urlscan.io logo urlscan.io
SecurityTrails logo

517s61.reminews.com Open in urlscan Pro
213.174.135.2  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bit.ly/3b2MVks
Effective URL: https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1785930&ymid=211025202151dd44e9fe244b47986328299d&rc=1...
Submission: On October 26 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 6 domains to perform 16 HTTP transactions. The main IP is 213.174.135.2, located in Ashburn, United States and belongs to ADVANCEDHOSTERS-AS, NL. The main domain is 517s61.reminews.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 22nd 2021. Valid for: a year.
This is the only time 517s61.reminews.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 67.199.248.11 396982 (GOOGLE-PR...)
2 3 213.32.106.139 16276 (OVH)
1 185.209.21.129 204601 (ON-LINE-D...)
5 109.206.162.83 50245 (SERVEREL-AS)
9 213.174.135.2 39572 (ADVANCEDH...)
16 4
1    67.199.248.11 (United States)

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly
bit.ly
3    213.32.106.139 (France)

ASN16276 (OVH, FR)
PTR: ip139.ip-213-32-106.eu
www.directoffermature.com
1    185.209.21.129 (Netherlands)

ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL)
PTR: zm1.mobiteasy.com
click2go.xyz
5    109.206.162.83 (Netherlands)

ASN50245 (SERVEREL-AS, NL)
PTR: 83.162.serverel.net
klsdee.com
9    213.174.135.2 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
517s61.reminews.com
123.selornews.com
Apex Domain
Subdomains		 Transfer
8 selornews.com
123.selornews.com
46 KB
5 klsdee.com
klsdee.com
16 KB
3 directoffermature.com
www.directoffermature.com
5 KB
1 reminews.com
517s61.reminews.com
7 KB
1 click2go.xyz
click2go.xyz
828 B
1 bit.ly
bit.ly
349 B
16 6
Domain Requested by
8 123.selornews.com 517s61.reminews.com
5 klsdee.com klsdee.com
3 www.directoffermature.com 2 redirects
1 517s61.reminews.com klsdee.com
1 click2go.xyz www.directoffermature.com
1 bit.ly 1 redirects
16 6

This site contains no links.

Subject Issuer Validity Valid
www.directoffermature.com
R3		 2021-09-06 -
2021-12-05		 3 months crt.sh
click2go.xyz
R3		 2021-09-26 -
2021-12-25		 3 months crt.sh
klsdee.com
R3		 2021-09-03 -
2021-12-02		 3 months crt.sh
*.reminews.com
Sectigo RSA Domain Validation Secure Server CA		 2021-10-22 -
2022-11-21		 a year crt.sh
*.selornews.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-18 -
2022-02-18		 a year crt.sh

This page contains 1 frames:

Frame: https://klsdee.com/afu.php?zoneid=1542726&var=1541147
Frame ID: CD124AF7FFFEB9C649A78C9B823C80DA
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://bit.ly/3b2MVks HTTP 301
    https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_so... Page URL
  2. https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_so... HTTP 302
    https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_so... HTTP 301
    https://click2go.xyz/go/4995/1?subid1=43100e13b8876547cc9f407d25b26f3d43e751026-202110-flb*543859... Page URL
  3. https://klsdee.com/1541147/?var=4995&ymid=0pkma0p200084 Page URL
  4. https://klsdee.com/?r=dir&zoneid=1541147&var=4995&ymid=0pkma0p200084&pb=08714457f854292b32f7387... Page URL
  5. https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1785930&ymid=211025202151dd44e9fe2... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

4
IPs

3
Countries

74 kB
Transfer

87 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bit.ly/3b2MVks HTTP 301
    https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID} Page URL
  2. https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}&eyeg=9f91a094169aa6ddc142cd295665a110&eyer=0.2929294145777106&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef= HTTP 302
    https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}&oyeg=9f91a094169aa6ddc142cd295665a110&eyer=0.2929294145777106&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=&eyeg=3 HTTP 301
    https://click2go.xyz/go/4995/1?subid1=43100e13b8876547cc9f407d25b26f3d43e751026-202110-flb*5438597-c017b**sl_5438597-c017b*ef94e0fd88fef06802afb5d8eb19d3ea6928a2a7*{subID}*{sub_subID}&subid2=rest Page URL
  3. https://klsdee.com/1541147/?var=4995&ymid=0pkma0p200084 Page URL
  4. https://klsdee.com/?r=dir&zoneid=1541147&var=4995&ymid=0pkma0p200084&pb=08714457f854292b32f73877f19e75931635218470&psp=vAdhicZluxuXy2Chpz2kk0-JIFcHMjXdpKITWTgXVUb-JFDsI3EH5N3uKl_GA8SAXngpa9bvymCKTrE8kxDHQIz6IVNq_Fk-MxSkMJbDCZouJLGUPcaHDxj3SNa7AiYmbg3B5Dv-yL5QEkkPYd43C76gZ7II4Dhlk3eYDuO5alZaR9YJgc_5Mn1DiS4vK50rOIh7-KqFG1jsy1nesK3SL-RQjodyNjYC1xRRrwhFNpBmU5tL_Yx4h5acw5VaGLP1Eke7ma5spyI0EoTM8GsYF8znpB9_V8F6TeJo3VW9HHiO1RAWfOob7bq_-QA-uMUQfGqkmdzSR1gDD6FlNp1jufX3-8jtqp0GFrUlkPjBk3v74lV8hcNcg_XTDoOvpKlgGEwZHV3inLDalgrq4VFFFIFchW7igALE18x7jSoowGpqQsoDhgLhd7hJXL_5Sj4g8jVbjYgzsz0hyv8Bfkpq9wiZnyWF9jGQh0OMX_jx2fXjD_pK_SFEXVVxzZfg4bWA1kf81VskOqLtPC1wRacsZ_NATvJFGu7kSFmWW4sbR0xTkSLR2CFqOXj6d6iDsrSGJ_goMf5mYy7Zgq7WgXjPSU842NnKVcpRB-Qw6kTxNpXjeimwSN9IT1vj6_Fu8VI9yZa_XgxYbX83zqFfc77_N8UiAy9U5iPAr5A0j8EAxIjQAvkxfKEBGsB97h2JDk9hpQ==&nojs=0&ix=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&pl=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Linux%20x86_64&cd=24&0 Page URL
  5. https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1785930&ymid=211025202151dd44e9fe244b47986328299d&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://bit.ly/3b2MVks HTTP 301
  • https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}
Request Chain 1
  • https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}&eyeg=9f91a094169aa6ddc142cd295665a110&eyer=0.2929294145777106&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef= HTTP 302
  • https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}&oyeg=9f91a094169aa6ddc142cd295665a110&eyer=0.2929294145777106&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=&eyeg=3 HTTP 301
  • https://click2go.xyz/go/4995/1?subid1=43100e13b8876547cc9f407d25b26f3d43e751026-202110-flb*5438597-c017b**sl_5438597-c017b*ef94e0fd88fef06802afb5d8eb19d3ea6928a2a7*{subID}*{sub_subID}&subid2=rest

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.directoffermature.com/
Redirect Chain
  • https://bit.ly/3b2MVks
  • https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}
4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.32.106.139 , France, ASN16276 (OVH, FR),
Reverse DNS
ip139.ip-213-32-106.eu
Software
/
Resource Hash
45e73da2806a11d7d03796150d86d9f26a1550c1a0d32767458ac0130dafc003

Request headers

Host
www.directoffermature.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Tue, 26 Oct 2021 01:21:10 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-transform

Redirect headers

server
nginx
date
Tue, 26 Oct 2021 01:21:10 GMT
content-type
text/html; charset=utf-8
content-length
260
cache-control
private, max-age=90
content-security-policy
referrer always;
location
https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}
referrer-policy
unsafe-url
set-cookie
_bit=l9q1la-fb5ffc5bd4ad22dd5b-00M; Domain=bit.ly; Expires=Sun, 24 Apr 2022 01:21:10 GMT
via
1.1 google
alt-svc
clear
Cookie set 1
click2go.xyz/go/4995/
Redirect Chain
  • https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}&eyeg=9f91a094169aa6ddc142cd295665a110&eyer=...
  • https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}&oyeg=9f91a094169aa6ddc142cd295665a110&eyer=...
  • https://click2go.xyz/go/4995/1?subid1=43100e13b8876547cc9f407d25b26f3d43e751026-202110-flb*5438597-c017b**sl_5438597-c017b*ef94e0fd88fef06802afb5d8eb19d3ea6928a2a7*{subID}*{sub_subID}&subid2=rest
272 B
828 B 		Document
General
Check archive.org
Download Go to
Full URL
https://click2go.xyz/go/4995/1?subid1=43100e13b8876547cc9f407d25b26f3d43e751026-202110-flb*5438597-c017b**sl_5438597-c017b*ef94e0fd88fef06802afb5d8eb19d3ea6928a2a7*{subID}*{sub_subID}&subid2=rest
Requested by
Host: www.directoffermature.com
URL: https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.209.21.129 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),
Reverse DNS
zm1.mobiteasy.com
Software
nginx/1.18.0 (Ubuntu) / PHP/7.2.34-8+ubuntu20.04.1+deb.sury.org+1
Resource Hash
aff74a1831751f8e3fdd28604cabf62fb86905165017a0c7dc108bb9c8ffc34e

Request headers

Host
click2go.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Tue, 26 Oct 2021 01:21:10 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.2.34-8+ubuntu20.04.1+deb.sury.org+1
Content-Encoding
identity
Expires
Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified
Tue, 26 Oct 2021 01:21:10 GMT
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Pragma
no-cache
Set-Cookie
mobitck=1; expires=Tue, 26-Oct-2021 23:59:59 GMT; Max-Age=81529; path=/; HttpOnly

Redirect headers

Date
Tue, 26 Oct 2021 01:21:10 GMT
Content-Type
text/html
Content-Length
555
Connection
keep-alive
Cache-Control
no-transform no-cache, no-store, must-revalidate
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://click2go.xyz/go/4995/1?subid1=43100e13b8876547cc9f407d25b26f3d43e751026-202110-flb*5438597-c017b**sl_5438597-c017b*ef94e0fd88fef06802afb5d8eb19d3ea6928a2a7*{subID}*{sub_subID}&subid2=rest
/
klsdee.com/1541147/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://klsdee.com/1541147/?var=4995&ymid=0pkma0p200084
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
109.206.162.83 , Netherlands, ASN50245 (SERVEREL-AS, NL),
Reverse DNS
83.162.serverel.net
Software
nginx /
Resource Hash
ea53c322dd6fb93aa9bac81455149afa36a7a012f56c21400db7eedcfaafcc4e

Request headers

:method
GET
:authority
klsdee.com
:scheme
https
:path
/1541147/?var=4995&ymid=0pkma0p200084
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
nginx
date
Tue, 26 Oct 2021 01:21:10 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
set-cookie
UID=2110252021117b27bd2e9a4e3f960c97796c; Path=/; SameSite=None; Expires=Wed, 26 Oct 2022 01:21:10 GMT; HttpOnly; Secure
content-encoding
gzip
timing-allow-origin
*
submit.min.js
klsdee.com/ 		31 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://klsdee.com/submit.min.js?2.0
Requested by
Host: klsdee.com
URL: https://klsdee.com/1541147/?var=4995&ymid=0pkma0p200084
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
109.206.162.83 , Netherlands, ASN50245 (SERVEREL-AS, NL),
Reverse DNS
83.162.serverel.net
Software
nginx /
Resource Hash
958b18d211320caadb6a1ad60fdc6faf3474abeee710445d378321acf5f69143

Request headers

:path
/submit.min.js?2.0
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
klsdee.com
cookie
UID=2110252021117b27bd2e9a4e3f960c97796c
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 26 Oct 2021 01:21:10 GMT
content-encoding
gzip
last-modified
Tue, 12 Oct 2021 10:58:11 GMT
server
nginx
etag
W/"61656a43-7c49"
vary
Accept-Encoding
content-type
application/javascript
timing-allow-origin
*
/
klsdee.com/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://klsdee.com/?r=dir&zoneid=1541147&var=4995&ymid=0pkma0p200084&pb=08714457f854292b32f73877f19e75931635218470&psp=vAdhicZluxuXy2Chpz2kk0-JIFcHMjXdpKITWTgXVUb-JFDsI3EH5N3uKl_GA8SAXngpa9bvymCKTrE8kxDHQIz6IVNq_Fk-MxSkMJbDCZouJLGUPcaHDxj3SNa7AiYmbg3B5Dv-yL5QEkkPYd43C76gZ7II4Dhlk3eYDuO5alZaR9YJgc_5Mn1DiS4vK50rOIh7-KqFG1jsy1nesK3SL-RQjodyNjYC1xRRrwhFNpBmU5tL_Yx4h5acw5VaGLP1Eke7ma5spyI0EoTM8GsYF8znpB9_V8F6TeJo3VW9HHiO1RAWfOob7bq_-QA-uMUQfGqkmdzSR1gDD6FlNp1jufX3-8jtqp0GFrUlkPjBk3v74lV8hcNcg_XTDoOvpKlgGEwZHV3inLDalgrq4VFFFIFchW7igALE18x7jSoowGpqQsoDhgLhd7hJXL_5Sj4g8jVbjYgzsz0hyv8Bfkpq9wiZnyWF9jGQh0OMX_jx2fXjD_pK_SFEXVVxzZfg4bWA1kf81VskOqLtPC1wRacsZ_NATvJFGu7kSFmWW4sbR0xTkSLR2CFqOXj6d6iDsrSGJ_goMf5mYy7Zgq7WgXjPSU842NnKVcpRB-Qw6kTxNpXjeimwSN9IT1vj6_Fu8VI9yZa_XgxYbX83zqFfc77_N8UiAy9U5iPAr5A0j8EAxIjQAvkxfKEBGsB97h2JDk9hpQ==&nojs=0&ix=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&pl=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Linux%20x86_64&cd=24&0
Requested by
Host: klsdee.com
URL: https://klsdee.com/submit.min.js?2.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
109.206.162.83 , Netherlands, ASN50245 (SERVEREL-AS, NL),
Reverse DNS
83.162.serverel.net
Software
nginx /
Resource Hash
3f2d16ea36b9b12dca2ca28689e06d630c3a6fa332ced379662b58767c54384a

Request headers

:method
GET
:authority
klsdee.com
:scheme
https
:path
/?r=dir&zoneid=1541147&var=4995&ymid=0pkma0p200084&pb=08714457f854292b32f73877f19e75931635218470&psp=vAdhicZluxuXy2Chpz2kk0-JIFcHMjXdpKITWTgXVUb-JFDsI3EH5N3uKl_GA8SAXngpa9bvymCKTrE8kxDHQIz6IVNq_Fk-MxSkMJbDCZouJLGUPcaHDxj3SNa7AiYmbg3B5Dv-yL5QEkkPYd43C76gZ7II4Dhlk3eYDuO5alZaR9YJgc_5Mn1DiS4vK50rOIh7-KqFG1jsy1nesK3SL-RQjodyNjYC1xRRrwhFNpBmU5tL_Yx4h5acw5VaGLP1Eke7ma5spyI0EoTM8GsYF8znpB9_V8F6TeJo3VW9HHiO1RAWfOob7bq_-QA-uMUQfGqkmdzSR1gDD6FlNp1jufX3-8jtqp0GFrUlkPjBk3v74lV8hcNcg_XTDoOvpKlgGEwZHV3inLDalgrq4VFFFIFchW7igALE18x7jSoowGpqQsoDhgLhd7hJXL_5Sj4g8jVbjYgzsz0hyv8Bfkpq9wiZnyWF9jGQh0OMX_jx2fXjD_pK_SFEXVVxzZfg4bWA1kf81VskOqLtPC1wRacsZ_NATvJFGu7kSFmWW4sbR0xTkSLR2CFqOXj6d6iDsrSGJ_goMf5mYy7Zgq7WgXjPSU842NnKVcpRB-Qw6kTxNpXjeimwSN9IT1vj6_Fu8VI9yZa_XgxYbX83zqFfc77_N8UiAy9U5iPAr5A0j8EAxIjQAvkxfKEBGsB97h2JDk9hpQ==&nojs=0&ix=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&pl=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Linux%20x86_64&cd=24&0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
cookie
UID=2110252021117b27bd2e9a4e3f960c97796c
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
nginx
date
Tue, 26 Oct 2021 01:21:10 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
set-cookie
OXCCLK=ABPemAAAAAAAAAAB; Path=/; SameSite=None; Expires=Wed, 27 Oct 2021 01:21:10 GMT; Secure OXPCLK=AAHg4AAAAAAAAAAB; Path=/; SameSite=None; Expires=Wed, 27 Oct 2021 01:21:10 GMT; Secure ppucnt=1; Path=/; SameSite=None; Expires=Wed, 27 Oct 2021 01:21:10 GMT; Secure
content-encoding
gzip
timing-allow-origin
*
Primary Request index.html
517s61.reminews.com/dannig/common-player-arrow/ 		6 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1785930&ymid=211025202151dd44e9fe244b47986328299d&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true
Requested by
Host: klsdee.com
URL: https://klsdee.com/?r=dir&zoneid=1541147&var=4995&ymid=0pkma0p200084&pb=08714457f854292b32f73877f19e75931635218470&psp=vAdhicZluxuXy2Chpz2kk0-JIFcHMjXdpKITWTgXVUb-JFDsI3EH5N3uKl_GA8SAXngpa9bvymCKTrE8kxDHQIz6IVNq_Fk-MxSkMJbDCZouJLGUPcaHDxj3SNa7AiYmbg3B5Dv-yL5QEkkPYd43C76gZ7II4Dhlk3eYDuO5alZaR9YJgc_5Mn1DiS4vK50rOIh7-KqFG1jsy1nesK3SL-RQjodyNjYC1xRRrwhFNpBmU5tL_Yx4h5acw5VaGLP1Eke7ma5spyI0EoTM8GsYF8znpB9_V8F6TeJo3VW9HHiO1RAWfOob7bq_-QA-uMUQfGqkmdzSR1gDD6FlNp1jufX3-8jtqp0GFrUlkPjBk3v74lV8hcNcg_XTDoOvpKlgGEwZHV3inLDalgrq4VFFFIFchW7igALE18x7jSoowGpqQsoDhgLhd7hJXL_5Sj4g8jVbjYgzsz0hyv8Bfkpq9wiZnyWF9jGQh0OMX_jx2fXjD_pK_SFEXVVxzZfg4bWA1kf81VskOqLtPC1wRacsZ_NATvJFGu7kSFmWW4sbR0xTkSLR2CFqOXj6d6iDsrSGJ_goMf5mYy7Zgq7WgXjPSU842NnKVcpRB-Qw6kTxNpXjeimwSN9IT1vj6_Fu8VI9yZa_XgxYbX83zqFfc77_N8UiAy9U5iPAr5A0j8EAxIjQAvkxfKEBGsB97h2JDk9hpQ==&nojs=0&ix=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&pl=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Linux%20x86_64&cd=24&0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
704ac850576addb36549716f2a7a2dc0e1cfd2ec0fb7316e8fb8c59c224eb52a

Request headers

:method
GET
:authority
517s61.reminews.com
:scheme
https
:path
/dannig/common-player-arrow/index.html?var=1785930&ymid=211025202151dd44e9fe244b47986328299d&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Tue, 26 Oct 2021 01:21:10 GMT
content-type
text/html; charset=utf-8
content-length
6608
server
nginx/1.18.0
last-modified
Tue, 07 Sep 2021 11:13:16 GMT
etag
656623aae06642bf44c396460a413655
x-timestamp
1631013195.64402
x-trans-id
tx160cb8a081d24b4dad7c4-0061549774
x-openstack-request-id
tx160cb8a081d24b4dad7c4-0061549774
cache-control
max-age=172800
access-control-allow-origin
*
access-control-allow-methods
HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers
Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers
X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires
Thu, 28 Oct 2021 01:21:10 GMT
vary
Accept-Encoding
x-proxy-cache
HIT
accept-ranges
bytes
dupa.gif
klsdee.com/ 		43 B
123 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://klsdee.com/dupa.gif?z=1541147&var=4995&ymid=0pkma0p200084&pb=08714457f854292b32f73877f19e75931635218470&psp=vAdhicZluxuXy2Chpz2kk0-JIFcHMjXdpKITWTgXVUb-JFDsI3EH5N3uKl_GA8SAXngpa9bvymCKTrE8kxDHQIz6IVNq_Fk-MxSkMJbDCZouJLGUPcaHDxj3SNa7AiYmbg3B5Dv-yL5QEkkPYd43C76gZ7II4Dhlk3eYDuO5alZaR9YJgc_5Mn1DiS4vK50rOIh7-KqFG1jsy1nesK3SL-RQjodyNjYC1xRRrwhFNpBmU5tL_Yx4h5acw5VaGLP1Eke7ma5spyI0EoTM8GsYF8znpB9_V8F6TeJo3VW9HHiO1RAWfOob7bq_-QA-uMUQfGqkmdzSR1gDD6FlNp1jufX3-8jtqp0GFrUlkPjBk3v74lV8hcNcg_XTDoOvpKlgGEwZHV3inLDalgrq4VFFFIFchW7igALE18x7jSoowGpqQsoDhgLhd7hJXL_5Sj4g8jVbjYgzsz0hyv8Bfkpq9wiZnyWF9jGQh0OMX_jx2fXjD_pK_SFEXVVxzZfg4bWA1kf81VskOqLtPC1wRacsZ_NATvJFGu7kSFmWW4sbR0xTkSLR2CFqOXj6d6iDsrSGJ_goMf5mYy7Zgq7WgXjPSU842NnKVcpRB-Qw6kTxNpXjeimwSN9IT1vj6_Fu8VI9yZa_XgxYbX83zqFfc77_N8UiAy9U5iPAr5A0j8EAxIjQAvkxfKEBGsB97h2JDk9hpQ==
Requested by
Host: klsdee.com
URL: https://klsdee.com/?r=dir&zoneid=1541147&var=4995&ymid=0pkma0p200084&pb=08714457f854292b32f73877f19e75931635218470&psp=vAdhicZluxuXy2Chpz2kk0-JIFcHMjXdpKITWTgXVUb-JFDsI3EH5N3uKl_GA8SAXngpa9bvymCKTrE8kxDHQIz6IVNq_Fk-MxSkMJbDCZouJLGUPcaHDxj3SNa7AiYmbg3B5Dv-yL5QEkkPYd43C76gZ7II4Dhlk3eYDuO5alZaR9YJgc_5Mn1DiS4vK50rOIh7-KqFG1jsy1nesK3SL-RQjodyNjYC1xRRrwhFNpBmU5tL_Yx4h5acw5VaGLP1Eke7ma5spyI0EoTM8GsYF8znpB9_V8F6TeJo3VW9HHiO1RAWfOob7bq_-QA-uMUQfGqkmdzSR1gDD6FlNp1jufX3-8jtqp0GFrUlkPjBk3v74lV8hcNcg_XTDoOvpKlgGEwZHV3inLDalgrq4VFFFIFchW7igALE18x7jSoowGpqQsoDhgLhd7hJXL_5Sj4g8jVbjYgzsz0hyv8Bfkpq9wiZnyWF9jGQh0OMX_jx2fXjD_pK_SFEXVVxzZfg4bWA1kf81VskOqLtPC1wRacsZ_NATvJFGu7kSFmWW4sbR0xTkSLR2CFqOXj6d6iDsrSGJ_goMf5mYy7Zgq7WgXjPSU842NnKVcpRB-Qw6kTxNpXjeimwSN9IT1vj6_Fu8VI9yZa_XgxYbX83zqFfc77_N8UiAy9U5iPAr5A0j8EAxIjQAvkxfKEBGsB97h2JDk9hpQ==&nojs=0&ix=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&pl=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Linux%20x86_64&cd=24&0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
109.206.162.83 , Netherlands, ASN50245 (SERVEREL-AS, NL),
Reverse DNS
83.162.serverel.net
Software
nginx /
Resource Hash

Request headers

sec-fetch-mode
no-cors
origin
https://klsdee.com
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
sec-fetch-dest
empty
cookie
UID=2110252021117b27bd2e9a4e3f960c97796c; OXCCLK=ABPemAAAAAAAAAAB; OXPCLK=AAHg4AAAAAAAAAAB; ppucnt=1
content-length
0
:path
/dupa.gif?z=1541147&var=4995&ymid=0pkma0p200084&pb=08714457f854292b32f73877f19e75931635218470&psp=vAdhicZluxuXy2Chpz2kk0-JIFcHMjXdpKITWTgXVUb-JFDsI3EH5N3uKl_GA8SAXngpa9bvymCKTrE8kxDHQIz6IVNq_Fk-MxSkMJbDCZouJLGUPcaHDxj3SNa7AiYmbg3B5Dv-yL5QEkkPYd43C76gZ7II4Dhlk3eYDuO5alZaR9YJgc_5Mn1DiS4vK50rOIh7-KqFG1jsy1nesK3SL-RQjodyNjYC1xRRrwhFNpBmU5tL_Yx4h5acw5VaGLP1Eke7ma5spyI0EoTM8GsYF8znpB9_V8F6TeJo3VW9HHiO1RAWfOob7bq_-QA-uMUQfGqkmdzSR1gDD6FlNp1jufX3-8jtqp0GFrUlkPjBk3v74lV8hcNcg_XTDoOvpKlgGEwZHV3inLDalgrq4VFFFIFchW7igALE18x7jSoowGpqQsoDhgLhd7hJXL_5Sj4g8jVbjYgzsz0hyv8Bfkpq9wiZnyWF9jGQh0OMX_jx2fXjD_pK_SFEXVVxzZfg4bWA1kf81VskOqLtPC1wRacsZ_NATvJFGu7kSFmWW4sbR0xTkSLR2CFqOXj6d6iDsrSGJ_goMf5mYy7Zgq7WgXjPSU842NnKVcpRB-Qw6kTxNpXjeimwSN9IT1vj6_Fu8VI9yZa_XgxYbX83zqFfc77_N8UiAy9U5iPAr5A0j8EAxIjQAvkxfKEBGsB97h2JDk9hpQ==
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type
text/plain;charset=UTF-8
accept
*/*
cache-control
no-cache
:authority
klsdee.com
:scheme
https
sec-fetch-site
same-origin
:method
POST
Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 26 Oct 2021 01:21:10 GMT
server
nginx
timing-allow-origin
*
content-length
43
content-type
image/gif
script.js
123.selornews.com/dannig/common-player-arrow/ 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://123.selornews.com/dannig/common-player-arrow/script.js?a=19
Requested by
Host: 517s61.reminews.com
URL: https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1785930&ymid=211025202151dd44e9fe244b47986328299d&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
4d23eca65ee87fd5bce9aaefc863c5f836ad13dbb3069c72533bddfe2054d0d9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://517s61.reminews.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 26 Oct 2021 01:21:10 GMT
x-openstack-request-id
tx9952879646e44b06b7ed4-0061549774
x-trans-id
tx9952879646e44b06b7ed4-0061549774
x-timestamp
1631013005.68768
accept-ranges
bytes
expires
Thu, 28 Oct 2021 01:21:10 GMT
last-modified
Tue, 07 Sep 2021 11:10:06 GMT
server
nginx/1.18.0
etag
9d479878f1dadd7ee15cebf73891e8ae
vary
Accept-Encoding
access-control-allow-methods
HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control
max-age=172800
content-length
4281
access-control-allow-headers
Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
x-proxy-cache
HIT
icon1.png
123.selornews.com/dannig/common-player-arrow/img/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://123.selornews.com/dannig/common-player-arrow/img/icon1.png
Requested by
Host: 517s61.reminews.com
URL: https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1785930&ymid=211025202151dd44e9fe244b47986328299d&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://517s61.reminews.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 26 Oct 2021 01:21:10 GMT
x-openstack-request-id
tx2d0dd23b50f44f71b94b1-0061549779
x-trans-id
tx2d0dd23b50f44f71b94b1-0061549779
x-timestamp
1621260766.56573
accept-ranges
bytes
expires
Thu, 28 Oct 2021 01:21:10 GMT
last-modified
Mon, 17 May 2021 14:12:47 GMT
server
nginx/1.18.0
etag
3d0ab5834c8bf7134e4d21fa3288317f
vary
Accept-Encoding
access-control-allow-methods
HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control
max-age=172800
content-length
7252
access-control-allow-headers
Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
x-proxy-cache
HIT
icon2.png
123.selornews.com/dannig/common-player-arrow/img/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://123.selornews.com/dannig/common-player-arrow/img/icon2.png
Requested by
Host: 517s61.reminews.com
URL: https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1785930&ymid=211025202151dd44e9fe244b47986328299d&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://517s61.reminews.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 26 Oct 2021 01:21:10 GMT
x-openstack-request-id
txc41ab47d2780494c846c6-0061549774
x-trans-id
txc41ab47d2780494c846c6-0061549774
x-timestamp
1621260766.58366
accept-ranges
bytes
expires
Thu, 28 Oct 2021 01:21:10 GMT
last-modified
Mon, 17 May 2021 14:12:47 GMT
server
nginx/1.18.0
etag
c947d439eb93367f1af5b2a3d222f057
vary
Accept-Encoding
access-control-allow-methods
HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control
max-age=172800
content-length
4576
access-control-allow-headers
Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
x-proxy-cache
HIT
icon3.png
123.selornews.com/dannig/common-player-arrow/img/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://123.selornews.com/dannig/common-player-arrow/img/icon3.png
Requested by
Host: 517s61.reminews.com
URL: https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1785930&ymid=211025202151dd44e9fe244b47986328299d&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://517s61.reminews.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 26 Oct 2021 01:21:10 GMT
x-openstack-request-id
txb3aca77b0d774c8fa073f-0061549774
x-trans-id
txb3aca77b0d774c8fa073f-0061549774
x-timestamp
1621260770.61859
accept-ranges
bytes
expires
Thu, 28 Oct 2021 01:21:10 GMT
last-modified
Mon, 17 May 2021 14:12:51 GMT
server
nginx/1.18.0
etag
8f3cc830da0b1fdf66bda7d1d734747b
vary
Accept-Encoding
access-control-allow-methods
HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control
max-age=172800
content-length
7847
access-control-allow-headers
Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
x-proxy-cache
HIT
icon4.png
123.selornews.com/dannig/common-player-arrow/img/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://123.selornews.com/dannig/common-player-arrow/img/icon4.png
Requested by
Host: 517s61.reminews.com
URL: https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1785930&ymid=211025202151dd44e9fe244b47986328299d&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://517s61.reminews.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 26 Oct 2021 01:21:10 GMT
x-openstack-request-id
txb2f4e018dafb47b8962c0-0061549776
x-trans-id
txb2f4e018dafb47b8962c0-0061549776
x-timestamp
1621260766.57654
accept-ranges
bytes
expires
Thu, 28 Oct 2021 01:21:10 GMT
last-modified
Mon, 17 May 2021 14:12:47 GMT
server
nginx/1.18.0
etag
7ad7f32c1c0df7b4975cc41bda4ac435
vary
Accept-Encoding
access-control-allow-methods
HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control
max-age=172800
content-length
7032
access-control-allow-headers
Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
x-proxy-cache
HIT
icon5.png
123.selornews.com/dannig/common-player-arrow/img/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://123.selornews.com/dannig/common-player-arrow/img/icon5.png
Requested by
Host: 517s61.reminews.com
URL: https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1785930&ymid=211025202151dd44e9fe244b47986328299d&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://517s61.reminews.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 26 Oct 2021 01:21:10 GMT
x-openstack-request-id
txe626f6f4b98e40adbd775-0061549776
x-trans-id
txe626f6f4b98e40adbd775-0061549776
x-timestamp
1621260766.74516
accept-ranges
bytes
expires
Thu, 28 Oct 2021 01:21:10 GMT
last-modified
Mon, 17 May 2021 14:12:47 GMT
server
nginx/1.18.0
etag
1e1a7582b5da63e10485d63f97abc9a0
vary
Accept-Encoding
access-control-allow-methods
HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control
max-age=172800
content-length
3264
access-control-allow-headers
Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
x-proxy-cache
HIT
icon7.png
123.selornews.com/dannig/common-player-arrow/img/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://123.selornews.com/dannig/common-player-arrow/img/icon7.png
Requested by
Host: 517s61.reminews.com
URL: https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1785930&ymid=211025202151dd44e9fe244b47986328299d&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://517s61.reminews.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 26 Oct 2021 01:21:10 GMT
x-openstack-request-id
txfcee0fd6a7474e959cdbc-0061549774
x-trans-id
txfcee0fd6a7474e959cdbc-0061549774
x-timestamp
1621260767.43555
accept-ranges
bytes
expires
Thu, 28 Oct 2021 01:21:10 GMT
last-modified
Mon, 17 May 2021 14:12:48 GMT
server
nginx/1.18.0
etag
b512735542cb07b3b2dcf153a7dfe456
vary
Accept-Encoding
access-control-allow-methods
HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control
max-age=172800
content-length
3283
access-control-allow-headers
Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
x-proxy-cache
HIT
icon8.png
123.selornews.com/dannig/common-player-arrow/img/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://123.selornews.com/dannig/common-player-arrow/img/icon8.png
Requested by
Host: 517s61.reminews.com
URL: https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1785930&ymid=211025202151dd44e9fe244b47986328299d&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://517s61.reminews.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 26 Oct 2021 01:21:10 GMT
x-openstack-request-id
txe8f8783669854d64ad4f6-006154977a
x-trans-id
txe8f8783669854d64ad4f6-006154977a
x-timestamp
1621260767.46514
accept-ranges
bytes
expires
Thu, 28 Oct 2021 01:21:10 GMT
last-modified
Mon, 17 May 2021 14:12:48 GMT
server
nginx/1.18.0
etag
f92d6474ebc6a3a0b576749cfb4afe98
vary
Accept-Encoding
access-control-allow-methods
HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control
max-age=172800
content-length
4064
access-control-allow-headers
Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
x-proxy-cache
HIT
afu.php
klsdee.com/ 		0
81 B 		Document
General
Check archive.org
Download Go to
Full URL
https://klsdee.com/afu.php?zoneid=1542726&var=1541147
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
109.206.162.83 , Netherlands, ASN50245 (SERVEREL-AS, NL),
Reverse DNS
83.162.serverel.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method
GET
:authority
klsdee.com
:scheme
https
:path
/afu.php?zoneid=1542726&var=1541147
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
cookie
UID=2110252021117b27bd2e9a4e3f960c97796c; OXCCLK=ABPemAAAAAAAAAAB; OXPCLK=AAHg4AAAAAAAAAAB; ppucnt=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
nginx
date
Tue, 26 Oct 2021 01:21:10 GMT
content-type
text/plain; charset=utf-8
content-length
0
timing-allow-origin
*

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster

6 Cookies

Domain/Path Name / Value
.bit.ly/ Name: _bit
Value: l9q1la-fb5ffc5bd4ad22dd5b-00M
click2go.xyz/ Name: mobitck
Value: 1
klsdee.com/ Name: UID
Value: 2110252021117b27bd2e9a4e3f960c97796c
klsdee.com/ Name: OXCCLK
Value: ABPemAAAAAAAAAAB
klsdee.com/ Name: OXPCLK
Value: AAHg4AAAAAAAAAAB
klsdee.com/ Name: ppucnt
Value: 1