play.google.com Open in urlscan Pro
2a00:1450:4001:811::200e Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://hfticket.ab-it-group.de/
Effective URL:
https://play.google.com/store/apps/details?id=com.tinder
Submission: On May 07 via automatic, source certstream-suspicious (May 7th 2023, 7:51:55 am UTC) — Scanned from IT

Summary HTTP 41 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 4 countries across 11 domains to perform 41 HTTP transactions. The main IP is 2a00:1450:4001:811::200e, located in and belongs to . The main domain is play.google.com.
TLS certificate: Issued by GTS CA 1C3 on April 17th 2023. Valid for: 3 months.

This is the only time play.google.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 5	2.59.222.113 2.59.222.113	209155 (ONEHOSTPL...) (ONEHOSTPLANET)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1 11	185.56.234.205 185.56.234.205	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	2a02:b4a:1:7:... 2a02:b4a:1:7::9273:1	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
11	2606:4700:303... 2606:4700:3033::ac43:dd04	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2a02:b4a:1:7:... 2a02:b4a:1:7::9165:1	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1 1	52.19.101.114 52.19.101.114	() ()
1 1	2606:4700:20:... 2606:4700:20::681a:bf1	() ()
1 1	185.155.184.98 185.155.184.98	() ()
1	2a00:1450:400... 2a00:1450:4001:811::200e	() ()
41	9

7 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

hfticket.ab-it-group.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.59.222.113 (Kyiv, Ukraine) 1 redirects

ASN209155 (ONEHOSTPLANET, CZ)

block.descriptionscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fire.descriptionscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 185.56.234.205 (Netherlands) 1 redirects

ASN39572 (ADVANCEDHOSTERS-AS, NL)

shbzek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
53adn.shbzek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
z6tm5.shbzek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
5xzel.shbzek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kgrut.shbzek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
5lh1m.shbzek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
4jiuv.shbzek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
x936m.shbzek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t2amz.shbzek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bi9xo.shbzek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:b4a:1:7::9273:1 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

azkcqs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700:3033::ac43:dd04 (United States)

ASN13335 (CLOUDFLARENET, US)

ulmoyc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:b4a:1:7::9165:1 (Netherlands) 1 redirects

ASN39572 (ADVANCEDHOSTERS-AS, NL)

ecrwqu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.19.101.114 (None, ) 1 redirects

ASN- ()

top.40trk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:bf1 (None, ) 1 redirects

ASN- ()

trk.adtrk21.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.155.184.98 (None, ) 1 redirects

ASN- ()

winbonuses.life	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200e (None, )

ASN- ()

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	ulmoyc.com ulmoyc.com — Cisco Umbrella Rank: 49329	52 KB
11	shbzek.com shbzek.com — Cisco Umbrella Rank: 485714 Failed 53adn.shbzek.com z6tm5.shbzek.com 5xzel.shbzek.com kgrut.shbzek.com 5lh1m.shbzek.com 4jiuv.shbzek.com x936m.shbzek.com t2amz.shbzek.com bi9xo.shbzek.com	113 KB
7	ab-it-group.de hfticket.ab-it-group.de	120 KB
5	descriptionscripts.com 1 redirects block.descriptionscripts.com — Cisco Umbrella Rank: 427442 fire.descriptionscripts.com — Cisco Umbrella Rank: 530250 Failed	5 KB
2	ecrwqu.com 1 redirects ecrwqu.com — Cisco Umbrella Rank: 317261	536 B
1	google.com play.google.com
1	winbonuses.life 1 redirects winbonuses.life	333 B
1	adtrk21.com 1 redirects trk.adtrk21.com	2 KB
1	40trk.com 1 redirects top.40trk.com	589 B
1	azkcqs.com azkcqs.com — Cisco Umbrella Rank: 31489	101 B
1	gstatic.com fonts.gstatic.com	25 KB
41	11

	Domain	Requested by
11	ulmoyc.com	shbzek.com ulmoyc.com 53adn.shbzek.com z6tm5.shbzek.com 5xzel.shbzek.com kgrut.shbzek.com 5lh1m.shbzek.com 4jiuv.shbzek.com x936m.shbzek.com t2amz.shbzek.com bi9xo.shbzek.com
7	hfticket.ab-it-group.de	hfticket.ab-it-group.de
3	block.descriptionscripts.com	hfticket.ab-it-group.de block.descriptionscripts.com
2	ecrwqu.com	1 redirects bi9xo.shbzek.com
2	shbzek.com	fire.descriptionscripts.com
2	fire.descriptionscripts.com	block.descriptionscripts.com
1	play.google.com	bi9xo.shbzek.com hfticket.ab-it-group.de
1	winbonuses.life	1 redirects
1	trk.adtrk21.com	1 redirects
1	top.40trk.com	1 redirects
1	bi9xo.shbzek.com	t2amz.shbzek.com
1	t2amz.shbzek.com	x936m.shbzek.com
1	x936m.shbzek.com	4jiuv.shbzek.com
1	4jiuv.shbzek.com	5lh1m.shbzek.com
1	5lh1m.shbzek.com	kgrut.shbzek.com
1	kgrut.shbzek.com	5xzel.shbzek.com
1	5xzel.shbzek.com	z6tm5.shbzek.com
1	z6tm5.shbzek.com	53adn.shbzek.com
1	53adn.shbzek.com	shbzek.com
1	azkcqs.com	shbzek.com
1	fonts.gstatic.com	hfticket.ab-it-group.de
41	21

This site contains no links.

Subject Issuer	Validity	Valid
ab-it-group.de GTS CA 1P5	`2023-05-02` - `2023-07-31`	3 months	crt.sh
block.descriptionscripts.com R3	`2023-04-28` - `2023-07-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
fire.descriptionscripts.com R3	`2023-04-21` - `2023-07-20`	3 months	crt.sh
shbzek.com R3	`2023-04-04` - `2023-07-03`	3 months	crt.sh
azkcqs.com R3	`2023-02-19` - `2023-05-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-01-29` - `2024-01-28`	a year	crt.sh
ecrwqu.com R3	`2023-03-16` - `2023-06-14`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://play.google.com/store/apps/details?id=com.tinder
Frame ID: 1D3B33E652FD5C4F91E0907CAA9518A8
Requests: 41 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://hfticket.ab-it-group.de/ Page URL
https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463 HTTP 302
https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463&kid=Ingaunahe Page URL
https://shbzek.com/gosl/InNpZCI6MTE5NjU2OSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=&si2= HTTP 302
https://shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ... Page URL
https://53adn.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ... Page URL
https://z6tm5.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ... Page URL
https://5xzel.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ... Page URL
https://kgrut.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ... Page URL
https://5lh1m.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ... Page URL
https://4jiuv.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ... Page URL
https://x936m.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ... Page URL
https://t2amz.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ... Page URL
https://bi9xo.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ... Page URL
https://ecrwqu.com/cuclc?aid=2660227543318806711&t=1683445913&s=854349 HTTP 302
http://top.40trk.com/c/c3317c96d15d983f?CLICKID=a2_2660227543318806711_440287_2_0&CPC=0.0001&SOUR... HTTP 302
http://trk.adtrk21.com/aff_c?aff_id=16980&aff_sub=efvdg6457589a0005b83a&offer_id=1972 HTTP 302
https://winbonuses.life/?u=m5uwwwl&o=frcpbz7&t=16980&cid=102db30fdbb228091b97f861575140 HTTP 302
https://play.google.com/store/apps/details?id=com.tinder Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

41
Requests

88 %
HTTPS

64 %
IPv6

11
Domains

21
Subdomains

9
IPs

4
Countries

315 kB
Transfer

974 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://hfticket.ab-it-group.de/ Page URL
https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463 HTTP 302
https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463&kid=Ingaunahe Page URL
https://shbzek.com/gosl/InNpZCI6MTE5NjU2OSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=&si2= HTTP 302
https://shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&si1=&si2= Page URL
https://53adn.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=1 Page URL
https://z6tm5.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=2 Page URL
https://5xzel.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=3 Page URL
https://kgrut.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=4 Page URL
https://5lh1m.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=5 Page URL
https://4jiuv.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=6 Page URL
https://x936m.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=7 Page URL
https://t2amz.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=8 Page URL
https://bi9xo.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=9 Page URL
https://ecrwqu.com/cuclc?aid=2660227543318806711&t=1683445913&s=854349 HTTP 302
http://top.40trk.com/c/c3317c96d15d983f?CLICKID=a2_2660227543318806711_440287_2_0&CPC=0.0001&SOURCE_ID=a440287&CAMPAIGN_ID=854349&CPC=0.0001&ZONE_ID=a440287&CREATIVE_ID={CREATIVE_ID} HTTP 302
http://trk.adtrk21.com/aff_c?aff_id=16980&aff_sub=efvdg6457589a0005b83a&offer_id=1972 HTTP 302
https://winbonuses.life/?u=m5uwwwl&o=frcpbz7&t=16980&cid=102db30fdbb228091b97f861575140 HTTP 302
https://play.google.com/store/apps/details?id=com.tinder Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463 HTTP 302
https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463&kid=Ingaunahe

Request Chain 16

https://shbzek.com/gosl/InNpZCI6MTE5NjU2OSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=&si2= HTTP 302
https://shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&si1=&si2=

41 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
hfticket.ab-it-group.de/ 77 KB
15 KB 952ms
884ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hfticket.ab-it-group.de/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.0.28 PleskLin
Resource Hash: 41460bdc5cc7d57ff3d0e964f2b67421d0d6fb04ed873f24cd75f2b3874cb3b2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

cache-control: max-age=0, no-cache, s-maxage=10
cf-cache-status: DYNAMIC
cf-ray: 7c37e13df82ebacd-MXP
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 07 May 2023 07:51:49 GMT
link: <https://hfticket.ab-it-group.de/wp-json/>; rel="https://api.w.org/", <https://hfticket.ab-it-group.de/wp-json/wp/v2/pages/10>; rel="alternate"; type="application/json", <https://hfticket.ab-it-group.de/>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FLelZ1cMm2drw0zoHmEgIYsuwlM444SU9m5Pqz3l4OiPYU7fDkBHmkCjxuje2ZpM%2FTqB7Du2szfkBvXOkFK5QG2LQ05XULmK%2BCmRdQ%2Fu1M8yHN0Fe2Eifg694ZYM5SRGUdMPHOOfGyAFmo2F3eGKXIqoYmF7wQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-mod-pagespeed: 1.13.35.2-0
x-powered-by: PHP/8.0.28 PleskLin

GET
H2 200 path.js Show response
block.descriptionscripts.com/scripts/ 2 KB
1 KB 672ms
61ms Script
application/javascript 2.59.222.113
ONEHOSTPLANET

General

Check archive.org

Show headers Download Go to

Full URL

https://block.descriptionscripts.com/scripts/path.js?v=1.0.3

Requested by

Host: hfticket.ab-it-group.de
URL: https://hfticket.ab-it-group.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.59.222.113 Kyiv, Ukraine, ASN209155 (ONEHOSTPLANET, CZ),

Reverse DNS

Software

nginx /

Resource Hash

73a3195d9570ffc6ab9d2488eb93144017f76a0c6e8d5afd66f16035a068db47

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000;

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://hfticket.ab-it-group.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:49 GMT
content-encoding: gzip
strict-transport-security: max-age=15768000;
server: nginx
content-length: 1134
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 A.style.css,qver=4.14.7.pagespeed.cf.1B2M2Y8Asg.css
hfticket.ab-it-group.de/wp-content/themes/Divi-by-AB-IT-Group/ 0
427 B 85ms
81ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hfticket.ab-it-group.de/wp-content/themes/Divi-by-AB-IT-Group/A.style.css,qver=4.14.7.pagespeed.cf.1B2M2Y8Asg.css
Requested by: Host: hfticket.ab-it-group.de
URL: https://hfticket.ab-it-group.de/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://hfticket.ab-it-group.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:49 GMT
content-encoding: gzip
cf-cache-status: MISS
x-original-content-length: 389
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
content-length: 20
last-modified: Sun, 07 May 2023 07:51:48 GMT
server: cloudflare
etag: W/"0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9sFAF2pnOuBC0i%2Fhngd6wY6JeHnk37ADa1BPi71W9Ll7wUhY7a4QBsGKSMaiub3QUXj5jNY01xavb6GNHnqV46Lw4OeOBvx%2Bq4%2BbcVrhKC7S4xoLTMrOmh%2F8OohcP9aHMVs4ZuVDslc4sf2nIsDiFDLv%2Bwlrcg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7c37e1439f29bacd-MXP
expires: Mon, 06 May 2024 07:51:48 GMT

GET
H2 200 souce.js Show response
block.descriptionscripts.com/scripts/ 2 KB
1 KB 670ms
64ms Script
application/javascript 2.59.222.113
ONEHOSTPLANET

General

Check archive.org

Show headers Download Go to

Full URL

https://block.descriptionscripts.com/scripts/souce.js?v=1.0.3

Requested by

Host: hfticket.ab-it-group.de
URL: https://hfticket.ab-it-group.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.59.222.113 Kyiv, Ukraine, ASN209155 (ONEHOSTPLANET, CZ),

Reverse DNS

Software

nginx /

Resource Hash

73a3195d9570ffc6ab9d2488eb93144017f76a0c6e8d5afd66f16035a068db47

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000;

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://hfticket.ab-it-group.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:49 GMT
content-encoding: gzip
strict-transport-security: max-age=15768000;
server: nginx
content-length: 1134
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 jquery.min.js,qver=3.6.3.pagespeed.jm.eeevgC5Itb.js Show response
hfticket.ab-it-group.de/wp-includes/js/jquery/ 88 KB
31 KB 110ms
107ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hfticket.ab-it-group.de/wp-includes/js/jquery/jquery.min.js,qver=3.6.3.pagespeed.jm.eeevgC5Itb.js
Requested by: Host: hfticket.ab-it-group.de
URL: https://hfticket.ab-it-group.de/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: d2aae4ca60bd21e6558dff1e09b6d299ffeb57171315d299ad3270ed43c00a99

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://hfticket.ab-it-group.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:49 GMT
content-encoding: gzip
cf-cache-status: MISS
x-original-content-length: 89815
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
content-length: 30953
last-modified: Sun, 07 May 2023 07:51:47 GMT
server: cloudflare
etag: W/"0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VhorBUaif5lB1amPnAxX3J8gEkpQbX2P0CJJRWYKKbHMuZLK7tnOp1JqdmDqzaWSq5W%2BH32u%2Bj42DuGp7t28eVOGj%2BHd0XJqwNBnJnrSyg1XkVfEzv7qPiy%2B%2BLRxdzqVRgUU3NVuHtLryfIjQ2g6o1IA3LpMEg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7c37e1439f2bbacd-MXP
expires: Mon, 06 May 2024 07:51:47 GMT

GET
H2 200 jquery-migrate.min.js,qver=3.4.0.pagespeed.jm.0-q49MfDi2.js Show response
hfticket.ab-it-group.de/wp-includes/js/jquery/ 13 KB
5 KB 100ms
98ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hfticket.ab-it-group.de/wp-includes/js/jquery/jquery-migrate.min.js,qver=3.4.0.pagespeed.jm.0-q49MfDi2.js
Requested by: Host: hfticket.ab-it-group.de
URL: https://hfticket.ab-it-group.de/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: e30920a8784663f889b11589f9464c690e7c6b14aaf59677bf04408054213469

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://hfticket.ab-it-group.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:49 GMT
content-encoding: gzip
cf-cache-status: MISS
x-original-content-length: 13424
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
content-length: 4733
last-modified: Sun, 07 May 2023 07:51:47 GMT
server: cloudflare
etag: W/"0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4YtfnL6z6jpNjQxynKF%2BFfWk0MXQLKZc3t1AxdcMAcW8BfgfY%2BTV9r0LTX2qlwikDxnFOczs8V1kU5svr9AS%2FyHUvRUx5TuSZXBkweeRExXLy1%2BmVe2bx%2Fij005G4Y0hisJqY1gBtHBkEnBQCfCcEEjp8azYbg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7c37e1439f2cbacd-MXP
expires: Mon, 06 May 2024 07:51:47 GMT

GET
H2 200 scripts.min.js,qver=4.14.7.pagespeed.jm.chP8QbbrYg.js Show response
hfticket.ab-it-group.de/wp-content/themes/Divi/js/ 266 KB
68 KB 128ms
126ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hfticket.ab-it-group.de/wp-content/themes/Divi/js/scripts.min.js,qver=4.14.7.pagespeed.jm.chP8QbbrYg.js
Requested by: Host: hfticket.ab-it-group.de
URL: https://hfticket.ab-it-group.de/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 3288c6c3da85b824059cf532dd572db9445cb60899adcbe597c3e7126c2f088e

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://hfticket.ab-it-group.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:49 GMT
content-encoding: gzip
cf-cache-status: MISS
x-original-content-length: 272873
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
content-length: 69529
last-modified: Sun, 07 May 2023 07:51:48 GMT
server: cloudflare
etag: W/"0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=piILYbpsO7rJWxVh7bx%2BVFq8lsVG%2BAcmvprmwQRaObrJrBu518%2BGEcJphEpS%2BFaxJT%2BifKvZ2x9ZDLmUqw6QEMsNQ3htk4dPdQY0yu1Mh4Jx2850HNzRHlQNHYxJq7%2FKqJzZBl8wUoZLa32GuYqqw15AYvvCiA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7c37e1439f2dbacd-MXP
expires: Mon, 06 May 2024 07:51:48 GMT

GET
H2 200 main.js Show response
block.descriptionscripts.com/ 3 KB
2 KB 191ms
191ms Script
application/javascript 2.59.222.113
ONEHOSTPLANET

General

Check archive.org

Show headers Download Go to

Full URL

https://block.descriptionscripts.com/main.js

Requested by

Host: block.descriptionscripts.com
URL: https://block.descriptionscripts.com/scripts/path.js?v=1.0.3

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.59.222.113 Kyiv, Ukraine, ASN209155 (ONEHOSTPLANET, CZ),

Reverse DNS

Software

nginx /

Resource Hash

cda1099db3e2407595dbad40b613a47fd83e4a062083571ec01fcc7e46e95bba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000;

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://hfticket.ab-it-group.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:49 GMT
strict-transport-security: max-age=15768000;
content-encoding: gzip
last-modified: Sat, 29 Apr 2023 07:22:16 GMT
server: nginx
etag: W/"644cc5a8-dd0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 et-core-unified-tb-20-tb-21-deferred-10.min.css
hfticket.ab-it-group.de/wp-content/et-cache/10/ 0
464 B 80ms
80ms Other
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hfticket.ab-it-group.de/wp-content/et-cache/10/et-core-unified-tb-20-tb-21-deferred-10.min.css?ver=1683445907
Requested by: Host: hfticket.ab-it-group.de
URL: https://hfticket.ab-it-group.de/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://hfticket.ab-it-group.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:49 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Sun, 07 May 2023 07:51:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"12e-5fb15cb56423f"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vDJP2wPoWC4VLwABhjEKOOz6hUNK%2BBXRcTFCYqUFhjGfGKPiaQ%2B9iF9PU0affnEGTclbIbRlXc8u7DM69SPY2%2BfH4rfwmMtUgsuPo876Jdsvck%2BPd4ZkAjymKyxAQWpDiu%2FdXD7sOGEtgPVADz5HG5MYkaxj2w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=10
cf-ray: 7c37e147ec38bacd-MXP

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4uaVI.woff2
fonts.gstatic.com/s/opensans/v35/ 25 KB
25 KB 94ms
29ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v35/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4uaVI.woff2

Requested by

Host: hfticket.ab-it-group.de
URL: https://hfticket.ab-it-group.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce4714944663ab66446464e544e69808450bee9d0332659795eacea5751fc4f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hfticket.ab-it-group.de/
Origin: https://hfticket.ab-it-group.de
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 20:55:25 GMT
x-content-type-options: nosniff
age: 39384
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25456
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:15:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 05 May 2024 20:55:25 GMT

GET
H2 200 et-core-unified-tb-20-tb-21-deferred-10.min.css
hfticket.ab-it-group.de/wp-content/et-cache/10/ 302 B
553 B 47ms
47ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hfticket.ab-it-group.de/wp-content/et-cache/10/et-core-unified-tb-20-tb-21-deferred-10.min.css?ver=1683445907

Requested by

Host: hfticket.ab-it-group.de
URL: https://hfticket.ab-it-group.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

82ce4b8858b88272fa84c8341859ed344e97edbce74df7f81e98911e15628bbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://hfticket.ab-it-group.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-original-content-length: 302
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
content-length: 141
last-modified: Sun, 07 May 2023 07:51:47 GMT
server: cloudflare
etag: "12e-5fb15cb56423f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0iFwwioHVarujrgCZ3e%2Bud%2BcSSwD2EviJyZ5JWWan3eFg4NjIoNAYWsv%2BW2YvTlRvAKqVjweu00emfy9t02k%2BrO2Ny3YfpTggkBPiTu7%2FriOmK1bFwMGMyL3CgBAYn%2FtZwhj7Bf6DkNj0M3k4GQBwAdfF5jtJg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=10
accept-ranges: bytes
cf-ray: 7c37e1486ce1bacd-MXP
expires: Sun, 07 May 2023 07:56:49 GMT

GET get.php
fire.descriptionscripts.com/ 0
0

GET
H2

200

get.php
fire.descriptionscripts.com/
Redirect Chain

https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463
https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463&kid=Ingaunahe

941 B
609 B

252ms
251ms

Document
text/html

2.59.222.113
ONEHOSTPLANET

General

Check archive.org

Show headers Download Go to

Full URL

https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463&kid=Ingaunahe

Requested by

Host: block.descriptionscripts.com
URL: https://block.descriptionscripts.com/main.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.59.222.113 Kyiv, Ukraine, ASN209155 (ONEHOSTPLANET, CZ),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000;

Request headers

Referer: https://hfticket.ab-it-group.de/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

content-encoding: gzip
content-length: 467
content-type: text/html; charset=UTF-8
date: Sun, 07 May 2023 07:51:50 GMT
server: nginx
strict-transport-security: max-age=15768000;
vary: Accept-Encoding

Redirect headers

content-length: 0
content-type: text/html; charset=UTF-8
date: Sun, 07 May 2023 07:51:50 GMT
location: https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463&kid=Ingaunahe
server: nginx
strict-transport-security: max-age=15768000;

GET InNpZCI6MTE5NjU2OSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs
shbzek.com/gosl/ 0
0

GET
H2

200

great Show response
shbzek.com/
Redirect Chain

https://shbzek.com/gosl/InNpZCI6MTE5NjU2OSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=&si2=
https://shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&si1=&si2=

20 KB
11 KB

43ms
43ms

Document
text/html

185.56.234.205
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&si1=&si2=
Requested by: Host: fire.descriptionscripts.com
URL: https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463&kid=Ingaunahe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.1 /
Resource Hash: 67d910116d2c338b055fe5b16e97892879462ebdb5cebd07982afb4fe6a1f5f5

Request headers

Referer: https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463&kid=Ingaunahe
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 07 May 2023 07:51:51 GMT
server: nginx/1.21.1
vary: Accept-Encoding
x-zone: eu4

Redirect headers

cache-control: no-cache
content-type: text/html; charset=UTF-8
date: Sun, 07 May 2023 07:51:51 GMT
location: https://shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&si1=&si2=
max-age: 0
server: nginx/1.21.1
x-zone: eu3

GET
H2 200 rpe Show response
azkcqs.com/ 0
101 B 131ms
34ms XHR
text/plain 2a02:b4a:1:7::9273:1
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://azkcqs.com/rpe?a=1&s=1&act=17&src=2&p=1054030&st=1196569&wd=440287&d=shbzek.com&tpl=32&rnd=0.9861501240056976&sbid=&sbid2=
Requested by: Host: shbzek.com
URL: https://shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&si1=&si2=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 2a02:b4a:1:7::9273:1 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://shbzek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 07 May 2023 07:51:51 GMT
accept-ch: Sec-CH-UA-Platform-Version
server: nginx/1.18.0
content-length: 0

GET
H2 200 sdk.js Show response
ulmoyc.com/v1/ 13 KB
5 KB 78ms
26ms Script
application/javascript 2606:4700:3033::ac43:dd04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=32&pbd=iOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNpMSI6IiIsInNpMiI6IiJ9eyJwaWQ
Requested by: Host: shbzek.com
URL: https://shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&si1=&si2=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:dd04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec1fb5f3237cf6a3b508390b4965faf5eb673f0588cfb81e7a057118f808921c

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://shbzek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:51 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2188
etag: W/"qBvmYHXSdzv8R5IW6kGYX2KTPYw"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5gtj9VmcbwU28rNOhSoz1Ybi2R2I0Y7eKaKxRm0GQwMY2VK4IbKqJmGEIcAXxv3ys5vw2ntwm7RmjEVz8B5JM0IMunPGSTByUanmk1c3ljhiP5HdGcoHYzHwtDo6hry4YRTv82DMjvZs"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://shbzek.com
cache-control: public, max-age=14400
x-zone: eu
cf-ray: 7c37e1519d580e52-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 fp.js Show response
ulmoyc.com/ 1 KB
878 B 56ms
54ms Script
application/javascript 2606:4700:3033::ac43:dd04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ulmoyc.com/fp.js?d=shbzek.com
Requested by: Host: ulmoyc.com
URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=32&pbd=iOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNpMSI6IiIsInNpMiI6IiJ9eyJwaWQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:dd04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 246a199499e543a09db1d3ba0b545295be813685d70c2cd6fdfd1477247f1f9f

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://shbzek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:51 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 07 May 2023 07:51:47 GMT
max-age: 0
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DXB%2Blx6cSdibWPDgQeYcYZNn3f9OgdYV7m39eklaj8AOoNAF4FGM%2ButCb7Sh0eHwMSg5mhhd2Mlk22QnmXkDpjOQomOV4N%2BOxzqXgLk%2BDN63WwPgb6sGPKld%2F309Ou9fiJ5T9ZDSnKA9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://shbzek.com
cache-control: max-age=14400
x-zone: eu
cf-ray: 7c37e151ddaa0e52-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 great Show response
53adn.shbzek.com/ 20 KB
11 KB 63ms
38ms Document
text/html 185.56.234.205
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://53adn.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=1
Requested by: Host: shbzek.com
URL: https://shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&si1=&si2=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.1 /
Resource Hash: 267903520418c8324e1ae702c347a90af16facabf7e716fa9079b1c11b44f24c

Request headers

Referer: https://shbzek.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 07 May 2023 07:51:51 GMT
server: nginx/1.21.1
vary: Accept-Encoding
x-zone: eu4

GET
H3 200 sdk.js Show response
ulmoyc.com/v1/ 13 KB
5 KB 28ms
28ms Script
application/javascript 2606:4700:3033::ac43:dd04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=32&pbd=iOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsImkiOiIxIn0=eyJwaWQ
Requested by: Host: 53adn.shbzek.com
URL: https://53adn.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:dd04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b7eaba0d5fdda91498ab818a09892638ba079bf8a1e350942cc31c439f2fe0d

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://53adn.shbzek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:51 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2489
etag: W/"oAZMGS2rcSIli6IVsgkxx3WugUk"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oR%2BwqL%2BgfXznwEw%2FzO5o%2BALnJHgfWdUDRwwqTEUtPc0oTMoMO760wxbAlAZB7f7ICaOY4h97ua%2FPDtW7oubAZqvki51yljbhhRhsW2XlyMc3v9u10ZT%2FiipikS8fOD25brF79B1ipm7e"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://shbzek.com
cache-control: public, max-age=14400
x-zone: eu
cf-ray: 7c37e1531b1a0e65-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 great Show response
z6tm5.shbzek.com/ 20 KB
11 KB 60ms
37ms Document
text/html 185.56.234.205
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z6tm5.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=2
Requested by: Host: 53adn.shbzek.com
URL: https://53adn.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.1 /
Resource Hash: 867593d1bff9f987b56641a807e9d45d2d8c056b4047b3985c28567e3d72cb3e

Request headers

Referer: https://53adn.shbzek.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 07 May 2023 07:51:51 GMT
server: nginx/1.21.1
vary: Accept-Encoding
x-zone: eu4

GET
H3 200 sdk.js Show response
ulmoyc.com/v1/ 13 KB
5 KB 36ms
36ms Script
application/javascript 2606:4700:3033::ac43:dd04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=32&pbd=iOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsImkiOiIyIn0=eyJwaWQ
Requested by: Host: z6tm5.shbzek.com
URL: https://z6tm5.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:dd04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ec36a8622801d60f6af4e953d26b6f4a6245c231fe9bf41fd65f0f5e6fc547e

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://z6tm5.shbzek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:51 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2198
etag: W/"Bvnp8jYlW/b8AVNwAtqjHdfeXQ4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oCVWgy2gAwmEi4mwOsqk8fYV3hqb3B2Gu14qMFUnMNHsuINsGFnT%2B12wRwMpVmIWo9Kqs%2BS13dqbe2AXjziQGmCFLtYVIfCnStm4US%2FOrBE4CUyFJ%2BqsNanQnhpczNP%2B2n16Omp1kb0G"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://shbzek.com
cache-control: public, max-age=14400
x-zone: eu
cf-ray: 7c37e1542cc10e65-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 great Show response
5xzel.shbzek.com/ 20 KB
11 KB 66ms
41ms Document
text/html 185.56.234.205
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://5xzel.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=3
Requested by: Host: z6tm5.shbzek.com
URL: https://z6tm5.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.1 /
Resource Hash: 404c1bb8104f74edf19ace9bde751181996b4e29d598e2c011e238ecefd58e9d

Request headers

Referer: https://z6tm5.shbzek.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 07 May 2023 07:51:51 GMT
server: nginx/1.21.1
vary: Accept-Encoding
x-zone: eu3

GET
H3 200 sdk.js Show response
ulmoyc.com/v1/ 13 KB
5 KB 24ms
23ms Script
application/javascript 2606:4700:3033::ac43:dd04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=32&pbd=iOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsImkiOiIzIn0=eyJwaWQ
Requested by: Host: 5xzel.shbzek.com
URL: https://5xzel.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:dd04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2e38d63cb431d4ed379a6107487dbd884337d354169ccf50958d5bc18596707

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://5xzel.shbzek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:51 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 228
etag: W/"kprs4wI87gAiLxc54kvVYFpTdxM"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=83IVC79A%2BTBrB2ZaTz97AyPimLSnCmp8kWMCFNvjUWuHzL6Bgqs%2BzrByCZKxWXxQI7t%2F4ohgnHmH%2F08J8Oy2LA%2BCNq%2BFD%2BKcmkLvjuU3UnZ%2B77wpefO7PXMllXLx1E%2F1A2GCwdlocluT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://shbzek.com
cache-control: public, max-age=14400
x-zone: eu
cf-ray: 7c37e1558ef40e65-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 great Show response
kgrut.shbzek.com/ 20 KB
11 KB 62ms
38ms Document
text/html 185.56.234.205
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://kgrut.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=4
Requested by: Host: 5xzel.shbzek.com
URL: https://5xzel.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.1 /
Resource Hash: 1e051a475a24424f7a6fc55c325a079bc5e03145043e7427072a6047dc4f5f3b

Request headers

Referer: https://5xzel.shbzek.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 07 May 2023 07:51:52 GMT
server: nginx/1.21.1
vary: Accept-Encoding
x-zone: eu3

GET
H3 200 sdk.js Show response
ulmoyc.com/v1/ 13 KB
5 KB 24ms
24ms Script
application/javascript 2606:4700:3033::ac43:dd04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=32&pbd=iOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsImkiOiI0In0=eyJwaWQ
Requested by: Host: kgrut.shbzek.com
URL: https://kgrut.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:dd04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 753c4f279520a963a4b537bbdfbd6885660e782763f4c472014c4d65fe3c021f

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://kgrut.shbzek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 221
etag: W/"dwsp+pnrdaDCfHfBo3q8nguYFKk"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9bWahye9C0d2dDEzAwTmxnrqI4UIBX0MQeDHRx09ru2%2BxEVpLgrsQxJmyRgsHpB8YrPXDEhSl2w9sPjcHAepwUJa75oXzoh8nILiaIWqr7PaHGwbMwnP27MACDKCHIxZS6%2FsVY4qrtRq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://shbzek.com
cache-control: public, max-age=14400
x-zone: eu
cf-ray: 7c37e156c8630e65-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 great Show response
5lh1m.shbzek.com/ 20 KB
11 KB 60ms
38ms Document
text/html 185.56.234.205
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://5lh1m.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=5
Requested by: Host: kgrut.shbzek.com
URL: https://kgrut.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.1 /
Resource Hash: b8a62958d474403cac82952e61fc44a1f93953165abb9ba5ba5dbd769110b575

Request headers

Referer: https://kgrut.shbzek.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 07 May 2023 07:51:52 GMT
server: nginx/1.21.1
vary: Accept-Encoding
x-zone: eu3

GET
H3 200 sdk.js Show response
ulmoyc.com/v1/ 13 KB
5 KB 56ms
55ms Script
application/javascript 2606:4700:3033::ac43:dd04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=32&pbd=iOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsImkiOiI1In0=eyJwaWQ
Requested by: Host: 5lh1m.shbzek.com
URL: https://5lh1m.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=5
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:dd04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce615e45391ba82e94c7d9884c268e261827dbf96c8447c5f7911d29ea89b85d

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://5lh1m.shbzek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"z4C0YBkVCVkzAlXD+uVk2JOaQU0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fxKYHLhgiDUlBqeSrI0zEQp%2FnPm1uAsyF4%2FWMDiu0unmHUPBO1t63K0aqIk%2FTJM4gD2cH4LelDhkdsNQciMJCM4upDeYmCitKLe3QUP9dbewG9Z9fA6UgvX8fr2iVVY1ZXaD3D6dLjsF"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://shbzek.com
cache-control: public, max-age=14400
x-zone: eu
cf-ray: 7c37e157e9a30e65-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 great Show response
4jiuv.shbzek.com/ 20 KB
11 KB 61ms
38ms Document
text/html 185.56.234.205
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://4jiuv.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=6
Requested by: Host: 5lh1m.shbzek.com
URL: https://5lh1m.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.1 /
Resource Hash: fa6b1059864e0d5f71a1e03eb37cd2204480b8b1bc9164f3a15a048524847dfc

Request headers

Referer: https://5lh1m.shbzek.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 07 May 2023 07:51:52 GMT
server: nginx/1.21.1
vary: Accept-Encoding
x-zone: eu4

GET
H3 200 sdk.js Show response
ulmoyc.com/v1/ 13 KB
5 KB 49ms
48ms Script
application/javascript 2606:4700:3033::ac43:dd04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=32&pbd=iOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsImkiOiI2In0=eyJwaWQ
Requested by: Host: 4jiuv.shbzek.com
URL: https://4jiuv.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:dd04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 879230740fadd26123008206ffeff90e03be506d06590600350f76bf55c6e3e8

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://4jiuv.shbzek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"oIhMIqXoxOzJv4BMXEQECy/KBWY"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uACzcqBmXL8FONz7SvN1QQpQtlL2gNvROv6TUrnuQECD7DK2XWtFWUTKCIYqcMAq0fvpEjMfEq0y47n2rxTHmSZPkqKvUQOQ%2FfbDwVjmM3bILsZOt5fNBQYr5bVtX16mnQaPuxJbps8l"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://shbzek.com
cache-control: public, max-age=14400
x-zone: eu
cf-ray: 7c37e1594b750e65-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 great Show response
x936m.shbzek.com/ 20 KB
11 KB 60ms
39ms Document
text/html 185.56.234.205
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://x936m.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=7
Requested by: Host: 4jiuv.shbzek.com
URL: https://4jiuv.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.1 /
Resource Hash: b4423d05b744c7f629cd29e42c8e889ca975427c7e196e9ecb2b5e83422dcf78

Request headers

Referer: https://4jiuv.shbzek.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 07 May 2023 07:51:52 GMT
server: nginx/1.21.1
vary: Accept-Encoding
x-zone: eu3

GET
H3 200 sdk.js Show response
ulmoyc.com/v1/ 13 KB
5 KB 49ms
49ms Script
application/javascript 2606:4700:3033::ac43:dd04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=32&pbd=iOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsImkiOiI3In0=eyJwaWQ
Requested by: Host: x936m.shbzek.com
URL: https://x936m.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:dd04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af32b6f7b2c04f395f4459a14eb9aa8dfeb7c35acf6d1ddf8452c19514cc20bc

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://x936m.shbzek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"cbELlAEAh0QyBBhLBtLMpgu8/Ss"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z1Mn9ea1DTG1FvAUJ%2FOlmTyV8cfJxHKpz21Vu2pwytKu18Lrvik6ZZ3p%2BVYxqk0FkDSvJOsQA%2FPIn6gMz5U5V1oseMsDddhSspXh7QUP9S2iA7s%2FVKFew%2BM2%2BKIAcnyN2kEfhwBkYSX6"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://shbzek.com
cache-control: public, max-age=14400
x-zone: eu
cf-ray: 7c37e15a8cc80e65-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 great Show response
t2amz.shbzek.com/ 20 KB
11 KB 63ms
40ms Document
text/html 185.56.234.205
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://t2amz.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=8
Requested by: Host: x936m.shbzek.com
URL: https://x936m.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=7
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.1 /
Resource Hash: e429d991554533887b7fd9263421a4d43cb39c46e8d48227b418621e14b83a84

Request headers

Referer: https://x936m.shbzek.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 07 May 2023 07:51:52 GMT
server: nginx/1.21.1
vary: Accept-Encoding
x-zone: eu4

GET
H3 200 sdk.js Show response
ulmoyc.com/v1/ 13 KB
5 KB 50ms
50ms Script
application/javascript 2606:4700:3033::ac43:dd04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=32&pbd=iOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsImkiOiI4In0=eyJwaWQ
Requested by: Host: t2amz.shbzek.com
URL: https://t2amz.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:dd04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2bf5152e5fb6ab1111cc54207a7909a1b9645de2249e9ba84abee4c68f0fdb72

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://t2amz.shbzek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"dumO19O3BDXlrjv8C/5MhULOJc4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cGA46xSI0SxQhis9RObl8H9lOa%2BqkAm47A4NAm4LlkY11wcSsa6d3OBqRP9FVMGr2pN0Mm0WsA1UNe2xcuzbXQ3O%2Bxz4aOTY2Ors6XrADW5eJf7Iv2rqrncs3AFoDQWVInArE%2BnSIgHg"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://shbzek.com
cache-control: public, max-age=14400
x-zone: eu
cf-ray: 7c37e15bbe900e65-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 great Show response
bi9xo.shbzek.com/ 20 KB
11 KB 65ms
39ms Document
text/html 185.56.234.205
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://bi9xo.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=9
Requested by: Host: t2amz.shbzek.com
URL: https://t2amz.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=8
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.1 /
Resource Hash: a7885ae8b8a63c023f38886e38891b13dea2fed993dce1a9140af66009f7730f

Request headers

Referer: https://t2amz.shbzek.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 07 May 2023 07:51:53 GMT
server: nginx/1.21.1
vary: Accept-Encoding
x-zone: eu4

GET
H3 200 sdk.js Show response
ulmoyc.com/v1/ 13 KB
5 KB 51ms
50ms Script
application/javascript 2606:4700:3033::ac43:dd04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=32&pbd=iOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsImkiOiI5In0=eyJwaWQ
Requested by: Host: bi9xo.shbzek.com
URL: https://bi9xo.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:dd04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ccfcb5f8db5f4b3d0d9b400f7468543e67145f5ee53bb94050af294eb45d9225

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://bi9xo.shbzek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 07:51:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"cYPA+ouCM/urd5A0qNEyMeRzb2c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tEoNdIgR%2BcoImmKucGQB%2B%2Fe9I4gu4iQ0OrhP%2B%2F3%2FJJFKTWIesAyfDteN3WtypdDDkdalUnPELmoLgdFQuRcRKIPKI7YyKMkebqsTjx1nqqZmXmgnuFvot1W3G43ThsMPMpbLS8tfgksY"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://shbzek.com
cache-control: public, max-age=14400
x-zone: eu
cf-ray: 7c37e15d18330e65-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 phtbload
ecrwqu.com/ 149 B
307 B 155ms
55ms Fetch
application/javascript 2a02:b4a:1:7::9165:1
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ecrwqu.com/phtbload?a=1&e=aeyJwaWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODd9
Requested by: Host: bi9xo.shbzek.com
URL: https://bi9xo.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 2a02:b4a:1:7::9165:1 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://bi9xo.shbzek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 07 May 2023 07:51:53 GMT
content-encoding: gzip
server: nginx/1.18.0
accept-ch: Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2

200

Primary Request details
play.google.com/store/apps/
Redirect Chain

https://ecrwqu.com/cuclc?aid=2660227543318806711&t=1683445913&s=854349
http://top.40trk.com/c/c3317c96d15d983f?CLICKID=a2_2660227543318806711_440287_2_0&CPC=0.0001&SOURCE_ID=a440287&CAMPAIGN_ID=854349&CPC=0.0001&ZONE_ID=a440287&CREATIVE_ID={CREATIVE_ID}
http://trk.adtrk21.com/aff_c?aff_id=16980&aff_sub=efvdg6457589a0005b83a&offer_id=1972
https://winbonuses.life/?u=m5uwwwl&o=frcpbz7&t=16980&cid=102db30fdbb228091b97f861575140
https://play.google.com/store/apps/details?id=com.tinder

160 KB
0

175ms
95ms

Document
text/html

2a00:1450:4001:811::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/store/apps/details?id=com.tinder

Requested by

Host: bi9xo.shbzek.com
URL: https://bi9xo.shbzek.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODcsInNyYyI6Mn0=eyJ&i=9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport script-src 'report-sample' 'nonce-g-2czU625G-cH3TTKNw_2w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/PlayStoreUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport script-src 'report-sample' 'nonce-g-2czU625G-cH3TTKNw_2w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/PlayStoreUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: same-site
date: Sun, 07 May 2023 07:51:55 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge
x-xss-protection: 0

Redirect headers

Cache-Control: no-transform
Connection: keep-alive
Content-Length: 173
Content-Type: text/html; charset=utf-8
Date: Sun, 07 May 2023 07:51:55 GMT
Server: nginx
cache-control: private
location: https://play.google.com/store/apps/details?id=com.tinder

POST cspreport
play.google.com/_/PlayStoreUi/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fire.descriptionscripts.com
URL: https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463

Domain: shbzek.com
URL: https://shbzek.com/gosl/InNpZCI6MTE5NjU2OSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=&si2=

Domain: shbzek.com
URL: https://shbzek.com/gosl/InNpZCI6MTE5NjU2OSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=&si2=

Domain: shbzek.com
URL: https://shbzek.com/gosl/InNpZCI6MTE5NjU2OSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=&si2=

Domain: play.google.com
URL: https://play.google.com/_/PlayStoreUi/cspreport

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
hfticket.ab-it-group.de/	1970-01-20 11:37:54	Name: wpcurrentimes Value: 1
.shbzek.com/	1970-01-20 11:38:52	Name: truniq Value: 1
.shbzek.com/	1970-01-20 20:23:01	Name: prompt Value: 1
.shbzek.com/	1970-01-20 11:47:30	Name: ufp2 Value: c915527bb6200b87ce79bfeb562348b3d50c0688

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4jiuv.shbzek.com
53adn.shbzek.com
5lh1m.shbzek.com
5xzel.shbzek.com
azkcqs.com
bi9xo.shbzek.com
block.descriptionscripts.com
ecrwqu.com
fire.descriptionscripts.com
fonts.gstatic.com
hfticket.ab-it-group.de
kgrut.shbzek.com
play.google.com
shbzek.com
t2amz.shbzek.com
top.40trk.com
trk.adtrk21.com
ulmoyc.com
winbonuses.life
x936m.shbzek.com
z6tm5.shbzek.com
fire.descriptionscripts.com
play.google.com
shbzek.com
185.155.184.98
185.56.234.205
2.59.222.113
2606:4700:20::681a:bf1
2606:4700:3033::ac43:dd04
2a00:1450:4001:800::2003
2a00:1450:4001:811::200e
2a02:b4a:1:7::9165:1
2a02:b4a:1:7::9273:1
2a06:98c1:3121::3
52.19.101.114
0b7eaba0d5fdda91498ab818a09892638ba079bf8a1e350942cc31c439f2fe0d
1e051a475a24424f7a6fc55c325a079bc5e03145043e7427072a6047dc4f5f3b
246a199499e543a09db1d3ba0b545295be813685d70c2cd6fdfd1477247f1f9f
267903520418c8324e1ae702c347a90af16facabf7e716fa9079b1c11b44f24c
2bf5152e5fb6ab1111cc54207a7909a1b9645de2249e9ba84abee4c68f0fdb72
3288c6c3da85b824059cf532dd572db9445cb60899adcbe597c3e7126c2f088e
3ec36a8622801d60f6af4e953d26b6f4a6245c231fe9bf41fd65f0f5e6fc547e
404c1bb8104f74edf19ace9bde751181996b4e29d598e2c011e238ecefd58e9d
41460bdc5cc7d57ff3d0e964f2b67421d0d6fb04ed873f24cd75f2b3874cb3b2
67d910116d2c338b055fe5b16e97892879462ebdb5cebd07982afb4fe6a1f5f5
73a3195d9570ffc6ab9d2488eb93144017f76a0c6e8d5afd66f16035a068db47
753c4f279520a963a4b537bbdfbd6885660e782763f4c472014c4d65fe3c021f
82ce4b8858b88272fa84c8341859ed344e97edbce74df7f81e98911e15628bbc
867593d1bff9f987b56641a807e9d45d2d8c056b4047b3985c28567e3d72cb3e
879230740fadd26123008206ffeff90e03be506d06590600350f76bf55c6e3e8
a7885ae8b8a63c023f38886e38891b13dea2fed993dce1a9140af66009f7730f
af32b6f7b2c04f395f4459a14eb9aa8dfeb7c35acf6d1ddf8452c19514cc20bc
b4423d05b744c7f629cd29e42c8e889ca975427c7e196e9ecb2b5e83422dcf78
b8a62958d474403cac82952e61fc44a1f93953165abb9ba5ba5dbd769110b575
ccfcb5f8db5f4b3d0d9b400f7468543e67145f5ee53bb94050af294eb45d9225
cda1099db3e2407595dbad40b613a47fd83e4a062083571ec01fcc7e46e95bba
ce4714944663ab66446464e544e69808450bee9d0332659795eacea5751fc4f2
ce615e45391ba82e94c7d9884c268e261827dbf96c8447c5f7911d29ea89b85d
d2aae4ca60bd21e6558dff1e09b6d299ffeb57171315d299ad3270ed43c00a99
e2e38d63cb431d4ed379a6107487dbd884337d354169ccf50958d5bc18596707
e30920a8784663f889b11589f9464c690e7c6b14aaf59677bf04408054213469
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e429d991554533887b7fd9263421a4d43cb39c46e8d48227b418621e14b83a84
ec1fb5f3237cf6a3b508390b4965faf5eb673f0588cfb81e7a057118f808921c
fa6b1059864e0d5f71a1e03eb37cd2204480b8b1bc9164f3a15a048524847dfc

play.google.com Open in urlscan Pro 2a00:1450:4001:811::200e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

41 Requests

88 %HTTPS

64 %IPv6

11 Domains

21 Subdomains

9 IPs

4 Countries

315 kBTransfer

974 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

41 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

play.google.com Open in urlscan Pro
2a00:1450:4001:811::200e Public Scan

Screenshot
Live screenshot

Full Image

41
Requests

88 %
HTTPS

64 %
IPv6

11
Domains

21
Subdomains

9
IPs

4
Countries

315 kB
Transfer

974 kB
Size

4
Cookies

41 HTTP transactions
0 data transactions