mega-flirtbooks.life Open in urlscan Pro
95.217.244.250 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cdfzcfwo.gq/
Effective URL:
https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
Submission: On August 14 via automatic, source rescanner (August 14th 2022, 7:47:37 am UTC) — Scanned from NL

Summary HTTP 39 Redirects Behaviour Indicators

Summary

This website contacted 13 IPs in 4 countries across 21 domains to perform 39 HTTP transactions. The main IP is 95.217.244.250, located in Helsinki, Finland and belongs to HETZNER-AS, DE. The main domain is mega-flirtbooks.life. The Cisco Umbrella rank of the primary domain is 395917.
TLS certificate: Issued by R3 on July 14th 2022. Valid for: 3 months.

This is the only time mega-flirtbooks.life was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Porn Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2a06:98c1:312... 2a06:98c1:3120::c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	45.133.44.24 45.133.44.24	7018 (ATT-INTER...) (ATT-INTERNET4)
1 1	2606:4700:303... 2606:4700:3034::ac43:cac1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	34.91.226.152 34.91.226.152	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	34.141.137.168 34.141.137.168	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	185.162.87.41 185.162.87.41	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
14	95.217.244.250 95.217.244.250	24940 (HETZNER-AS) (HETZNER-AS)
2	23.88.85.6 23.88.85.6	24940 (HETZNER-AS) (HETZNER-AS)
3	45.133.44.25 45.133.44.25	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	168.119.25.22 168.119.25.22	24940 (HETZNER-AS) (HETZNER-AS)
2 4	2a01:4f8:e0:1... 2a01:4f8:e0:19cb::1	24940 (HETZNER-AS) (HETZNER-AS)
1	78.47.199.204 78.47.199.204	24940 (HETZNER-AS) (HETZNER-AS)
2	88.198.209.36 88.198.209.36	24940 (HETZNER-AS) (HETZNER-AS)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
39	13

2 2a06:98c1:3120::c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdfzcfwo.gq	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pn.bquildna43.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

network-site.za.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 45.133.44.24 (Philadelphia, United States)

ASN7018 (ATT-INTERNET4, US)

sw.wpush.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.wpadmngr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bacd2a0353.7a6a4e9e27.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.wpshsdk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
12112336.pix-cdn.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3034::ac43:cac1 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

transitgirls.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.91.226.152 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 152.226.91.34.bc.googleusercontent.com

t.luvmenow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.141.137.168 (Groningen, Netherlands) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 168.137.141.34.bc.googleusercontent.com

r.goaffmy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.162.87.41 (Amsterdam, Netherlands) 1 redirects

ASN39572 (ADVANCEDHOSTERS-AS, NL)

omgtds.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 95.217.244.250 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.250.244.217.95.clients.your-server.de

mega-flirtbooks.life	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.88.85.6 (Gunzenhausen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.6.85.88.23.clients.your-server.de

fp.metricswpsh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.133.44.25 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

js.wpushsdk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.jnkstff.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 168.119.25.22 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.22.25.119.168.clients.your-server.de

nereserv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a01:4f8:e0:19cb::1 (Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)

5da64829e9.7a6a4e9e27.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.47.199.204 (Thalmassing, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.204.199.47.78.clients.your-server.de

notification.tubecup.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.198.209.36 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-209-36.clients.your-server.de

static.bookmsg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	mega-flirtbooks.life mega-flirtbooks.life — Cisco Umbrella Rank: 395917	592 KB
5	7a6a4e9e27.com 2 redirects bacd2a0353.7a6a4e9e27.com 5da64829e9.7a6a4e9e27.com	11 KB
3	gstatic.com fonts.gstatic.com	77 KB
2	pix-cdn.org 12112336.pix-cdn.org — Cisco Umbrella Rank: 22582	12 KB
2	bookmsg.com static.bookmsg.com — Cisco Umbrella Rank: 52532	1 KB
2	wpushsdk.com js.wpushsdk.com — Cisco Umbrella Rank: 48759	79 KB
2	wpshsdk.com js.wpshsdk.com — Cisco Umbrella Rank: 13892	22 KB
2	metricswpsh.com fp.metricswpsh.com — Cisco Umbrella Rank: 31083	364 B
2	wpadmngr.com js.wpadmngr.com — Cisco Umbrella Rank: 27223	31 KB
2	goaffmy.com 2 redirects r.goaffmy.com — Cisco Umbrella Rank: 303960	658 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67	1 KB
1	bquildna43.site 1 redirects pn.bquildna43.site — Cisco Umbrella Rank: 25857	663 B
1	tubecup.net notification.tubecup.net — Cisco Umbrella Rank: 9587	201 B
1	nereserv.com nereserv.com — Cisco Umbrella Rank: 40702	201 B
1	jnkstff.com js.jnkstff.com — Cisco Umbrella Rank: 194115	339 B
1	omgtds.com 1 redirects omgtds.com — Cisco Umbrella Rank: 325191	430 B
1	luvmenow.com 1 redirects t.luvmenow.com	362 B
1	transitgirls.com 1 redirects transitgirls.com	1 KB
1	wpush.org sw.wpush.org — Cisco Umbrella Rank: 83953	9 KB
1	za.com network-site.za.com	4 KB
1	cdfzcfwo.gq cdfzcfwo.gq	10 KB
39	21

	Domain	Requested by
14	mega-flirtbooks.life	cdfzcfwo.gq mega-flirtbooks.life
4	5da64829e9.7a6a4e9e27.com	2 redirects js.wpushsdk.com
3	fonts.gstatic.com	fonts.googleapis.com
2	12112336.pix-cdn.org
2	static.bookmsg.com
2	js.wpushsdk.com	js.wpadmngr.com
2	js.wpshsdk.com	js.wpadmngr.com js.wpshsdk.com
2	fp.metricswpsh.com	js.wpadmngr.com
2	js.wpadmngr.com	sw.wpush.org js.wpadmngr.com
2	r.goaffmy.com	2 redirects
1	fonts.googleapis.com	mega-flirtbooks.life
1	pn.bquildna43.site	1 redirects
1	notification.tubecup.net
1	nereserv.com	js.wpushsdk.com
1	js.jnkstff.com	js.wpushsdk.com
1	bacd2a0353.7a6a4e9e27.com	js.wpadmngr.com
1	omgtds.com	1 redirects
1	t.luvmenow.com	1 redirects
1	transitgirls.com	1 redirects
1	sw.wpush.org	cdfzcfwo.gq
1	network-site.za.com	cdfzcfwo.gq
1	cdfzcfwo.gq
39	22

This site contains no links.

Subject Issuer	Validity	Valid
*.cdfzcfwo.gq E1	`2022-08-14` - `2022-11-12`	3 months	crt.sh
*.network-site.za.com E1	`2022-08-01` - `2022-10-30`	3 months	crt.sh
sw.wpush.org R3	`2022-07-19` - `2022-10-17`	3 months	crt.sh
mega-flirtbooks.life R3	`2022-07-14` - `2022-10-12`	3 months	crt.sh
js.wpadmngr.com R3	`2022-07-19` - `2022-10-17`	3 months	crt.sh
notification.tubecup.net R3	`2022-06-20` - `2022-09-18`	3 months	crt.sh
bacd2a0353.7a6a4e9e27.com R3	`2022-08-11` - `2022-11-09`	3 months	crt.sh
js.wpshsdk.com R3	`2022-07-25` - `2022-10-23`	3 months	crt.sh
js.wpushsdk.com R3	`2022-07-19` - `2022-10-17`	3 months	crt.sh
js.jnkstff.com R3	`2022-08-11` - `2022-11-09`	3 months	crt.sh
7a6a4e9e27.com R3	`2022-08-11` - `2022-11-09`	3 months	crt.sh
bookmsg.com R3	`2022-07-19` - `2022-10-17`	3 months	crt.sh
12112336.pix-cdn.org R3	`2022-07-29` - `2022-10-27`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
Frame ID: 8352C987F87143149E548F1E39177B30
Requests: 35 HTTP requests in this frame

Frame: data://truncated
Frame ID: 97CC84920489F5F180668ABCAE4D4677
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Loveme

Page URL History Show full URLs

https://cdfzcfwo.gq/ Page URL
https://transitgirls.com/JftSRJNZ?tag=other HTTP 302
http://t.luvmenow.com/sl?id=5fa1807a127bd6bcbd272004&pid=11249&sub3=3b8evus6d65d6&sub1=23358&sub2=frd HTTP 302
https://r.goaffmy.com/click?pid=6565&offer_id=2606&sub1=a_62f8a8951a5e260001664cd3&sub2=23358 HTTP 302
https://omgtds.com/c1/652d1ae4-50ba-4605-902d-143db04df43e?aff=6565&source=23358&externalId=62f... HTTP 302
https://r.goaffmy.com/click?pid=11972&offer_id=2798&sub1=cbsah5lki7qadpjec1d0&sub2=23358&sub3=6565... HTTP 302
https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

39
Requests

95 %
HTTPS

38 %
IPv6

21
Domains

22
Subdomains

13
IPs

4
Countries

849 kB
Transfer

1190 kB
Size

10
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cdfzcfwo.gq/ Page URL
https://transitgirls.com/JftSRJNZ?tag=other HTTP 302
http://t.luvmenow.com/sl?id=5fa1807a127bd6bcbd272004&pid=11249&sub3=3b8evus6d65d6&sub1=23358&sub2=frd HTTP 302
https://r.goaffmy.com/click?pid=6565&offer_id=2606&sub1=a_62f8a8951a5e260001664cd3&sub2=23358 HTTP 302
https://omgtds.com/c1/652d1ae4-50ba-4605-902d-143db04df43e?aff=6565&source=23358&externalId=62f8a896d663a300017044ff&sub2=23358&sub3=6565&pp=1 HTTP 302
https://r.goaffmy.com/click?pid=11972&offer_id=2798&sub1=cbsah5lki7qadpjec1d0&sub2=23358&sub3=6565&sub5=62f8a896d663a300017044ff&sub7=&sub8= HTTP 302
https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17

https://5da64829e9.7a6a4e9e27.com/in/show/?mid=1153916536&pid=0&site=native-push-adult&sc=NL&usage_type=DCH&subid=1860236680&sid=909741843&cid=1975&price=0.00022&is_cpm=0&cpm=0&ecpm=0.008409727443609023&crid=780418&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=2833&out_id=1&ver=6.12.0&ver_c=&refdom=cdfzcfwo.gq&hostname=auc-inpage-hz-4&site_id=312833&spot_id=0&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=1660549654&created_at=2022-08-14&is_native=2&auction_queue=0&burl=cOmNO9jNCACcCIM6JwqDLymZIt25yKbAA7TxiXXv9_KKIEg1944DxA&pop_winurl=&ip=212.7.210.169&testab=1&px_id=322833&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25&min_cpm=0.00830645344219925&placement_type_id=&skin_test=0&verify_hash=ffe0af9a2285cae0fb7274be18eb6558&score=87.92643852380364&durl=https%3A%2F%2Fkts.vasstycom.com%2Fin%2F1546%2F%3Fad_sub%3D1860236680%26spot_id%3D0%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fcdfzcfwo.gq%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=&cloaking=0&url=wsy1wEoJUsYkq5fFYKqfQHW4LwFOzLW3FLbq_EGYkjeHMqQx99j6cwkq5YVQu1_EsiytTp3R_HLKX2qKX3c1XQ9O23QmL6sJuHzW3Adjh9Wt-uotac_zogOBgtnas0_WZE9I_juOak8Q0d6ICP-ggwNevMtt-mUGjeSxybxTW_isNkiPPw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0.00019140000000000002&pr=&user_keywords=&auc_type=1&aid=108&ext_cid=0&device_theme=light&mlc=1&format=default-slide-b_r-body&mlf=1&cpa=d22cd5cb-d2ff-45ba-b7fa-15ed811587ae HTTP 302
https://static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp

Request Chain 38

https://5da64829e9.7a6a4e9e27.com/in/show/?mid=1153916536&pid=0&site=native-push-adult&sc=NL&usage_type=DCH&subid=1860236680&sid=909741843&cid=12695&price=0&is_cpm=1&cpm=0.019&ecpm=0.01843&crid=2242&crtid=4033ee1123a033144bdb3e1c0434971f&tcid=2833&out_id=0&ver=6.12.0&ver_c=&refdom=cdfzcfwo.gq&hostname=auc-inpage-hz-4&site_id=312833&spot_id=0&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=1660636054&created_at=2022-08-14&is_native=1&auction_queue=0&burl=DnKrgZ2iBG53ZhXEg95Lgxn5oddX6BCW3crYoffbRD1xoOMfEF9jBg&pop_winurl=&ip=212.7.210.169&testab=1&px_id=322833&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=mq&uniq=&exp=&resp_type=&iabcat=IAB25&min_cpm=0.004828153788700157&placement_type_id=&skin_test=0&verify_hash=f61acd5f68d4d429cdf822c02b9357a1&score=87.92643852380364&durl=https%3A%2F%2Fkts.vasstycom.com%2Fin%2F1546%2F%3Fad_sub%3D1860236680%26spot_id%3D0%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fcdfzcfwo.gq%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=&cloaking=0&url=sER_-IF-7XUHaedcKQzeQVNr3TWFsGJNxwBnPMa2r1jzWR4c-o2y6WHQd2Y0Yt4L_jg3ZPG8ByBGxAXbeCaLSypQIHMM9ZW8QLQHkztrUka2blpz-8Loe5xGCUQVZFSW5fhtG_vtxwSJsHmtGB0rrD1nQzhX7egbEoHSKvlsb_ZDAKhap1OZ5jP5c8ifUqTn82CGNY-EKRiRvzrGfUR4ChpH4k-KTm4TJzLqlDv_aIa-WtQdVnVHJQkTpCJcQnkbxzrVZE3E8wgZAmv_SWj2YnuuEM4chwUo3gS-4QvQtNwk4D6buqo8tSBvMluZY3Zvw3JvCP6X2-ru4XI5gQ4JRQcO6SBpUJFfwB3ye2mVVTc0ZrYzC6MQZzZySEnuixv_cpTxZ5b6zsSJkOqYOqcv8W5hL04-bqnjbyOBjXOO690CQVRf8Mzo6EYDb_Yl2CU-61NpqRu-KjUG9-z4wwlxrXKIBHo-3cIuZshqEtVmi1FpkpdSrgBp5aoPz867vWsKWulb0D-l1zEP7GQm0fzHb_41gRqH6agHH6WhBbv-j12kxzygVWU95p_FnHnfWd3UmFRht0-uNqm7zsQRgg2p4czNVyx37I1jaiuXdWnFpzDDKxr0oJbYedeZBPMAAFN1P2DGUUyI4sLHycLN6wxRByzOD-l2H0qCYlHRKyCQlTfN3CGCqrwvNtpvqyR2vfnnOVhpkesfQ9WWET_7k-vNdEa7H5YwF8V0pbqYDAPBQ2tIGvzbAkDbiVM6OG7ub7rYb6T_q8DF-SnRHNXqHaLYgTWeWP5AvVb5widpyBQy8sVfLg4gqak7qXEKaTISyheinuRnwpGbLoKkv3eI5p6gSUJLPilz_a9E2T5qljJjMCgIe-5ag5gPBIkI8G_-nfiGFjuMN_QiXqy1D9AOsdpGSCV5AjR1YPn3rhqQ8Z0lJPnqkEH-38ZwKeX88jlzGPht8rbfUNek9WismyaXouHQblrsReijgcs3aWxVsKGX3RLQ21iYFXPKhy3sf6acKHRxf0jYA8qyO0OM6FZ2tLUeSnG2jZ5e3Jw9PWaANDGrfeRY13dzqp_w1rxf_TU5VLXeWPRUxrY70Zmznen9s0b2-lycCy38zOaBb6sOMP3glBeNeOgnPJIfD33AKKQw7Q12r8PbEmTuTAaS03OKEJA9G55c1bkvuQGw6B-1vO9O6zNQe9HltMhUWkvxCJuEZd56r_LFX9LPGqwNQTaFoYAURKQ6mq0tP8S64bL9RQ5_nC1TTp9E5v9H6kOOMBfE9gUO83LeG_zJmUW4WaIp-Dw2yLAIxzS7POOyTlHWOzYs0jkAOjM51Zkpks3PDx3zL5fIjaFUewIG6R3bXNnlefPwQSFu3GTK83s3-wZJY10_WIQSbGEm-Ui-7oRCeqpbQcTizjriJO-7c-agmXcpz23rQLtW6Eym0pYRGj_u9urPe8NLi_sXOHHe5i9HzUBy4wR5pFYlZQgf0oVym3zYEspfx_d3Ar-CxNEaKrrqqclpT7pWN6YaikJC7JIXQOsRmEaIPu7sFHYr08wDTXPRRYDoPn7tCjMxz1AZVFm4e4V6_Lbh7WrWinIw9k2hoe-xXJBhLRi8l9IvO33JkXcqXvQemWUaytWl65RM-z95vnbO1b-5FJcSoHzKBQ&image_url=https%3A%2F%2F12112336.pix-cdn.org%2Fm%2Fp%2F0%2F374%2F374555%2Fconversions%2FpEIx0VVG-minify.jpg&skin_id=2&vertical_id=5&real_bid=0.01843&pr=&user_keywords=&auc_type=1&aid=127&ext_cid=100268&device_theme=light&format=default-slide-b_r-body&cpa=8161b8bb-ba49-42a2-a303-7072325038a4 HTTP 302
https://pn.bquildna43.site/in/tip_shows/?katds_ep=dRXxZueK3B71Qutxyxgzi7CI_9JNHcRyQDMzgOGwjr-9pCrpzTuNbcGliWEr5k7iodQLC1cSAc6G-yw2IYp6glYGCwIFibrp7zSauM2O_s70ikh_Iaa1AgMrVZag7s1uy4YM8u8SWCEhuJQJhAUe-jQSvmVbuKHdUzJQpfReugBO-YIy5Si6GtF5jaN4rpqtz2fSVCSJ2Y0kifW1pQG84eoJQ3qvoiBXriTDE1CSj2ZI59DzZVd1CtYa3iamWsGhUm4OEaO52Bai7FDIrsvlYL7AUCVT3QVQnqji4f0NxU54unfzhpG2mtlOBDlgruXZ0aG9Yh3niIDf4BqlJBNiMl0OBVjSarUyxIThlsn0NAmYCDeUuewSMV1wOjOXsEb5KAufjfcYpwz6IpDWsJ0lSn1vekvZcXamSL1kdUbODSOZgyHAGdR462A_K71W5oB_hrUZBXgVajX6mh88bITTG2qD_mjqgCUi2Xr_9v5N_hArrq008Aoxr8MywHwfRqzVX2tTfS_XOptsAz0dn2JCZZmTvr0PFtbIWmhZbu8H-DDP4dr38M3oIdAaJCIm8zGi94ztGnLJ4kUttMW21jzW0aWKfuhde9PygyG2GUiaa9nLoY9unWxU_6SPi9BhHV61Legx5plKJ7lmNi-aSq48UN3J4lU2QgpzdzUeDy_H_cWRgcblyjt19K2Gv9MNUlp5ObmqforFfgreViwOHEB5crjOErSObDTcM-bRGnapBb8yzcM-GbjBw50yqhJ2MgGA0HbdYjU7pn-4-ycBp58nw2hVGba88TXulJQ-_Ic00g1NUQ7W6mBrz2wsTtxzlr3M_0sQKlUxiQFkcKiRA_m3ueX8xVjmbzk8U6aLNI7cnOBuymEmjtYh2GvOvOpRBlFotyn5UdnuUvVn61JlA36PUH-GkuZUbYYLDcL8Mp-3kU8PBMN8wZqoXhAzCMm1d9b2tRxxHZ-YNJh_b1ZSRybyJDhq-6V4xw2peajzug6l3BKaA7lD2K1xRNcACTBhltp3dzAUVlp5rqEgbO7hyzbfeKBdQV8S6dkrQGTWRXlzptAt_Z-Z_dkGqpJLc9VvpAMnrIHiHMefkFgrx4j7f9mANHdTqv1U0SkZImpX6Kxn17c&sp=${SECOND_PRICE} HTTP 302
https://12112336.pix-cdn.org/m/p/0/374/374554/conversions/PN64VyDs-minify.jpg

39 HTTP transactions
18 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
cdfzcfwo.gq/ 23 KB
10 KB 132ms
85ms Document
text/html 2a06:98c1:3120::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdfzcfwo.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.8
Resource Hash: 1990020ef1ddc762721e76284a790a47ec3c0c72d4570408fdf053ef31bc6291

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 73a8153d58aabb47-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 14 Aug 2022 07:47:32 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BGguK51ZViJF%2FsQLr19xKQZC%2BA%2BuJa9sYphShgqTWTyRxmFdySC6XayzG8hnzHmGDW21tTouukjKIryFgQmjiTq8KeHGwS2WvBhZ9VBakfyidpuiPgeXyQzdL7SEAZaPIY5hk%2FfHbtq0Ig%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.8

GET
H2 200 he4tkobvgi5ha3ddf4ytenrs Show response
network-site.za.com/code/ 13 KB
4 KB 100ms
53ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://network-site.za.com/code/he4tkobvgi5ha3ddf4ytenrs
Requested by: Host: cdfzcfwo.gq
URL: https://cdfzcfwo.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21ff8891d3dd09fe7790e5f14d2bf384f9474d37b538387e26f1ece4294d6aea

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://cdfzcfwo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 07:47:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rNmRto7jJbQmWwdmNMQQ7ZyfcGUzGQAiyZgVFoE1xYqj1FkZniLznejLi9x1AXUZSZbZZYEc8x90tqQvdnQFjGgo6KzYQugZi7tnVDdDax8xeKSvIOZZuy5%2F4nXALWqdmjaXzASCUxVM5IfCuK3Wh1bq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cf-ray: 73a8153e38abbbf8-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 main.js
sw.wpush.org/script/ 23 KB
9 KB 54ms
19ms Script
application/javascript 45.133.44.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://sw.wpush.org/script/main.js?promo=24303&tcid=2833&src=1860236680
Requested by: Host: cdfzcfwo.gq
URL: https://cdfzcfwo.gq/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://cdfzcfwo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 07:47:32 GMT
content-encoding: gzip
last-modified: Thu, 30 Jun 2022 13:39:57 GMT
server: nginx/1.18.0
etag: W/"62bda7ad-5a03"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sun, 14 Aug 2022 07:52:32 GMT
cache-control: max-age=300
x-proxy-cache: HIT

GET
H/1.1

200
OK

Primary Request / Show response
mega-flirtbooks.life/
Redirect Chain

https://transitgirls.com/JftSRJNZ?tag=other
http://t.luvmenow.com/sl?id=5fa1807a127bd6bcbd272004&pid=11249&sub3=3b8evus6d65d6&sub1=23358&sub2=frd
https://r.goaffmy.com/click?pid=6565&offer_id=2606&sub1=a_62f8a8951a5e260001664cd3&sub2=23358
https://omgtds.com/c1/652d1ae4-50ba-4605-902d-143db04df43e?aff=6565&source=23358&externalId=62f8a896d663a300017044ff&sub2=23358&sub3=6565&pp=1
https://r.goaffmy.com/click?pid=11972&offer_id=2798&sub1=cbsah5lki7qadpjec1d0&sub2=23358&sub3=6565&sub5=62f8a896d663a300017044ff&sub7=&sub8=
https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink

5 KB
5 KB

132ms
58ms

Document
text/html

95.217.244.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
Requested by: Host: cdfzcfwo.gq
URL: https://cdfzcfwo.gq/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.217.244.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.244.217.95.clients.your-server.de
Software: nginx /
Resource Hash: f216a894f93fd1ec0dc9e63a86a09849673913c261a04613db8b64beb329026f

Request headers

Referer: https://cdfzcfwo.gq/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Cache-Control: no-transform
Connection: keep-alive
Content-Length: 4692
Content-Type: text/html
Date: Sun, 14 Aug 2022 07:47:34 GMT
Server: nginx
cache-control: private

Redirect headers

access-control-allow-origin: *
content-length: 0
date: Sun, 14 Aug 2022 07:47:34 GMT
location: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
server: nginx

GET
H2 200 adManager.m.js
js.wpadmngr.com/static/ 85 KB
31 KB 70ms
15ms Script
application/javascript 45.133.44.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpadmngr.com/static/adManager.m.js
Requested by: Host: sw.wpush.org
URL: https://sw.wpush.org/script/main.js?promo=24303&tcid=2833&src=1860236680
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://cdfzcfwo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 07:47:32 GMT
content-encoding: gzip
last-modified: Wed, 10 Aug 2022 09:37:00 GMT
server: nginx/1.18.0
etag: W/"62f37c3c-1524f"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sun, 14 Aug 2022 07:52:32 GMT
cache-control: max-age=300
x-proxy-cache: HIT

GET
H2 200 wp-banners.js
js.wpadmngr.com/npc/sdk/ 0
237 B 14ms
13ms Script
application/javascript 45.133.44.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpadmngr.com/npc/sdk/wp-banners.js
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://cdfzcfwo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 07:47:32 GMT
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
server: nginx/1.18.0
etag: "611fc6d7-0"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sun, 14 Aug 2022 07:52:32 GMT
cache-control: max-age=300
accept-ranges: bytes
content-length: 0
x-proxy-cache: HIT

POST
H/1.1 200
OK fp
fp.metricswpsh.com/ 0
364 B 103ms
55ms XHR
text/plain 23.88.85.6
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.metricswpsh.com/fp?tag_id=0
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.88.85.6 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.6.85.88.23.clients.your-server.de
Software: nginx/1.20.1 /
Resource Hash

Request headers

Referer: https://cdfzcfwo.gq/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

Date: Sun, 14 Aug 2022 07:47:32 GMT
Server: nginx/1.20.1
Vary: Origin
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: https://cdfzcfwo.gq
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H2 200 track
bacd2a0353.7a6a4e9e27.com/in/ 0
207 B 121ms
54ms XHR
text/plain 45.133.44.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://bacd2a0353.7a6a4e9e27.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI4MTEzNjIzMjA2MDg0MzEzMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMy4wIiwidGFnX2lkIjowLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjE2MDB4MTIwMCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiRXRjL1Vua25vd24iLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4xMiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiUGxheSUyQ3ZpZGVvJTIwIn0=
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://cdfzcfwo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 14 Aug 2022 07:47:32 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

GET
H2 200 push.m.js
js.wpshsdk.com/npc/sdk/ 51 KB
20 KB 45ms
14ms Script
application/javascript 45.133.44.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpshsdk.com/npc/sdk/push.m.js?v=1
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://cdfzcfwo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 07:47:32 GMT
content-encoding: gzip
last-modified: Fri, 12 Aug 2022 09:19:54 GMT
server: nginx/1.18.0
etag: W/"62f61b3a-cd9a"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sun, 14 Aug 2022 07:52:32 GMT
cache-control: max-age=300
x-proxy-cache: HIT

GET
H2 200 ipnpush.m.js
js.wpushsdk.com/npc/sdk/wpu/ 244 KB
66 KB 148ms
25ms Script
application/javascript 45.133.44.25
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpushsdk.com/npc/sdk/wpu/ipnpush.m.js
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://cdfzcfwo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 07:47:32 GMT
content-encoding: gzip
last-modified: Mon, 08 Aug 2022 16:14:52 GMT
server: nginx/1.18.0
etag: W/"62f1367c-3d033"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sun, 14 Aug 2022 07:52:32 GMT
cache-control: max-age=300
x-proxy-cache: HIT

GET
H2 200 csub.m.js
js.wpushsdk.com/npc/sdk/wpu/ 52 KB
13 KB 166ms
44ms Script
application/javascript 45.133.44.25
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpushsdk.com/npc/sdk/wpu/csub.m.js
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://cdfzcfwo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 07:47:32 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 11:09:06 GMT
server: nginx/1.18.0
etag: W/"62eba8d2-d0c6"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sun, 14 Aug 2022 07:52:32 GMT
cache-control: max-age=300
x-proxy-cache: HIT

OPTIONS
H/1.1 204
No Content fp
fp.metricswpsh.com/ Frame 0
0 73ms
22ms Preflight 23.88.85.6
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.metricswpsh.com/fp?tag_id=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.88.85.6 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.6.85.88.23.clients.your-server.de
Software: nginx/1.20.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://cdfzcfwo.gq
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://cdfzcfwo.gq
Connection: keep-alive
Date: Sun, 14 Aug 2022 07:47:32 GMT
Server: nginx/1.20.1
Vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H2 200 2833.php
js.jnkstff.com/npc/anpc/ 130 B
339 B 88ms
43ms XHR
text/html 45.133.44.25
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.jnkstff.com/npc/anpc/2833.php
Requested by: Host: js.wpushsdk.com
URL: https://js.wpushsdk.com/npc/sdk/wpu/ipnpush.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.16.1 / PHP/7.1.28
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://cdfzcfwo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 07:47:32 GMT
content-encoding: gzip
server: nginx/1.16.1
x-powered-by: PHP/7.1.28
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 14 Aug 2022 08:47:32 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H2 200 dip
nereserv.com/in/ 0
201 B 93ms
26ms XHR
text/plain 168.119.25.22
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://nereserv.com/in/dip?wl=1&event_id=ffdd711a-7390-4bd1-a12a-2ca812ef21d6&subid=1860236680&sid=909741843&spot_id=0&created_at=2022-08-14&timezone=0&ver=6.12.0&is_native=1&user_keywords=Play%252Cvideo%2520
Requested by: Host: js.wpushsdk.com
URL: https://js.wpushsdk.com/npc/sdk/wpu/ipnpush.m.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 168.119.25.22 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.22.25.119.168.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://cdfzcfwo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 14 Aug 2022 07:47:32 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

POST
H2 200 multy
5da64829e9.7a6a4e9e27.com/in/ 9 KB
10 KB 1057ms
1057ms XHR
application/json 2a01:4f8:e0:19cb::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://5da64829e9.7a6a4e9e27.com/in/multy
Requested by: Host: js.wpushsdk.com
URL: https://js.wpushsdk.com/npc/sdk/wpu/ipnpush.m.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

Referer: https://cdfzcfwo.gq/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 14 Aug 2022 07:47:34 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
content-type: application/json
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 9717

OPTIONS
H2 204 multy
5da64829e9.7a6a4e9e27.com/in/ Frame 0
0 209ms
22ms Preflight 2a01:4f8:e0:19cb::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://5da64829e9.7a6a4e9e27.com/in/multy
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://cdfzcfwo.gq
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
date: Sun, 14 Aug 2022 07:47:32 GMT
pragma: no-cache
server: nginx/1.18.0
vary: Origin

GET
H2 200 styles.css
js.wpshsdk.com/npc/sdk/push/ 2 KB
1 KB 13ms
13ms Stylesheet
text/css 45.133.44.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpshsdk.com/npc/sdk/push/styles.css
Requested by: Host: js.wpshsdk.com
URL: https://js.wpshsdk.com/npc/sdk/push.m.js?v=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://cdfzcfwo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 07:47:32 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 20:33:19 GMT
server: nginx/1.18.0
etag: W/"5f10b98f-843"
content-type: text/css
access-control-allow-origin: *
expires: Sun, 14 Aug 2022 07:52:32 GMT
cache-control: max-age=300
x-proxy-cache: HIT

GET
H2 200 subscription-offers
notification.tubecup.net/in/ 0
201 B 79ms
25ms Image
text/plain 78.47.199.204
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notification.tubecup.net/in/subscription-offers?href=https%3A%2F%2Fcdfzcfwo.gq%2F&tcid=2833&spot_id=0&site=tcpublisher&source_id=1860236680
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.47.199.204 Thalmassing, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.204.199.47.78.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://cdfzcfwo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 14 Aug 2022 07:47:32 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

GET
H2

200

US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
static.bookmsg.com/creatives/US/
Redirect Chain

https://5da64829e9.7a6a4e9e27.com/in/show/?mid=1153916536&pid=0&site=native-push-adult&sc=NL&usage_type=DCH&subid=1860236680&sid=909741843&cid=1975&price=0.00022&is_cpm=0&cpm=0&ecpm=0.0084097274436...
https://static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp

590 B
746 B

107ms
23ms

Image
image/webp

88.198.209.36
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
Protocol: H2
Server: 88.198.209.36 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.88-198-209-36.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://cdfzcfwo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 07:47:34 GMT
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
server: nginx/1.18.0
etag: "5fbd178c-24e"
content-type: image/webp
cache-control: public, max-age=315360000
accept-ranges: bytes
content-length: 590

Redirect headers

pragma: no-cache
date: Sun, 14 Aug 2022 07:47:34 GMT
server: nginx/1.18.0
access-control-allow-origin: *
vary: Origin
access-control-allow-methods: *
location: https://static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

GET
H2 200 US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
static.bookmsg.com/creatives/US/ 590 B
747 B 178ms
22ms Image
image/webp 88.198.209.36
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.198.209.36 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.88-198-209-36.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://cdfzcfwo.gq/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 07:47:34 GMT
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
server: nginx/1.18.0
etag: "5fbd178c-24e"
content-type: image/webp
cache-control: public, max-age=315360000
accept-ranges: bytes
content-length: 590

GET
DATA 200
OK truncated
/ Frame 97CC 110 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 97CC 110 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 97CC 110 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 97CC 110 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 97CC 110 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 97CC 110 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 97CC 110 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 97CC 110 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 97CC 110 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 97CC 110 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 97CC 110 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 97CC 110 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 97CC 110 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 97CC 110 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 97CC 110 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 97CC 110 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 97CC 110 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pEIx0VVG-minify.jpg
12112336.pix-cdn.org/m/p/0/374/374555/conversions/ Frame 97CC 9 KB
9 KB 78ms
15ms Image
image/jpeg 45.133.44.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://12112336.pix-cdn.org/m/p/0/374/374555/conversions/pEIx0VVG-minify.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 14 Aug 2022 07:47:34 GMT
last-modified: Sat, 30 Jul 2022 08:31:52 GMT
server: nginx/1.12.2
etag: "62e4ec78-22a0"
content-type: image/jpeg
expires: 0
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
content-length: 8864
x-proxy-cache: HIT

GET
DATA 200
OK truncated
/ Frame 97CC 483 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

PN64VyDs-minify.jpg
12112336.pix-cdn.org/m/p/0/374/374554/conversions/ Frame 97CC
Redirect Chain

https://5da64829e9.7a6a4e9e27.com/in/show/?mid=1153916536&pid=0&site=native-push-adult&sc=NL&usage_type=DCH&subid=1860236680&sid=909741843&cid=12695&price=0&is_cpm=1&cpm=0.019&ecpm=0.01843&crid=224...
https://pn.bquildna43.site/in/tip_shows/?katds_ep=dRXxZueK3B71Qutxyxgzi7CI_9JNHcRyQDMzgOGwjr-9pCrpzTuNbcGliWEr5k7iodQLC1cSAc6G-yw2IYp6glYGCwIFibrp7zSauM2O_s70ikh_Iaa1AgMrVZag7s1uy4YM8u8SWCEhuJQJhAU...
https://12112336.pix-cdn.org/m/p/0/374/374554/conversions/PN64VyDs-minify.jpg

3 KB
3 KB

14ms
14ms

Image
image/jpeg

45.133.44.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://12112336.pix-cdn.org/m/p/0/374/374554/conversions/PN64VyDs-minify.jpg
Protocol: H2
Server: 45.133.44.24 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 14 Aug 2022 07:47:34 GMT
last-modified: Sat, 30 Jul 2022 08:31:38 GMT
server: nginx/1.12.2
etag: "62e4ec6a-b69"
content-type: image/jpeg
expires: 0
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
content-length: 2921
x-proxy-cache: HIT

Redirect headers

date: Sun, 14 Aug 2022 07:47:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://12112336.pix-cdn.org/m/p/0/374/374554/conversions/PN64VyDs-minify.jpg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1sso0NXhlYnxrRhjghYDHNrdZw0PXYntWPyFofRD8WM1D2OpuHRDhqbxO%2B577iGkyet5Vw0mfnW%2B%2F6WRKszNkFsgaysELyFMe9XfFsg0TTcZaYl9yUzR70HuY5%2Fc2wq9VUwDpoLQy53ZSkR2sauG7us%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 73a8154acc49bbb9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
H2 200 css
fonts.googleapis.com/ 7 KB
1 KB 79ms
30ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Monoton|Raleway:400,700|Roboto:300,700

Requested by

Host: mega-flirtbooks.life
URL: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3b73704d99c3f9f97a00cac54e301e4f5d98b463c86feb4d3f8cc2fd741c474b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mega-flirtbooks.life/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 14 Aug 2022 07:12:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sun, 14 Aug 2022 07:47:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 14 Aug 2022 07:47:34 GMT

GET
H/1.1 200
OK style.css
mega-flirtbooks.life/media/dating/dirtysinder/css/ 16 KB
16 KB 23ms
22ms Stylesheet
text/css 95.217.244.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mega-flirtbooks.life/media/dating/dirtysinder/css/style.css
Requested by: Host: mega-flirtbooks.life
URL: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.217.244.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.244.217.95.clients.your-server.de
Software: nginx /
Resource Hash: 9c0fba4352f346a81523df1f943addecb49b9f082cd6fee3962b1681a7fbd5f5

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 14 Aug 2022 07:47:34 GMT
Last-Modified: Thu, 16 Jun 2022 13:41:10 GMT
Server: nginx
ETag: "62ab32f6-3e0d"
Content-Type: text/css
Cache-Control: no-transform
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15885

GET
H/1.1 200
OK flag-icon.css
mega-flirtbooks.life/util/flag-icon/css/ 40 KB
40 KB 67ms
22ms Stylesheet
text/css 95.217.244.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mega-flirtbooks.life/util/flag-icon/css/flag-icon.css
Requested by: Host: mega-flirtbooks.life
URL: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.217.244.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.244.217.95.clients.your-server.de
Software: nginx /
Resource Hash: d6afd8d9abc2967f29ad396854cd05b1a12dcf9b7084f944c136ca6f540c5a39

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 14 Aug 2022 07:47:34 GMT
Last-Modified: Thu, 16 Jun 2022 13:40:57 GMT
Server: nginx
ETag: "62ab32e9-9eb3"
Content-Type: text/css
Cache-Control: no-transform
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 40627

GET
H/1.1 200
OK utils.js Show response
mega-flirtbooks.life/util/ 7 KB
8 KB 67ms
22ms Script
application/javascript 95.217.244.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mega-flirtbooks.life/util/utils.js
Requested by: Host: mega-flirtbooks.life
URL: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.217.244.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.244.217.95.clients.your-server.de
Software: nginx /
Resource Hash: 8b3c83a330bf1120a13eff6ef60c1e268b827b7bc49b42a7a1f5d8ad6941f2ea

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 14 Aug 2022 07:47:34 GMT
Last-Modified: Fri, 29 Jul 2022 09:05:03 GMT
Server: nginx
ETag: "62e3a2bf-1d58"
Content-Type: application/javascript
Cache-Control: no-transform
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7512

GET
H/1.1 200
OK logo-loveme_black1.svg
mega-flirtbooks.life/media/dating/dirtysinder/images/ 4 KB
5 KB 91ms
22ms Image
image/svg+xml 95.217.244.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mega-flirtbooks.life/media/dating/dirtysinder/images/logo-loveme_black1.svg
Requested by: Host: mega-flirtbooks.life
URL: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.217.244.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.244.217.95.clients.your-server.de
Software: nginx /
Resource Hash: 3fd4d4a7fe6c0d2743ef52f04eddd31432c86c95fd79f39fe8bdffb7d8fba0b3

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 14 Aug 2022 07:47:34 GMT
Last-Modified: Thu, 16 Jun 2022 13:41:10 GMT
Server: nginx
ETag: "62ab32f6-1161"
Content-Type: image/svg+xml
Cache-Control: no-transform
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4449

GET
H/1.1 200
OK jquery-2.2.4.min.js Show response
mega-flirtbooks.life/media/dating/dirtysinder/js/ 84 KB
84 KB 23ms
23ms Script
application/javascript 95.217.244.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mega-flirtbooks.life/media/dating/dirtysinder/js/jquery-2.2.4.min.js
Requested by: Host: mega-flirtbooks.life
URL: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.217.244.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.244.217.95.clients.your-server.de
Software: nginx /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 14 Aug 2022 07:47:34 GMT
Last-Modified: Fri, 29 Jul 2022 09:15:04 GMT
Server: nginx
ETag: "62e3a518-14e4a"
Content-Type: application/javascript
Cache-Control: no-transform
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 85578

GET
H/1.1 200
OK trls.js Show response
mega-flirtbooks.life/media/dating/dirtysinder/js/ 17 KB
18 KB 22ms
22ms Script
application/javascript 95.217.244.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mega-flirtbooks.life/media/dating/dirtysinder/js/trls.js
Requested by: Host: mega-flirtbooks.life
URL: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.217.244.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.244.217.95.clients.your-server.de
Software: nginx /
Resource Hash: 1a7eb7795296faf56df1f30f1c6771b7eaa9290c60127e3e9d86696668ea48c8

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 14 Aug 2022 07:47:34 GMT
Last-Modified: Fri, 29 Jul 2022 09:15:04 GMT
Server: nginx
ETag: "62e3a518-4559"
Content-Type: application/javascript
Cache-Control: no-transform
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17753

GET
H/1.1 200
OK main.js Show response
mega-flirtbooks.life/media/dating/dirtysinder/js/ 3 KB
3 KB 24ms
23ms Script
application/javascript 95.217.244.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mega-flirtbooks.life/media/dating/dirtysinder/js/main.js
Requested by: Host: mega-flirtbooks.life
URL: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.217.244.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.244.217.95.clients.your-server.de
Software: nginx /
Resource Hash: 2c03acf3d158e2105bd0881aab875eadf0cca1167beb22d930888b28f34ae5a5

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 14 Aug 2022 07:47:34 GMT
Last-Modified: Fri, 29 Jul 2022 09:15:04 GMT
Server: nginx
ETag: "62e3a518-c45"
Content-Type: application/javascript
Cache-Control: no-transform
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3141

GET
H/1.1 200
OK bb.js Show response
mega-flirtbooks.life/media/ 639 B
912 B 68ms
23ms Script
application/javascript 95.217.244.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mega-flirtbooks.life/media/bb.js
Requested by: Host: mega-flirtbooks.life
URL: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.217.244.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.244.217.95.clients.your-server.de
Software: nginx /
Resource Hash: 1be1304c675449b1bad38ea8c3da6c1da0763ed2fad339ee1aa461c7bf4e2a68

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 14 Aug 2022 07:47:34 GMT
Last-Modified: Thu, 28 Jul 2022 17:56:04 GMT
Server: nginx
ETag: "62e2cdb4-27f"
Content-Type: application/javascript
Cache-Control: no-transform
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 639

GET
H/1.1 200
OK exit1.js Show response
mega-flirtbooks.life/media/exit-new/ 3 KB
4 KB 81ms
23ms Script
application/javascript 95.217.244.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mega-flirtbooks.life/media/exit-new/exit1.js
Requested by: Host: mega-flirtbooks.life
URL: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.217.244.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.244.217.95.clients.your-server.de
Software: nginx /
Resource Hash: 618f345a156a0eda55177a1bf0e8a414104f9b6c6ff5cdbe71966f081ccb8a46

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 14 Aug 2022 07:47:34 GMT
Last-Modified: Thu, 16 Jun 2022 13:40:50 GMT
Server: nginx
ETag: "62ab32e2-d91"
Content-Type: application/javascript
Cache-Control: no-transform
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3473

GET
H/1.1 200
OK 1.jpg
mega-flirtbooks.life/media/dating/dirtysinder/images/ 142 KB
142 KB 36ms
23ms Image
image/jpeg 95.217.244.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mega-flirtbooks.life/media/dating/dirtysinder/images/1.jpg
Requested by: Host: mega-flirtbooks.life
URL: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.217.244.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.244.217.95.clients.your-server.de
Software: nginx /
Resource Hash: 37a751df9353725b7e06bec81bc5c9f42c77c21701e4717465a13f4df5c0540d

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 14 Aug 2022 07:47:34 GMT
Last-Modified: Thu, 16 Jun 2022 13:41:10 GMT
Server: nginx
ETag: "62ab32f6-23667"
Content-Type: image/jpeg
Cache-Control: no-transform
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 144999

GET
H/1.1 200
OK 2.jpg
mega-flirtbooks.life/media/dating/dirtysinder/images/ 121 KB
122 KB 33ms
23ms Image
image/jpeg 95.217.244.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mega-flirtbooks.life/media/dating/dirtysinder/images/2.jpg
Requested by: Host: mega-flirtbooks.life
URL: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.217.244.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.244.217.95.clients.your-server.de
Software: nginx /
Resource Hash: 2949d919c1cbfea9a960e5a7a9fe4fe5086c1f9073c278d7e653980917a5a740

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 14 Aug 2022 07:47:34 GMT
Last-Modified: Thu, 16 Jun 2022 13:41:10 GMT
Server: nginx
ETag: "62ab32f6-1e5f9"
Content-Type: image/jpeg
Cache-Control: no-transform
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 124409

GET
H/1.1 200
OK 3.jpg
mega-flirtbooks.life/media/dating/dirtysinder/images/ 146 KB
146 KB 53ms
21ms Image
image/jpeg 95.217.244.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mega-flirtbooks.life/media/dating/dirtysinder/images/3.jpg
Requested by: Host: mega-flirtbooks.life
URL: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.217.244.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.244.217.95.clients.your-server.de
Software: nginx /
Resource Hash: 8f31c428593d808f5dd1697233414338d03fdc0f7f88334ef3be339efc2ebda2

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mega-flirtbooks.life/?u=14mwkwf&o=021p8zy&t=6565_23358&cid=62f8a896a599640001984ac1&sub3=smartlink
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 14 Aug 2022 07:47:34 GMT
Last-Modified: Thu, 16 Jun 2022 13:41:10 GMT
Server: nginx
ETag: "62ab32f6-24781"
Content-Type: image/jpeg
Cache-Control: no-transform
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 149377

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 70ms
21ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Monoton|Raleway:400,700|Roboto:300,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mega-flirtbooks.life
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:39:45 GMT
x-content-type-options: nosniff
age: 486469
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 08 Aug 2023 16:39:45 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 104ms
55ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Monoton|Raleway:400,700|Roboto:300,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mega-flirtbooks.life
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 16:44:52 GMT
x-content-type-options: nosniff
age: 486162
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 08 Aug 2023 16:44:52 GMT

GET
H2 200 1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v28/ 45 KB
46 KB 77ms
28ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Monoton|Raleway:400,700|Roboto:300,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mega-flirtbooks.life
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 21:06:52 GMT
x-content-type-options: nosniff
age: 470442
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46524
x-xss-protection: 0
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 08 Aug 2023 21:06:52 GMT

GET
H/1.1 200
OK de.svg
mega-flirtbooks.life/util/flag-icon/flags/4x3/ 225 B
488 B 22ms
22ms Image
image/svg+xml 95.217.244.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mega-flirtbooks.life/util/flag-icon/flags/4x3/de.svg
Requested by: Host: mega-flirtbooks.life
URL: https://mega-flirtbooks.life/util/flag-icon/css/flag-icon.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.217.244.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.244.217.95.clients.your-server.de
Software: nginx /
Resource Hash: c4809b853e66ec703dddbfad86d0ef9f742e3a48c68ba520c5a9f39897a7284b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mega-flirtbooks.life/util/flag-icon/css/flag-icon.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 14 Aug 2022 07:47:34 GMT
Last-Modified: Thu, 16 Jun 2022 13:41:14 GMT
Server: nginx
ETag: "62ab32fa-e1"
Content-Type: image/svg+xml
Cache-Control: no-transform
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 225

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Porn Scam (Online)

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.network-site.za.com/	1970-01-20 05:57:35	Name: uuid Value: 9be057fd-1e21-41aa-80cf-ee5d59c3feec
transitgirls.com/	1970-01-20 05:59:01	Name: _subid Value: 3b8evus6d65d6
transitgirls.com/	1970-01-20 14:50:23	Name: 9bf24 Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjIzODQ4M1wiOjE2NjA0NjMyNTIsXCIxNDMzMlwiOjE2NjA0NjMyNTJ9LFwiY2FtcGFpZ25zXCI6e1wiMjMzNThcIjoxNjYwNDYzMjUyLFwiMTgyXCI6MTY2MDQ2MzI1Mn0sXCJ0aW1lXCI6MTY2MDQ2MzI1Mn0ifQ.w3n-mR6zzdJPhr8TIEGiLtXH4KEFSovuPY5DxxQpYcY
transitgirls.com/	1970-01-20 05:59:01	Name: _token Value: uuid_3b8evus6d65d6_3b8evus6d65d662f8a8945e2a20.23466516
fp.metricswpsh.com/	1970-01-20 13:59:59	Name: id Value: 3507987497098503120
pn.bquildna43.site/	1970-01-20 05:15:49	Name: 2357.0 Value: 1
.omgtds.com/	1970-01-20 05:15:49	Name: uid Value: BLgiibTtM
r.goaffmy.com/	1970-01-20 13:59:59	Name: afclick Value: 62f8a896a599640001984ac1
r.goaffmy.com/	1970-01-20 13:59:59	Name: afoffers Value: {"2606":1660463254,"2798":1660463254}
mega-flirtbooks.life/	1969-12-31 23:59:59	Name: sid Value: t2~1owdjw2aqygsnzjmer2j3rhd

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

12112336.pix-cdn.org
5da64829e9.7a6a4e9e27.com
bacd2a0353.7a6a4e9e27.com
cdfzcfwo.gq
fonts.googleapis.com
fonts.gstatic.com
fp.metricswpsh.com
js.jnkstff.com
js.wpadmngr.com
js.wpshsdk.com
js.wpushsdk.com
mega-flirtbooks.life
nereserv.com
network-site.za.com
notification.tubecup.net
omgtds.com
pn.bquildna43.site
r.goaffmy.com
static.bookmsg.com
sw.wpush.org
t.luvmenow.com
transitgirls.com
168.119.25.22
185.162.87.41
23.88.85.6
2606:4700:3034::ac43:cac1
2a00:1450:4001:828::2003
2a00:1450:4001:82b::200a
2a01:4f8:e0:19cb::1
2a06:98c1:3120::c
2a06:98c1:3121::3
34.141.137.168
34.91.226.152
45.133.44.24
45.133.44.25
78.47.199.204
88.198.209.36
95.217.244.250
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1990020ef1ddc762721e76284a790a47ec3c0c72d4570408fdf053ef31bc6291
1a7eb7795296faf56df1f30f1c6771b7eaa9290c60127e3e9d86696668ea48c8
1be1304c675449b1bad38ea8c3da6c1da0763ed2fad339ee1aa461c7bf4e2a68
21ff8891d3dd09fe7790e5f14d2bf384f9474d37b538387e26f1ece4294d6aea
2949d919c1cbfea9a960e5a7a9fe4fe5086c1f9073c278d7e653980917a5a740
2c03acf3d158e2105bd0881aab875eadf0cca1167beb22d930888b28f34ae5a5
37a751df9353725b7e06bec81bc5c9f42c77c21701e4717465a13f4df5c0540d
3b73704d99c3f9f97a00cac54e301e4f5d98b463c86feb4d3f8cc2fd741c474b
3fd4d4a7fe6c0d2743ef52f04eddd31432c86c95fd79f39fe8bdffb7d8fba0b3
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
618f345a156a0eda55177a1bf0e8a414104f9b6c6ff5cdbe71966f081ccb8a46
8b3c83a330bf1120a13eff6ef60c1e268b827b7bc49b42a7a1f5d8ad6941f2ea
8f31c428593d808f5dd1697233414338d03fdc0f7f88334ef3be339efc2ebda2
9c0fba4352f346a81523df1f943addecb49b9f082cd6fee3962b1681a7fbd5f5
c4809b853e66ec703dddbfad86d0ef9f742e3a48c68ba520c5a9f39897a7284b
d6afd8d9abc2967f29ad396854cd05b1a12dcf9b7084f944c136ca6f540c5a39
f216a894f93fd1ec0dc9e63a86a09849673913c261a04613db8b64beb329026f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

mega-flirtbooks.life Open in urlscan Pro 95.217.244.250 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

39 Requests

95 %HTTPS

38 %IPv6

21 Domains

22 Subdomains

13 IPs

4 Countries

849 kBTransfer

1190 kBSize

10 Cookies

0 Outgoing links

Page URL History

Redirected requests

39 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 18 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

mega-flirtbooks.life Open in urlscan Pro
95.217.244.250 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

39
Requests

95 %
HTTPS

38 %
IPv6

21
Domains

22
Subdomains

13
IPs

4
Countries

849 kB
Transfer

1190 kB
Size

10
Cookies

39 HTTP transactions
18 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!