real-best-girls5.com Open in urlscan Pro
79.110.24.162  Malicious Activity! Public Scan

Submitted URL: https://cutt.us/On8d2&h=1
Effective URL: https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
Submission: On February 03 via manual from PL

Summary

This website contacted 16 IPs in 4 countries across 14 domains to perform 36 HTTP transactions. The main IP is 79.110.24.162, located in Haarlem, Netherlands and belongs to FASTCONTENT, DE. The main domain is real-best-girls5.com.
TLS certificate: Issued by R3 on January 30th 2021. Valid for: 3 months.
This is the only time real-best-girls5.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Porn Scam (Online)

Domain & IP information

Domain Requested by
14 real-best-girls5.com theresa.eleniboyer.xyz
real-best-girls5.com
3 fonts.gstatic.com fonts.googleapis.com
3 theresa.eleniboyer.xyz 1 redirects cutt.us
theresa.eleniboyer.xyz
3 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
2 pagead2.googlesyndication.com securepubads.g.doubleclick.net
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
1 tdsjsext5.com real-best-girls5.com
1 fonts.googleapis.com real-best-girls5.com
1 bnc.lt 1 redirects
1 9f267c466b54c872df34ed03881e532c.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.de securepubads.g.doubleclick.net
1 www.googletagmanager.com cutt.us
1 www.googletagservices.com cutt.us
1 cutt.us
36 16

This site contains no links.

Subject Issuer Validity Valid
www.cutt.us
R3
2021-02-01 -
2021-05-02
3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2021-01-19 -
2021-04-13
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2021-01-05 -
2021-03-30
3 months crt.sh
*.google.com
GTS CA 1O1
2021-01-05 -
2021-03-30
3 months crt.sh
*.google.de
GTS CA 1O1
2021-01-05 -
2021-03-30
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1
2021-01-19 -
2021-04-13
3 months crt.sh
real-best-girls5.com
R3
2021-01-30 -
2021-04-30
3 months crt.sh
upload.video.google.com
GTS CA 1O1
2021-01-05 -
2021-03-30
3 months crt.sh
*.gstatic.com
GTS CA 1O1
2021-01-19 -
2021-04-13
3 months crt.sh
tdsjsext5.com
R3
2020-12-03 -
2021-03-03
3 months crt.sh

This page contains 2 frames:

Primary Page: https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
Frame ID: 118F8603C5AC2F2A5B800F55756BB35D
Requests: 35 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 711AEB2D7CA81F2B588025F00EEF2554
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://cutt.us/On8d2&h=1 Page URL
  2. https://bnc.lt/KX6YVCmDzdb HTTP 307
    http://theresa.eleniboyer.xyz/reflexxx-reyna1612351193-0?_branch_match_id=885482348417827451&utm_source=fa... Page URL
  3. http://theresa.eleniboyer.xyz/_localhookups/?click_id=reflexxx&country_code=pl&userpage=lospollos HTTP 302
    http://theresa.eleniboyer.xyz/_localhookups/r.php?click_id=REFLEXXX&country_code=PL&userpage=lospollos Page URL
  4. https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIs... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

36
Requests

94 %
HTTPS

71 %
IPv6

14
Domains

16
Subdomains

16
IPs

4
Countries

688 kB
Transfer

12762 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cutt.us/On8d2&h=1 Page URL
  2. https://bnc.lt/KX6YVCmDzdb HTTP 307
    http://theresa.eleniboyer.xyz/reflexxx-reyna1612351193-0?_branch_match_id=885482348417827451&utm_source=facebook&utm_campaign=facebook Page URL
  3. http://theresa.eleniboyer.xyz/_localhookups/?click_id=reflexxx&country_code=pl&userpage=lospollos HTTP 302
    http://theresa.eleniboyer.xyz/_localhookups/r.php?click_id=REFLEXXX&country_code=PL&userpage=lospollos Page URL
  4. https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://bnc.lt/KX6YVCmDzdb HTTP 307
  • http://theresa.eleniboyer.xyz/reflexxx-reyna1612351193-0?_branch_match_id=885482348417827451&utm_source=facebook&utm_campaign=facebook
Request Chain 16
  • http://theresa.eleniboyer.xyz/_localhookups/?click_id=reflexxx&country_code=pl&userpage=lospollos HTTP 302
  • http://theresa.eleniboyer.xyz/_localhookups/r.php?click_id=REFLEXXX&country_code=PL&userpage=lospollos

36 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
On8d2&h=1
cutt.us/
3 KB
2 KB
Document
General
Full URL
https://cutt.us/On8d2&h=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.61.26.121 Atlanta, United States, ASN22653 (GLOBALCOMPASS, US),
Reverse DNS
Software
Hotcores.com /
Resource Hash
79f27a4ac37b8608888cdc74b6099fd98fbe8c458d8fcefd2b32d7538d84a72b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

Host
cutt.us
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
Hotcores.com
Date
Wed, 03 Feb 2021 12:01:09 GMT
Content-Type
text/html; Charset=UTF-8;charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Cache-Control
no-cache, must-revalidate, max-age=0
Pragma
no-cache
X-Robots-Tag
noindex, nofollow
I-AM
Alpha
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Encoding
gzip
gpt.js
www.googletagservices.com/tag/js/
56 KB
19 KB
Script
General
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: cutt.us
URL: https://cutt.us/On8d2&h=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b51553ea72360cb3940bf230292614ce5087d508ff50bdb13200f3a324af68ea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cutt.us/On8d2&h=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Feb 2021 12:01:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"772 / 216 of 1000 / last-modified: 1612348838"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
19176
x-xss-protection
0
expires
Wed, 03 Feb 2021 12:01:09 GMT
js
www.googletagmanager.com/gtag/
97 KB
38 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-31510493-1
Requested by
Host: cutt.us
URL: https://cutt.us/On8d2&h=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8ef5153f53bfe3fa7097e49d1e5c565bef763a106dcd2c0aff2e8556fa29ec83
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://cutt.us/On8d2&h=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Feb 2021 12:01:09 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38886
x-xss-protection
0
expires
Wed, 03 Feb 2021 12:01:09 GMT
pubads_impl_2021020101.js
securepubads.g.doubleclick.net/gpt/
275 KB
97 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020101.js?31060016
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
sffe /
Resource Hash
c7736f6538aca3fcafdd33667cdcbb4baaf13cb9217f11c95fd00f01d788c6f4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cutt.us/On8d2&h=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Feb 2021 12:01:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 01 Feb 2021 09:41:46 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
99427
x-xss-protection
0
expires
Wed, 03 Feb 2021 12:01:09 GMT
analytics.js
www.google-analytics.com/
46 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-31510493-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cutt.us/On8d2&h=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
2826
date
Wed, 03 Feb 2021 11:14:03 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Wed, 03 Feb 2021 13:14:03 GMT
collect
www.google-analytics.com/j/
1 B
61 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1563729804&t=pageview&_s=1&dl=https%3A%2F%2Fcutt.us%2FOn8d2%26h%3D1&ul=en-us&de=UTF-8&dt=On8d2&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=1076395302&gjid=1782596846&cid=456116961.1612353669&tid=UA-31510493-1&_gid=2317121.1612353669&_r=1&gtm=2ou1k0&z=1470067148
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cutt.us/On8d2&h=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 03 Feb 2021 12:01:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://cutt.us
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/
109 B
169 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=cutt.us
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020101.js?31060016
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cutt.us/On8d2&h=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 03 Feb 2021 12:01:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
109 B
169 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=cutt.us
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020101.js?31060016
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cutt.us/On8d2&h=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 03 Feb 2021 12:01:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
437 B
596 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1616671139569239&correlator=1903427931883335&output=ldjh&impl=fif&eid=21068773%2C21068891%2C21069972%2C31060016%2C21064369%2C21068767%2C21069783%2C21069710&vrg=2021020101&ptt=17&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210203&iu_parts=5837603%2CCutt_360&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x360&cookie_enabled=1&bc=31&abxe=1&lmt=1612353669&dt=1612353669495&dlt=1612353669291&idt=150&frm=20&biw=1600&bih=1200&oid=3&adxs=-12245933&adys=-12245933&adks=1933368604&ucis=1&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_sd=1&flash=0&url=https%3A%2F%2Fcutt.us%2FOn8d2%26h%3D1&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x63&msz=0x0&ga_vid=456116961.1612353669&ga_sid=1612353670&ga_hid=1563729804&fws=128&ohw=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020101.js?31060016
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cutt.us/On8d2&h=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Feb 2021 12:01:09 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
230
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://cutt.us
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
9f267c466b54c872df34ed03881e532c.safeframe.googlesyndication.com/safeframe/1-0-37/html/
0
0
Other
General
Full URL
https://9f267c466b54c872df34ed03881e532c.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020101.js?31060016
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://cutt.us/On8d2&h=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/
0
0
Other
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020101.js?31060016
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://cutt.us/On8d2&h=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

reflexxx-reyna1612351193-0
theresa.eleniboyer.xyz/
Redirect Chain
  • https://bnc.lt/KX6YVCmDzdb
  • http://theresa.eleniboyer.xyz/reflexxx-reyna1612351193-0?_branch_match_id=885482348417827451&utm_source=facebook&utm_campaign=facebook
11 MB
0
Document
General
Full URL
http://theresa.eleniboyer.xyz/reflexxx-reyna1612351193-0?_branch_match_id=885482348417827451&utm_source=facebook&utm_campaign=facebook
Requested by
Host: cutt.us
URL: https://cutt.us/On8d2&h=1
Protocol
HTTP/1.1
Server
172.96.191.159 Fergus, Canada, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
172.96.191.159-static.reverse.arandomserver.com
Software
LiteSpeed / PHP/7.3.26
Resource Hash

Request headers

Host
theresa.eleniboyer.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://cutt.us/On8d2&h=1

Response headers

Connection
Keep-Alive
X-Powered-By
PHP/7.3.26
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Content-Encoding
gzip
Vary
Accept-Encoding
Date
Wed, 03 Feb 2021 12:01:10 GMT
Server
LiteSpeed

Redirect headers

Transfer-Encoding
chunked
Connection
keep-alive
Server
openresty
Date
Wed, 03 Feb 2021 12:01:09 GMT
X-Powered-By
Express
Set-Cookie
_s=VEYGyCRYsgpKiJbkqTaRw54oZZQkiu0ODxmQ%2FjJU2JAbG6pncG1uBxq9OvgUPeU9; Max-Age=31536000; Path=/; Expires=Thu, 03 Feb 2022 12:01:09 GMT; Secure; SameSite=None
Last-Modified
Wed, 03 Feb 2021 12:01:09 GMT
Location
http://theresa.eleniboyer.xyz/reflexxx-reyna1612351193-0?_branch_match_id=885482348417827451&utm_source=facebook&utm_campaign=facebook
X-Cache
Miss from cloudfront
Via
1.1 b8fb5d47d5536b63dd25111404e6e2e4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA56-C1
X-Amz-Cf-Id
U7xeBTTbOHZmrXu917-BFo_Ym6Prp15MbnIne2YbrgqoNy1bOSIrNA==
sodar
pagead2.googlesyndication.com/getconfig/
9 KB
7 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021020101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020101.js?31060016
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cutt.us/On8d2&h=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 03 Feb 2021 12:01:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
6760
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020101.js?31060016
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cutt.us/On8d2&h=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Feb 2021 12:01:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1611170586013198"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6403
x-xss-protection
0
expires
Wed, 03 Feb 2021 12:01:09 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 711A
0
0
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/221/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://cutt.us/On8d2&h=1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://cutt.us/On8d2&h=1

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
4984
date
Wed, 03 Feb 2021 11:19:21 GMT
expires
Thu, 03 Feb 2022 11:19:21 GMT
last-modified
Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
2508
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
gen_204
pagead2.googlesyndication.com/pagead/
0
46 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021020101&jk=1616671139569239&bg=!DQ6lDk3NAAWwbO3jsDsAKQB2-DxasE6OKnxQqLfNAyQAjKjIaQH77Ue0hzP_LwYlOklT_sek1DazAgAAAGlSAAAADmgBBwoAd9Ont2zlM5FUybqtF9o1D3UBamgnL5vxRiWMtaAJoKjlMndyMgVINWH0z_VHstSX9mPUEaRxgGuTfbrm8vlxtYwGKRSa-e05dhAuX9glNHBJdLsIhl6DphBFTVDYLgiofgeHm7EBCp5tuDA_vdS3MeL3m-CAJj-GmQHRxZXw1RFCM6QozzWQGWFWZiygZgdJ9O4h1jGC2wi-16p6l7uFkwuh3KvOOklM-fzsN1E_CYEX5QV1nKqYI1C7PUtIepFwwdQ-rNhRu2u6C4Ax8dw92ksw7-8wtK21QymD83_eJjhXlrp7uLdqZSjSGV5Jb_JY419JS7n1OPpNLrmHMhZdiR9CnxP5wduyh9msq9OQhEskQfQ12pwnKDunhcO9bs-qSwrCCJATN3YkRl_fiGXroHGEbYIJVBV4r2cKJoPnG5z-9RbRsmkshnaxqZkwTlSfBpP64D19WzlDDYt6kYrRq9CADtkQJOkkAq42tbU8QCdw87qloSwEe-fCEcarCj7FnZLpj-FB8R-93ovBhsp-KLboKQR80hiakCGrXbSFc4U0FqY3fI00x1MP6qWoQ-mpu-ixPUYK3SBy6Qkdf3BFkq2y7P6DlRecAjPyovTcpdjr5f-7SKSaWaAN7CF8hWwyyUGjKfybqMG_jx5Sis5LfOvZqSaPNgyT3cGCt_cZWM646oNqHG1q1bw0kyr5xXBERZKL8NER5WEF1PCSXOE_Nmq4dV1UHMLbpBiiXmtZKRkNxMWGH-Dip1wX9bQKYVsC1hETygzgMTPk08O7
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cutt.us/On8d2&h=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 03 Feb 2021 12:01:09 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
r.php
theresa.eleniboyer.xyz/_localhookups/
Redirect Chain
  • http://theresa.eleniboyer.xyz/_localhookups/?click_id=reflexxx&country_code=pl&userpage=lospollos
  • http://theresa.eleniboyer.xyz/_localhookups/r.php?click_id=REFLEXXX&country_code=PL&userpage=lospollos
741 B
642 B
Document
General
Full URL
http://theresa.eleniboyer.xyz/_localhookups/r.php?click_id=REFLEXXX&country_code=PL&userpage=lospollos
Requested by
Host: theresa.eleniboyer.xyz
URL: http://theresa.eleniboyer.xyz/reflexxx-reyna1612351193-0?_branch_match_id=885482348417827451&utm_source=facebook&utm_campaign=facebook
Protocol
HTTP/1.1
Server
172.96.191.159 Fergus, Canada, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
172.96.191.159-static.reverse.arandomserver.com
Software
LiteSpeed / PHP/7.3.26
Resource Hash

Request headers

Host
theresa.eleniboyer.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://theresa.eleniboyer.xyz/reflexxx-reyna1612351193-0?_branch_match_id=885482348417827451&utm_source=facebook&utm_campaign=facebook

Response headers

Connection
Keep-Alive
X-Powered-By
PHP/7.3.26
Content-Type
text/html; charset=UTF-8
Content-Length
409
Content-Encoding
gzip
Vary
Accept-Encoding
Date
Wed, 03 Feb 2021 12:01:11 GMT
Server
LiteSpeed

Redirect headers

Connection
Keep-Alive
X-Powered-By
PHP/7.3.26
Cache-Control
no-cache, no-store, must-revalidate, max-age=0
Pragma
no-cache
Location
r.php?click_id=REFLEXXX&country_code=PL&userpage=lospollos
Content-Type
text/html; charset=UTF-8
Content-Length
0
Date
Wed, 03 Feb 2021 12:01:11 GMT
Server
LiteSpeed
Primary Request Cookie set /
real-best-girls5.com/
4 KB
4 KB
Document
General
Full URL
https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
Requested by
Host: theresa.eleniboyer.xyz
URL: http://theresa.eleniboyer.xyz/_localhookups/r.php?click_id=REFLEXXX&country_code=PL&userpage=lospollos
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
79.110.24.162 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software
nginx / ASP.NET
Resource Hash
ba672b9e575f223b8d59c508d80446b595d2e47fdf9970d994ac0ee63d9ff963

Request headers

Host
real-best-girls5.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Wed, 03 Feb 2021 12:01:11 GMT
Content-Type
text/html
Content-Length
4282
Connection
keep-alive
Cache-Control
private no-transform
Set-Cookie
sid=t3~o1prilytztj4wyjfyynihzma; path=/
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
css
fonts.googleapis.com/
7 KB
850 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Monoton|Raleway:400,700|Roboto:300,700
Requested by
Host: real-best-girls5.com
URL: https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9e143c4789d06cb22bb6d6e6128565da189ce394e1296f01a7f04a5423595fab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 03 Feb 2021 12:01:11 GMT
server
ESF
date
Wed, 03 Feb 2021 12:01:11 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 03 Feb 2021 12:01:11 GMT
style.css
real-best-girls5.com/media/dating/dirtytinder/css/
15 KB
3 KB
Stylesheet
General
Full URL
https://real-best-girls5.com/media/dating/dirtytinder/css/style.css
Requested by
Host: real-best-girls5.com
URL: https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
79.110.24.162 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software
nginx /
Resource Hash
1f12854c80afd1c18ade0a7c26f00cac5cdb917cb6ddee36bba33f00dfc50814

Request headers

Referer
https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 12:01:11 GMT
Content-Encoding
gzip
Last-Modified
Tue, 10 Dec 2019 11:05:07 GMT
Server
nginx
ETag
W/"5def7be3-3ded"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
no-transform
Connection
close
flag-icon.css
real-best-girls5.com/util/flag-icon/css/
40 KB
3 KB
Stylesheet
General
Full URL
https://real-best-girls5.com/util/flag-icon/css/flag-icon.css
Requested by
Host: real-best-girls5.com
URL: https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
79.110.24.162 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software
nginx /
Resource Hash
d6afd8d9abc2967f29ad396854cd05b1a12dcf9b7084f944c136ca6f540c5a39

Request headers

Referer
https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 12:01:11 GMT
Content-Encoding
gzip
Last-Modified
Wed, 18 Dec 2019 14:34:10 GMT
Server
nginx
ETag
W/"5dfa38e2-9eb3"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
no-transform
Connection
close
utils.js
real-best-girls5.com/util/
7 KB
3 KB
Script
General
Full URL
https://real-best-girls5.com/util/utils.js
Requested by
Host: real-best-girls5.com
URL: https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
79.110.24.162 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software
nginx /
Resource Hash
e2dd9e4ad69996057c54e86ed4f9d5631b39e026421663bc34209a20cc820672

Request headers

Referer
https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 12:01:12 GMT
Content-Encoding
gzip
Last-Modified
Tue, 13 Oct 2020 10:15:12 GMT
Server
nginx
ETag
W/"5f857e30-1d5f"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
no-transform
Connection
close
logo2.png
real-best-girls5.com/media/dating/dirtytinder/images/
18 KB
18 KB
Image
General
Full URL
https://real-best-girls5.com/media/dating/dirtytinder/images/logo2.png
Requested by
Host: real-best-girls5.com
URL: https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
79.110.24.162 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software
nginx /
Resource Hash
67f75d375f0b2c4bedd6eb322aed8287f4af1f79ebc0b437083f719ca1b7a4a2

Request headers

Referer
https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 12:01:12 GMT
Content-Encoding
gzip
Last-Modified
Tue, 10 Dec 2019 11:05:07 GMT
Server
nginx
ETag
W/"5def7be3-48e9"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
no-transform
Connection
close
jquery-2.2.4.min.js
real-best-girls5.com/media/dating/dirtytinder/js/
84 KB
29 KB
Script
General
Full URL
https://real-best-girls5.com/media/dating/dirtytinder/js/jquery-2.2.4.min.js
Requested by
Host: real-best-girls5.com
URL: https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
79.110.24.162 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software
nginx /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Referer
https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 12:01:12 GMT
Content-Encoding
gzip
Last-Modified
Tue, 10 Dec 2019 11:05:07 GMT
Server
nginx
ETag
W/"5def7be3-14e4a"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
no-transform
Connection
close
trls.js
real-best-girls5.com/media/dating/dirtytinder/js/
17 KB
7 KB
Script
General
Full URL
https://real-best-girls5.com/media/dating/dirtytinder/js/trls.js
Requested by
Host: real-best-girls5.com
URL: https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
79.110.24.162 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software
nginx /
Resource Hash
a600a39f1aa836e327c60dc5e25d569740a3bd10f8accc89ec2c313f74c81ed8

Request headers

Referer
https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 12:01:12 GMT
Content-Encoding
gzip
Last-Modified
Tue, 10 Dec 2019 11:05:07 GMT
Server
nginx
ETag
W/"5def7be3-45a4"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
no-transform
Connection
close
main.js
real-best-girls5.com/media/dating/dirtytinder/js/
3 KB
1 KB
Script
General
Full URL
https://real-best-girls5.com/media/dating/dirtytinder/js/main.js
Requested by
Host: real-best-girls5.com
URL: https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
79.110.24.162 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software
nginx /
Resource Hash
0982dadd535925cdc02610ef878d3cf9cdd9d74a9b0806cf8e8f6095d85d4f9b

Request headers

Referer
https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 12:01:12 GMT
Content-Encoding
gzip
Last-Modified
Mon, 05 Oct 2020 09:33:38 GMT
Server
nginx
ETag
W/"5f7ae872-c9a"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
no-transform
Connection
close
bb.js
real-best-girls5.com/media/
639 B
912 B
Script
General
Full URL
https://real-best-girls5.com/media/bb.js
Requested by
Host: real-best-girls5.com
URL: https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
79.110.24.162 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software
nginx /
Resource Hash
1be1304c675449b1bad38ea8c3da6c1da0763ed2fad339ee1aa461c7bf4e2a68

Request headers

Referer
https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 12:01:12 GMT
Last-Modified
Thu, 06 Aug 2020 12:54:34 GMT
Server
nginx
ETag
"5f2bfd8a-27f"
Content-Type
application/javascript
Cache-Control
no-transform
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
639
exit1.js
real-best-girls5.com/media/exit-new/
3 KB
2 KB
Script
General
Full URL
https://real-best-girls5.com/media/exit-new/exit1.js
Requested by
Host: real-best-girls5.com
URL: https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
79.110.24.162 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software
nginx /
Resource Hash
6f094676c46dee819cb999b333cbf70077c5c141ae968e963e341d754e41d6fe

Request headers

Referer
https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 12:01:12 GMT
Content-Encoding
gzip
Last-Modified
Wed, 14 Oct 2020 16:13:02 GMT
Server
nginx
ETag
W/"5f87238e-d09"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
no-transform
Connection
close
1.jpg
real-best-girls5.com/media/dating/dirtytinder/images/
142 KB
125 KB
Image
General
Full URL
https://real-best-girls5.com/media/dating/dirtytinder/images/1.jpg
Requested by
Host: real-best-girls5.com
URL: https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
79.110.24.162 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software
nginx /
Resource Hash
37a751df9353725b7e06bec81bc5c9f42c77c21701e4717465a13f4df5c0540d

Request headers

Referer
https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 12:01:12 GMT
Content-Encoding
gzip
Last-Modified
Tue, 10 Dec 2019 11:05:07 GMT
Server
nginx
ETag
W/"5def7be3-23667"
Vary
Accept-Encoding
Content-Type
image/jpeg
Cache-Control
no-transform
Connection
close
2.jpg
real-best-girls5.com/media/dating/dirtytinder/images/
121 KB
105 KB
Image
General
Full URL
https://real-best-girls5.com/media/dating/dirtytinder/images/2.jpg
Requested by
Host: real-best-girls5.com
URL: https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
79.110.24.162 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software
nginx /
Resource Hash
2949d919c1cbfea9a960e5a7a9fe4fe5086c1f9073c278d7e653980917a5a740

Request headers

Referer
https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 12:01:12 GMT
Content-Encoding
gzip
Last-Modified
Tue, 10 Dec 2019 11:05:07 GMT
Server
nginx
ETag
W/"5def7be3-1e5f9"
Vary
Accept-Encoding
Content-Type
image/jpeg
Cache-Control
no-transform
Connection
close
3.jpg
real-best-girls5.com/media/dating/dirtytinder/images/
146 KB
130 KB
Image
General
Full URL
https://real-best-girls5.com/media/dating/dirtytinder/images/3.jpg
Requested by
Host: real-best-girls5.com
URL: https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
79.110.24.162 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software
nginx /
Resource Hash
8f31c428593d808f5dd1697233414338d03fdc0f7f88334ef3be339efc2ebda2

Request headers

Referer
https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 12:01:12 GMT
Content-Encoding
gzip
Last-Modified
Tue, 10 Dec 2019 11:05:07 GMT
Server
nginx
ETag
W/"5def7be3-24781"
Vary
Accept-Encoding
Content-Type
image/jpeg
Cache-Control
no-transform
Connection
close
KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Monoton|Raleway:400,700|Roboto:300,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://real-best-girls5.com
Referer
https://fonts.googleapis.com/css?family=Monoton|Raleway:400,700|Roboto:300,700
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Feb 2021 08:43:20 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:52 GMT
server
sffe
age
11872
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11180
x-xss-protection
0
expires
Thu, 03 Feb 2022 08:43:20 GMT
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Monoton|Raleway:400,700|Roboto:300,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://real-best-girls5.com
Referer
https://fonts.googleapis.com/css?family=Monoton|Raleway:400,700|Roboto:300,700
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 28 Jan 2021 09:18:12 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:58 GMT
server
sffe
age
528180
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11020
x-xss-protection
0
expires
Fri, 28 Jan 2022 09:18:12 GMT
1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2
fonts.gstatic.com/s/raleway/v19/
41 KB
42 KB
Font
General
Full URL
https://fonts.gstatic.com/s/raleway/v19/1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Monoton|Raleway:400,700|Roboto:300,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb0c201f0ca67e745869967d48db2e90bf01353d1f305959d487291cab6d0755
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://real-best-girls5.com
Referer
https://fonts.googleapis.com/css?family=Monoton|Raleway:400,700|Roboto:300,700
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 30 Jan 2021 01:07:34 GMT
x-content-type-options
nosniff
last-modified
Thu, 28 Jan 2021 22:51:07 GMT
server
sffe
age
384818
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42444
x-xss-protection
0
expires
Sun, 30 Jan 2022 01:07:34 GMT
getextparams
tdsjsext5.com/ExtService.svc/
689 B
945 B
XHR
General
Full URL
https://tdsjsext5.com/ExtService.svc/getextparams
Requested by
Host: real-best-girls5.com
URL: https://real-best-girls5.com/util/utils.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.50.248.8 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software
nginx / ASP.NET
Resource Hash
4b6d1c5f915e7fb5be732c671e43e8885f292c1c48051c7b6721ac7770062bec

Request headers

Referer
https://real-best-girls5.com/?u=9c68hwq&o=r6akrbe&t=REFLEXXX&cid=UkVGTEVYWFgsUEwsMTk0Ljk5LjEwNS45OSxXRUIsTE9TUE9MTE9T
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 12:01:12 GMT
Server
nginx
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
private
Connection
keep-alive
Content-Length
689
pl.svg
real-best-girls5.com/util/flag-icon/flags/4x3/
231 B
494 B
Image
General
Full URL
https://real-best-girls5.com/util/flag-icon/flags/4x3/pl.svg
Requested by
Host: real-best-girls5.com
URL: https://real-best-girls5.com/util/flag-icon/css/flag-icon.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
79.110.24.162 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software
nginx /
Resource Hash
fbe2f44c31028699de107a5e39e4b9f7e0312313463f30cb96929a499102ba6d

Request headers

Referer
https://real-best-girls5.com/util/flag-icon/css/flag-icon.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 12:01:12 GMT
Last-Modified
Tue, 10 Dec 2019 11:04:49 GMT
Server
nginx
ETag
"5def7bd1-e7"
Content-Type
image/svg+xml
Cache-Control
no-transform
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
231

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Porn Scam (Online)

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| getBackendParams function| getParameterByName function| hideUnsub function| languageDetection function| writeLocation object| geoRefData function| showLocation function| appendPixels function| getCookie function| getBackendParamsByName function| addSessionId undefined| randomNumber function| docReady function| $ function| jQuery object| translation function| detect_language string| language string| browserLang function| replace_text function| translation_available function| translate function| cycleImages boolean| PreventBb function| getUrlParameter function| getUrlWithParam boolean| PreventExitSplash string| exitsplashpage function| DisplayExitSplash function| addLoadEvent function| addClickEvent function| disablelinksfunc function| disableformsfunc object| x

1 Cookies

Domain/Path Name / Value
real-best-girls5.com/ Name: sid
Value: t3~o1prilytztj4wyjfyynihzma

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9f267c466b54c872df34ed03881e532c.safeframe.googlesyndication.com
adservice.google.com
adservice.google.de
bnc.lt
cutt.us
fonts.googleapis.com
fonts.gstatic.com
pagead2.googlesyndication.com
real-best-girls5.com
securepubads.g.doubleclick.net
tdsjsext5.com
theresa.eleniboyer.xyz
tpc.googlesyndication.com
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
172.217.21.194
172.96.191.159
185.50.248.8
2600:9000:206f:4200:1:7145:e880:93a1
2a00:1450:4001:809::200e
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2003
2a00:1450:4001:811::2001
2a00:1450:4001:812::200a
2a00:1450:4001:81a::2002
2a00:1450:4001:824::2002
2a00:1450:4001:828::2001
2a00:1450:4001:828::2002
2a00:1450:4001:828::2008
2a00:1450:4001:82b::2001
69.61.26.121
79.110.24.162
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0982dadd535925cdc02610ef878d3cf9cdd9d74a9b0806cf8e8f6095d85d4f9b
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
1be1304c675449b1bad38ea8c3da6c1da0763ed2fad339ee1aa461c7bf4e2a68
1f12854c80afd1c18ade0a7c26f00cac5cdb917cb6ddee36bba33f00dfc50814
2949d919c1cbfea9a960e5a7a9fe4fe5086c1f9073c278d7e653980917a5a740
37a751df9353725b7e06bec81bc5c9f42c77c21701e4717465a13f4df5c0540d
4b6d1c5f915e7fb5be732c671e43e8885f292c1c48051c7b6721ac7770062bec
67f75d375f0b2c4bedd6eb322aed8287f4af1f79ebc0b437083f719ca1b7a4a2
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6f094676c46dee819cb999b333cbf70077c5c141ae968e963e341d754e41d6fe
79f27a4ac37b8608888cdc74b6099fd98fbe8c458d8fcefd2b32d7538d84a72b
8ef5153f53bfe3fa7097e49d1e5c565bef763a106dcd2c0aff2e8556fa29ec83
8f31c428593d808f5dd1697233414338d03fdc0f7f88334ef3be339efc2ebda2
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
9e143c4789d06cb22bb6d6e6128565da189ce394e1296f01a7f04a5423595fab
a600a39f1aa836e327c60dc5e25d569740a3bd10f8accc89ec2c313f74c81ed8
b51553ea72360cb3940bf230292614ce5087d508ff50bdb13200f3a324af68ea
ba672b9e575f223b8d59c508d80446b595d2e47fdf9970d994ac0ee63d9ff963
bb0c201f0ca67e745869967d48db2e90bf01353d1f305959d487291cab6d0755
c7736f6538aca3fcafdd33667cdcbb4baaf13cb9217f11c95fd00f01d788c6f4
d6afd8d9abc2967f29ad396854cd05b1a12dcf9b7084f944c136ca6f540c5a39
e2dd9e4ad69996057c54e86ed4f9d5631b39e026421663bc34209a20cc820672
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
fbe2f44c31028699de107a5e39e4b9f7e0312313463f30cb96929a499102ba6d