frame ID: 184E8CC26AF37482853F2CBCD665DF9D
Requests: 20 HTTP requests in this frame

Frame: https://cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/img/close.svg
Frame ID: 64AB1DD50156904FAE6535E6AF66EBE5
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Netflix S Ad Supported Tier To Cost Between 7 And 9 Per Month | techworm

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

23
Requests

100 %
HTTPS

0 %
IPv6

9
Domains

10
Subdomains

10
IPs

4
Countries

160 kB
Transfer

411 kB
Size

19
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/intent/tweet/?text=Netflix%20S%20Ad%20Supported%20Tier%20To%20Cost%20Between%20%207%20And%20%209%20Per%20Month&url=https%3a%2f%2ftechwormnea.pages.dev%2fposts%2fnetflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month%2f&hashtags=

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2ftechwormnea.pages.dev%2fposts%2fnetflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month%2f&title=Netflix%20S%20Ad%20Supported%20Tier%20To%20Cost%20Between%20%207%20And%20%209%20Per%20Month&summary=Netflix%20S%20Ad%20Supported%20Tier%20To%20Cost%20Between%20%207%20And%20%209%20Per%20Month&source=https%3a%2f%2ftechwormnea.pages.dev%2fposts%2fnetflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month%2f

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https%3a%2f%2ftechwormnea.pages.dev%2fposts%2fnetflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month%2f&title=Netflix%20S%20Ad%20Supported%20Tier%20To%20Cost%20Between%20%207%20And%20%209%20Per%20Month

Search URL Search Domain Scan URL

URL: https://facebook.com/sharer/sharer.php?u=https%3a%2f%2ftechwormnea.pages.dev%2fposts%2fnetflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month%2f

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=Netflix%20S%20Ad%20Supported%20Tier%20To%20Cost%20Between%20%207%20And%20%209%20Per%20Month%20-%20https%3a%2f%2ftechwormnea.pages.dev%2fposts%2fnetflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month%2f

Search URL Search Domain Scan URL

URL: https://telegram.me/share/url?text=Netflix%20S%20Ad%20Supported%20Tier%20To%20Cost%20Between%20%207%20And%20%209%20Per%20Month&url=https%3a%2f%2ftechwormnea.pages.dev%2fposts%2fnetflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month%2f

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
techwormnea.pages.dev/posts/netflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month/ 26 KB
8 KB 611ms
137ms Document
text/html 172.66.44.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://techwormnea.pages.dev/posts/netflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.44.125 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dcda8b31d459202da8ddf2a3e2b3ba3c059ea04a234b358995b9498cea1d335f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 8484c56c8a01babd-MXP
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 20 Jan 2024 05:03:28 GMT
etag: W/"57acdbf798f8a3dbc4811d4a54ba9ad9"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WcwdCcb5MwztpTr5gJXPw9WWbyYHRwZ8tORjQ7oEjGCDv1MT3BuXtVWFuNEAYo98sTMBz1t8OFASWC38zGaGhGwB0Od5nF8veLg2RRzNjYO8CRDfFPoR3%2FvI1HSyLtJ1A9pQNxAojkA%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 stylesheet.bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20.css
techwormnea.pages.dev/assets/css/ 15 KB
5 KB 130ms
129ms Stylesheet
text/css 172.66.44.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://techwormnea.pages.dev/assets/css/stylesheet.bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20.css

Requested by

Host: techwormnea.pages.dev
URL: https://techwormnea.pages.dev/posts/netflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.44.125 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://techwormnea.pages.dev/posts/netflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month/
Origin: https://techwormnea.pages.dev
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:03:28 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"f108b214fb6120365bec7dd12fdc643d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IlfKux5v9TuS0IcoKgVZ5ci3uHozx3pEfXzHvap4yunlTwUCge338jIr8yvkVVUbBgvoYIOpaBV29zfVeX8cmcHMLXZ4dk4z3mC5gvz3RkfbCKKnswrw6C9h2euztCDWz2%2FWb4t%2BzIc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8484c56d6a49babd-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js Show response
techwormnea.pages.dev/assets/js/ 99 KB
34 KB 107ms
107ms Script
application/javascript 172.66.44.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://techwormnea.pages.dev/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js

Requested by

Host: techwormnea.pages.dev
URL: https://techwormnea.pages.dev/posts/netflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.44.125 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://techwormnea.pages.dev/posts/netflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month/
Origin: https://techwormnea.pages.dev
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:03:28 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"dda7edef669c7759f6319eb141ff1406"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C0xrjPVamSyByr1KOSC9oQ5n%2B%2F9VyqxlBAD9OUESq1sJ7xhZoCbwUTAYxf9cKLF3N0IZ5AOHCHd3TkId1Z%2B%2BZMA1UZnBzXRM7AeJ34SZAvluFr6WiH5yMN8qs0NA6lgYhb0qLjZau%2Fo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8484c56d6a4ababd-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 404 apple-touch-icon.png
techwormnea.pages.dev/ 7 KB
7 KB 132ms
132ms Image
text/html 172.66.44.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://techwormnea.pages.dev/apple-touch-icon.png

Requested by

Host: techwormnea.pages.dev
URL: https://techwormnea.pages.dev/posts/netflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.44.125 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5298e3b1f8f76c8b7c87a03ad1f4676e2644f38b21ec9436b5857589b0b533da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://techwormnea.pages.dev/posts/netflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:03:28 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ISzOgC0MF93KP3y%2FQ7n2cmJFW430DYHnwM831uDURSljaa9vgTgrXFOhgbNrlP6E02x%2FDB9j4WYb2SivURHHp2xtizt06rXK3qUHBH956EXvRfW7akxbvJGD7MQyrKIUf69j1ak5pnE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cf-ray: 8484c56d8a54babd-MXP
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK 6e2dfcd302096687d74df82cf0da4496.js Show response
mentallyissue.com/6e/2d/fc/ 42 KB
16 KB 1542ms
153ms Script
application/javascript 173.233.139.164
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://mentallyissue.com/6e/2d/fc/6e2dfcd302096687d74df82cf0da4496.js

Requested by

Host: techwormnea.pages.dev
URL: https://techwormnea.pages.dev/posts/netflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

173.233.139.164 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx/1.21.6 /

Resource Hash

33237da69facb94595818c771f53a6b0cf460ff08e29731d656b6fea052621cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://techwormnea.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sat, 20 Jan 2024 05:03:30 GMT
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
X-Request-ID: f9ee3523805275bbb95bd9889019afc4
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 sfp.js Show response
friendshipmale.com/ 83 KB
27 KB 804ms
141ms Script
application/javascript 104.21.234.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://friendshipmale.com/sfp.js

Requested by

Host: mentallyissue.com
URL: https://mentallyissue.com/6e/2d/fc/6e2dfcd302096687d74df82cf0da4496.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.234.32 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://techwormnea.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:03:31 GMT
strict-transport-security: max-age=0; includeSubdomains
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
alt-svc: h3=":443"; ma=86400
x-request-id: 83b158cf0d57954042eac8eb98ac74c3
last-modified: Sat, 20 Jan 2024 05:03:30 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=erAFNi1rEx%2F8mV%2F8Qv8Jr56sxqJnGDW5ZWL6OuqItohomG39UmWzPFQQM9j%2Bjfi1xSCMMuJWN5Mzuqvui2coqCya7AGqPCeflqJHAmndClwo%2Br7dbwguKqU4kaE7iAS7YGDu4nY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 8484c57bc8ab0e43-MXP
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 stats Show response
proftrafficcounter.com/ 40 B
305 B 161ms
39ms XHR
text/html 3.121.75.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://proftrafficcounter.com/stats
Requested by: Host: mentallyissue.com
URL: https://mentallyissue.com/6e/2d/fc/6e2dfcd302096687d74df82cf0da4496.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.121.75.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-75-187.eu-central-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: 6a72f37fff12574fcd596b59651c85f2f2ae9bb699b45662af97019c0fab0680

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://techwormnea.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin: https://techwormnea.pages.dev
date: Sat, 20 Jan 2024 05:03:30 GMT
access-control-allow-credentials: true
server: fasthttp
content-length: 40
vary: Origin
content-type: text/html; charset=UTF-8

GET
H2 200 js15_as.js Show response
s10.histats.com/ 11 KB
5 KB 685ms
55ms Script
text/javascript 104.20.79.99
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s10.histats.com/js15_as.js
Requested by: Host: techwormnea.pages.dev
URL: https://techwormnea.pages.dev/posts/netflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.79.99 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://techwormnea.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:03:31 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
server: cloudflare
age: 79448
etag: "-375139978"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8484c57bae210d66-MXP
content-length: 4547

GET
H/1.1 200
OK sbar.json Show response
tendernessexcavatorfugitive.com/ 6 KB
6 KB 666ms
361ms XHR
text/plain 192.243.59.12
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tendernessexcavatorfugitive.com/sbar.json?key=6e2dfcd302096687d74df82cf0da4496&uuid=193a9abc-5624-475f-a894-91d38de03f72%3A2%3A1

Requested by

Host: mentallyissue.com
URL: https://mentallyissue.com/6e/2d/fc/6e2dfcd302096687d74df82cf0da4496.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

9378775d88ca3fda2f7cf6c0f0f6641e29f87d57002e3d3b24384d297daf5789

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://techwormnea.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sat, 20 Jan 2024 05:03:31 GMT
Custom-Referer: https://techwormnea.pages.dev
Content-Encoding: gzip
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://techwormnea.pages.dev
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Request-ID: 41d44e301669a3ccb61f2e1a207c0798
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK 0.php Show response
s4.histats.com/stats/ 51 B
185 B 394ms
122ms Script
text/html 149.56.240.127
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://s4.histats.com/stats/0.php?4595848&@f16&@g1&@h1&@i1&@j1705727011191&@k0&@l1&@mNetflix%20S%20Ad%20Supported%20Tier%20To%20Cost%20Between%207%20And%209%20Per%20Month%20%7C%20techworm&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-29944623&@b3:1705727011&@b4:js15_as.js&@b5:60&@a-_0.2.1&@vhttps%3A%2F%2Ftechwormnea.pages.dev%2Fposts%2Fnetflix-s-ad-supported-tier-to-cost-between-7-and-9-per-month%2F&@w
Requested by: Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.240.127 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns534295.ip-149-56-240.net
Software: /
Resource Hash: 996551c937e0f400438be7617ca35bf22f09e317e0bc31592efe9498f9da4302

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://techwormnea.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sat, 20 Jan 2024 05:03:31 GMT
Connection: close
Content-Length: 51
Content-Type: text/html;charset=UTF-8

GET
H/1.1 200
OK pxf.gif
unseenreport.com/ 1 B
425 B 379ms
116ms Image
image/gif 192.243.59.20
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://unseenreport.com/pxf.gif?uuid=193a9abc-5624-475f-a894-91d38de03f72&eb=33f93ff28a290334f62b93270ee6d095&te=713b63649efa506845fb3bc23d2c8693&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F120.0.6099.224%20Safari%2F537.36&dev=r&res=14.31&b_frame=0&pk=6e2dfcd302096687d74df82cf0da4496&bl=en-US&sr=1200x1600&sz=1200x1600&hjs=6

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://techwormnea.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sat, 20 Jan 2024 05:03:31 GMT
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 1
X-Request-ID: d781259f279edff7351f86f1af413381
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 index.html Show response
cdn.yourwebbars.com/sb/interstitial/software/flash/multi/2/ 2 KB
976 B 972ms
588ms XHR
text/html 104.26.6.19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.yourwebbars.com/sb/interstitial/software/flash/multi/2/index.html
Requested by: Host: mentallyissue.com
URL: https://mentallyissue.com/6e/2d/fc/6e2dfcd302096687d74df82cf0da4496.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.19 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f9d30e4c63260fc23122fab2bb70483d342972a0118a0ca72d0935b8e5a20d3

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://techwormnea.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:03:32 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 19 Jan 2024 14:19:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lnAQd0KdGA511PzV%2FqWJ%2BZxFCHn5fzvHmYaEaU40OrFVHP1lPl7W3qa8C%2BDTCpCh%2BCv%2B3H9%2BghS3nCfKTfgaoCkhRcncjY8JQobaw2qoFBZYFQdpE9LsHGxTVuuN77RoUMV6AQA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: public, max-age=315360000
cf-ray: 8484c5815c914beb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK ren.gif
tendernessexcavatorfugitive.com/ 7 B
641 B 117ms
117ms Image
image/gif 192.243.59.12
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tendernessexcavatorfugitive.com/ren.gif?sid=H4sIAAAAAAAC%2F1ySz4scRRTHqzdBBb2YgyIqtOghwexs%2F5qeGVYM%2BWHiuokJycqCt%2Bqu6tlyq7uaqurpzZ6CQclFGC8mx97vJFk0UfTgTYnMCioLHianvaz%2FghePgszuwILv8l6%2Fz3sN32%2B9z7eqfeKjonv2itoUUtKFdstzT66KgqnauB%2BuuL7X8hbdVVHE0aK7EUen3LNlKfkqT5aFXWiHnVYYuyeX31%2B5cvm0K8U6dy%2FxdF2dcs%2BvaZXzBT%2FwWl4r9nq9VhBE7g2aUS1mexDld3633fJ73VYcTDk29P87pnJgqAM22CcnINjkhT%2Fc3yHSMYr8%2BwvcrFtVnn4vryS1SmPAtj8q1gtVF8iPykw7yIrt2TSUmRBybw6q2J4phRrcnypFIibE%2BfddJMXDQwFIBiM%2F8JBICIuEvYx6MAaXYwg6RqpuQzCJlGFpBUX%2BYMlSefMQ0SmakGfu%2FgRRT8izn91DkX97SaqESve6qizX2MgaiI0xRH%2BMstqB3XQg6h2k9lMI9ifx5OL0r1eEpAUE23vL74W0R5N0vh0H0XzUaWfztNuL5ns%2BC7uMe2HWCQ7MEWIMkY0h%2BRDUzKEyDirhoMocVKWDnO25PIwY84Mo7aXM9%2F2kHYQR7%2FpBSrNuN%2FI5qnSqYQhbDpHKIVJ9C6W%2BhXUxhK5%2BgVlrYJgDYwkGrEHNCWpDUFOCWhDUlqAeNA%2BYNIFpHjJpqsSf5WCWw2akbH%2BLPlC2zwsCqodb5T55cWqe89LCO1jne27MA5alLPQCrxfH3Q7rRCzrBmnmMRpFvRhGNBBmDtQ42BQT8srScZRiQua%2BuoGE7sDIHaTiGGj1Omg96gQe6Noo6nrYLH60qrSiFKaVSNU3pbKtVOVgqkFpj8PedLbkPnn14DU%2F%2BO1t8HT3zNMTxd0vrv6FVDcodYNPxK8EfXlndF3V5P51VRvyw9XSilxsUitUccNSy49%2Fs8xv1kqzpQtm%2BPXZdAqm5eMVbuxlWjBR9A15dE4wxvVFpVNOfl4yqzy5Vpm1c5UuqvLytfMXl%2FJSc2OEKsag03s9%2Fw9SMSHPX9s%2BuN836mUIPYauGuTVLpkFhNpBWt6CKXfPPFlkH7%2F2%2BDkYRaDl0UxSOqirZqSD5KgpBYHkR980aWD4kQkJ333y9yEbaTrdpqLZMnfQ1w6ovY0ibzDQDQayAZVDmOrYyJZ698zT8CCQSGeUSO3cT6SWXx7abMSeGwUs7AVp3KZhEkahn%2FidOPKybifjYcLaHVgz4Y9W3vwPAAD%2F%2FwEAAP%2F%2FowVjNckEAAA%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://techwormnea.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sat, 20 Jan 2024 05:03:31 GMT
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 7
X-Request-ID: 5b4e6dbf5cce4e287418607207337c7f
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 style.css Show response
cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/css/ 6 KB
2 KB 712ms
286ms XHR
text/css 172.64.130.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/css/style.css
Requested by: Host: mentallyissue.com
URL: https://mentallyissue.com/6e/2d/fc/6e2dfcd302096687d74df82cf0da4496.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.130.3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 273e92086cf737823b8a77e794ae16085c04a5273d123bc3222822fcaeb48e05

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://techwormnea.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:03:33 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jan 2024 14:19:30 GMT
server: cloudflare
etag: W/"65aa84f2-1870"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q3m5Sbm6%2FMWSaE141VWU2V5SOmQNjBMeZTdsXQGbxhaz5n7fmHCY33D4YFFz39TjSz%2BFstRYloNYKrlTMSQrs1a9FN8nddsiAKPklkcBLaUfwrW0G6Q%2BuLm1UQGw9JZFQbIZ4lGr6Jz%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: public, max-age=315360000
cf-ray: 8484c587ca4939d6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK sbls
tendernessexcavatorfugitive.com/pixel/ 0
469 B 114ms
114ms Image
text/plain 192.243.59.12
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tendernessexcavatorfugitive.com/pixel/sbls?bv=23.51.2179&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Finterstitial%2Fsoftware%2Fflash%2Fmulti%2F2%2Findex.html&l=1631&fd=972.9000005722046
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.19.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://techwormnea.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sat, 20 Jan 2024 05:03:32 GMT
Server: nginx/1.19.5
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Cache-Control: no-cache
Connection: keep-alive
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 close.svg
cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/img/ Frame 64AB 1 KB
914 B 473ms
74ms Image
image/svg+xml 172.64.130.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/img/close.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.130.3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:03:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6143493
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 30 Sep 2021 13:29:05 GMT
server: cloudflare
etag: W/"6155bba1-4ff"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UTmjchwXIlozszgEjYijP5%2FqeB9V3spB3%2BGFejyTTXOMsEILF0ZVd7pX%2BbMAgQy9sRwCE3k1OO8ZC4CWq1fmTtWRVPeUttYjKgTwEMl6UiX43at%2FbuqmCDWWVQGcg0iLj53FRnkuaiMI"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: public, max-age=315360000
cf-ray: 8484c58859a93a64-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fine.png
cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/img/ Frame 64AB 7 KB
8 KB 462ms
63ms Image
image/png 172.64.130.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/img/fine.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.130.3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4c14d0156315e5c1655e51cf2478e5e350772b1bf3ec62f17e01fe18ea01cbe

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:03:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1617647
alt-svc: h3=":443"; ma=86400
content-length: 7308
last-modified: Thu, 30 Sep 2021 13:29:06 GMT
server: cloudflare
etag: "6155bba2-1c8c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=44kuKanCt2%2B2%2BeLr8L417X6kfsIqVRL%2B37k%2B8HdP5DoGzdU79kYoUIlxRTD2Ng1MIKlI%2Fm%2B3qs3DozHISXrFkKLQylj6mSI2cUgqrsjLT5Dp82hs04SwgdXKQ5pSjIJu9Tg%2B33T18mJx"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 8484c58859ab3a64-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/js/ Frame 64AB 85 KB
31 KB 473ms
75ms Script
application/javascript 172.64.130.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/js/jquery.min.js
Requested by: Host: mentallyissue.com
URL: https://mentallyissue.com/6e/2d/fc/6e2dfcd302096687d74df82cf0da4496.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.130.3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:03:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4317805
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 30 Sep 2021 13:29:08 GMT
server: cloudflare
etag: W/"6155bba4-15391"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d%2FHAJDS41ZzZfjqoQukaHNx1Luv4B6%2BSsBCwMx8H%2FakjaTSVOozeLlRXS6TjyRN%2F%2BEuxnAK%2F56NE6AlZ7qYcY11csGgVsQE%2FkRnqVGjBPByofhLrnijFdv47Dk9BHZyAjRvZ6vuRBY0R"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: public, max-age=315360000
cf-ray: 8484c58859aa3a64-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 script.js Show response
cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/js/ 20 KB
8 KB 409ms
408ms XHR
application/javascript 172.64.130.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.creative-bars1.com/sb/interstitial/software/flash/multi/2/js/script.js
Requested by: Host: mentallyissue.com
URL: https://mentallyissue.com/6e/2d/fc/6e2dfcd302096687d74df82cf0da4496.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.130.3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c7017f080260371622bffa59e57591c58271e6184fc55aa8f4c4f23359e9f9c

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://techwormnea.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:03:33 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jan 2024 14:19:30 GMT
server: cloudflare
etag: W/"65aa84f2-51ec"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s84gZfON%2Bw41mIgq6sI2MG9rVQGWU%2BcxuisCMQeYfeTbiXaiw1kuWA3Qjb0G1EEh8WcdrGlFe%2F4OR%2F7D8Yg%2F78MevuEbowfw4uqSeyKpBkRber24vVJRMuC9xxX5GsR3QI%2B3N9DCoAHg"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: public, max-age=315360000
cf-ray: 8484c588fadd39d6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK sbls
tendernessexcavatorfugitive.com/pixel/ 0
469 B 113ms
113ms Image
text/plain 192.243.59.12
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tendernessexcavatorfugitive.com/pixel/sbls?bv=23.51.2179&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fflash%2Fmulti%2F2%2Fcss%2Fstyle.css&l=6256&fd=713.6999998092651
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.19.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://techwormnea.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sat, 20 Jan 2024 05:03:33 GMT
Server: nginx/1.19.5
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Cache-Control: no-cache
Connection: keep-alive
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK sbls
tendernessexcavatorfugitive.com/pixel/ 0
469 B 132ms
131ms Image
text/plain 192.243.59.12
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tendernessexcavatorfugitive.com/pixel/sbls?bv=23.51.2179&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fflash%2Fmulti%2F2%2Fjs%2Fscript.js&l=17311&fd=421.8999996185303
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.19.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://techwormnea.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sat, 20 Jan 2024 05:03:33 GMT
Server: nginx/1.19.5
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Cache-Control: no-cache
Connection: keep-alive
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK impr.gif
tendernessexcavatorfugitive.com/ 7 B
641 B 119ms
118ms Image
image/gif 192.243.59.12
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tendernessexcavatorfugitive.com/impr.gif?sid=H4sIAAAAAAAC%2F1ySz4scRRTHqzdBBb2YgyIqtOghwexs%2F9qeGVYM%2BWHiuokJycqCt%2Bqq6tlya7qaqurpzZ6CQclFGC8mx97vJFk0UfTgTYnMCioLHianvaz%2FghePgszuwoLv8l6%2Fz3sN32%2B9zzerPRKiorvuit6QStG5%2BVbgn1yRBde19T9c9sOgFSz4K7JIkwV%2FPU1O%2BWfLUokVkS1JNzcft1tx6p9cen%2F5yuXTvpJrwr8k2Jo%2B5Z9fNbov5sIoaAWtNOh2W1GU%2BDdoTo083IMsvws7862w22ml0ZRj3fy%2FYysPlnrggz1yApJPXvjD%2Fx2SjVH0v78g7JrT5en3%2BpWiThsM%2BNZHxVqh6wL9ozI3HvJi63Aa2k4IuTcDXWwdKoUe3J8qRSYnxPv3XWTFwwMByAajMAqQKUiHjL%2BMejCGUGNIOgbTtyG5AuNYXEbRf7DoqLp5gOgUTcgzd3%2BCrCfk2c%2Fuoeh%2Fe0npjCr%2Fuq6cMFjPG8j1MWRvjLLahtvwIOttMPcpJP%2BTBGph%2BtcrUtECku%2B%2BFXZj2qUZm51Po2Q2ac%2Fns7TTTWa7IY87XARx3o72zZFyDJmPocQQ1M6gsh4q6aHKPVSlhz7f9UWccB5GCesyHoZhNh%2FFieiEEaN5p5OEAhWbahjClUMwNQQzt1CaW1iTQ5jqF9jVBpZ7sI5gwBvUgqC2BDUlqCVB7QjqQfOAKxvZ5iFXtsrCwxwd5rgZadfbpA%2B064mCgJrhZrlHXpya57009w7WxK6fiojnjMdBFHTTtNPm7YTnnYjlAadJ0k1hZQNpZ0Cthw05Ia8sHkcpJ2TmqxvI6Das2gaTx0Cr10HrUTsKQFdHSSfARvGj06WTpbStTOmeLbVrMd0H1w1Kdxzuprep9sir%2B6%2F5wW9vQ7CdM09PFHe%2FuPoXmGlQmgafyF8JeurO6Lquyf3rurbkh6ulk325QZ3UxQ1HnTj%2BzZK4WWvDFy%2FY4ddn2RRMy8fLwrrLtOCy6Fny6JzkXJiL2jBBfl60KyK7VtnVc5UpqvLytfMXF%2FulEdZKXYxBp%2Fd6%2Fh8wOSHPX9vav9836iVIM4apGvSrHXIYkHobrLwFW%2B6cebLAP37t8XOwmsCoo5ms9FBXzchE2VFTSQIljr5p1sCKIxMysfPk7wM2MnS6TWWzae%2BgZzxQdxtFv8HANBioBlQNYatjI1eanTNP4%2F1AprxRpox3P1NGfXlgs5W7fsI6LEmzNObRfDtK4iQUvJ2leUbjOGQxh7MT8Wj5zf8AAAD%2F%2FwEAAP%2F%2FPl%2FFo8kEAAA%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://techwormnea.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sat, 20 Jan 2024 05:03:34 GMT
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 7
X-Request-ID: c207d925efb813d2faf9d52990d8b947
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK sbs
tendernessexcavatorfugitive.com/pixel/ 0
469 B 238ms
118ms Image
text/plain 192.243.59.12
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tendernessexcavatorfugitive.com/pixel/sbs?c=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.19.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://techwormnea.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sat, 20 Jan 2024 05:03:34 GMT
Server: nginx/1.19.5
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Cache-Control: no-cache
Connection: keep-alive
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fake Adobe Update

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
proftrafficcounter.com/	1970-01-21 03:24:47	Name: uid_id2 Value: 193a9abc-5624-475f-a894-91d38de03f72:2:1
techwormnea.pages.dev/	1970-01-20 17:58:51	Name: dom3ic8zudi28v8lr6fgphwffqoz0j6c Value: 193a9abc-5624-475f-a894-91d38de03f72%3A2%3A1
techwormnea.pages.dev/	1970-01-20 17:48:54	Name: sb_main_6e2dfcd302096687d74df82cf0da4496 Value: 1
techwormnea.pages.dev/	1970-01-20 17:48:54	Name: sb_count_6e2dfcd302096687d74df82cf0da4496 Value: 1
techwormnea.pages.dev/	1970-01-21 02:34:23	Name: HstCfa4595848 Value: 1705727011191
techwormnea.pages.dev/	1970-01-21 02:34:23	Name: HstCla4595848 Value: 1705727011191
techwormnea.pages.dev/	1970-01-21 02:34:23	Name: HstCmu4595848 Value: 1705727011191
techwormnea.pages.dev/	1970-01-21 02:34:23	Name: HstPn4595848 Value: 1
techwormnea.pages.dev/	1970-01-21 02:34:23	Name: HstPt4595848 Value: 1
techwormnea.pages.dev/	1970-01-21 02:34:23	Name: HstCnv4595848 Value: 1
techwormnea.pages.dev/	1970-01-21 02:34:23	Name: HstCns4595848 Value: 1
tendernessexcavatorfugitive.com/	1970-01-20 17:50:13	Name: u_pl Value: 18231100
tendernessexcavatorfugitive.com/	1970-01-20 17:58:51	Name: uid_id2 Value: 193a9abc-5624-475f-a894-91d38de03f72:2:1
tendernessexcavatorfugitive.com/	1970-01-20 17:50:13	Name: pdhtkv Value: true
tendernessexcavatorfugitive.com/	1970-01-20 17:50:13	Name: uncs Value: 1
tendernessexcavatorfugitive.com/	1970-01-20 17:50:13	Name: pdhtkv29 Value: true
tendernessexcavatorfugitive.com/	1970-01-20 17:50:13	Name: uncs29 Value: 1
tendernessexcavatorfugitive.com/	1970-01-20 17:48:47	Name: slec6e2dfcd302096687d74df82cf0da4496 Value: [4900651]
techwormnea.pages.dev/	1970-01-20 17:48:47	Name: pbpr0tpuw4isk85t8yg3jb2lj5vqf Value: tendernessexcavatorfugitive.com

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://techwormnea.pages.dev/apple-touch-icon.png Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.creative-bars1.com
cdn.yourwebbars.com
friendshipmale.com
mentallyissue.com
proftrafficcounter.com
s10.histats.com
s4.histats.com
techwormnea.pages.dev
tendernessexcavatorfugitive.com
unseenreport.com
104.20.79.99
104.21.234.32
104.26.6.19
149.56.240.127
172.64.130.3
172.66.44.125
173.233.139.164
192.243.59.12
192.243.59.20
3.121.75.187
273e92086cf737823b8a77e794ae16085c04a5273d123bc3222822fcaeb48e05
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
33237da69facb94595818c771f53a6b0cf460ff08e29731d656b6fea052621cd
3f9d30e4c63260fc23122fab2bb70483d342972a0118a0ca72d0935b8e5a20d3
4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de
5298e3b1f8f76c8b7c87a03ad1f4676e2644f38b21ec9436b5857589b0b533da
6a72f37fff12574fcd596b59651c85f2f2ae9bb699b45662af97019c0fab0680
7c7017f080260371622bffa59e57591c58271e6184fc55aa8f4c4f23359e9f9c
9378775d88ca3fda2f7cf6c0f0f6641e29f87d57002e3d3b24384d297daf5789
9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21
996551c937e0f400438be7617ca35bf22f09e317e0bc31592efe9498f9da4302
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95
bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20
dcda8b31d459202da8ddf2a3e2b3ba3c059ea04a234b358995b9498cea1d335f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0
f4c14d0156315e5c1655e51cf2478e5e350772b1bf3ec62f17e01fe18ea01cbe

techwormnea.pages.dev Open in urlscan Pro 172.66.44.125 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

23 Requests

100 %HTTPS

0 %IPv6

9 Domains

10 Subdomains

10 IPs

4 Countries

160 kBTransfer

411 kBSize

19 Cookies

6 Outgoing links

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

19 Cookies

1 Console Messages

Security Headers

Indicators

techwormnea.pages.dev Open in urlscan Pro
172.66.44.125 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

100 %
HTTPS

0 %
IPv6

9
Domains

10
Subdomains

10
IPs

4
Countries

160 kB
Transfer

411 kB
Size

19
Cookies

23 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!