urlscan.io logo urlscan.io
SecurityTrails logo

sofiawars.loven.klub.free.bg Open in urlscan Pro
94.130.71.117  Public Scan

Go To Rescan Add Verdict Report
URL: http://sofiawars.loven.klub.free.bg/
Submission: On April 01 via manual from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 6 countries across 9 domains to perform 20 HTTP transactions. The main IP is 94.130.71.117, located in Frankfurt am Main, Germany and belongs to HETZNER-AS, DE. The main domain is sofiawars.loven.klub.free.bg.
This is the only time sofiawars.loven.klub.free.bg was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 94.130.71.117 24940 (HETZNER-AS)
2 4 2606:4700:303... 13335 (CLOUDFLAR...)
3 193.203.198.196 51605 (XS-SOFTWARE)
1 1 67.199.248.11 396982 (GOOGLE-CL...)
2 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 46.105.201.240 16276 (OVH)
5 192.99.8.34 16276 (OVH)
3 139.45.197.238 9002 (RETN-AS)
1 139.45.195.8 9002 (RETN-AS)
1 139.45.197.151 9002 (RETN-AS)
20 9
1    94.130.71.117 (Frankfurt am Main, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: free.bg
sofiawars.loven.klub.free.bg
4    2606:4700:3033::6815:2109 (United States)

ASN13335 (CLOUDFLARENET, US)
www.counter12.com
3    193.203.198.196 (Bulgaria)

ASN51605 (XS-SOFTWARE, BG)
PTR: wawawars.pl
www.classic.sofiawars.com
1    67.199.248.11 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly
bit.ly
2    2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)
meuip.page
2    46.105.201.240 (France)

ASN16276 (OVH, FR)
s10.histats.com
5    192.99.8.34 (Brossard, Canada)

ASN16276 (OVH, FR)
PTR: ns501383.ip-192-99-8.net
s4.histats.com
3    139.45.197.238 (United Kingdom)

ASN9002 (RETN-AS, GB)
ashoupsu.com
1    139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)
my.rtmark.net
1    139.45.197.151 (United Kingdom)

ASN9002 (RETN-AS, GB)
hognaivee.com
Apex Domain
Subdomains		 Transfer
7 histats.com
s10.histats.com — Cisco Umbrella Rank: 15725
s4.histats.com — Cisco Umbrella Rank: 13209
10 KB
4 counter12.com
www.counter12.com — Cisco Umbrella Rank: 878329
4 KB
3 ashoupsu.com
ashoupsu.com — Cisco Umbrella Rank: 61410
26 KB
3 sofiawars.com
www.classic.sofiawars.com
525 KB
2 meuip.page
meuip.page
20 KB
1 hognaivee.com
hognaivee.com
1 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 9646
541 B
1 bit.ly
bit.ly — Cisco Umbrella Rank: 2814
283 B
1 free.bg
sofiawars.loven.klub.free.bg
2 KB
20 9
Domain Requested by
5 s4.histats.com s10.histats.com
4 www.counter12.com 2 redirects sofiawars.loven.klub.free.bg
3 ashoupsu.com meuip.page
ashoupsu.com
3 www.classic.sofiawars.com sofiawars.loven.klub.free.bg
2 s10.histats.com www.counter12.com
meuip.page
2 meuip.page www.counter12.com
meuip.page
1 hognaivee.com ashoupsu.com
1 my.rtmark.net ashoupsu.com
1 bit.ly 1 redirects
1 sofiawars.loven.klub.free.bg
20 10

This site contains links to these domains. Also see Links.

Domain
classic.sofiawars.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-15 -
2022-07-14		 a year crt.sh
histats.com
R3		 2022-01-21 -
2022-04-21		 3 months crt.sh
ashoupsu.com
R3		 2022-01-28 -
2022-04-28		 3 months crt.sh
*.rtmark.net
Sectigo RSA Domain Validation Secure Server CA		 2021-11-20 -
2022-11-26		 a year crt.sh
hognaivee.com
R3		 2022-03-11 -
2022-06-09		 3 months crt.sh

This page contains 2 frames:

Primary Page: http://sofiawars.loven.klub.free.bg/
Frame ID: BBAA5233520BB38C9DDBB13D2E8F058D
Requests: 11 HTTP requests in this frame

Frame: https://meuip.page/ads5.php
Frame ID: 756315D200761A4DBAF0A0A085BD5BE9
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Online Ловен Клуб - classic.sofiawars.com

Page Statistics

20
Requests

65 %
HTTPS

20 %
IPv6

9
Domains

10
Subdomains

9
IPs

6
Countries

587 kB
Transfer

689 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://www.counter12.com/img-yZByB1wZ-9.gif HTTP 301
  • https://www.counter12.com/img-yZByB1wZ-9.gif
Request Chain 1
  • http://www.counter12.com/ad.js?id=yZByB1wZ HTTP 301
  • https://www.counter12.com/ad.js?id=yZByB1wZ
Request Chain 4
  • https://bit.ly/33av5Zh HTTP 301
  • https://meuip.page/ads5.php

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
sofiawars.loven.klub.free.bg/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://sofiawars.loven.klub.free.bg/
Protocol
HTTP/1.1
Server
94.130.71.117 Frankfurt am Main, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
free.bg
Software
nginx /
Resource Hash
bcd9c06f8a06eaa83697f4daa3dae9d5ac103a46a4ec97461bd680483b2885b9
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control
no-cache
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Fri, 01 Apr 2022 09:31:28 GMT
ETag
W/"5526519b-1015"
Expires
Fri, 01 Apr 2022 09:31:27 GMT
Last-Modified
Thu, 09 Apr 2015 10:16:59 GMT
Server
nginx
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
img-yZByB1wZ-9.gif
www.counter12.com/
Redirect Chain
  • http://www.counter12.com/img-yZByB1wZ-9.gif
  • https://www.counter12.com/img-yZByB1wZ-9.gif
335 B
880 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.counter12.com/img-yZByB1wZ-9.gif
Requested by
Host: sofiawars.loven.klub.free.bg
URL: http://sofiawars.loven.klub.free.bg/
Protocol
H2
Server
2606:4700:3033::6815:2109 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.3.3
Resource Hash
bbfa277525375a418f9272fd2affa750ac13258a6da4bde8d2c7a614ecfd1596

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://sofiawars.loven.klub.free.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 09:31:28 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/5.3.3
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CAhwa81iCoFZ5t6FwuCJWs0XooEFEFqWomHciOFBD1A5H87AX0oo3eWeVres7kwua32QihP0OSuHoJ4btQgX2SrVOwJEwFdGLdSporakJipRs2A%2F2Vpr%2BYzwJ99xzKhhg%2Fk37RY7uTWEJN0A8L6XGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cf-ray
6f504fe04f84d600-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
335

Redirect headers

Date
Fri, 01 Apr 2022 09:31:28 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BoeGSj6BVPnpakOyLscidEg9sugWYVCr92rzW2Z72Z1FN%2Bw%2FEZ0CaF%2BsAF9BpUuSQw64JqgICmb0abM48n7MSC4t61Gcwg%2BTbL5AZjAqneyvNQJuSjneWQ7706JDbWB6E5o1mLuU42ggYCxKDxwSKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Location
https://www.counter12.com/img-yZByB1wZ-9.gif
Cache-Control
max-age=3600
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
6f504fdfafc783a2-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Expires
Fri, 01 Apr 2022 10:31:28 GMT
ad.js
www.counter12.com/
Redirect Chain
  • http://www.counter12.com/ad.js?id=yZByB1wZ
  • https://www.counter12.com/ad.js?id=yZByB1wZ
3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.counter12.com/ad.js?id=yZByB1wZ
Requested by
Host: sofiawars.loven.klub.free.bg
URL: http://sofiawars.loven.klub.free.bg/
Protocol
H2
Server
2606:4700:3033::6815:2109 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.3.3
Resource Hash
b618371ae2efce33516d4e186a3d587fee53176df45a5a47048125ea599072e7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://sofiawars.loven.klub.free.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 09:31:28 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/5.3.3
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IwZ3qB1hzFg65r5NxiUV9d64Kkg3ItRv2oXnvjY%2FHbv27qZkNp4135WoZxz9QbZ97YBpDliSYDNOiPxHSj5yTPk8VEdzAPhHUXYNHLqFdpVpK%2Bzc%2FCWQjZCZArAtLr9Ryj6CoXBNA8xDeZYiZN943g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
6f504fe04f86d600-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Date
Fri, 01 Apr 2022 09:31:28 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZmFTJOnz2WZ0h6ibBy6ReWWSyR0NYok8JjBrP2G4BOa39WvwjPdYlcyOzcpaxDuF7Rna38ysjr0294LtX1xZ5mPSSGQQ%2BYp1oaQfvMQRLBMLyDm8VExiOzUBKaOJP9u5NggumeLOMBZ8L1L%2BRvhyRw%3D%3D"}],"group":"cf-nel","max_age":604800}
Location
https://www.counter12.com/ad.js?id=yZByB1wZ
Cache-Control
max-age=3600
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
6f504fdf9f34375b-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Expires
Fri, 01 Apr 2022 10:31:28 GMT
logo.png
www.classic.sofiawars.com/@/images/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.classic.sofiawars.com/@/images/logo.png
Requested by
Host: sofiawars.loven.klub.free.bg
URL: http://sofiawars.loven.klub.free.bg/
Protocol
HTTP/1.1
Server
193.203.198.196 , Bulgaria, ASN51605 (XS-SOFTWARE, BG),
Reverse DNS
wawawars.pl
Software
nginx/1.2.4 /
Resource Hash
47a08a27f8c8e95ac1ad9d1676a2070c02aea914bce538ddbf36197bd6ded2fb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://sofiawars.loven.klub.free.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Fri, 01 Apr 2022 09:31:29 GMT
Last-Modified
Wed, 01 Apr 2015 22:42:03 GMT
Server
nginx/1.2.4
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
44607
Expires
Sun, 01 May 2022 09:31:29 GMT
city.jpg
www.classic.sofiawars.com/@/images/ 		313 KB
313 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.classic.sofiawars.com/@/images/city.jpg
Requested by
Host: sofiawars.loven.klub.free.bg
URL: http://sofiawars.loven.klub.free.bg/
Protocol
HTTP/1.1
Server
193.203.198.196 , Bulgaria, ASN51605 (XS-SOFTWARE, BG),
Reverse DNS
wawawars.pl
Software
nginx/1.2.4 /
Resource Hash
5bb7f93fd4b6eab2e9ea7e5360cdb43b61e18ee2963775587ab07e584f1d9e5e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://sofiawars.loven.klub.free.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Fri, 01 Apr 2022 09:31:29 GMT
Last-Modified
Wed, 01 Apr 2015 22:42:49 GMT
Server
nginx/1.2.4
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
320182
Expires
Sun, 01 May 2022 09:31:29 GMT
ads5.php
meuip.page/ Frame 7563
Redirect Chain
  • https://bit.ly/33av5Zh
  • https://meuip.page/ads5.php
63 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://meuip.page/ads5.php
Requested by
Host: www.counter12.com
URL: http://www.counter12.com/ad.js?id=yZByB1wZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70c6137278dbe524911fc1b16d9acd5d9067619b787100b8189724051088ff4f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://sofiawars.loven.klub.free.bg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
6f504fe4bca70e12-MXP
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 01 Apr 2022 09:31:29 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SPGPhfqSwbaF6PXWhBknhW8q3tbpprADPEtgqFzt16fDlrisoTF7rBwnSUuwxdRK%2BmPK%2B4%2BNVH9YYAb9l5MhrxpZaliIG%2FOhkxnGvm2L3CTVrV6pES5c%2FqX2GY8ZnL9RiSPqhIO6ZCh5"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=90
content-length
114
content-security-policy
referrer always;
content-type
text/html; charset=utf-8
date
Fri, 01 Apr 2022 09:31:29 GMT
location
https://meuip.page/ads5.php
referrer-policy
unsafe-url
server
nginx
via
1.1 google
js15_as.js
s10.histats.com/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://s10.histats.com/js15_as.js
Requested by
Host: www.counter12.com
URL: http://www.counter12.com/ad.js?id=yZByB1wZ
Protocol
HTTP/1.1
Server
46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://sofiawars.loven.klub.free.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 09:30:34 GMT
content-encoding
gzip
last-modified
Thu, 16 Apr 2020 10:44:16 GMT
x-cdn-pop-ip
137.74.120.0/27
etag
"-375139978"
x-cacheable
Matched cache
vary
Accept-Encoding
x-iplb-instance
40745
content-type
text/javascript
x-cdn-pop
sbg
accept-ranges
bytes
x-iplb-request-id
D940971D:954E_2E69C9F0:0050_6246C670_D19E2:2FBD
content-length
4547
x-request-id
1053426310
hunting.jpg
www.classic.sofiawars.com/@/images/loc/ 		168 KB
169 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.classic.sofiawars.com/@/images/loc/hunting.jpg
Requested by
Host: sofiawars.loven.klub.free.bg
URL: http://sofiawars.loven.klub.free.bg/
Protocol
HTTP/1.1
Server
193.203.198.196 , Bulgaria, ASN51605 (XS-SOFTWARE, BG),
Reverse DNS
wawawars.pl
Software
nginx/1.2.4 /
Resource Hash
b5f3ebd075fd51a7cac53f541f1d25da47f813bb4570f0c4c384be86ed076cb3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://sofiawars.loven.klub.free.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Fri, 01 Apr 2022 09:31:29 GMT
Last-Modified
Wed, 01 Apr 2015 22:42:48 GMT
Server
nginx/1.2.4
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
172327
Expires
Sun, 01 May 2022 09:31:29 GMT
0.php
s4.histats.com/stats/ 		52 B
186 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s4.histats.com/stats/0.php?3908301&@f16&@g1&@h1&@i1&@j1648805489848&@k0&@l1&@mOnline%20%D0%9B%D0%BE%D0%B2%D0%B5%D0%BD%20%D0%9A%D0%BB%D1%83%D0%B1%20-%20classic.sofiawars.com&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-85870945&@b3:1648805490&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fsofiawars.loven.klub.free.bg%2F&@w
Requested by
Host: s10.histats.com
URL: http://s10.histats.com/js15_as.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.99.8.34 Brossard, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns501383.ip-192-99-8.net
Software
/
Resource Hash
ba43e78e589a391bcb0e75a64adf984eb1736873b4a020e4e48175e7b291038c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://sofiawars.loven.klub.free.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Fri, 01 Apr 2022 09:31:29 GMT
Connection
close
Content-Length
52
Content-Type
text/html;charset=UTF-8
0.php
s4.histats.com/stats/ 		52 B
186 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s4.histats.com/stats/0.php?2998001&@f16&@g1&@h1&@i1&@j1648805489848&@k0&@l1&@mOnline%20%D0%9B%D0%BE%D0%B2%D0%B5%D0%BD%20%D0%9A%D0%BB%D1%83%D0%B1%20-%20classic.sofiawars.com&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:31514930&@b3:1648805490&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fsofiawars.loven.klub.free.bg%2F&@w
Requested by
Host: s10.histats.com
URL: http://s10.histats.com/js15_as.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.99.8.34 Brossard, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns501383.ip-192-99-8.net
Software
/
Resource Hash
eff7a87d1513b99ba20a3770849dd1b856044fd072202fe63dd0b5db269ec190

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://sofiawars.loven.klub.free.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Fri, 01 Apr 2022 09:31:29 GMT
Connection
close
Content-Length
52
Content-Type
text/html;charset=UTF-8
0.php
s4.histats.com/stats/ 		52 B
186 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s4.histats.com/stats/0.php?3908301&@f16&@g0&@h2&@i1&@j1648805489853&@k5&@l2&@mOnline%20%D0%9B%D0%BE%D0%B2%D0%B5%D0%BD%20%D0%9A%D0%BB%D1%83%D0%B1%20-%20classic.sofiawars.com&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:17461491&@b3:1648805490&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fsofiawars.loven.klub.free.bg%2F&@w
Requested by
Host: s10.histats.com
URL: http://s10.histats.com/js15_as.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.99.8.34 Brossard, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns501383.ip-192-99-8.net
Software
/
Resource Hash
ba43e78e589a391bcb0e75a64adf984eb1736873b4a020e4e48175e7b291038c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://sofiawars.loven.klub.free.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Fri, 01 Apr 2022 09:31:29 GMT
Connection
close
Content-Length
52
Content-Type
text/html;charset=UTF-8
0.php
s4.histats.com/stats/ 		52 B
186 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s4.histats.com/stats/0.php?2998001&@f16&@g0&@h2&@i1&@j1648805489853&@k5&@l2&@mOnline%20%D0%9B%D0%BE%D0%B2%D0%B5%D0%BD%20%D0%9A%D0%BB%D1%83%D0%B1%20-%20classic.sofiawars.com&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:186001390&@b3:1648805490&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fsofiawars.loven.klub.free.bg%2F&@w
Requested by
Host: s10.histats.com
URL: http://s10.histats.com/js15_as.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.99.8.34 Brossard, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns501383.ip-192-99-8.net
Software
/
Resource Hash
eff7a87d1513b99ba20a3770849dd1b856044fd072202fe63dd0b5db269ec190

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://sofiawars.loven.klub.free.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Fri, 01 Apr 2022 09:31:29 GMT
Connection
close
Content-Length
52
Content-Type
text/html;charset=UTF-8
ads5.php
meuip.page/ Frame 7563 		0
280 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://meuip.page/ads5.php
Requested by
Host: meuip.page
URL: https://meuip.page/ads5.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://meuip.page/ads5.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 09:31:30 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oy81wSk%2FgWcxEkrcMKnmIj%2FhdvEgkXKrPtmguI6DJK8EY%2BkjvyQaBigZS3yqM0BfhJvS6LltLTQlv37o8ty43qM3RG%2Bg4oeZfWc3ku%2BYbCCIaufUTe30HwljSZmzmLIJqWnWiHeMxgnD"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cf-ray
6f504fe8ee890e12-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
/
ashoupsu.com/5/3398217/ Frame 7563 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ashoupsu.com/5/3398217/?oo=1&aab=1
Requested by
Host: meuip.page
URL: https://meuip.page/ads5.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
e70f5682ae322ba30aff57ec95eadf866945bcbe9c57852056ba978b8a2886ae

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://meuip.page/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-trace-id
4f2e2eff6c48ce6f4ff4dbf2659fc954
pragma
no-cache, no-cache
date
Fri, 01 Apr 2022 09:31:30 GMT
content-encoding
gzip
server
nginx
link
<https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://meuip.page
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding
expires
Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
tag.min.js
ashoupsu.com/ Frame 7563 		68 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ashoupsu.com/tag.min.js
Requested by
Host: meuip.page
URL: https://meuip.page/ads5.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
2a3d1aa5f7d6eeae6725637392ba28c6323d9248d67570af32e2f4b6e3d0e4ed
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://meuip.page/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 09:31:30 GMT
content-encoding
br
x-content-type-options
nosniff
access-control-max-age
86400
content-length
22098
x-trace-id
4133c64271ff50b7ed100d8a33263175
pragma
no-cache
last-modified
Mon, 28 Mar 2022 15:09:28 GMT
server
nginx
strict-transport-security
max-age=1
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
accept-ranges
bytes
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding
expires
Tue, 11 Jan 1994 10:00:00 GMT
js15_as.js
s10.histats.com/ Frame 7563 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s10.histats.com/js15_as.js
Requested by
Host: meuip.page
URL: https://meuip.page/ads5.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://meuip.page/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 09:29:13 GMT
content-encoding
br
last-modified
Thu, 16 Apr 2020 10:44:16 GMT
x-cdn-pop-ip
137.74.120.0/27
etag
"-375139978"
x-cacheable
Matched cache
content-type
application/javascript; charset=UTF-8
x-cdn-pop
sbg
accept-ranges
bytes
content-length
4364
x-request-id
174982292
0.php
s4.histats.com/stats/ Frame 7563 		52 B
186 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s4.histats.com/stats/0.php?4267674&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@mADS&@n0&@ohttp%3A%2F%2Fsofiawars.loven.klub.free.bg%2F&@q0&@r0&@s0&@ten-US&@u1600&@b1:114408208&@b3:1648805491&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fmeuip.page%2Fads5.php&@w
Requested by
Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.99.8.34 Brossard, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns501383.ip-192-99-8.net
Software
/
Resource Hash
0fae7b7aafba9e73b1372f0fb39c87b0c0044a3cf1f2ff5f9207271c69ab850c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://meuip.page/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Fri, 01 Apr 2022 09:31:30 GMT
Connection
close
Content-Length
52
Content-Type
text/html;charset=UTF-8
gid.js
my.rtmark.net/ Frame 7563 		65 B
541 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/gid.js?userId=f8b9ff7f66ff46aabf1e7268c8e734fe
Requested by
Host: ashoupsu.com
URL: https://ashoupsu.com/tag.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
83e4b6c6c82dd0f0b376a6d94154fbb60d14a7752e62d3ef2a670e6b5b93561e
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://meuip.page/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 09:31:30 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://meuip.page
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
/
ashoupsu.com/ Frame 7563 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ashoupsu.com/?rb=Rz-LuSm3lGHGGpmBgd2GfVZw4--2w4eZIVT2BQE6Fk940_arY_QPjy0D9O53m2pkaPgPN6l7z2kQRhK967Ne63sPvKlRAKY-u_2B4oAFepF0OyLbqd6Q49bsUjLcPIAd8mOfquV6j0NxYJqA6ztI2ns2yBY9o6iE7TBpvZWtfN0r0PNId55eKwmTlb2rkAPhZDP_vUGhlxHCzxBsYJrwtu4_dmzAUyrQJF3puY158nuQWK3F1kF7ZMjWBF_C8fs2q9cOlO1XO4_S1He917K9tg%3D%3D&request_ab2=0&zoneid=3398217&js_build=iclick-v1.377.2&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=1&pl=https%3A%2F%2Fmeuip.page%2Fads5.php&drf=http%3A%2F%2Fsofiawars.loven.klub.free.bg%2F&np=1&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false&js_build=iclick-v1.377.2&bs=f1501c16-fbef-4014-993e-455955dc6913&userId=f8b9ff7f66ff46aabf1e7268c8e734fe&m=link
Requested by
Host: ashoupsu.com
URL: https://ashoupsu.com/tag.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
d54bfecb1c3655a02078c66240a251d668966521f4fccfc2fbe7e0432ebd9d26
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://meuip.page/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 09:31:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
access-control-max-age
86400
x-trace-id
6a93282ef89ae6edd076b2064685495c
pragma
no-cache
server
nginx
strict-transport-security
max-age=1
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://meuip.page
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding
expires
Tue, 11 Jan 1994 10:00:00 GMT
favicon.ico
hognaivee.com/ Frame 7563 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hognaivee.com/favicon.ico
Requested by
Host: ashoupsu.com
URL: https://ashoupsu.com/tag.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.151 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://meuip.page/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 09:31:30 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=60

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored function| addLink function| createCookie function| readCookie function| eraseCookie undefined| listener object| _Hasync function| chfh function| chfh2 string| _HST_cntval object| Histats object| _HistatsCounterGraphics_0_setValues

12 Cookies

Domain/Path Name / Value
sofiawars.loven.klub.free.bg/ Name: showed
Value: ok
sofiawars.loven.klub.free.bg/ Name: HstCfa3908301
Value: 1648805489848
sofiawars.loven.klub.free.bg/ Name: HstCmu3908301
Value: 1648805489848
sofiawars.loven.klub.free.bg/ Name: HstCnv3908301
Value: 1
sofiawars.loven.klub.free.bg/ Name: HstCns3908301
Value: 1
sofiawars.loven.klub.free.bg/ Name: HstCla3908301
Value: 1648805489853
sofiawars.loven.klub.free.bg/ Name: HstPn3908301
Value: 2
sofiawars.loven.klub.free.bg/ Name: HstPt3908301
Value: 2
ashoupsu.com/ Name: OAID
Value: f8b9ff7f66ff46aabf1e7268c8e734fe
ashoupsu.com/ Name: oaidts
Value: 1648805490
my.rtmark.net/ Name: ID
Value: f8b9ff7f66ff46aabf1e7268c8e734fe
ashoupsu.com/ Name: syncedCookie
Value: true

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ashoupsu.com
bit.ly
hognaivee.com
meuip.page
my.rtmark.net
s10.histats.com
s4.histats.com
sofiawars.loven.klub.free.bg
www.classic.sofiawars.com
www.counter12.com
139.45.195.8
139.45.197.151
139.45.197.238
192.99.8.34
193.203.198.196
2606:4700:3033::6815:2109
2a06:98c1:3121::7
46.105.201.240
67.199.248.11
94.130.71.117
0fae7b7aafba9e73b1372f0fb39c87b0c0044a3cf1f2ff5f9207271c69ab850c
2a3d1aa5f7d6eeae6725637392ba28c6323d9248d67570af32e2f4b6e3d0e4ed
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
47a08a27f8c8e95ac1ad9d1676a2070c02aea914bce538ddbf36197bd6ded2fb
5bb7f93fd4b6eab2e9ea7e5360cdb43b61e18ee2963775587ab07e584f1d9e5e
70c6137278dbe524911fc1b16d9acd5d9067619b787100b8189724051088ff4f
83e4b6c6c82dd0f0b376a6d94154fbb60d14a7752e62d3ef2a670e6b5b93561e
b5f3ebd075fd51a7cac53f541f1d25da47f813bb4570f0c4c384be86ed076cb3
b618371ae2efce33516d4e186a3d587fee53176df45a5a47048125ea599072e7
ba43e78e589a391bcb0e75a64adf984eb1736873b4a020e4e48175e7b291038c
bbfa277525375a418f9272fd2affa750ac13258a6da4bde8d2c7a614ecfd1596
bcd9c06f8a06eaa83697f4daa3dae9d5ac103a46a4ec97461bd680483b2885b9
d54bfecb1c3655a02078c66240a251d668966521f4fccfc2fbe7e0432ebd9d26
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e70f5682ae322ba30aff57ec95eadf866945bcbe9c57852056ba978b8a2886ae
eff7a87d1513b99ba20a3770849dd1b856044fd072202fe63dd0b5db269ec190