urlscan.io logo urlscan.io
SecurityTrails logo

dirtyvalentine1.com Open in urlscan Pro
2606:4700:3034::681b:a246  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://mysslgo.com/?a=96885&c=186984&s1=Direct
Effective URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
Submission: On April 30 via api from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 11 domains to perform 15 HTTP transactions. The main IP is 2606:4700:3034::681b:a246, located in United States and belongs to CLOUDFLARENET, US. The main domain is dirtyvalentine1.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 25th 2020. Valid for: 7 months.
This is the only time dirtyvalentine1.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2a05:d018:e36... 16509 (AMAZON-02)
1 3 198.143.165.219 32475 (SINGLEHOP...)
1 1 212.32.250.31 60781 (LEASEWEB-...)
2 88.208.60.53 39572 (ADVANCEDH...)
1 2a02:b4a:1:7:... 39572 (ADVANCEDH...)
1 1 138.68.123.185 14061 (DIGITALOC...)
1 1 35.159.5.116 16509 (AMAZON-02)
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
6 159.69.111.28 24940 (HETZNER-AS)
1 2a00:1450:400... 15169 (GOOGLE)
15 7
1    2a05:d018:e36:3930:2be2:79bc:c4b8:5fad (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
mysslgo.com
3    198.143.165.219 (Chicago, United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
ssl.mmtgo.me
1    212.32.250.31 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
rdtrck2.com
2    88.208.60.53 (Heemstede, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
rpket.pro
1    2a02:b4a:1:7::9166:1 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
nativesp.pro
1    138.68.123.185 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
alktr.com
1    35.159.5.116 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-159-5-116.eu-central-1.compute.amazonaws.com
eardepth-prisists.com
2    2606:4700:3034::681b:a246 (United States)

ASN13335 (CLOUDFLARENET, US)
dirtyvalentine1.com
1    2a00:1450:4001:81a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
6    159.69.111.28 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.28.111.69.159.clients.your-server.de
cadaner.com
1    2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Domain Requested by
6 cadaner.com dirtyvalentine1.com
3 ssl.mmtgo.me 1 redirects ssl.mmtgo.me
2 dirtyvalentine1.com rpket.pro
dirtyvalentine1.com
2 rpket.pro ssl.mmtgo.me
rpket.pro
1 fonts.gstatic.com dirtyvalentine1.com
1 fonts.googleapis.com dirtyvalentine1.com
1 eardepth-prisists.com 1 redirects
1 alktr.com 1 redirects
1 nativesp.pro rpket.pro
1 rdtrck2.com 1 redirects
1 mysslgo.com 1 redirects
15 11

This site contains no links.

Subject Issuer Validity Valid
ssl.mmtgo.me
Let's Encrypt Authority X3		 2020-04-20 -
2020-07-19		 3 months crt.sh
rpket.pro
Let's Encrypt Authority X3		 2020-02-19 -
2020-05-19		 3 months crt.sh
nativesp.pro
Sectigo RSA Domain Validation Secure Server CA		 2019-07-17 -
2020-07-16		 a year crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-02-25 -
2020-10-09		 7 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh
cadaner.com
Let's Encrypt Authority X3		 2020-04-19 -
2020-07-18		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
Frame ID: 8963F1DBF601320147B60EDF2BBCE128
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://mysslgo.com/?a=96885&c=186984&s1=Direct HTTP 302
    https://ssl.mmtgo.me/?utm_medium=ac76a9c1ea8f539604b03991d9b0c55b26ddcfa2&utm_campaign=rmt Page URL
  2. https://ssl.mmtgo.me/?utm_term=6821449097417851446&clickverify=1&utm_content=e6c2c6dcd68fd49594fc... Page URL
  3. https://ssl.mmtgo.me/proc.php?6b5f0183def74104a0ceea80d6ef9206b756f2a6 HTTP 302
    https://rdtrck2.com/5e67bcce0a918600016573d5?pid=4337-8f0142fz&partner_id=4337&txn_id=[[txn_id]]... HTTP 302
    https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&... Page URL
  4. https://alktr.com/tb?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&cl... HTTP 302
    https://eardepth-prisists.com/6340d1d7-0f9a-48a5-ac30-859e51d97270?PartnerID=1032494&externalid=w50uxFgt4G... HTTP 302
    https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

15
Requests

100 %
HTTPS

45 %
IPv6

11
Domains

11
Subdomains

7
IPs

4
Countries

2774 kB
Transfer

2973 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mysslgo.com/?a=96885&c=186984&s1=Direct HTTP 302
    https://ssl.mmtgo.me/?utm_medium=ac76a9c1ea8f539604b03991d9b0c55b26ddcfa2&utm_campaign=rmt Page URL
  2. https://ssl.mmtgo.me/?utm_term=6821449097417851446&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d Page URL
  3. https://ssl.mmtgo.me/proc.php?6b5f0183def74104a0ceea80d6ef9206b756f2a6 HTTP 302
    https://rdtrck2.com/5e67bcce0a918600016573d5?pid=4337-8f0142fz&partner_id=4337&txn_id=[[txn_id]]&ref_id=6821449097417851446&af=NL HTTP 302
    https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5eaaa7d1989fd200015d951f Page URL
  4. https://alktr.com/tb?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5eaaa7d1989fd200015d951f HTTP 302
    https://eardepth-prisists.com/6340d1d7-0f9a-48a5-ac30-859e51d97270?PartnerID=1032494&externalid=w50uxFgt4GFmiCsS HTTP 302
    https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://mysslgo.com/?a=96885&c=186984&s1=Direct HTTP 302
  • https://ssl.mmtgo.me/?utm_medium=ac76a9c1ea8f539604b03991d9b0c55b26ddcfa2&utm_campaign=rmt
Request Chain 2
  • https://ssl.mmtgo.me/proc.php?6b5f0183def74104a0ceea80d6ef9206b756f2a6 HTTP 302
  • https://rdtrck2.com/5e67bcce0a918600016573d5?pid=4337-8f0142fz&partner_id=4337&txn_id=[[txn_id]]&ref_id=6821449097417851446&af=NL HTTP 302
  • https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5eaaa7d1989fd200015d951f

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ssl.mmtgo.me/
Redirect Chain
  • https://mysslgo.com/?a=96885&c=186984&s1=Direct
  • https://ssl.mmtgo.me/?utm_medium=ac76a9c1ea8f539604b03991d9b0c55b26ddcfa2&utm_campaign=rmt
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssl.mmtgo.me/?utm_medium=ac76a9c1ea8f539604b03991d9b0c55b26ddcfa2&utm_campaign=rmt
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.143.165.219 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.3.4
Resource Hash
ac9d2cf4fa79da314d3514d06f6f822172e7a372c9358714a251796d0b724dad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
ssl.mmtgo.me
:scheme
https
:path
/?utm_medium=ac76a9c1ea8f539604b03991d9b0c55b26ddcfa2&utm_campaign=rmt
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
server
nginx
date
Thu, 30 Apr 2020 10:26:24 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/7.3.4
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
set-cookie
u=31ea38134da7621d737b91a07fb161f7; expires=Fri, 30-Apr-2021 10:26:24 GMT; Max-Age=31536000; path=/
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip

Redirect headers

status
302
date
Thu, 30 Apr 2020 10:26:24 GMT
content-type
text/html;charset=ISO-8859-1
location
https://ssl.mmtgo.me/?utm_medium=ac76a9c1ea8f539604b03991d9b0c55b26ddcfa2&utm_campaign=rmt
server
nginx
set-cookie
gdm_suid_v1_1_001=HPfHs3OFxkaNOwO68jCjbQ==; Expires=Wed, 29-Jul-2020 10:26:24 GMT; Path=/ gdm_uid_v2_1_001=PiN7gcxyxnrQktcj9HRr4rrZhYR8jyfCbYiivxzuCWMu2yb4owPOP1npm/Fa6lLA; Expires=Wed, 29-Jul-2020 10:26:24 GMT; Path=/; Secure; SameSite=None gdm_uid_v1_1_001=PiN7gcxyxnrQktcj9HRr4rrZhYR8jyfCbYiivxzuCWMu2yb4owPOP1npm/Fa6lLA; Expires=Wed, 29-Jul-2020 10:26:23 GMT; Path=/ gdm_suid_v2_1_001=HPfHs3OFxkaNOwO68jCjbQ==; Expires=Wed, 29-Jul-2020 10:26:23 GMT; Path=/; Secure; SameSite=None
content-language
en-US
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob
/
ssl.mmtgo.me/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssl.mmtgo.me/?utm_term=6821449097417851446&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d
Requested by
Host: ssl.mmtgo.me
URL: https://ssl.mmtgo.me/?utm_medium=ac76a9c1ea8f539604b03991d9b0c55b26ddcfa2&utm_campaign=rmt
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.143.165.219 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.3.4
Resource Hash
74b89b681bdf8a25921edcce573d0f99ea0dd6c715446653556470cb41960f13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
ssl.mmtgo.me
:scheme
https
:path
/?utm_term=6821449097417851446&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://ssl.mmtgo.me/?utm_medium=ac76a9c1ea8f539604b03991d9b0c55b26ddcfa2&utm_campaign=rmt
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
u=31ea38134da7621d737b91a07fb161f7
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://ssl.mmtgo.me/?utm_medium=ac76a9c1ea8f539604b03991d9b0c55b26ddcfa2&utm_campaign=rmt

Response headers

status
200
server
nginx
date
Thu, 30 Apr 2020 10:26:24 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
x-powered-by
PHP/7.3.4
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip
play
rpket.pro/
Redirect Chain
  • https://ssl.mmtgo.me/proc.php?6b5f0183def74104a0ceea80d6ef9206b756f2a6
  • https://rdtrck2.com/5e67bcce0a918600016573d5?pid=4337-8f0142fz&partner_id=4337&txn_id=[[txn_id]]&ref_id=6821449097417851446&af=NL
  • https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5eaaa7d1989fd200015d951f
19 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5eaaa7d1989fd200015d951f
Requested by
Host: ssl.mmtgo.me
URL: https://ssl.mmtgo.me/?utm_term=6821449097417851446&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.208.60.53 Heemstede, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.3 /
Resource Hash
0b35d1adf2561fcab9d2408431c4eb501a3d127df73f44a01fb6b6de473d3968

Request headers

:method
GET
:authority
rpket.pro
:scheme
https
:path
/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5eaaa7d1989fd200015d951f
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://ssl.mmtgo.me/?utm_term=6821449097417851446&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://ssl.mmtgo.me/?utm_term=6821449097417851446&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d#

Response headers

status
200
server
nginx/1.17.3
date
Thu, 30 Apr 2020 10:26:25 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
set-cookie
truniq=1; expires=Fri, 01-May-2020 10:26:25 GMT; Max-Age=86400; path=/; domain=rpket.pro
x-zone
eu
content-encoding
gzip

Redirect headers

Server
nginx
Date
Thu, 30 Apr 2020 10:26:25 GMT
Content-Type
text/html; charset=utf-8
Content-Length
153
Connection
keep-alive
Location
https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5eaaa7d1989fd200015d951f
Set-Cookie
redhash=NWVhYWE3ZDE5ODlmZDIwMDAxNWQ5NTFmfDB8NWU2N2JjY2UwYTkxODYwMDAxNjU3M2Q1fHxmNmQ2NmVkNy0yOGIwLTQ1MTAtYWY0Zi02ZjcwNDc4ODQyNmZ8MTU4ODI0MjM4NQ==; Path=/; Domain=rdtrck2.com; Expires=Fri, 30 Apr 2021 10:26:25 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers
Content-Length,Content-Range
rpe
nativesp.pro/ 		0
72 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://nativesp.pro/rpe?a=1&s=1&act=7&src=2&p=1032494&st=1037736&wd=72525&d=rpket.pro&tpl=6&rnd=0.4178469383915129&sbid=&sbid2=
Requested by
Host: rpket.pro
URL: https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5eaaa7d1989fd200015d951f
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2a02:b4a:1:7::9166:1 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash

Request headers

Referer
https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5eaaa7d1989fd200015d951f
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Thu, 30 Apr 2020 10:26:25 GMT
server
nginx/1.16.1
access-control-allow-origin
*
content-length
0
play.png
rpket.pro/images/play/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rpket.pro/images/play/play.png
Requested by
Host: rpket.pro
URL: https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5eaaa7d1989fd200015d951f
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.208.60.53 Heemstede, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.3 /
Resource Hash
b63e6e57adc4e0a10eee845d513258e424b27a7985c510bb252d75eac63af861

Request headers

Referer
https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5eaaa7d1989fd200015d951f
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 30 Apr 2020 10:26:25 GMT
last-modified
Tue, 31 Mar 2020 15:20:49 GMT
server
nginx/1.17.3
etag
"5e835fd1-2b07"
content-type
image/png
status
200
accept-ranges
bytes
x-zone
eu
content-length
11015
Primary Request bazhnewbtqwzzcy
dirtyvalentine1.com/
Redirect Chain
  • https://alktr.com/tb?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5eaaa7d1989fd200015d951f
  • https://eardepth-prisists.com/6340d1d7-0f9a-48a5-ac30-859e51d97270?PartnerID=1032494&externalid=w50uxFgt4GFmiCsS
  • https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
13 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
Requested by
Host: rpket.pro
URL: https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5eaaa7d1989fd200015d951f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681b:a246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
64fb910eb3c5b32290e44db8df0d8663a9d37910219e1f499453fc6615e66863
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
dirtyvalentine1.com
:scheme
https
:path
/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5eaaa7d1989fd200015d951f
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5eaaa7d1989fd200015d951f

Response headers

status
200
date
Thu, 30 Apr 2020 10:26:25 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=dfee85e048ff1fbcd1b7dede2b853cd601588242385; expires=Sat, 30-May-20 10:26:25 GMT; path=/; domain=.dirtyvalentine1.com; HttpOnly; SameSite=Lax k=SFMyNTY.g3QAAAAIbQAAAARhdW5xdAAAAAFtAAAABTQxNTU3bQAAAAp3ZUVNR3l4WkJ3bQAAAANoaWRtAAAAJXd5VUtzTExya2hCYnpoRWd6SWRLeld4YVpibWJBVkZtUm1DWFdtAAAAAmhsZAADbmlsbQAAAAJyZHQAAAAEZAAKX19zdHJ1Y3RfX2QAGEVsaXhpci5UZGV4LlJvdGF0aW9uRGF0YWQADmNsaWNrZWRfb2ZmZXJzdAAAAABkAAhsYW5kaW5nc2wAAAABYgAABntqZAALc2Vlbl9vZmZlcnNsAAAAAWIAAF_Cam0AAAAFc3ViXzFkAANuaWxtAAAABXN1Yl8ybQAAABh3bW5raDMwa25jaWE1YW51aHRzZ2NkMzZtAAAAB3RyYWNrZXJtAAAABzEwMzI0OTRtAAAAA3VucW0AAAAMV0FoVlBvTkFPeFNC.tivR0_vsNodSuji65LHq4soDBzhg7sp7d6EtSXGwgx0; path=/; expires=Fri, 30 Apr 2021 10:26:25 GMT; max-age=31536000 uord=a1acbbed14215ac1982ca5378c45e86a; path=/; expires=Sat, 30 Apr 2022 10:26:25 GMT; max-age=63072000; HttpOnly
vary
Accept-Encoding
cache-control
max-age=0, private, must-revalidate
cross-origin-window-policy
deny
x-content-type-options
nosniff
x-download-options
noopen
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
58c0907d1ae564f7-FRA
content-encoding
br
cf-request-id
026c38a22c000064f7f330f200000001

Redirect headers

Server
nginx
Date
Thu, 30 Apr 2020 10:26:25 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
Pragma
no-cache
Set-Cookie
6340d1d7-0f9a-48a5-ac30-859e51d97270-v4=6340d1d7-0f9a-48a5-ac30-859e51d97270; Max-Age=86400; Expires=Fri, 01-May-2020 10:26:25 GMT; Domain=eardepth-prisists.com; Path=/; Secure; HttpOnly;SameSite=None cc-v4=NjqKPxpeXj4BNM2%2BwZ17K6yvRC%2FBZIH5ugw%2FbE9kKnVk7MpexTIFJ6S3Ff8jHks6%2BLZNyn5np12vD8RFFx659ddSKZ5%2BmOybfI13vDnVe7BYJ89530hOFqQNhTGS5SS3zd%2FEpkvzXXPUv7AL2%2BKVJw%3D%3D; Max-Age=31536000; Expires=Fri, 30-Apr-2021 10:26:25 GMT; Domain=eardepth-prisists.com; Path=/; Secure; HttpOnly;SameSite=None
css
fonts.googleapis.com/ 		767 B
478 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b4723b5b14abe7a2062b65bf79b4d5d1e575e786a439e61ff95a38e7e9e140e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 30 Apr 2020 10:26:25 GMT
server
ESF
date
Thu, 30 Apr 2020 10:26:25 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 30 Apr 2020 10:26:25 GMT
script.min.js
cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/ 		259 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/script.min.js
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.69.111.28 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.28.111.69.159.clients.your-server.de
Software
/
Resource Hash
118fdd4774ce29629b1db5e8663a55ed5744e3ecf349f07a41ab8d453b70b8f9

Request headers

Referer
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 30 Apr 2020 10:26:25 GMT
content-encoding
gzip
last-modified
Thu, 05 Mar 2020 08:41:19 GMT
status
200
etag
W/"5e60bb2f-40a35"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
p.js
dirtyvalentine1.com/ 		434 B
352 B 		Script
General
Check archive.org
Download Go to
Full URL
https://dirtyvalentine1.com/p.js?a=581588&cr=22856&lid=12318&mh=d3lVS3NMTHJraEJiemhFZ3pJZEt6V3hhWmJtYkFWRm1SbUNYVy0yMjIxMg%3D%3D&p=0&t=1032494
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681b:a246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e16b2998fec66ad619acdc5f9c2004e2441de86a7b5c31fd08ded513c25bbab
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 30 Apr 2020 10:26:25 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
x-permitted-cross-domain-policies
none
cross-origin-window-policy
deny
status
200
vary
Accept-Encoding
cf-request-id
026c38a281000064f7f3312200000001
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options
noopen
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
private, max-age=14400, must-revalidate
cf-ray
58c0907d9b6064f7-FRA
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v16/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Lato
Origin
https://dirtyvalentine1.com

Response headers

date
Thu, 23 Apr 2020 17:39:17 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:45:55 GMT
server
sffe
age
578828
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14044
x-xss-protection
0
expires
Fri, 23 Apr 2021 17:39:17 GMT
g1.jpg
cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/ 		444 KB
444 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/g1.jpg
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.69.111.28 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.28.111.69.159.clients.your-server.de
Software
/
Resource Hash
23e2e71dc3ff4be3f6b84e2d6c99c340b3389bcf6dc69a3686a2d9912b1c7f4f

Request headers

Referer
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 30 Apr 2020 10:26:25 GMT
last-modified
Thu, 05 Mar 2020 08:41:25 GMT
etag
"5e60bb35-6ee12"
status
200
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
454162
g2.jpg
cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/ 		446 KB
447 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/g2.jpg
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.69.111.28 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.28.111.69.159.clients.your-server.de
Software
/
Resource Hash
21cd05e8ed2d65d0b3c31f2328d36e7cad4823b15e4c5360e8ec8fc2e1858d44

Request headers

Referer
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 30 Apr 2020 10:26:25 GMT
last-modified
Thu, 05 Mar 2020 08:41:25 GMT
etag
"5e60bb35-6f7cc"
status
200
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
456652
g3.jpg
cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/ 		557 KB
558 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/g3.jpg
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.69.111.28 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.28.111.69.159.clients.your-server.de
Software
/
Resource Hash
7abd03c51f2f09007461de5f76b702ae49cd396ac73360cd062615307b9c1c9c

Request headers

Referer
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 30 Apr 2020 10:26:25 GMT
last-modified
Thu, 05 Mar 2020 08:41:25 GMT
etag
"5e60bb35-8b2bb"
status
200
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
570043
g4.jpg
cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/ 		668 KB
669 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/g4.jpg
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.69.111.28 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.28.111.69.159.clients.your-server.de
Software
/
Resource Hash
d55db5a171619494aea7fc7cbdc40eb34cf248deff092ebde69c3865ac634430

Request headers

Referer
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 30 Apr 2020 10:26:25 GMT
last-modified
Thu, 05 Mar 2020 08:41:24 GMT
etag
"5e60bb34-a6f27"
status
200
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
683815
g5.jpg
cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/ 		532 KB
533 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/g5.jpg
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.69.111.28 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.28.111.69.159.clients.your-server.de
Software
/
Resource Hash
b99476c322d6a18f1c3d0ee3cd4343f922100090f6f8a24099f9f7e268601c89

Request headers

Referer
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wmnkh30kncia5anuhtsgcd36
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 30 Apr 2020 10:26:25 GMT
last-modified
Thu, 05 Mar 2020 08:41:24 GMT
etag
"5e60bb34-85140"
status
200
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
545088

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery string| u

3 Cookies

Domain/Path Name / Value
dirtyvalentine1.com/ Name: uord
Value: a1acbbed14215ac1982ca5378c45e86a
dirtyvalentine1.com/ Name: k
Value: SFMyNTY.g3QAAAAIbQAAAARhdW5xdAAAAAFtAAAABTQxNTU3bQAAAAp3ZUVNR3l4WkJ3bQAAAANoaWRtAAAAJXd5VUtzTExya2hCYnpoRWd6SWRLeld4YVpibWJBVkZtUm1DWFdtAAAAAmhsZAADbmlsbQAAAAJyZHQAAAAEZAAKX19zdHJ1Y3RfX2QAGEVsaXhpci5UZGV4LlJvdGF0aW9uRGF0YWQADmNsaWNrZWRfb2ZmZXJzdAAAAABkAAhsYW5kaW5nc2wAAAABYgAABntqZAALc2Vlbl9vZmZlcnNsAAAAAWIAAF_Cam0AAAAFc3ViXzFkAANuaWxtAAAABXN1Yl8ybQAAABh3bW5raDMwa25jaWE1YW51aHRzZ2NkMzZtAAAAB3RyYWNrZXJtAAAABzEwMzI0OTRtAAAAA3VucW0AAAAMV0FoVlBvTkFPeFNC.tivR0_vsNodSuji65LHq4soDBzhg7sp7d6EtSXGwgx0
.dirtyvalentine1.com/ Name: __cfduid
Value: dfee85e048ff1fbcd1b7dede2b853cd601588242385

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubdomains;