ww38.flirtsdreams.info Open in urlscan Pro
76.223.26.96 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://drummondcommunitybank.org/
Effective URL:
http://ww38.flirtsdreams.info/
Submission: On September 05 via automatic, source certstream-suspicious (September 5th 2023, 1:24:15 am UTC) — Scanned from NL

Summary HTTP 33 Redirects Behaviour Indicators

Summary

This website contacted 12 IPs in 5 countries across 13 domains to perform 33 HTTP transactions. The main IP is 76.223.26.96, located in and belongs to . The main domain is ww38.flirtsdreams.info.

This is the only time ww38.flirtsdreams.info was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 3	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	88.212.201.198 88.212.201.198	39134 (UNITEDNET) (UNITEDNET)
1 1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	172.64.162.14 172.64.162.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
2	2a06:98c1:312... 2a06:98c1:3121::9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	185.155.184.79 185.155.184.79	5398 (AS5398) (AS5398)
1 1	103.224.182.246 103.224.182.246	() ()
3	76.223.26.96 76.223.26.96	() ()
2	2a00:1450:400... 2a00:1450:4001:808::2004	() ()
1	185.53.178.30 185.53.178.30	() ()
1	2600:9000:225... 2600:9000:2250:3a00:1d:4618:5c80:21	() ()
1	2a00:1450:400... 2a00:1450:4001:806::2002	() ()
33	12

3 2a06:98c1:3120::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

drummondcommunitybank.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.198 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host198.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.97.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

mvgde.polluxcastor.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 172.64.162.14 (United States)

ASN13335 (CLOUDFLARENET, US)

mvgde.goldengrinder.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdnstatic.goldengrinder.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::9 (United States)

ASN13335 (CLOUDFLARENET, US)

xingfutongmen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.155.184.79 (Switzerland) 1 redirects

ASN5398 (AS5398, CH)

524.yafastdie.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.224.182.246 (None, ) 1 redirects

ASN- ()

flirtsdreams.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 76.223.26.96 (None, )

ASN- ()

ww38.flirtsdreams.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2004 (None, )

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.53.178.30 (None, )

ASN- ()

c.parkingcrew.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:3a00:1d:4618:5c80:21 (None, )

ASN- ()

d38psrni17bvxu.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2002 (None, )

ASN- ()

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	goldengrinder.top mvgde.goldengrinder.top cdnstatic.goldengrinder.top — Cisco Umbrella Rank: 225244	40 KB
4	flirtsdreams.info 1 redirects flirtsdreams.info ww38.flirtsdreams.info	8 KB
4	gstatic.com www.gstatic.com	35 KB
3	drummondcommunitybank.org 1 redirects drummondcommunitybank.org	5 KB
2	google.com www.google.com	59 KB
2	yafastdie.live 1 redirects 524.yafastdie.live	587 B
2	xingfutongmen.com xingfutongmen.com	33 KB
2	yadro.ru 1 redirects counter.yadro.ru — Cisco Umbrella Rank: 11656	1 KB
1	googleadservices.com partner.googleadservices.com	596 B
1	cloudfront.net d38psrni17bvxu.cloudfront.net	12 KB
1	parkingcrew.net c.parkingcrew.net	1005 B
1	polluxcastor.top 1 redirects mvgde.polluxcastor.top	688 B
0	googleusercontent.com Failed afs.googleusercontent.com Failed
33	13

	Domain	Requested by
8	mvgde.goldengrinder.top	drummondcommunitybank.org mvgde.goldengrinder.top cdnstatic.goldengrinder.top
4	www.gstatic.com	cdnstatic.goldengrinder.top
4	cdnstatic.goldengrinder.top	mvgde.goldengrinder.top cdnstatic.goldengrinder.top
3	ww38.flirtsdreams.info	524.yafastdie.live ww38.flirtsdreams.info
3	drummondcommunitybank.org	1 redirects drummondcommunitybank.org
2	www.google.com	ww38.flirtsdreams.info www.google.com
2	524.yafastdie.live	1 redirects xingfutongmen.com
2	xingfutongmen.com	cdnstatic.goldengrinder.top xingfutongmen.com
2	counter.yadro.ru	1 redirects
1	partner.googleadservices.com	www.google.com
1	d38psrni17bvxu.cloudfront.net	ww38.flirtsdreams.info
1	c.parkingcrew.net	ww38.flirtsdreams.info
1	flirtsdreams.info	1 redirects
1	mvgde.polluxcastor.top	1 redirects
0	afs.googleusercontent.com Failed	www.google.com
33	15

This site contains no links.

Subject Issuer	Validity	Valid
drummondcommunitybank.org GTS CA 1P5	`2023-09-05` - `2023-12-04`	3 months	crt.sh
goldengrinder.top GTS CA 1P5	`2023-08-14` - `2023-11-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
xingfutongmen.com GTS CA 1P5	`2023-07-22` - `2023-10-20`	3 months	crt.sh
yafastdie.live R3	`2023-09-04` - `2023-12-03`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh

This page contains 3 frames:

Primary Page: http://ww38.flirtsdreams.info/
Frame ID: B2B9B0A2B1C95FB5B238C3B70985B4F5
Requests: 30 HTTP requests in this frame

Frame: https://xingfutongmen.com/media/mainstream/cloud.html
Frame ID: A27A6F3F52DA600EABCA8C64CBB7E6E7
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket003&client=dp-teaminternet04_3ph&r=m&hl=nl&rpbu=http%3A%2F%2Fww38.flirtsdreams.info%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NGY2ODMzZTRkNDgzfHx8MTY5Mzg3NzA1NC4zMjYzfDRiMDRiMjY3YTFiZWM1YTE5OGU1NTk5ZWY3ZjQ5Y2Y2NThjNTk3ZDB8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDQyM2IwMjIzODhiYWYwYTk0MTllYTNhYmRlNjk0MTIzODZiOWJmMjN8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfA%253D%253D&terms=Tulum%20Resorts%2CCancun%20Resorts%2CTrundle&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2631830028814560&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301293%2C17301318%2C17301320&format=r3%7Cs&nocache=7331693877054701&num=0&output=afd_ads&domain_name=ww38.flirtsdreams.info&v=3&bsl=8&pac=2&u_his=23&u_tz=120&dt=1693877054702&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=789&frm=0&cl=560704565&uio=--&cont=tc&jsid=caf&jsv=560704565&rurl=http%3A%2F%2Fww38.flirtsdreams.info%2F&adbw=master-1%3A530
Frame ID: 04E1680B66207C7E2A02DC74179DC44D
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://drummondcommunitybank.org/ Page URL
https://drummondcommunitybank.org/ HTTP 301
https://mvgde.polluxcastor.top/?pl=wyqwIiui3U-oMKNOfTV6Dg HTTP 302
https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8j... Page URL
https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8j... Page URL
https://xingfutongmen.com/?u=pe7k605&o=3u0gcu2 Page URL
https://524.yafastdie.live/uiyaqtev/article524.doc?u=pe7k605&o=3u0gcu2&f=1&sid=t2~r4vpqkaypveybcs0ee3su... Page URL
https://524.yafastdie.live/web/ HTTP 302
https://flirtsdreams.info/ HTTP 302
http://ww38.flirtsdreams.info/ Page URL

Detected technologies

Firebase (Databases) Expand

Overall confidence: 100%
Detected patterns

/firebasejs/([\d.]+)/firebase

Page Statistics

33
Requests

70 %
HTTPS

46 %
IPv6

13
Domains

15
Subdomains

12
IPs

5
Countries

193 kB
Transfer

517 kB
Size

18
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://drummondcommunitybank.org/ Page URL
https://drummondcommunitybank.org/ HTTP 301
https://mvgde.polluxcastor.top/?pl=wyqwIiui3U-oMKNOfTV6Dg HTTP 302
https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349 Page URL
https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349 Page URL
https://xingfutongmen.com/?u=pe7k605&o=3u0gcu2 Page URL
https://524.yafastdie.live/uiyaqtev/article524.doc?u=pe7k605&o=3u0gcu2&f=1&sid=t2~r4vpqkaypveybcs0ee3suhor&fp=vEXmw1fxh0GE%2FgpQL8V%2Ba65vmzg%2BYrQ6IJQIJPaluoMIiIFhXQzOJ7qCYoqZaY8e5D22KA%2BqKmpe5E0a%2FZdRtYLCn883vdtq84H2ZbfuJvC3a1EeXTDIamsdzWgHTl4FqyczlCEGr%2BI1qcy3t3owbuujUo7Kif8W3YtVkMVapTQPVpAeDhg7IZGpqucpJnVE0WbstE4yHTrr8VxtSF7GjxjcWPYK1PYrArRDkZq0Our2dCPrWhUTnAq7240CH8qqpUbKstYsUDuSgxH6ksITeblz6h8%2Bk3Gbb91hB3mY%2FONiMWOiOkYNkCv6RuxFtgygBX8DKgk0YPbnqSix8LJavtEASOYjdAkuEDuLY9K5Y90fE5LNbCTHkQ2Sswpalr3XZdhvC13%2B%2BQFXCIZWSoZfU4EKxBkIkUW5Fy397eWo6dTGXs86CIjivXTEmo0rpKC%2ButcNPI1pxT%2BU4ySgOszGGfGKeqwuRW0KdkVNjsSnX%2F9BoqI8CQp3zS12%2ByvRkdiGzTHx0Wy3rRjOw9iixcpkmcHrOglZ6m8F9dJrLdOXBvK3XMgsmIYFv2vDw8CUzxo3FMNfjxQi2w%2F2ysb06kgjFaNR6GznhaeMz0m0DEdLNhULd4rFG2NIg%2B3CUxjIaoO4S2T%2F3E5JLmZLoXHhb853NcQn7x8B%2BEnrhlrENtxz6wZLANPsiHzAkMuRQ9tVFgM1qmpJlBWgjSqtL5xiwkuMTQmoTwWcUgEgTIPxN0c6Gbx8f9yPnxrzyAcLZD8BJFYuPxTYub18BJ1%2BCO0PRMPe0wFanO2nafbDcQ7iplkvhUCWqAELAuIsL8bwL%2B1N8alrdo%2FZAJOA3KWjwOJSMTMDy%2BfcnmQdlKlVcs1Gwg7tFVaL0tPMR78Cv%2FpSJPyd8%2FnttBg5UcnFLZSJ1FTU3bZCetRyKuesFaZTd8TTfhihj3h7iTFiFoiJUBKTB2dIEpHRUMwxgo47GD5iuK7XgKPwkeo%2Bw1Nm1ZfSwe7zQV%2BglcmrkUV7brS6JFp5tKnwURJ9JPPm7GXQ841lcKnHuHWAzCERAfMx7tSR7L4K0G75CUBrTWwwIRL8cv6wE%2BzlSfTa%2FOSj7s9cawvZPFy9leXG1mCGl2qATMQM4XxqWdXccGNinOl2fOHE7%2BL81R7GkUe7%2BbLqULHh1%2Fxj9pR8cQCkKbxHGFOZTU0CwH2W4cHEmAYtCdi6eiMlhGOyEU24tp245oTd%2FyRNcMQtgb%2B6hYdPsmsxjyMCqlHpBf8DqiV06Lof0pNsS2WFsim1iPakaBPuduB2VNx8MZ%2Fx93gE0%2FvHzuK3%2FevVLzQpvhmz7wZCbbdt%2BlZyPCTI33GmvhYuRfDWWEr4dn6VBk5UDHxQVAhQb3AP0Nl%2BU3%2B6VXJteXL5exauOaBj4LqZ%2FHuTjyTlGI5%2FXkoTzn49a8jH5xVZGCUu7t%2F%2B5oMVIIuo02hGXxmwKeVn7Q73hLW%2F7doJRODb%2Btynxd%2BJ3atERHQryEXOwwOZrVAJMSLkbtSGr6pSQoqp58vylU3yqWTgTDIPKAZqhNKhC5AjBLocDINj0LIRBTgRyM8MqOCxcKrnglWUzeAcq%2BkeYv6mDXw4eHfCR%2BDaKqD7g4NEpriX9w1ZOhaYf07t3imnhdOejSy2OND2uvojLaKzDKn74KgWiOrlo5JUq%2FQABimPp1EMgMHd6zBDxNMxe62npatZuhaL5pMGAbFafQ%2FNn0VwY%2BBtZ39%2FsiY9eZSPbvZiUCUrFdW6%2FEnYlehxkWja%2Bzc%2BP7YvQB0m5wyWoZbbZKeaeVsKqxdHIOObJpmnfiEbCgOCKqQgnTjUhCf1rBVdEefAd9hMv%2BjyKb68MW%2F6Z9yVCdztz8wRBpWmh1p5dJk3SOwgWcrA2NDvqAzAx%2B2fBn7uopp6HAA4cSu8NHHjal6J0THLow0jwExG%2BG%2Fnv1bFs1sEa8NfJTJBtBP7QCh3eNBzsmjWlJEV8bYQ%2BRAD%2BaE%2F2OTqSU3GQcIWih6830ErwOEzOyGKWzM79c2kHiMJeb%2FOaJrjG8JCEkp3%2FAg%3D Page URL
https://524.yafastdie.live/web/ HTTP 302
https://flirtsdreams.info/ HTTP 302
http://ww38.flirtsdreams.info/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://counter.yadro.ru/hit;lootraff?r;s1600*1200*24;uhttps%3A//drummondcommunitybank.org/;hWacht.;0.36239893912812526 HTTP 302
https://counter.yadro.ru/hit;lootraff?q;r;s1600*1200*24;uhttps%3A//drummondcommunitybank.org/;hWacht.;0.36239893912812526

Request Chain 3

https://drummondcommunitybank.org/ HTTP 301
https://mvgde.polluxcastor.top/?pl=wyqwIiui3U-oMKNOfTV6Dg HTTP 302
https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349

33 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
drummondcommunitybank.org/ 6 KB
3 KB 166ms
95ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://drummondcommunitybank.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f80bedbd262292f93acc2b529d19596362481dd239427885090352bdfb55124d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 801aabc3ba79b963-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 05 Sep 2023 01:24:08 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: </antibot777--/ab.php>; rel=dns-prefetch
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d%2B0Ay7MLcClnEowTHdj3yeBhlpAS3E2VxZwbXg09M6fgGi7GhdkJMfliNGScZR%2BX9%2B3Id1%2BwvN6Q%2B%2F0k3GA6cm3ziCVFufUskItLOkE2RwYkfhtiyJTiOx%2FjETAex96oSMecX0EAWjPwYb5XPpJi%2FxITl%2Furkhsr"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-robots-tag: noindex

GET
H/1.1

200
OK

hit;lootraff
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit;lootraff?r;s1600*1200*24;uhttps%3A//drummondcommunitybank.org/;hWacht.;0.36239893912812526
https://counter.yadro.ru/hit;lootraff?q;r;s1600*1200*24;uhttps%3A//drummondcommunitybank.org/;hWacht.;0.36239893912812526

43 B
528 B

67ms
66ms

Image
image/gif

88.212.201.198
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit;lootraff?q;r;s1600*1200*24;uhttps%3A//drummondcommunitybank.org/;hWacht.;0.36239893912812526

Protocol

HTTP/1.1

Server

88.212.201.198 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host198.rax.ru

Software

nginx/1.17.9 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://drummondcommunitybank.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 05 Sep 2023 01:24:09 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin: *
Cache-control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Sun, 04 Sep 2022 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 05 Sep 2023 01:24:09 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: text/html
Location: https://counter.yadro.ru/hit;lootraff?q;r;s1600*1200*24;uhttps%3A//drummondcommunitybank.org/;hWacht.;0.36239893912812526
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Length: 32
Expires: Sun, 04 Sep 2022 21:00:00 GMT

POST
H2 200 ab.php
drummondcommunitybank.org/antibot777--/ 72 B
479 B 89ms
88ms XHR
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://drummondcommunitybank.org/antibot777--/ab.php
Requested by: Host: drummondcommunitybank.org
URL: https://drummondcommunitybank.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://drummondcommunitybank.org/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-type: application/x-www-form-urlencoded;

Response headers

date: Tue, 05 Sep 2023 01:24:09 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-cms: AntiBot.Cloud (See: https://antibot.cloud/)
alt-svc: h3=":443"; ma=86400
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4PvoboiOJ%2FuXXuymtCLjhryj1a20dSBoqBzZ7iLzFVS1QcTHLAKZOSM9UF0v4f7uBFLv57qW8z76rX6RzTv8xqc9gcBKtAOiGw%2FjdPIfIy00vlZvjFu6haAtzHUjaCtY%2BycsHs4O0Zt0Aelct%2BE27E2RH0n1R5ft"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
x-robots-tag: noindex
access-control-allow-headers: *
cf-ray: 801aabc47b1bb963-AMS
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

/ Show response
mvgde.goldengrinder.top/blue-robot/
Redirect Chain

https://drummondcommunitybank.org/
https://mvgde.polluxcastor.top/?pl=wyqwIiui3U-oMKNOfTV6Dg
https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349

14 KB
6 KB

130ms
62ms

Document
text/html

172.64.162.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349
Requested by: Host: drummondcommunitybank.org
URL: https://drummondcommunitybank.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.162.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b2ed619a9620fc9d445ebab690f1f1c4108a41b93c6e4ddc80f7f9aea03bdec

Request headers

Referer: https://drummondcommunitybank.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 801aabc79cc60bcc-AMS
content-encoding: br
content-type: text/html
date: Tue, 05 Sep 2023 01:24:09 GMT
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vIn%2FR9M42OiKYs72ID3s7PSq5i6ntwxhHDHV9lo5yUtGk5ZtEpyzjhxOR0zWodwj2Kp0L14QcGOIEfQnmrIobL%2BDBNpw0qwT3nRLjP1YA8%2BiyAoTrtq8JFF4TMDZ3RqT60%2FqJh0y07xF0A%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 801aabc6cd301c99-AMS
content-length: 0
date: Tue, 05 Sep 2023 01:24:09 GMT
location: https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GlgbNFCL1GQjOCqnlwZdmcCBWjsG%2BdcCu6iJyrYg03Gu%2FnenbDqYrE1hIp6oa2YhHBaWbCs%2BRTwJBVTiPJOpbGUGptu6Ye45BKgKsSeFG48IQHqNuPVdqH8FyxCRfhwZOU5lQnhjuSgk"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 trls.js Show response
mvgde.goldengrinder.top/blue-robot/assets/ 8 KB
2 KB 35ms
33ms Script
application/javascript 172.64.162.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mvgde.goldengrinder.top/blue-robot/assets/trls.js
Requested by: Host: mvgde.goldengrinder.top
URL: https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.162.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c0b0f46a0c12f49cc290e1b3d62a890e8da3434dc80720e3c5a20bec0ab43e1

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 01:24:09 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 500
etag: W/"649c0dba-1fa7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3wn3i6XzIX50E1pwGzumEiOuO7ZDIQn%2Bf5eAaAR1vLd3AyuDuK9i0c2LowK2QzPxWQnPidKMm6TmuS63W%2FGAxkJpq%2BUNziCPQbBVW0CrTBNGuW0WBPLeZQ5d8m9ft%2Bvq%2FPR1F%2BXuESz5kA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 801aabc80d250bcc-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 style.css
mvgde.goldengrinder.top/blue-robot/assets/ 4 KB
1 KB 33ms
33ms Stylesheet
text/css 172.64.162.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mvgde.goldengrinder.top/blue-robot/assets/style.css
Requested by: Host: mvgde.goldengrinder.top
URL: https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.162.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a4bd4aed7f8c1fe11b9a39c4e70da33ccf8df29109e23f1ec10f6d07220bcd9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 01:24:09 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 500
etag: W/"649c0dba-f8e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yKrEMWx47tfrLHb8LJjo2OkWLHL7DaUubu9RbR6zkcfvsJt0VM3q3UxtdWD9yNti7eh2uRciXaAxmxYLi70i%2Big%2B2a1b%2BhFdCIGXw%2B%2BsABfeLPL%2FfooUBPJLBYlWZis90ZPVo2mmPBHQqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 801aabc80d260bcc-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 static-pl.js Show response
mvgde.goldengrinder.top/shared-js/assets/ 3 KB
1 KB 32ms
32ms Script
application/javascript 172.64.162.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mvgde.goldengrinder.top/shared-js/assets/static-pl.js
Requested by: Host: mvgde.goldengrinder.top
URL: https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.162.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93972bbc62d530dd23e06c5174b3e9ed4fb5719279ecef774d0a7eacf1040a18

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 01:24:09 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2100
etag: W/"649c0dba-bf3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gWi7rQdPspfx7QLvJ0jC3AM%2F%2FCfDufmY9gMZiHiYpAAoz1mU0KMBZPSBGR5K4H7LB5b6IPjgcf%2F2u2THnDvDzd1cXjTIi4JZ1b1cS%2FuvGHmovxp0Emus3mdvQLqge31Iix9almRlE1OHMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 801aabc80d270bcc-AMS
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 748 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5308b7decd6fc2d5e8438fb037c4a822125135db832c05437d754655ff2fc23

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 ps.js Show response
cdnstatic.goldengrinder.top/ps/ 24 KB
9 KB 79ms
70ms Script
application/javascript 172.64.162.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdnstatic.goldengrinder.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&click_id=&sub_id=&appspot=&d=https%3A%2F%2Fcdnstatic.goldengrinder.top
Requested by: Host: mvgde.goldengrinder.top
URL: https://mvgde.goldengrinder.top/shared-js/assets/static-pl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.162.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 568c7f893bc63fff36ac90e6907c3be9891a90f63817bc6fee82643b1ac55bea

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mvgde.goldengrinder.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 01:24:09 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cMxnn%2F8C3Fhtqgydi5KSjui%2BCvHMe%2BwjeyOUBynBVw2i%2FvmynZdgMDwayCzmH9HQdcdZT%2FIhyddh8ZJHmVpNbnZm9FyPyf8nWIaXY7Vk3wX%2FZCGkM2NHRE9q6FuB5S7DEkQu5CzQq9%2FPdCs3IOA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-ray: 801aabc85d720bcc-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 config.js Show response
cdnstatic.goldengrinder.top/ps/ 356 B
709 B 53ms
53ms Script
application/javascript 172.64.162.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdnstatic.goldengrinder.top/ps/config.js?id=wyqwIiui3U-oMKNOfTV6Dg
Requested by: Host: cdnstatic.goldengrinder.top
URL: https://cdnstatic.goldengrinder.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&click_id=&sub_id=&appspot=&d=https%3A%2F%2Fcdnstatic.goldengrinder.top
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.162.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f01f563a73e03794b44a9deb54bcb92c3533145df2182df37615b0eec0adbd9a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mvgde.goldengrinder.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 01:24:09 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hY25ajYTmYowfYLzp3q4h4iPBJww7HBXBArah1JlFMamZb4Jpz9%2BA4qHnpXRqJv%2BZIrYk%2FId4QiuiPcluQWF%2FmTo2zpeiBQ%2Bba86OkNieq7bEBeLohfTnGe5zldHPRO6DxKi9w6WDU0A%2FNC%2BXec%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-ray: 801aabc8d93e0e9c-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 firebase-app.js Show response
www.gstatic.com/firebasejs/8.4.1/ 21 KB
7 KB 107ms
33ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.4.1/firebase-app.js

Requested by

Host: cdnstatic.goldengrinder.top
URL: https://cdnstatic.goldengrinder.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&click_id=&sub_id=&appspot=&d=https%3A%2F%2Fcdnstatic.goldengrinder.top

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mvgde.goldengrinder.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 01:39:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 603852
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6763
x-xss-protection: 0
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 01:39:57 GMT

GET
H2 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/8.4.1/ 40 KB
11 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mvgde.goldengrinder.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 02 Sep 2023 05:39:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 243858
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10908
x-xss-protection: 0
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 01 Sep 2024 05:39:51 GMT

GET
H3 200 / Show response
mvgde.goldengrinder.top/blue-robot/ 14 KB
6 KB 48ms
48ms Document
text/html 172.64.162.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349
Requested by: Host: cdnstatic.goldengrinder.top
URL: https://cdnstatic.goldengrinder.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&click_id=&sub_id=&appspot=&d=https%3A%2F%2Fcdnstatic.goldengrinder.top
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.162.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b2ed619a9620fc9d445ebab690f1f1c4108a41b93c6e4ddc80f7f9aea03bdec

Request headers

Referer: https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 801aabcd3d360e9c-AMS
content-encoding: br
content-type: text/html
date: Tue, 05 Sep 2023 01:24:10 GMT
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6jC2BaFnh1jZnfS4E7zhdUCVrX7OGZGTtGlP4fj77c76hmy0C2E88pwQ63VIGasv3TS5ZNSKCDGy0s6wvCzsz0L2E485Bl%2BaoieoKKz4ohzeg4HaQGiHXYqy1%2Blhb7CO2yAjv0bsWzF1lw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H3 200 trls.js Show response
mvgde.goldengrinder.top/blue-robot/assets/ 8 KB
2 KB 34ms
33ms Script
application/javascript 172.64.162.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mvgde.goldengrinder.top/blue-robot/assets/trls.js
Requested by: Host: mvgde.goldengrinder.top
URL: https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.162.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c0b0f46a0c12f49cc290e1b3d62a890e8da3434dc80720e3c5a20bec0ab43e1

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 01:24:10 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2365
etag: W/"649c0dba-1fa7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=txslqDpeSfQ4kHV%2FZMPKr9ztgkxuuSxt6nMAqcBNxzmPnVQpFUzDJ0j1EubXskykjON4jocfybdX9dpNZ7s9B8TaXl%2Bc9i9S9Z5hLZDr4CI7MKjhvPVOIDmEb90EewPlj%2BbwBZGGW7mn%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 801aabcd9d920e9c-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 style.css
mvgde.goldengrinder.top/blue-robot/assets/ 4 KB
1 KB 34ms
34ms Stylesheet
text/css 172.64.162.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mvgde.goldengrinder.top/blue-robot/assets/style.css
Requested by: Host: mvgde.goldengrinder.top
URL: https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.162.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a4bd4aed7f8c1fe11b9a39c4e70da33ccf8df29109e23f1ec10f6d07220bcd9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 01:24:10 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2365
etag: W/"649c0dba-f8e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tdQBWPKjCl4JIEVnrcWHzt2jsAsbArIrCRWlV779A343NQyAxbG1beF5R%2BzFo3kk8Xf%2FvRS6r65GGqpDhvQdjbSzIqwRdtytOu3sIS6rayhXs6NRzw7IGWw1CZq6PlhNNuJra8cGxzYx5A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 801aabcd9d930e9c-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 static-pl.js Show response
mvgde.goldengrinder.top/shared-js/assets/ 3 KB
1 KB 33ms
32ms Script
application/javascript 172.64.162.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mvgde.goldengrinder.top/shared-js/assets/static-pl.js
Requested by: Host: mvgde.goldengrinder.top
URL: https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.162.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93972bbc62d530dd23e06c5174b3e9ed4fb5719279ecef774d0a7eacf1040a18

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mvgde.goldengrinder.top/blue-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&hash=bf91UhgUNWOHbjzUm8jfDQ&exp=1693877349
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 01:24:10 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2444
etag: W/"649c0dba-bf3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aa0hN9Jhunv4GZCMrT8U2o%2BJWd1u0jJ5aA3GZqk%2Bh8j1b7AuaxqQ8YJm9oCSr5498GMDpkh%2FnWGI8Idxrm3314UGXycS7vF3z0lW7iLbuPr%2BNbyBa5qkEcNCGuY4LWFe78v%2BYHsh2axEBw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 801aabcd9d940e9c-AMS
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 748 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5308b7decd6fc2d5e8438fb037c4a822125135db832c05437d754655ff2fc23

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 ps.js Show response
cdnstatic.goldengrinder.top/ps/ 24 KB
9 KB 51ms
51ms Script
application/javascript 172.64.162.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdnstatic.goldengrinder.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&click_id=&sub_id=&appspot=&d=https%3A%2F%2Fcdnstatic.goldengrinder.top
Requested by: Host: mvgde.goldengrinder.top
URL: https://mvgde.goldengrinder.top/shared-js/assets/static-pl.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.162.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 568c7f893bc63fff36ac90e6907c3be9891a90f63817bc6fee82643b1ac55bea

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mvgde.goldengrinder.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 01:24:10 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hbqGeFM%2Bp9oC7GHtnKZ3ovqpRfjb1md1ha0Rg%2FKFScVRIpeJgndz0%2FyFWQtrqxogKtlE%2Bzb7LoWuf%2FQCYuFUNkkR%2F%2BtLOkaKkCOehkpltH99lW%2F5CLR3xzQHFJWEIwDs%2FYtUP3pPYzBQPKMV86E%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-ray: 801aabcdcdcc0e9c-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 config.js
cdnstatic.goldengrinder.top/ps/ 356 B
665 B 51ms
51ms Script
application/javascript 172.64.162.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdnstatic.goldengrinder.top/ps/config.js?id=wyqwIiui3U-oMKNOfTV6Dg
Requested by: Host: cdnstatic.goldengrinder.top
URL: https://cdnstatic.goldengrinder.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&click_id=&sub_id=&appspot=&d=https%3A%2F%2Fcdnstatic.goldengrinder.top
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.162.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mvgde.goldengrinder.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 01:24:10 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y7wzfV6tIrjn1X%2BGOqNfqpJLOQiHzkaXCH5NULtNnvqOet8ZkbUgts5YdYhu492vZbW2vpquoZS9ujd4114zfrBsNy43miD8XuUpUsgb1cFyhI7gkCXYZeN4CfMepZ5QIT4wsLEzZr4XsoFqwG4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-ray: 801aabce2e2a0e9c-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 firebase-app.js
www.gstatic.com/firebasejs/8.4.1/ 21 KB
7 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.4.1/firebase-app.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mvgde.goldengrinder.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 01:39:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 603853
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6763
x-xss-protection: 0
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 01:39:57 GMT

GET
H3 200 firebase-messaging.js
www.gstatic.com/firebasejs/8.4.1/ 40 KB
11 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://mvgde.goldengrinder.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 02 Sep 2023 05:39:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 243859
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10908
x-xss-protection: 0
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 01 Sep 2024 05:39:51 GMT

GET
H2 200 / Show response
xingfutongmen.com/ 87 KB
32 KB 145ms
86ms Document
text/html 2a06:98c1:3121::9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xingfutongmen.com/?u=pe7k605&o=3u0gcu2
Requested by: Host: cdnstatic.goldengrinder.top
URL: https://cdnstatic.goldengrinder.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=wyqwIiui3U-oMKNOfTV6Dg&sm=blue-robot&click_id=&sub_id=&appspot=&d=https%3A%2F%2Fcdnstatic.goldengrinder.top
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bbfe0d249a428648970ca906c7b857f973b442cba95963cb089589ddf3a5cadc

Request headers

Referer: https://mvgde.goldengrinder.top/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private
cf-cache-status: DYNAMIC
cf-ray: 801aabcfb9d0b8a6-AMS
content-encoding: br
content-type: text/html
date: Tue, 05 Sep 2023 01:24:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fv3HXmowX9ZAgINp57Jm%2BCl6uuuWAB5Lj%2BdPLMIrXsJKOR60J6vgQrQY9qBkO3u5m1HDVYUUlFw8kxunkjp7682XcE9XI0hDD3I9hLqr5etxuehNv%2FOATD%2Bft801ZIqoslKabISgTGJDRrp8zCN8cg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 cloud.html Show response
xingfutongmen.com/media/mainstream/ Frame A27A 39 B
665 B 51ms
51ms Document
text/html 2a06:98c1:3121::9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://xingfutongmen.com/media/mainstream/cloud.html

Requested by

Host: xingfutongmen.com
URL: https://xingfutongmen.com/?u=pe7k605&o=3u0gcu2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xingfutongmen.com/?u=pe7k605&o=3u0gcu2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=31536000
cf-cache-status: DYNAMIC
cf-ray: 801aabd05a44b8a6-AMS
content-encoding: br
content-security-policy: block-all-mixed-content
content-type: text/html
date: Tue, 05 Sep 2023 01:24:10 GMT
expires: Wed, 04 Sep 2024 01:24:10 GMT
last-modified: Sun, 13 Aug 2023 20:44:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uklvh6QjcR%2FIxZizgBmWaiYWwin3tjAbfeJTJe1sI%2Bi7Gj34w1GY1l6lEZc6GBOWax8sigmx%2F8ZZwdIlTAlWMMQrcjbPzc7gXesvUXeb9VbtA7w%2Fiw2tjhCW68mnUqFZFQFGmaikV%2B4rIMyh%2FW3g3g%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin Accept-Encoding
x-amz-meta-mc-attrs: atime:1691959490#8576945/gid:0/gname:root/mode:33188/mtime:1691959490#8576945/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2023-08-13T20:44:50.035Z
x-amz-request-id: 1781DAA0968517B8
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK article524.doc
524.yafastdie.live/uiyaqtev/ 140 B
309 B 156ms
49ms Document
text/html 185.155.184.79
AS5398

General

Check archive.org

Show headers Download Go to

Full URL: https://524.yafastdie.live/uiyaqtev/article524.doc?u=pe7k605&o=3u0gcu2&f=1&sid=t2~r4vpqkaypveybcs0ee3suhor&fp=vEXmw1fxh0GE%2FgpQL8V%2Ba65vmzg%2BYrQ6IJQIJPaluoMIiIFhXQzOJ7qCYoqZaY8e5D22KA%2BqKmpe5E0a%2FZdRtYLCn883vdtq84H2ZbfuJvC3a1EeXTDIamsdzWgHTl4FqyczlCEGr%2BI1qcy3t3owbuujUo7Kif8W3YtVkMVapTQPVpAeDhg7IZGpqucpJnVE0WbstE4yHTrr8VxtSF7GjxjcWPYK1PYrArRDkZq0Our2dCPrWhUTnAq7240CH8qqpUbKstYsUDuSgxH6ksITeblz6h8%2Bk3Gbb91hB3mY%2FONiMWOiOkYNkCv6RuxFtgygBX8DKgk0YPbnqSix8LJavtEASOYjdAkuEDuLY9K5Y90fE5LNbCTHkQ2Sswpalr3XZdhvC13%2B%2BQFXCIZWSoZfU4EKxBkIkUW5Fy397eWo6dTGXs86CIjivXTEmo0rpKC%2ButcNPI1pxT%2BU4ySgOszGGfGKeqwuRW0KdkVNjsSnX%2F9BoqI8CQp3zS12%2ByvRkdiGzTHx0Wy3rRjOw9iixcpkmcHrOglZ6m8F9dJrLdOXBvK3XMgsmIYFv2vDw8CUzxo3FMNfjxQi2w%2F2ysb06kgjFaNR6GznhaeMz0m0DEdLNhULd4rFG2NIg%2B3CUxjIaoO4S2T%2F3E5JLmZLoXHhb853NcQn7x8B%2BEnrhlrENtxz6wZLANPsiHzAkMuRQ9tVFgM1qmpJlBWgjSqtL5xiwkuMTQmoTwWcUgEgTIPxN0c6Gbx8f9yPnxrzyAcLZD8BJFYuPxTYub18BJ1%2BCO0PRMPe0wFanO2nafbDcQ7iplkvhUCWqAELAuIsL8bwL%2B1N8alrdo%2FZAJOA3KWjwOJSMTMDy%2BfcnmQdlKlVcs1Gwg7tFVaL0tPMR78Cv%2FpSJPyd8%2FnttBg5UcnFLZSJ1FTU3bZCetRyKuesFaZTd8TTfhihj3h7iTFiFoiJUBKTB2dIEpHRUMwxgo47GD5iuK7XgKPwkeo%2Bw1Nm1ZfSwe7zQV%2BglcmrkUV7brS6JFp5tKnwURJ9JPPm7GXQ841lcKnHuHWAzCERAfMx7tSR7L4K0G75CUBrTWwwIRL8cv6wE%2BzlSfTa%2FOSj7s9cawvZPFy9leXG1mCGl2qATMQM4XxqWdXccGNinOl2fOHE7%2BL81R7GkUe7%2BbLqULHh1%2Fxj9pR8cQCkKbxHGFOZTU0CwH2W4cHEmAYtCdi6eiMlhGOyEU24tp245oTd%2FyRNcMQtgb%2B6hYdPsmsxjyMCqlHpBf8DqiV06Lof0pNsS2WFsim1iPakaBPuduB2VNx8MZ%2Fx93gE0%2FvHzuK3%2FevVLzQpvhmz7wZCbbdt%2BlZyPCTI33GmvhYuRfDWWEr4dn6VBk5UDHxQVAhQb3AP0Nl%2BU3%2B6VXJteXL5exauOaBj4LqZ%2FHuTjyTlGI5%2FXkoTzn49a8jH5xVZGCUu7t%2F%2B5oMVIIuo02hGXxmwKeVn7Q73hLW%2F7doJRODb%2Btynxd%2BJ3atERHQryEXOwwOZrVAJMSLkbtSGr6pSQoqp58vylU3yqWTgTDIPKAZqhNKhC5AjBLocDINj0LIRBTgRyM8MqOCxcKrnglWUzeAcq%2BkeYv6mDXw4eHfCR%2BDaKqD7g4NEpriX9w1ZOhaYf07t3imnhdOejSy2OND2uvojLaKzDKn74KgWiOrlo5JUq%2FQABimPp1EMgMHd6zBDxNMxe62npatZuhaL5pMGAbFafQ%2FNn0VwY%2BBtZ39%2FsiY9eZSPbvZiUCUrFdW6%2FEnYlehxkWja%2Bzc%2BP7YvQB0m5wyWoZbbZKeaeVsKqxdHIOObJpmnfiEbCgOCKqQgnTjUhCf1rBVdEefAd9hMv%2BjyKb68MW%2F6Z9yVCdztz8wRBpWmh1p5dJk3SOwgWcrA2NDvqAzAx%2B2fBn7uopp6HAA4cSu8NHHjal6J0THLow0jwExG%2BG%2Fnv1bFs1sEa8NfJTJBtBP7QCh3eNBzsmjWlJEV8bYQ%2BRAD%2BaE%2F2OTqSU3GQcIWih6830ErwOEzOyGKWzM79c2kHiMJeb%2FOaJrjG8JCEkp3%2FAg%3D
Requested by: Host: xingfutongmen.com
URL: https://xingfutongmen.com/?u=pe7k605&o=3u0gcu2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 185.155.184.79 , Switzerland, ASN5398 (AS5398, CH),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Referer: https://xingfutongmen.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Connection: keep-alive
Content-Length: 140
Content-Type: text/html
Date: Tue, 05 Sep 2023 01:24:11 GMT
Server: openresty
cache-control: private

GET
H/1.1

200
OK

Primary Request / Show response
ww38.flirtsdreams.info/
Redirect Chain

https://524.yafastdie.live/web/
https://flirtsdreams.info/
http://ww38.flirtsdreams.info/

17 KB
7 KB

107ms
73ms

Document
text/html

76.223.26.96

General

Check archive.org

Show headers Download Go to

Full URL: http://ww38.flirtsdreams.info/
Requested by: Host: 524.yafastdie.live
URL: https://524.yafastdie.live/uiyaqtev/article524.doc?u=pe7k605&o=3u0gcu2&f=1&sid=t2~r4vpqkaypveybcs0ee3suhor&fp=vEXmw1fxh0GE%2FgpQL8V%2Ba65vmzg%2BYrQ6IJQIJPaluoMIiIFhXQzOJ7qCYoqZaY8e5D22KA%2BqKmpe5E0a%2FZdRtYLCn883vdtq84H2ZbfuJvC3a1EeXTDIamsdzWgHTl4FqyczlCEGr%2BI1qcy3t3owbuujUo7Kif8W3YtVkMVapTQPVpAeDhg7IZGpqucpJnVE0WbstE4yHTrr8VxtSF7GjxjcWPYK1PYrArRDkZq0Our2dCPrWhUTnAq7240CH8qqpUbKstYsUDuSgxH6ksITeblz6h8%2Bk3Gbb91hB3mY%2FONiMWOiOkYNkCv6RuxFtgygBX8DKgk0YPbnqSix8LJavtEASOYjdAkuEDuLY9K5Y90fE5LNbCTHkQ2Sswpalr3XZdhvC13%2B%2BQFXCIZWSoZfU4EKxBkIkUW5Fy397eWo6dTGXs86CIjivXTEmo0rpKC%2ButcNPI1pxT%2BU4ySgOszGGfGKeqwuRW0KdkVNjsSnX%2F9BoqI8CQp3zS12%2ByvRkdiGzTHx0Wy3rRjOw9iixcpkmcHrOglZ6m8F9dJrLdOXBvK3XMgsmIYFv2vDw8CUzxo3FMNfjxQi2w%2F2ysb06kgjFaNR6GznhaeMz0m0DEdLNhULd4rFG2NIg%2B3CUxjIaoO4S2T%2F3E5JLmZLoXHhb853NcQn7x8B%2BEnrhlrENtxz6wZLANPsiHzAkMuRQ9tVFgM1qmpJlBWgjSqtL5xiwkuMTQmoTwWcUgEgTIPxN0c6Gbx8f9yPnxrzyAcLZD8BJFYuPxTYub18BJ1%2BCO0PRMPe0wFanO2nafbDcQ7iplkvhUCWqAELAuIsL8bwL%2B1N8alrdo%2FZAJOA3KWjwOJSMTMDy%2BfcnmQdlKlVcs1Gwg7tFVaL0tPMR78Cv%2FpSJPyd8%2FnttBg5UcnFLZSJ1FTU3bZCetRyKuesFaZTd8TTfhihj3h7iTFiFoiJUBKTB2dIEpHRUMwxgo47GD5iuK7XgKPwkeo%2Bw1Nm1ZfSwe7zQV%2BglcmrkUV7brS6JFp5tKnwURJ9JPPm7GXQ841lcKnHuHWAzCERAfMx7tSR7L4K0G75CUBrTWwwIRL8cv6wE%2BzlSfTa%2FOSj7s9cawvZPFy9leXG1mCGl2qATMQM4XxqWdXccGNinOl2fOHE7%2BL81R7GkUe7%2BbLqULHh1%2Fxj9pR8cQCkKbxHGFOZTU0CwH2W4cHEmAYtCdi6eiMlhGOyEU24tp245oTd%2FyRNcMQtgb%2B6hYdPsmsxjyMCqlHpBf8DqiV06Lof0pNsS2WFsim1iPakaBPuduB2VNx8MZ%2Fx93gE0%2FvHzuK3%2FevVLzQpvhmz7wZCbbdt%2BlZyPCTI33GmvhYuRfDWWEr4dn6VBk5UDHxQVAhQb3AP0Nl%2BU3%2B6VXJteXL5exauOaBj4LqZ%2FHuTjyTlGI5%2FXkoTzn49a8jH5xVZGCUu7t%2F%2B5oMVIIuo02hGXxmwKeVn7Q73hLW%2F7doJRODb%2Btynxd%2BJ3atERHQryEXOwwOZrVAJMSLkbtSGr6pSQoqp58vylU3yqWTgTDIPKAZqhNKhC5AjBLocDINj0LIRBTgRyM8MqOCxcKrnglWUzeAcq%2BkeYv6mDXw4eHfCR%2BDaKqD7g4NEpriX9w1ZOhaYf07t3imnhdOejSy2OND2uvojLaKzDKn74KgWiOrlo5JUq%2FQABimPp1EMgMHd6zBDxNMxe62npatZuhaL5pMGAbFafQ%2FNn0VwY%2BBtZ39%2FsiY9eZSPbvZiUCUrFdW6%2FEnYlehxkWja%2Bzc%2BP7YvQB0m5wyWoZbbZKeaeVsKqxdHIOObJpmnfiEbCgOCKqQgnTjUhCf1rBVdEefAd9hMv%2BjyKb68MW%2F6Z9yVCdztz8wRBpWmh1p5dJk3SOwgWcrA2NDvqAzAx%2B2fBn7uopp6HAA4cSu8NHHjal6J0THLow0jwExG%2BG%2Fnv1bFs1sEa8NfJTJBtBP7QCh3eNBzsmjWlJEV8bYQ%2BRAD%2BaE%2F2OTqSU3GQcIWih6830ErwOEzOyGKWzM79c2kHiMJeb%2FOaJrjG8JCEkp3%2FAg%3D
Protocol: HTTP/1.1
Server: 76.223.26.96 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 495391016eb425de45b1932fc974ba8045576abc1e851474d6a4e3dcee10a8ec

Request headers

Referer: https://524.yafastdie.live/uiyaqtev/article524.doc?u=pe7k605&o=3u0gcu2&f=1&sid=t2~r4vpqkaypveybcs0ee3suhor&fp=vEXmw1fxh0GE%2FgpQL8V%2Ba65vmzg%2BYrQ6IJQIJPaluoMIiIFhXQzOJ7qCYoqZaY8e5D22KA%2BqKmpe5E0a%2FZdRtYLCn883vdtq84H2ZbfuJvC3a1EeXTDIamsdzWgHTl4FqyczlCEGr%2BI1qcy3t3owbuujUo7Kif8W3YtVkMVapTQPVpAeDhg7IZGpqucpJnVE0WbstE4yHTrr8VxtSF7GjxjcWPYK1PYrArRDkZq0Our2dCPrWhUTnAq7240CH8qqpUbKstYsUDuSgxH6ksITeblz6h8%2Bk3Gbb91hB3mY%2FONiMWOiOkYNkCv6RuxFtgygBX8DKgk0YPbnqSix8LJavtEASOYjdAkuEDuLY9K5Y90fE5LNbCTHkQ2Sswpalr3XZdhvC13%2B%2BQFXCIZWSoZfU4EKxBkIkUW5Fy397eWo6dTGXs86CIjivXTEmo0rpKC%2ButcNPI1pxT%2BU4ySgOszGGfGKeqwuRW0KdkVNjsSnX%2F9BoqI8CQp3zS12%2ByvRkdiGzTHx0Wy3rRjOw9iixcpkmcHrOglZ6m8F9dJrLdOXBvK3XMgsmIYFv2vDw8CUzxo3FMNfjxQi2w%2F2ysb06kgjFaNR6GznhaeMz0m0DEdLNhULd4rFG2NIg%2B3CUxjIaoO4S2T%2F3E5JLmZLoXHhb853NcQn7x8B%2BEnrhlrENtxz6wZLANPsiHzAkMuRQ9tVFgM1qmpJlBWgjSqtL5xiwkuMTQmoTwWcUgEgTIPxN0c6Gbx8f9yPnxrzyAcLZD8BJFYuPxTYub18BJ1%2BCO0PRMPe0wFanO2nafbDcQ7iplkvhUCWqAELAuIsL8bwL%2B1N8alrdo%2FZAJOA3KWjwOJSMTMDy%2BfcnmQdlKlVcs1Gwg7tFVaL0tPMR78Cv%2FpSJPyd8%2FnttBg5UcnFLZSJ1FTU3bZCetRyKuesFaZTd8TTfhihj3h7iTFiFoiJUBKTB2dIEpHRUMwxgo47GD5iuK7XgKPwkeo%2Bw1Nm1ZfSwe7zQV%2BglcmrkUV7brS6JFp5tKnwURJ9JPPm7GXQ841lcKnHuHWAzCERAfMx7tSR7L4K0G75CUBrTWwwIRL8cv6wE%2BzlSfTa%2FOSj7s9cawvZPFy9leXG1mCGl2qATMQM4XxqWdXccGNinOl2fOHE7%2BL81R7GkUe7%2BbLqULHh1%2Fxj9pR8cQCkKbxHGFOZTU0CwH2W4cHEmAYtCdi6eiMlhGOyEU24tp245oTd%2FyRNcMQtgb%2B6hYdPsmsxjyMCqlHpBf8DqiV06Lof0pNsS2WFsim1iPakaBPuduB2VNx8MZ%2Fx93gE0%2FvHzuK3%2FevVLzQpvhmz7wZCbbdt%2BlZyPCTI33GmvhYuRfDWWEr4dn6VBk5UDHxQVAhQb3AP0Nl%2BU3%2B6VXJteXL5exauOaBj4LqZ%2FHuTjyTlGI5%2FXkoTzn49a8jH5xVZGCUu7t%2F%2B5oMVIIuo02hGXxmwKeVn7Q73hLW%2F7doJRODb%2Btynxd%2BJ3atERHQryEXOwwOZrVAJMSLkbtSGr6pSQoqp58vylU3yqWTgTDIPKAZqhNKhC5AjBLocDINj0LIRBTgRyM8MqOCxcKrnglWUzeAcq%2BkeYv6mDXw4eHfCR%2BDaKqD7g4NEpriX9w1ZOhaYf07t3imnhdOejSy2OND2uvojLaKzDKn74KgWiOrlo5JUq%2FQABimPp1EMgMHd6zBDxNMxe62npatZuhaL5pMGAbFafQ%2FNn0VwY%2BBtZ39%2FsiY9eZSPbvZiUCUrFdW6%2FEnYlehxkWja%2Bzc%2BP7YvQB0m5wyWoZbbZKeaeVsKqxdHIOObJpmnfiEbCgOCKqQgnTjUhCf1rBVdEefAd9hMv%2BjyKb68MW%2F6Z9yVCdztz8wRBpWmh1p5dJk3SOwgWcrA2NDvqAzAx%2B2fBn7uopp6HAA4cSu8NHHjal6J0THLow0jwExG%2BG%2Fnv1bFs1sEa8NfJTJBtBP7QCh3eNBzsmjWlJEV8bYQ%2BRAD%2BaE%2F2OTqSU3GQcIWih6830ErwOEzOyGKWzM79c2kHiMJeb%2FOaJrjG8JCEkp3%2FAg%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Accept-CH: viewport-width dpr device-memory rtt downlink ect ua ua-full-version ua-platform ua-platform-version ua-arch ua-model ua-mobile
Accept-CH-Lifetime: 30
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Tue, 05 Sep 2023 01:24:14 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_VjHwLf/nJoSx9dbrHD2kFcqHP+h9mwo01TW30FIZDGSz+z9NvP99Ii7H40mmGqlVkoCkC2a9Qd1I/sKuKFqAsg==
X-Buckets: bucket003
X-Domain: flirtsdreams.info
X-Language: dutch
X-Subdomain: ww38
X-Template: tpl_CleanPeppermintBlack_twoclick

Redirect headers

connection: close
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 05 Sep 2023 01:24:13 GMT
location: http://ww38.flirtsdreams.info/
server: Apache

GET
H/1.1 200
OK caf.js Show response
www.google.com/adsense/domains/ 148 KB
55 KB 130ms
69ms Script
text/javascript 2a00:1450:4001:808::2004

General

Check archive.org

Show headers Download Go to

Full URL

http://www.google.com/adsense/domains/caf.js?abp=1

Requested by

Host: ww38.flirtsdreams.info
URL: http://ww38.flirtsdreams.info/

Protocol

HTTP/1.1

Server

2a00:1450:4001:808::2004 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e2b69d849b9a2563ce0b14b7adc316e54b8bfc185aae0a1040da3ec1854e30bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://ww38.flirtsdreams.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Tue, 05 Sep 2023 01:24:14 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
X-XSS-Protection: 0
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
ETag: "13772778491518936215"
Vary: Accept-Encoding
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Content-Type: text/javascript; charset=UTF-8
Cache-Control: private, max-age=3600
Accept-Ranges: bytes
Expires: Tue, 05 Sep 2023 01:24:14 GMT

GET
H/1.1 200
OK sale_form.js Show response
c.parkingcrew.net/scripts/ 761 B
1005 B 120ms
74ms Script
application/javascript 185.53.178.30

General

Check archive.org

Show headers Download Go to

Full URL: http://c.parkingcrew.net/scripts/sale_form.js
Requested by: Host: ww38.flirtsdreams.info
URL: http://ww38.flirtsdreams.info/
Protocol: HTTP/1.1
Server: 185.53.178.30 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://ww38.flirtsdreams.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Tue, 05 Sep 2023 01:24:14 GMT
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
Server: nginx
ETag: "5ebab1f0-2f9"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 761

GET
H/1.1 200
OK track.php Show response
ww38.flirtsdreams.info/ 0
608 B 57ms
57ms XHR
text/html 76.223.26.96

General

Check archive.org

Show headers Download Go to

Full URL: http://ww38.flirtsdreams.info/track.php?domain=flirtsdreams.info&toggle=browserjs&uid=MTY5Mzg3NzA1NC4zMTY2OjkwNWE0OTcwZTRmYzQ4YWZlZTY1MzNkOTRkNDc2ODAzMGEyYzUxNWVmNjJjZTdjZmMzNWNkZDRlOTM1OGRlNDA6NjRmNjgzM2U0ZDRhMg%3D%3D
Requested by: Host: ww38.flirtsdreams.info
URL: http://ww38.flirtsdreams.info/
Protocol: HTTP/1.1
Server: 76.223.26.96 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://ww38.flirtsdreams.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Tue, 05 Sep 2023 01:24:14 GMT
Content-Encoding: gzip
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
X-Custom-Track: browserjs
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Accept-CH-Lifetime: 30
Connection: keep-alive

GET
H/1.1 200
OK arrows.png
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/ 11 KB
12 KB 64ms
32ms Image
image/png 2600:9000:2250:3a00:1d:4618:5c80:21

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
Requested by: Host: ww38.flirtsdreams.info
URL: http://ww38.flirtsdreams.info/
Protocol: HTTP/1.1
Server: 2600:9000:2250:3a00:1d:4618:5c80:21 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://ww38.flirtsdreams.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 17:25:30 GMT
Via: 1.1 da4de4427d18bee1d3254f1bbdad25f2.cloudfront.net (CloudFront)
Last-Modified: Thu, 23 Jun 2022 10:44:43 GMT
Server: nginx
X-Amz-Cf-Pop: FRA60-P2
Age: 28724
ETag: "62b4441b-2c6f"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11375
X-Amz-Cf-Id: dS21Sn-qdXunar0xvR_pOnSqAxsb5mtq7z2RHuGZxLb_RW0hdcJ-RQ==

GET
H/1.1 201
Created ls.php Show response
ww38.flirtsdreams.info/ 16 B
906 B 58ms
57ms XHR
text/javascript 76.223.26.96

General

Check archive.org

Show headers Download Go to

Full URL: http://ww38.flirtsdreams.info/ls.php?t=64f6833e&token=423b022388baf0a9419ea3abde69412386b9bf23
Requested by: Host: ww38.flirtsdreams.info
URL: http://ww38.flirtsdreams.info/
Protocol: HTTP/1.1
Server: 76.223.26.96 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://ww38.flirtsdreams.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Tue, 05 Sep 2023 01:24:14 GMT
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Transfer-Encoding: chunked
Accept-CH-Lifetime: 30
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin
Access-Control-Allow-Methods: POST, OPTIONS
Charset: utf-8
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_XBqU30dND0EOQGZcvlvK7to3G9smrjpYbTNGSGE1QyzCYfJ5ww4JAfaQuSXTUHb3MuBt6gyC81SPl0bLOQcobw==
Connection: keep-alive
X-Log-Success: 64f6833ef736660d5b4c6ccc

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 388 B
596 B 195ms
40ms Script
text/javascript 2a00:1450:4001:806::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=ww38.flirtsdreams.info&client=dp-teaminternet04_3ph&product=SAS&callback=__sasCookie

Requested by

Host: www.google.com
URL: http://www.google.com/adsense/domains/caf.js?abp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

4014a50e3d5d4991b60fbdc8baa0d8c97c53a50a862c5bd0322dfe985903250c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://ww38.flirtsdreams.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 01:24:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 244
x-xss-protection: 0

GET
H2 200 ads Show response
www.google.com/afs/ Frame 04E1 16 KB
4 KB 281ms
133ms Document
text/html 2a00:1450:4001:808::2004

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket003&client=dp-teaminternet04_3ph&r=m&hl=nl&rpbu=http%3A%2F%2Fww38.flirtsdreams.info%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NGY2ODMzZTRkNDgzfHx8MTY5Mzg3NzA1NC4zMjYzfDRiMDRiMjY3YTFiZWM1YTE5OGU1NTk5ZWY3ZjQ5Y2Y2NThjNTk3ZDB8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDQyM2IwMjIzODhiYWYwYTk0MTllYTNhYmRlNjk0MTIzODZiOWJmMjN8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfA%253D%253D&terms=Tulum%20Resorts%2CCancun%20Resorts%2CTrundle&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2631830028814560&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301293%2C17301318%2C17301320&format=r3%7Cs&nocache=7331693877054701&num=0&output=afd_ads&domain_name=ww38.flirtsdreams.info&v=3&bsl=8&pac=2&u_his=23&u_tz=120&dt=1693877054702&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=789&frm=0&cl=560704565&uio=--&cont=tc&jsid=caf&jsv=560704565&rurl=http%3A%2F%2Fww38.flirtsdreams.info%2F&adbw=master-1%3A530

Requested by

Host: www.google.com
URL: http://www.google.com/adsense/domains/caf.js?abp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 -, , ASN (),

Reverse DNS

Software

gws /

Resource Hash

813e64672e2650a6201b89adf9c3120b7907dd564de3e43fb7b2f7632ca6677e

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-Ajd-_QmI-zIIAoAlJzpUbw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Xss-Protection	0

Request headers

Referer: http://ww38.flirtsdreams.info/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=3600
content-disposition: inline
content-encoding: br
content-length: 3451
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-Ajd-_QmI-zIIAoAlJzpUbw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-type: text/html; charset=UTF-8
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
date: Tue, 05 Sep 2023 01:24:14 GMT
expires: Tue, 05 Sep 2023 01:24:14 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
server: gws
x-xss-protection: 0

GET search.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame 04E1 0
0

GET chevron.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame 04E1 0
0

GET caf.js
www.google.com/adsense/domains/ Frame 04E1 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: afs.googleusercontent.com
URL: https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff

Domain: afs.googleusercontent.com
URL: https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff

Domain: www.google.com
URL: https://www.google.com/adsense/domains/caf.js?pac=2

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
drummondcommunitybank.org/	1970-01-20 23:16:53	Name: antibot_uid Value: 70b6591e64bec67459c86b9cfc3c1607
drummondcommunitybank.org/	1970-01-20 14:45:41	Name: antibot_country Value: NL
drummondcommunitybank.org/	1970-01-20 14:45:41	Name: antibot_lang Value: nl
drummondcommunitybank.org/	1970-01-20 14:45:41	Name: antibot_ptr Value: 2a00%3A1630%3A0002%3A1c02%3A0000%3A0000%3A0000%3A0008
drummondcommunitybank.org/	1970-01-20 14:45:41	Name: antibot_da7a336a60b82962f78d760c0b067b6e Value: a5f6cc3732ede2d2f317a44f468f2f9b
drummondcommunitybank.org/	1970-01-20 14:32:43	Name: antibot_referer Value: https%3A%2F%2Fdrummondcommunitybank.org%2F
drummondcommunitybank.org/	1970-01-20 14:32:43	Name: antibot_hits Value: 2
drummondcommunitybank.org/	1970-01-20 14:32:43	Name: antibot_unique_20230905 Value: 1
.yadro.ru/	1970-01-20 23:16:37	Name: FTID Value: 1azeCv1ZuNud1azeCv00136n
.yadro.ru/	1970-01-20 23:16:37	Name: VID Value: 1Br3hI2_iKud1azeCv00137C
mvgde.polluxcastor.top/	1970-01-20 14:37:02	Name: wyqwIiui3U-oMKNOfTV6Dg Value: 3
mvgde.polluxcastor.top/	1970-01-21 00:07:17	Name: __pl Value: fb00c91c-0bec-4c66-921e-3af7302ba343
mvgde.polluxcastor.top/	1970-01-20 14:31:20	Name: __cap Value: 1
cdnstatic.goldengrinder.top/	1970-01-21 00:07:17	Name: __psu Value: 6046902d-d35a-4a1f-9800-e285151f8de7
xingfutongmen.com/	1969-12-31 23:59:59	Name: sid Value: t2~r4vpqkaypveybcs0ee3suhor
xingfutongmen.com/	1969-12-31 23:59:59	Name: p1 Value: https://yafastdie.live/uiyaqtev/
xingfutongmen.com/	1969-12-31 23:59:59	Name: s1 Value: imy0xaf7p86658yc
524.yafastdie.live/	1969-12-31 23:59:59	Name: sid Value: t5~j1fehul4fberygx1nfhowlko

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: http://www.google.com/adsense/domains/caf.js?abp=1(Line 220) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

524.yafastdie.live
afs.googleusercontent.com
c.parkingcrew.net
cdnstatic.goldengrinder.top
counter.yadro.ru
d38psrni17bvxu.cloudfront.net
drummondcommunitybank.org
flirtsdreams.info
mvgde.goldengrinder.top
mvgde.polluxcastor.top
partner.googleadservices.com
ww38.flirtsdreams.info
www.google.com
www.gstatic.com
xingfutongmen.com
afs.googleusercontent.com
www.google.com
103.224.182.246
172.64.162.14
185.155.184.79
185.53.178.30
188.114.97.3
2600:9000:2250:3a00:1d:4618:5c80:21
2a00:1450:4001:806::2002
2a00:1450:4001:808::2004
2a00:1450:4001:829::2003
2a06:98c1:3120::3
2a06:98c1:3121::9
76.223.26.96
88.212.201.198
2c0b0f46a0c12f49cc290e1b3d62a890e8da3434dc80720e3c5a20bec0ab43e1
3a4bd4aed7f8c1fe11b9a39c4e70da33ccf8df29109e23f1ec10f6d07220bcd9
4014a50e3d5d4991b60fbdc8baa0d8c97c53a50a862c5bd0322dfe985903250c
495391016eb425de45b1932fc974ba8045576abc1e851474d6a4e3dcee10a8ec
568c7f893bc63fff36ac90e6907c3be9891a90f63817bc6fee82643b1ac55bea
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865
813e64672e2650a6201b89adf9c3120b7907dd564de3e43fb7b2f7632ca6677e
93972bbc62d530dd23e06c5174b3e9ed4fb5719279ecef774d0a7eacf1040a18
9b2ed619a9620fc9d445ebab690f1f1c4108a41b93c6e4ddc80f7f9aea03bdec
a5308b7decd6fc2d5e8438fb037c4a822125135db832c05437d754655ff2fc23
a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7
bbfe0d249a428648970ca906c7b857f973b442cba95963cb089589ddf3a5cadc
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2
e2b69d849b9a2563ce0b14b7adc316e54b8bfc185aae0a1040da3ec1854e30bb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f01f563a73e03794b44a9deb54bcb92c3533145df2182df37615b0eec0adbd9a
f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3
f80bedbd262292f93acc2b529d19596362481dd239427885090352bdfb55124d

ww38.flirtsdreams.info Open in urlscan Pro 76.223.26.96 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

33 Requests

70 %HTTPS

46 %IPv6

13 Domains

15 Subdomains

12 IPs

5 Countries

193 kBTransfer

517 kBSize

18 Cookies

0 Outgoing links

Page URL History

Redirected requests

33 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

ww38.flirtsdreams.info Open in urlscan Pro
76.223.26.96 Public Scan

Screenshot
Live screenshot

Full Image

33
Requests

70 %
HTTPS

46 %
IPv6

13
Domains

15
Subdomains

12
IPs

5
Countries

193 kB
Transfer

517 kB
Size

18
Cookies

33 HTTP transactions
2 data transactions