mrfuga.com Open in urlscan Pro
66.29.141.134 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://mrfuga.com/
Submission: On December 29 via api (December 29th 2022, 3:07:51 pm UTC) from US — Scanned from US

Summary HTTP 45 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 12 IPs in 1 countries across 11 domains to perform 45 HTTP transactions. The main IP is 66.29.141.134, located in United States and belongs to NAMECHEAP-NET, US. The main domain is mrfuga.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 22nd 2022. Valid for: a year.

This is the only time mrfuga.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
8	66.29.141.134 66.29.141.134	22612 (NAMECHEAP...) (NAMECHEAP-NET)
14	2a00:86c0:209... 2a00:86c0:2090::1	40027 (NETFLIX-ASN) (NETFLIX-ASN)
10	2606:4700::68... 2606:4700::6810:9440	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:86c0:206... 2a00:86c0:2068:2068::131	2906 (AS-SSI) (AS-SSI)
1	2606:4700::68... 2606:4700::6812:1a55	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:141b:f00... 2600:141b:f000:589::33c4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2600:1f18:631... 2600:1f18:631e:2f83:49ee:beaa:2dfd:ae8f	14618 (AMAZON-AES) (AMAZON-AES)
2	2406:da00:ff0... 2406:da00:ff00::22c7:5f77	14618 (AMAZON-AES) (AMAZON-AES)
1	2607:f8b0:400... 2607:f8b0:4006:809::2008	15169 (GOOGLE) (GOOGLE)
1 2	2607:f8b0:400... 2607:f8b0:4006:823::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.176.194 142.250.176.194	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:81c::2004	15169 (GOOGLE) (GOOGLE)
45	12

8 66.29.141.134 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: premium214-3.web-hosting.com

mrfuga.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:86c0:2090::1 (United States)

ASN40027 (NETFLIX-ASN, US)

assets.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:86c0:2068:2068::131 (United States)

ASN2906 (AS-SSI, US)

occ-0-1323-2705.1.nflxso.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1a55 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:141b:f000:589::33c4 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)

ae.nflximg.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:631e:2f83:49ee:beaa:2dfd:ae8f (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

www.netflix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2406:da00:ff00::22c7:5f77 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

ichnaea-web.netflix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:809::2008 (Nutley, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:823::2002 (Nutley, United States) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.176.194 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s37-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81c::2004 (Nutley, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	nflxext.com assets.nflxext.com — Cisco Umbrella Rank: 748	2 MB
10	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 682	155 KB
8	mrfuga.com mrfuga.com	42 KB
4	netflix.com www.netflix.com — Cisco Umbrella Rank: 1482 ichnaea-web.netflix.com — Cisco Umbrella Rank: 2268	2 KB
2	google.com www.google.com — Cisco Umbrella Rank: 16	656 B
2	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 64	3 KB
2	nflximg.net ae.nflximg.net — Cisco Umbrella Rank: 22294	5 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 175	2 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 123	69 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 1036	306 B
1	nflxso.net occ-0-1323-2705.1.nflxso.net	257 KB
45	11

	Domain	Requested by
14	assets.nflxext.com	mrfuga.com assets.nflxext.com
10	cdn.cookielaw.org	mrfuga.com cdn.cookielaw.org
8	mrfuga.com	mrfuga.com assets.nflxext.com
2	www.google.com	ae.nflximg.net
2	googleads.g.doubleclick.net	1 redirects www.googletagmanager.com
2	ichnaea-web.netflix.com	ae.nflximg.net
2	www.netflix.com	ae.nflximg.net
2	ae.nflximg.net	assets.nflxext.com ae.nflximg.net
1	www.googleadservices.com	www.googletagmanager.com
1	www.googletagmanager.com	ae.nflximg.net
1	geolocation.onetrust.com	cdn.cookielaw.org
1	occ-0-1323-2705.1.nflxso.net	mrfuga.com
45	12

This site contains links to these domains. Also see Links.

Domain
help.netflix.com
media.netflix.com
ir.netflix.com
jobs.netflix.com
fast.com
www.netflix.com
optout.aboutads.info
www.onetrust.com

Subject Issuer	Validity	Valid
mrfuga.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-22` - `2023-08-22`	a year	crt.sh
*.1.nflxso.net DigiCert Secure Site ECC CA-1	`2022-12-23` - `2023-01-26`	a month	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
assets.nflxext.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-08` - `2023-03-11`	a year	crt.sh
www.netflix.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-14` - `2024-01-14`	a year	crt.sh
ichnaea-web.netflix.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-09` - `2023-02-09`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://mrfuga.com/
Frame ID: 721E8C8564721065F780FBCB10DDCAA9
Requests: 34 HTTP requests in this frame

Frame: https://ae.nflximg.net/monet/scripts/adtech_iframe_target_05.html?data=%7B%22membership_status%22%3A%22ANONYMOUS%22%2C%22country%22%3A%22DO%22%2C%22region_code%22%3A%2204%22%2C%22is_member%22%3A%22ANONYMOUS%22%2C%22wasFormerMember%22%3Afalse%2C%22referrer%22%3A%22nmLanding%22%2C%22deniedConsentCookieGroups%22%3A%22C0005%22%7D
Frame ID: F040EC4DA979B1BB7C3B1A927005EF05
Requests: 2 HTTP requests in this frame

Frame: https://ae.nflximg.net/monet/scripts/netflix_tag_05.html?data=%7B%22membership_status%22%3A%22ANONYMOUS%22%2C%22country%22%3A%22DO%22%2C%22region_code%22%3A%2204%22%2C%22is_member%22%3A%22ANONYMOUS%22%2C%22wasFormerMember%22%3Afalse%2C%22referrer%22%3A%22nmLanding%22%2C%22deniedConsentCookieGroups%22%3A%22C0005%22%7D
Frame ID: 607A3A4E36BDCF710AE091B04BD89314
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Netflix República Dominicana: Ve series online, ve películas onlineBack ButtonFilter Button

Detected technologies

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Page Statistics

45
Requests

98 %
HTTPS

83 %
IPv6

11
Domains

12
Subdomains

12
IPs

1
Countries

2195 kB
Transfer

4144 kB
Size

2
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://help.netflix.com/support/412
Title: Preguntas frecuentes

Search URL Search Domain Scan URL

URL: https://help.netflix.com/
Title: Centro de ayuda

Search URL Search Domain Scan URL

URL: https://media.netflix.com/
Title: Prensa

Search URL Search Domain Scan URL

URL: http://ir.netflix.com/
Title: Relaciones con inversionistas

Search URL Search Domain Scan URL

URL: https://jobs.netflix.com/jobs
Title: Empleo

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/termsofuse
Title: Términos de uso

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/privacy
Title: Privacidad

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/corpinfo
Title: Información corporativa

Search URL Search Domain Scan URL

URL: https://help.netflix.com/contactus
Title: Contáctanos

Search URL Search Domain Scan URL

URL: https://fast.com/
Title: Prueba de velocidad

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/notices
Title: Avisos legales

Search URL Search Domain Scan URL

URL: https://www.netflix.com/do/browse/genre/839338
Title: Solo en Netflix

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/privacy#cookies
Title: Cookies and Internet Advertising

Search URL Search Domain Scan URL

URL: https://optout.aboutads.info/
Title: here.

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981179826/?random=1475346625&cv=11&fst=1672326465475&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&label=40zWCLqP1XUQsrvu0wM&hn=www.googleadservices.com&frm=2&url=https%3A%2F%2Fae.nflximg.net%2Fmonet%2Fscripts%2Fnetflix_tag_05.html%3Fdata%3D%257B%2522membership_status%2522%253A%2522ANONYMOUS%2522%252C%2522country%2522%253A%2522DO%2522%252C%2522region_code%2522%253A%252204%2522%252C%2522is_member%2522%253A%2522ANONYMOUS%2522%252C%2522wasFormerMember%2522%253Afalse%252C%2522referrer%2522%253A%2522nmLanding%2522%252C%2522deniedConsentCookieGroups%2522%253A%2522C0005%2522%257D&gtm_ee=1&auid=914246893.1672326465&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=Qa2tY_PrKNHs_gTCyr3gDw&sscte=1&crd=&pscrd=Ek5DaEVJZ0pLMW5RWVFwLWJ6LTdyLTU3Q05BUklsQUFvQ0h5SlNxaHpSX1JSU2hpY3FXbkY2Qy14MWM0ckp1cS1HVENLcWxzTTZ2VkZQTWcaV0NoQUlnSksxblFZUTQ5RFQ5N3V0M1paaEVpMEEyNnRWaExIYk5pODlsVzQxcGNDSEM5OFJhRmNPMFU0bHJqQy1TTXNBRVBLTk40M0V5TGhyV3p5TEw2dw HTTP 302
https://www.google.com/pagead/1p-conversion/981179826/?random=1475346625&cv=11&fst=1672326465475&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&label=40zWCLqP1XUQsrvu0wM&hn=www.googleadservices.com&frm=2&url=https%3A%2F%2Fae.nflximg.net%2Fmonet%2Fscripts%2Fnetflix_tag_05.html%3Fdata%3D%257B%2522membership_status%2522%253A%2522ANONYMOUS%2522%252C%2522country%2522%253A%2522DO%2522%252C%2522region_code%2522%253A%252204%2522%252C%2522is_member%2522%253A%2522ANONYMOUS%2522%252C%2522wasFormerMember%2522%253Afalse%252C%2522referrer%2522%253A%2522nmLanding%2522%252C%2522deniedConsentCookieGroups%2522%253A%2522C0005%2522%257D&gtm_ee=1&auid=914246893.1672326465&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEVJZ0pLMW5RWVFwLWJ6LTdyLTU3Q05BUklsQUFvQ0h5SlNxaHpSX1JSU2hpY3FXbkY2Qy14MWM0ckp1cS1HVENLcWxzTTZ2VkZQTWcaV0NoQUlnSksxblFZUTQ5RFQ5N3V0M1paaEVpMEEyNnRWaExIYk5pODlsVzQxcGNDSEM5OFJhRmNPMFU0bHJqQy1TTXNBRVBLTk40M0V5TGhyV3p5TEw2dw&is_vtc=1&ocp_id=Qa2tY_PrKNHs_gTCyr3gDw&cid=CAQSKQDq26N9lMgKLOOSD6yEplKm35xsg6dtLZQRHrGwzTZOlC456WI7OpYdIBM&random=2810340487

45 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
mrfuga.com/ 271 KB
33 KB 824ms
237ms Document
text/html 66.29.141.134
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mrfuga.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.29.141.134 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium214-3.web-hosting.com
Software: LiteSpeed /
Resource Hash: b3939443c43a344c2a30ed6eb3e2c60b2b17a31564fb1301f5a73264ef29bb6c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
content-encoding: br
content-length: 33978
content-type: text/html
date: Thu, 29 Dec 2022 15:07:43 GMT
last-modified: Sat, 29 Oct 2022 23:58:37 GMT
server: LiteSpeed
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed

GET
H/1.1 200
OK nmhpFrameworkClient.js.378b5d70fc49dfc3193b.js Show response
assets.nflxext.com/web/ffe/wp/signup/nmhp/ 1 MB
370 KB 134ms
37ms Script
application/javascript 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.nflxext.com/web/ffe/wp/signup/nmhp/nmhpFrameworkClient.js.378b5d70fc49dfc3193b.js
Requested by: Host: mrfuga.com
URL: https://mrfuga.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 04ba36a50a636c242dbbbd01842bba522f925cf22feb0c720e600bd18c68cbb9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 29 Dec 2022 15:07:43 GMT
Content-Encoding: gzip
Last-Modified: Thu, 15 Sep 2022 12:33:42 GMT
Server: nginx
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 378815
Expires: Thu, 05 Jan 2023 15:07:44 GMT

GET
H2 404 WebsiteDetect
mrfuga.com/personalization/cl2/freeform/ 0
0 121ms
117ms Stylesheet
text/html 66.29.141.134
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mrfuga.com/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=css&modalView=nmLanding
Requested by: Host: mrfuga.com
URL: https://mrfuga.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.29.141.134 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium214-3.web-hosting.com
Software: LiteSpeed /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Dec 2022 15:07:43 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
server: LiteSpeed
content-length: 1238
content-type: text/html

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
8 KB 131ms
44ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: mrfuga.com
URL: https://mrfuga.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 29 Dec 2022 15:07:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: QpLkTroHlqrE0LequA2uwg==
age: 56192
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 7151
x-ms-lease-status: unlocked
last-modified: Wed, 21 Dec 2022 07:32:46 GMT
server: cloudflare
etag: 0x8DAE3258E5CB56A
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 6bd0e487-b01e-00a1-089a-15167d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7813726d7929da7f-MIA

GET
H/1.1 200
OK error-page.b4d75d715f60a9ee1887.css
assets.nflxext.com/web/ffe/wp/less/core/ 17 KB
5 KB 123ms
31ms Stylesheet
text/css 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.nflxext.com/web/ffe/wp/less/core/error-page.b4d75d715f60a9ee1887.css
Requested by: Host: mrfuga.com
URL: https://mrfuga.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: c50d81f310847f9dd5c054871180b211c7f4a9eccbb42ee95f9574880b56ef73

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 29 Dec 2022 15:07:43 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 May 2022 12:33:06 GMT
Server: nginx
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 4422
Expires: Thu, 05 Jan 2023 15:07:44 GMT

GET
H/1.1 200
OK nmhp.f79954211b07a8be8845.css
assets.nflxext.com/web/ffe/wp/less/signup/nmhp/ 85 KB
14 KB 125ms
34ms Stylesheet
text/css 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.nflxext.com/web/ffe/wp/less/signup/nmhp/nmhp.f79954211b07a8be8845.css
Requested by: Host: mrfuga.com
URL: https://mrfuga.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: f5c092e59d602dba2db3b338498698cd986daf65629d7c68bcc2a6ea177607ec

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 29 Dec 2022 15:07:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 07 Sep 2022 12:33:41 GMT
Server: nginx
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 14354
Expires: Thu, 05 Jan 2023 15:07:44 GMT

GET
H/1.1 200
OK DO-es-20220912-popsignuptwoweeks-perspective_alpha_website_large.jpg
assets.nflxext.com/ffe/siteui/vlv3/a795ee10-8c6d-467c-8159-254be2b69013/630baf3a-e751-4321-82df-040b34ad2632/ 333 KB
334 KB 235ms
235ms Image
image/jpeg 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.nflxext.com/ffe/siteui/vlv3/a795ee10-8c6d-467c-8159-254be2b69013/630baf3a-e751-4321-82df-040b34ad2632/DO-es-20220912-popsignuptwoweeks-perspective_alpha_website_large.jpg
Requested by: Host: mrfuga.com
URL: https://mrfuga.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: aec27c9550c8a589347e227629b61bcc3443030ed883645a01deeeac97d6d2e0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 29 Dec 2022 15:07:43 GMT
Last-Modified: Wed, 14 Sep 2022 13:01:59 GMT
Server: nginx
Content-MD5: 9TRnIIT6KpqflroN3jsNgg==
Content-Type: image/jpeg
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 341482
Expires: Thu, 05 Jan 2023 15:07:44 GMT

GET
H/1.1 200
OK tv.png
assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/ 11 KB
11 KB 39ms
34ms Image
image/png 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/tv.png
Requested by: Host: mrfuga.com
URL: https://mrfuga.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: b68ea2c7bea397aa11fadb189ce7d83862baebaf03ece643eb5aa9fb5f755056

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 29 Dec 2022 15:07:43 GMT
Last-Modified: Wed, 14 Nov 2018 18:20:41 GMT
Server: nginx
Content-MD5: d5lKZzJ7qVff2IDjOpHwQQ==
Content-Type: image/png
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11418
Expires: Thu, 05 Jan 2023 15:07:44 GMT

GET
H/1.1 200
OK mobile-0819.jpg
assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/ 48 KB
49 KB 76ms
35ms Image
image/jpeg 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/mobile-0819.jpg
Requested by: Host: mrfuga.com
URL: https://mrfuga.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 492fdebd363e40cbba153a244bcfe2a7f5f7cf20aff0805fe45d5c7e2180b875

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 29 Dec 2022 15:07:43 GMT
Last-Modified: Wed, 14 Aug 2019 17:59:05 GMT
Server: nginx
Content-MD5: pIMz1DwZYS7WGYf6Xb/zxQ==
Content-Type: image/jpeg
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 49614
Expires: Thu, 05 Jan 2023 15:07:44 GMT

GET
H/1.1 200
OK boxshot.png
assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/ 20 KB
20 KB 110ms
35ms Image
image/png 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/boxshot.png
Requested by: Host: mrfuga.com
URL: https://mrfuga.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: e1fa26cc34fda574edc01d09e374d6f10735a3fa621bdde87c104ee15453d4b6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 29 Dec 2022 15:07:43 GMT
Last-Modified: Wed, 14 Nov 2018 18:48:14 GMT
Server: nginx
Content-MD5: WH4EDyAll5IJSQHKlzlmng==
Content-Type: image/png
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20506
Expires: Thu, 05 Jan 2023 15:07:44 GMT

GET
H/1.1 200
OK device-pile.png
assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/ 134 KB
134 KB 112ms
37ms Image
image/png 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/device-pile.png
Requested by: Host: mrfuga.com
URL: https://mrfuga.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 81cf64888a7b3f6848b09695b034026d9ad685665b91d54597ecbb6197c6acbb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 29 Dec 2022 15:07:43 GMT
Last-Modified: Wed, 23 Jan 2019 00:35:07 GMT
Server: nginx
Content-MD5: Cz2CFJPVdI2CnIUrvW0pLQ==
Content-Type: image/png
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 137040
Expires: Thu, 05 Jan 2023 15:07:44 GMT

GET
H/1.1 200
OK AAAABWhA7S8gKgO2_QQSYRTfuHJsMzqlrD0dFYILnwCBe0hjblWT1cNH7K1cDnOR_6ogaNeR404obloJ4HjEw-V-7ngs_k7W1kNNv89C.png
occ-0-1323-2705.1.nflxso.net/dnm/api/v6/19OhWN2dO19C9txTON9tvTFtefw/ 257 KB
257 KB 260ms
81ms Image
image/png 2a00:86c0:2068:2068::131
AS-SSI

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://occ-0-1323-2705.1.nflxso.net/dnm/api/v6/19OhWN2dO19C9txTON9tvTFtefw/AAAABWhA7S8gKgO2_QQSYRTfuHJsMzqlrD0dFYILnwCBe0hjblWT1cNH7K1cDnOR_6ogaNeR404obloJ4HjEw-V-7ngs_k7W1kNNv89C.png?r=8ec
Requested by: Host: mrfuga.com
URL: https://mrfuga.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2068:2068::131 , United States, ASN2906 (AS-SSI, US),
Reverse DNS
Software: nginx /
Resource Hash: 00480ed606988d8870d095c6ca94303089b007f561f6c689cce63b7415046925

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 29 Dec 2022 15:07:43 GMT
Last-Modified: Fri, 03 Jun 2022 21:20:59 GMT
Server: nginx
Accept-CH: Device-Memory, Downlink, DPR, ECT, RTT, Save-Data, Viewport-Width, Width
ETag: "9141ce6d51a2d1ab01122e2dfb0c55d6"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=31104000, public, s-maxage=604800
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 262843

GET
H2 404 WebsiteDetect Show response
mrfuga.com/personalization/cl2/freeform/ 1 KB
1 KB 122ms
120ms XHR
text/html 66.29.141.134
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mrfuga.com/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=js&modalView=nmLanding
Requested by: Host: mrfuga.com
URL: https://mrfuga.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.29.141.134 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium214-3.web-hosting.com
Software: LiteSpeed /
Resource Hash: 5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Dec 2022 15:07:43 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
server: LiteSpeed
content-length: 1238
content-type: text/html

GET
H2 404 WebsiteScreen Show response
mrfuga.com/personalization/cl2/freeform/ 1 KB
1 KB 122ms
121ms XHR
text/html 66.29.141.134
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mrfuga.com/personalization/cl2/freeform/WebsiteScreen?source=wwwhead&fetchType=js&winw=1600&winh=1200&screenw=1600&screenh=1200&ratio=1
Requested by: Host: mrfuga.com
URL: https://mrfuga.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.29.141.134 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium214-3.web-hosting.com
Software: LiteSpeed /
Resource Hash: 5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Dec 2022 15:07:43 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
server: LiteSpeed
content-length: 1238
content-type: text/html

GET
H2 200 87b6a5c0-0104-4e96-a291-092c11350111.json Show response
cdn.cookielaw.org/consent/87b6a5c0-0104-4e96-a291-092c11350111/ 5 KB
2 KB 170ms
95ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/87b6a5c0-0104-4e96-a291-092c11350111/87b6a5c0-0104-4e96-a291-092c11350111.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7bf6b39988461fcd1448d5a9e81d4cb05eeef456a41b1cc74a5cf8155b222e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 29 Dec 2022 15:07:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: KQMp++x/MYpe5kW+Hq9aIA==
age: 12685
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1779
x-ms-lease-status: unlocked
last-modified: Thu, 08 Dec 2022 01:11:58 GMT
server: cloudflare
etag: 0x8DAD8B93412B0A1
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 8dce42d5-001e-0159-3c6f-1b9b35000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7813726e4df5032d-MIA
expires: Fri, 30 Dec 2022 15:07:43 GMT

GET
H/1.1 200
OK NetflixSans_W_Rg.woff2
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ 52 KB
52 KB 132ms
51ms Font
font/woff2 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Rg.woff2
Requested by: Host: assets.nflxext.com
URL: https://assets.nflxext.com/web/ffe/wp/less/core/error-page.b4d75d715f60a9ee1887.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167

Request headers

Referer: https://assets.nflxext.com/web/ffe/wp/less/core/error-page.b4d75d715f60a9ee1887.css
Origin: https://mrfuga.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 29 Dec 2022 15:07:43 GMT
Last-Modified: Thu, 17 Jan 2019 20:16:30 GMT
Server: nginx
Content-MD5: C/MXfx/tbZUxeCIfukPH6A==
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 53304
Expires: Thu, 05 Jan 2023 15:07:44 GMT

GET
H/1.1 200
OK download-icon.gif
assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/ 22 KB
22 KB 93ms
58ms Image
image/gif 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/download-icon.gif
Requested by: Host: assets.nflxext.com
URL: https://assets.nflxext.com/web/ffe/wp/less/signup/nmhp/nmhp.f79954211b07a8be8845.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 4f99e4c2ed1c2b7de72f47102c64d601567f8efaad5944a08c86786cad4050e6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://assets.nflxext.com/web/ffe/wp/less/signup/nmhp/nmhp.f79954211b07a8be8845.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 29 Dec 2022 15:07:43 GMT
Last-Modified: Mon, 12 Nov 2018 22:40:57 GMT
Server: nginx
Content-MD5: 3Ty3jbeMPgoTybd+4Z3u5g==
Content-Type: image/gif
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 22171
Expires: Thu, 05 Jan 2023 15:07:44 GMT

GET
H/1.1 200
OK nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ 72 KB
72 KB 142ms
68ms Font
font/woff 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff
Requested by: Host: assets.nflxext.com
URL: https://assets.nflxext.com/web/ffe/wp/less/signup/nmhp/nmhp.f79954211b07a8be8845.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

Request headers

Referer: https://assets.nflxext.com/web/ffe/wp/less/signup/nmhp/nmhp.f79954211b07a8be8845.css
Origin: https://mrfuga.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 29 Dec 2022 15:07:43 GMT
Last-Modified: Mon, 29 Jan 2018 01:50:51 GMT
Server: nginx
Content-MD5: fPYVbMSBJEtaJUNi17c/AA==
Content-Type: font/woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 73572
Expires: Thu, 05 Jan 2023 15:07:44 GMT

GET
H/1.1 200
OK NetflixSans_W_Md.woff2
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ 53 KB
53 KB 146ms
72ms Font
font/woff2 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Md.woff2
Requested by: Host: assets.nflxext.com
URL: https://assets.nflxext.com/web/ffe/wp/less/core/error-page.b4d75d715f60a9ee1887.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e

Request headers

Referer: https://assets.nflxext.com/web/ffe/wp/less/core/error-page.b4d75d715f60a9ee1887.css
Origin: https://mrfuga.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 29 Dec 2022 15:07:43 GMT
Last-Modified: Thu, 17 Jan 2019 20:16:30 GMT
Server: nginx
Content-MD5: 6naZIbDPpPxtTRouCx+l/w==
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 53940
Expires: Thu, 05 Jan 2023 15:07:44 GMT

GET
H/1.1 206
Partial Content video-tv-0819.m4v
assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/ 264 KB
264 KB 45ms
44ms Media
video/x-m4v 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/video-tv-0819.m4v
Requested by: Host: mrfuga.com
URL: https://mrfuga.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 4c7a552d219146985961bf78d9083b7e2c1a82c4ada5d959f48b3e53754c9049

Request headers

Referer: https://mrfuga.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Range: bytes=0-

Response headers

Date: Thu, 29 Dec 2022 15:07:43 GMT
Last-Modified: Mon, 12 Aug 2019 20:49:12 GMT
Server: nginx
Content-MD5: PLEtt8Zyszc1AGSApFXscg==
Content-Type: video/x-m4v
Content-Range: bytes 0-270045/270046
Cache-Control: max-age=604801
Connection: keep-alive
Content-Length: 270046
Expires: Thu, 05 Jan 2023 15:07:44 GMT

GET
H/1.1 206
Partial Content video-devices.m4v
assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/ 260 KB
260 KB 42ms
42ms Media
video/x-m4v 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/video-devices.m4v
Requested by: Host: mrfuga.com
URL: https://mrfuga.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 3eec290a7f7da9abb00b49ca84f5f16e6d45ca33d40fd8ede4380835d6161d71

Request headers

Referer: https://mrfuga.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Range: bytes=0-

Response headers

Date: Thu, 29 Dec 2022 15:07:43 GMT
Last-Modified: Wed, 09 Jan 2019 20:47:49 GMT
Server: nginx
Content-MD5: PlXFYgWonIWf7QBa4XKfqg==
Content-Type: video/x-m4v
Content-Range: bytes 0-266159/266160
Cache-Control: max-age=604801
Connection: keep-alive
Content-Length: 266160
Expires: Thu, 05 Jan 2023 15:07:44 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 68 B
306 B 190ms
50ms XHR
application/json 2606:4700::6812:1a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a55 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71cfd0bf781e3f393bca283fc9d44777a2036985a4ffe9abedf14909e63a8aef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://mrfuga.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 29 Dec 2022 15:07:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 7813726fce39b3b6-MIA
access-control-allow-headers: Content-Type

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/ 383 KB
92 KB 47ms
46ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49582965b8ddcb8f728f5b4d33b2c73e138690f5c6815bd9918de94f62f4b80b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 29 Dec 2022 15:07:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: uPFqyxtrxGqJsyAvB7RnSg==
age: 58187
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 93482
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:45 GMT
server: cloudflare
etag: 0x8DADC66BDFA5EC7
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: cffcc2f9-101e-0024-13c4-0e41a8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 78137271ea3bda7f-MIA

POST
H2 404 log Show response
mrfuga.com/personalization/ 1 KB
1 KB 123ms
123ms XHR
text/html 66.29.141.134
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mrfuga.com/personalization/log
Requested by: Host: assets.nflxext.com
URL: https://assets.nflxext.com/web/ffe/wp/signup/nmhp/nmhpFrameworkClient.js.378b5d70fc49dfc3193b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.29.141.134 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium214-3.web-hosting.com
Software: LiteSpeed /
Resource Hash: 5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Request headers

X-Netflix.ichnaea.request.type: UiRequest
Referer: https://mrfuga.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Thu, 29 Dec 2022 15:07:44 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
server: LiteSpeed
content-length: 1238
content-type: text/html

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/87b6a5c0-0104-4e96-a291-092c11350111/8aced6fe-192c-4ab5-80ee-76de7ecfa812/ 53 KB
14 KB 46ms
46ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/87b6a5c0-0104-4e96-a291-092c11350111/8aced6fe-192c-4ab5-80ee-76de7ecfa812/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d5e8e4516ce4e4462fe724f7afcce689d3a1f024028f14a0a895fb0216d7a72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 29 Dec 2022 15:07:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: fVDrSi6mSJkpL9T8wrzlfA==
age: 12685
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 14109
x-ms-lease-status: unlocked
last-modified: Thu, 08 Dec 2022 01:12:12 GMT
server: cloudflare
etag: 0x8DAD8B93CA05B95
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 7660d18b-601e-00e7-036f-1bc8eb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 78137272fd4e032d-MIA
expires: Fri, 30 Dec 2022 15:07:44 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 13 KB
3 KB 47ms
46ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 29 Dec 2022 15:07:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: vO8A/abKpoPacUrvSk9OSw==
age: 12685
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:35 GMT
server: cloudflare
etag: 0x8DADC66B7AF38D0
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 8b8186fb-001e-005d-386f-1b28e2000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 781372738e59032d-MIA

GET
H2 200 otPcTab.json Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/v2/ 62 KB
13 KB 53ms
51ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/v2/otPcTab.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2390acb31de1fd7a3714ea1f198e07648a684d9ad3c36b6f7e697d451354088d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 29 Dec 2022 15:07:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Rth2PXh7B9Ohvuun2MX33g==
age: 12685
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 13335
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:37 GMT
server: cloudflare
etag: 0x8DADC66B943F40E
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: dfe62093-201e-0128-1c6f-1be90c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 781372738e5b032d-MIA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 21 KB
4 KB 50ms
49ms Fetch
text/css 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 29 Dec 2022 15:07:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 12685
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:50 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 76ca8204-a01e-0050-3d6f-1bc7ee000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 781372738e5e032d-MIA

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
489 B 49ms
46ms Fetch
image/svg+xml 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 29 Dec 2022 15:07:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 12685
x-ms-lease-status: unlocked
last-modified: Wed, 21 Dec 2022 07:32:48 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 5156c468-401e-0111-7c6f-1ba9a8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 781372740f2f032d-MIA

GET
H2 200 Netflix_Logo_PMS.png
cdn.cookielaw.org/logos/dd6b162f-1a32-456a-9cfe-897231c7763c/4345ea78-053c-46d2-b11e-09adaef973dc/ 16 KB
16 KB 52ms
52ms Image
application/octet-stream 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/dd6b162f-1a32-456a-9cfe-897231c7763c/4345ea78-053c-46d2-b11e-09adaef973dc/Netflix_Logo_PMS.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

675dd7b68acf580f893bec532f5b260b8f984b67734a9a6831334b2ff4aad384

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 29 Dec 2022 15:07:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 3MQJRwmi3BSvKIhEVW/5tw==
age: 41680
content-length: 16386
x-ms-lease-status: unlocked
last-modified: Mon, 18 May 2020 21:10:31 GMT
server: cloudflare
etag: 0x8D7FB6FE5CFC000
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
x-ms-request-id: 51439d9a-f01e-0048-0c43-caea7b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 781372745f89da7f-MIA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 79ms
78ms Image
image/svg+xml 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mrfuga.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 29 Dec 2022 15:07:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 2567
x-ms-lease-status: unlocked
last-modified: Wed, 21 Dec 2022 07:32:49 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 72dbe5f4-f01e-0121-5cb1-15f382000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 781372745f8ada7f-MIA

GET
H/1.1 200
OK adtech_iframe_target_05.html Show response
ae.nflximg.net/monet/scripts/ Frame F040 4 KB
2 KB 240ms
64ms Document
text/html 2600:141b:f000:589::33c4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ae.nflximg.net/monet/scripts/adtech_iframe_target_05.html?data=%7B%22membership_status%22%3A%22ANONYMOUS%22%2C%22country%22%3A%22DO%22%2C%22region_code%22%3A%2204%22%2C%22is_member%22%3A%22ANONYMOUS%22%2C%22wasFormerMember%22%3Afalse%2C%22referrer%22%3A%22nmLanding%22%2C%22deniedConsentCookieGroups%22%3A%22C0005%22%7D
Requested by: Host: assets.nflxext.com
URL: https://assets.nflxext.com/web/ffe/wp/signup/nmhp/nmhpFrameworkClient.js.378b5d70fc49dfc3193b.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2600:141b:f000:589::33c4 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 46906a172b230be72a609fb98f3689e0baaa3292de25181121d75df0f84bf644

Request headers

Referer: https://mrfuga.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1504
Content-MD5: wAdYtW1y2pnz8A4F9t+2hg==
Content-Type: text/html
Date: Thu, 29 Dec 2022 15:07:44 GMT
ETag: "c00758b56d72da99f3f00e05f6dfb686:1667228899.15889"
Last-Modified: Mon, 31 Oct 2022 15:08:11 GMT
Server: AkamaiNetStorage
Timing-Allow-Origin: *
Vary: Accept-Encoding

OPTIONS
H2 200 log
www.netflix.com/ichnaea/ Frame 0
0 229ms
69ms Preflight 2600:1f18:631e:2f83:49ee:beaa:2dfd:ae8f
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netflix.com/ichnaea/log

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f18:631e:2f83:49ee:beaa:2dfd:ae8f Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

clingest-secure i-05defd1a1f793d0fd /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-netflix.ichnaea.request.type
Access-Control-Request-Method: POST
Origin: https://ae.nflximg.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Accept-Language,Authorization,Content-Type,Cookie,debugRequest,X-Netflix.application.name,X-Netflix.application.version,X-Netflix.certification.version,X-Netflix.Client.Request.Name,X-Netflix.device.type,X-Netflix.esn,X-Netflix.ichnaea.request.type,X-Netflix.oauth.consumer.key,X-Netflix.oauth.token,X-Netflix.request.uuid,X-Netflix.user.id
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://ae.nflximg.net
allow: GET, POST, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
date: Thu, 29 Dec 2022 15:07:44 GMT
expires: 0
pragma: no-cache
server: clingest-secure i-05defd1a1f793d0fd
strict-transport-security: max-age=31536000 ; includeSubDomains
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
via: 2 i-0cb5e52f923217733 (us-east-1)
x-b3-traceid: 732f6c71f84e0fcb
x-content-type-options: nosniff
x-envoy-decorator-operation: lo_svc_http
x-envoy-upstream-service-time: 1
x-frame-options: DENY
x-netflix_nfstatus: 1_1
x-netflix_proxy_execution-time: 11
x-originating-url: http://www.netflix.com/ichnaea/log
x-request-id: 3ae217e1-4fd1-4a12-932e-a780c680d5d6
x-xss-protection: 1; mode=block

POST
H2 200 log Show response
www.netflix.com/ichnaea/ Frame F040 0
1 KB 189ms
64ms XHR
text/plain 2600:1f18:631e:2f83:49ee:beaa:2dfd:ae8f
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netflix.com/ichnaea/log

Requested by

Host: ae.nflximg.net
URL: https://ae.nflximg.net/monet/scripts/adtech_iframe_target_05.html?data=%7B%22membership_status%22%3A%22ANONYMOUS%22%2C%22country%22%3A%22DO%22%2C%22region_code%22%3A%2204%22%2C%22is_member%22%3A%22ANONYMOUS%22%2C%22wasFormerMember%22%3Afalse%2C%22referrer%22%3A%22nmLanding%22%2C%22deniedConsentCookieGroups%22%3A%22C0005%22%7D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f18:631e:2f83:49ee:beaa:2dfd:ae8f Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

clingest-secure i-0e8ff84d0325da613 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

X-Netflix.ichnaea.request.type: IchnaeaRequest
Referer
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Dec 2022 15:07:44 GMT
x-envoy-decorator-operation: lo_svc_http
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 2 i-059b833c7963f877f (us-east-1)
x-b3-traceid: d89e1dba3bdc06a7
x-netflix_proxy_execution-time: 6
x-envoy-upstream-service-time: 2
content-length: 0
x-xss-protection: 1; mode=block
x-request-id: 2ae1c837-4662-43c8-8df9-11d734af2519
pragma: no-cache
server: clingest-secure i-0e8ff84d0325da613
x-netflix_nfstatus: 1_1
allow: GET, POST, OPTIONS
access-control-allow-methods: GET, POST, OPTIONS
x-originating-url: http://www.netflix.com/ichnaea/log
access-control-allow-origin: https://ae.nflximg.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
x-frame-options: DENY
x-ichnaea: ~0=true~RL=0
access-control-allow-headers: Accept,Accept-Language,Authorization,Content-Type,Cookie,debugRequest,X-Netflix.application.name,X-Netflix.application.version,X-Netflix.certification.version,X-Netflix.Client.Request.Name,X-Netflix.device.type,X-Netflix.esn,X-Netflix.ichnaea.request.type,X-Netflix.oauth.consumer.key,X-Netflix.oauth.token,X-Netflix.request.uuid,X-Netflix.user.id
expires: 0

GET
H/1.1 200
OK netflix_tag_05.html Show response
ae.nflximg.net/monet/scripts/ Frame 607A 8 KB
3 KB 64ms
64ms Document
text/html 2600:141b:f000:589::33c4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ae.nflximg.net/monet/scripts/netflix_tag_05.html?data=%7B%22membership_status%22%3A%22ANONYMOUS%22%2C%22country%22%3A%22DO%22%2C%22region_code%22%3A%2204%22%2C%22is_member%22%3A%22ANONYMOUS%22%2C%22wasFormerMember%22%3Afalse%2C%22referrer%22%3A%22nmLanding%22%2C%22deniedConsentCookieGroups%22%3A%22C0005%22%7D
Requested by: Host: ae.nflximg.net
URL: https://ae.nflximg.net/monet/scripts/adtech_iframe_target_05.html?data=%7B%22membership_status%22%3A%22ANONYMOUS%22%2C%22country%22%3A%22DO%22%2C%22region_code%22%3A%2204%22%2C%22is_member%22%3A%22ANONYMOUS%22%2C%22wasFormerMember%22%3Afalse%2C%22referrer%22%3A%22nmLanding%22%2C%22deniedConsentCookieGroups%22%3A%22C0005%22%7D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2600:141b:f000:589::33c4 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 5267be7e9da2401cb8414e0b87c724e04389189887eaa53f32074e6e0c32e02f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2330
Content-MD5: nyZZMmOYg/U5uI+lsYtwYQ==
Content-Type: text/html
Date: Thu, 29 Dec 2022 15:07:44 GMT
ETag: "9f265932639883f539b88fa5b18b7061:1667754112.708068"
Last-Modified: Sun, 06 Nov 2022 17:01:42 GMT
Server: AkamaiNetStorage
Timing-Allow-Origin: *
Vary: Accept-Encoding

POST
H/1.1 200
OK log Show response
ichnaea-web.netflix.com/ Frame 607A 0
1 KB 261ms
69ms XHR
text/plain 2406:da00:ff00::22c7:5f77
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ichnaea-web.netflix.com/log

Requested by

Host: ae.nflximg.net
URL: https://ae.nflximg.net/monet/scripts/netflix_tag_05.html?data=%7B%22membership_status%22%3A%22ANONYMOUS%22%2C%22country%22%3A%22DO%22%2C%22region_code%22%3A%2204%22%2C%22is_member%22%3A%22ANONYMOUS%22%2C%22wasFormerMember%22%3Afalse%2C%22referrer%22%3A%22nmLanding%22%2C%22deniedConsentCookieGroups%22%3A%22C0005%22%7D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2406:da00:ff00::22c7:5f77 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

clingest-secure i-034f8417f89eb049d /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

X-Netflix.ichnaea.request.type: IchnaeaRequest
Referer: https://ae.nflximg.net/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Dec 2022 15:07:44 GMT
Via: 1.1 i-00dbfd5ab15a788c3 (us-east-1)
x-content-type-options: nosniff
x-envoy-decorator-operation: lo_svc_http
x-b3-traceid: ff255baae040d5c3
X-Netflix_proxy_execution-time: 7
x-envoy-upstream-service-time: 1
Connection: keep-alive
Content-Length: 0
x-xss-protection: 1; mode=block
x-request-id: 7f0f9122-4c15-4ae3-aaf9-40d7fcdd08a2
pragma: no-cache
Server: clingest-secure i-034f8417f89eb049d
X-Netflix_nfstatus: 1_1
allow: GET, POST, OPTIONS
access-control-allow-methods: GET, POST, OPTIONS
X-Originating-URL: https://ichnaea-web.netflix.com/log
access-control-allow-origin: https://ae.nflximg.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
x-frame-options: DENY
x-ichnaea: ~0=true~RL=0
access-control-allow-headers: Accept,Accept-Language,Authorization,Content-Type,Cookie,debugRequest,X-Netflix.application.name,X-Netflix.application.version,X-Netflix.certification.version,X-Netflix.Client.Request.Name,X-Netflix.device.type,X-Netflix.esn,X-Netflix.ichnaea.request.type,X-Netflix.oauth.consumer.key,X-Netflix.oauth.token,X-Netflix.request.uuid,X-Netflix.user.id
expires: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 607A 190 KB
69 KB 245ms
94ms Script
application/javascript 2607:f8b0:4006:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-981179826

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2008 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b6a61797dbad2d137b995777a886b7bca81c1c8923fdd466784b949b4100c862

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ae.nflximg.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 29 Dec 2022 15:07:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 70036
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Dec 2022 15:07:45 GMT

OPTIONS
H/1.1 200
OK log
ichnaea-web.netflix.com/ Frame 0
0 283ms
71ms Preflight 2406:da00:ff00::22c7:5f77
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ichnaea-web.netflix.com/log

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2406:da00:ff00::22c7:5f77 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

clingest-secure i-0f77601984bc8819f /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-netflix.ichnaea.request.type
Access-Control-Request-Method: POST
Origin: https://ae.nflximg.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0
Server: clingest-secure i-0f77601984bc8819f
Via: 1.1 i-0339608d86000669d (us-east-1)
X-Netflix_nfstatus: 1_1
X-Netflix_proxy_execution-time: 7
X-Originating-URL: https://ichnaea-web.netflix.com/log
access-control-allow-credentials: true
access-control-allow-headers: Accept,Accept-Language,Authorization,Content-Type,Cookie,debugRequest,X-Netflix.application.name,X-Netflix.application.version,X-Netflix.certification.version,X-Netflix.Client.Request.Name,X-Netflix.device.type,X-Netflix.esn,X-Netflix.ichnaea.request.type,X-Netflix.oauth.consumer.key,X-Netflix.oauth.token,X-Netflix.request.uuid,X-Netflix.user.id
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://ae.nflximg.net
allow: GET, POST, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
date: Thu, 29 Dec 2022 15:07:44 GMT
expires: 0
pragma: no-cache
strict-transport-security: max-age=31536000 ; includeSubDomains
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-b3-traceid: 2f26496c6697e722
x-content-type-options: nosniff
x-envoy-decorator-operation: lo_svc_http
x-envoy-upstream-service-time: 0
x-frame-options: DENY
x-request-id: 5f784a70-6dd7-41be-8534-fd91c07aafb3
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/981179826/ Frame 607A 2 KB
2 KB 235ms
94ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981179826/?random=1672326465452&cv=11&fst=1672326465452&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=2&url=https%3A%2F%2Fae.nflximg.net%2Fmonet%2Fscripts%2Fnetflix_tag_05.html%3Fdata%3D%257B%2522membership_status%2522%253A%2522ANONYMOUS%2522%252C%2522country%2522%253A%2522DO%2522%252C%2522region_code%2522%253A%252204%2522%252C%2522is_member%2522%253A%2522ANONYMOUS%2522%252C%2522wasFormerMember%2522%253Afalse%252C%2522referrer%2522%253A%2522nmLanding%2522%252C%2522deniedConsentCookieGroups%2522%253A%2522C0005%2522%257D&auid=914246893.1672326465&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-981179826

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abafd08c3108ad88c9ef1ff2b7ef059332e22d8810e754937de1e99d3b639119

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ae.nflximg.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Dec 2022 15:07:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1003
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/981179826/ Frame 607A 2 KB
2 KB 233ms
81ms Script
text/javascript 142.250.176.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/981179826/?random=1672326465475&cv=11&fst=1672326465475&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&label=40zWCLqP1XUQsrvu0wM&hn=www.googleadservices.com&frm=2&url=https%3A%2F%2Fae.nflximg.net%2Fmonet%2Fscripts%2Fnetflix_tag_05.html%3Fdata%3D%257B%2522membership_status%2522%253A%2522ANONYMOUS%2522%252C%2522country%2522%253A%2522DO%2522%252C%2522region_code%2522%253A%252204%2522%252C%2522is_member%2522%253A%2522ANONYMOUS%2522%252C%2522wasFormerMember%2522%253Afalse%252C%2522referrer%2522%253A%2522nmLanding%2522%252C%2522deniedConsentCookieGroups%2522%253A%2522C0005%2522%257D&gtm_ee=1&auid=914246893.1672326465&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-981179826

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.176.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s37-in-f2.1e100.net

Software

cafe /

Resource Hash

0b4e880f278bb92082621b91784c10c5d3e34dd31f24e3c1ce1c8c16ed308e4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ae.nflximg.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Dec 2022 15:07:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1320
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/981179826/ Frame 607A 42 B
548 B 226ms
86ms Image
image/gif 2607:f8b0:4006:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/981179826/?random=1672326465452&cv=11&fst=1672326000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=2&url=https%3A%2F%2Fae.nflximg.net%2Fmonet%2Fscripts%2Fnetflix_tag_05.html%3Fdata%3D%257B%2522membership_status%2522%253A%2522ANONYMOUS%2522%252C%2522country%2522%253A%2522DO%2522%252C%2522region_code%2522%253A%252204%2522%252C%2522is_member%2522%253A%2522ANONYMOUS%2522%252C%2522wasFormerMember%2522%253Afalse%252C%2522referrer%2522%253A%2522nmLanding%2522%252C%2522deniedConsentCookieGroups%2522%253A%2522C0005%2522%257D&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4086761422&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2004 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ae.nflximg.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Dec 2022 15:07:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.com/pagead/1p-conversion/981179826/ Frame 607A
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981179826/?random=1475346625&cv=11&fst=1672326465475&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&label=40zWCLqP1XUQsrvu0w...
https://www.google.com/pagead/1p-conversion/981179826/?random=1475346625&cv=11&fst=1672326465475&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&label=40zWCLqP1XUQsrvu0wM&hn=www.googleadserv...

42 B
108 B

87ms
86ms

Image
image/gif

2607:f8b0:4006:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-conversion/981179826/?random=1475346625&cv=11&fst=1672326465475&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&label=40zWCLqP1XUQsrvu0wM&hn=www.googleadservices.com&frm=2&url=https%3A%2F%2Fae.nflximg.net%2Fmonet%2Fscripts%2Fnetflix_tag_05.html%3Fdata%3D%257B%2522membership_status%2522%253A%2522ANONYMOUS%2522%252C%2522country%2522%253A%2522DO%2522%252C%2522region_code%2522%253A%252204%2522%252C%2522is_member%2522%253A%2522ANONYMOUS%2522%252C%2522wasFormerMember%2522%253Afalse%252C%2522referrer%2522%253A%2522nmLanding%2522%252C%2522deniedConsentCookieGroups%2522%253A%2522C0005%2522%257D&gtm_ee=1&auid=914246893.1672326465&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEVJZ0pLMW5RWVFwLWJ6LTdyLTU3Q05BUklsQUFvQ0h5SlNxaHpSX1JSU2hpY3FXbkY2Qy14MWM0ckp1cS1HVENLcWxzTTZ2VkZQTWcaV0NoQUlnSksxblFZUTQ5RFQ5N3V0M1paaEVpMEEyNnRWaExIYk5pODlsVzQxcGNDSEM5OFJhRmNPMFU0bHJqQy1TTXNBRVBLTk40M0V5TGhyV3p5TEw2dw&is_vtc=1&ocp_id=Qa2tY_PrKNHs_gTCyr3gDw&cid=CAQSKQDq26N9lMgKLOOSD6yEplKm35xsg6dtLZQRHrGwzTZOlC456WI7OpYdIBM&random=2810340487

Requested by

Protocol

Server

2607:f8b0:4006:81c::2004 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ae.nflximg.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Dec 2022 15:07:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 29 Dec 2022 15:07:45 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://www.google.com/pagead/1p-conversion/981179826/?random=1475346625&cv=11&fst=1672326465475&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&label=40zWCLqP1XUQsrvu0wM&hn=www.googleadservices.com&frm=2&url=https%3A%2F%2Fae.nflximg.net%2Fmonet%2Fscripts%2Fnetflix_tag_05.html%3Fdata%3D%257B%2522membership_status%2522%253A%2522ANONYMOUS%2522%252C%2522country%2522%253A%2522DO%2522%252C%2522region_code%2522%253A%252204%2522%252C%2522is_member%2522%253A%2522ANONYMOUS%2522%252C%2522wasFormerMember%2522%253Afalse%252C%2522referrer%2522%253A%2522nmLanding%2522%252C%2522deniedConsentCookieGroups%2522%253A%2522C0005%2522%257D&gtm_ee=1&auid=914246893.1672326465&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEVJZ0pLMW5RWVFwLWJ6LTdyLTU3Q05BUklsQUFvQ0h5SlNxaHpSX1JSU2hpY3FXbkY2Qy14MWM0ckp1cS1HVENLcWxzTTZ2VkZQTWcaV0NoQUlnSksxblFZUTQ5RFQ5N3V0M1paaEVpMEEyNnRWaExIYk5pODlsVzQxcGNDSEM5OFJhRmNPMFU0bHJqQy1TTXNBRVBLTk40M0V5TGhyV3p5TEw2dw&is_vtc=1&ocp_id=Qa2tY_PrKNHs_gTCyr3gDw&cid=CAQSKQDq26N9lMgKLOOSD6yEplKm35xsg6dtLZQRHrGwzTZOlC456WI7OpYdIBM&random=2810340487
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 404 cl2 Show response
mrfuga.com/personalization/ 1 KB
1 KB 147ms
146ms XHR
text/html 66.29.141.134
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mrfuga.com/personalization/cl2
Requested by: Host: assets.nflxext.com
URL: https://assets.nflxext.com/web/ffe/wp/signup/nmhp/nmhpFrameworkClient.js.378b5d70fc49dfc3193b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.29.141.134 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium214-3.web-hosting.com
Software: LiteSpeed /
Resource Hash: 5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Request headers

Referer: https://mrfuga.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
X-Netflix.Client.Request.Name: ui/cl
Content-Type: application/json

Response headers

pragma: no-cache
date: Thu, 29 Dec 2022 15:07:49 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
server: LiteSpeed
content-length: 1238
content-type: text/html

POST
H2 404 log Show response
mrfuga.com/personalization/ 1 KB
1 KB 127ms
126ms XHR
text/html 66.29.141.134
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mrfuga.com/personalization/log
Requested by: Host: assets.nflxext.com
URL: https://assets.nflxext.com/web/ffe/wp/signup/nmhp/nmhpFrameworkClient.js.378b5d70fc49dfc3193b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.29.141.134 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium214-3.web-hosting.com
Software: LiteSpeed /
Resource Hash: 5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Request headers

X-Netflix.ichnaea.request.type: UiRequest
Referer: https://mrfuga.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Thu, 29 Dec 2022 15:07:49 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
server: LiteSpeed
content-length: 1238
content-type: text/html

POST
H2 404 cl2 Show response
mrfuga.com/personalization/ 1 KB
1 KB 120ms
120ms XHR
text/html 66.29.141.134
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mrfuga.com/personalization/cl2
Requested by: Host: assets.nflxext.com
URL: https://assets.nflxext.com/web/ffe/wp/signup/nmhp/nmhpFrameworkClient.js.378b5d70fc49dfc3193b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.29.141.134 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium214-3.web-hosting.com
Software: LiteSpeed /
Resource Hash: 5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Request headers

Referer: https://mrfuga.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
X-Netflix.Client.Request.Name: ui/cl
Content-Type: application/json

Response headers

pragma: no-cache
date: Thu, 29 Dec 2022 15:07:50 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
server: LiteSpeed
content-length: 1238
content-type: text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.nflximg.net/	1970-01-20 08:32:13	Name: _gcl_au Value: 1.1.914246893.1672326465
			.doubleclick.net/	1970-01-20 18:08:06	Name: IDE Value: AHWqTUne41eVGWHCdtOBfJob2mlTMVNtBojACNYxOPWS4JIj85R5anWy8XAUp8kn

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://mrfuga.com/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=css&modalView=nmLanding Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://mrfuga.com/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=js&modalView=nmLanding Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://mrfuga.com/personalization/cl2/freeform/WebsiteScreen?source=wwwhead&fetchType=js&winw=1600&winh=1200&screenw=1600&screenh=1200&ratio=1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://mrfuga.com/personalization/log Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://mrfuga.com/personalization/cl2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://mrfuga.com/personalization/log Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://mrfuga.com/personalization/cl2 Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ae.nflximg.net
assets.nflxext.com
cdn.cookielaw.org
geolocation.onetrust.com
googleads.g.doubleclick.net
ichnaea-web.netflix.com
mrfuga.com
occ-0-1323-2705.1.nflxso.net
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.netflix.com
142.250.176.194
2406:da00:ff00::22c7:5f77
2600:141b:f000:589::33c4
2600:1f18:631e:2f83:49ee:beaa:2dfd:ae8f
2606:4700::6810:9440
2606:4700::6812:1a55
2607:f8b0:4006:809::2008
2607:f8b0:4006:81c::2004
2607:f8b0:4006:823::2002
2a00:86c0:2068:2068::131
2a00:86c0:2090::1
66.29.141.134
00480ed606988d8870d095c6ca94303089b007f561f6c689cce63b7415046925
04ba36a50a636c242dbbbd01842bba522f925cf22feb0c720e600bd18c68cbb9
0b4e880f278bb92082621b91784c10c5d3e34dd31f24e3c1ce1c8c16ed308e4e
1d5e8e4516ce4e4462fe724f7afcce689d3a1f024028f14a0a895fb0216d7a72
1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc
2390acb31de1fd7a3714ea1f198e07648a684d9ad3c36b6f7e697d451354088d
3eec290a7f7da9abb00b49ca84f5f16e6d45ca33d40fd8ede4380835d6161d71
46906a172b230be72a609fb98f3689e0baaa3292de25181121d75df0f84bf644
492fdebd363e40cbba153a244bcfe2a7f5f7cf20aff0805fe45d5c7e2180b875
49582965b8ddcb8f728f5b4d33b2c73e138690f5c6815bd9918de94f62f4b80b
4c7a552d219146985961bf78d9083b7e2c1a82c4ada5d959f48b3e53754c9049
4f99e4c2ed1c2b7de72f47102c64d601567f8efaad5944a08c86786cad4050e6
5267be7e9da2401cb8414e0b87c724e04389189887eaa53f32074e6e0c32e02f
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
675dd7b68acf580f893bec532f5b260b8f984b67734a9a6831334b2ff4aad384
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
71cfd0bf781e3f393bca283fc9d44777a2036985a4ffe9abedf14909e63a8aef
81cf64888a7b3f6848b09695b034026d9ad685665b91d54597ecbb6197c6acbb
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e
abafd08c3108ad88c9ef1ff2b7ef059332e22d8810e754937de1e99d3b639119
aec27c9550c8a589347e227629b61bcc3443030ed883645a01deeeac97d6d2e0
b3939443c43a344c2a30ed6eb3e2c60b2b17a31564fb1301f5a73264ef29bb6c
b68ea2c7bea397aa11fadb189ce7d83862baebaf03ece643eb5aa9fb5f755056
b6a61797dbad2d137b995777a886b7bca81c1c8923fdd466784b949b4100c862
b7bf6b39988461fcd1448d5a9e81d4cb05eeef456a41b1cc74a5cf8155b222e0
bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0
c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167
c50d81f310847f9dd5c054871180b211c7f4a9eccbb42ee95f9574880b56ef73
e1fa26cc34fda574edc01d09e374d6f10735a3fa621bdde87c104ee15453d4b6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5c092e59d602dba2db3b338498698cd986daf65629d7c68bcc2a6ea177607ec

mrfuga.com Open in urlscan Pro 66.29.141.134 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

45 Requests

98 %HTTPS

83 %IPv6

11 Domains

12 Subdomains

12 IPs

1 Countries

2195 kBTransfer

4144 kBSize

2 Cookies

15 Outgoing links

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

mrfuga.com Open in urlscan Pro
66.29.141.134 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

98 %
HTTPS

83 %
IPv6

11
Domains

12
Subdomains

12
IPs

1
Countries

2195 kB
Transfer

4144 kB
Size

2
Cookies

45 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!