urlscan.io logo urlscan.io
SecurityTrails logo

w.visionaryrefreshingvisit.buzz Open in urlscan Pro
172.67.161.34  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://qw.data-free.online/
Effective URL: https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASqU9LYjvGUkYHvkeMtJcOh...
Submission: On May 24 via api from US — Scanned from PL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 5 countries across 22 domains to perform 52 HTTP transactions. The main IP is 172.67.161.34, located in United States and belongs to CLOUDFLARENET, US. The main domain is w.visionaryrefreshingvisit.buzz.
TLS certificate: Issued by GTS CA 1P5 on April 27th 2024. Valid for: 3 months.
This is the only time w.visionaryrefreshingvisit.buzz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 51.68.131.131 16276 (OVH)
1 206.72.205.7 19318 (IS-AS-1)
2 142.250.184.243 15169 (GOOGLE)
1 1 172.67.168.217 13335 (CLOUDFLAR...)
2 142.250.186.33 15169 (GOOGLE)
1 52.28.208.227 16509 (AMAZON-02)
3 4 188.114.96.3 13335 (CLOUDFLAR...)
1 4 172.67.165.56 13335 (CLOUDFLAR...)
1 172.67.185.188 13335 (CLOUDFLAR...)
3 99.198.106.194 32475 (SINGLEHOP...)
6 172.67.161.34 13335 (CLOUDFLAR...)
12 139.45.197.251 9002 (RETN-AS)
1 139.45.195.8 9002 (RETN-AS)
52 13
3    51.68.131.131 (Warsaw, Poland)

ASN16276 (OVH, FR)
PTR: pld111c.truehost.cloud
qw.data-free.online
1    206.72.205.7 (United States)

ASN19318 (IS-AS-1, US)
PTR: rkinfocom.host
sape.ngumaz.com
2    142.250.184.243 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f19.1e100.net
raha.muusha.xyz
1    172.67.168.217 (United States)

ASN13335 (CLOUDFLARENET, US)
quttyvex.com
2    142.250.186.33 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f1.1e100.net
zemo-ghoko.blogspot.com
1    52.28.208.227 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-208-227.eu-central-1.compute.amazonaws.com
3lq3d.bemobtrcks.com
4    188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
www.sutrigbgiblocl.art
merterpazar.com
4    172.67.165.56 (United States)

ASN13335 (CLOUDFLARENET, US)
xuty.mingotime.com
1    172.67.185.188 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.addlnk.com
3    99.198.106.194 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
tuk.kutberg.com
6    172.67.161.34 (United States)

ASN13335 (CLOUDFLARENET, US)
w.visionaryrefreshingvisit.buzz
12    139.45.197.251 (United Kingdom)

ASN9002 (RETN-AS, GB)
gauvaiho.net
jouteetu.net
1    139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)
my.rtmark.net
Domain Requested by
9 jouteetu.net gauvaiho.net
6 w.visionaryrefreshingvisit.buzz tuk.kutberg.com
w.visionaryrefreshingvisit.buzz
gauvaiho.net
4 xuty.mingotime.com 1 redirects www.sutrigbgiblocl.art
xuty.mingotime.com
3 gauvaiho.net w.visionaryrefreshingvisit.buzz
gauvaiho.net
3 tuk.kutberg.com xuty.mingotime.com
3 www.sutrigbgiblocl.art 2 redirects
3 qw.data-free.online qw.data-free.online
2 zemo-ghoko.blogspot.com raha.muusha.xyz
zemo-ghoko.blogspot.com
2 raha.muusha.xyz sape.ngumaz.com
raha.muusha.xyz
1 my.rtmark.net gauvaiho.net
1 merterpazar.com 1 redirects
1 cdn.addlnk.com xuty.mingotime.com
1 3lq3d.bemobtrcks.com zemo-ghoko.blogspot.com
1 quttyvex.com 1 redirects
1 sape.ngumaz.com qw.data-free.online
0 blogger.googleusercontent.com Failed sape.ngumaz.com
raha.muusha.xyz
zemo-ghoko.blogspot.com
0 hm.baidu.com Failed qw.data-free.online
0 widget.supercounters.com Failed qw.data-free.online
0 code.jquery.com Failed qw.data-free.online
0 1.bp.blogspot.com Failed qw.data-free.online
0 imagizer.imageshack.com Failed qw.data-free.online
0 i.postimg.cc Failed qw.data-free.online
0 fonts.googleapis.com Failed qw.data-free.online
52 23

This site contains no links.

Subject Issuer Validity Valid
www.qw.data-free.online
R3		 2024-05-24 -
2024-08-22		 3 months crt.sh
shukri.mwikace.com
Sectigo RSA Domain Validation Secure Server CA		 2024-04-24 -
2025-04-24		 a year crt.sh
raha.muusha.xyz
GTS CA 1D4		 2024-04-27 -
2024-07-27		 3 months crt.sh
misc-sni.blogspot.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
bemobtrcks.com
R3		 2024-05-20 -
2024-08-18		 3 months crt.sh
sutrigbgiblocl.art
GTS CA 1P5		 2024-03-29 -
2024-06-27		 3 months crt.sh
mingotime.com
Cloudflare Inc ECC CA-3		 2024-01-26 -
2024-12-31		 a year crt.sh
addlnk.com
GTS CA 1P5		 2024-04-03 -
2024-07-02		 3 months crt.sh
tuk.kutberg.com
R3		 2024-04-26 -
2024-07-25		 3 months crt.sh
visionaryrefreshingvisit.buzz
GTS CA 1P5		 2024-04-27 -
2024-07-26		 3 months crt.sh
gauvaiho.net
R3		 2024-04-19 -
2024-07-18		 3 months crt.sh
jouteetu.net
R3		 2024-05-14 -
2024-08-12		 3 months crt.sh
rtmark.net
R3		 2024-05-11 -
2024-08-09		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASqU9LYjvGUkYHvkeMtJcOhyJRIQnl7Z7Jd7JOxuiIRPAhF1y76ltf2CoJ0TrIDkB-2TmjyDEA7J--OEfXuSO1MsA03_OSMCx7uXQXP6UX_1n-VAAnxsrhJSkNKi1TLoA7QdoLeOk3Zgly7AI984lyih0uHOHFuyKPYB0WEjHzGnxQ2k3t7B5GOTl0QDozxqpPiPTd-pUxTzKpY7SiG3Wfh_wT6GvQkX9nZym7oq1DxN54N91Q0nV4SqKxBm7VpkwNiEym_pyBQkY3zn0WCdxFLPM4Faqv68oCRAEnFdeRi_KKvrKehp6CA0vYHsaetkFVcl2cE3gaw5hMySqnBn8BGjHPVSDj6j11L53fvNeEaV_fITerRNe5Cb2yfp4z8HC823d9YzCBv3NtCXCW4XGuaSylGqome4e0nhpnTjAp66TT-Fk5B5bAKxjTvQE0XeNBt9c4C31_8drK5Ap8SWPYZEk&lptoken=17ae164859ac63916248&2=13260&3=13260-fe0bbc2f-20eeb22c&1=M7372717495708287022
Frame ID: 1F80CFAC5357ABA38055266045FF1909
Requests: 50 HTTP requests in this frame

Frame: https://xuty.mingotime.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js
Frame ID: 5F8EB5ECF30600A0BAA716F9EBCEC017
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

R2 Games

Page URL History Show full URLs

  1. https://qw.data-free.online/ Page URL
  2. https://qw.data-free.online/go.php Page URL
  3. https://sape.ngumaz.com/api/direct/450299?s1=%subid1%&kw= Page URL
  4. https://raha.muusha.xyz/ Page URL
  5. https://quttyvex.com/cl/3a30bf55ace240d7?p1=&p2=&source=&site= HTTP 302
    https://zemo-ghoko.blogspot.com/ Page URL
  6. https://3lq3d.bemobtrcks.com/go/45f6dadd-22f2-4290-b532-41eeffc91824 Page URL
  7. https://www.sutrigbgiblocl.art/?sl=5765866-171e5&pub_click_id=8TzSCPbQgc9sngLvxrCUTf&site=&pub_sub_id=&EXTE... Page URL
  8. https://www.sutrigbgiblocl.art/?sl=5765866-171e5&pub_click_id=8TzSCPbQgc9sngLvxrCUTf&site=&pub_sub_id=&EXTE... HTTP 302
    http://www.sutrigbgiblocl.art/?sl=5765866-171e5&pub_click_id=8TzSCPbQgc9sngLvxrCUTf&site=&pub_sub_id=&EXTE... HTTP 307
    https://www.sutrigbgiblocl.art/?sl=5765866-171e5&pub_click_id=8TzSCPbQgc9sngLvxrCUTf&site=&pub_sub_id=&EXTE... HTTP 302
    https://xuty.mingotime.com/rc/7edf752b35?pubid=pubid&affclick=6875260223559049946 Page URL
  9. https://tuk.kutberg.com/?utm_medium=d3ca3460d7f36250b207d930496f80c0c7058403&utm_campaign=mainstream... Page URL
  10. https://merterpazar.com/158093e1-d19b-4bc6-b232-6a1698d1025b?2=13260&3=13260-fe0bbc2f-20eeb22c&1=M73... HTTP 302
    https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASq... Page URL

Page Statistics

52
Requests

67 %
HTTPS

0 %
IPv6

22
Domains

23
Subdomains

13
IPs

5
Countries

3829 kB
Transfer

3887 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://qw.data-free.online/ Page URL
  2. https://qw.data-free.online/go.php Page URL
  3. https://sape.ngumaz.com/api/direct/450299?s1=%subid1%&kw= Page URL
  4. https://raha.muusha.xyz/ Page URL
  5. https://quttyvex.com/cl/3a30bf55ace240d7?p1=&p2=&source=&site= HTTP 302
    https://zemo-ghoko.blogspot.com/ Page URL
  6. https://3lq3d.bemobtrcks.com/go/45f6dadd-22f2-4290-b532-41eeffc91824 Page URL
  7. https://www.sutrigbgiblocl.art/?sl=5765866-171e5&pub_click_id=8TzSCPbQgc9sngLvxrCUTf&site=&pub_sub_id=&EXTERNAL_ID=8TzSCPbQgc9sngLvxrCUTf Page URL
  8. https://www.sutrigbgiblocl.art/?sl=5765866-171e5&pub_click_id=8TzSCPbQgc9sngLvxrCUTf&site=&pub_sub_id=&EXTERNAL_ID=8TzSCPbQgc9sngLvxrCUTf&eyeg=f30ec40044fe8f8822e84f7b922a22eb&eyer=0.376293218328174&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=3lq3d.bemobtrcks.com HTTP 302
    http://www.sutrigbgiblocl.art/?sl=5765866-171e5&pub_click_id=8TzSCPbQgc9sngLvxrCUTf&site=&pub_sub_id=&EXTERNAL_ID=8TzSCPbQgc9sngLvxrCUTf&eyeg=3&eyer=0.376293218328174&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=3lq3d.bemobtrcks.com HTTP 307
    https://www.sutrigbgiblocl.art/?sl=5765866-171e5&pub_click_id=8TzSCPbQgc9sngLvxrCUTf&site=&pub_sub_id=&EXTERNAL_ID=8TzSCPbQgc9sngLvxrCUTf&eyeg=3&eyer=0.376293218328174&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=3lq3d.bemobtrcks.com HTTP 302
    https://xuty.mingotime.com/rc/7edf752b35?pubid=pubid&affclick=6875260223559049946 Page URL
  9. https://tuk.kutberg.com/?utm_medium=d3ca3460d7f36250b207d930496f80c0c7058403&utm_campaign=mainstream_redirect&1=28f1f673&cid=pub86f103e72cb6496a9c62c9b87a6db7ef&2=pubid Page URL
  10. https://merterpazar.com/158093e1-d19b-4bc6-b232-6a1698d1025b?2=13260&3=13260-fe0bbc2f-20eeb22c&1=M7372717495708287022 HTTP 302
    https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASqU9LYjvGUkYHvkeMtJcOhyJRIQnl7Z7Jd7JOxuiIRPAhF1y76ltf2CoJ0TrIDkB-2TmjyDEA7J--OEfXuSO1MsA03_OSMCx7uXQXP6UX_1n-VAAnxsrhJSkNKi1TLoA7QdoLeOk3Zgly7AI984lyih0uHOHFuyKPYB0WEjHzGnxQ2k3t7B5GOTl0QDozxqpPiPTd-pUxTzKpY7SiG3Wfh_wT6GvQkX9nZym7oq1DxN54N91Q0nV4SqKxBm7VpkwNiEym_pyBQkY3zn0WCdxFLPM4Faqv68oCRAEnFdeRi_KKvrKehp6CA0vYHsaetkFVcl2cE3gaw5hMySqnBn8BGjHPVSDj6j11L53fvNeEaV_fITerRNe5Cb2yfp4z8HC823d9YzCBv3NtCXCW4XGuaSylGqome4e0nhpnTjAp66TT-Fk5B5bAKxjTvQE0XeNBt9c4C31_8drK5Ap8SWPYZEk&lptoken=17ae164859ac63916248&2=13260&3=13260-fe0bbc2f-20eeb22c&1=M7372717495708287022 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21
  • https://quttyvex.com/cl/3a30bf55ace240d7?p1=&p2=&source=&site= HTTP 302
  • https://zemo-ghoko.blogspot.com/
Request Chain 26
  • https://www.sutrigbgiblocl.art/?sl=5765866-171e5&pub_click_id=8TzSCPbQgc9sngLvxrCUTf&site=&pub_sub_id=&EXTERNAL_ID=8TzSCPbQgc9sngLvxrCUTf&eyeg=f30ec40044fe8f8822e84f7b922a22eb&eyer=0.376293218328174&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=3lq3d.bemobtrcks.com HTTP 302
  • http://www.sutrigbgiblocl.art/?sl=5765866-171e5&pub_click_id=8TzSCPbQgc9sngLvxrCUTf&site=&pub_sub_id=&EXTERNAL_ID=8TzSCPbQgc9sngLvxrCUTf&eyeg=3&eyer=0.376293218328174&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=3lq3d.bemobtrcks.com HTTP 307
  • https://www.sutrigbgiblocl.art/?sl=5765866-171e5&pub_click_id=8TzSCPbQgc9sngLvxrCUTf&site=&pub_sub_id=&EXTERNAL_ID=8TzSCPbQgc9sngLvxrCUTf&eyeg=3&eyer=0.376293218328174&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=3lq3d.bemobtrcks.com HTTP 302
  • https://xuty.mingotime.com/rc/7edf752b35?pubid=pubid&affclick=6875260223559049946
Request Chain 28
  • https://xuty.mingotime.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://xuty.mingotime.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js

52 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
qw.data-free.online/ 		22 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://qw.data-free.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.68.131.131 Warsaw, Poland, ASN16276 (OVH, FR),
Reverse DNS
pld111c.truehost.cloud
Software
LiteSpeed /
Resource Hash
1956d4929a6d78f55115362ffd433b15da5c15610cd28ac7a4251ce1439b5c60

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-length
6511
content-type
text/html
date
Fri, 24 May 2024 23:49:16 GMT
last-modified
Fri, 24 May 2024 22:47:47 GMT
server
LiteSpeed
vary
Accept-Encoding
sa20gb3.js
qw.data-free.online/ 		121 B
161 B 		Script
General
Check archive.org
Download Go to
Full URL
https://qw.data-free.online/sa20gb3.js
Requested by
Host: qw.data-free.online
URL: https://qw.data-free.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.68.131.131 Warsaw, Poland, ASN16276 (OVH, FR),
Reverse DNS
pld111c.truehost.cloud
Software
LiteSpeed /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://qw.data-free.online/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 23:49:16 GMT
last-modified
Fri, 24 May 2024 22:47:47 GMT
server
LiteSpeed
accept-ranges
bytes
content-length
121
content-type
text/javascript
css2
fonts.googleapis.com/ 		0
0
droidarabicnaskh.css
fonts.googleapis.com/earlyaccess/ 		0
0
pg4.jpg
i.postimg.cc/PJDWCPNg/ 		0
0
a.jpg
i.postimg.cc/DypK8gyK/ 		0
0
b.jpg
i.postimg.cc/NfjcsVt4/ 		0
0
c.jpg
i.postimg.cc/J7q8W8f0/ 		0
0
z1.jpg
i.postimg.cc/Yq2W4vp6/ 		0
0
2.jpg
i.postimg.cc/kMK533Wh/ 		0
0
jGUvgw.jpg
imagizer.imageshack.com/img923/8602/ 		0
0
ettte.jpg
1.bp.blogspot.com/-RuIA2JO0NW0/YKKccmd5SdI/AAAAAAAAB28/NihG0SeSJtkp1P9DCvM00yeYhey77iPXwCLcBGAsYHQ/s600/ 		0
0
jquery-latest.min.js
code.jquery.com/ 		0
0
online_i.js
widget.supercounters.com/ssl/ 		0
0
go.php
qw.data-free.online/ 		642 B
378 B 		Document
General
Check archive.org
Download Go to
Full URL
https://qw.data-free.online/go.php
Requested by
Host: qw.data-free.online
URL: https://qw.data-free.online/sa20gb3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.68.131.131 Warsaw, Poland, ASN16276 (OVH, FR),
Reverse DNS
pld111c.truehost.cloud
Software
LiteSpeed /
Resource Hash
09c1665c8de6d752b4306d73bcedf46ae9d985e03dd02b060cc0e3049e9ed286

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Referer
https://qw.data-free.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
br
content-length
322
content-type
text/html; charset=UTF-8
date
Fri, 24 May 2024 23:49:16 GMT
server
LiteSpeed
vary
Accept-Encoding
hm.js
hm.baidu.com/ 		0
0
450299
sape.ngumaz.com/api/direct/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sape.ngumaz.com/api/direct/450299?s1=%subid1%&kw=
Requested by
Host: qw.data-free.online
URL: https://qw.data-free.online/go.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
206.72.205.7 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
rkinfocom.host
Software
LiteSpeed /
Resource Hash
c8c19c0b3c28a5e7af29829a926b871a856ab9479dabe70a7a770d9fe6683223

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
1352
date
Fri, 24 May 2024 23:49:16 GMT
last-modified
Thu, 25 Apr 2024 00:13:22 GMT
server
LiteSpeed
vf.jpg
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgxYFZN-GQDz3MwLHsAraUn6n7odHLl7pBtrgMdjOkZthTqyMjb1y_KaR4sfDSrWa313zyqYqfyvSVMphdqwl8EORH8nAC3KvND8GXKCNNJR_Ks4J9ADKYjdJvKUF2_UienKcVlhroNKwSOrBd... 		0
0
/
raha.muusha.xyz/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://raha.muusha.xyz/
Requested by
Host: sape.ngumaz.com
URL: https://sape.ngumaz.com/api/direct/450299?s1=%subid1%&kw=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f19.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Referer
https://sape.ngumaz.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
private, max-age=0
content-encoding
gzip
content-length
1361
content-type
text/html; charset=UTF-8
date
Fri, 24 May 2024 23:49:17 GMT
etag
W/"64f8a3f31e61592fad95ff733912fdcf036978c223c274f90f30b43797735879"
expires
Fri, 24 May 2024 23:49:17 GMT
last-modified
Mon, 04 Mar 2024 02:38:37 GMT
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
ccs.gif
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3TezIi6ZFFlp4Xrl5IX9jgM4zKfBX-jbzAJTSfFtetWJkKvYxN-nDX3pbFI3Jio1jtGD0lPQXn7cWbti4RgPJVUF_yA8eV8jmZrQAQdhfwB-53lubF5HbI9Ejyuj1y8oR8i-RuL9UnoX4I-s6... 		0
0
cookienotice.js
raha.muusha.xyz/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://raha.muusha.xyz/js/cookienotice.js
Requested by
Host: raha.muusha.xyz
URL: https://raha.muusha.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f19.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://raha.muusha.xyz/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 23:49:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 24 May 2024 19:55:09 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/javascript
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
2026
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Fri, 31 May 2024 23:49:17 GMT
/
zemo-ghoko.blogspot.com/
Redirect Chain
  • https://quttyvex.com/cl/3a30bf55ace240d7?p1=&p2=&source=&site=
  • https://zemo-ghoko.blogspot.com/
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://zemo-ghoko.blogspot.com/
Requested by
Host: raha.muusha.xyz
URL: https://raha.muusha.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.33 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f1.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Referer
https://raha.muusha.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
gzip
content-length
1552
content-security-policy
upgrade-insecure-requests
content-security-policy-report-only
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-to blogspot; report-uri https://www.blogger.com/cspreport
content-type
text/html; charset=UTF-8
date
Fri, 24 May 2024 23:49:18 GMT
etag
W/"7abb3e628e730813b313e9f41eae586db24476458618933dc1a0859fcdc6011a"
expires
Fri, 24 May 2024 23:49:18 GMT
last-modified
Sat, 30 Mar 2024 22:27:40 GMT
report-to
{"group":"blogspot","max_age":2592000,"endpoints":[{"url":"https://www.blogger.com/cspreport"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
88912e71bee6bff0-WAW
content-type
text/html; charset=UTF-8
date
Fri, 24 May 2024 23:49:17 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
location
https://zemo-ghoko.blogspot.com/
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BwP91RrP8BDDiqN%2B5PsidUjmg9uI9jqLeGUb7ciNX030rmi285EPN5SWIdMzTRHyUgZLZUH9%2Fw1Btvm1yU0Wxy4kxTbGwcv9m3dqKxq7hFD6bc%2BZ3iyBHKt5qmB0r7M%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-frame-options
DENY
x-powered-by
PHP/8.1.26
vf.jpg
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgxYFZN-GQDz3MwLHsAraUn6n7odHLl7pBtrgMdjOkZthTqyMjb1y_KaR4sfDSrWa313zyqYqfyvSVMphdqwl8EORH8nAC3KvND8GXKCNNJR_Ks4J9ADKYjdJvKUF2_UienKcVlhroNKwSOrBd... 		0
0
cookienotice.js
zemo-ghoko.blogspot.com/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zemo-ghoko.blogspot.com/js/cookienotice.js
Requested by
Host: zemo-ghoko.blogspot.com
URL: https://zemo-ghoko.blogspot.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.33 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f1.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://zemo-ghoko.blogspot.com/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 23 May 2024 06:27:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
148910
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2026
x-xss-protection
0
last-modified
Wed, 22 May 2024 17:56:06 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Thu, 30 May 2024 06:27:28 GMT
45f6dadd-22f2-4290-b532-41eeffc91824
3lq3d.bemobtrcks.com/go/ 		276 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://3lq3d.bemobtrcks.com/go/45f6dadd-22f2-4290-b532-41eeffc91824
Requested by
Host: zemo-ghoko.blogspot.com
URL: https://zemo-ghoko.blogspot.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.208.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-208-227.eu-central-1.compute.amazonaws.com
Software
openresty /
Resource Hash
11518d50de1f8b751bef700a474e6c1be508dcfe24ef37a62da8d09b27695349

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Referer
https://zemo-ghoko.blogspot.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Full-Version,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
access-control-allow-origin
*
cache-control
no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 24 May 2024 23:49:18 GMT
etag
W/"114-58xdOEABpkCdDxVE0ddBXPmEAqg"
expires
Thu, 01 Jan 1970 00:00:01 GMT
server
openresty
vary
Accept-Encoding
x-response-time
31.528ms
/
www.sutrigbgiblocl.art/ 		4 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.sutrigbgiblocl.art/?sl=5765866-171e5&pub_click_id=8TzSCPbQgc9sngLvxrCUTf&site=&pub_sub_id=&EXTERNAL_ID=8TzSCPbQgc9sngLvxrCUTf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Referer
https://3lq3d.bemobtrcks.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ch
Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=86400
cache-control
no-transform
cf-cache-status
DYNAMIC
cf-ray
88912e790bb134f4-WAW
content-type
text/html
date
Fri, 24 May 2024 23:49:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J5D0DxhuT31LwXcHbRiku1rWtryYd5Jpo60Y7MLVHk7rpduFemj1VYjIWVJj08VAM%2Bwna0vlTgppIXxiXgyxLZbPOZgN0XIJpnY6a%2B4es5k1WCpBGa0llVjTCvxEb7bzO%2B7MctBsNyUc"}],"group":"cf-nel","max_age":604800}
server
cloudflare
7edf752b35
xuty.mingotime.com/rc/
Redirect Chain
  • https://www.sutrigbgiblocl.art/?sl=5765866-171e5&pub_click_id=8TzSCPbQgc9sngLvxrCUTf&site=&pub_sub_id=&EXTERNAL_ID=8TzSCPbQgc9sngLvxrCUTf&eyeg=f30ec40044fe8f8822e84f7b922a22eb&eyer=0.37629321832817...
  • http://www.sutrigbgiblocl.art/?sl=5765866-171e5&pub_click_id=8TzSCPbQgc9sngLvxrCUTf&site=&pub_sub_id=&EXTERNAL_ID=8TzSCPbQgc9sngLvxrCUTf&eyeg=3&eyer=0.376293218328174&eyei=0&eyew=1600&eyeh=1200&eye...
  • https://www.sutrigbgiblocl.art/?sl=5765866-171e5&pub_click_id=8TzSCPbQgc9sngLvxrCUTf&site=&pub_sub_id=&EXTERNAL_ID=8TzSCPbQgc9sngLvxrCUTf&eyeg=3&eyer=0.376293218328174&eyei=0&eyew=1600&eyeh=1200&ey...
  • https://xuty.mingotime.com/rc/7edf752b35?pubid=pubid&affclick=6875260223559049946
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://xuty.mingotime.com/rc/7edf752b35?pubid=pubid&affclick=6875260223559049946
Requested by
Host: www.sutrigbgiblocl.art
URL: https://www.sutrigbgiblocl.art/?sl=5765866-171e5&pub_click_id=8TzSCPbQgc9sngLvxrCUTf&site=&pub_sub_id=&EXTERNAL_ID=8TzSCPbQgc9sngLvxrCUTf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.165.56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8366411a8aa52676174c0f04188e44d29db3ebe12b0050c6bab2d83041bad643

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Referer
https://www.sutrigbgiblocl.art/?sl=5765866-171e5&pub_click_id=8TzSCPbQgc9sngLvxrCUTf&site=&pub_sub_id=&EXTERNAL_ID=8TzSCPbQgc9sngLvxrCUTf
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"
sec-ch-ua-platform-version
"10.0.0"

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
88912e7bef3b34a4-WAW
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Fri, 24 May 2024 23:49:19 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2BKrwgGcvENUUSvJqSD%2BfXVrKL2lStZ76I9t%2FjLsZVV0zf3iCNjuMnVy5fQE018hKO8eUMk0jsqWQtGt51IxSF%2Bth4dpfMIVb2eT8ZUgEhucIKgnvDaCdlgnM8HkPV%2F2gRPIJX8%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-transform
cf-cache-status
DYNAMIC
cf-ray
88912e7afcc134f4-WAW
content-length
0
date
Fri, 24 May 2024 23:49:19 GMT
location
https://xuty.mingotime.com/rc/7edf752b35?pubid=pubid&affclick=6875260223559049946
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q6y%2Fgh3wn4Pkkk2LWqpuaYM1LE6X%2FmVlMqHY6u7uMuLk63%2BEoq0gXop8rvtTSX6mk8JTwc2QhAL8IeyE6YofiVcLg%2BmVH1aJ%2F2DKrH5HeCDDAxGUweoIoVF6%2FB7kMVxgtZrxRx65nT2M"}],"group":"cf-nel","max_age":604800}
server
cloudflare
redirect.css
cdn.addlnk.com/ 		1 KB
1018 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: xuty.mingotime.com
URL: https://xuty.mingotime.com/rc/7edf752b35?pubid=pubid&affclick=6875260223559049946
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.185.188 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 23:49:19 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
89RQC1JB5212V1SW
age
4591
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400
x-amz-id-2
K8LVfXBz9bH9QEZUCB1jQdHvIaGDIwjOSWyQawU8a0Wb5V+rjfV+tAA0yXeA9IOktfsTJbtPAIU=
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i45ZyxietCCK5Dal2zQXSlPux4R7VGu8MdaFF8AeekG1wRFq0x8PiXY5glWoMECBigCj9FpK0KAru4bwkd3CGwyA86SuB%2BaauSFhuHiCdJy%2FpmCage%2FOjyM%2FnqpL6C17gg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
88912e7d6979bf88-WAW
main.js
xuty.mingotime.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/ Frame 5F8E
Redirect Chain
  • https://xuty.mingotime.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://xuty.mingotime.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xuty.mingotime.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js
Protocol
H3
Server
172.67.165.56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date
Fri, 24 May 2024 23:49:19 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y8J6l31j8blOWiLvE2A4dtEyuJ1sKrRVyGMLcvdyJDxGJOUajRbaEIAZkMAT%2FyIfB8DbqGkrmeV5LQfj7m%2BZQoJ039YEd%2BlpmsdZE7VnEm5ObiWA690fjh9jkux%2B2lv6qG37lmo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
88912e7e085934a4-WAW
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Fri, 24 May 2024 23:49:19 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YhtFV1%2F7URevvo5aDvTuOKPyeEziqs0IRZ4W8%2BpApFev6iEY9da71PQ%2FjkMdhCcD%2FIn%2F%2FBKKxUKKc0Zicr35DRHWA%2F6IbgFrY9O4PM8keqZw6ieuRkKzZAorpysjBWemQ1IPzpA%3D"}],"group":"cf-nel","max_age":604800}
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js
access-control-allow-origin
*
cache-control
max-age=300, public
cf-ray
88912e7dd83b34a4-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
88912e7bef3b34a4
xuty.mingotime.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 5F8E 		0
594 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xuty.mingotime.com/cdn-cgi/challenge-platform/h/b/jsd/r/88912e7bef3b34a4
Requested by
Host: xuty.mingotime.com
URL: https://xuty.mingotime.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.165.56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 24 May 2024 23:49:19 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ik465%2FWD15CGl9koVD5f3USvmmYSoPgQlXBRv9fZ3wCn%2BoQfxhrVGQ7uFSa05meJ103pzATiALGFklPOyXyF3zmxnR988SZRtUz5OuOo4lQC7IKfellrjwOTvJ%2FhhD67tEEGGuw%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
88912e7f590034a4-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
/
tuk.kutberg.com/ 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tuk.kutberg.com/?utm_medium=d3ca3460d7f36250b207d930496f80c0c7058403&utm_campaign=mainstream_redirect&1=28f1f673&cid=pub86f103e72cb6496a9c62c9b87a6db7ef&2=pubid
Requested by
Host: xuty.mingotime.com
URL: https://xuty.mingotime.com/rc/7edf752b35?pubid=pubid&affclick=6875260223559049946
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.198.106.194 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx /
Resource Hash
eb8ec71aaa48999d06970da02b4d9c8e87160d808b5c37b5af05329238301af0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
alt-svc
h3=":443"; ma=604800; persist=1
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 24 May 2024 23:49:20 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
favicon.ico
tuk.kutberg.com/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://tuk.kutberg.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.198.106.194 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx /
Resource Hash
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-full-version
"125.0.6422.112"
sec-ch-ua-platform-version
"10.0.0"
Referer
https://tuk.kutberg.com/?utm_medium=d3ca3460d7f36250b207d930496f80c0c7058403&utm_campaign=mainstream_redirect&1=28f1f673&cid=pub86f103e72cb6496a9c62c9b87a6db7ef&2=pubid
sec-ch-ua-model
""
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 23:49:20 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Fri, 11 Aug 2023 10:37:02 GMT
server
nginx
etag
"64d60f4e-47e"
content-type
image/x-icon
cache-control
max-age=86400
accept-ranges
bytes
alt-svc
h3=":443"; ma=604800; persist=1
content-length
1150
expires
Sat, 25 May 2024 23:49:20 GMT
favicon.ico
tuk.kutberg.com/ 		1 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tuk.kutberg.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.198.106.194 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx /
Resource Hash
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-full-version
"125.0.6422.112"
sec-ch-ua-platform-version
"10.0.0"
Referer
https://tuk.kutberg.com/?utm_medium=d3ca3460d7f36250b207d930496f80c0c7058403&utm_campaign=mainstream_redirect&1=28f1f673&cid=pub86f103e72cb6496a9c62c9b87a6db7ef&2=pubid
sec-ch-ua-model
""
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 23:49:20 GMT
last-modified
Fri, 11 Aug 2023 10:37:02 GMT
server
nginx
etag
"64d60f4e-47e"
content-type
image/x-icon
cache-control
max-age=86400
accept-ranges
bytes
alt-svc
h3=":443"; ma=604800; persist=1
content-length
1150
expires
Sat, 25 May 2024 23:49:20 GMT
Primary Request index.html
w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/
Redirect Chain
  • https://merterpazar.com/158093e1-d19b-4bc6-b232-6a1698d1025b?2=13260&3=13260-fe0bbc2f-20eeb22c&1=M7372717495708287022
  • https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASqU9LYjvGUkYHvkeMtJcOhyJRIQnl7Z7Jd7JOxuiIRPAhF1y76ltf2CoJ0TrIDkB-2TmjyDEA7J--OEfXuS...
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASqU9LYjvGUkYHvkeMtJcOhyJRIQnl7Z7Jd7JOxuiIRPAhF1y76ltf2CoJ0TrIDkB-2TmjyDEA7J--OEfXuSO1MsA03_OSMCx7uXQXP6UX_1n-VAAnxsrhJSkNKi1TLoA7QdoLeOk3Zgly7AI984lyih0uHOHFuyKPYB0WEjHzGnxQ2k3t7B5GOTl0QDozxqpPiPTd-pUxTzKpY7SiG3Wfh_wT6GvQkX9nZym7oq1DxN54N91Q0nV4SqKxBm7VpkwNiEym_pyBQkY3zn0WCdxFLPM4Faqv68oCRAEnFdeRi_KKvrKehp6CA0vYHsaetkFVcl2cE3gaw5hMySqnBn8BGjHPVSDj6j11L53fvNeEaV_fITerRNe5Cb2yfp4z8HC823d9YzCBv3NtCXCW4XGuaSylGqome4e0nhpnTjAp66TT-Fk5B5bAKxjTvQE0XeNBt9c4C31_8drK5Ap8SWPYZEk&lptoken=17ae164859ac63916248&2=13260&3=13260-fe0bbc2f-20eeb22c&1=M7372717495708287022
Requested by
Host: tuk.kutberg.com
URL: https://tuk.kutberg.com/?utm_medium=d3ca3460d7f36250b207d930496f80c0c7058403&utm_campaign=mainstream_redirect&1=28f1f673&cid=pub86f103e72cb6496a9c62c9b87a6db7ef&2=pubid
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.161.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
701ea97f67d2d11327a42ea383bfb61bff07f83df5069616581d26ed6a05842e

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Referer
https://tuk.kutberg.com/?utm_medium=d3ca3460d7f36250b207d930496f80c0c7058403&utm_campaign=mainstream_redirect&1=28f1f673&cid=pub86f103e72cb6496a9c62c9b87a6db7ef&2=pubid#0
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
age
13
alt-svc
h3=":443"; ma=86400
cache-control
max-age=604800
cf-cache-status
DYNAMIC
cf-ray
88912e90489e3bc7-WAW
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 24 May 2024 23:49:22 GMT
expires
Fri, 31 May 2024 23:49:22 GMT
last-modified
Thu, 11 Apr 2024 03:52:16 GMT
link
<https://sec.movienightowl.com/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASqU9LYjvGUkYHvkeMtJcOhyJRIQnl7Z7Jd7JOxuiIRPAhF1y76ltf2CoJ0TrIDkB-2TmjyDEA7J--OEfXuSO1MsA03_OSMCx7uXQXP6UX_1n-VAAnxsrhJSkNKi1TLoA7QdoLeOk3Zgly7AI984lyih0uHOHFuyKPYB0WEjHzGnxQ2k3t7B5GOTl0QDozxqpPiPTd-pUxTzKpY7SiG3Wfh_wT6GvQkX9nZym7oq1DxN54N91Q0nV4SqKxBm7VpkwNiEym_pyBQkY3zn0WCdxFLPM4Faqv68oCRAEnFdeRi_KKvrKehp6CA0vYHsaetkFVcl2cE3gaw5hMySqnBn8BGjHPVSDj6j11L53fvNeEaV_fITerRNe5Cb2yfp4z8HC823d9YzCBv3NtCXCW4XGuaSylGqome4e0nhpnTjAp66TT-Fk5B5bAKxjTvQE0XeNBt9c4C31_8drK5Ap8SWPYZEk&lptoken=17ae164859ac63916248&2=13260&3=13260-fe0bbc2f-20eeb22c&1=M7372717495708287022>; rel="canonical"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2BHbswnth90KWPoF20fIj1h04aN0%2FwT9lud2wtrFw8iwLBzBQMVab%2F899nWUyCKIg9h9cPP02Vdwsu8S7pM2fKjbSjX%2B%2B4Vm7300ldZAitUDwn1saiosvic3eEiyi9rrCGMKG0hB9fE%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-cache
HIT
x-edge-location
plwa

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, pre-check=0, post-check=0
cf-cache-status
DYNAMIC
cf-ray
88912e8f1f3870c0-WAW
content-length
0
date
Fri, 24 May 2024 23:49:22 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASqU9LYjvGUkYHvkeMtJcOhyJRIQnl7Z7Jd7JOxuiIRPAhF1y76ltf2CoJ0TrIDkB-2TmjyDEA7J--OEfXuSO1MsA03_OSMCx7uXQXP6UX_1n-VAAnxsrhJSkNKi1TLoA7QdoLeOk3Zgly7AI984lyih0uHOHFuyKPYB0WEjHzGnxQ2k3t7B5GOTl0QDozxqpPiPTd-pUxTzKpY7SiG3Wfh_wT6GvQkX9nZym7oq1DxN54N91Q0nV4SqKxBm7VpkwNiEym_pyBQkY3zn0WCdxFLPM4Faqv68oCRAEnFdeRi_KKvrKehp6CA0vYHsaetkFVcl2cE3gaw5hMySqnBn8BGjHPVSDj6j11L53fvNeEaV_fITerRNe5Cb2yfp4z8HC823d9YzCBv3NtCXCW4XGuaSylGqome4e0nhpnTjAp66TT-Fk5B5bAKxjTvQE0XeNBt9c4C31_8drK5Ap8SWPYZEk&lptoken=17ae164859ac63916248&2=13260&3=13260-fe0bbc2f-20eeb22c&1=M7372717495708287022
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Niex2m1oxSyjMu7eDqd6wXeQf1ShGj60pikhdFKStYTQYiydU%2FudytKJ2Lv3hh67jRVneOGCqRKokBpmeaCwcuQg1r3Er0q88JFSMyKCCdHTyi%2Ftj%2BKT%2BfgKePxuQyJfwQg%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
via
1.1 e7829c37bde8b646a09a9e7f4faaa526.cloudfront.net (CloudFront)
x-amz-cf-id
yqxgIoG1x8YpYmA8BIDBzRlUjbkk4GOUVq_sU0GoR_IxKpGrfNPNiw==
x-amz-cf-pop
WAW51-P4
x-cache
Miss from cloudfront
css.css
w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/ 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/css.css
Requested by
Host: w.visionaryrefreshingvisit.buzz
URL: https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASqU9LYjvGUkYHvkeMtJcOhyJRIQnl7Z7Jd7JOxuiIRPAhF1y76ltf2CoJ0TrIDkB-2TmjyDEA7J--OEfXuSO1MsA03_OSMCx7uXQXP6UX_1n-VAAnxsrhJSkNKi1TLoA7QdoLeOk3Zgly7AI984lyih0uHOHFuyKPYB0WEjHzGnxQ2k3t7B5GOTl0QDozxqpPiPTd-pUxTzKpY7SiG3Wfh_wT6GvQkX9nZym7oq1DxN54N91Q0nV4SqKxBm7VpkwNiEym_pyBQkY3zn0WCdxFLPM4Faqv68oCRAEnFdeRi_KKvrKehp6CA0vYHsaetkFVcl2cE3gaw5hMySqnBn8BGjHPVSDj6j11L53fvNeEaV_fITerRNe5Cb2yfp4z8HC823d9YzCBv3NtCXCW4XGuaSylGqome4e0nhpnTjAp66TT-Fk5B5bAKxjTvQE0XeNBt9c4C31_8drK5Ap8SWPYZEk&lptoken=17ae164859ac63916248&2=13260&3=13260-fe0bbc2f-20eeb22c&1=M7372717495708287022
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.161.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36026476ab5db7cfe61c176f04566762e0c2b392ead021367ae9c555fec02db3

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASqU9LYjvGUkYHvkeMtJcOhyJRIQnl7Z7Jd7JOxuiIRPAhF1y76ltf2CoJ0TrIDkB-2TmjyDEA7J--OEfXuSO1MsA03_OSMCx7uXQXP6UX_1n-VAAnxsrhJSkNKi1TLoA7QdoLeOk3Zgly7AI984lyih0uHOHFuyKPYB0WEjHzGnxQ2k3t7B5GOTl0QDozxqpPiPTd-pUxTzKpY7SiG3Wfh_wT6GvQkX9nZym7oq1DxN54N91Q0nV4SqKxBm7VpkwNiEym_pyBQkY3zn0WCdxFLPM4Faqv68oCRAEnFdeRi_KKvrKehp6CA0vYHsaetkFVcl2cE3gaw5hMySqnBn8BGjHPVSDj6j11L53fvNeEaV_fITerRNe5Cb2yfp4z8HC823d9YzCBv3NtCXCW4XGuaSylGqome4e0nhpnTjAp66TT-Fk5B5bAKxjTvQE0XeNBt9c4C31_8drK5Ap8SWPYZEk&lptoken=17ae164859ac63916248&2=13260&3=13260-fe0bbc2f-20eeb22c&1=M7372717495708287022
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 23:49:22 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
305889
x-edge-location
plwa
x-cache
MISS
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 11 Apr 2024 03:52:15 GMT
server
cloudflare
etag
W/"2500-615ca14b22b07"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3G3hQrn6oKgznvp6gWo75KHz5tkVLoaitIGFNodzrXeKZJjAh5YV36zCaHFryB0mblCSuExQDl2vsHFThQnvg0WlPEiJ4yrhU4R7lly8lrcGjrhLBBuzDiMURt3QOUztONyeABN8kJ8%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=604800
cf-ray
88912e90f8f73bc7-WAW
link
<https://sec.movienightowl.com/wbpage5/dating-dark1/css.css>; rel="canonical"
expires
Tue, 28 May 2024 10:51:13 GMT
micro.tag.min.js
gauvaiho.net/pfe/current/ 		36 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gauvaiho.net/pfe/current/micro.tag.min.js?z=4984707&sw=/sw-check-permissions-4eee0.js
Requested by
Host: w.visionaryrefreshingvisit.buzz
URL: https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASqU9LYjvGUkYHvkeMtJcOhyJRIQnl7Z7Jd7JOxuiIRPAhF1y76ltf2CoJ0TrIDkB-2TmjyDEA7J--OEfXuSO1MsA03_OSMCx7uXQXP6UX_1n-VAAnxsrhJSkNKi1TLoA7QdoLeOk3Zgly7AI984lyih0uHOHFuyKPYB0WEjHzGnxQ2k3t7B5GOTl0QDozxqpPiPTd-pUxTzKpY7SiG3Wfh_wT6GvQkX9nZym7oq1DxN54N91Q0nV4SqKxBm7VpkwNiEym_pyBQkY3zn0WCdxFLPM4Faqv68oCRAEnFdeRi_KKvrKehp6CA0vYHsaetkFVcl2cE3gaw5hMySqnBn8BGjHPVSDj6j11L53fvNeEaV_fITerRNe5Cb2yfp4z8HC823d9YzCBv3NtCXCW4XGuaSylGqome4e0nhpnTjAp66TT-Fk5B5bAKxjTvQE0XeNBt9c4C31_8drK5Ap8SWPYZEk&lptoken=17ae164859ac63916248&2=13260&3=13260-fe0bbc2f-20eeb22c&1=M7372717495708287022
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
8490063363bf4a40773d8dee2af254480417d77e311faddc109d4a277c1f862c

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://w.visionaryrefreshingvisit.buzz/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Fri, 24 May 2024 23:49:22 GMT
content-encoding
gzip
last-modified
Fri, 24 May 2024 16:02:34 GMT
server
nginx
etag
W/"6650ba1a-9185"
content-type
application/javascript
cache-control
no-cache
access-control-allow-credentials
true
bg.webm
w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/ 		4 MB
4 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/bg.webm
Requested by
Host: w.visionaryrefreshingvisit.buzz
URL: https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASqU9LYjvGUkYHvkeMtJcOhyJRIQnl7Z7Jd7JOxuiIRPAhF1y76ltf2CoJ0TrIDkB-2TmjyDEA7J--OEfXuSO1MsA03_OSMCx7uXQXP6UX_1n-VAAnxsrhJSkNKi1TLoA7QdoLeOk3Zgly7AI984lyih0uHOHFuyKPYB0WEjHzGnxQ2k3t7B5GOTl0QDozxqpPiPTd-pUxTzKpY7SiG3Wfh_wT6GvQkX9nZym7oq1DxN54N91Q0nV4SqKxBm7VpkwNiEym_pyBQkY3zn0WCdxFLPM4Faqv68oCRAEnFdeRi_KKvrKehp6CA0vYHsaetkFVcl2cE3gaw5hMySqnBn8BGjHPVSDj6j11L53fvNeEaV_fITerRNe5Cb2yfp4z8HC823d9YzCBv3NtCXCW4XGuaSylGqome4e0nhpnTjAp66TT-Fk5B5bAKxjTvQE0XeNBt9c4C31_8drK5Ap8SWPYZEk&lptoken=17ae164859ac63916248&2=13260&3=13260-fe0bbc2f-20eeb22c&1=M7372717495708287022
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.161.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f38b1774762d026f0aded54e076eff72f5135f8fd11bc3efda9354b30436780e

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Referer
https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASqU9LYjvGUkYHvkeMtJcOhyJRIQnl7Z7Jd7JOxuiIRPAhF1y76ltf2CoJ0TrIDkB-2TmjyDEA7J--OEfXuSO1MsA03_OSMCx7uXQXP6UX_1n-VAAnxsrhJSkNKi1TLoA7QdoLeOk3Zgly7AI984lyih0uHOHFuyKPYB0WEjHzGnxQ2k3t7B5GOTl0QDozxqpPiPTd-pUxTzKpY7SiG3Wfh_wT6GvQkX9nZym7oq1DxN54N91Q0nV4SqKxBm7VpkwNiEym_pyBQkY3zn0WCdxFLPM4Faqv68oCRAEnFdeRi_KKvrKehp6CA0vYHsaetkFVcl2cE3gaw5hMySqnBn8BGjHPVSDj6j11L53fvNeEaV_fITerRNe5Cb2yfp4z8HC823d9YzCBv3NtCXCW4XGuaSylGqome4e0nhpnTjAp66TT-Fk5B5bAKxjTvQE0XeNBt9c4C31_8drK5Ap8SWPYZEk&lptoken=17ae164859ac63916248&2=13260&3=13260-fe0bbc2f-20eeb22c&1=M7372717495708287022
Range
bytes=0-
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 23:49:22 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
305253
x-edge-location
plwa
x-cache
MISS
Content-Range
bytes 0-3843090/3843091
alt-svc
h3=":443"; ma=86400
Content-Length
3843091
last-modified
Thu, 11 Apr 2024 03:52:14 GMT
server
cloudflare
etag
"3aa413-615ca14a8e01e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LfMccP6SXDfesrC4fqRzHkCfxRFkDtLG8M%2BgH6Wzg4eOKYnMk%2F1lDIelWjGCfMuzoVjc93lx%2FFDJjuGcZyoEWxLOAsWELCKtPx8qh6cGErqRWlwDSL1p%2BprPl%2F5kb1Jh5msOT4JsWxE%3D"}],"group":"cf-nel","max_age":604800}
content-type
video/webm
access-control-allow-origin
*
cache-control
max-age=604800
cf-ray
88912e9149143bc7-WAW
link
<https://sec.movienightowl.com/wbpage5/dating-dark1/bg.webm>; rel="canonical"
expires
Tue, 28 May 2024 11:01:49 GMT
play.png
w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/play.png
Requested by
Host: w.visionaryrefreshingvisit.buzz
URL: https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASqU9LYjvGUkYHvkeMtJcOhyJRIQnl7Z7Jd7JOxuiIRPAhF1y76ltf2CoJ0TrIDkB-2TmjyDEA7J--OEfXuSO1MsA03_OSMCx7uXQXP6UX_1n-VAAnxsrhJSkNKi1TLoA7QdoLeOk3Zgly7AI984lyih0uHOHFuyKPYB0WEjHzGnxQ2k3t7B5GOTl0QDozxqpPiPTd-pUxTzKpY7SiG3Wfh_wT6GvQkX9nZym7oq1DxN54N91Q0nV4SqKxBm7VpkwNiEym_pyBQkY3zn0WCdxFLPM4Faqv68oCRAEnFdeRi_KKvrKehp6CA0vYHsaetkFVcl2cE3gaw5hMySqnBn8BGjHPVSDj6j11L53fvNeEaV_fITerRNe5Cb2yfp4z8HC823d9YzCBv3NtCXCW4XGuaSylGqome4e0nhpnTjAp66TT-Fk5B5bAKxjTvQE0XeNBt9c4C31_8drK5Ap8SWPYZEk&lptoken=17ae164859ac63916248&2=13260&3=13260-fe0bbc2f-20eeb22c&1=M7372717495708287022
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.161.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5382b5fff883eb30d7ad72efbd320a91dc53ebf2e39ace6b597b595720de1d09

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASqU9LYjvGUkYHvkeMtJcOhyJRIQnl7Z7Jd7JOxuiIRPAhF1y76ltf2CoJ0TrIDkB-2TmjyDEA7J--OEfXuSO1MsA03_OSMCx7uXQXP6UX_1n-VAAnxsrhJSkNKi1TLoA7QdoLeOk3Zgly7AI984lyih0uHOHFuyKPYB0WEjHzGnxQ2k3t7B5GOTl0QDozxqpPiPTd-pUxTzKpY7SiG3Wfh_wT6GvQkX9nZym7oq1DxN54N91Q0nV4SqKxBm7VpkwNiEym_pyBQkY3zn0WCdxFLPM4Faqv68oCRAEnFdeRi_KKvrKehp6CA0vYHsaetkFVcl2cE3gaw5hMySqnBn8BGjHPVSDj6j11L53fvNeEaV_fITerRNe5Cb2yfp4z8HC823d9YzCBv3NtCXCW4XGuaSylGqome4e0nhpnTjAp66TT-Fk5B5bAKxjTvQE0XeNBt9c4C31_8drK5Ap8SWPYZEk&lptoken=17ae164859ac63916248&2=13260&3=13260-fe0bbc2f-20eeb22c&1=M7372717495708287022
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 23:49:22 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
305889
x-edge-location
plwa
x-cache
MISS
alt-svc
h3=":443"; ma=86400
content-length
15897
last-modified
Thu, 11 Apr 2024 03:52:18 GMT
server
cloudflare
etag
"3e19-615ca14e4d3cd"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7GkUX7GR9FA6HkpTJQwsXPSjPIQbB8X4Q%2Bff7eL66DSrKJ42j1vz3whvFEvTk9UaqSXSaHHUt%2FeTrKg7NZHRqczcLaeVld9OwCNCJtNHNdmaU1r%2FVl8GTSSD9TgZoaBOIzBIB9CcGR8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
cf-ray
88912e9149163bc7-WAW
link
<https://sec.movienightowl.com/wbpage5/dating-dark1/play.png>; rel="canonical"
expires
Tue, 28 May 2024 10:51:13 GMT
custom
jouteetu.net/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://jouteetu.net/custom
Requested by
Host: gauvaiho.net
URL: https://gauvaiho.net/pfe/current/micro.tag.min.js?z=4984707&sw=/sw-check-permissions-4eee0.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://w.visionaryrefreshingvisit.buzz/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
sw-check-permissions-4eee0.js
w.visionaryrefreshingvisit.buzz/ 		0
871 B 		Other
General
Check archive.org
Download Go to
Full URL
https://w.visionaryrefreshingvisit.buzz/sw-check-permissions-4eee0.js?zoneId=4984707
Requested by
Host: gauvaiho.net
URL: https://gauvaiho.net/pfe/current/micro.tag.min.js?z=4984707&sw=/sw-check-permissions-4eee0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.161.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASqU9LYjvGUkYHvkeMtJcOhyJRIQnl7Z7Jd7JOxuiIRPAhF1y76ltf2CoJ0TrIDkB-2TmjyDEA7J--OEfXuSO1MsA03_OSMCx7uXQXP6UX_1n-VAAnxsrhJSkNKi1TLoA7QdoLeOk3Zgly7AI984lyih0uHOHFuyKPYB0WEjHzGnxQ2k3t7B5GOTl0QDozxqpPiPTd-pUxTzKpY7SiG3Wfh_wT6GvQkX9nZym7oq1DxN54N91Q0nV4SqKxBm7VpkwNiEym_pyBQkY3zn0WCdxFLPM4Faqv68oCRAEnFdeRi_KKvrKehp6CA0vYHsaetkFVcl2cE3gaw5hMySqnBn8BGjHPVSDj6j11L53fvNeEaV_fITerRNe5Cb2yfp4z8HC823d9YzCBv3NtCXCW4XGuaSylGqome4e0nhpnTjAp66TT-Fk5B5bAKxjTvQE0XeNBt9c4C31_8drK5Ap8SWPYZEk&lptoken=17ae164859ac63916248&2=13260&3=13260-fe0bbc2f-20eeb22c&1=M7372717495708287022
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 23:49:22 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
305889
x-edge-location
plwa
x-cache
MISS
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 04 May 2022 10:33:35 GMT
server
cloudflare
etag
W/"236-5de2d285fa983"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G%2BKHWrDNDpCaqZHHh1%2BDusoDnj1QuoIVr2JTl6PqOkzKo1IdQXPtdyZpwh4eCzY4bHss5ihvJYxUti2tEs9TUOQUEwiVYmwWS4rK2cYnkh0q2xuNjctzOvBurKirlWrUNAHb7pdjm6Y%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
cf-ray
88912e9299dd3bc7-WAW
link
<https://sec.movienightowl.com/sw-check-permissions-4eee0.js?zoneId=4984707>; rel="canonical"
expires
Tue, 28 May 2024 10:51:13 GMT
custom
jouteetu.net/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://jouteetu.net/custom
Requested by
Host: gauvaiho.net
URL: https://gauvaiho.net/pfe/current/micro.tag.min.js?z=4984707&sw=/sw-check-permissions-4eee0.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://w.visionaryrefreshingvisit.buzz/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
zone
gauvaiho.net/ 		0
380 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://gauvaiho.net/zone?&pub=0&zone_id=4984707&is_mobile=false&domain=w.visionaryrefreshingvisit.buzz&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.513&trace_id=0683402f-e82b-4dcc-aed6-fc5129b7f861&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJiaXRuZXNzIjoiNjQiLCJicmFuZHMiOlt7ImJyYW5kIjoiR29vZ2xlIENocm9tZSIsInZlcnNpb24iOiIxMjUifSx7ImJyYW5kIjoiTm90OkEtQnJhbmQiLCJ2ZXJzaW9uIjoiOCJ9LHsiYnJhbmQiOiJDaHJvbWl1bSIsInZlcnNpb24iOiIxMjUifV0sImZ1bGxWZXJzaW9uTGlzdCI6W3siYnJhbmQiOiJHb29nbGUgQ2hyb21lIiwidmVyc2lvbiI6IjEyNS4wLjY0MjIuMTEyIn0seyJicmFuZCI6IkNocm9taXVtIiwidmVyc2lvbiI6IjEyNS4wLjY0MjIuMTEyIn0seyJicmFuZCI6Ik5vdC5BL0JyYW5kIiwidmVyc2lvbiI6IjI0LjAuMC4wIn1dLCJtb2JpbGUiOmZhbHNlLCJtb2RlbCI6IiIsInBsYXRmb3JtIjoiV2luMzIiLCJwbGF0Zm9ybVZlcnNpb24iOiIxMC4wLjAiLCJ3b3c2NCI6ZmFsc2V9&drf=https://tuk.kutberg.com/
Requested by
Host: gauvaiho.net
URL: https://gauvaiho.net/pfe/current/micro.tag.min.js?z=4984707&sw=/sw-check-permissions-4eee0.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://w.visionaryrefreshingvisit.buzz/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-trace-id
1ea4ca9e418f3654d481eb0809b9f320
date
Fri, 24 May 2024 23:49:23 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin
https://w.visionaryrefreshingvisit.buzz
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length
0
custom
jouteetu.net/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://jouteetu.net/custom
Requested by
Host: gauvaiho.net
URL: https://gauvaiho.net/pfe/current/micro.tag.min.js?z=4984707&sw=/sw-check-permissions-4eee0.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://w.visionaryrefreshingvisit.buzz/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
custom
jouteetu.net/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://jouteetu.net/custom
Requested by
Host: gauvaiho.net
URL: https://gauvaiho.net/pfe/current/micro.tag.min.js?z=4984707&sw=/sw-check-permissions-4eee0.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://w.visionaryrefreshingvisit.buzz/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
gid.js
my.rtmark.net/ 		65 B
557 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4984707&checkDuplicate=true&ymid=&var=&source=pusher
Requested by
Host: gauvaiho.net
URL: https://gauvaiho.net/pfe/current/micro.tag.min.js?z=4984707&sw=/sw-check-permissions-4eee0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
70a03c6f94748220b13883a08d4abe85d7287988ab2861f8c5993aabc779933e
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://w.visionaryrefreshingvisit.buzz/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 23:49:23 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://w.visionaryrefreshingvisit.buzz
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
custom
jouteetu.net/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://jouteetu.net/custom
Requested by
Host: gauvaiho.net
URL: https://gauvaiho.net/pfe/current/micro.tag.min.js?z=4984707&sw=/sw-check-permissions-4eee0.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://w.visionaryrefreshingvisit.buzz/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
custom
jouteetu.net/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://jouteetu.net/custom
Requested by
Host: gauvaiho.net
URL: https://gauvaiho.net/pfe/current/micro.tag.min.js?z=4984707&sw=/sw-check-permissions-4eee0.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://w.visionaryrefreshingvisit.buzz/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
zone
gauvaiho.net/ 		825 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gauvaiho.net/zone?&pub=0&zone_id=4984707&is_mobile=false&domain=w.visionaryrefreshingvisit.buzz&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.513&trace_id=0683402f-e82b-4dcc-aed6-fc5129b7f861&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJiaXRuZXNzIjoiNjQiLCJicmFuZHMiOlt7ImJyYW5kIjoiR29vZ2xlIENocm9tZSIsInZlcnNpb24iOiIxMjUifSx7ImJyYW5kIjoiTm90OkEtQnJhbmQiLCJ2ZXJzaW9uIjoiOCJ9LHsiYnJhbmQiOiJDaHJvbWl1bSIsInZlcnNpb24iOiIxMjUifV0sImZ1bGxWZXJzaW9uTGlzdCI6W3siYnJhbmQiOiJHb29nbGUgQ2hyb21lIiwidmVyc2lvbiI6IjEyNS4wLjY0MjIuMTEyIn0seyJicmFuZCI6IkNocm9taXVtIiwidmVyc2lvbiI6IjEyNS4wLjY0MjIuMTEyIn0seyJicmFuZCI6Ik5vdC5BL0JyYW5kIiwidmVyc2lvbiI6IjI0LjAuMC4wIn1dLCJtb2JpbGUiOmZhbHNlLCJtb2RlbCI6IiIsInBsYXRmb3JtIjoiV2luMzIiLCJwbGF0Zm9ybVZlcnNpb24iOiIxMC4wLjAiLCJ3b3c2NCI6ZmFsc2V9
Requested by
Host: gauvaiho.net
URL: https://gauvaiho.net/pfe/current/micro.tag.min.js?z=4984707&sw=/sw-check-permissions-4eee0.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
4f09221b1ccfbe68f65b54605de20f391c156f8220d0a35ffab12d46b07a24b6
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://w.visionaryrefreshingvisit.buzz/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-trace-id
ea44fe68cd5d4b751e6be90dbd17abc0
date
Fri, 24 May 2024 23:49:23 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
content-type
application/json; charset=utf-8
access-control-allow-origin
https://w.visionaryrefreshingvisit.buzz
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length
825
favicon.ico
w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.161.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44e898d8aab8fe81fc2958d19fd41d89d2a465cbdaaa8e485feca6b38f9b1af2

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASqU9LYjvGUkYHvkeMtJcOhyJRIQnl7Z7Jd7JOxuiIRPAhF1y76ltf2CoJ0TrIDkB-2TmjyDEA7J--OEfXuSO1MsA03_OSMCx7uXQXP6UX_1n-VAAnxsrhJSkNKi1TLoA7QdoLeOk3Zgly7AI984lyih0uHOHFuyKPYB0WEjHzGnxQ2k3t7B5GOTl0QDozxqpPiPTd-pUxTzKpY7SiG3Wfh_wT6GvQkX9nZym7oq1DxN54N91Q0nV4SqKxBm7VpkwNiEym_pyBQkY3zn0WCdxFLPM4Faqv68oCRAEnFdeRi_KKvrKehp6CA0vYHsaetkFVcl2cE3gaw5hMySqnBn8BGjHPVSDj6j11L53fvNeEaV_fITerRNe5Cb2yfp4z8HC823d9YzCBv3NtCXCW4XGuaSylGqome4e0nhpnTjAp66TT-Fk5B5bAKxjTvQE0XeNBt9c4C31_8drK5Ap8SWPYZEk&lptoken=17ae164859ac63916248&2=13260&3=13260-fe0bbc2f-20eeb22c&1=M7372717495708287022
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 23:49:23 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
63112
x-edge-location
plwa
x-cache
MISS
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 11 Apr 2024 03:52:16 GMT
server
cloudflare
etag
W/"47e-615ca14c48a29"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FGoKumhFTFcuv%2Fqhvs3OF%2FYlCJg1HUC7tEdBf86HcLqdParZ09U%2Bb1SvsS4sBGWXFt659aZjfkyJ%2Fksz2TfsJOm148Y5tTdtOtrsiFI56hTj6Pcq4gKq7IrnMu6Yi1alD1S%2BizxCMyA%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/vnd.microsoft.icon
access-control-allow-origin
*
cache-control
max-age=604800
cf-ray
88912e938a803bc7-WAW
link
<https://sec.movienightowl.com/wbpage5/dating-dark1/favicon.ico>; rel="canonical"
expires
Fri, 31 May 2024 06:17:31 GMT
custom
jouteetu.net/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://jouteetu.net/custom
Requested by
Host: gauvaiho.net
URL: https://gauvaiho.net/pfe/current/micro.tag.min.js?z=4984707&sw=/sw-check-permissions-4eee0.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://w.visionaryrefreshingvisit.buzz/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
custom
jouteetu.net/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://jouteetu.net/custom
Requested by
Host: gauvaiho.net
URL: https://gauvaiho.net/pfe/current/micro.tag.min.js?z=4984707&sw=/sw-check-permissions-4eee0.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://w.visionaryrefreshingvisit.buzz/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
custom
jouteetu.net/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://jouteetu.net/custom
Requested by
Host: gauvaiho.net
URL: https://gauvaiho.net/pfe/current/micro.tag.min.js?z=4984707&sw=/sw-check-permissions-4eee0.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://w.visionaryrefreshingvisit.buzz/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fonts.googleapis.com
URL
https://fonts.googleapis.com/css2?family=Poppins:wght@500;700&display=swap
Domain
fonts.googleapis.com
URL
https://fonts.googleapis.com/earlyaccess/droidarabicnaskh.css
Domain
i.postimg.cc
URL
https://i.postimg.cc/PJDWCPNg/pg4.jpg
Domain
i.postimg.cc
URL
https://i.postimg.cc/DypK8gyK/a.jpg
Domain
i.postimg.cc
URL
https://i.postimg.cc/NfjcsVt4/b.jpg
Domain
i.postimg.cc
URL
https://i.postimg.cc/J7q8W8f0/c.jpg
Domain
i.postimg.cc
URL
https://i.postimg.cc/Yq2W4vp6/z1.jpg
Domain
i.postimg.cc
URL
https://i.postimg.cc/kMK533Wh/2.jpg
Domain
imagizer.imageshack.com
URL
https://imagizer.imageshack.com/img923/8602/jGUvgw.jpg
Domain
1.bp.blogspot.com
URL
https://1.bp.blogspot.com/-RuIA2JO0NW0/YKKccmd5SdI/AAAAAAAAB28/NihG0SeSJtkp1P9DCvM00yeYhey77iPXwCLcBGAsYHQ/s600/ettte.jpg
Domain
code.jquery.com
URL
https://code.jquery.com/jquery-latest.min.js
Domain
widget.supercounters.com
URL
https://widget.supercounters.com/ssl/online_i.js
Domain
hm.baidu.com
URL
https://hm.baidu.com/hm.js?96203ca5188c89396572f4c329976446
Domain
blogger.googleusercontent.com
URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgxYFZN-GQDz3MwLHsAraUn6n7odHLl7pBtrgMdjOkZthTqyMjb1y_KaR4sfDSrWa313zyqYqfyvSVMphdqwl8EORH8nAC3KvND8GXKCNNJR_Ks4J9ADKYjdJvKUF2_UienKcVlhroNKwSOrBdCOh1wDfZoNkVPuI9llE3Nn5ck9gCc9Z3M_M8ocN8/s1600/vf.jpg
Domain
blogger.googleusercontent.com
URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3TezIi6ZFFlp4Xrl5IX9jgM4zKfBX-jbzAJTSfFtetWJkKvYxN-nDX3pbFI3Jio1jtGD0lPQXn7cWbti4RgPJVUF_yA8eV8jmZrQAQdhfwB-53lubF5HbI9Ejyuj1y8oR8i-RuL9UnoX4I-s6Q07usP0Kw3sj1sH9mvR54I-V6j53jtRNkwGEk6s_lA/s16000/ccs.gif
Domain
blogger.googleusercontent.com
URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgxYFZN-GQDz3MwLHsAraUn6n7odHLl7pBtrgMdjOkZthTqyMjb1y_KaR4sfDSrWa313zyqYqfyvSVMphdqwl8EORH8nAC3KvND8GXKCNNJR_Ks4J9ADKYjdJvKUF2_UienKcVlhroNKwSOrBdCOh1wDfZoNkVPuI9llE3Nn5ck9gCc9Z3M_M8ocN8/s1600/vf.jpg

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| s function| go function| getParam object| zfgformats

10 Cookies

Domain/Path Name / Value
quttyvex.com/ Name: sbc3a30bf55ace240d7
Value: eyJpdiI6Ik8xd1kvRzVvdmpYSGlzOWlZcStRYlE9PSIsInZhbHVlIjoiMFUzdGRJT0FjaWl5UStVelJ1NVBBUT09IiwibWFjIjoiODhjMDVhMGFlZjRjYTllNjkzYjQxYjUxMDc0MmYwNzBmMTI3ZTllYTUwNDAzZjliYTk0YjZkYmE2ZjA2ZGJkNiIsInRhZyI6IiJ9
quttyvex.com/ Name: vis
Value: eyJpdiI6IlhYRzI4S2dyNWZSSGpCTk50SVVZeFE9PSIsInZhbHVlIjoibnRKTzVOOThMOWdoRm9TbzVCZ0lZZz09IiwibWFjIjoiNWRmMTc3NTIxNDUyZGMzZTUyNGUzN2EzOTExNTk0MjgzMzgyZDFiMjk2ZTJhZTlhNTMwNDQ5YTZkNDc4MmYxZCIsInRhZyI6IiJ9
.3lq3d.bemobtrcks.com/ Name: bemob-viewer-id
Value: 033ffdf1-2957-4d62-827e-dce8df8c1e97
.3lq3d.bemobtrcks.com/ Name: bemob-uniq-visit:45f6dadd-22f2-4290-b532-41eeffc91824
Value: 1
.3lq3d.bemobtrcks.com/ Name: bemob-rotation:45f6dadd-22f2-4290-b532-41eeffc91824:random:8f856e0cf9761b76a4c31def5731a9b8
Value: 0-0-0
.3lq3d.bemobtrcks.com/ Name: bemob-click-id
Value: 8TzSCPbQgc9sngLvxrCUTf
.mingotime.com/ Name: cf_clearance
Value: UsfUeyiIKBDJsVmjJ77z.q63CIOx5LNKpVH5_M6eTSA-1716594559-1.0.1.1-A4VY.ymqv.QsZf.NeHrcciswflO7JYZxZiy_rJ6An089e1LnTk8WF.GEgmzDgWLurx2IPszgd_BYVBaKPLe7CA
.merterpazar.com/ Name: 158093e1-d19b-4bc6-b232-6a1698d1025b-v4
Value: yRNnkpWdHVPldWumajw4Vh-z4XxeWeyYNRNAnxPkpVk
.merterpazar.com/ Name: cep-v4
Value: BZuKXMw7Hf1f2FzXOF4mG0U-EFNwBJBI76CW06RDhw-mKlDOwGODUChStc-lFbqnMLq7IxQxQmD2AlHq-j4WuiafH0It4sJlIfy8_0yPe-UTBRc11tXe02oXCdOMyObxcl5sziJrgUtKeBufDI3KmuCP3sV9m5PoW31fQOiugE4t_XKVIIPKYY7b0gSlVAdxF1iagjwF4I31k3Jnb3vwYP2LLqqGgs-XA2gCbh6dOXPzuJGYefsglsn1RH7LepcBF7_1gtZkA0wpp4LH4dphKmSRXezOYZCZbLtTXoJMUfnSmmafPOCSTthhW5qxtp3Zht8CnedOHAokuGirtsPiGWEe0DFlKCA3PDyFLAUmb7ZbE4X8C5EOi85BNHlUJnZgvQy4C3L4iizXO9Z6fElH84AfBSt3TtcGXHOSf8TDpG0tiFLAcJNnzBViT-nOvYT8HMwVe6gZ2xiRkqxwqpnld4YhJgc8NItrJR2SF3XwzNo
my.rtmark.net/ Name: ID
Value: 01806613f4044c4af84b1339ff07979d

1 Console Messages

Source Level URL
Text
other warning URL: https://w.visionaryrefreshingvisit.buzz/wbpage5/dating-dark1/index.html?td=merterpazar.com&cep=Obp8WwGIw8DfRx0hoGASqU9LYjvGUkYHvkeMtJcOhyJRIQnl7Z7Jd7JOxuiIRPAhF1y76ltf2CoJ0TrIDkB-2TmjyDEA7J--OEfXuSO1MsA03_OSMCx7uXQXP6UX_1n-VAAnxsrhJSkNKi1TLoA7QdoLeOk3Zgly7AI984lyih0uHOHFuyKPYB0WEjHzGnxQ2k3t7B5GOTl0QDozxqpPiPTd-pUxTzKpY7SiG3Wfh_wT6GvQkX9nZym7oq1DxN54N91Q0nV4SqKxBm7VpkwNiEym_pyBQkY3zn0WCdxFLPM4Faqv68oCRAEnFdeRi_KKvrKehp6CA0vYHsaetkFVcl2cE3gaw5hMySqnBn8BGjHPVSDj6j11L53fvNeEaV_fITerRNe5Cb2yfp4z8HC823d9YzCBv3NtCXCW4XGuaSylGqome4e0nhpnTjAp66TT-Fk5B5bAKxjTvQE0XeNBt9c4C31_8drK5Ap8SWPYZEk&lptoken=17ae164859ac63916248&2=13260&3=13260-fe0bbc2f-20eeb22c&1=M7372717495708287022#
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
3lq3d.bemobtrcks.com
blogger.googleusercontent.com
cdn.addlnk.com
code.jquery.com
fonts.googleapis.com
gauvaiho.net
hm.baidu.com
i.postimg.cc
imagizer.imageshack.com
jouteetu.net
merterpazar.com
my.rtmark.net
quttyvex.com
qw.data-free.online
raha.muusha.xyz
sape.ngumaz.com
tuk.kutberg.com
w.visionaryrefreshingvisit.buzz
widget.supercounters.com
www.sutrigbgiblocl.art
xuty.mingotime.com
zemo-ghoko.blogspot.com
1.bp.blogspot.com
blogger.googleusercontent.com
code.jquery.com
fonts.googleapis.com
hm.baidu.com
i.postimg.cc
imagizer.imageshack.com
widget.supercounters.com
139.45.195.8
139.45.197.251
142.250.184.243
142.250.186.33
172.67.161.34
172.67.165.56
172.67.168.217
172.67.185.188
188.114.96.3
206.72.205.7
51.68.131.131
52.28.208.227
99.198.106.194
09c1665c8de6d752b4306d73bcedf46ae9d985e03dd02b060cc0e3049e9ed286
11518d50de1f8b751bef700a474e6c1be508dcfe24ef37a62da8d09b27695349
1956d4929a6d78f55115362ffd433b15da5c15610cd28ac7a4251ce1439b5c60
36026476ab5db7cfe61c176f04566762e0c2b392ead021367ae9c555fec02db3
44e898d8aab8fe81fc2958d19fd41d89d2a465cbdaaa8e485feca6b38f9b1af2
4f09221b1ccfbe68f65b54605de20f391c156f8220d0a35ffab12d46b07a24b6
5382b5fff883eb30d7ad72efbd320a91dc53ebf2e39ace6b597b595720de1d09
701ea97f67d2d11327a42ea383bfb61bff07f83df5069616581d26ed6a05842e
70a03c6f94748220b13883a08d4abe85d7287988ab2861f8c5993aabc779933e
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
8366411a8aa52676174c0f04188e44d29db3ebe12b0050c6bab2d83041bad643
8490063363bf4a40773d8dee2af254480417d77e311faddc109d4a277c1f862c
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
c8c19c0b3c28a5e7af29829a926b871a856ab9479dabe70a7a770d9fe6683223
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb8ec71aaa48999d06970da02b4d9c8e87160d808b5c37b5af05329238301af0
f38b1774762d026f0aded54e076eff72f5135f8fd11bc3efda9354b30436780e