Submitted URL: http://speedflow.io/adult/?a=rr
Effective URL: http://sh.st/Czw6q
Submission Tags: demotag1 demotag2 Search All
Submission: On November 10 via api from US

Summary

This website contacted 16 IPs in 3 countries across 17 domains to perform 33 HTTP transactions. The main IP is 2606:4700:20::681a:7da, located in United States and belongs to CLOUDFLARENET, US. The main domain is sh.st.
This is the only time sh.st was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 198.54.116.135 22612 (NAMECHEAP...)
2 6 107.170.39.103 14061 (DIGITALOC...)
1 162.213.255.36 22612 (NAMECHEAP...)
1 54.205.148.134 14618 (AMAZON-AES)
1 35.190.72.161 15169 (GOOGLE)
1 2a04:4e42:1b:... 54113 (FASTLY)
6 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 139.45.195.108 9002 (RETN-AS)
2 139.45.196.21 9002 (RETN-AS)
1 13.224.89.30 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 35.227.234.224 15169 (GOOGLE)
33 16
Domain Requested by
6 sh.st traffdaq.com
sh.st
6 traffdaq.com 2 redirects speedflow.io
traffdaq.com
3 static.sh.st sh.st
2 cobalten.com sh.st
go.onclasrv.com
1 analytics.shorte.st static.sh.st
1 fonts.gstatic.com fonts.googleapis.com
1 www.googletagmanager.com sh.st
1 d3ud741uvs727m.cloudfront.net sh.st
1 go.onclasrv.com 1 redirects
1 www.google-analytics.com sh.st
www.google-analytics.com
1 fonts.googleapis.com sh.st
1 cdn.jsdelivr.net traffdaq.com
1 c.securepaths.com traffdaq.com
1 cors-anywhere.herokuapp.com speedflow.io
1 manyhit.com speedflow.io
1 speedflow.io
0 rovalionsa.fun Failed d3ud741uvs727m.cloudfront.net
0 inabsolor.com Failed go.onclasrv.com
33 18

This site contains no links.

Subject Issuer Validity Valid
traffdaq.com
Let's Encrypt Authority X3
2020-10-31 -
2021-01-29
3 months crt.sh
*.securepaths.com
Let's Encrypt Authority X3
2020-09-22 -
2020-12-21
3 months crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2020-10-26 -
2021-04-17
6 months crt.sh
upload.video.google.com
GTS CA 1O1
2020-10-20 -
2021-01-12
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2020-10-20 -
2021-01-12
3 months crt.sh
*.gstatic.com
GTS CA 1O1
2020-10-28 -
2021-01-20
3 months crt.sh

This page contains 4 frames:

Primary Page: http://sh.st/Czw6q
Frame ID: 9B3FA6F6D3D6BAC53A897CFDF2622141
Requests: 28 HTTP requests in this frame

Frame: http://manyhit.com/autosurf_if.php?user=woowy
Frame ID: 608241A6315BAA0F960F46E4378B4383
Requests: 1 HTTP requests in this frame

Frame: http://cobalten.com/fac.php
Frame ID: 912B97D52691A2E0494AEDEFA7E1CCC3
Requests: 1 HTTP requests in this frame

Frame: http://rovalionsa.fun/NkNuNlhXIQ1bZ1d+DBAtRC9TE2pwZlxwPAU2CgFsBzYYRW8EdAMYO1osG1I+RCwAQnZYJhoTanAgOWIZAxkrc25ucg11Pl9yNG4OWnEPdwF6FV18fQQFOV03eg8XXRZVOglMFWEFIXAbWRUsYxlODQNwDlAGJwcRBxIrYA9VcjtgO3IlJg8OYDQKDjl0GTd3G3goLHRgZw46bDp0AgVMFQcZOHAydzE5WhJ1DSpRFmACHQEVcDs4dA9kMQpRIH0gNkEbdRYZRRdwDT91MmNxPwcedCAGRQ51cj9ZFgYRDXUfZDEvcAlwCgBBG3USHU8+dwokfh9kMS93dV4WJls/cxkCcDdQAid8GmIGHm4eQRckcixUFix0M1dwN3sOBRlddy8PAQ0EM28WCUFpeAUZVQ5RCVZ3P10KJXISYAsobCBmLzhXHE92GXAJQhYnXB51FQldM1ACJBNqcBsmfGt3AQpnO3EoKnBpfDQIdxF8BRd3fQQFO2MreBkpQmpyBQoEPEEOPmcyZCgscGhxJwNwCnUvX0w5UQ03YzZSJC13YHQgKXANYXI8TzlaEixga3gsOFEZECkdWTZGfiR6Kl4SGUYzenYXYy8OJis
Frame ID: 553C149F32C36EEA7CB8A63A3671B317
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://speedflow.io/adult/?a=rr Page URL
  2. http://traffdaq.com/delivery/dl/47382?category=babe HTTP 301
    https://traffdaq.com/delivery/dl/47382?category=babe Page URL
  3. https://traffdaq.com/delivery/directlink/47382?hash=eyJpdiI6ImVJYjFGNllaSGsrVHg1ZHhucXVpY0E9PSIsI... Page URL
  4. http://sh.st/Czw6q Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

33
Requests

33 %
HTTPS

44 %
IPv6

17
Domains

18
Subdomains

16
IPs

3
Countries

319 kB
Transfer

621 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://speedflow.io/adult/?a=rr Page URL
  2. http://traffdaq.com/delivery/dl/47382?category=babe HTTP 301
    https://traffdaq.com/delivery/dl/47382?category=babe Page URL
  3. https://traffdaq.com/delivery/directlink/47382?hash=eyJpdiI6ImVJYjFGNllaSGsrVHg1ZHhucXVpY0E9PSIsInZhbHVlIjoiYjJJVlN3RFwvY0FmenNLR2xmQVNiaVJsblNxMGIrVGNCUzMxUWc5ZCs2d28yWUVGbW9QT0JHM3pOdFBJSkdnS1wvb1wvcEhkNVZ6dnF6Nkh5UVF2NjM0ZkREMlMzVmp3VHJpaXQ5ZGtOaUFxUzRkRDlCeUtycHJpdmxBZUdcL1M0XC94eEdibEdJNFwvSzl4OHg1UjV6MEZUNlV3Wk5yUmlsZGVqTHBuNlQxRnIyaEI3NTR3c29NUDJUYlwvVU1kdUtrak51WllkbHQ1KzBrb1lscGx3Um44b1h0TjZKRE9JK1piY3h0UUlybm9yQjFPODRVTFlUTnpjMlZuWStkUWdYMlNacCtLZFlCZlpCaHZVM2hGa2JcL21xSXVqUFdWK1BKeERQdkZxK1BkWThXTjkzcz0iLCJtYWMiOiI4NDZkMWZkYTU4Mzg5ZTZmODU2Nzg4ZTNjMmQ0Y2RkMThlNzRlZjQ0MDY4NzQzNjRjMjhiNWQxMzkxMGQ2ZDZjIn0%3D&fp=66abd220fd1aeed21a48c2d9b60f0bf8 Page URL
  4. http://sh.st/Czw6q Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://traffdaq.com/delivery/pu/47382?category=babe HTTP 301
  • https://traffdaq.com/delivery/pu/47382?category=babe
Request Chain 5
  • http://traffdaq.com/delivery/dl/47382?category=babe HTTP 301
  • https://traffdaq.com/delivery/dl/47382?category=babe
Request Chain 16
  • http://www.google-analytics.com/analytics.js HTTP 307
  • https://www.google-analytics.com/analytics.js
Request Chain 19
  • http://go.onclasrv.com/apu.php?zoneid=1543391 HTTP 302
  • http://cobalten.com/apu.php?zoneid=1543391

33 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
speedflow.io/adult/
1 KB
1 KB
Document
General
Full URL
http://speedflow.io/adult/?a=rr
Protocol
HTTP/1.1
Server
198.54.116.135 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server193-5.web-hosting.com
Software
Apache / PHP/7.1.33
Resource Hash
8b562608bfbb9ef721b44f5a312df769a8f8c6563245ef44d9c8911fd6cc6f98

Request headers

Host
speedflow.io
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr

Response headers

date
Tue, 10 Nov 2020 07:30:56 GMT
server
Apache
x-powered-by
PHP/7.1.33
set-cookie
visits_todaya=1; expires=Tue, 10-Nov-2020 22:59:00 GMT; Max-Age=55684; path=/ time_start=1604993456.8684; expires=Tue, 10-Nov-2020 22:59:00 GMT; Max-Age=55684; path=/ ip=194.99.105.99 mobile=0 country=DE visits_todayi=0; expires=Tue, 10-Nov-2020 22:59:00 GMT; Max-Age=55684; path=/
accept-ranges
none
vary
Accept-Encoding
content-encoding
gzip
content-length
648
content-type
text/html; charset=UTF-8
47382
traffdaq.com/delivery/pu/
Redirect Chain
  • http://traffdaq.com/delivery/pu/47382?category=babe
  • https://traffdaq.com/delivery/pu/47382?category=babe
5 KB
2 KB
Script
General
Full URL
https://traffdaq.com/delivery/pu/47382?category=babe
Requested by
Host: speedflow.io
URL: http://speedflow.io/adult/?a=rr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.170.39.103 New York, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.16.1 (Ubuntu) /
Resource Hash
5adeb1d756d96d6db47a7c27188e7ab02e7b270264584343fd229da06cc0b167

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 10 Nov 2020 07:30:57 GMT
Content-Encoding
gzip
Server
nginx/1.16.1 (Ubuntu)
Connection
close
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Location
https://traffdaq.com/delivery/pu/47382?category=babe
Connection
close
Content-length
0
autosurf_if.php
manyhit.com/ Frame 6082
0
0
Document
General
Full URL
http://manyhit.com/autosurf_if.php?user=woowy
Requested by
Host: speedflow.io
URL: http://speedflow.io/adult/?a=rr
Protocol
HTTP/1.1
Server
162.213.255.36 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server145-4.web-hosting.com
Software
Apache / PHP/5.4.45
Resource Hash

Request headers

Host
manyhit.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://speedflow.io/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
http://speedflow.io/

Response headers

date
Tue, 10 Nov 2020 07:30:57 GMT
server
Apache
x-powered-by
PHP/5.4.45
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
set-cookie
PHPSESSID=bf0ffc6e0fa4ee04cd49167b8cac2b87; path=/
vary
Accept-Encoding
content-encoding
gzip
content-length
1232
content-type
text/html
47382
cors-anywhere.herokuapp.com///traffdaq.com/delivery/pu/ Frame
0
0
Other
General
Full URL
https://cors-anywhere.herokuapp.com///traffdaq.com/delivery/pu/47382?category=babe
Protocol
HTTP/1.1
Server
54.205.148.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-205-148-134.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
x-requested-with
Origin
http://speedflow.io
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Server
Cowboy
Connection
keep-alive
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET
Access-Control-Allow-Headers
x-requested-with
Access-Control-Expose-Headers
access-control-allow-origin,access-control-allow-methods,access-control-allow-headers
Date
Tue, 10 Nov 2020 07:30:58 GMT
Transfer-Encoding
chunked
Via
1.1 vegur
47382
cors-anywhere.herokuapp.com///traffdaq.com/delivery/pu/
0
0

47382
traffdaq.com/delivery/dl/
Redirect Chain
  • http://traffdaq.com/delivery/dl/47382?category=babe
  • https://traffdaq.com/delivery/dl/47382?category=babe
3 KB
2 KB
Document
General
Full URL
https://traffdaq.com/delivery/dl/47382?category=babe
Requested by
Host: speedflow.io
URL: http://speedflow.io/adult/?a=rr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.170.39.103 New York, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.16.1 (Ubuntu) /
Resource Hash
fa50e99056256d329b541e2a8e68fd0a58ea3933338caf4721c7e7af921ce195

Request headers

Host
traffdaq.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
http://speedflow.io/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
http://speedflow.io/adult/?a=rr

Response headers

Server
nginx/1.16.1 (Ubuntu)
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
Cache-Control
no-cache
Date
Tue, 10 Nov 2020 07:31:01 GMT
Content-Encoding
gzip

Redirect headers

Content-length
0
Location
https://traffdaq.com/delivery/dl/47382?category=babe
Connection
close
eyJpdiI6IjBlYW9KWURmcDlxdVZLclNmNFk4dFE9PSIsInZhbHVlIjoiMGhrWkxieVYxVElGem9mam04XC8xZ3IrR1NQWGNvZGpYM1FYbDJpdDZvWjFkemk0MWNYaG9YTEhpUWdlV1o0NE9jakxSbW9RUnBqeWZNWDYyZFZQWFB3PT0iLCJtYWMiOiIwMjVlM2JmY...
traffdaq.com/users/track/
0
854 B
Image
General
Full URL
https://traffdaq.com/users/track/eyJpdiI6IjBlYW9KWURmcDlxdVZLclNmNFk4dFE9PSIsInZhbHVlIjoiMGhrWkxieVYxVElGem9mam04XC8xZ3IrR1NQWGNvZGpYM1FYbDJpdDZvWjFkemk0MWNYaG9YTEhpUWdlV1o0NE9jakxSbW9RUnBqeWZNWDYyZFZQWFB3PT0iLCJtYWMiOiIwMjVlM2JmYTVmOWVhZGFkYzgyMmZhNjAwMzNhMjk0MjA4YTliZjg3ODhiYTdiZTUwODU0NmViNTQ0MDU1ZTc4In0%3D
Requested by
Host: traffdaq.com
URL: https://traffdaq.com/delivery/dl/47382?category=babe
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.170.39.103 New York, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.16.1 (Ubuntu) /
Resource Hash

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 10 Nov 2020 07:31:01 GMT
Cache-Control
no-cache
Server
nginx/1.16.1 (Ubuntu)
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
implement.js
c.securepaths.com/js/
0
0
Script
General
Full URL
https://c.securepaths.com/js/implement.js?org=FziBhN0qA1aE5tBQrQLl&s=5faa41b53c0d5&p=TDQ47382&a=47382&cmp=47382&rd=http%3A%2F%2Fspeedflow.io%2F&rt=click&sl=0&stId=0&ty=l
Requested by
Host: traffdaq.com
URL: https://traffdaq.com/delivery/dl/47382?category=babe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.72.161 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
161.72.190.35.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 Nov 2020 07:31:01 GMT
via
1.1 google
status
401
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
x-xss-protection
0
expires
0
fingerprint2.min.js
cdn.jsdelivr.net/fingerprintjs2/1.4.0/
33 KB
10 KB
Script
General
Full URL
https://cdn.jsdelivr.net/fingerprintjs2/1.4.0/fingerprint2.min.js
Requested by
Host: traffdaq.com
URL: https://traffdaq.com/delivery/dl/47382?category=babe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4ef071f26a6a95d20498fa67e78856aebf65e9e06d46046604acac1ac3e87033
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
1077449
x-cache
HIT, HIT
status
200
cross-origin-resource-policy
cross-origin
content-length
10191
etag
W/"83f3-ijg3WuTgKQH1Hch06eHdIajrA24"
x-served-by
cache-fra19149-FRA, cache-hhn4040-HHN
date
Tue, 10 Nov 2020 07:31:01 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
47382
traffdaq.com/delivery/directlink/
2 KB
1 KB
Document
General
Full URL
https://traffdaq.com/delivery/directlink/47382?hash=eyJpdiI6ImVJYjFGNllaSGsrVHg1ZHhucXVpY0E9PSIsInZhbHVlIjoiYjJJVlN3RFwvY0FmenNLR2xmQVNiaVJsblNxMGIrVGNCUzMxUWc5ZCs2d28yWUVGbW9QT0JHM3pOdFBJSkdnS1wvb1wvcEhkNVZ6dnF6Nkh5UVF2NjM0ZkREMlMzVmp3VHJpaXQ5ZGtOaUFxUzRkRDlCeUtycHJpdmxBZUdcL1M0XC94eEdibEdJNFwvSzl4OHg1UjV6MEZUNlV3Wk5yUmlsZGVqTHBuNlQxRnIyaEI3NTR3c29NUDJUYlwvVU1kdUtrak51WllkbHQ1KzBrb1lscGx3Um44b1h0TjZKRE9JK1piY3h0UUlybm9yQjFPODRVTFlUTnpjMlZuWStkUWdYMlNacCtLZFlCZlpCaHZVM2hGa2JcL21xSXVqUFdWK1BKeERQdkZxK1BkWThXTjkzcz0iLCJtYWMiOiI4NDZkMWZkYTU4Mzg5ZTZmODU2Nzg4ZTNjMmQ0Y2RkMThlNzRlZjQ0MDY4NzQzNjRjMjhiNWQxMzkxMGQ2ZDZjIn0%3D&fp=66abd220fd1aeed21a48c2d9b60f0bf8
Requested by
Host: traffdaq.com
URL: https://traffdaq.com/delivery/dl/47382?category=babe
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.170.39.103 New York, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.16.1 (Ubuntu) /
Resource Hash

Request headers

Host
traffdaq.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://traffdaq.com/delivery/dl/47382?category=babe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
tdqct=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
https://traffdaq.com/delivery/dl/47382?category=babe

Response headers

Server
nginx/1.16.1 (Ubuntu)
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
Cache-Control
no-cache
Date
Tue, 10 Nov 2020 07:31:08 GMT
Content-Encoding
gzip
Primary Request Cookie set Czw6q
sh.st/
71 KB
30 KB
Document
General
Full URL
http://sh.st/Czw6q
Requested by
Host: traffdaq.com
URL: https://traffdaq.com/delivery/directlink/47382?hash=eyJpdiI6ImVJYjFGNllaSGsrVHg1ZHhucXVpY0E9PSIsInZhbHVlIjoiYjJJVlN3RFwvY0FmenNLR2xmQVNiaVJsblNxMGIrVGNCUzMxUWc5ZCs2d28yWUVGbW9QT0JHM3pOdFBJSkdnS1wvb1wvcEhkNVZ6dnF6Nkh5UVF2NjM0ZkREMlMzVmp3VHJpaXQ5ZGtOaUFxUzRkRDlCeUtycHJpdmxBZUdcL1M0XC94eEdibEdJNFwvSzl4OHg1UjV6MEZUNlV3Wk5yUmlsZGVqTHBuNlQxRnIyaEI3NTR3c29NUDJUYlwvVU1kdUtrak51WllkbHQ1KzBrb1lscGx3Um44b1h0TjZKRE9JK1piY3h0UUlybm9yQjFPODRVTFlUTnpjMlZuWStkUWdYMlNacCtLZFlCZlpCaHZVM2hGa2JcL21xSXVqUFdWK1BKeERQdkZxK1BkWThXTjkzcz0iLCJtYWMiOiI4NDZkMWZkYTU4Mzg5ZTZmODU2Nzg4ZTNjMmQ0Y2RkMThlNzRlZjQ0MDY4NzQzNjRjMjhiNWQxMzkxMGQ2ZDZjIn0%3D&fp=66abd220fd1aeed21a48c2d9b60f0bf8
Protocol
HTTP/1.1
Server
2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.6.40-0+deb8u12
Resource Hash
1bde05aeefdec3b1208820d36dcc7feb88fe91223f002cf0835d1822ba9fd3f8
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Host
sh.st
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr

Response headers

Date
Tue, 10 Nov 2020 07:31:08 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d045199821fd3500ea86102bbe06810221604993468; expires=Thu, 10-Dec-20 07:31:08 GMT; path=/; domain=.sh.st; HttpOnly; SameSite=Lax PHPSESSID=pfo74gnln0f237obj01ha6h1a6; expires=Tue, 10-Nov-2020 08:31:08 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly hl=en; expires=Wed, 10-Nov-2021 07:31:08 GMT; Max-Age=31536000; path=/ cookies-enable=1; path=/; httponly __cf_bm=e7fd893256a9c7cc42ac945769822bc242c22d01-1604993468-1800-ARzw5qBv8FeQIb0GtSmCypJX40k/A8+7r1gZKbfKvKlt; path=/; expires=Tue, 10-Nov-20 08:01:08 GMT; domain=.sh.st; HttpOnly; SameSite=None
Vary
Accept-Encoding
X-Powered-By
PHP/5.6.40-0+deb8u12
Cache-Control
no-cache
X-Frame-Options
DENY
X-Server-ID
shn13
X-UA-Compatible
IE=Edge
Access-Control-Allow-Origin
*
CF-Cache-Status
DYNAMIC
cf-request-id
0652a9dff30000d6e1952bd000000001
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=H0b2aKiBvhqXf%2Bl7rg1lDqDHjuFVTA1oo9BluGChXBtYxwHgR4q8dn%2F9%2FWZF%2Bs9RBUbPYfeKBeOMt1%2FrI4t0dUtkdyjLEgnwiGIV0HcW7dPZDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL
{"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
5efe12798f82d6e1-FRA
Content-Encoding
gzip
css
fonts.googleapis.com/
3 KB
638 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Raleway:400,700
Requested by
Host: sh.st
URL: http://sh.st/Czw6q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
95018d6b90baf42d8f20f3b7e24c2de4cf27560fe7af07d39eea0e9ed9acf517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 10 Nov 2020 06:42:49 GMT
server
ESF
date
Tue, 10 Nov 2020 07:31:08 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 10 Nov 2020 07:31:08 GMT
api.js
sh.st/cdn-cgi/bm/cv/2172558837/
25 KB
8 KB
Script
General
Full URL
http://sh.st/cdn-cgi/bm/cv/2172558837/api.js
Requested by
Host: sh.st
URL: http://sh.st/Czw6q
Protocol
HTTP/1.1
Server
2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e46bffb5f4bd8c42e67e417d2bbb3740eb7474e65c16e0053e736237380d77f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 10 Nov 2020 07:31:08 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
NEL
{"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=SwkjdU%2BV%2BdllK7i%2Fm66IjZngzMR0TF9cVhqA46VTDIsVySAnyF%2B%2B1%2FRzoVUMLhtyAUhR65tZIvsbp2ArKil8pxxlfJwzEU7T%2BBAmv3rOXV6PUg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/javascript
cache-control
max-age=604800, public
Connection
keep-alive
CF-RAY
5efe127a8920d6e1-FRA
Vary
Accept-Encoding
cf-request-id
0652a9e0920000d6e173af4000000001
tracking.gif
sh.st/bundles/advertisement/img/
0
749 B
Image
General
Full URL
http://sh.st/bundles/advertisement/img/tracking.gif?test=9db0b8a2e4efc1237809977d3bd0b544021fda7c
Requested by
Host: sh.st
URL: http://sh.st/Czw6q
Protocol
HTTP/1.1
Server
2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 10 Nov 2020 07:31:08 GMT
CF-Cache-Status
MISS
NEL
{"report_to":"cf-nel","max_age":604800}
Connection
keep-alive
Content-Length
0
cf-request-id
0652a9e0cd0000c290660e6000000001
X-UA-Compatible
IE=Edge
Last-Modified
Wed, 19 Feb 2020 11:57:41 GMT
Server
cloudflare
ETag
"5e4d22b5-0"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nWYAFBgiPuJu8uGtMX2mLlyhOR3EPFiaKV%2BMLP9Lz%2F2f6IjABmTTMzygDcL06oBdmHb9C89zsUzBstncoTifF6hUv4vCjWIQSBNvz%2BJl46Z%2BBw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/gif
Access-Control-Allow-Origin
*
X-Server-ID
shn05
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
5efe127ae85fc290-FRA
advertisement-tracking-1657793.gif
sh.st/bundles/smeweb/img/
43 B
781 B
Image
General
Full URL
http://sh.st/bundles/smeweb/img/advertisement-tracking-1657793.gif?t=1604993468
Requested by
Host: sh.st
URL: http://sh.st/Czw6q
Protocol
HTTP/1.1
Server
2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 10 Nov 2020 07:31:08 GMT
CF-Cache-Status
MISS
NEL
{"report_to":"cf-nel","max_age":604800}
Connection
keep-alive
Content-Length
43
cf-request-id
0652a9e0d000002bad111ef000000001
X-UA-Compatible
IE=Edge
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
cloudflare
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LoeLQX8ZP43jGv7pZ%2BUz%2FDmNSWAtPw6kVhmfBCBCu3ihDfuTWxoc%2FQ0%2BpV9sSg6dSCQdnDf5E79ufk9JzorHeV3YA%2BIwpRD%2FM9lw%2Fv%2F6Oq3SIw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/gif
Access-Control-Allow-Origin
*
X-Server-ID
shn05
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
5efe127ae83f2bad-FRA
tracking-1657793.gif
sh.st/bundles/smeweb/img/
43 B
767 B
Image
General
Full URL
http://sh.st/bundles/smeweb/img/tracking-1657793.gif?t=1604993468
Requested by
Host: sh.st
URL: http://sh.st/Czw6q
Protocol
HTTP/1.1
Server
2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 10 Nov 2020 07:31:08 GMT
CF-Cache-Status
MISS
NEL
{"report_to":"cf-nel","max_age":604800}
Connection
keep-alive
Content-Length
43
cf-request-id
0652a9e0cd00002b89b6a26000000001
X-UA-Compatible
IE=Edge
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
cloudflare
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JWxG0JDv2OUZ%2BQNpNoiSpT3U4QjdFGJ8kJkAMMaoY9paxrzseMrvmFcJz09EJ0lG0v2LRYvpGp8gwWDwKdYwxJb0IYSccDRCIxNRmi0npkds1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/gif
Access-Control-Allow-Origin
*
X-Server-ID
shn11
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
5efe127aea4a2b89-FRA
logo1707.png
static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/
6 KB
7 KB
Image
General
Full URL
http://static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2020-02-19.0
Requested by
Host: sh.st
URL: http://sh.st/Czw6q
Protocol
HTTP/1.1
Server
2606:4700:20::681a:6da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 10 Nov 2020 07:31:08 GMT
CF-Cache-Status
HIT
NEL
{"report_to":"cf-nel","max_age":604800}
Age
11630
Connection
keep-alive
Content-Length
6226
cf-request-id
0652a9e0c800000eabadb9a000000001
X-UA-Compatible
IE=Edge
Last-Modified
Fri, 17 Jul 2015 13:29:04 GMT
Server
cloudflare
ETag
"55a90320-1852"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8VkpSdpG6ed5UJCh04509r4kDgU1b6ZGT1jvglMzSV%2BkPF7n9BpoZVmWATjL3sj2oqBZsHPjfr%2BZdCtGTrLyrbZi0yanTCSN8lLT0KOH3jaRCrNmHcDryVE%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
X-Server-ID
shn09
Cache-Control
max-age=86400
Accept-Ranges
bytes
CF-RAY
5efe127ad8d30eab-FRA
Expires
Wed, 11 Nov 2020 04:17:18 GMT
analytics.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
46 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: sh.st
URL: http://sh.st/Czw6q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
920
date
Tue, 10 Nov 2020 07:15:48 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Tue, 10 Nov 2020 09:15:48 GMT

Redirect headers

Location
https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason
HSTS
interstitial-page.js
static.sh.st/js/packed/
50 KB
16 KB
Script
General
Full URL
http://static.sh.st/js/packed/interstitial-page.js?2020-02-19.0
Requested by
Host: sh.st
URL: http://sh.st/Czw6q
Protocol
HTTP/1.1
Server
2606:4700:20::681a:6da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4bfd84441ea51484204c8ca64bfd0dd137c5c95e236c32fd380da19ab00510b4

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 10 Nov 2020 07:31:08 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"report_to":"cf-nel","max_age":604800}
Age
11630
Cf-Polished
origSize=68001
Transfer-Encoding
chunked
Connection
keep-alive
cf-request-id
0652a9e0aa00000eabed318000000001
X-UA-Compatible
IE=Edge
Expires
Wed, 11 Nov 2020 04:17:18 GMT
Last-Modified
Wed, 19 Feb 2020 11:58:09 GMT
Server
cloudflare
ETag
W/"5e4d22d1-109a1"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=B8Z23yYG3ydn1gZnIWnUH4kgtCW4cRn3t6ldAsRnOH8RkAJySyeQ1uusDg5jT2pQluk02g8uDamjYCqJFCKft3LYxVebAiM%2Bs4oznBOkQbA9LuFAQRWzgLQ%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
X-Server-ID
shn03
Cache-Control
max-age=86400
CF-RAY
5efe127aa8890eab-FRA
Cf-Bgj
minify
xvideos.js
sh.st/bundles/smeweb/js/
12 KB
7 KB
Script
General
Full URL
http://sh.st/bundles/smeweb/js/xvideos.js
Requested by
Host: sh.st
URL: http://sh.st/Czw6q
Protocol
HTTP/1.1
Server
2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8370a966d1c5a134db269c57f965fc0313344e9ee9299f863dc131a47863792

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 10 Nov 2020 07:31:08 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"report_to":"cf-nel","max_age":604800}
Age
5056
Cf-Polished
origSize=11964
Transfer-Encoding
chunked
Connection
keep-alive
cf-request-id
0652a9e0c40000d6e17e2ed000000001
X-UA-Compatible
IE=Edge
Last-Modified
Wed, 19 Feb 2020 11:57:41 GMT
Server
cloudflare
ETag
W/"5e4d22b5-2ebc"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xSEk1M3E%2Bh4H3%2BQfPDWAD6uZEm1Szr%2BjIvB02BRRZue5uFt5E7dz%2BA%2BF7FfZMZWRmeHWtFfZ0aZ39g0BDQM8wMZ1EdtYylq%2BKuC8gCFTGM195Q%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Access-Control-Allow-Origin
*
X-Server-ID
shn05
Cache-Control
max-age=14400
CF-RAY
5efe127ad9d4d6e1-FRA
Cf-Bgj
minify
apu.php
cobalten.com/
Redirect Chain
  • http://go.onclasrv.com/apu.php?zoneid=1543391
  • http://cobalten.com/apu.php?zoneid=1543391
61 KB
22 KB
Script
General
Full URL
http://cobalten.com/apu.php?zoneid=1543391
Requested by
Host: sh.st
URL: http://sh.st/Czw6q
Protocol
HTTP/1.1
Server
139.45.196.21 , Ascension Island, ASN9002 (RETN-AS, EU),
Reverse DNS
Software
nginx /
Resource Hash
c6f5fd844edbf8e0012c8169bd31dbfe2455680f8f30880e7c6638ef8d970240
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 10 Nov 2020 07:31:08 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
X-Trace-Id
cdf6d1c6f737da0efe138af9e8b89263
Pragma
no-cache
Server
nginx
Strict-Transport-Security
max-age=1
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
no-transform, no-store, no-cache, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Timing-Allow-Origin
*, *
Access-Control-Allow-Headers
Accept, Content-Type, Content-Length, Accept-Encoding
Expires
Tue, 11 Jan 1994 10:00:00 GMT

Redirect headers

Date
Tue, 10 Nov 2020 07:31:08 GMT
X-Content-Type-Options
nosniff
Server
nginx
Strict-Transport-Security
max-age=1
Content-Type
text/html
Location
http://cobalten.com/apu.php?zoneid=1543391
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
138
/
d3ud741uvs727m.cloudfront.net/
111 KB
38 KB
Script
General
Full URL
http://d3ud741uvs727m.cloudfront.net/?vudud=716233
Requested by
Host: sh.st
URL: http://sh.st/Czw6q
Protocol
HTTP/1.1
Server
13.224.89.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-89-30.zrh50.r.cloudfront.net
Software
/
Resource Hash
c8b45da3816d966ed8e2b3cdbfadc5f2d5e5047565194485bb7a8fe15c601fe4

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 10 Nov 2020 07:31:08 GMT
content-encoding
gzip
X-Amz-Cf-Pop
ZRH50-C1
X-Cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Connection
keep-alive
Content-Length
38663
Via
1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
X-Amz-Cf-Id
rYkgisyk3rI1ZRTTr5eUbblihIQAdKoWI84tXOzEsGuSntCTo1fjaA==
gtm.js
www.googletagmanager.com/
69 KB
27 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
Requested by
Host: sh.st
URL: http://sh.st/Czw6q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4f6ffaa3bff8c7f09c9bf51fc4574e1e1f6c66fb4515fcc5065f79046030c8a7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 10 Nov 2020 07:31:08 GMT
content-encoding
br
vary
Accept-Encoding
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27870
x-xss-protection
0
last-modified
Tue, 10 Nov 2020 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 10 Nov 2020 07:31:08 GMT
widget-sprite.png
static.sh.st/bundles/smeweb/img/
83 KB
83 KB
Image
General
Full URL
http://static.sh.st/bundles/smeweb/img/widget-sprite.png?2020-02-19.0
Requested by
Host: sh.st
URL: http://sh.st/Czw6q
Protocol
HTTP/1.1
Server
2606:4700:20::681a:6da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 10 Nov 2020 07:31:08 GMT
CF-Cache-Status
HIT
NEL
{"report_to":"cf-nel","max_age":604800}
Age
16252
Connection
keep-alive
Content-Length
84545
cf-request-id
0652a9e0d0000006056b8d0000000001
X-UA-Compatible
IE=Edge
Last-Modified
Wed, 19 Feb 2020 11:57:41 GMT
Server
cloudflare
ETag
"5e4d22b5-14a41"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BwrFyQunfu%2Fg28Ec%2F06TTh8XO0kRXzsTWFPvzq%2Fwe67dbXfhqnai2%2FoKfnHr0l0SBw6JKnGZDWfTd3QaPU1E9gOyFnA9WyQjDglq2aqn6dVYnpuNVraDHew%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
X-Server-ID
shn07
Cache-Control
max-age=86400
Accept-Ranges
bytes
CF-RAY
5efe127ae9670605-FRA
Expires
Wed, 11 Nov 2020 03:00:16 GMT
1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2
fonts.gstatic.com/s/raleway/v18/
41 KB
42 KB
Font
General
Full URL
https://fonts.gstatic.com/s/raleway/v18/1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb0c201f0ca67e745869967d48db2e90bf01353d1f305959d487291cab6d0755
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
http://sh.st
Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 06 Nov 2020 20:00:31 GMT
x-content-type-options
nosniff
last-modified
Wed, 30 Sep 2020 20:45:21 GMT
server
sffe
age
300637
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42444
x-xss-protection
0
expires
Sat, 06 Nov 2021 20:00:31 GMT
displayed
analytics.shorte.st/ Frame
0
0
Other
General
Full URL
http://analytics.shorte.st/displayed
Protocol
HTTP/1.1
Server
35.227.234.224 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
224.234.227.35.bc.googleusercontent.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-requested-with
Origin
http://sh.st
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Server
nginx
Date
Tue, 10 Nov 2020 07:31:08 GMT
Content-Type
text/plain
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
POST, OPTIONS
Access-Control-Allow-Headers
origin, content-type, accept,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Allow-Credentials
true
Content-Length
0
X-Server-ID
shortest-analytics-jxf5
Via
1.1 google
displayed
analytics.shorte.st/
0
0

1
inabsolor.com/
0
0

fac.php
cobalten.com/ Frame 912B
0
0
Document
General
Full URL
http://cobalten.com/fac.php
Requested by
Host: go.onclasrv.com
URL: http://go.onclasrv.com/apu.php?zoneid=1543391
Protocol
HTTP/1.1
Server
139.45.196.21 , Ascension Island, ASN9002 (RETN-AS, EU),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Host
cobalten.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://sh.st/Czw6q
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
http://sh.st/Czw6q

Response headers

Server
nginx
Date
Tue, 10 Nov 2020 07:31:08 GMT
Content-Type
text/html; charset=utf8
Connection
keep-alive
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Headers
Accept, Content-Type, Content-Length, Accept-Encoding
Pragma
no-cache
Cache-Control
no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires
Tue, 11 Jan 1994 10:00:00 GMT
Timing-Allow-Origin
* *
X-Trace-Id
6a3b8ffe0add8c1db800984206868bde
Strict-Transport-Security
max-age=1
X-Content-Type-Options
nosniff
utx
rovalionsa.fun/
0
0

cxkCcDdQAid8GmIGHm4eQRckcixUFix0M1dwN3sOBRlddy8PAQ0EM28WCUFpeAUZVQ5RCVZ3P10KJXISYAsobCBmLzhXHE92GXAJQhYnXB51FQldM1ACJBNqcBsmfGt3AQpnO3EoKnBpfDQIdxF8BRd3fQQFO2MreBkpQmpyBQoEPEEOPmcyZCgscGhxJwNwCnUvX...
rovalionsa.fun/NkNuNlhXIQ1bZ1d+DBAtRC9TE2pwZlxwPAU2CgFsBzYYRW8EdAMYO1osG1I+RCwAQnZYJhoTanAgOWIZAxkrc25ucg11Pl9yNG4OWnEPdwF6FV18fQQFOV03eg8XXRZVOglMFWEFIXAbWRUsYxlODQNwDlAGJwcRBxIrYA9VcjtgO3IlJg8OYD... Frame 553C
0
0

result
sh.st/cdn-cgi/bm/cv/
0
0

collect
www.google-analytics.com/j/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cors-anywhere.herokuapp.com
URL
https://cors-anywhere.herokuapp.com///traffdaq.com/delivery/pu/47382?category=babe
Domain
analytics.shorte.st
URL
http://analytics.shorte.st/displayed
Domain
inabsolor.com
URL
http://inabsolor.com/1?z=2892932
Domain
rovalionsa.fun
URL
https://rovalionsa.fun/utx?cb=YOeHxB5T8cHG&top=sh.st&tid=716233
Domain
rovalionsa.fun
URL
http://rovalionsa.fun/NkNuNlhXIQ1bZ1d+DBAtRC9TE2pwZlxwPAU2CgFsBzYYRW8EdAMYO1osG1I+RCwAQnZYJhoTanAgOWIZAxkrc25ucg11Pl9yNG4OWnEPdwF6FV18fQQFOV03eg8XXRZVOglMFWEFIXAbWRUsYxlODQNwDlAGJwcRBxIrYA9VcjtgO3IlJg8OYDQKDjl0GTd3G3goLHRgZw46bDp0AgVMFQcZOHAydzE5WhJ1DSpRFmACHQEVcDs4dA9kMQpRIH0gNkEbdRYZRRdwDT91MmNxPwcedCAGRQ51cj9ZFgYRDXUfZDEvcAlwCgBBG3USHU8+dwokfh9kMS93dV4WJls/cxkCcDdQAid8GmIGHm4eQRckcixUFix0M1dwN3sOBRlddy8PAQ0EM28WCUFpeAUZVQ5RCVZ3P10KJXISYAsobCBmLzhXHE92GXAJQhYnXB51FQldM1ACJBNqcBsmfGt3AQpnO3EoKnBpfDQIdxF8BRd3fQQFO2MreBkpQmpyBQoEPEEOPmcyZCgscGhxJwNwCnUvX0w5UQ03YzZSJC13YHQgKXANYXI8TzlaEixga3gsOFEZECkdWTZGfiR6Kl4SGUYzenYXYy8OJis
Domain
sh.st
URL
http://sh.st/cdn-cgi/bm/cv/result?req_id=5efe12798f82d6e1
Domain
www.google-analytics.com
URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1867017122&t=pageview&_s=1&dl=http%3A%2F%2Fsh.st%2FCzw6q&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAAABAAAAAC~&jid=35383436&gjid=2142161306&cid=2044667867.1604993469&uid=1657793&tid=UA-42296749-1&_gid=1207234441.1604993469&_r=1&_slc=1&cd2=2020-02-19.0&cd7=1657793&cd5=0&z=1561291493

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes

7 Cookies

Domain/Path Name / Value
speedflow.io/ Name: time_start
Value: 1604993456.8684
speedflow.io/adult Name: country
Value: DE
speedflow.io/ Name: visits_todayi
Value: 0
speedflow.io/ Name: visits_todaya
Value: 1
speedflow.io/adult Name: mobile
Value: 0
speedflow.io/ Name: traffdaqPageCount
Value: 1
speedflow.io/adult Name: ip
Value: 194.99.105.99

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.shorte.st
c.securepaths.com
cdn.jsdelivr.net
cobalten.com
cors-anywhere.herokuapp.com
d3ud741uvs727m.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
go.onclasrv.com
inabsolor.com
manyhit.com
rovalionsa.fun
sh.st
speedflow.io
static.sh.st
traffdaq.com
www.google-analytics.com
www.googletagmanager.com
analytics.shorte.st
cors-anywhere.herokuapp.com
inabsolor.com
rovalionsa.fun
sh.st
www.google-analytics.com
107.170.39.103
13.224.89.30
139.45.195.108
139.45.196.21
162.213.255.36
198.54.116.135
2606:4700:20::681a:6da
2606:4700:20::681a:7da
2a00:1450:4001:801::200e
2a00:1450:4001:80b::200a
2a00:1450:4001:81a::2008
2a00:1450:4001:81b::2003
2a04:4e42:1b::621
35.190.72.161
35.227.234.224
54.205.148.134
1bde05aeefdec3b1208820d36dcc7feb88fe91223f002cf0835d1822ba9fd3f8
3e46bffb5f4bd8c42e67e417d2bbb3740eb7474e65c16e0053e736237380d77f
4bfd84441ea51484204c8ca64bfd0dd137c5c95e236c32fd380da19ab00510b4
4ef071f26a6a95d20498fa67e78856aebf65e9e06d46046604acac1ac3e87033
4f6ffaa3bff8c7f09c9bf51fc4574e1e1f6c66fb4515fcc5065f79046030c8a7
5adeb1d756d96d6db47a7c27188e7ab02e7b270264584343fd229da06cc0b167
8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d
8b562608bfbb9ef721b44f5a312df769a8f8c6563245ef44d9c8911fd6cc6f98
95018d6b90baf42d8f20f3b7e24c2de4cf27560fe7af07d39eea0e9ed9acf517
a8370a966d1c5a134db269c57f965fc0313344e9ee9299f863dc131a47863792
bb0c201f0ca67e745869967d48db2e90bf01353d1f305959d487291cab6d0755
c6f5fd844edbf8e0012c8169bd31dbfe2455680f8f30880e7c6638ef8d970240
c8b45da3816d966ed8e2b3cdbfadc5f2d5e5047565194485bb7a8fe15c601fe4
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
fa50e99056256d329b541e2a8e68fd0a58ea3933338caf4721c7e7af921ce195
fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001