Submitted URL: http://cupboardseed.top/bae3XndGfmYAZWACA3wFNxAjLglgMQc4L1J0WDNFPRs-DSchXhocUxkABy0YZi43?gfz1633437057296
Effective URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Submission: On October 05 via manual from SD — Scanned from DE

Summary

This website contacted 9 IPs in 4 countries across 9 domains to perform 47 HTTP transactions. The main IP is 2606:4700:3037::ac43:94c6, located in United States and belongs to CLOUDFLARENET, US. The main domain is uctvxyyhzan8epd.bar.
This is the only time uctvxyyhzan8epd.bar was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
4 2606:4700:303... 13335 (CLOUDFLAR...)
6 2606:4700:303... 13335 (CLOUDFLAR...)
8 2a00:1450:400... 15169 (GOOGLE)
17 2a00:1450:400... 15169 (GOOGLE)
2 185.66.201.59 201702 (SKHOSTING-EU)
2 185.66.200.220 201702 (SKHOSTING-EU)
1 2a00:1450:400... 15169 (GOOGLE)
6 103.235.46.191 55967 (BAIDU Bei...)
47 9
Domain Requested by
17 1.bp.blogspot.com uctvxyyhzan8epd.bar
8 www.googletagmanager.com uctvxyyhzan8epd.bar
6 hm.baidu.com uctvxyyhzan8epd.bar
6 cdn.jsdelivr.cc uctvxyyhzan8epd.bar
4 uctvxyyhzan8epd.bar cupboardseed.top
uctvxyyhzan8epd.bar
cdn.jsdelivr.cc
2 uprimp.com uctvxyyhzan8epd.bar
uprimp.com
2 benfly.net uctvxyyhzan8epd.bar
benfly.net
1 www.google-analytics.com www.googletagmanager.com
1 cupboardseed.top
47 9

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-04-10 -
2022-04-09
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
misc-sni.blogspot.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
uprimp.com
R3
2021-09-01 -
2021-11-30
3 months crt.sh
baidu.com
GlobalSign Organization Validation CA - SHA256 - G2
2021-07-01 -
2022-08-02
a year crt.sh

This page contains 3 frames:

Primary Page: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Frame ID: 48A9B8C314B9FC6E2E1CFC3F975CCE67
Requests: 45 HTTP requests in this frame

Frame: https://uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=163343737097135&xtt=33448
Frame ID: 1B02698663B30ABBAAA2ECC74726100B
Requests: 1 HTTP requests in this frame

Frame: http://benfly.net//4fe48aebd6/4f59451604/?placementName=default&randomA=0_7506&maxw=0
Frame ID: 8069E3D5F8C36FD75C54B92338AE37E1
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://cupboardseed.top/bae3XndGfmYAZWACA3wFNxAjLglgMQc4L1J0WDNFPRs-DSchXhocUxkABy0YZi43?gfz16334370... Page URL
  2. http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • hm\.baidu\.com/hm\.js

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • sweetalert2(?:\.all)?(?:\.min)?\.js
  • /npm/sweetalert2@([\d.]+)
  • sweetalert2@([\d.]+)/dist/sweetalert2(?:\.all)(?:\.min)\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

47
Requests

85 %
HTTPS

67 %
IPv6

9
Domains

9
Subdomains

9
IPs

4
Countries

971 kB
Transfer

1546 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://cupboardseed.top/bae3XndGfmYAZWACA3wFNxAjLglgMQc4L1J0WDNFPRs-DSchXhocUxkABy0YZi43?gfz1633437057296 Page URL
  2. http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

47 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
bae3XndGfmYAZWACA3wFNxAjLglgMQc4L1J0WDNFPRs-DSchXhocUxkABy0YZi43?gfz1633437057296
cupboardseed.top/
772 B
1 KB
Document
General
Full URL
http://cupboardseed.top/bae3XndGfmYAZWACA3wFNxAjLglgMQc4L1J0WDNFPRs-DSchXhocUxkABy0YZi43?gfz1633437057296
Protocol
HTTP/1.1
Server
2606:4700:3037::ac43:9161 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Host
cupboardseed.top
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Tue, 05 Oct 2021 12:36:10 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
vary
Accept-Encoding
CF-Cache-Status
DYNAMIC
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=acWV4qGNYtWyfdRnbvIqm%2B1LY2tvfZbjYB6dYnlQYmOvmSuiEsIMqhKLsv6qZYslTyH7GD6dGRGzpu9gfghX0Ns0Dh2fh8Hx4lyUSmrBczpWug%2B3e1TMe1v%2FsP8SEHVrEim%2Fo%2FupruIK79HvZGtb"}],"group":"cf-nel","max_age":604800}
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
6996b1abdbe21f3d-FRA
Content-Encoding
gzip
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Primary Request ?_t=1633437370gil
uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/
85 KB
16 KB
Document
General
Full URL
http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Requested by
Host: cupboardseed.top
URL: http://cupboardseed.top/bae3XndGfmYAZWACA3wFNxAjLglgMQc4L1J0WDNFPRs-DSchXhocUxkABy0YZi43?gfz1633437057296
Protocol
HTTP/1.1
Server
2606:4700:3037::ac43:94c6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43de71aaacabf6d792e522d1afd8026b5d98edf07f2406d4ca84363f524930ae

Request headers

Host
uctvxyyhzan8epd.bar
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://cupboardseed.top/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://cupboardseed.top/

Response headers

Date
Tue, 05 Oct 2021 12:36:10 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
vary
Accept-Encoding
CF-Cache-Status
DYNAMIC
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FmMfk69t1VFJOh3lCnPYai2Xs9yzWLib85eP4M%2FU3KF65qXGaiPSFnvxh3xlY%2Bu076h%2FatbW6mJRWZrlCZwG%2FGMrCucOaZizVDWGeUhgVurWc0C%2BAXwbmRjzqmvI9kF%2BqMsq4HJzO3inT4UK%2BtSSzAmL"}],"group":"cf-nel","max_age":604800}
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
6996b1ac485cc26d-FRA
Content-Encoding
gzip
jquery.min.js
cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/
87 KB
32 KB
Script
General
Full URL
https://cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:d63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 12:36:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
24358
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 14 Apr 2021 06:26:22 GMT
server
cloudflare
etag
W/"60768b0e-15d9d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y0nh9DrF8jVqN7upKXW5sgHaEX2xqD5l6PqDI7R%2F24OD2svPgDKZ156R32NSl5IK3EzdSPlYur%2B6rJdpRpC%2FSRZv1X2RmcTQq0FLp%2B0OwGcKqeXyZLuqGUklNZSUqL25kQj0sLOr594O%2FuD65gI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
6996b1ad1ce05c98-FRA
expires
Tue, 05 Oct 2021 17:50:11 GMT
bootstrap.min.js
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/
62 KB
16 KB
Script
General
Full URL
https://cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:d63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4555d8dee9f8adc976e84a97dfe87e6bf5794b579f49bb56f133fed85f7d709

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 12:36:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
24354
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 14 Apr 2021 02:49:20 GMT
server
cloudflare
etag
W/"60765830-f7f1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sow0EwoODVKgWarOK8OW9FanCY%2BZAdFFf1yBtV4NpAiN28apIGr5A5lwVpDNfpHDlAS7pgfrKNeBvi0bQZdakdnKPLMckZXqYZ%2FmOJrInDp%2FO6JdGRweHjAW0F65w90PVXikFn1vPvcPrmDN%2FCI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
6996b1ad1ce25c98-FRA
expires
Tue, 05 Oct 2021 17:50:16 GMT
sweetalert2.all.min.js
cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/
71 KB
20 KB
Script
General
Full URL
https://cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:d63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b7274b0b5b7f411de46416a6c9941062f7a57aaf919fdeda367b5959f4ce8ef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 12:36:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
36894
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 14 Apr 2021 02:43:30 GMT
server
cloudflare
etag
W/"607656d2-11c3d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DRgzLQsZ%2BOUpq96rTzM59lrkhKsBNwvHoYQpBpKJ6fo1op9NOls6hJHUFbwb7AefWhy%2Fu3y%2F3FE2UGHHfpzFan1M37JG1%2FqaWBcpQfQGoZsSjC%2Bgfro69GT4UyLaPB0rk1%2BUMft04KQhZuI%2Frkw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
6996b1ad1ce35c98-FRA
expires
Tue, 05 Oct 2021 14:21:16 GMT
lazyload.min.js
cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/
5 KB
3 KB
Script
General
Full URL
https://cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/lazyload.min.js
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:d63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b219e4cd8f8f9216f159285019be30d6bfe475d92ca30b3561551aaa2174751d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 12:36:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
23566
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Tue, 27 Jul 2021 04:19:04 GMT
server
cloudflare
etag
W/"60ff8938-12be"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dST%2Fa68ZJkk0iFy6JMSM0iMXdve6o8xqZXE7O2MDlwF5cXLGirG5DSoPNMZmtIBw16oB4YIRn7AtodOSm6LHpfI8z4slQbduz%2FUSQpycUv3Zu0wxNmLRYMyFuv1kiMG1yxHqE8jgYM4dqTcTo30%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
6996b1ad1ce95c98-FRA
expires
Tue, 05 Oct 2021 18:03:24 GMT
popper.min.js
cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/
21 KB
8 KB
Script
General
Full URL
https://cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:d63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e290dc4993b9ae7d34440db26be412b4bc4547a48ff635750d400164665d7fa6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 12:36:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
21066
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Fri, 16 Apr 2021 01:43:03 GMT
server
cloudflare
etag
W/"6078eba7-52f4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KKyJkrg%2Flfp%2B9ybqAvobrFO5vTh3fAWm%2B7BN%2FtSyl4VYJzxJRk9DYsdL4lof7kBhHmIdALDVFM8rJ2RnonVbXl8TG6qpglIUUsEkRLva9M4mxfso2V64xfQ%2FXdVKjLR3lV0ac6eCxx6Bck28cNk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
6996b1ad1ced5c98-FRA
expires
Tue, 05 Oct 2021 18:45:04 GMT
bootstrap.min.css
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/
158 KB
25 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:d63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d7a9043f4bed303fe2974ac4e3ba10d6b214e70f7ae549786ba2d347de05f81

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 12:36:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
36894
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 14 Apr 2021 02:50:45 GMT
server
cloudflare
etag
W/"60765885-27687"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5m3pVt5NJRbbqVvq9toyiFtUDu6tILW%2BItT0I%2FCNWARK2Uw2lYe%2FPa7OGyxiblCQ9cr6n9YTr5eSdYzyx80iKJYErwwVCGV67aDB6LBBQQ5HIl7Oe0%2F2J%2FL%2FNTB22Gaqqf62t7PwZYR5rMQEuUo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
6996b1ad1cde5c98-FRA
expires
Tue, 05 Oct 2021 14:21:16 GMT
sur.css
uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/static/
14 KB
4 KB
Stylesheet
General
Full URL
http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/static/sur.css
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
HTTP/1.1
Server
2606:4700:3037::ac43:94c6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
17c692cd404ceaf6a7481223ba03c8724c5873dc8de72212523ffc3f9a83c240

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
uctvxyyhzan8epd.bar
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 05 Oct 2021 12:36:10 GMT
content-encoding
gzip
CF-Cache-Status
MISS
last-modified
Sun, 03 Oct 2021 09:11:32 GMT
Server
cloudflare
etag
W/"615973c4-3985"
vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DBfpRj8wc%2FnfNwWPoTQAWW1qoGwWUCjtgQkQzYJp5WFurxMedQeuZEH4wdIX92BO94lrZ7nABYkJGubmLIi25o6aHaUEzuwnz8go2Y9mz%2BHW4QpjnA9wvbdTIOZGzbwiGSXhZQ9%2FXxKUjV0m50NyP4JE"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
cache-control
max-age=43200
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
6996b1ace94ac26d-FRA
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expires
Wed, 06 Oct 2021 00:36:10 GMT
js?id=G-S601SGFJW8
www.googletagmanager.com/gtag/
161 KB
60 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-S601SGFJW8
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e948617effd12fee3c86ee175575cd896d9072d32e1cd65bb4e96e81071ae986
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 12:36:10 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61007
x-xss-protection
0
expires
Tue, 05 Oct 2021 12:36:10 GMT
heada.jpg
1.bp.blogspot.com/-scdR4Ohx-kQ/YVlw7LazWLI/AAAAAAAAHeI/1MTK1Xfinh0B8jl0Rv0dO2hyhkp-A-5cQCLcBGAsYHQ/s16000/
7 KB
8 KB
Image
General
Full URL
https://1.bp.blogspot.com/-scdR4Ohx-kQ/YVlw7LazWLI/AAAAAAAAHeI/1MTK1Xfinh0B8jl0Rv0dO2hyhkp-A-5cQCLcBGAsYHQ/s16000/heada.jpg
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
54b05d89154d8b99ea0d701da0e94ff8a2c39901e0bb8ef11b6ea348c92d5848
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 10:52:31 GMT
x-content-type-options
nosniff
age
6219
content-disposition
inline;filename="heada.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7374
x-xss-protection
0
server
fife
etag
"v1de7"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Mon, 04 Oct 2021 13:29:57 GMT
headc.jpg
1.bp.blogspot.com/-wl4pBbioPNg/YVlw7H8QmCI/AAAAAAAAHeM/XUxDSmUl0eMSIKq6COFTcalNZTzxxv2fACLcBGAsYHQ/s16000/
3 KB
3 KB
Image
General
Full URL
https://1.bp.blogspot.com/-wl4pBbioPNg/YVlw7H8QmCI/AAAAAAAAHeM/XUxDSmUl0eMSIKq6COFTcalNZTzxxv2fACLcBGAsYHQ/s16000/headc.jpg
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
d477026493ddcc650ba4396e8870a2ed1a99f0576b5c760d6ab63ed499fcb8db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 10:52:31 GMT
x-content-type-options
nosniff
age
6219
content-disposition
inline;filename="headc.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3174
x-xss-protection
0
server
fife
etag
"v1de8"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Mon, 04 Oct 2021 13:29:57 GMT
Germany_outbox.png
1.bp.blogspot.com/-mhFwYo28B2Q/YKppmIsu7ZI/AAAAAAAABgQ/c7DWa0Yxwm49LJDcNEkzDr503wyn4hLtACLcBGAsYHQ/s16000/
44 KB
44 KB
Image
General
Full URL
https://1.bp.blogspot.com/-mhFwYo28B2Q/YKppmIsu7ZI/AAAAAAAABgQ/c7DWa0Yxwm49LJDcNEkzDr503wyn4hLtACLcBGAsYHQ/s16000/Germany_outbox.png
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
9b7f1ddc36af29778df73a309d2861822456de3eb416e6921a5c44e68435a42f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 10:57:11 GMT
x-content-type-options
nosniff
age
5939
content-disposition
inline;filename="Germany_outbox.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44729
x-xss-protection
0
server
fife
etag
"v605"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 28 Sep 2021 18:44:07 GMT
box1.png
1.bp.blogspot.com/-pKcRUiggM8s/YVHYR1C6HNI/AAAAAAAAGwU/Gmem66_hUi8f_mds3RIr0XJklPHkxeYlQCLcBGAsYHQ/s16000/
24 KB
24 KB
Image
General
Full URL
https://1.bp.blogspot.com/-pKcRUiggM8s/YVHYR1C6HNI/AAAAAAAAGwU/Gmem66_hUi8f_mds3RIr0XJklPHkxeYlQCLcBGAsYHQ/s16000/box1.png
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
9e7f5ad606cc04a7af4423f895ef1730b7e3a9ed30ff23fbee05864757dbed63
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 09:17:11 GMT
x-content-type-options
nosniff
age
11939
content-disposition
inline;filename="box1.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24453
x-xss-protection
0
server
fife
etag
"v1b0d"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 28 Sep 2021 15:28:31 GMT
box2.png
1.bp.blogspot.com/-2X87HwGbjlY/YVHYR79jdMI/AAAAAAAAGwM/vh5cXrLFxbciUFz5oCWE4GCJ2siXq_iFgCLcBGAsYHQ/s16000/
7 KB
7 KB
Image
General
Full URL
https://1.bp.blogspot.com/-2X87HwGbjlY/YVHYR79jdMI/AAAAAAAAGwM/vh5cXrLFxbciUFz5oCWE4GCJ2siXq_iFgCLcBGAsYHQ/s16000/box2.png
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
e9bde28dafe3b54cb3a018f567496dede8ad27a63330ce205ec67f2ad821f9de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 09:17:11 GMT
x-content-type-options
nosniff
age
11939
content-disposition
inline;filename="box2.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6781
x-xss-protection
0
server
fife
etag
"v1b0c"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 28 Sep 2021 15:28:31 GMT
Germany_inbox.png
1.bp.blogspot.com/-rJwuzcnw3VI/YKppmA0KHEI/AAAAAAAABgM/g534cHj8oxsuYau_w-e69RyO0APgsmLlwCLcBGAsYHQ/s16000/
14 KB
14 KB
Image
General
Full URL
https://1.bp.blogspot.com/-rJwuzcnw3VI/YKppmA0KHEI/AAAAAAAABgM/g534cHj8oxsuYau_w-e69RyO0APgsmLlwCLcBGAsYHQ/s16000/Germany_inbox.png
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
32bc695a4583118b2adca0fe87d1f4844905692f48f5f2a0eece23f205536e60
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 09:11:08 GMT
x-content-type-options
nosniff
age
12302
content-disposition
inline;filename="Germany_inbox.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14208
x-xss-protection
0
server
fife
etag
"v605"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sun, 03 Oct 2021 09:00:07 GMT
box3.png
1.bp.blogspot.com/-i5E2F8UZusY/YVHYS7CtPXI/AAAAAAAAGwY/Nhkv6B-UIHwjbaTnryjEmXOGuvl50j5twCLcBGAsYHQ/s16000/
27 KB
27 KB
Image
General
Full URL
https://1.bp.blogspot.com/-i5E2F8UZusY/YVHYS7CtPXI/AAAAAAAAGwY/Nhkv6B-UIHwjbaTnryjEmXOGuvl50j5twCLcBGAsYHQ/s16000/box3.png
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
1c0618fe0f6ff0e247f5b2b51e4fdf732ff6ac668acbd055385b38e34ba9c582
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 10:41:18 GMT
x-content-type-options
nosniff
age
6892
content-disposition
inline;filename="box3.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27784
x-xss-protection
0
server
fife
etag
"v1b0e"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 29 Sep 2021 16:20:52 GMT
responsive.js
benfly.net/js/
3 KB
3 KB
Script
General
Full URL
http://benfly.net/js/responsive.js
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
HTTP/1.1
Server
185.66.201.59 Komárno, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.201.59.skhosting.eu
Software
nginx /
Resource Hash
33c4330fe9075c0ad2a22971e7a9059642ef1e84b6e3fda9833fb7d0a6ef2cb8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 05 Oct 2021 12:36:10 GMT
Last-Modified
Mon, 02 Sep 2019 11:31:44 GMT
Server
nginx
ETag
"5d6cfda0-a8f"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2703
bnr.php?section=General&pub=593174&format=300x50&ga=g
uprimp.com/
372 B
626 B
Script
General
Full URL
https://uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.66.200.220 Komárno, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.200.220.skhosting.eu
Software
nginx /
Resource Hash
567d48027fe3eb83a0a26c5828f5865a4c1f1539a19c97564dc7f71471591346

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Oct 2021 12:36:10 GMT
last-modified
Tue, 05 Oct 2021 12:36:10 GMT
server
nginx
content-type
application/javascript
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-robots-tag
noindex, nofollow, noarchive, nosnippet
expires
Tue, 05 Oct 2021 12:36:10 GMT
144025101_240422051059131_6933435057865504424_n.jpg
1.bp.blogspot.com/-st_6mu4Bv6w/YU5QJgY2ZVI/AAAAAAAAGTg/tnTNtDUi7fUo6bSPmFujPJraLiJB5rCzQCLcBGAsYHQ/s16000/
52 KB
52 KB
Image
General
Full URL
https://1.bp.blogspot.com/-st_6mu4Bv6w/YU5QJgY2ZVI/AAAAAAAAGTg/tnTNtDUi7fUo6bSPmFujPJraLiJB5rCzQCLcBGAsYHQ/s16000/144025101_240422051059131_6933435057865504424_n.jpg
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
ead0412e88880594a3f439a782dcc92deea789229bc48439ae0d60d2942e69ed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 11:13:53 GMT
x-content-type-options
nosniff
age
4937
content-disposition
inline;filename="144025101_240422051059131_6933435057865504424_n.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
53510
x-xss-protection
0
server
fife
etag
"v193a"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sun, 03 Oct 2021 11:05:45 GMT
%25E6%259C%25AA%25E6%25A0%2587%25E9%25A2%2598-54.jpg
1.bp.blogspot.com/-EtHcsDrTP7c/YU5QJmnqrNI/AAAAAAAAGTk/p8tVSfVBtK4Bvf1-SkFvQLB2fMuYb3VMQCLcBGAsYHQ/s16000/
13 KB
13 KB
Image
General
Full URL
https://1.bp.blogspot.com/-EtHcsDrTP7c/YU5QJmnqrNI/AAAAAAAAGTk/p8tVSfVBtK4Bvf1-SkFvQLB2fMuYb3VMQCLcBGAsYHQ/s16000/%25E6%259C%25AA%25E6%25A0%2587%25E9%25A2%2598-54.jpg
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
1e35ba2879c851c474abba458e8c85f5df3fcc8ba4f22edf3c3f7e8175713b03
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 11:13:54 GMT
x-content-type-options
nosniff
age
4936
content-disposition
inline;filename="___-54.jpg";filename*=UTF-8''%E6%9C%AA%E6%A0%87%E9%A2%98-54.jpg
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12806
x-xss-protection
0
server
fife
etag
"v193b"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sun, 03 Oct 2021 11:05:45 GMT
157925570_133306992030166_7501703254048777350_n.jpg
1.bp.blogspot.com/-pv4tuM7MnBY/YSCKWJ--ufI/AAAAAAAADTo/Ru4bUnid5KEZ3KdQNOW8wsbqrRO6SdWPgCLcBGAsYHQ/s16000/
95 KB
95 KB
Image
General
Full URL
https://1.bp.blogspot.com/-pv4tuM7MnBY/YSCKWJ--ufI/AAAAAAAADTo/Ru4bUnid5KEZ3KdQNOW8wsbqrRO6SdWPgCLcBGAsYHQ/s16000/157925570_133306992030166_7501703254048777350_n.jpg
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
8ee8b5d151c98794ae76566762fc4e1bdc54b4fc22579dcdad9d6ffe301c5fb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 10:41:42 GMT
x-content-type-options
nosniff
age
6868
content-disposition
inline;filename="157925570_133306992030166_7501703254048777350_n.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
96909
x-xss-protection
0
server
fife
etag
"vd41"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Mon, 04 Oct 2021 10:38:31 GMT
%25E6%259C%25AA%25E6%25A0%2587%25E9%25A2%2598-21.jpg
1.bp.blogspot.com/-uYGMA4lSNQQ/YS-uP91DdBI/AAAAAAAAEUA/7MtEVPR8pnsHcaikfpq3JMfqDFa_G-ysACLcBGAsYHQ/s16000/
13 KB
13 KB
Image
General
Full URL
https://1.bp.blogspot.com/-uYGMA4lSNQQ/YS-uP91DdBI/AAAAAAAAEUA/7MtEVPR8pnsHcaikfpq3JMfqDFa_G-ysACLcBGAsYHQ/s16000/%25E6%259C%25AA%25E6%25A0%2587%25E9%25A2%2598-21.jpg
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
22bbb123e33577510c89f8fd3eedc60b849e94d27f866735515031384bb03fce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 08:43:10 GMT
x-content-type-options
nosniff
age
13980
content-disposition
inline;filename="___-21.jpg";filename*=UTF-8''%E6%9C%AA%E6%A0%87%E9%A2%98-21.jpg
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13360
x-xss-protection
0
server
fife
etag
"v1141"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 03 Sep 2021 04:50:21 GMT
%25E6%259C%25AA%25E6%25A0%2587%25E9%25A2%2598-6.jpg
1.bp.blogspot.com/-py8ukXSFhkQ/YS-uyyKX_vI/AAAAAAAAEUM/ZNEsiqPQLcEz1Mn8YbZLOJMCiBmc90rjACLcBGAsYHQ/s16000/
12 KB
12 KB
Image
General
Full URL
https://1.bp.blogspot.com/-py8ukXSFhkQ/YS-uyyKX_vI/AAAAAAAAEUM/ZNEsiqPQLcEz1Mn8YbZLOJMCiBmc90rjACLcBGAsYHQ/s16000/%25E6%259C%25AA%25E6%25A0%2587%25E9%25A2%2598-6.jpg
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
a43c142a8742dc4e53a686c1d119b2fd15d1a4a7c3479a2c24549b57f5e82923
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 10:35:37 GMT
x-content-type-options
nosniff
age
7233
content-disposition
inline;filename="___-6.jpg";filename*=UTF-8''%E6%9C%AA%E6%A0%87%E9%A2%98-6.jpg
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12500
x-xss-protection
0
server
fife
etag
"v1145"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 03 Sep 2021 04:50:21 GMT
%25E6%259C%25AA%25E6%25A0%2587%25E9%25A2%2598-35.jpg
1.bp.blogspot.com/-3GW7OoND79k/YS_R07VmieI/AAAAAAAAEV4/L9sZqO2vPm4xlW0ds1OwiVjy82Su-nTuACLcBGAsYHQ/s16000/
13 KB
13 KB
Image
General
Full URL
https://1.bp.blogspot.com/-3GW7OoND79k/YS_R07VmieI/AAAAAAAAEV4/L9sZqO2vPm4xlW0ds1OwiVjy82Su-nTuACLcBGAsYHQ/s16000/%25E6%259C%25AA%25E6%25A0%2587%25E9%25A2%2598-35.jpg
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
757c8f69b01b0f11e34537958416f365546307820afc6f07cd54e320f8371d13
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 10:35:37 GMT
x-content-type-options
nosniff
age
7233
content-disposition
inline;filename="___-35.jpg";filename*=UTF-8''%E6%9C%AA%E6%A0%87%E9%A2%98-35.jpg
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13476
x-xss-protection
0
server
fife
etag
"v1160"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Mon, 06 Sep 2021 06:58:18 GMT
73145902_2471275462968172_8186584815844196352_n.jpg
1.bp.blogspot.com/-YZg5N4z01FI/YS_R9ZeLYyI/AAAAAAAAEV8/LIV5h9lkrLwKTQ2abiBr1XxMNjxGybzPwCLcBGAsYHQ/s16000/
283 KB
284 KB
Image
General
Full URL
https://1.bp.blogspot.com/-YZg5N4z01FI/YS_R9ZeLYyI/AAAAAAAAEV8/LIV5h9lkrLwKTQ2abiBr1XxMNjxGybzPwCLcBGAsYHQ/s16000/73145902_2471275462968172_8186584815844196352_n.jpg
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3246b908724cc3d632f26006e22842dab596bdaeb5b2e43b9fd684ed028d79df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 10:35:37 GMT
x-content-type-options
nosniff
age
7233
content-disposition
inline;filename="73145902_2471275462968172_8186584815844196352_n.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290194
x-xss-protection
0
server
fife
etag
"v1161"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 08 Sep 2021 04:36:08 GMT
%25E6%259C%25AA%25E6%25A0%2587%25E9%25A2%2598-37.jpg
1.bp.blogspot.com/-L-WTWcevHOo/YS-vEiue0UI/AAAAAAAAEUY/OnO1ZGd1cT0Z3JwAP4drXSdVpKBIkWhJgCLcBGAsYHQ/s16000/
15 KB
15 KB
Image
General
Full URL
https://1.bp.blogspot.com/-L-WTWcevHOo/YS-vEiue0UI/AAAAAAAAEUY/OnO1ZGd1cT0Z3JwAP4drXSdVpKBIkWhJgCLcBGAsYHQ/s16000/%25E6%259C%25AA%25E6%25A0%2587%25E9%25A2%2598-37.jpg
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
56cb4d8b5c4235fc82e55fb81a36f2ff43994d671182c507443dfa762862aee3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 10:35:37 GMT
x-content-type-options
nosniff
age
7233
content-disposition
inline;filename="___-37.jpg";filename*=UTF-8''%E6%9C%AA%E6%A0%87%E9%A2%98-37.jpg
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14877
x-xss-protection
0
server
fife
etag
"v1147"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 08 Sep 2021 04:36:08 GMT
1.jpg
1.bp.blogspot.com/-A9gGeBaBT1k/YFmmMrDxvOI/AAAAAAAAAO0/ZcHE42CBSowoemyMNsFglLyGhZIu6k9VQCLcBGAsYHQ/s0/
3 KB
3 KB
Image
General
Full URL
https://1.bp.blogspot.com/-A9gGeBaBT1k/YFmmMrDxvOI/AAAAAAAAAO0/ZcHE42CBSowoemyMNsFglLyGhZIu6k9VQCLcBGAsYHQ/s0/1.jpg
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
73be4e3bf11051d3a78c0e5cadaa1736e64f3432a471665c8d05cf2b7fdbc4e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 09:47:32 GMT
x-content-type-options
nosniff
age
10118
content-disposition
inline;filename="1.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3123
x-xss-protection
0
server
fife
etag
"vf4"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Mon, 06 Sep 2021 17:33:01 GMT
95780600_10219162238700613_1893331732808073216_n.jpg
1.bp.blogspot.com/-fkTPTdm8jCg/YS_SQHRP5OI/AAAAAAAAEWI/kj3WQn3xHFcpNRvNI-DzBxJyChsiaB-GQCLcBGAsYHQ/s16000/
102 KB
102 KB
Image
General
Full URL
https://1.bp.blogspot.com/-fkTPTdm8jCg/YS_SQHRP5OI/AAAAAAAAEWI/kj3WQn3xHFcpNRvNI-DzBxJyChsiaB-GQCLcBGAsYHQ/s16000/95780600_10219162238700613_1893331732808073216_n.jpg
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
edbc9620cec592b5cc3cbedfcd476592d3f21e90756ffdf972e3ce5a3c867f01
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 10:35:37 GMT
x-content-type-options
nosniff
age
7233
content-disposition
inline;filename="95780600_10219162238700613_1893331732808073216_n.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
104483
x-xss-protection
0
server
fife
etag
"v1163"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 17 Sep 2021 11:26:36 GMT
collect?v=2&tid=G-S601SGFJW8&gtm=2oe9r0&_p=1818685820&sr=1600x1200&ul=en-us&cid=472270463.1633437371&_s=1&dl=http%3A%2F%2Fuctvxyyhzan8epd.bar%2FKxAorHWi%2FKhartoum-wa%2F%3F_t%3D1633437370gil&dr=htt...
www.google-analytics.com/g/
0
371 B
Ping
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-S601SGFJW8&gtm=2oe9r0&_p=1818685820&sr=1600x1200&ul=en-us&cid=472270463.1633437371&_s=1&dl=http%3A%2F%2Fuctvxyyhzan8epd.bar%2FKxAorHWi%2FKhartoum-wa%2F%3F_t%3D1633437370gil&dr=http%3A%2F%2Fcupboardseed.top%2F&dt=%F0%9F%8E%89110-j%C3%A4hriges%20Jubil%C3%A4um%20der%20Bank%20of%20Khartoum!%F0%9F%8E%8A&sid=1633437370&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S601SGFJW8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://uctvxyyhzan8epd.bar/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 05 Oct 2021 12:36:10 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://uctvxyyhzan8epd.bar
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
a?id=G-S601SGFJW8&cv=1&v=3&t=t&pid=1843392360&rv=9r0&es=1&e=gtm.init_consent&eid=1&ut=C&tc=16&z=0
www.googletagmanager.com/
0
128 B
Image
General
Full URL
https://www.googletagmanager.com/a?id=G-S601SGFJW8&cv=1&v=3&t=t&pid=1843392360&rv=9r0&es=1&e=gtm.init_consent&eid=1&ut=C&tc=16&z=0
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Oct 2021 12:36:10 GMT
server
Google Tag Manager
vary
*
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
a?id=G-S601SGFJW8&cv=1&v=3&t=t&pid=1843392360&rv=9r0&es=1&e=gtm.init&eid=2&ut=C&tc=16&tr=1setproductsettings.1ogteventsettings.1ogtgooglesignals&ti=2setproductsettings.2ogteventsettings.2ogtgoogles...
www.googletagmanager.com/
0
54 B
Image
General
Full URL
https://www.googletagmanager.com/a?id=G-S601SGFJW8&cv=1&v=3&t=t&pid=1843392360&rv=9r0&es=1&e=gtm.init&eid=2&ut=C&tc=16&tr=1setproductsettings.1ogteventsettings.1ogtgooglesignals&ti=2setproductsettings.2ogteventsettings.2ogtgooglesignals&z=0
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Oct 2021 12:36:10 GMT
server
Google Tag Manager
vary
*
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
a?id=G-S601SGFJW8&cv=1&v=3&t=t&pid=1843392360&rv=9r0&es=1&e=gtm.js&eid=3&ut=C&tc=16&tr=1gct.1lcl.1lcl.1ehl&epr=1G.2G&ti=1gct.1lcl.1lcl.1ehl&z=0
www.googletagmanager.com/
0
45 B
Image
General
Full URL
https://www.googletagmanager.com/a?id=G-S601SGFJW8&cv=1&v=3&t=t&pid=1843392360&rv=9r0&es=1&e=gtm.js&eid=3&ut=C&tc=16&tr=1gct.1lcl.1lcl.1ehl&epr=1G.2G&ti=1gct.1lcl.1lcl.1ehl&z=0
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Oct 2021 12:36:10 GMT
server
Google Tag Manager
vary
*
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
a?id=G-S601SGFJW8&cv=1&v=3&t=t&pid=1843392360&rv=9r0&e=gtm.init&eid=2&ut=C&tc=16&tr=5setproductsettings.5ogteventsettings.5ogtgooglesignals&ti=2setproductsettings.2ogteventsettings.2ogtgooglesignal...
www.googletagmanager.com/
0
54 B
Image
General
Full URL
https://www.googletagmanager.com/a?id=G-S601SGFJW8&cv=1&v=3&t=t&pid=1843392360&rv=9r0&e=gtm.init&eid=2&ut=C&tc=16&tr=5setproductsettings.5ogteventsettings.5ogtgooglesignals&ti=2setproductsettings.2ogteventsettings.2ogtgooglesignals&z=0
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Oct 2021 12:36:10 GMT
server
Google Tag Manager
vary
*
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=163343737097135&xtt=33448
uprimp.com/ Frame 1B02
0
255 B
Document
General
Full URL
https://uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=163343737097135&xtt=33448
Requested by
Host: uprimp.com
URL: https://uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.66.200.220 Komárno, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.200.220.skhosting.eu
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method
GET
:authority
uprimp.com
:scheme
https
:path
/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=163343737097135&xtt=33448
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://uctvxyyhzan8epd.bar/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/

Response headers

server
nginx
date
Tue, 05 Oct 2021 12:36:10 GMT
content-type
text/html; charset=UTF-8
expires
Tue, 05 Oct 2021 12:36:10 GMT
last-modified
Tue, 05 Oct 2021 12:36:10 GMT
cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
pragma
no-cache
x-robots-tag
noindex, nofollow, noarchive, nosnippet
yuming.js?1633437370599&_=1633437370453
uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/
279 B
964 B
XHR
General
Full URL
http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/yuming.js?1633437370599&_=1633437370453
Requested by
Host: cdn.jsdelivr.cc
URL: https://cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
Protocol
HTTP/1.1
Server
2606:4700:3037::ac43:94c6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9be19f597ff7fae6f2d86fc23f6c0381ad08c6c11169a57a4ceb958af04124bb

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
uctvxyyhzan8epd.bar
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Cache-Control
no-cache
X-Requested-With
XMLHttpRequest
Cookie
_ga_S601SGFJW8=GS1.1.1633437370.1.0.1633437370.0; _ga=GA1.1.472270463.1633437371
Connection
keep-alive
Referer
http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 05 Oct 2021 12:36:10 GMT
Content-Encoding
gzip
CF-Cache-Status
MISS
last-modified
Sun, 03 Oct 2021 09:11:32 GMT
Server
cloudflare
etag
W/"615973c4-117"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=18EQvskgDzSVfv1ghSNYAnuwGE%2BdNqZSOigSaZoptX2RpnMmv64kTegF8J41V0X0YtceLkuTiyZtrx5%2B%2F6c4EO2kgo2Wy7e%2FYXlgIRMWRleZU18LF5FwvDjXJBqBssc2NQle6aITy%2BNMpgbDcLeRxMOS"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
cache-control
max-age=43200
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
6996b1ae4af1c26d-FRA
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expires
Wed, 06 Oct 2021 00:36:10 GMT
hm.js?bbb5031b3fc978f413afd121951840e6
hm.baidu.com/
42 KB
15 KB
Script
General
Full URL
https://hm.baidu.com/hm.js?bbb5031b3fc978f413afd121951840e6
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
8edba5fb2cd40c9f16f9eb31a3711d05408e83d2e690abe2a950d3645bb1cc85
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 05 Oct 2021 12:36:11 GMT
Content-Encoding
gzip
Server
apache
Etag
f333df63b9f97c10ac09ac22e8521937
Strict-Transport-Security
max-age=172800
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control
max-age=0, must-revalidate
Content-Type
application/javascript
Content-Length
15043
hm.js?362571d334dfe4bbda42380c64db58ac
hm.baidu.com/
42 KB
15 KB
Script
General
Full URL
https://hm.baidu.com/hm.js?362571d334dfe4bbda42380c64db58ac
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
72955bf61f0362b5125cd7ba4497708c8dddf00587dd71336ce9081f67247e7d
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 05 Oct 2021 12:36:11 GMT
Content-Encoding
gzip
Server
apache
Etag
1af62c0804fdfdf3482747145651e8c7
Strict-Transport-Security
max-age=172800
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control
max-age=0, must-revalidate
Content-Type
application/javascript
Content-Length
15032
hm.js?bbb3e86814c9ceef66d180a6c15fa17d
hm.baidu.com/
42 KB
15 KB
Script
General
Full URL
https://hm.baidu.com/hm.js?bbb3e86814c9ceef66d180a6c15fa17d
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
7d0668c9f064b1df0272ef97e7b0408308db1e919eca9803e6045064b1276fba
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 05 Oct 2021 12:36:11 GMT
Content-Encoding
gzip
Server
apache
Etag
3ae656ad26e132141c3479df54dd8411
Strict-Transport-Security
max-age=172800
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control
max-age=0, must-revalidate
Content-Type
application/javascript
Content-Length
15040
a?id=G-S601SGFJW8&cv=1&v=3&t=t&pid=1843392360&rv=9r0&e=gtm.js&eid=3&ut=C&tc=16&tr=5gct.5lcl.5lcl.5ehl&ti=1gct.1lcl.1lcl.1ehl&z=0
www.googletagmanager.com/
0
54 B
Image
General
Full URL
https://www.googletagmanager.com/a?id=G-S601SGFJW8&cv=1&v=3&t=t&pid=1843392360&rv=9r0&e=gtm.js&eid=3&ut=C&tc=16&tr=5gct.5lcl.5lcl.5ehl&ti=1gct.1lcl.1lcl.1ehl&z=0
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Oct 2021 12:36:10 GMT
server
Google Tag Manager
vary
*
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tb55.php?c=Khartoum-wa&np=Advertisement&_=1633437370454
uctvxyyhzan8epd.bar/KxAorHWi/j/
210 B
824 B
XHR
General
Full URL
http://uctvxyyhzan8epd.bar/KxAorHWi/j/tb55.php?c=Khartoum-wa&np=Advertisement&_=1633437370454
Requested by
Host: cdn.jsdelivr.cc
URL: https://cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
Protocol
HTTP/1.1
Server
2606:4700:3037::ac43:94c6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91fc494492942a2fa132ebea192a6688241facafc4f130049aed4a7c22d0ac9e

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
uctvxyyhzan8epd.bar
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Cache-Control
no-cache
X-Requested-With
XMLHttpRequest
Cookie
_ga_S601SGFJW8=GS1.1.1633437370.1.0.1633437370.0; _ga=GA1.1.472270463.1633437371
Connection
keep-alive
Referer
http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 05 Oct 2021 12:36:10 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=20QjnGVOkfQ6toK3y11qSAmepd5yYO0QLTdFxv809bOL43GF2pILiY%2BGb6E9UvcJrfWG1nk4dR9NHmdwFmVI%2FKATKPILYvo09P5NfIKwhWdQLs4Oou1JoG2BLmHYE2kmSnkwZ%2FVnGKXDz0GxBmqgaukc"}],"group":"cf-nel","max_age":604800}
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
6996b1ae9b64c26d-FRA
hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=1464266358&si=bbb5031b3fc978f413afd121951840e6&su=http%3A%2F%2Fcupboardseed.top%2F&v=1.2.85&lv=1&sn=43032&r=0&ww=1600&ct=...
hm.baidu.com/
43 B
299 B
Image
General
Full URL
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=1464266358&si=bbb5031b3fc978f413afd121951840e6&su=http%3A%2F%2Fcupboardseed.top%2F&v=1.2.85&lv=1&sn=43032&r=0&ww=1600&ct=!!&u=http%3A%2F%2Fuctvxyyhzan8epd.bar%2FKxAorHWi%2FKhartoum-wa%2F%3F_t%3D1633437370gil%231633437371107&tt=%F0%9F%8E%89110-j%C3%A4hriges%20Jubil%C3%A4um%20der%20Bank%20of%20Khartoum!%F0%9F%8E%8A
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 05 Oct 2021 12:36:12 GMT
X-Content-Type-Options
nosniff
Server
apache
Strict-Transport-Security
max-age=172800
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43
a?id=G-S601SGFJW8&cv=1&v=3&t=t&pid=1843392360&rv=9r0&es=1&e=gtm.historyChange-v2&eid=6&u=C&ut=C&tc=16&z=0
www.googletagmanager.com/
0
54 B
Image
General
Full URL
https://www.googletagmanager.com/a?id=G-S601SGFJW8&cv=1&v=3&t=t&pid=1843392360&rv=9r0&es=1&e=gtm.historyChange-v2&eid=6&u=C&ut=C&tc=16&z=0
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Oct 2021 12:36:12 GMT
server
Google Tag Manager
vary
*
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=1825571225&si=362571d334dfe4bbda42380c64db58ac&su=http%3A%2F%2Fcupboardseed.top%2F&v=1.2.85&lv=1&sn=43033&r=0&ww=1600&ct=...
hm.baidu.com/
43 B
299 B
Image
General
Full URL
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=1825571225&si=362571d334dfe4bbda42380c64db58ac&su=http%3A%2F%2Fcupboardseed.top%2F&v=1.2.85&lv=1&sn=43033&r=0&ww=1600&ct=!!&u=http%3A%2F%2Fuctvxyyhzan8epd.bar%2FKxAorHWi%2FKhartoum-wa%2F%3F_t%3D1633437370gil%231633437371107&tt=%F0%9F%8E%89110-j%C3%A4hriges%20Jubil%C3%A4um%20der%20Bank%20of%20Khartoum!%F0%9F%8E%8A
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 05 Oct 2021 12:36:12 GMT
X-Content-Type-Options
nosniff
Server
apache
Strict-Transport-Security
max-age=172800
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43
hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=684153483&si=bbb3e86814c9ceef66d180a6c15fa17d&su=http%3A%2F%2Fcupboardseed.top%2F&v=1.2.85&lv=1&sn=43033&r=0&ww=1600&ct=!...
hm.baidu.com/
43 B
299 B
Image
General
Full URL
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=684153483&si=bbb3e86814c9ceef66d180a6c15fa17d&su=http%3A%2F%2Fcupboardseed.top%2F&v=1.2.85&lv=1&sn=43033&r=0&ww=1600&ct=!!&u=http%3A%2F%2Fuctvxyyhzan8epd.bar%2FKxAorHWi%2FKhartoum-wa%2F%3F_t%3D1633437370gil%231633437371107&tt=%F0%9F%8E%89110-j%C3%A4hriges%20Jubil%C3%A4um%20der%20Bank%20of%20Khartoum!%F0%9F%8E%8A
Requested by
Host: uctvxyyhzan8epd.bar
URL: http://uctvxyyhzan8epd.bar/KxAorHWi/Khartoum-wa/?_t=1633437370gil
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 05 Oct 2021 12:36:12 GMT
X-Content-Type-Options
nosniff
Server
apache
Strict-Transport-Security
max-age=172800
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43
Cookie set ?placementName=default&randomA=0_7506&maxw=0
benfly.net//4fe48aebd6/4f59451604/ Frame 8069
25 KB
5 KB
Document
General
Full URL
http://benfly.net//4fe48aebd6/4f59451604/?placementName=default&randomA=0_7506&maxw=0
Requested by
Host: benfly.net
URL: http://benfly.net/js/responsive.js
Protocol
HTTP/1.1
Server
185.66.201.59 Komárno, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.201.59.skhosting.eu
Software
nginx /
Resource Hash
d4587e3a24c739e3e9d415363d979f45e4e8efdd6ad5ee22ab74adef9637302d

Request headers

Host
benfly.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/

Response headers

Server
nginx
Date
Tue, 05 Oct 2021 12:36:13 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
shown1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; secure; SameSite=None used_ad2548304=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; SameSite=None total_impressions=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; secure; SameSite=None
Expires
Sun, 01 Jan 2014 00:00:00 GMT
Cache-Control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
Pragma
no-cache
X-Robots-Tag
noindex,nofollow
Access-Control-Allow-Origin
*
Content-Encoding
gzip
a?id=G-S601SGFJW8&cv=1&v=3&t=t&pid=1843392360&rv=9r0&es=1&e=gtm.load&eid=7&u=C&ut=C&tc=16&tr=1sdl.5sdl&ti=1sdl.1sdl&z=0
www.googletagmanager.com/
0
54 B
Image
General
Full URL
https://www.googletagmanager.com/a?id=G-S601SGFJW8&cv=1&v=3&t=t&pid=1843392360&rv=9r0&es=1&e=gtm.load&eid=7&u=C&ut=C&tc=16&tr=1sdl.5sdl&ti=1sdl.1sdl&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://uctvxyyhzan8epd.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Oct 2021 12:36:13 GMT
server
Google Tag Manager
vary
*
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

88 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery object| bootstrap function| Sweetalert2 function| SweetAlert function| Swal function| sweetAlert function| swal object| _0x57c5 function| _0x5233 function| _0x2060cc function| lazyload function| LazyLoad function| Popper function| gtag object| dataLayer string| brand_country object| dayNames object| monthNames string| minutos_y string| segundos object| modalOptions number| g_share_step boolean| g_banner_ad number| g_share_type number| type_op number| cl number| p_e number| p_s object| all_p_e function| stepfinal function| goToUrlFinish function| getBrowser function| getPlatform function| set_Cookie function| get_Cookie function| move boolean| box_ini number| count number| windraw number| intentos boolean| puedo object| boxRoot number| datetime function| swal_box number| maxParticleCount number| particleSpeed function| startConfetti function| stopConfetti function| toggleConfetti function| removeConfetti object| google_tag_manager object| google_tag_data object| gaGlobal function| ReplaceWithPolyfill string| randaffilistX45 number| qs number| share_number function| showShare function| continueBtn function| swalert function| shareOkBtn function| shareBtn function| getVcode function| wxalert function| hh1 function| jp function| fh object| _hmt function| onYouTubeIframeAPIReady object| paths string| project string| np object| nptimes string| Ads string| Web string| j string| j2 boolean| _bdhm_loaded_bbb5031b3fc978f413afd121951840e6 object| mini_tangram_log_x3m3i8 boolean| _bdhm_loaded_362571d334dfe4bbda42380c64db58ac object| mini_tangram_log_h2ywk boolean| _bdhm_loaded_bbb3e86814c9ceef66d180a6c15fa17d object| mini_tangram_log_pt2oyw

9 Cookies

Domain/Path Name / Value
.uctvxyyhzan8epd.bar/ Name: _ga_S601SGFJW8
Value: GS1.1.1633437370.1.0.1633437370.0
.uctvxyyhzan8epd.bar/ Name: _ga
Value: GA1.1.472270463.1633437371
.hm.baidu.com/ Name: HMACCOUNT_BFESS
Value: 5B3F1D96FA3D4B09
.uctvxyyhzan8epd.bar/ Name: Hm_lvt_bbb5031b3fc978f413afd121951840e6
Value: 1633437372
.uctvxyyhzan8epd.bar/ Name: Hm_lpvt_bbb5031b3fc978f413afd121951840e6
Value: 1633437372
.uctvxyyhzan8epd.bar/ Name: Hm_lvt_362571d334dfe4bbda42380c64db58ac
Value: 1633437373
.uctvxyyhzan8epd.bar/ Name: Hm_lpvt_362571d334dfe4bbda42380c64db58ac
Value: 1633437373
.uctvxyyhzan8epd.bar/ Name: Hm_lvt_bbb3e86814c9ceef66d180a6c15fa17d
Value: 1633437373
.uctvxyyhzan8epd.bar/ Name: Hm_lpvt_bbb3e86814c9ceef66d180a6c15fa17d
Value: 1633437373

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
benfly.net
cdn.jsdelivr.cc
cupboardseed.top
hm.baidu.com
uctvxyyhzan8epd.bar
uprimp.com
www.google-analytics.com
www.googletagmanager.com
103.235.46.191
185.66.200.220
185.66.201.59
2606:4700:3030::6815:d63
2606:4700:3037::ac43:9161
2606:4700:3037::ac43:94c6
2a00:1450:4001:803::200e
2a00:1450:4001:812::2008
2a00:1450:4001:82f::2001
0b7274b0b5b7f411de46416a6c9941062f7a57aaf919fdeda367b5959f4ce8ef
17c692cd404ceaf6a7481223ba03c8724c5873dc8de72212523ffc3f9a83c240
1c0618fe0f6ff0e247f5b2b51e4fdf732ff6ac668acbd055385b38e34ba9c582
1e35ba2879c851c474abba458e8c85f5df3fcc8ba4f22edf3c3f7e8175713b03
22bbb123e33577510c89f8fd3eedc60b849e94d27f866735515031384bb03fce
3246b908724cc3d632f26006e22842dab596bdaeb5b2e43b9fd684ed028d79df
32bc695a4583118b2adca0fe87d1f4844905692f48f5f2a0eece23f205536e60
33c4330fe9075c0ad2a22971e7a9059642ef1e84b6e3fda9833fb7d0a6ef2cb8
43de71aaacabf6d792e522d1afd8026b5d98edf07f2406d4ca84363f524930ae
54b05d89154d8b99ea0d701da0e94ff8a2c39901e0bb8ef11b6ea348c92d5848
567d48027fe3eb83a0a26c5828f5865a4c1f1539a19c97564dc7f71471591346
56cb4d8b5c4235fc82e55fb81a36f2ff43994d671182c507443dfa762862aee3
72955bf61f0362b5125cd7ba4497708c8dddf00587dd71336ce9081f67247e7d
73be4e3bf11051d3a78c0e5cadaa1736e64f3432a471665c8d05cf2b7fdbc4e4
757c8f69b01b0f11e34537958416f365546307820afc6f07cd54e320f8371d13
7d0668c9f064b1df0272ef97e7b0408308db1e919eca9803e6045064b1276fba
7d7a9043f4bed303fe2974ac4e3ba10d6b214e70f7ae549786ba2d347de05f81
8edba5fb2cd40c9f16f9eb31a3711d05408e83d2e690abe2a950d3645bb1cc85
8ee8b5d151c98794ae76566762fc4e1bdc54b4fc22579dcdad9d6ffe301c5fb9
91fc494492942a2fa132ebea192a6688241facafc4f130049aed4a7c22d0ac9e
9b7f1ddc36af29778df73a309d2861822456de3eb416e6921a5c44e68435a42f
9be19f597ff7fae6f2d86fc23f6c0381ad08c6c11169a57a4ceb958af04124bb
9e7f5ad606cc04a7af4423f895ef1730b7e3a9ed30ff23fbee05864757dbed63
a43c142a8742dc4e53a686c1d119b2fd15d1a4a7c3479a2c24549b57f5e82923
a4555d8dee9f8adc976e84a97dfe87e6bf5794b579f49bb56f133fed85f7d709
b219e4cd8f8f9216f159285019be30d6bfe475d92ca30b3561551aaa2174751d
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d4587e3a24c739e3e9d415363d979f45e4e8efdd6ad5ee22ab74adef9637302d
d477026493ddcc650ba4396e8870a2ed1a99f0576b5c760d6ab63ed499fcb8db
e290dc4993b9ae7d34440db26be412b4bc4547a48ff635750d400164665d7fa6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e948617effd12fee3c86ee175575cd896d9072d32e1cd65bb4e96e81071ae986
e9bde28dafe3b54cb3a018f567496dede8ad27a63330ce205ec67f2ad821f9de
ead0412e88880594a3f439a782dcc92deea789229bc48439ae0d60d2942e69ed
edbc9620cec592b5cc3cbedfcd476592d3f21e90756ffdf972e3ce5a3c867f01
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127