amazonoriginals.qaafira.com Open in urlscan Pro
2a00:1450:4001:817::2013 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://amazonoriginals.qaafira.com/
Submission: On December 24 via automatic, source certstream-suspicious (December 24th 2019, 7:22:06 am UTC)

Summary HTTP 67 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 13 IPs in 4 countries across 14 domains to perform 67 HTTP transactions. The main IP is 2a00:1450:4001:817::2013, located in Frankfurt am Main, Germany and belongs to GOOGLE - Google LLC, US. The main domain is amazonoriginals.qaafira.com.
TLS certificate: Issued by GTS CA 1D2 on December 24th 2019. Valid for: 3 months.

This is the only time amazonoriginals.qaafira.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	2a00:1450:400... 2a00:1450:4001:817::2013	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81b::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2600:9000:205... 2600:9000:2057:9200:1a:a6:7f00:21	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
8	188.72.202.2 188.72.202.2	35415 (WEBZILLA) (WEBZILLA)
6	2a00:1450:400... 2a00:1450:4001:81d::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
1	51.15.74.77 51.15.74.77	12876 (Online SAS) (Online SAS)
2 6	173.192.101.24 173.192.101.24	36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.)
14	151.101.112.193 151.101.112.193	54113 (FASTLY) (FASTLY - Fastly)
4	18.211.56.182 18.211.56.182	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	188.42.160.80 188.42.160.80	35415 (WEBZILLA) (WEBZILLA)
6	94.31.29.128 94.31.29.128	33438 (HIGHWINDS2) (HIGHWINDS2 - Highwinds Network Group)
2 2	185.33.223.100 185.33.223.100	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
7	104.18.22.10 104.18.22.10	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
67	13

9 2a00:1450:4001:817::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

amazonoriginals.qaafira.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2057:9200:1a:a6:7f00:21 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

dc5k8fg5ioc8s.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 188.72.202.2 (Netherlands)

ASN35415 (WEBZILLA, NL)

propu.sh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:81d::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

1.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.15.74.77 (Netherlands)

ASN12876 (Online SAS, FR)
PTR: 77-74-15-51.rev.cloud.scaleway.com

image.ibb.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 173.192.101.24 (Dallas, United States) 2 redirects

ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: 18.65.c0ad.ip4.static.sl-reverse.com

p376822.clksite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mybestdc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 151.101.112.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.211.56.182 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-18-211-56-182.compute-1.amazonaws.com

distoryrussion.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.42.160.80 (Amsterdam, Netherlands)

ASN35415 (WEBZILLA, NL)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 94.31.29.128 (United Kingdom)

ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)
PTR: 94.31.29.128.IPYX-077437-ZYO.above.net

p376822.mycdn.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.223.100 (Netherlands) 2 redirects

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 373.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.22.10 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

rillagesrement.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	imgur.com i.imgur.com	105 KB
9	qaafira.com amazonoriginals.qaafira.com	29 KB
8	propu.sh propu.sh	44 KB
7	rillagesrement.info rillagesrement.info	2 KB
6	mycdn.co p376822.mycdn.co	72 KB
6	blogspot.com 1.bp.blogspot.com	106 KB
4	distoryrussion.info distoryrussion.info	383 B
4	mybestdc.com mybestdc.com	28 KB
2	adnxs.com 2 redirects secure.adnxs.com	2 KB
2	clksite.com 2 redirects p376822.clksite.com	496 B
2	cloudfront.net dc5k8fg5ioc8s.cloudfront.net	38 KB
1	rtmark.net my.rtmark.net	785 B
1	ibb.co image.ibb.co	90 KB
1	googleapis.com ajax.googleapis.com	33 KB
67	14

	Domain	Requested by
14	i.imgur.com	amazonoriginals.qaafira.com
9	amazonoriginals.qaafira.com	amazonoriginals.qaafira.com
8	propu.sh	amazonoriginals.qaafira.com propu.sh
7	rillagesrement.info	amazonoriginals.qaafira.com dc5k8fg5ioc8s.cloudfront.net
6	p376822.mycdn.co	mybestdc.com p376822.mycdn.co amazonoriginals.qaafira.com
6	1.bp.blogspot.com	amazonoriginals.qaafira.com
4	distoryrussion.info	amazonoriginals.qaafira.com dc5k8fg5ioc8s.cloudfront.net
4	mybestdc.com	amazonoriginals.qaafira.com p376822.mycdn.co
2	secure.adnxs.com	2 redirects
2	p376822.clksite.com	2 redirects
2	dc5k8fg5ioc8s.cloudfront.net	amazonoriginals.qaafira.com dc5k8fg5ioc8s.cloudfront.net
1	my.rtmark.net	propu.sh
1	image.ibb.co	amazonoriginals.qaafira.com
1	ajax.googleapis.com	amazonoriginals.qaafira.com
67	14

This site contains links to these domains. Also see Links.

Domain
gplinks.in
www.blogger.com

Subject Issuer	Validity	Valid
amazonoriginals.qaafira.com GTS CA 1D2	`2019-12-24` - `2020-03-23`	3 months	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2019-12-03` - `2020-02-25`	3 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2019-07-17` - `2020-07-05`	a year	crt.sh
*.propu.sh Let's Encrypt Authority X3	`2019-10-10` - `2020-01-08`	3 months	crt.sh
*.googleusercontent.com GTS CA 1O1	`2019-12-03` - `2020-02-25`	3 months	crt.sh
ibb.co Let's Encrypt Authority X3	`2019-11-28` - `2020-02-26`	3 months	crt.sh
*.mybestdc.com Sectigo RSA Domain Validation Secure Server CA	`2019-07-11` - `2020-07-21`	a year	crt.sh
*.imgur.com DigiCert SHA2 Secure Server CA	`2018-12-14` - `2020-02-12`	a year	crt.sh
distoryrussion.info Amazon	`2019-11-28` - `2020-12-28`	a year	crt.sh
my.rtmark.net Let's Encrypt Authority X3	`2019-12-09` - `2020-03-08`	3 months	crt.sh
*.mycdn.co Sectigo RSA Domain Validation Secure Server CA	`2019-10-10` - `2020-10-21`	a year	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-12-15` - `2020-10-09`	10 months	crt.sh

This page contains 4 frames:

Primary Page: https://amazonoriginals.qaafira.com/
Frame ID: F97BAA574B3D962C8D40B71313A53411
Requests: 64 HTTP requests in this frame

Frame: https://p376822.mycdn.co/uicomp/styles/dist/80.2-1/it-banner-frame.css
Frame ID: 92DE749DDC0C34D6877D39D5E419065F
Requests: 2 HTTP requests in this frame

Frame: https://p376822.mycdn.co/uicomp/styles/dist/80.2-1/it-banner-frame.css
Frame ID: 461AC83871E1BF2B84D9BBC552BA1989
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: 7881FA2A32EFD219584541E7653E65B8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Java (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /GSE/i

OpenGSE (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /GSE/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

67
Requests

94 %
HTTPS

31 %
IPv6

14
Domains

14
Subdomains

13
IPs

4
Countries

549 kB
Transfer

1014 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://gplinks.in/ref/samyakkosode99

Search URL Search Domain Scan URL

URL: https://www.blogger.com/go/blogspot-cookies
Title: Weitere Informationen

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://p376822.clksite.com/adServe/banners?tid=376822_739430_11 HTTP 301
https://mybestdc.com/adServe/banners?tid=376822_739430_11

Request Chain 20

https://p376822.clksite.com/adServe/banners?tid=376822_739430_13 HTTP 301
https://mybestdc.com/adServe/banners?tid=376822_739430_13

Request Chain 55

https://secure.adnxs.com/getuid?https://rillagesrement.info/s?a=$UID&b=169457165959 HTTP 302
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Frillagesrement.info%2Fs%3Fa%3D%24UID%26b%3D169457165959 HTTP 302
https://rillagesrement.info/s?a=7038624528057257148&b=169457165959

67 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
amazonoriginals.qaafira.com/ 92 KB
27 KB 333ms
279ms Document
text/html 2a00:1450:4001:817::2013
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://amazonoriginals.qaafira.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

c29ade0b17d4598853ceb242f2bccb8cde38ea6e128fd1c49be48d355a2a15ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: amazonoriginals.qaafira.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User: ?1

Response headers

status: 200
content-type: text/html; charset=UTF-8
expires: Tue, 24 Dec 2019 07:21:45 GMT
date: Tue, 24 Dec 2019 07:21:45 GMT
cache-control: private, max-age=0
last-modified: Tue, 24 Dec 2019 07:19:21 GMT
etag: W/"b4ea8923ec34632b0e351bee3f27e2083170aba2aa15673f9a2d868ef8764e10"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 27045
server: GSE

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.7.2/ 93 KB
33 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81b::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

Requested by

Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 20 Nov 2019 11:27:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2922863
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 33845
x-xss-protection: 0
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Nov 2020 11:27:22 GMT

GET
H2 404 detect.js
amazonoriginals.qaafira.com/ 0
0 289ms
288ms Script
text/html 2a00:1450:4001:817::2013
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://amazonoriginals.qaafira.com/detect.js

Requested by

Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Dec 2019 07:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
content-type: text/html; charset=UTF-8
status: 404
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 1382
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 404 P6T3E4rD3c.js
amazonoriginals.qaafira.com/ 0
0 177ms
177ms Script
text/html 2a00:1450:4001:817::2013
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://amazonoriginals.qaafira.com/P6T3E4rD3c.js

Requested by

Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Dec 2019 07:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
content-type: text/html; charset=UTF-8
status: 404
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 1382
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
dc5k8fg5ioc8s.cloudfront.net/ 103 KB
38 KB 195ms
175ms Script
text/plain 2600:9000:2057:9200:1a:a6:7f00:21
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=826139
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2057:9200:1a:a6:7f00:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: /
Resource Hash: 713bb613fb60f23abb8cdf2280ba62a99dd343f2089118b98539721e7529c3f5

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Dec 2019 07:21:45 GMT
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
status: 200
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
access-control-allow-origin: *
content-length: 38300
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
x-amz-cf-id: rt5QbF77Tol_lFCmeVH8NfJFRutTY7owfxPc5ZvDcRWCexOppf53WA==

GET
H/1.1 200
OK ntfc.php Show response
propu.sh/ 13 KB
6 KB 145ms
37ms Script
application/javascript 188.72.202.2
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://propu.sh/ntfc.php?p=2989958
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 188.72.202.2 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1ff7ed44f4cdf6172d3a1d88a6b31850359f29753cb73f7390077eac82cfe611

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 24 Dec 2019 07:21:45 GMT
Content-Encoding: gzip
Content-Type: application/javascript; charset=utf-8
Server: nginx
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
P3P: CP="CUR ADM OUR NOR STA NID"
Access-Control-Max-Age: 86400
Cache-Control: private, max-age=0, no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 images%2B%252825%2529.jpeg
1.bp.blogspot.com/-Z_lMtZbh_LM/XaNEHaS4L5I/AAAAAAAACvA/MoHXPl5Py-kAPahe8ZI5qe1DJ4x0kVWIgCLcBGAsYHQ/s320/ 9 KB
10 KB 180ms
159ms Image
image/jpeg 2a00:1450:4001:81d::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-Z_lMtZbh_LM/XaNEHaS4L5I/AAAAAAAACvA/MoHXPl5Py-kAPahe8ZI5qe1DJ4x0kVWIgCLcBGAsYHQ/s320/images%2B%252825%2529.jpeg

Requested by

Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

045ae2171eeed0c2b6c6bdfb4ed361eb8bc69bea8b93ef7622505b7a85bba93b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:45 GMT
x-content-type-options: nosniff
age: 0
status: 200
content-disposition: inline;filename="images (25).jpeg"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9542
x-xss-protection: 0
server: fife
etag: "vaf1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 22 Dec 2019 12:05:49 GMT

GET
H2 200 900x250.png
image.ibb.co/hspF4T/ 90 KB
90 KB 108ms
47ms Image
image/png 51.15.74.77
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image.ibb.co/hspF4T/900x250.png
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.15.74.77 , Netherlands, ASN12876 (Online SAS, FR),
Reverse DNS: 77-74-15-51.rev.cloud.scaleway.com
Software: nginx /
Resource Hash: 67d986f0742b349ea2ecef81c55262c31ff3c8844d789bbc5ded3c6971d3f858

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
last-modified: Mon, 30 Jul 2018 04:26:38 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
content-type: image/png
status: 200
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 91923
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cookienotice.js Show response
amazonoriginals.qaafira.com/js/ 6 KB
2 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:817::2013
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://amazonoriginals.qaafira.com/js/cookienotice.js

Requested by

Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 23 Dec 2019 16:18:27 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2026
x-xss-protection: 0
expires: Tue, 31 Dec 2019 07:21:46 GMT

GET tabs-1.css
amazonoriginals.qaafira.com/css/ 0
0

GET
H2 404 jquery.tools.min.js
amazonoriginals.qaafira.com/ 0
0 289ms
289ms Script
text/html 2a00:1450:4001:817::2013
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://amazonoriginals.qaafira.com/jquery.tools.min.js

Requested by

Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Dec 2019 07:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
content-type: text/html; charset=UTF-8
status: 404
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 1382
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200

banners Show response
mybestdc.com/adServe/
Redirect Chain

https://p376822.clksite.com/adServe/banners?tid=376822_739430_11
https://mybestdc.com/adServe/banners?tid=376822_739430_11

34 KB
13 KB

588ms
143ms

Script
text/javascript

173.192.101.24
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://mybestdc.com/adServe/banners?tid=376822_739430_11
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.192.101.24 Dallas, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 18.65.c0ad.ip4.static.sl-reverse.com
Software: nginx /
Resource Hash: 0808563c833ba546b8e4eb59fdcb25487f9b29b685983546142810412dcd2f92

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 24 Dec 2019 07:21:46 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://mybestdc.com/adServe/banners?tid=376822_739430_11
Date: Tue, 24 Dec 2019 07:21:46 GMT
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 178
Content-Type: text/html

GET
H2 200 SYumuO7.png
i.imgur.com/ 4 KB
4 KB 131ms
55ms Image
image/png 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/SYumuO7.png
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: 9efe7d99c3e0c64ac6110538e24e2fb4b5ba1060df42ec5ac68347bc237cb9ae

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
age: 2314628
x-cache: HIT, HIT
status: 200
content-length: 4426
x-served-by: cache-bwi5144-BWI, cache-hhn4043-HHN
last-modified: Sun, 30 Jun 2019 07:43:23 GMT
server: cat factory 1.0
x-timer: S1577172106.089444,VS0,VE1
etag: "88ca33535639bc0189d81baf4f5f8f11"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 FmkU9Sb.png
i.imgur.com/ 35 KB
36 KB 131ms
55ms Image
image/png 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/FmkU9Sb.png
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: f23ac87798b30302961aa12587b5c581bd85f6c341437505917e3fd69848c388

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
age: 15291492
x-cache: HIT, HIT
status: 200
content-length: 36299
x-served-by: cache-bwi5123-BWI, cache-hhn4043-HHN
last-modified: Sun, 30 Jun 2019 07:43:35 GMT
server: cat factory 1.0
x-timer: S1577172106.089596,VS0,VE1
etag: "516b7a6f63ffc1cf987c880030596b2c"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 w5SlQI0.png
i.imgur.com/ 7 KB
7 KB 130ms
55ms Image
image/png 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/w5SlQI0.png
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: d34d6f457782920c55a29892a3b2b784265f3c8c477edcdf4854d89c03f77c26

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
age: 7613551
x-cache: HIT, HIT
status: 200
content-length: 7358
x-served-by: cache-bwi5149-BWI, cache-hhn4043-HHN
last-modified: Sun, 30 Jun 2019 07:43:47 GMT
server: cat factory 1.0
x-timer: S1577172106.089594,VS0,VE1
etag: "9272f53af67f64716c4a5f611fe012c2"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 yzsVAU9.png
i.imgur.com/ 7 KB
7 KB 111ms
36ms Image
image/png 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/yzsVAU9.png
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: d34d6f457782920c55a29892a3b2b784265f3c8c477edcdf4854d89c03f77c26

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
age: 13655734
x-cache: HIT, HIT
status: 200
content-length: 7358
x-served-by: cache-bwi5137-BWI, cache-hhn4043-HHN
last-modified: Sun, 30 Jun 2019 07:44:00 GMT
server: cat factory 1.0
x-timer: S1577172106.089585,VS0,VE1
etag: "9272f53af67f64716c4a5f611fe012c2"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 45tLaaV.png
i.imgur.com/ 7 KB
7 KB 129ms
54ms Image
image/png 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/45tLaaV.png
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: d0dc08e4a208955b42de0c08d4269b49b875ababa485caa2bf9a8fd9c086974d

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
age: 326842
x-cache: HIT, HIT
status: 200
content-length: 7070
x-served-by: cache-bwi5148-BWI, cache-hhn4043-HHN
last-modified: Sun, 30 Jun 2019 07:44:14 GMT
server: cat factory 1.0
x-timer: S1577172106.089566,VS0,VE1
etag: "c1ebdc12ac294d85d550ba80c576286c"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 LqRZvNx.png
i.imgur.com/ 7 KB
7 KB 130ms
55ms Image
image/png 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/LqRZvNx.png
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: d0dc08e4a208955b42de0c08d4269b49b875ababa485caa2bf9a8fd9c086974d

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
age: 3885607
x-cache: HIT, HIT
status: 200
content-length: 7070
x-served-by: cache-bwi5130-BWI, cache-hhn4043-HHN
last-modified: Sun, 30 Jun 2019 07:44:32 GMT
server: cat factory 1.0
x-timer: S1577172106.089577,VS0,VE1
etag: "c1ebdc12ac294d85d550ba80c576286c"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 images%2B%252824%2529.jpeg
1.bp.blogspot.com/-6UkZf971jmA/XaNF31_1f5I/AAAAAAAACvM/klDdaHDrAtE5QaEvy5No5UT9HM4GRX2yQCLcBGAsYHQ/s1600/ 19 KB
19 KB 146ms
144ms Image
image/jpeg 2a00:1450:4001:81d::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-6UkZf971jmA/XaNF31_1f5I/AAAAAAAACvM/klDdaHDrAtE5QaEvy5No5UT9HM4GRX2yQCLcBGAsYHQ/s1600/images%2B%252824%2529.jpeg

Requested by

Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

d0e6d6b1c93d3983f72f23526b93196ccb4bcb4c90d84febae770a1da407d723

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
x-content-type-options: nosniff
age: 0
status: 200
content-disposition: inline;filename="images (24).jpeg"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 19382
x-xss-protection: 0
server: fife
etag: "vaf4"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 22 Dec 2019 12:05:49 GMT

GET
H2 200 j7p3vDK.png
i.imgur.com/ 3 KB
3 KB 48ms
47ms Image
image/png 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/j7p3vDK.png
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: 03438aa5abe5f685d4fa633fa2119321c26db9a7e7526f4855111b0d39d87319

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
age: 903238
x-cache: HIT, HIT
status: 200
content-length: 2668
x-served-by: cache-bwi5132-BWI, cache-hhn4043-HHN
last-modified: Sun, 30 Jun 2019 07:47:38 GMT
server: cat factory 1.0
x-timer: S1577172106.128297,VS0,VE1
etag: "c8453f891cd670783fac596866febcbf"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 7SH6rfb.png
i.imgur.com/ 3 KB
3 KB 49ms
48ms Image
image/png 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/7SH6rfb.png
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: 03438aa5abe5f685d4fa633fa2119321c26db9a7e7526f4855111b0d39d87319

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
age: 3977784
x-cache: HIT, HIT
status: 200
content-length: 2668
x-served-by: cache-bwi5126-BWI, cache-hhn4043-HHN
last-modified: Sun, 30 Jun 2019 07:48:02 GMT
server: cat factory 1.0
x-timer: S1577172106.128308,VS0,VE1
etag: "c8453f891cd670783fac596866febcbf"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H/1.1

200

banners Show response
mybestdc.com/adServe/
Redirect Chain

https://p376822.clksite.com/adServe/banners?tid=376822_739430_13
https://mybestdc.com/adServe/banners?tid=376822_739430_13

34 KB
13 KB

595ms
163ms

Script
text/javascript

173.192.101.24
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://mybestdc.com/adServe/banners?tid=376822_739430_13
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.192.101.24 Dallas, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 18.65.c0ad.ip4.static.sl-reverse.com
Software: nginx /
Resource Hash: 6f1451c66e47cf6590145e2fb39a535d3937e01d2e85ccec0ede7c565c2f20bb

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 24 Dec 2019 07:21:46 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://mybestdc.com/adServe/banners?tid=376822_739430_13
Date: Tue, 24 Dec 2019 07:21:46 GMT
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 178
Content-Type: text/html

GET
H2 200 images%2B%252823%2529.jpeg
1.bp.blogspot.com/-s6L9OblMYbQ/XaNGfTEE0gI/AAAAAAAACvU/bM7PbVhw6J8SmYIfLKCWpguzCEvlTPGgQCLcBGAsYHQ/s1600/ 7 KB
7 KB 144ms
142ms Image
image/jpeg 2a00:1450:4001:81d::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-s6L9OblMYbQ/XaNGfTEE0gI/AAAAAAAACvU/bM7PbVhw6J8SmYIfLKCWpguzCEvlTPGgQCLcBGAsYHQ/s1600/images%2B%252823%2529.jpeg

Requested by

Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

18d7e20b4a36c1a10a659181eb5b8d8a461d078a46350ac534ac6183444aa82a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
x-content-type-options: nosniff
age: 0
status: 200
content-disposition: inline;filename="images (23).jpeg"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7053
x-xss-protection: 0
server: fife
etag: "vaf9"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 22 Dec 2019 12:05:49 GMT

GET
H2 200 70exByK.jpg
i.imgur.com/ 4 KB
5 KB 53ms
53ms Image
image/jpeg 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/70exByK.jpg
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: e02f7c2d7bed2b198eb68d0ac4fb008153292b2feecafd42123dff70a84cf297

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
age: 15291396
x-cache: HIT, HIT
status: 200
content-length: 4582
x-served-by: cache-bwi5142-BWI, cache-hhn4043-HHN
last-modified: Sun, 30 Jun 2019 07:45:08 GMT
server: cat factory 1.0
x-timer: S1577172106.128270,VS0,VE1
etag: "eb1af903f081776da231193ffae61f3d"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 h2gvNatY.jpg
1.bp.blogspot.com/--uIFFuSdWHQ/XaNGplWLsOI/AAAAAAAACvg/hvZHBkZXft4CiZlDqbT4tI4ujId-M2-_ACLcBGAsYHQ/s1600/ 42 KB
42 KB 148ms
146ms Image
image/jpeg 2a00:1450:4001:81d::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/--uIFFuSdWHQ/XaNGplWLsOI/AAAAAAAACvg/hvZHBkZXft4CiZlDqbT4tI4ujId-M2-_ACLcBGAsYHQ/s1600/h2gvNatY.jpg

Requested by

Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

833af367d560ede5038a762f3df07a129b1495142ddeeee3ef01ea34543e67ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
x-content-type-options: nosniff
age: 0
status: 200
content-disposition: inline;filename="h2gvNatY.jpg"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42607
x-xss-protection: 0
server: fife
etag: "vafb"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 22 Dec 2019 12:05:49 GMT

GET
H2 200 images%2B%252822%2529.jpeg
1.bp.blogspot.com/-adpiNeK7UBU/XaNGmhr2ERI/AAAAAAAACvc/CnhHq57jWyUjDerM0eexHCf2u4DozgzXQCLcBGAsYHQ/s1600/ 18 KB
18 KB 21ms
20ms Image
image/jpeg 2a00:1450:4001:81d::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-adpiNeK7UBU/XaNGmhr2ERI/AAAAAAAACvc/CnhHq57jWyUjDerM0eexHCf2u4DozgzXQCLcBGAsYHQ/s1600/images%2B%252822%2529.jpeg

Requested by

Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

47b58b4e11eb50ce29cd154a3a4363b06375f3ac59644494f6cbbc2d455738ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
x-content-type-options: nosniff
age: 0
status: 200
content-disposition: inline;filename="images (22).jpeg"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 18666
x-xss-protection: 0
server: fife
etag: "vafc"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 22 Dec 2019 12:05:49 GMT

GET
H2 200 MuhZ0Bj.jpg
i.imgur.com/ 6 KB
6 KB 57ms
56ms Image
image/jpeg 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/MuhZ0Bj.jpg
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: 6d48826668dfe9bd4982ea0ac99b1a918899f88f67d5a53de09d3d88fec63f41

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
age: 3881024
x-cache: HIT, HIT
status: 200
content-length: 6281
x-served-by: cache-bwi5138-BWI, cache-hhn4043-HHN
last-modified: Sun, 30 Jun 2019 07:45:54 GMT
server: cat factory 1.0
x-timer: S1577172106.128271,VS0,VE1
etag: "77dce20ca7f46d34503d84b1289f3ebf"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 44, 1

GET
H2 200 vf7N2YT.jpg
i.imgur.com/ 6 KB
6 KB 53ms
52ms Image
image/jpeg 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/vf7N2YT.jpg
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: ae70478e4a35155b11cf3da617b8abe1747b1ef5585673ddfb56bff8d090e4c4

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
age: 15291340
x-cache: HIT, HIT
status: 200
content-length: 5808
x-served-by: cache-bwi5120-BWI, cache-hhn4043-HHN
last-modified: Sun, 30 Jun 2019 07:46:05 GMT
server: cat factory 1.0
x-timer: S1577172106.128252,VS0,VE1
etag: "1d03df2424bc8bf2598d84529ce0a792"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 w19jmpw.jpg
i.imgur.com/ 4 KB
5 KB 57ms
56ms Image
image/jpeg 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/w19jmpw.jpg
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: e03b2f0212e101deb78b11e0cb84c3e1f7e7a2e2436da7873d19c01db1049896

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
age: 11844760
x-cache: HIT, HIT
status: 200
content-length: 4474
x-served-by: cache-bwi5133-BWI, cache-hhn4043-HHN
last-modified: Sun, 30 Jun 2019 07:46:18 GMT
server: cat factory 1.0
x-timer: S1577172106.128254,VS0,VE1
etag: "9b1755afc834ca01ab8b2153874aa12b"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 s200_tomilehin.babafemi.jpg
1.bp.blogspot.com/-cFpZ1ibK7dw/XaNGizuMT3I/AAAAAAAACvY/v_C2tUmPqwUkIok4Q-kbqOlb4jIkq0MjACLcBGAsYHQ/s1600/ 10 KB
10 KB 142ms
141ms Image
image/jpeg 2a00:1450:4001:81d::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-cFpZ1ibK7dw/XaNGizuMT3I/AAAAAAAACvY/v_C2tUmPqwUkIok4Q-kbqOlb4jIkq0MjACLcBGAsYHQ/s1600/s200_tomilehin.babafemi.jpg

Requested by

Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

00e98781c3b6cbe28f9e077357617f1ac79a2841d4b89b7de3f56a0fbb7eb57b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
x-content-type-options: nosniff
age: 0
status: 200
content-disposition: inline;filename="s200_tomilehin.babafemi.jpg"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 10567
x-xss-protection: 0
server: fife
etag: "vafa"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 22 Dec 2019 12:05:49 GMT

GET
H2 200 NllPRfI.jpg
i.imgur.com/ 5 KB
5 KB 58ms
58ms Image
image/jpeg 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/NllPRfI.jpg
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: d30c6bddf529dfc09be179687ec4291745a1078d18ae837b088e1c6c476781a1

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
age: 2831607
x-cache: HIT, HIT
status: 200
content-length: 4709
x-served-by: cache-bwi5145-BWI, cache-hhn4043-HHN
last-modified: Sun, 30 Jun 2019 07:46:48 GMT
server: cat factory 1.0
x-timer: S1577172106.128255,VS0,VE1
etag: "1e31617fa22921ad29c1b35376e9ac6d"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 AApdWbg.jpg
i.imgur.com/ 4 KB
4 KB 59ms
58ms Image
image/jpeg 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/AApdWbg.jpg
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: 8c05efae576b174dfd1e6b54a3d6cd286431d4f492f931d67817554af82c4669

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
age: 6571563
x-cache: HIT, HIT
status: 200
content-length: 4247
x-served-by: cache-bwi5137-BWI, cache-hhn4043-HHN
last-modified: Sun, 30 Jun 2019 07:47:01 GMT
server: cat factory 1.0
x-timer: S1577172106.128234,VS0,VE1
etag: "c834223e009289f9c0b59f53e5cec62b"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 404 P6T3E4rD3c.js
amazonoriginals.qaafira.com/ 0
0 516ms
516ms Script
text/html 2a00:1450:4001:817::2013
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://amazonoriginals.qaafira.com/P6T3E4rD3c.js

Requested by

Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Dec 2019 07:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
content-type: text/html; charset=UTF-8
status: 404
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 1382
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 QUdFRXBueCY2TRASFy49FBUyJiEEBCE8JS0FMi1DIi4MAzMZFT1jBCgjeH1Cd3Z2fFYxLiF4QWc0MSQENDR4dFYoKSMqTWcxeHRecnNrdEBvc2MxACAgeHRWMTMxKU1wcnJyQXZ1dHVFeHVz
distoryrussion.info/ 0
57 B 299ms
99ms Image
text/plain 18.211.56.182
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://distoryrussion.info/QUdFRXBueCY2TRASFy49FBUyJiEEBCE8JS0FMi1DIi4MAzMZFT1jBCgjeH1Cd3Z2fFYxLiF4QWc0MSQENDR4dFYoKSMqTWcxeHRecnNrdEBvc2MxACAgeHRWMTMxKU1wcnJyQXZ1dHVFeHVz
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.56.182 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-18-211-56-182.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
access-control-allow-origin: *
date: Tue, 24 Dec 2019 07:21:46 GMT

GET
H2 200 popunder.gif
distoryrussion.info/ 35 B
212 B 285ms
99ms Image
image/gif 18.211.56.182
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://distoryrussion.info/popunder.gif
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.56.182 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-18-211-56-182.compute-1.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: public
date: Tue, 24 Dec 2019 07:21:46 GMT
content-encoding: gzip
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: public, max-age=604800, immutable
content-length: 58

GET tabs-1.css
amazonoriginals.qaafira.com/css/ 0
0

GET
H/1.1 200
OK ntfc.php Show response
propu.sh/ 121 KB
35 KB 42ms
42ms Script
application/javascript 188.72.202.2
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://propu.sh/ntfc.php?p=2989958&r=ui&swver=3.1.142
Requested by: Host: propu.sh
URL: https://propu.sh/ntfc.php?p=2989958
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 188.72.202.2 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx /
Resource Hash: 46f6b93ff5d6c80a7250bce191aa1a70051a3e6e6e6654a04062235e0a9b8598

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 24 Dec 2019 07:21:46 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript; charset=utf-8
Access-Control-Max-Age: 86400
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2 404 jquery.tools.min.js
amazonoriginals.qaafira.com/ 0
0 145ms
145ms Script
text/html 2a00:1450:4001:817::2013
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://amazonoriginals.qaafira.com/jquery.tools.min.js

Requested by

Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Dec 2019 07:21:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
content-type: text/html; charset=UTF-8
status: 404
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 1382
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

OPTIONS
H/1.1 200
OK custom Show response
propu.sh/ 0
475 B 105ms
26ms Fetch
text/plain 188.72.202.2
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://propu.sh/custom
Requested by: Host: propu.sh
URL: https://propu.sh/ntfc.php?p=2989958&r=ui&swver=3.1.142
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 188.72.202.2 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://amazonoriginals.qaafira.com
Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

Date: Tue, 24 Dec 2019 07:21:46 GMT
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://amazonoriginals.qaafira.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 0

GET
H/1.1 200
OK gid.js Show response
my.rtmark.net/ 65 B
785 B 126ms
27ms Fetch
application/json 188.42.160.80
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=4ad6733fb35253722bad98ac0018cbda&zoneId=2989958&checkDuplicate=true&ymid=&var=

Requested by

Host: propu.sh
URL: https://propu.sh/ntfc.php?p=2989958&r=ui&swver=3.1.142

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

188.42.160.80 Amsterdam, Netherlands, ASN35415 (WEBZILLA, NL),

Reverse DNS

Software

nginx /

Resource Hash

2cc05cb5ec7d298ca453450a13fd0c727cd77e9d4e2ec3b7c392a78f8fe2f8c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://amazonoriginals.qaafira.com/
Origin: https://amazonoriginals.qaafira.com

Response headers

Date: Tue, 24 Dec 2019 07:21:46 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=1
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://amazonoriginals.qaafira.com
Access-Control-Expose-Headers: Authorization
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *, *
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
Content-Length: 65

POST
H/1.1 200
OK custom Show response
propu.sh/ 39 B
502 B 27ms
27ms Fetch
application/json 188.72.202.2
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL

https://propu.sh/custom

Requested by

Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

188.72.202.2 , Netherlands, ASN35415 (WEBZILLA, NL),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://amazonoriginals.qaafira.com/
Origin: https://amazonoriginals.qaafira.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

X-Trace-Id: b62ca9a1659c806483c1a769ceffe1f6
Date: Tue, 24 Dec 2019 07:21:46 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://amazonoriginals.qaafira.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 39

GET
H2 204 WkZsZmd1eQ8VWgkQNR4+aHdYP1YIFzQPV2kTABYCPywuNzBrd1lAEzMiUV5VbHdfX0EqLwhbVnw1GAcTLzVRUFV8LwIACGdgGltWdHVYSFZqaFhAEyonC1tWfDYYEgtnd1lRUGtxXldXbHVcVw
distoryrussion.info/ 0
57 B 100ms
99ms Image
text/plain 18.211.56.182
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://distoryrussion.info/WkZsZmd1eQ8VWgkQNR4+aHdYP1YIFzQPV2kTABYCPywuNzBrd1lAEzMiUV5VbHdfX0EqLwhbVnw1GAcTLzVRUFV8LwIACGdgGltWdHVYSFZqaFhAEyonC1tWfDYYEgtnd1lRUGtxXldXbHVcVw
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.56.182 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-18-211-56-182.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
access-control-allow-origin: *
date: Tue, 24 Dec 2019 07:21:46 GMT

GET tabs-1.css
amazonoriginals.qaafira.com/css/ 0
0

GET
H2 200 ui_tag_80.2-1.js Show response
p376822.mycdn.co/banners/script/ 176 KB
53 KB 86ms
20ms Script
application/javascript 94.31.29.128
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://p376822.mycdn.co/banners/script/ui_tag_80.2-1.js
Requested by: Host: mybestdc.com
URL: https://mybestdc.com/adServe/banners?tid=376822_739430_11
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.128 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.128.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 8a1e59ae28b7169b8dd533eab297b904d2417a1cba84e57be30d71e7bd717feb

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:46 GMT
content-encoding: gzip
last-modified: Mon, 24 Jun 2019 11:33:16 GMT
server: NetDNA-cache/2.2
etag: W/"5d10b4fc-2c04a"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
status: 200
cache-control: max-age=31104000
expires: Fri, 18 Dec 2020 07:21:46 GMT

GET
H2 404 jquery.tools.min.js
amazonoriginals.qaafira.com/ 0
0 148ms
147ms Script
text/html 2a00:1450:4001:817::2013
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://amazonoriginals.qaafira.com/jquery.tools.min.js

Requested by

Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Dec 2019 07:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
content-type: text/html; charset=UTF-8
status: 404
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 1382
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 it-ui-comp-37.css
p376822.mycdn.co/uicomp/styles/dist/80.2-1/ 23 KB
5 KB 21ms
21ms Stylesheet
text/css 94.31.29.128
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://p376822.mycdn.co/uicomp/styles/dist/80.2-1/it-ui-comp-37.css
Requested by: Host: p376822.mycdn.co
URL: https://p376822.mycdn.co/banners/script/ui_tag_80.2-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.128 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.128.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 5e48605dc57bfb041fe1f68d9e652ad884659a7ffe313ad36245b9e66a222909

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:47 GMT
content-encoding: gzip
last-modified: Mon, 24 Jun 2019 11:33:23 GMT
server: NetDNA-cache/2.2
etag: W/"5d10b503-5dea"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: text/css
status: 200
cache-control: max-age=31104000
expires: Fri, 18 Dec 2020 07:21:47 GMT

GET
H/1.1 200 findBanner Show response
mybestdc.com/adServe/banners/ 890 B
1 KB 152ms
152ms Script
text/javascript 173.192.101.24
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://mybestdc.com/adServe/banners/findBanner?num=1&keyword=GET%20A%20CHANCE%20TO%20SPIN%20FOR%20FREE%20AND%20WIN%20AMAZING%20PRIZES%20TODAY&tid=376822_739430_11&type=js&ar=b&ts=c&ito=https%3A%2F%2Fp376822.mycdn.co&bs=37&referrer=https%3A%2F%2Famazonoriginals.qaafira.com%2F&ap=cmp%3DBANNER%26evp%3Dr6UnlgOc7c-BA-vhlbpQy_bWwvziNp_1QR22JeacVpF5wtmlbQVQMvXYA29pje0d%26sjv%3D86.0%26ctid%3D0%26th%3D1200%26tw%3D1600%26inco%3D1%26tip%3DAmazon%2520Spin%2520and%2520Win&pid=376822&popeye=bXg9bnVsbCZteT1udWxsJmN4PW51bGwmY3k9bnVsbCZ3PTE2MDAmaD0xMjAwJmM9MSZzPTEmdD0xJmk9MCZvPS02MCZzb19mYj0tMSZzb19nbz0tMSZzb19ncD0tMSZzb190dz0tMSZzcD0wMDAwMDAwMDAwMDAxMDAwMDAwMDAwMCZtbV9tbj0wJm1tX2FzPTAmbW1fYWQ9MCZtbV9tdD0wJm1tX3NjPTAmbW1fc2RjPTAmbmNycz0xNg%3D%3D&olive=1&callback=ITCehpcev5obfi
Requested by: Host: p376822.mycdn.co
URL: https://p376822.mycdn.co/banners/script/ui_tag_80.2-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.192.101.24 Dallas, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 18.65.c0ad.ip4.static.sl-reverse.com
Software: nginx /
Resource Hash: 78ee60225ad99f58520bd0245254b571e5ba3342020e20da851b7573e4c45164

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 24 Dec 2019 07:21:47 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Keep-Alive: timeout=5
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET tabs-1.css
amazonoriginals.qaafira.com/css/ 0
0

GET
H2 200 it-banner-frame.css
p376822.mycdn.co/uicomp/styles/dist/80.2-1/ Frame 92DE 2 KB
924 B 20ms
20ms Stylesheet
text/css 94.31.29.128
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://p376822.mycdn.co/uicomp/styles/dist/80.2-1/it-banner-frame.css
Requested by: Host: p376822.mycdn.co
URL: https://p376822.mycdn.co/banners/script/ui_tag_80.2-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.128 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.128.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: f5cee4255bdd9370d50ce0499da2cea95831d5f39eb7a90461a83798d414ad51

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:47 GMT
content-encoding: gzip
last-modified: Mon, 24 Jun 2019 11:33:23 GMT
server: NetDNA-cache/2.2
etag: W/"5d10b503-858"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: text/css
status: 200
cache-control: max-age=31104000
expires: Fri, 18 Dec 2020 07:21:47 GMT

GET
H/1.1 200 findBanner Show response
mybestdc.com/adServe/banners/ 879 B
1 KB 151ms
151ms Script
text/javascript 173.192.101.24
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://mybestdc.com/adServe/banners/findBanner?num=1&keyword=GET%20A%20CHANCE%20TO%20SPIN%20FOR%20FREE%20AND%20WIN%20AMAZING%20PRIZES%20TODAY&tid=376822_739430_13&type=js&ar=b&ts=c&ito=https%3A%2F%2Fp376822.mycdn.co&bs=37&referrer=https%3A%2F%2Famazonoriginals.qaafira.com%2F&ap=cmp%3DBANNER%26evp%3Dr6UnlgOc7c-BA-vhlbpQy_bWwvziNp_1QR22JeacVpF5wtmlbQVQMnfIQm6DApe1%26sjv%3D86.0%26ctid%3D0%26th%3D1200%26tw%3D1600%26inco%3D1%26tip%3DAmazon%2520Spin%2520and%2520Win&pid=376822&popeye=bXg9bnVsbCZteT1udWxsJmN4PW51bGwmY3k9bnVsbCZ3PTE2MDAmaD0xMjAwJmM9MSZzPTEmdD0wJmk9MCZvPS02MCZzb19mYj0tMSZzb19nbz0tMSZzb19ncD0tMSZzb190dz0tMSZzcD0wMDAwMDAwMDAwMDAxMDAwMDAwMDAwMCZtbV9tbj0wJm1tX2FzPTAmbW1fYWQ9MCZtbV9tdD0wJm1tX3NjPTAmbW1fc2RjPTAmbmNycz0xNg%3D%3D&olive=1&callback=ITCyym9r3wwp5
Requested by: Host: p376822.mycdn.co
URL: https://p376822.mycdn.co/banners/script/ui_tag_80.2-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.192.101.24 Dallas, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 18.65.c0ad.ip4.static.sl-reverse.com
Software: nginx /
Resource Hash: 215699fb83d1fd141c9bdd1ab5f02fa6915e8ff137e7b3eb1e52c66de65cdd6c

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 24 Dec 2019 07:21:47 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Keep-Alive: timeout=5
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 sdp_red_ad_37_en.gif
p376822.mycdn.co/ext/onn/clean/ Frame 92DE 6 KB
7 KB 21ms
20ms Image
image/gif 94.31.29.128
Highwinds Network...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p376822.mycdn.co/ext/onn/clean/sdp_red_ad_37_en.gif
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.128 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.128.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 2cdb7afbbb42d21dd5eb690a53c3eb4ae74da676eb158ec704af4fd1b61f6a88

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:47 GMT
last-modified: Sun, 07 Apr 2019 14:30:26 GMT
server: NetDNA-cache/2.2
etag: "5caa0982-1945"
x-cache: HIT
content-type: image/gif
status: 200
cache-control: max-age=31104000
accept-ranges: bytes
content-length: 6469
expires: Fri, 18 Dec 2020 07:21:47 GMT

GET
H2 200 it-banner-frame.css
p376822.mycdn.co/uicomp/styles/dist/80.2-1/ Frame 461A 2 KB
924 B 22ms
21ms Stylesheet
text/css 94.31.29.128
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://p376822.mycdn.co/uicomp/styles/dist/80.2-1/it-banner-frame.css
Requested by: Host: p376822.mycdn.co
URL: https://p376822.mycdn.co/banners/script/ui_tag_80.2-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.128 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.128.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: f5cee4255bdd9370d50ce0499da2cea95831d5f39eb7a90461a83798d414ad51

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:47 GMT
content-encoding: gzip
last-modified: Mon, 24 Jun 2019 11:33:23 GMT
server: NetDNA-cache/2.2
etag: W/"5d10b503-858"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: text/css
status: 200
cache-control: max-age=31104000
expires: Fri, 18 Dec 2020 07:21:47 GMT

GET
H2 200 sdp_red_ad_37_en.gif
p376822.mycdn.co/ext/onn/clean/ Frame 461A 6 KB
7 KB 21ms
21ms Image
image/gif 94.31.29.128
Highwinds Network...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p376822.mycdn.co/ext/onn/clean/sdp_red_ad_37_en.gif
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.128 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.128.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 2cdb7afbbb42d21dd5eb690a53c3eb4ae74da676eb158ec704af4fd1b61f6a88

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:47 GMT
last-modified: Sun, 07 Apr 2019 14:30:26 GMT
server: NetDNA-cache/2.2
etag: "5caa0982-1945"
x-cache: HIT
content-type: image/gif
status: 200
cache-control: max-age=31104000
accept-ranges: bytes
content-length: 6469
expires: Fri, 18 Dec 2020 07:21:47 GMT

GET
H2 404 jquery.tools.min.js
amazonoriginals.qaafira.com/ 0
0 146ms
145ms Script
text/html 2a00:1450:4001:817::2013
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://amazonoriginals.qaafira.com/jquery.tools.min.js

Requested by

Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Dec 2019 07:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
content-type: text/html; charset=UTF-8
status: 404
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 1382
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 157 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fb2ceb00d62c62740a0d175a3a943ce09a66c30c9eb8a6f98760f8bc774b182c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 PeEVqOG8bKgReUAwsDgVXSnNbC1ZeLxlXAQh4AggnNCA9YVw6DUxMFRx4Wx4DGSsNBUkdKwkFXl4kDlpSSGMeSAATeA1cBwkxEF0AHj1MTQ5FKAVCBhQpCx1dPnBECEpKdUJVDhssBEwACy1PCy1dd1pRAQwgBh1dSCgLW0pKdQVLSkp1Eh1dSHRaZ15MGl-8RSkp... Show response
dc5k8fg5ioc8s.cloudfront.net/ 486 B
648 B 170ms
170ms Script
text/plain 2600:9000:2057:9200:1a:a6:7f00:21
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dc5k8fg5ioc8s.cloudfront.net/PeEVqOG8bKgReUAwsDgVXSnNbC1ZeLxlXAQh4AggnNCA9YVw6DUxMFRx4Wx4DGSsNBUkdKwkFXl4kDlpSSGMeSAATeA1cBwkxEF0AHj1MTQ5FKAVCBhQpCx1dPnBECEpKdUJVDhssBEwACy1PCy1dd1pRAQwgBh1dSCgLW0pKdQVLSkp1Eh1dSHRaZ15MGl-8RSkp1C0gfFCAdXQ0TLB4dXT5wWQ9BS3NPCl9QLgJMAhRgWHtKSnUGUQQdYFgICB0mAVdGXXdaWwcKKgddSkoDXQxBSGtZD11Ba1sOVl13WksOHiQYUUpKA18LWFZ2XB4aRXRZXgpPIVIOWUBxCwtYQSddCl0aI1lZWBwhDw1bTCBS
Requested by: Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=826139
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2057:9200:1a:a6:7f00:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: /
Resource Hash: 998bcd8e57e1ecf875535018a9f0b4e8731392ff387a4b7c136d74b8e8471309

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:48 GMT
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
status: 200
cache-control: max-age=31556926
access-control-allow-origin: *
content-length: 373
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
x-amz-cf-id: ir7nIQwyJ343hSaLsVXwkipdV_ltTilVdXCzQD_CaxDNOaFmMdvbUg==

GET
H2

200

s
rillagesrement.info/
Redirect Chain

https://secure.adnxs.com/getuid?https://rillagesrement.info/s?a=$UID&b=169457165959
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Frillagesrement.info%2Fs%3Fa%3D%24UID%26b%3D169457165959
https://rillagesrement.info/s?a=7038624528057257148&b=169457165959

69 B
69 B

154ms
105ms

Image
text/plain

104.18.22.10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rillagesrement.info/s?a=7038624528057257148&b=169457165959
Requested by: Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.22.10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Dec 2019 07:21:48 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/plain
status: 200
cf-ray: 54a0d20cfca9bb94-LHR

Redirect headers

Pragma: no-cache
Date: Tue, 24 Dec 2019 07:21:50 GMT
AN-X-Request-Uuid: 12a8533d-408e-4c10-8ca6-4495502d679c
Content-Type: text/html; charset=utf-8
Server: nginx/1.13.4
Location: https://rillagesrement.info/s?a=7038624528057257148&b=169457165959
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 185.38.150.91; 185.38.150.91; 373.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.14:80
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 7881 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ad770f7303d5654daf4d143d7b1b3bb746700bc1333497c9744f4f03ce42b91

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

OPTIONS
H/1.1 200
OK custom Show response
propu.sh/ 0
475 B 26ms
26ms Fetch
text/plain 188.72.202.2
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://propu.sh/custom
Requested by: Host: propu.sh
URL: https://propu.sh/ntfc.php?p=2989958&r=ui&swver=3.1.142
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 188.72.202.2 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://amazonoriginals.qaafira.com
Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

Date: Tue, 24 Dec 2019 07:21:48 GMT
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://amazonoriginals.qaafira.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 0

POST
H/1.1 200
OK custom Show response
propu.sh/ 39 B
502 B 29ms
29ms Fetch
application/json 188.72.202.2
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL

https://propu.sh/custom

Requested by

Host: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

188.72.202.2 , Netherlands, ASN35415 (WEBZILLA, NL),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://amazonoriginals.qaafira.com/
Origin: https://amazonoriginals.qaafira.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

X-Trace-Id: 26314b38cbc032765503593db2475e6f
Date: Tue, 24 Dec 2019 07:21:48 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://amazonoriginals.qaafira.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 39

POST
H2 204 VWNCNFZ6XCFHazQ7AGQFEBsbZgUlVCRDZgcvCnJzZyUVXA8gAApMDHMXK1BrbVF0BWVsRTJdMmhSZEciNBc3R2thUWRdODMMfwVhZkU0CWd7UHYaZ2VNdhIiJQIlCWdzEzZAOmhSdwNhZFRwBWZtUHMG
distoryrussion.info/ 0
57 B 99ms
99ms Other
text/plain 18.211.56.182
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://distoryrussion.info/VWNCNFZ6XCFHazQ7AGQFEBsbZgUlVCRDZgcvCnJzZyUVXA8gAApMDHMXK1BrbVF0BWVsRTJdMmhSZEciNBc3R2thUWRdODMMfwVhZkU0CWd7UHYaZ2VNdhIiJQIlCWdzEzZAOmhSdwNhZFRwBWZtUHMG
Requested by: Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=826139
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.56.182 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-18-211-56-182.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://amazonoriginals.qaafira.com/
Origin: https://amazonoriginals.qaafira.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

status: 204
access-control-allow-origin: *
date: Tue, 24 Dec 2019 07:21:48 GMT

OPTIONS
H/1.1 200
OK custom Show response
propu.sh/ 0
475 B 26ms
26ms Fetch
text/plain 188.72.202.2
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://propu.sh/custom
Requested by: Host: propu.sh
URL: https://propu.sh/ntfc.php?p=2989958&r=ui&swver=3.1.142
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 188.72.202.2 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://amazonoriginals.qaafira.com
Referer: https://amazonoriginals.qaafira.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

Date: Tue, 24 Dec 2019 07:21:48 GMT
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://amazonoriginals.qaafira.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 0

POST
H/1.1 200
OK custom Show response
propu.sh/ 39 B
502 B 27ms
27ms Fetch
application/json 188.72.202.2
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL

https://propu.sh/custom

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

188.72.202.2 , Netherlands, ASN35415 (WEBZILLA, NL),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://amazonoriginals.qaafira.com/
Origin: https://amazonoriginals.qaafira.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

X-Trace-Id: 28eca70e49a86690974f7ff972155a7c
Date: Tue, 24 Dec 2019 07:21:48 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://amazonoriginals.qaafira.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 39

GET
H2 200 p Show response
rillagesrement.info/ 69 B
420 B 153ms
108ms XHR
text/plain 104.18.22.10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://rillagesrement.info/p?b=169457165959&c=30761486
Requested by: Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=826139
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.22.10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecf3d0183c12c9cbc2723869b579a4a1a076bb3f3aeacae9054c0409c0642e5e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://amazonoriginals.qaafira.com/
Origin: https://amazonoriginals.qaafira.com

Response headers

date: Tue, 24 Dec 2019 07:21:50 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain
access-control-allow-origin: *
cf-ray: 54a0d218bd70f433-LHR

GET
H2 200 p Show response
rillagesrement.info/ 69 B
272 B 183ms
183ms XHR
text/plain 104.18.22.10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://rillagesrement.info/p?b=169457165959&c=54058312
Requested by: Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=826139
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.22.10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecf3d0183c12c9cbc2723869b579a4a1a076bb3f3aeacae9054c0409c0642e5e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://amazonoriginals.qaafira.com/
Origin: https://amazonoriginals.qaafira.com

Response headers

date: Tue, 24 Dec 2019 07:21:52 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain
access-control-allow-origin: *
cf-ray: 54a0d224ffd6f433-LHR

GET
H2 200 p Show response
rillagesrement.info/ 69 B
263 B 104ms
104ms XHR
text/plain 104.18.22.10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://rillagesrement.info/p?b=169457165959&c=84656688
Requested by: Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=826139
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.22.10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecf3d0183c12c9cbc2723869b579a4a1a076bb3f3aeacae9054c0409c0642e5e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://amazonoriginals.qaafira.com/
Origin: https://amazonoriginals.qaafira.com

Response headers

date: Tue, 24 Dec 2019 07:21:54 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain
access-control-allow-origin: *
cf-ray: 54a0d2317a1cf433-LHR

GET
H2 200 p Show response
rillagesrement.info/ 69 B
263 B 104ms
104ms XHR
text/plain 104.18.22.10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://rillagesrement.info/p?b=169457165959&c=65639187
Requested by: Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=826139
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.22.10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecf3d0183c12c9cbc2723869b579a4a1a076bb3f3aeacae9054c0409c0642e5e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://amazonoriginals.qaafira.com/
Origin: https://amazonoriginals.qaafira.com

Response headers

date: Tue, 24 Dec 2019 07:21:56 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain
access-control-allow-origin: *
cf-ray: 54a0d23dfb05f433-LHR

GET
H2 200 p Show response
rillagesrement.info/ 69 B
263 B 104ms
103ms XHR
text/plain 104.18.22.10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://rillagesrement.info/p?b=169457165959&c=26403368
Requested by: Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=826139
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.22.10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecf3d0183c12c9cbc2723869b579a4a1a076bb3f3aeacae9054c0409c0642e5e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://amazonoriginals.qaafira.com/
Origin: https://amazonoriginals.qaafira.com

Response headers

date: Tue, 24 Dec 2019 07:21:58 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain
access-control-allow-origin: *
cf-ray: 54a0d24a7e47f433-LHR

GET
H2 200 p Show response
rillagesrement.info/ 69 B
262 B 108ms
108ms XHR
text/plain 104.18.22.10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://rillagesrement.info/p?b=169457165959&c=40675839
Requested by: Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=826139
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.22.10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecf3d0183c12c9cbc2723869b579a4a1a076bb3f3aeacae9054c0409c0642e5e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://amazonoriginals.qaafira.com/
Origin: https://amazonoriginals.qaafira.com

Response headers

date: Tue, 24 Dec 2019 07:22:00 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain
access-control-allow-origin: *
cf-ray: 54a0d256fee9f433-LHR

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/css/tabs-1.css

Domain: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/css/tabs-1.css

Domain: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/css/tabs-1.css

Domain: amazonoriginals.qaafira.com
URL: https://amazonoriginals.qaafira.com/css/tabs-1.css

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			amazonoriginals.qaafira.com/	1969-12-31 23:59:59	Name: rhid_c Value: 0

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://propu.sh/ntfc.php?p=2989958&r=ui&swver=3.1.142(Line 1) Message: undefined
console-api	warning	URL: https://propu.sh/ntfc.php?p=2989958&r=ui&swver=3.1.142(Line 1) Message: TypeError: Cannot read property 'getItem' of null
console-api	warning	URL: https://propu.sh/ntfc.php?p=2989958&r=ui&swver=3.1.142(Line 1) Message: TypeError: Cannot read property 'getItem' of null

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
ajax.googleapis.com
amazonoriginals.qaafira.com
dc5k8fg5ioc8s.cloudfront.net
distoryrussion.info
i.imgur.com
image.ibb.co
my.rtmark.net
mybestdc.com
p376822.clksite.com
p376822.mycdn.co
propu.sh
rillagesrement.info
secure.adnxs.com
amazonoriginals.qaafira.com
104.18.22.10
151.101.112.193
173.192.101.24
18.211.56.182
185.33.223.100
188.42.160.80
188.72.202.2
2600:9000:2057:9200:1a:a6:7f00:21
2a00:1450:4001:817::2013
2a00:1450:4001:81b::200a
2a00:1450:4001:81d::2001
51.15.74.77
94.31.29.128
00e98781c3b6cbe28f9e077357617f1ac79a2841d4b89b7de3f56a0fbb7eb57b
03438aa5abe5f685d4fa633fa2119321c26db9a7e7526f4855111b0d39d87319
045ae2171eeed0c2b6c6bdfb4ed361eb8bc69bea8b93ef7622505b7a85bba93b
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
0808563c833ba546b8e4eb59fdcb25487f9b29b685983546142810412dcd2f92
0ad770f7303d5654daf4d143d7b1b3bb746700bc1333497c9744f4f03ce42b91
18d7e20b4a36c1a10a659181eb5b8d8a461d078a46350ac534ac6183444aa82a
1ff7ed44f4cdf6172d3a1d88a6b31850359f29753cb73f7390077eac82cfe611
215699fb83d1fd141c9bdd1ab5f02fa6915e8ff137e7b3eb1e52c66de65cdd6c
2cc05cb5ec7d298ca453450a13fd0c727cd77e9d4e2ec3b7c392a78f8fe2f8c0
2cdb7afbbb42d21dd5eb690a53c3eb4ae74da676eb158ec704af4fd1b61f6a88
46f6b93ff5d6c80a7250bce191aa1a70051a3e6e6e6654a04062235e0a9b8598
47b58b4e11eb50ce29cd154a3a4363b06375f3ac59644494f6cbbc2d455738ac
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
5e48605dc57bfb041fe1f68d9e652ad884659a7ffe313ad36245b9e66a222909
67d986f0742b349ea2ecef81c55262c31ff3c8844d789bbc5ded3c6971d3f858
6d48826668dfe9bd4982ea0ac99b1a918899f88f67d5a53de09d3d88fec63f41
6f1451c66e47cf6590145e2fb39a535d3937e01d2e85ccec0ede7c565c2f20bb
713bb613fb60f23abb8cdf2280ba62a99dd343f2089118b98539721e7529c3f5
78ee60225ad99f58520bd0245254b571e5ba3342020e20da851b7573e4c45164
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
833af367d560ede5038a762f3df07a129b1495142ddeeee3ef01ea34543e67ab
8a1e59ae28b7169b8dd533eab297b904d2417a1cba84e57be30d71e7bd717feb
8c05efae576b174dfd1e6b54a3d6cd286431d4f492f931d67817554af82c4669
998bcd8e57e1ecf875535018a9f0b4e8731392ff387a4b7c136d74b8e8471309
9efe7d99c3e0c64ac6110538e24e2fb4b5ba1060df42ec5ac68347bc237cb9ae
ae70478e4a35155b11cf3da617b8abe1747b1ef5585673ddfb56bff8d090e4c4
c29ade0b17d4598853ceb242f2bccb8cde38ea6e128fd1c49be48d355a2a15ac
d0dc08e4a208955b42de0c08d4269b49b875ababa485caa2bf9a8fd9c086974d
d0e6d6b1c93d3983f72f23526b93196ccb4bcb4c90d84febae770a1da407d723
d30c6bddf529dfc09be179687ec4291745a1078d18ae837b088e1c6c476781a1
d34d6f457782920c55a29892a3b2b784265f3c8c477edcdf4854d89c03f77c26
e02f7c2d7bed2b198eb68d0ac4fb008153292b2feecafd42123dff70a84cf297
e03b2f0212e101deb78b11e0cb84c3e1f7e7a2e2436da7873d19c01db1049896
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ecf3d0183c12c9cbc2723869b579a4a1a076bb3f3aeacae9054c0409c0642e5e
f23ac87798b30302961aa12587b5c581bd85f6c341437505917e3fd69848c388
f5cee4255bdd9370d50ce0499da2cea95831d5f39eb7a90461a83798d414ad51
fb2ceb00d62c62740a0d175a3a943ce09a66c30c9eb8a6f98760f8bc774b182c
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

amazonoriginals.qaafira.com Open in urlscan Pro 2a00:1450:4001:817::2013 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

67 Requests

94 %HTTPS

31 %IPv6

14 Domains

14 Subdomains

13 IPs

4 Countries

549 kBTransfer

1014 kBSize

1 Cookies

2 Outgoing links

Redirected requests

67 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

amazonoriginals.qaafira.com Open in urlscan Pro
2a00:1450:4001:817::2013 Public Scan

Screenshot
Live screenshot

Full Image

67
Requests

94 %
HTTPS

31 %
IPv6

14
Domains

14
Subdomains

13
IPs

4
Countries

549 kB
Transfer

1014 kB
Size

1
Cookies

67 HTTP transactions
2 data transactions