urlscan.io logo urlscan.io
SecurityTrails logo

42ac707edc.news-xonuna.cc Open in urlscan Pro
23.158.56.201  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://marsider.fun/nt4rkznz?cost=%7Bcost%7D&currency=%7Bcurrency%7D&external_id=$%7Bsubid%7D&source=%7Bzoneid%7D&co...
Effective URL: https://42ac707edc.news-xonuna.cc/?i=2&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Submission: On April 25 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 3 countries across 11 domains to perform 40 HTTP transactions. The main IP is 23.158.56.201, located in Frankfurt am Main, Germany and belongs to AS-GLOBALTELEHOST, US. The main domain is 42ac707edc.news-xonuna.cc.
TLS certificate: Issued by R3 on April 23rd 2024. Valid for: 3 months.
This is the only time 42ac707edc.news-xonuna.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 7 23.158.56.201 63023 (AS-GLOBAL...)
7 193.108.118.16 63023 (AS-GLOBAL...)
3 2a00:1450:400... 15169 (GOOGLE)
1 95.216.46.99 24940 (HETZNER-AS)
12 2a00:1450:400... 15169 (GOOGLE)
1 2 5.9.65.244 24940 (HETZNER-AS)
7 136.243.42.50 24940 (HETZNER-AS)
1 138.201.81.123 24940 (HETZNER-AS)
1 1 2a02:b48:207:... 39572 (ADVANCEDH...)
1 45.133.44.33 39572 (ADVANCEDH...)
40 10
1    2606:4700:3035::6815:3635 (United States)

ASN13335 (CLOUDFLARENET, US)
marsider.fun
7    23.158.56.201 (Frankfurt am Main, Germany)

ASN63023 (AS-GLOBALTELEHOST, US)
PTR: 201-56-158-23.clients.gthost.com
news-dunoyu.cc
42ac707edc.news-xonuna.cc
7    193.108.118.16 (Frankfurt am Main, Germany)

ASN63023 (AS-GLOBALTELEHOST, US)
PTR: 16-118-108-193.clients.gthost.com
news-geroju.cc
3    2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    95.216.46.99 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: revopush-show-73.t.push.house
show.revopush.com
12    2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    5.9.65.244 (Giessen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: push-house-cdn-207.t.push.house
img.cdn.house
7    136.243.42.50 (Berlin, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.50.42.243.136.clients.your-server.de
4285d4c3ab.news-nowazi.cc
1    138.201.81.123 (Mannheim, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: revopush-show-87.t.push.house
show.revopush.com
1    2a02:b48:207:1::6 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
jythnv.xyz
1    45.133.44.33 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
i.wmgtr.com
Apex Domain
Subdomains		 Transfer
12 gstatic.com
fonts.gstatic.com
152 KB
7 news-nowazi.cc
4285d4c3ab.news-nowazi.cc
185 KB
7 news-geroju.cc
news-geroju.cc
168 KB
6 news-xonuna.cc
42ac707edc.news-xonuna.cc
185 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
4 KB
2 cdn.house
img.cdn.house — Cisco Umbrella Rank: 12810
5 KB
2 revopush.com
show.revopush.com — Cisco Umbrella Rank: 19472
2 KB
1 wmgtr.com
i.wmgtr.com — Cisco Umbrella Rank: 25080
28 KB
1 jythnv.xyz
jythnv.xyz
137 B
1 news-dunoyu.cc
news-dunoyu.cc
146 B
1 marsider.fun
marsider.fun
899 B
40 11
Domain Requested by
12 fonts.gstatic.com fonts.googleapis.com
7 4285d4c3ab.news-nowazi.cc news-geroju.cc
4285d4c3ab.news-nowazi.cc
7 news-geroju.cc news-geroju.cc
6 42ac707edc.news-xonuna.cc 4285d4c3ab.news-nowazi.cc
42ac707edc.news-xonuna.cc
3 fonts.googleapis.com news-geroju.cc
4285d4c3ab.news-nowazi.cc
42ac707edc.news-xonuna.cc
2 img.cdn.house 1 redirects
2 show.revopush.com news-geroju.cc
4285d4c3ab.news-nowazi.cc
42ac707edc.news-xonuna.cc
1 i.wmgtr.com
1 jythnv.xyz 1 redirects
1 news-dunoyu.cc 1 redirects
1 marsider.fun 1 redirects
40 11

This site contains no links.

Subject Issuer Validity Valid
*.news-geroju.cc
R3		 2024-04-23 -
2024-07-22		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-04-08 -
2024-07-01		 3 months crt.sh
show.revopush.com
Go Daddy Secure Certificate Authority - G2		 2024-03-22 -
2025-03-22		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2024-04-08 -
2024-07-01		 3 months crt.sh
img.cdn.house
R3		 2024-03-21 -
2024-06-19		 3 months crt.sh
*.news-nowazi.cc
R3		 2024-04-23 -
2024-07-22		 3 months crt.sh
*.news-xonuna.cc
R3		 2024-04-23 -
2024-07-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://42ac707edc.news-xonuna.cc/?i=2&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Frame ID: 921E4DA1CFB9397E79DA6BBF44CB0700
Requests: 40 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Нажмите разрешить для получения доступа

Page URL History Show full URLs

  1. http://marsider.fun/nt4rkznz?cost=%7Bcost%7D&currency=%7Bcurrency%7D&external_id=$%7Bsubid%7D&so... HTTP 307
    https://marsider.fun/nt4rkznz?cost=%7Bcost%7D&currency=%7Bcurrency%7D&external_id=$%7Bsubid%7D&so... HTTP 302
    https://news-dunoyu.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4 HTTP 307
    https://news-geroju.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4 Page URL
  2. https://4285d4c3ab.news-nowazi.cc/?i=1&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4 Page URL
  3. https://42ac707edc.news-xonuna.cc/?i=2&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4 Page URL

Page Statistics

40
Requests

95 %
HTTPS

36 %
IPv6

11
Domains

11
Subdomains

10
IPs

3
Countries

729 kB
Transfer

797 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://marsider.fun/nt4rkznz?cost=%7Bcost%7D&currency=%7Bcurrency%7D&external_id=$%7Bsubid%7D&source=%7Bzoneid%7D&cohort=%7Bcohort%7D&pn_type=%7Bpn_type%7D HTTP 307
    https://marsider.fun/nt4rkznz?cost=%7Bcost%7D&currency=%7Bcurrency%7D&external_id=$%7Bsubid%7D&source=%7Bzoneid%7D&cohort=%7Bcohort%7D&pn_type=%7Bpn_type%7D HTTP 302
    https://news-dunoyu.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4 HTTP 307
    https://news-geroju.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4 Page URL
  2. https://4285d4c3ab.news-nowazi.cc/?i=1&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4 Page URL
  3. https://42ac707edc.news-xonuna.cc/?i=2&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://marsider.fun/nt4rkznz?cost=%7Bcost%7D&currency=%7Bcurrency%7D&external_id=$%7Bsubid%7D&source=%7Bzoneid%7D&cohort=%7Bcohort%7D&pn_type=%7Bpn_type%7D HTTP 307
  • https://marsider.fun/nt4rkznz?cost=%7Bcost%7D&currency=%7Bcurrency%7D&external_id=$%7Bsubid%7D&source=%7Bzoneid%7D&cohort=%7Bcohort%7D&pn_type=%7Bpn_type%7D HTTP 302
  • https://news-dunoyu.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4 HTTP 307
  • https://news-geroju.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Request Chain 26
  • https://img.cdn.house/i/1/bFmB9YqbUkTtUy66YBfHHBicWCfn02qZJo94zSDoV9OAbHxeWlC8OiogtHaTZjFAKNGDcg47o1d8usu2n0E5_J8TQ3r5vyMFItq7zEkUp1TXYc3l_kQA093H_Oe1-tFcz8G75RmG5gpd2_PBTnhqmM09zvYbdKgwLqMpp7XM4Yr-2aLXHpFQ1e5XeO9CCG3mWOTaaGOPX6pofnlDZkNWzSDvtmorJo3cZSQq7O011latQ_fiENzBtWwl7Wr2s1T05aHbuRV1Mey4lVnaX3VNsUNtJs5C4IE9bL1tedpqX_KVNj6U0lzufzvtJbY5eYqveCf8 HTTP 307
  • https://jythnv.xyz/dsp/ph/icm?aid=8630346051814573282&mid=0&sid=992&t=1714079554&subid=8065022 HTTP 302
  • https://i.wmgtr.com/cic/_F_oKtsSfl2JoVvYpP6iZx1D1K6EwOID.png

40 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
news-geroju.cc/
Redirect Chain
  • http://marsider.fun/nt4rkznz?cost=%7Bcost%7D&currency=%7Bcurrency%7D&external_id=$%7Bsubid%7D&source=%7Bzoneid%7D&cohort=%7Bcohort%7D&pn_type=%7Bpn_type%7D
  • https://marsider.fun/nt4rkznz?cost=%7Bcost%7D&currency=%7Bcurrency%7D&external_id=$%7Bsubid%7D&source=%7Bzoneid%7D&cohort=%7Bcohort%7D&pn_type=%7Bpn_type%7D
  • https://news-dunoyu.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
  • https://news-geroju.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://news-geroju.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.108.118.16 Frankfurt am Main, Germany, ASN63023 (AS-GLOBALTELEHOST, US),
Reverse DNS
16-118-108-193.clients.gthost.com
Software
nginx /
Resource Hash
c2ec38ec63194c03e54a356158f74ac4cc0d4a82fcb699c3af55a13b0503e799
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 25 Apr 2024 21:12:31 GMT
server
nginx
vary
Origin
x-frame-options
DENY

Redirect headers

content-length
0
date
Thu, 25 Apr 2024 21:12:31 GMT
location
https://news-geroju.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
server
nginx
vary
Origin
x-frame-options
DENY
style.css
news-geroju.cc/lands/20/ 		2 KB
1004 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://news-geroju.cc/lands/20/style.css
Requested by
Host: news-geroju.cc
URL: https://news-geroju.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.108.118.16 Frankfurt am Main, Germany, ASN63023 (AS-GLOBALTELEHOST, US),
Reverse DNS
16-118-108-193.clients.gthost.com
Software
nginx /
Resource Hash
2932666d3de7135f82ec781a408781352ec79c68998de11047db8e228d063311

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://news-geroju.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Apr 2024 21:12:31 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2024 13:19:08 GMT
server
nginx
etag
"6602cb4c-364"
content-type
text/css
accept-ranges
bytes
content-length
868
process.js
news-geroju.cc/ 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://news-geroju.cc/process.js?id=8065022&p1={zoneid}&p2=1nb7oc81cdbr40&p3=&p4=
Requested by
Host: news-geroju.cc
URL: https://news-geroju.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.108.118.16 Frankfurt am Main, Germany, ASN63023 (AS-GLOBALTELEHOST, US),
Reverse DNS
16-118-108-193.clients.gthost.com
Software
nginx /
Resource Hash
6559f9ea614f8fb92918306730502f893bd738d0f5d3076dc03111ab3e328f5e

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://news-geroju.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 25 Apr 2024 21:12:31 GMT
content-encoding
gzip
server
nginx
vary
Origin
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, must-revalidate
expires
0
revopush.js
news-geroju.cc/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://news-geroju.cc/revopush.js
Requested by
Host: news-geroju.cc
URL: https://news-geroju.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.108.118.16 Frankfurt am Main, Germany, ASN63023 (AS-GLOBALTELEHOST, US),
Reverse DNS
16-118-108-193.clients.gthost.com
Software
nginx /
Resource Hash
aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://news-geroju.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Apr 2024 21:12:31 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2024 13:19:08 GMT
server
nginx
etag
"6602cb4c-1d30"
content-type
application/javascript; charset=utf-8
accept-ranges
bytes
content-length
7472
css
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
Requested by
Host: news-geroju.cc
URL: https://news-geroju.cc/lands/20/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
47e3881d0fe2662e06375c04b01a8eabdd8eeca52f66aab1dc7ba3b6f5c564f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://news-geroju.cc/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 25 Apr 2024 21:12:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 25 Apr 2024 21:12:32 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 25 Apr 2024 21:12:32 GMT
/
show.revopush.com/api/v1/inpage/show/ 		796 B
949 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://show.revopush.com/api/v1/inpage/show/?uid=143520&subacc=8065022&sub1={zoneid}&sub2=1nb7oc81cdbr40&sub3=&sub4=&adult=true&limit=1&traffic=adult
Requested by
Host: news-geroju.cc
URL: https://news-geroju.cc/process.js?id=8065022&p1={zoneid}&p2=1nb7oc81cdbr40&p3=&p4=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
95.216.46.99 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
revopush-show-73.t.push.house
Software
nginx /
Resource Hash
a60ad3581580502d146e1f5cb3a5f30494fcf332e4c0b39fc04e3645a911ae32

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://news-geroju.cc/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
https://news-geroju.cc
date
Thu, 25 Apr 2024 21:12:32 GMT
content-encoding
br
accept-ch
Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Wow64
server
nginx
vary
Origin
content-type
application/json
girls.jpg
news-geroju.cc/lands/20/ 		148 KB
148 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://news-geroju.cc/lands/20/girls.jpg
Requested by
Host: news-geroju.cc
URL: https://news-geroju.cc/lands/20/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.108.118.16 Frankfurt am Main, Germany, ASN63023 (AS-GLOBALTELEHOST, US),
Reverse DNS
16-118-108-193.clients.gthost.com
Software
nginx /
Resource Hash
9f4e5aae6461b0d857a26e03d10a44ccc41db096b257a33c5c58f6961b32ad30

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://news-geroju.cc/lands/20/style.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Apr 2024 21:12:32 GMT
last-modified
Tue, 26 Mar 2024 13:19:08 GMT
server
nginx
accept-ranges
bytes
etag
"6602cb4c-24ee6"
content-length
151270
content-type
image/jpeg
KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 		9 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://news-geroju.cc
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 19:27:41 GMT
x-content-type-options
nosniff
age
524691
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9644
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:50 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 19 Apr 2025 19:27:41 GMT
KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://news-geroju.cc
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Apr 2024 06:13:41 GMT
x-content-type-options
nosniff
age
53931
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9628
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 25 Apr 2025 06:13:41 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://news-geroju.cc
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 00:45:23 GMT
x-content-type-options
nosniff
age
505629
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 20 Apr 2025 00:45:23 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://news-geroju.cc
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 03:50:46 GMT
x-content-type-options
nosniff
age
494506
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 20 Apr 2025 03:50:46 GMT
favicon.ico
news-geroju.cc/ 		548 B
256 B 		Other
General
Check archive.org
Download Go to
Full URL
https://news-geroju.cc/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.108.118.16 Frankfurt am Main, Germany, ASN63023 (AS-GLOBALTELEHOST, US),
Reverse DNS
16-118-108-193.clients.gthost.com
Software
nginx /
Resource Hash
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://news-geroju.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Apr 2024 21:12:32 GMT
content-encoding
gzip
server
nginx
content-type
text/html; charset=utf-8
iBH7M5VTRz2k2K5vpwpJtIXXyC8-XsMP1yJZ-mMK3-hffWBn69gzq8ChY850ZgR5KEE_rpBXDzUyx5cAILxQOJy-mYxnfYk0aLk5Wdsp5NgGYPxoBnSgkCqS_kOQFk8_gFng_kulUNuX-KaL7oz30BmJy5iMd49354QAU1DAruuUkGVt0WTBxfD9friu9cLE6oA=
img.cdn.house/i/1/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.cdn.house/i/1/iBH7M5VTRz2k2K5vpwpJtIXXyC8-XsMP1yJZ-mMK3-hffWBn69gzq8ChY850ZgR5KEE_rpBXDzUyx5cAILxQOJy-mYxnfYk0aLk5Wdsp5NgGYPxoBnSgkCqS_kOQFk8_gFng_kulUNuX-KaL7oz30BmJy5iMd49354QAU1DAruuUkGVt0WTBxfD9friu9cLE6oA=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.9.65.244 Giessen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
push-house-cdn-207.t.push.house
Software
nginx /
Resource Hash
7d2eae1a55022626588a6de0093aa38a40fd46b3600396112c0d3bc85f3fa748

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://news-geroju.cc/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Apr 2024 21:12:32 GMT
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
last-modified
Sat, 15 Jul 2023 10:20:20 GMT
server
nginx
accept-ranges
bytes
content-length
4866
content-type
image/webp
reject
news-geroju.cc/ 		5 B
117 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://news-geroju.cc/reject
Requested by
Host: news-geroju.cc
URL: https://news-geroju.cc/revopush.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.108.118.16 Frankfurt am Main, Germany, ASN63023 (AS-GLOBALTELEHOST, US),
Reverse DNS
16-118-108-193.clients.gthost.com
Software
nginx /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://news-geroju.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Thu, 25 Apr 2024 21:12:33 GMT
server
nginx
content-length
5
vary
Origin
content-type
application/json; charset=UTF-8
/
4285d4c3ab.news-nowazi.cc/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://4285d4c3ab.news-nowazi.cc/?i=1&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Requested by
Host: news-geroju.cc
URL: https://news-geroju.cc/revopush.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
136.243.42.50 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.50.42.243.136.clients.your-server.de
Software
nginx /
Resource Hash
3d172ff175a78e3e9aa3595a748077b63ef651cbcf3a2f33e0f91d5ac34ccea9
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://news-geroju.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-length
1615
content-type
text/html; charset=UTF-8
date
Thu, 25 Apr 2024 21:12:35 GMT
server
nginx
vary
Origin
x-frame-options
DENY
style.css
4285d4c3ab.news-nowazi.cc/lands/20/ 		2 KB
1004 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://4285d4c3ab.news-nowazi.cc/lands/20/style.css
Requested by
Host: 4285d4c3ab.news-nowazi.cc
URL: https://4285d4c3ab.news-nowazi.cc/?i=1&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
136.243.42.50 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.50.42.243.136.clients.your-server.de
Software
nginx /
Resource Hash
2932666d3de7135f82ec781a408781352ec79c68998de11047db8e228d063311

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://4285d4c3ab.news-nowazi.cc/?i=1&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Apr 2024 21:12:36 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2024 13:19:08 GMT
server
nginx
etag
"6602cb4c-364"
content-type
text/css
accept-ranges
bytes
content-length
868
process.js
4285d4c3ab.news-nowazi.cc/ 		26 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://4285d4c3ab.news-nowazi.cc/process.js?id=8065022&p1={zoneid}&p2=1nb7oc81cdbr40&p3=&p4=
Requested by
Host: 4285d4c3ab.news-nowazi.cc
URL: https://4285d4c3ab.news-nowazi.cc/?i=1&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
136.243.42.50 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.50.42.243.136.clients.your-server.de
Software
nginx /
Resource Hash
3e21f3893b01d1d8819e5df5d3a3c59f728663029cf9952a1833d9f33be3d6eb

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://4285d4c3ab.news-nowazi.cc/?i=1&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-type
application/javascript; charset=utf-8
pragma
no-cache
date
Thu, 25 Apr 2024 21:12:36 GMT
cache-control
no-cache, no-store, must-revalidate
server
nginx
vary
Origin
expires
0
revopush.js
4285d4c3ab.news-nowazi.cc/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://4285d4c3ab.news-nowazi.cc/revopush.js
Requested by
Host: 4285d4c3ab.news-nowazi.cc
URL: https://4285d4c3ab.news-nowazi.cc/?i=1&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
136.243.42.50 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.50.42.243.136.clients.your-server.de
Software
nginx /
Resource Hash
aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://4285d4c3ab.news-nowazi.cc/?i=1&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Apr 2024 21:12:36 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2024 13:19:08 GMT
server
nginx
etag
"6602cb4c-1d30"
content-type
application/javascript; charset=utf-8
accept-ranges
bytes
content-length
7472
css
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
Requested by
Host: 4285d4c3ab.news-nowazi.cc
URL: https://4285d4c3ab.news-nowazi.cc/lands/20/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
47e3881d0fe2662e06375c04b01a8eabdd8eeca52f66aab1dc7ba3b6f5c564f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://4285d4c3ab.news-nowazi.cc/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 25 Apr 2024 21:12:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 25 Apr 2024 21:12:34 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 25 Apr 2024 21:12:34 GMT
/
show.revopush.com/api/v1/inpage/show/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://show.revopush.com/api/v1/inpage/show/?uid=143520&subacc=8065022&sub1={zoneid}&sub2=1nb7oc81cdbr40&sub3=&sub4=&adult=true&limit=1&traffic=adult
Requested by
Host: 4285d4c3ab.news-nowazi.cc
URL: https://4285d4c3ab.news-nowazi.cc/process.js?id=8065022&p1={zoneid}&p2=1nb7oc81cdbr40&p3=&p4=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
138.201.81.123 Mannheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
revopush-show-87.t.push.house
Software
nginx /
Resource Hash
3e1e769c753402b33e14758d5eba4d05e54ba2d2512c64bd8e8365100e31a968

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://4285d4c3ab.news-nowazi.cc/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
https://4285d4c3ab.news-nowazi.cc
date
Thu, 25 Apr 2024 21:12:34 GMT
content-encoding
br
accept-ch
Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Wow64
server
nginx
vary
Origin
content-type
application/json
girls.jpg
4285d4c3ab.news-nowazi.cc/lands/20/ 		148 KB
148 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4285d4c3ab.news-nowazi.cc/lands/20/girls.jpg
Requested by
Host: 4285d4c3ab.news-nowazi.cc
URL: https://4285d4c3ab.news-nowazi.cc/lands/20/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
136.243.42.50 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.50.42.243.136.clients.your-server.de
Software
nginx /
Resource Hash
9f4e5aae6461b0d857a26e03d10a44ccc41db096b257a33c5c58f6961b32ad30

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://4285d4c3ab.news-nowazi.cc/lands/20/style.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Apr 2024 21:12:36 GMT
last-modified
Tue, 26 Mar 2024 13:19:08 GMT
server
nginx
accept-ranges
bytes
etag
"6602cb4c-24ee6"
content-length
151270
content-type
image/jpeg
KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 		9 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://4285d4c3ab.news-nowazi.cc
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 19:27:41 GMT
x-content-type-options
nosniff
age
524693
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9644
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:50 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 19 Apr 2025 19:27:41 GMT
KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://4285d4c3ab.news-nowazi.cc
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Apr 2024 06:13:41 GMT
x-content-type-options
nosniff
age
53933
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9628
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 25 Apr 2025 06:13:41 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://4285d4c3ab.news-nowazi.cc
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 00:45:23 GMT
x-content-type-options
nosniff
age
505631
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 20 Apr 2025 00:45:23 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://4285d4c3ab.news-nowazi.cc
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 03:50:46 GMT
x-content-type-options
nosniff
age
494508
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 20 Apr 2025 03:50:46 GMT
favicon.ico
4285d4c3ab.news-nowazi.cc/ 		548 B
622 B 		Other
General
Check archive.org
Download Go to
Full URL
https://4285d4c3ab.news-nowazi.cc/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
136.243.42.50 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.50.42.243.136.clients.your-server.de
Software
nginx /
Resource Hash
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://4285d4c3ab.news-nowazi.cc/?i=1&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Apr 2024 21:12:36 GMT
server
nginx
content-length
548
content-type
text/html; charset=utf-8
_F_oKtsSfl2JoVvYpP6iZx1D1K6EwOID.png
i.wmgtr.com/cic/
Redirect Chain
  • https://img.cdn.house/i/1/bFmB9YqbUkTtUy66YBfHHBicWCfn02qZJo94zSDoV9OAbHxeWlC8OiogtHaTZjFAKNGDcg47o1d8usu2n0E5_J8TQ3r5vyMFItq7zEkUp1TXYc3l_kQA093H_Oe1-tFcz8G75RmG5gpd2_PBTnhqmM09zvYbdKgwLqMpp7XM4Yr...
  • https://jythnv.xyz/dsp/ph/icm?aid=8630346051814573282&mid=0&sid=992&t=1714079554&subid=8065022
  • https://i.wmgtr.com/cic/_F_oKtsSfl2JoVvYpP6iZx1D1K6EwOID.png
28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.wmgtr.com/cic/_F_oKtsSfl2JoVvYpP6iZx1D1K6EwOID.png
Protocol
H2
Server
45.133.44.33 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.0 /
Resource Hash
09959f401dbec86370932a57cc491685741bd4b6c7df2f344e680a0bb4b6177d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://4285d4c3ab.news-nowazi.cc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

expires
Fri, 26 Apr 2024 20:12:35 GMT
date
Thu, 25 Apr 2024 21:12:35 GMT
content-encoding
gzip
server
nginx/1.19.0
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=82800
x-content-type-option
nosniff
x-xss-protection
1; mode=block
x-proxy-cache
HIT

Redirect headers

location
https://i.wmgtr.com/cic/_F_oKtsSfl2JoVvYpP6iZx1D1K6EwOID.png
date
Thu, 25 Apr 2024 21:12:34 GMT
accept-ch
Sec-CH-UA-Platform-Version
server
nginx/1.18.0
content-length
0
reject
4285d4c3ab.news-nowazi.cc/ 		5 B
117 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://4285d4c3ab.news-nowazi.cc/reject
Requested by
Host: 4285d4c3ab.news-nowazi.cc
URL: https://4285d4c3ab.news-nowazi.cc/revopush.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
136.243.42.50 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.50.42.243.136.clients.your-server.de
Software
nginx /
Resource Hash
38e0b9de817f645c4bec37c0d4a3e58baecccb040f5718dc069a72c7385a0bed

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://4285d4c3ab.news-nowazi.cc/?i=1&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Thu, 25 Apr 2024 21:12:37 GMT
server
nginx
content-length
5
vary
Origin
content-type
application/json; charset=UTF-8
Primary Request /
42ac707edc.news-xonuna.cc/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://42ac707edc.news-xonuna.cc/?i=2&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Requested by
Host: 4285d4c3ab.news-nowazi.cc
URL: https://4285d4c3ab.news-nowazi.cc/revopush.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.158.56.201 Frankfurt am Main, Germany, ASN63023 (AS-GLOBALTELEHOST, US),
Reverse DNS
201-56-158-23.clients.gthost.com
Software
nginx /
Resource Hash
4ce59977a5c5aca4a81bfba721a05ed932c03740f4d6ddec5e088724177c6610
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://4285d4c3ab.news-nowazi.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-length
1689
content-type
text/html; charset=UTF-8
date
Thu, 25 Apr 2024 21:12:36 GMT
server
nginx
vary
Origin
x-frame-options
DENY
style.css
42ac707edc.news-xonuna.cc/lands/20/ 		2 KB
1004 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://42ac707edc.news-xonuna.cc/lands/20/style.css
Requested by
Host: 42ac707edc.news-xonuna.cc
URL: https://42ac707edc.news-xonuna.cc/?i=2&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.158.56.201 Frankfurt am Main, Germany, ASN63023 (AS-GLOBALTELEHOST, US),
Reverse DNS
201-56-158-23.clients.gthost.com
Software
nginx /
Resource Hash
2932666d3de7135f82ec781a408781352ec79c68998de11047db8e228d063311

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://42ac707edc.news-xonuna.cc/?i=2&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Apr 2024 21:12:36 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2024 13:19:08 GMT
server
nginx
etag
"6602cb4c-364"
content-type
text/css
accept-ranges
bytes
content-length
868
process.js
42ac707edc.news-xonuna.cc/ 		26 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://42ac707edc.news-xonuna.cc/process.js?id=8065022&p1={zoneid}&p2=1nb7oc81cdbr40&p3=&p4=
Requested by
Host: 42ac707edc.news-xonuna.cc
URL: https://42ac707edc.news-xonuna.cc/?i=2&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.158.56.201 Frankfurt am Main, Germany, ASN63023 (AS-GLOBALTELEHOST, US),
Reverse DNS
201-56-158-23.clients.gthost.com
Software
nginx /
Resource Hash
a6459a2450682a0c11148fe59dc2998623f279a2c522b34662bf35eb3743ae4b

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://42ac707edc.news-xonuna.cc/?i=2&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-type
application/javascript; charset=utf-8
pragma
no-cache
date
Thu, 25 Apr 2024 21:12:36 GMT
cache-control
no-cache, no-store, must-revalidate
server
nginx
vary
Origin
expires
0
revopush.js
42ac707edc.news-xonuna.cc/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://42ac707edc.news-xonuna.cc/revopush.js
Requested by
Host: 42ac707edc.news-xonuna.cc
URL: https://42ac707edc.news-xonuna.cc/?i=2&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.158.56.201 Frankfurt am Main, Germany, ASN63023 (AS-GLOBALTELEHOST, US),
Reverse DNS
201-56-158-23.clients.gthost.com
Software
nginx /
Resource Hash
aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://42ac707edc.news-xonuna.cc/?i=2&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Apr 2024 21:12:36 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2024 13:19:08 GMT
server
nginx
etag
"6602cb4c-1d30"
content-type
application/javascript; charset=utf-8
accept-ranges
bytes
content-length
7472
css
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
Requested by
Host: 42ac707edc.news-xonuna.cc
URL: https://42ac707edc.news-xonuna.cc/lands/20/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
47e3881d0fe2662e06375c04b01a8eabdd8eeca52f66aab1dc7ba3b6f5c564f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://42ac707edc.news-xonuna.cc/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 25 Apr 2024 21:12:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 25 Apr 2024 21:12:36 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 25 Apr 2024 21:12:36 GMT
/
show.revopush.com/api/v1/inpage/show/ 		0
0
girls.jpg
42ac707edc.news-xonuna.cc/lands/20/ 		148 KB
148 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://42ac707edc.news-xonuna.cc/lands/20/girls.jpg
Requested by
Host: 42ac707edc.news-xonuna.cc
URL: https://42ac707edc.news-xonuna.cc/lands/20/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.158.56.201 Frankfurt am Main, Germany, ASN63023 (AS-GLOBALTELEHOST, US),
Reverse DNS
201-56-158-23.clients.gthost.com
Software
nginx /
Resource Hash
9f4e5aae6461b0d857a26e03d10a44ccc41db096b257a33c5c58f6961b32ad30

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://42ac707edc.news-xonuna.cc/lands/20/style.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Apr 2024 21:12:36 GMT
last-modified
Tue, 26 Mar 2024 13:19:08 GMT
server
nginx
accept-ranges
bytes
etag
"6602cb4c-24ee6"
content-length
151270
content-type
image/jpeg
KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 		9 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://42ac707edc.news-xonuna.cc
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 19:27:41 GMT
x-content-type-options
nosniff
age
524695
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9644
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:50 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 19 Apr 2025 19:27:41 GMT
KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://42ac707edc.news-xonuna.cc
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Apr 2024 06:13:41 GMT
x-content-type-options
nosniff
age
53935
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9628
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 25 Apr 2025 06:13:41 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://42ac707edc.news-xonuna.cc
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 00:45:23 GMT
x-content-type-options
nosniff
age
505633
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 20 Apr 2025 00:45:23 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://42ac707edc.news-xonuna.cc
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 03:50:46 GMT
x-content-type-options
nosniff
age
494510
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 20 Apr 2025 03:50:46 GMT
favicon.ico
42ac707edc.news-xonuna.cc/ 		548 B
622 B 		Other
General
Check archive.org
Download Go to
Full URL
https://42ac707edc.news-xonuna.cc/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.158.56.201 Frankfurt am Main, Germany, ASN63023 (AS-GLOBALTELEHOST, US),
Reverse DNS
201-56-158-23.clients.gthost.com
Software
nginx /
Resource Hash
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://42ac707edc.news-xonuna.cc/?i=2&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Apr 2024 21:12:36 GMT
server
nginx
content-length
548
content-type
text/html; charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
show.revopush.com
URL
https://show.revopush.com/api/v1/inpage/show/?uid=143520&subacc=8065022&sub1={zoneid}&sub2=1nb7oc81cdbr40&sub3=&sub4=&adult=true&limit=1&traffic=adult

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _GLOBALS string| userCustomRedirectUrl function| a0_0x1b8e function| a0_0x1edc object| Sentry object| _PHV2SITE object| webpackChunklands_static object| _phv2Activator

3 Cookies

Domain/Path Name / Value
marsider.fun/ Name: _subid
Value: 1nb7oc81cdbr40
marsider.fun/ Name: 330d8
Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjc5MlwiOjE3MTQwNzk1NTF9LFwiY2FtcGFpZ25zXCI6e1wiMTk2XCI6MTcxNDA3OTU1MX0sXCJ0aW1lXCI6MTcxNDA3OTU1MX0ifQ.UUkhS_f_gK3kpw6D6grlvqqwTzJMtcnnvl28QqyRd64
marsider.fun/ Name: _token
Value: uuid_1nb7oc81cdbr40_1nb7oc81cdbr40662ac73fa68164.39121693

6 Console Messages

Source Level URL
Text
other error URL: https://news-geroju.cc/?id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.
network error URL: https://news-geroju.cc/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
other error URL: https://4285d4c3ab.news-nowazi.cc/?i=1&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.
network error URL: https://4285d4c3ab.news-nowazi.cc/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
other error URL: https://42ac707edc.news-xonuna.cc/?i=2&id=8065022&p1=%7Bzoneid%7D&p2=1nb7oc81cdbr40&p3=&p4=sub4
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.
network error URL: https://42ac707edc.news-xonuna.cc/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4285d4c3ab.news-nowazi.cc
42ac707edc.news-xonuna.cc
fonts.googleapis.com
fonts.gstatic.com
i.wmgtr.com
img.cdn.house
jythnv.xyz
marsider.fun
news-dunoyu.cc
news-geroju.cc
show.revopush.com
show.revopush.com
136.243.42.50
138.201.81.123
193.108.118.16
23.158.56.201
2606:4700:3035::6815:3635
2a00:1450:4001:810::200a
2a00:1450:4001:812::2003
2a02:b48:207:1::6
45.133.44.33
5.9.65.244
95.216.46.99
09959f401dbec86370932a57cc491685741bd4b6c7df2f344e680a0bb4b6177d
2932666d3de7135f82ec781a408781352ec79c68998de11047db8e228d063311
38e0b9de817f645c4bec37c0d4a3e58baecccb040f5718dc069a72c7385a0bed
3d172ff175a78e3e9aa3595a748077b63ef651cbcf3a2f33e0f91d5ac34ccea9
3e1e769c753402b33e14758d5eba4d05e54ba2d2512c64bd8e8365100e31a968
3e21f3893b01d1d8819e5df5d3a3c59f728663029cf9952a1833d9f33be3d6eb
47e3881d0fe2662e06375c04b01a8eabdd8eeca52f66aab1dc7ba3b6f5c564f8
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
4ce59977a5c5aca4a81bfba721a05ed932c03740f4d6ddec5e088724177c6610
6559f9ea614f8fb92918306730502f893bd738d0f5d3076dc03111ab3e328f5e
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
7d2eae1a55022626588a6de0093aa38a40fd46b3600396112c0d3bc85f3fa748
9f4e5aae6461b0d857a26e03d10a44ccc41db096b257a33c5c58f6961b32ad30
a60ad3581580502d146e1f5cb3a5f30494fcf332e4c0b39fc04e3645a911ae32
a6459a2450682a0c11148fe59dc2998623f279a2c522b34662bf35eb3743ae4b
aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
c2ec38ec63194c03e54a356158f74ac4cc0d4a82fcb699c3af55a13b0503e799
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615