flux.li Open in urlscan Pro
170.187.189.97 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://flux.li/windows/start.php?HWID=a6b0d110deb311edbb49806e6f6e6963edcf817dabb29e938ce095a4c2bddd7f
Submission: On April 27 via manual (April 27th 2023, 11:38:45 am UTC) from GB — Scanned from GB

Summary HTTP 39 Redirects Behaviour Indicators

Summary

This website contacted 17 IPs in 4 countries across 14 domains to perform 39 HTTP transactions. The main IP is 170.187.189.97, located in Frankfurt am Main, Germany and belongs to AKAMAI-LINODE-AP Akamai Connected Cloud, SG. The main domain is flux.li. The Cisco Umbrella rank of the primary domain is 124299.
TLS certificate: Issued by R3 on April 1st 2023. Valid for: 3 months.

This is the only time flux.li was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	170.187.189.97 170.187.189.97	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
2	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	104.16.169.131 104.16.169.131	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:225... 2600:9000:2250:0:c:7a1a:d8c0:21	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
2	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	13.225.34.96 13.225.34.96	16509 (AMAZON-02) (AMAZON-02)
2	172.67.179.200 172.67.179.200	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4 6	2a00:1450:400... 2a00:1450:4001:831::200d	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1	162.159.130.233 162.159.130.233	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2006	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
39	17

1 170.187.189.97 (Frankfurt am Main, Germany)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 170-187-189-97.akamai-compute.nexuspipe.com

flux.li	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.169.131 (None, )

ASN13335 (CLOUDFLARENET, US)

hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
newassets.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2250:0:c:7a1a:d8c0:21 (United States)

ASN16509 (AMAZON-02, US)

d1err2upj040z.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

pogothere.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.34.96 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-34-96.cdg3.r.cloudfront.net

kmyunderthf.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.179.200 (United States)

ASN13335 (CLOUDFLARENET, US)

ltingcoempa.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:831::200d (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.130.233 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.discordapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	youtube.com www.youtube.com — Cisco Umbrella Rank: 87	823 KB
6	google.com 4 redirects accounts.google.com — Cisco Umbrella Rank: 92	3 KB
6	hcaptcha.com hcaptcha.com — Cisco Umbrella Rank: 7279 newassets.hcaptcha.com — Cisco Umbrella Rank: 10788	246 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 119 jnn-pa.googleapis.com — Cisco Umbrella Rank: 310	32 KB
3	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 67 static.doubleclick.net — Cisco Umbrella Rank: 390	1 KB
3	gstatic.com fonts.gstatic.com	47 KB
2	ltingcoempa.info ltingcoempa.info	802 B
2	kmyunderthf.info kmyunderthf.info	2 KB
2	pogothere.xyz pogothere.xyz — Cisco Umbrella Rank: 16041	101 KB
2	cloudfront.net d1err2upj040z.cloudfront.net	54 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 344	6 KB
1	discordapp.com cdn.discordapp.com — Cisco Umbrella Rank: 1637	998 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 107
1	flux.li flux.li — Cisco Umbrella Rank: 124299	2 KB
39	14

	Domain	Requested by
8	www.youtube.com	flux.li www.youtube.com
6	accounts.google.com	4 redirects flux.li
4	jnn-pa.googleapis.com	www.youtube.com
4	newassets.hcaptcha.com	hcaptcha.com newassets.hcaptcha.com
3	fonts.gstatic.com	fonts.googleapis.com www.youtube.com
2	googleads.g.doubleclick.net	1 redirects www.youtube.com
2	ltingcoempa.info	flux.li
2	kmyunderthf.info	d1err2upj040z.cloudfront.net
2	pogothere.xyz	d1err2upj040z.cloudfront.net
2	d1err2upj040z.cloudfront.net	flux.li kmyunderthf.info
2	hcaptcha.com	flux.li newassets.hcaptcha.com
2	cdnjs.cloudflare.com	flux.li
1	static.doubleclick.net	www.youtube.com
1	cdn.discordapp.com	flux.li
1	www.facebook.com	flux.li
1	fonts.googleapis.com	client
1	flux.li
39	17

This site contains no links.

Subject Issuer	Validity	Valid
flux.li R3	`2023-04-01` - `2023-06-30`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
kmyunderthf.info Amazon RSA 2048 M02	`2023-04-16` - `2024-05-14`	a year	crt.sh
ltingcoempa.info E1	`2023-04-16` - `2023-07-15`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-02-03` - `2023-05-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://flux.li/windows/start.php?HWID=a6b0d110deb311edbb49806e6f6e6963edcf817dabb29e938ce095a4c2bddd7f
Frame ID: 194C0086CDAB9CA6390EDC82152563EE
Requests: 16 HTTP requests in this frame

Frame: https://www.youtube.com/embed/kuMPpqJqPHI
Frame ID: 13B8DAE5DF790C44E245CC2A73AC64BF
Requests: 15 HTTP requests in this frame

Frame: https://kmyunderthf.info/NnhDT2pXGiAiVVdFIWkfRBR+alhwXXEJDgcdMT1YQwgpf14GAm0sBlkNJykYWRY3YQRTDGZ9LFQhGwJYVDAoDCJwHwgdAmMZFiMsdy4oDilhEwUHLWMtBwkScDcmJz9HNRIFEnQQchk7WBcmC1pVMBcOAnMtFRkLciogCD5eOQkJHXw3AX8FbzoRCiZhPnsZKwcTCx0rfzAUOAFnOyQBPHQqJwcoWhwRCSsCMhs4K2A5BRYvfRM7HztONiYcP109GzgjUjwkHSxlLTcdImMyCRxbcDsBJCB8KgYNWmUtNx0ocEAAG1tgLwEcX1UtcwElYRNyBjxRVREsLXQ9BxgNXTcBDSxSOhJ+L2cgARU5WiInDTxGGxZ/J1M6Owo8fhQzBTlPMhQNLEEuAA0CYisWOzhwPg4fL1FNIgpbAzICJx5zOTseL2AfEj45cDoBCCxOIBUKP34vFSs7ZyknBTkHPQIZHVkhBjcFYiApdj9nOQUMOVocFR5bcDFlJRlZFjNyJk8rEz4tXBx3fiZEDg
Frame ID: D973AE109A1FF8DF958882CFED91626B
Requests: 2 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/6e86463/static/hcaptcha.html
Frame ID: 674BABE597DFCC4639A8D87773FF45CF
Requests: 2 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/6e86463/static/hcaptcha.html
Frame ID: BE75E368FE377666F9B24497D33D79F2
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Fluxus | Start

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

YouTube (Video Players) Expand

Overall confidence: 100%
Detected patterns

<(?:param|embed|iframe)[^>]+youtube(?:-nocookie)?\.com/(?:v|embed)

hCaptcha (Security) Expand

Overall confidence: 100%
Detected patterns

https://hcaptcha.com/([\d]+?)/api.js

Page Statistics

39
Requests

92 %
HTTPS

63 %
IPv6

14
Domains

17
Subdomains

17
IPs

4
Countries

2313 kB
Transfer

5402 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7T9Y6_b9KHfLXcPzCoNS76byJCbM1HwypDzWgAWqAiNcQpDdnsiNkAY2eTuAlslsqDSDnG5 HTTP 302
https://accounts.google.com/v3/signin/identifier?dsh=S-2029418125%3A1682595520220616&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7SsI64TiAb7_VKZ3iNumTb3WC9pHhDy6401NbvHczYHvHBB5E06fJcdlre9SKxNdMj5M_kS&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin

Request Chain 11

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AQMjQ7Sor73DlRP1IHYznteQMF_u3dDLHdO9Mq7wXzcXRsaN5j83vkKADCTOS74Sd3BhAxqIADK5 HTTP 302
https://accounts.google.com/v3/signin/identifier?dsh=S1192120829%3A1682595520179390&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7SpNSdSptxrjmbax_oRUXiFxNgH4nUroKlj4pNJ9L6OcclOJc8RBcOXf9R8CSjdUAOceyq5&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin

Request Chain 30

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

39 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request start.php Show response
flux.li/windows/ 5 KB
2 KB 320ms
204ms Document
text/html 170.187.189.97
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://flux.li/windows/start.php?HWID=a6b0d110deb311edbb49806e6f6e6963edcf817dabb29e938ce095a4c2bddd7f
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 170.187.189.97 Frankfurt am Main, Germany, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: 170-187-189-97.akamai-compute.nexuspipe.com
Software: Nexuspipe.com | DDoS Mitigation Cluster /
Resource Hash: 9605e8188528b564c411734e972527dc6bc889428741c5300c2ab70275f5de7d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

content-encoding: gzip
content-length: 2042
content-type: text/html; charset=UTF-8
date: Thu, 27 Apr 2023 11:38:39 GMT
nexus-cache: BYPASS
server: Nexuspipe.com | DDoS Mitigation Cluster
upgrade-insecure-requests: 1
vary: Accept-Encoding

GET
H2 200 aos.css
cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/ 25 KB
2 KB 109ms
47ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/aos.css

Requested by

Host: flux.li
URL: https://flux.li/windows/start.php?HWID=a6b0d110deb311edbb49806e6f6e6963edcf817dabb29e938ce095a4c2bddd7f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://flux.li/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 11:38:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 4205445
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1438
last-modified: Mon, 04 May 2020 16:05:49 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d5d-65c5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ValDB5NbYsdQkn8qh%2BbNZYzIsZHpV%2BxBkQTMvn%2FDtAQWy2%2BZ42PlCkz3F%2BIaWC%2Fu5QV5Dqvdke9lPxh61uijMszgyAKYQn9Y%2FS5Wi2zSldJ8FBm6mLIQ8oVU8IyykycujatwPFPFDodhTCTn6%2BiXbq7q"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7be6c7cc4b09496a-LHR
expires: Tue, 16 Apr 2024 11:38:39 GMT

GET
H2 200 aos.js Show response
cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/ 14 KB
5 KB 100ms
38ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/aos.js

Requested by

Host: flux.li
URL: https://flux.li/windows/start.php?HWID=a6b0d110deb311edbb49806e6f6e6963edcf817dabb29e938ce095a4c2bddd7f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5005b2e414770fd5ccb40bc221a12771966d02b5c1f9c89da48bd8e3811d377

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://flux.li/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 11:38:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 113437
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4109
last-modified: Mon, 04 May 2020 16:05:49 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d5d-3962"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N2zzfleJ1Ab9yXJuQsHUySF4xvT%2FSXIcv9msWlHxU2gGiXcMwbvbXaXIHW1K90vW7PmugNe%2Bc2h0sK2DDTTWDVTdFJkUKwAX60KR4H4xAz%2BI5n%2BJuP5NCgLQl6cxs9Tc63v5994ZAZjUDqDtF6dnObJ2"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7be6c7cc4b0b496a-LHR
expires: Tue, 16 Apr 2024 11:38:39 GMT

GET
H2 200 api.js Show response
hcaptcha.com/1/ 289 KB
81 KB 103ms
43ms Script
application/javascript 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hcaptcha.com/1/api.js

Requested by

Host: flux.li
URL: https://flux.li/windows/start.php?HWID=a6b0d110deb311edbb49806e6f6e6963edcf817dabb29e938ce095a4c2bddd7f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b0cf53da35d4e0183686d746b678c3956dc347f853fe58b9852d56d2154cbf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://flux.li/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 11:38:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 c35168d6765ec616de06013427e871a2.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
age: 0
x-amz-cf-pop: LHR50-P7
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 18 Apr 2023 11:35:54 GMT
server: cloudflare
etag: W/"d1b5bbc8a7b88acd965da8a53e2e1798"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=120
cf-ray: 7be6c7cc3ea7074b-MAN
x-amz-cf-id: 0NPw4Q9UqYT64SbsXumWguArzS6jBA0Y8CcF-PtbBosFmtWRjRaqkg==

GET
H2 200 / Show response
d1err2upj040z.cloudfront.net/ 161 KB
53 KB 311ms
199ms Script
text/plain 2600:9000:2250:0:c:7a1a:d8c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1err2upj040z.cloudfront.net/?urred=973468
Requested by: Host: flux.li
URL: https://flux.li/windows/start.php?HWID=a6b0d110deb311edbb49806e6f6e6963edcf817dabb29e938ce095a4c2bddd7f
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:0:c:7a1a:d8c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ab5d4b3a269f820ad1c9f23ad9959a3e7b60596cf80b07cae1a5a06d4ef78c7f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://flux.li/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Apr 2023 11:38:39 GMT
content-encoding: gzip
via: 1.1 1d087f24771eb6834b16162f1bb01660.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P2
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-length: 53764
x-amz-cf-id: q-RUX7Zb9JECVniKyQFbmQo_kDIbaNyKqLD9WL59MpK7Jt53TD7LYQ==

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 156ms
53ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e553533d28524e15d82626e82f797afe6db8582382606af03666b4719191db93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://flux.li/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 27 Apr 2023 11:38:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 27 Apr 2023 09:46:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 27 Apr 2023 11:38:39 GMT

GET
H2 200 asd100.bin Show response
pogothere.xyz/ 100 KB
101 KB 107ms
43ms Fetch
binary/octet-stream 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/asd100.bin
Requested by: Host: d1err2upj040z.cloudfront.net
URL: https://d1err2upj040z.cloudfront.net/?urred=973468
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://flux.li/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 11:38:40 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2054
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 27 Apr 2023 11:04:26 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: https://flux.li
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rrBuShyV0wRp17wVVMmB2VMuqZTSVAwK1wLwLMiXDYxCveg35ek%2FhoBDZRbQymoUqYz9MDtRaf2GiDV9GAUzfx8o2qxwmiKR3Td741IwOcYXDOrDXzm25O%2BzrIEi%2BQKb"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 7be6c7d00dc8361c-MAN
access-control-allow-headers: X-Requested-With, content-type

GET
H2 200 / Show response
pogothere.xyz/ 27 B
366 B 193ms
130ms Fetch
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/
Requested by: Host: d1err2upj040z.cloudfront.net
URL: https://d1err2upj040z.cloudfront.net/?urred=973468
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4027484a083b7b90c8f2bbc2b99d2879f7440b08a2e1712580952702af961941

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://flux.li/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 11:38:40 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pl4uRmmwerzyo29Jw95DUfvwhustDZPVRcjvtDvp0ZCkPjZ73OMMBjaw3XznzyGW0iNyc6ryGxitNxcwVrDWJr0m4qDtOkT4TgnoUEZ7BPcpQiwFQ7mr82J3bBHQv%2Fwi"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
access-control-allow-origin: https://flux.li
content-type: text/plain
access-control-allow-credentials: true
cf-ray: 7be6c7d00dcb361c-MAN
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 204 utx Show response
kmyunderthf.info/ 0
531 B 236ms
132ms XHR
text/plain 13.225.34.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://kmyunderthf.info/utx?cb=cFFIG8jaSY9G&top=flux.li&tid=973468
Requested by: Host: d1err2upj040z.cloudfront.net
URL: https://d1err2upj040z.cloudfront.net/?urred=973468
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.34.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-34-96.cdg3.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://flux.li/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Apr 2023 11:38:40 GMT
via: 1.1 ef7ace463c0659c94b8e007b4dc9ae9a.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-amz-cf-pop: CDG3-C2
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://flux.li
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: 72em2CiS3EY7dg5gWV6AZVEsTvCBropF595WtocxGWYjnNbAcU7Q5Q==

GET
H2 204 elk3VEZVZlQney4PZiMSLj0GDRc0bHUMdw4bBAEWHg5mFiMdbREgLx5kDmN1Tm8PcjYTPQplYAktViAzCWQGci8UP1hpYAxkBnp1TncEZmhIf0Jpd1wtRzUhR2gRJDIONQplcEJrAm1zT2gObXVP
ltingcoempa.info/ 0
253 B 187ms
122ms Image
text/plain 172.67.179.200
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ltingcoempa.info/elk3VEZVZlQney4PZiMSLj0GDRc0bHUMdw4bBAEWHg5mFiMdbREgLx5kDmN1Tm8PcjYTPQplYAktViAzCWQGci8UP1hpYAxkBnp1TncEZmhIf0Jpd1wtRzUhR2gRJDIONQplcEJrAm1zT2gObXVP
Requested by: Host: flux.li
URL: https://flux.li/windows/start.php?HWID=a6b0d110deb311edbb49806e6f6e6963edcf817dabb29e938ce095a4c2bddd7f
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.200 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://flux.li/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 11:38:40 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5MexxGBab%2FTXDwhX4WqtttgOZI8tdFzA7c3UUVXJCmqxJzXYBt9p2aov3EEwmYfcloKEDtwZALsCwWH%2BLaSs0L4gTKL%2BV1O1sjqSjTHqFE8XDXN0ZRu9pbHDOAImRpC3LG88"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 7be6c7d01d1f35c5-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 login.php
www.facebook.com/ 0
0 305ms
204ms Image
text/html 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
Requested by: Host: flux.li
URL: https://flux.li/windows/start.php?HWID=a6b0d110deb311edbb49806e6f6e6963edcf817dabb29e938ce095a4c2bddd7f
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://flux.li/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

GET
H3

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7T9Y6_b9KHfLXcPzCoNS76byJCbM1HwypDzWgAWqAiNcQpDdnsiNkAY2eT...
https://accounts.google.com/v3/signin/identifier?dsh=S-2029418125%3A1682595520220616&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7SsI64TiAb7_VKZ3iNumTb3WC9pHhDy6401NbvHczYHv...

0
0

69ms
68ms

Image
text/html

2a00:1450:4001:831::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?dsh=S-2029418125%3A1682595520220616&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7SsI64TiAb7_VKZ3iNumTb3WC9pHhDy6401NbvHczYHvHBB5E06fJcdlre9SKxNdMj5M_kS&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
Requested by: Host: flux.li
URL: https://flux.li/windows/start.php?HWID=a6b0d110deb311edbb49806e6f6e6963edcf817dabb29e938ce095a4c2bddd7f
Protocol: H3
Server: 2a00:1450:4001:831::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://flux.li/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Redirect headers

date: Thu, 27 Apr 2023 11:38:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-zDwpvYJUu1wChupDBsu-UA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 392
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?dsh=S-2029418125%3A1682595520220616&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7SsI64TiAb7_VKZ3iNumTb3WC9pHhDy6401NbvHczYHvHBB5E06fJcdlre9SKxNdMj5M_kS&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AQMjQ7Sor73DlRP1IHYznteQMF_u3dDLHdO9Mq7wXzcXRsaN5j83vkKADCT...
https://accounts.google.com/v3/signin/identifier?dsh=S1192120829%3A1682595520179390&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7SpNSdSptxrjmbax_oRUXiFxNgH4nUroKlj4pNJ9L6Oc...

0
0

62ms
62ms

Image
text/html

2a00:1450:4001:831::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?dsh=S1192120829%3A1682595520179390&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7SpNSdSptxrjmbax_oRUXiFxNgH4nUroKlj4pNJ9L6OcclOJc8RBcOXf9R8CSjdUAOceyq5&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
Requested by: Host: flux.li
URL: https://flux.li/windows/start.php?HWID=a6b0d110deb311edbb49806e6f6e6963edcf817dabb29e938ce095a4c2bddd7f
Protocol: H2
Server: 2a00:1450:4001:831::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://flux.li/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Redirect headers

date: Thu, 27 Apr 2023 11:38:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Gps8ZWqjRuDm6XYc4bt7KA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 395
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?dsh=S1192120829%3A1682595520179390&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7SpNSdSptxrjmbax_oRUXiFxNgH4nUroKlj4pNJ9L6OcclOJc8RBcOXf9R8CSjdUAOceyq5&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 popunder.gif
ltingcoempa.info/ 35 B
549 B 110ms
51ms Image
image/gif 172.67.179.200
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ltingcoempa.info/popunder.gif
Requested by: Host: flux.li
URL: https://flux.li/windows/start.php?HWID=a6b0d110deb311edbb49806e6f6e6963edcf817dabb29e938ce095a4c2bddd7f
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.200 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://flux.li/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: public
date: Thu, 27 Apr 2023 11:38:40 GMT
cf-cache-status: HIT
last-modified: Thu, 27 Apr 2023 01:07:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 37880
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o2H5dj83ahFYYO5S8MQiX3BHrkxIDi%2Bk0U5tjaD6jUMyenwo5NWj84o4vU1UxlHWmuFmIzVhpoILOTTkzyjTG8DH%2FMgx2MTniUc%2BZb5eNrBSFRKopA1DMO4hwIFCKMb%2FDoJ4"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800, immutable
cf-ray: 7be6c7d01d2935c5-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 kuMPpqJqPHI Show response
www.youtube.com/embed/ Frame 13B8 64 KB
29 KB 188ms
89ms Document
text/html 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/kuMPpqJqPHI

Requested by

Host: flux.li
URL: https://flux.li/windows/start.php?HWID=a6b0d110deb311edbb49806e6f6e6963edcf817dabb29e938ce095a4c2bddd7f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e8855d27e9f7427f2f01b368eb61f0578bda2be4a20ca07710cf7d82180fc9aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://flux.li/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Thu, 27 Apr 2023 11:38:40 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 daniel-leone-g30P1zcOzXo-unsplash.png
cdn.discordapp.com/attachments/848525273451200532/878394085709328425/ 996 KB
998 KB 141ms
74ms Image
image/png 162.159.130.233
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.discordapp.com/attachments/848525273451200532/878394085709328425/daniel-leone-g30P1zcOzXo-unsplash.png
Requested by: Host: flux.li
URL: https://flux.li/windows/start.php?HWID=a6b0d110deb311edbb49806e6f6e6963edcf817dabb29e938ce095a4c2bddd7f
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.159.130.233 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18c7903520efbaf8382b51b5770b928889593eeab49be19d34c059b207b2e910

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://flux.li/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 11:38:40 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13493
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1020286
last-modified: Fri, 20 Aug 2021 21:44:29 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i7aLq36MPUpGtJY0Bao6uVu6G4HQ5ZOCFK3%2Fw2AAVJz06eu3PbPEC%2FUpwfvEWor%2FQQQWyu34oJRMAOioc%2FC0uDcfh7BMrrLZktVBwENHvd9SyD1UF2ufjvh8APqzLahPT%2B1F7g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7be6c7d03dbd0abf-MAN
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
expires: Fri, 26 Apr 2024 11:38:40 GMT

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v34/ 16 KB
17 KB 142ms
44ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://flux.li
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 02:05:23 GMT
x-content-type-options: nosniff
age: 552797
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16740
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Apr 2024 02:05:23 GMT

GET
H2 200 J1M6Owo8fhQzBTlPMhQNLEEuAA0CYisWOzhwPg4fL1FNIgpbAzICJx5zOTseL2AfEj45cDoBCCxOIBUKP34vFSs7ZyknBTkHPQIZHVkhBjcFYiApdj9nOQUMOVocFR5bcDFlJRlZFjNyJk8rEz4tXBx3fiZEDg Show response
kmyunderthf.info/NnhDT2pXGiAiVVdFIWkfRBR+alhwXXEJDgcdMT1YQwgpf14GAm0sBlkNJykYWRY3YQRTDGZ9LFQhGwJYVDAoDCJwHwgdAmMZFiMsdy4oDilhEwUHLWMtBwkScDcmJz9HNRIFEnQQchk7WBcmC1pVMBcOAnMtFRkLciogCD5eOQkJHXw3AX8F... Frame D973 3 KB
2 KB 217ms
136ms Document
text/html 13.225.34.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://kmyunderthf.info/NnhDT2pXGiAiVVdFIWkfRBR+alhwXXEJDgcdMT1YQwgpf14GAm0sBlkNJykYWRY3YQRTDGZ9LFQhGwJYVDAoDCJwHwgdAmMZFiMsdy4oDilhEwUHLWMtBwkScDcmJz9HNRIFEnQQchk7WBcmC1pVMBcOAnMtFRkLciogCD5eOQkJHXw3AX8FbzoRCiZhPnsZKwcTCx0rfzAUOAFnOyQBPHQqJwcoWhwRCSsCMhs4K2A5BRYvfRM7HztONiYcP109GzgjUjwkHSxlLTcdImMyCRxbcDsBJCB8KgYNWmUtNx0ocEAAG1tgLwEcX1UtcwElYRNyBjxRVREsLXQ9BxgNXTcBDSxSOhJ+L2cgARU5WiInDTxGGxZ/J1M6Owo8fhQzBTlPMhQNLEEuAA0CYisWOzhwPg4fL1FNIgpbAzICJx5zOTseL2AfEj45cDoBCCxOIBUKP34vFSs7ZyknBTkHPQIZHVkhBjcFYiApdj9nOQUMOVocFR5bcDFlJRlZFjNyJk8rEz4tXBx3fiZEDg
Requested by: Host: d1err2upj040z.cloudfront.net
URL: https://d1err2upj040z.cloudfront.net/?urred=973468
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.34.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-34-96.cdg3.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: b04a6a4707f93e4ceaf7c4e54d67fd9fc8dade4e862c6095e5df82dc88a3818d

Request headers

Referer: https://flux.li/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
cache-control: no-store, no-cache, must-revalidate, no-transform
content-encoding: gzip
content-length: 1234
content-type: text/html
date: Thu, 27 Apr 2023 11:38:40 GMT
p3p: CP="NID DSP ALL COR"
pragma: no-cache
server: openresty/1.17.8.2
via: 1.1 ef7ace463c0659c94b8e007b4dc9ae9a.cloudfront.net (CloudFront)
x-amz-cf-id: BdAAx8j9Ka2NeU7rT53UzO79uG2gqfrT_PLCi08LdyrlNzZrlb6XPw==
x-amz-cf-pop: CDG3-C2
x-cache: Miss from cloudfront

GET
H2 200 hcaptcha.html Show response
newassets.hcaptcha.com/captcha/v1/6e86463/static/ Frame 674B 2 KB
928 B 47ms
38ms Document
text/html 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/6e86463/static/hcaptcha.html

Requested by

Host: hcaptcha.com
URL: https://hcaptcha.com/1/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6afe2f43c6a57f9dfeeac11a7c69dc7d0af572c06d788b8fc39be232c4f8e5f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://flux.li/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-origin: *
age: 205221
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=1209600
cf-cache-status: HIT
cf-ray: 7be6c7cfee7d074b-MAN
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 27 Apr 2023 11:38:39 GMT
last-modified: Tue, 18 Apr 2023 11:35:54 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 643f3a19739b50ef1fffa170c9395e24.cloudfront.net (CloudFront)
x-amz-cf-id: nZDYzwCBe4lOdkfQcFw7FuUKTCN-90UK7MfUllq82OCb_3VM02Yxig==
x-amz-cf-pop: LHR50-P7
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 hcaptcha.html Show response
newassets.hcaptcha.com/captcha/v1/6e86463/static/ Frame BE75 2 KB
815 B 50ms
42ms Document
text/html 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/6e86463/static/hcaptcha.html

Requested by

Host: hcaptcha.com
URL: https://hcaptcha.com/1/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6afe2f43c6a57f9dfeeac11a7c69dc7d0af572c06d788b8fc39be232c4f8e5f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://flux.li/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-origin: *
age: 205221
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=1209600
cf-cache-status: HIT
cf-ray: 7be6c7cfee85074b-MAN
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 27 Apr 2023 11:38:39 GMT
last-modified: Tue, 18 Apr 2023 11:35:54 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 643f3a19739b50ef1fffa170c9395e24.cloudfront.net (CloudFront)
x-amz-cf-id: nZDYzwCBe4lOdkfQcFw7FuUKTCN-90UK7MfUllq82OCb_3VM02Yxig==
x-amz-cf-pop: LHR50-P7
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 hcaptcha.js Show response
newassets.hcaptcha.com/captcha/v1/6e86463/ Frame 674B 289 KB
81 KB 50ms
49ms Script
application/javascript 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/6e86463/hcaptcha.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/6e86463/static/hcaptcha.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b0cf53da35d4e0183686d746b678c3956dc347f853fe58b9852d56d2154cbf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://newassets.hcaptcha.com/captcha/v1/6e86463/static/hcaptcha.html
Origin: https://newassets.hcaptcha.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 11:38:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 c35168d6765ec616de06013427e871a2.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
age: 9667
x-amz-cf-pop: LHR50-P7
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 18 Apr 2023 11:35:54 GMT
server: cloudflare
etag: W/"d1b5bbc8a7b88acd965da8a53e2e1798"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 7be6c7d06fca074b-MAN
x-amz-cf-id: 0NPw4Q9UqYT64SbsXumWguArzS6jBA0Y8CcF-PtbBosFmtWRjRaqkg==

GET
H2 200 hcaptcha.js Show response
newassets.hcaptcha.com/captcha/v1/6e86463/ Frame BE75 289 KB
81 KB 38ms
38ms Script
application/javascript 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/6e86463/hcaptcha.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/6e86463/static/hcaptcha.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b0cf53da35d4e0183686d746b678c3956dc347f853fe58b9852d56d2154cbf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://newassets.hcaptcha.com/captcha/v1/6e86463/static/hcaptcha.html
Origin: https://newassets.hcaptcha.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 11:38:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 c35168d6765ec616de06013427e871a2.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
age: 9667
x-amz-cf-pop: LHR50-P7
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 18 Apr 2023 11:35:54 GMT
server: cloudflare
etag: W/"d1b5bbc8a7b88acd965da8a53e2e1798"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 7be6c7d06fcd074b-MAN
x-amz-cf-id: 0NPw4Q9UqYT64SbsXumWguArzS6jBA0Y8CcF-PtbBosFmtWRjRaqkg==

GET
DATA 200
OK truncated
/ Frame BE75 798 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 checksiteconfig Show response
hcaptcha.com/ Frame BE75 554 B
837 B 53ms
53ms XHR
application/json 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hcaptcha.com/checksiteconfig?v=6e86463&host=flux.li&sitekey=e446e03a-2706-4af6-b5f9-ea5c145cf769&sc=1&swa=1

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/6e86463/hcaptcha.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea8d870214ba5a4f08ff80e5434c510ff7c35c83bf20583775474483148e5444

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://newassets.hcaptcha.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 27 Apr 2023 11:38:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://newassets.hcaptcha.com
access-control-allow-credentials: true
cf-ray: 7be6c7d0fdbb0761-MAN
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent, challenge-bypass-token, cf-chl-bypass, challenge-bypass-token, challenge-bypass-host, challenge-bypass-path
cf-chl-bypass: 2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 www-player.css
www.youtube.com/s/player/73d31b49/ Frame 13B8 399 KB
51 KB 44ms
43ms Stylesheet
text/css 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/73d31b49/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/kuMPpqJqPHI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ea0a01f96c3798625cef6b11e6b056ada0164538b579787a6111c404b92a480

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/kuMPpqJqPHI
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 10:21:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4655
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51998
x-xss-protection: 0
last-modified: Mon, 24 Apr 2023 00:12:52 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 26 Apr 2024 10:21:05 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 13B8 15 KB
15 KB 57ms
56ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/kuMPpqJqPHI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 11:09:30 GMT
x-content-type-options: nosniff
age: 1750
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 Apr 2024 11:09:30 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 13B8 15 KB
15 KB 43ms
42ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/kuMPpqJqPHI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 22:41:31 GMT
x-content-type-options: nosniff
age: 392229
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 22:41:31 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/73d31b49/www-embed-player.vflset/ Frame 13B8 359 KB
110 KB 53ms
50ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/73d31b49/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/kuMPpqJqPHI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05e1d1d734a67c4e0867b34bdbb37d011784095fb20afe60a792805da6efc754

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/kuMPpqJqPHI
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 09:36:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7356
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 112547
x-xss-protection: 0
last-modified: Mon, 24 Apr 2023 00:12:52 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 26 Apr 2024 09:36:04 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/73d31b49/player_ias.vflset/en_GB/ Frame 13B8 2 MB
621 KB 113ms
110ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/73d31b49/player_ias.vflset/en_GB/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/kuMPpqJqPHI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07f8e12f3fe3a1529b14fed9e8be7773b217e1920f0827ffb882c43cf8c359f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/kuMPpqJqPHI
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 15:06:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 246756
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 635875
x-xss-protection: 0
last-modified: Mon, 24 Apr 2023 00:12:52 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 23 Apr 2024 15:06:04 GMT

GET
H2 200 fetch-polyfill.js Show response
www.youtube.com/s/player/73d31b49/fetch-polyfill.vflset/ Frame 13B8 9 KB
3 KB 112ms
109ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/73d31b49/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/kuMPpqJqPHI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/kuMPpqJqPHI
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 10:41:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3443
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2786
x-xss-protection: 0
last-modified: Mon, 24 Apr 2023 00:12:52 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 26 Apr 2024 10:41:17 GMT

GET
H2 200 bYXM2bHkCHFgKRhUaUlFAVkACWkFHGUUDFxFOehUqMQJxBh1VQnoeD0cHTAhEUVVaDRcGThAJFwJOB0oYBRELWF8VA1kHRAIHWwkQCgNVBRdHBldRFA4JXwAVAFYEKkxPQxNeSUkEXwIdDgRFSUtRHUJJS1FCBkJJREB0SUtRBF8CT1VWBS5cU0NOWk1IVg-RcGBE... Show response
d1err2upj040z.cloudfront.net/ Frame D973 693 B
789 B 296ms
294ms Script
text/plain 2600:9000:2250:0:c:7a1a:d8c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1err2upj040z.cloudfront.net/bYXM2bHkCHFgKRhUaUlFAVkACWkFHGUUDFxFOehUqMQJxBh1VQnoeD0cHTAhEUVVaDRcGThAJFwJOB0oYBRELWF8VA1kHRAIHWwkQCgNVBRdHBldRFA4JXwAVAFYEKkxPQxNeSUkEXwIdDgRFSUtRHUJJS1FCBkJJREB0SUtRBF8CT1VWBS5cU0NOWk1IVg-RcGBEDWgkOBBFdBQ1EQXBZSlZdBVpcU0MeBxEVHlpJSyJWBFwVCBhTSUtRFFMPEg5aE15JAhtEAxQEVgQqSFBBGFxXVEUHWVdQQQdJS1EAVwoYExoTXj9UQAFCSldVQ1FI
Requested by: Host: kmyunderthf.info
URL: https://kmyunderthf.info/NnhDT2pXGiAiVVdFIWkfRBR+alhwXXEJDgcdMT1YQwgpf14GAm0sBlkNJykYWRY3YQRTDGZ9LFQhGwJYVDAoDCJwHwgdAmMZFiMsdy4oDilhEwUHLWMtBwkScDcmJz9HNRIFEnQQchk7WBcmC1pVMBcOAnMtFRkLciogCD5eOQkJHXw3AX8FbzoRCiZhPnsZKwcTCx0rfzAUOAFnOyQBPHQqJwcoWhwRCSsCMhs4K2A5BRYvfRM7HztONiYcP109GzgjUjwkHSxlLTcdImMyCRxbcDsBJCB8KgYNWmUtNx0ocEAAG1tgLwEcX1UtcwElYRNyBjxRVREsLXQ9BxgNXTcBDSxSOhJ+L2cgARU5WiInDTxGGxZ/J1M6Owo8fhQzBTlPMhQNLEEuAA0CYisWOzhwPg4fL1FNIgpbAzICJx5zOTseL2AfEj45cDoBCCxOIBUKP34vFSs7ZyknBTkHPQIZHVkhBjcFYiApdj9nOQUMOVocFR5bcDFlJRlZFjNyJk8rEz4tXBx3fiZEDg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:0:c:7a1a:d8c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: c2fb01d423f4a5bcae4e4b399a71bc843206f02e40e3c7369d02e059cc2c5af5

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://kmyunderthf.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 11:38:40 GMT
content-encoding: gzip
via: 1.1 1d087f24771eb6834b16162f1bb01660.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P2
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 512
x-amz-cf-id: FUS5cafX8EVHmMMDvBbDQKqqhOK5UNQDusXhsit9JpZOp7tO4n1xtg==

GET
H2

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 13B8
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
242 B

49ms
49ms

XHR
application/json

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/kuMPpqJqPHI

Protocol

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1a6517ea786fe1bbca5a29ee719994a7b28af9f93db34bc03f7057fc7c236b55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 11:38:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 27 Apr 2023 11:38:40 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 13B8 29 B
495 B 137ms
43ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/73d31b49/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 11:23:41 GMT
x-content-type-options: nosniff
age: 899
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Apr 2023 11:38:41 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 143ms
50ms Preflight
text/html 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Thu, 27 Apr 2023 11:38:40 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 13B8 66 KB
30 KB 58ms
58ms XHR
application/json+protobuf 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/73d31b49/player_ias.vflset/en_GB/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9370bb869f37d787086c71485bbc1080a3ec7f220826812ebb1dcced7c41833d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Thu, 27 Apr 2023 11:38:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31011
x-xss-protection: 0

POST
H3 204 qoe Show response
www.youtube.com/api/stats/ Frame 13B8 0
19 B 50ms
50ms XHR
text/html 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/api/stats/qoe?cpn=JIYiIumU30me4hE0&el=embedded&ns=yt&fexp=23983296%2C24004644%2C24007246%2C24080738%2C24135310%2C24415864%2C24416291%2C24439361%2C24462372%2C24468691%2C24498927%2C24499792%2C24516157%2C24532854%2C24551756%2C39323074&cl=526486891&seq=1&event=streamingstats&docid=kuMPpqJqPHI&cbr=Chrome&cbrver=112.0.5615.121&c=WEB_EMBEDDED_PLAYER&cver=1.20230423.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&vps=0.000:N,0.000:ER&cmt=0.000:0.000,0.000:0.000&error=0.000:auth::0.000:0;a6s.0&vis=0.000:0&bh=0.000:0.000

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/73d31b49/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/kuMPpqJqPHI
X-YouTube-Client-Version: 1.20230423.00.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: Cgt3eGlueHNrN2lsTSjAvamiBg%3D%3D
X-YouTube-Ad-Signals: dt=1682595520440&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C460%2C315&vis=1&wgl=true&ca_type=image

Response headers

pragma: no-cache
date: Thu, 27 Apr 2023 11:38:40 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/73d31b49/player_ias.vflset/en_GB/ Frame 13B8 29 KB
9 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/73d31b49/player_ias.vflset/en_GB/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/73d31b49/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74e39d9c1a698e7d29d16e685cace79d0ace2d8d25563f583541314deafdd8c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.youtube.com/embed/kuMPpqJqPHI
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 15:06:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 246754
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8974
x-xss-protection: 0
last-modified: Mon, 24 Apr 2023 00:12:52 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 23 Apr 2024 15:06:06 GMT

GET
DATA 200
OK truncated
/ Frame 13B8 296 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8e83bcf0315f708e646d547688191140b0fbf240f230225e7e4cc136d8133fe3

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 13B8 90 B
134 B 57ms
57ms XHR
application/json+protobuf 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/73d31b49/player_ias.vflset/en_GB/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ac1402bc0a670661de61f3c17094049902d342cc9db20c12090698ecc26ad120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Thu, 27 Apr 2023 11:38:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 52ms
51ms Preflight
text/html 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Thu, 27 Apr 2023 11:38:40 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 13B8 28 B
54 B 55ms
52ms XHR
application/json 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/73d31b49/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
X-Goog-Request-Time: 1682595522660
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/kuMPpqJqPHI
X-YouTube-Client-Version: 1.20230423.00.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: Cgt3eGlueHNrN2lsTSjAvamiBg%3D%3D
X-YouTube-Ad-Signals: dt=1682595520317&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C460%2C315&vis=1&wgl=true&ca_type=image

Response headers

date: Thu, 27 Apr 2023 11:38:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31
x-xss-protection: 0
expires: Thu, 27 Apr 2023 11:38:42 GMT

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.discordapp.com/	1970-01-20 11:23:17	Name: __cf_bm Value: 98vuo4rIa.qake2CiAMd1N4ibvnIJuuJy.Bs3ReaB9Q-1682595520-0-AaP29P4NwgJbpTZvUI1oY5f0zvDU1wW84R0cZuVJvyrkAdIfjFJomwHNG3tEeAV6Wheu8SBQ6GNqtYKEGw3IdMQ=
pogothere.xyz/	1970-01-20 20:01:39	Name: csu Value: 1655604738398151@1@1682595520
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: 7pmumonui8M
.youtube.com/	1970-01-20 15:42:27	Name: VISITOR_INFO1_LIVE Value: wxinxsk7ilM

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://accounts.google.com/v3/signin/identifier?dsh=S1192120829%3A1682595520179390&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7SpNSdSptxrjmbax_oRUXiFxNgH4nUroKlj4pNJ9L6OcclOJc8RBcOXf9R8CSjdUAOceyq5&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://accounts.google.com/v3/signin/identifier?dsh=S-2029418125%3A1682595520220616&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7SsI64TiAb7_VKZ3iNumTb3WC9pHhDy6401NbvHczYHvHBB5E06fJcdlre9SKxNdMj5M_kS&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
cdn.discordapp.com
cdnjs.cloudflare.com
d1err2upj040z.cloudfront.net
flux.li
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hcaptcha.com
jnn-pa.googleapis.com
kmyunderthf.info
ltingcoempa.info
newassets.hcaptcha.com
pogothere.xyz
static.doubleclick.net
www.facebook.com
www.youtube.com
104.16.169.131
13.225.34.96
162.159.130.233
170.187.189.97
172.67.179.200
188.114.97.3
2600:9000:2250:0:c:7a1a:d8c0:21
2606:4700::6811:190e
2a00:1450:4001:806::200e
2a00:1450:4001:80e::2006
2a00:1450:4001:827::2003
2a00:1450:4001:828::2002
2a00:1450:4001:828::200a
2a00:1450:4001:82a::200a
2a00:1450:4001:831::200d
2a03:2880:f176:84:face:b00c:0:25de
05e1d1d734a67c4e0867b34bdbb37d011784095fb20afe60a792805da6efc754
07f8e12f3fe3a1529b14fed9e8be7773b217e1920f0827ffb882c43cf8c359f1
0ea0a01f96c3798625cef6b11e6b056ada0164538b579787a6111c404b92a480
18c7903520efbaf8382b51b5770b928889593eeab49be19d34c059b207b2e910
1a6517ea786fe1bbca5a29ee719994a7b28af9f93db34bc03f7057fc7c236b55
1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e
3b0cf53da35d4e0183686d746b678c3956dc347f853fe58b9852d56d2154cbf8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
4027484a083b7b90c8f2bbc2b99d2879f7440b08a2e1712580952702af961941
498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
6afe2f43c6a57f9dfeeac11a7c69dc7d0af572c06d788b8fc39be232c4f8e5f6
74e39d9c1a698e7d29d16e685cace79d0ace2d8d25563f583541314deafdd8c5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8e83bcf0315f708e646d547688191140b0fbf240f230225e7e4cc136d8133fe3
9370bb869f37d787086c71485bbc1080a3ec7f220826812ebb1dcced7c41833d
9605e8188528b564c411734e972527dc6bc889428741c5300c2ab70275f5de7d
a5005b2e414770fd5ccb40bc221a12771966d02b5c1f9c89da48bd8e3811d377
ab5d4b3a269f820ad1c9f23ad9959a3e7b60596cf80b07cae1a5a06d4ef78c7f
ac1402bc0a670661de61f3c17094049902d342cc9db20c12090698ecc26ad120
b04a6a4707f93e4ceaf7c4e54d67fd9fc8dade4e862c6095e5df82dc88a3818d
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
c2fb01d423f4a5bcae4e4b399a71bc843206f02e40e3c7369d02e059cc2c5af5
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e553533d28524e15d82626e82f797afe6db8582382606af03666b4719191db93
e8855d27e9f7427f2f01b368eb61f0578bda2be4a20ca07710cf7d82180fc9aa
ea8d870214ba5a4f08ff80e5434c510ff7c35c83bf20583775474483148e5444
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

flux.li Open in urlscan Pro 170.187.189.97 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

39 Requests

92 %HTTPS

63 %IPv6

14 Domains

17 Subdomains

17 IPs

4 Countries

2313 kBTransfer

5402 kBSize

4 Cookies

0 Outgoing links

Redirected requests

39 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

flux.li Open in urlscan Pro
170.187.189.97 Public Scan

Screenshot
Live screenshot

Full Image

39
Requests

92 %
HTTPS

63 %
IPv6

14
Domains

17
Subdomains

17
IPs

4
Countries

2313 kB
Transfer

5402 kB
Size

4
Cookies

39 HTTP transactions
2 data transactions