urlscan.io logo urlscan.io
SecurityTrails logo

darkleaf.xyz Open in urlscan Pro
2a06:98c1:3120::7  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://l.jusl.ru/A5u8rGY
Effective URL: https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_C...
Submission: On April 01 via manual from LU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 4 countries across 8 domains to perform 24 HTTP transactions. The main IP is 2a06:98c1:3120::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is darkleaf.xyz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 20th 2021. Valid for: a year.
This is the only time darkleaf.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 185.41.163.83 44128 (INTERNET-...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2001:4de0:ac1... 20446 (STACKPATH...)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
5 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
24 9
7    185.41.163.83 (Russian Federation)

ASN44128 (INTERNET-PRO-AS, RU)
PTR: vm-372fc382.netangels.ru
l.jusl.ru
1    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (STACKPATH-CDN, US)
code.jquery.com
1    2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
5    2a06:98c1:3120::7 (United States)

ASN13335 (CLOUDFLARENET, US)
darkleaf.xyz
1    2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
5    2a00:1450:4001:82f::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
play-lh.googleusercontent.com
1    2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
Apex Domain
Subdomains		 Transfer
7 jusl.ru
l.jusl.ru
228 KB
5 googleusercontent.com
play-lh.googleusercontent.com — Cisco Umbrella Rank: 400
237 KB
5 darkleaf.xyz
darkleaf.xyz
48 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 694
31 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 45
ajax.googleapis.com — Cisco Umbrella Rank: 280
97 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 229
6 KB
1 gstatic.com
fonts.gstatic.com
45 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 652
30 KB
24 8
Domain Requested by
7 l.jusl.ru l.jusl.ru
5 play-lh.googleusercontent.com darkleaf.xyz
5 darkleaf.xyz l.jusl.ru
darkleaf.xyz
2 maxcdn.bootstrapcdn.com darkleaf.xyz
1 ajax.googleapis.com darkleaf.xyz
1 cdnjs.cloudflare.com darkleaf.xyz
1 fonts.gstatic.com fonts.googleapis.com
1 code.jquery.com l.jusl.ru
1 fonts.googleapis.com l.jusl.ru
24 9

This site contains links to these domains. Also see Links.

Domain
play.google.com
www.lyoness.com
www.myworld.com
Subject Issuer Validity Valid
*.jusl.ru
R3		 2022-03-10 -
2022-06-08		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-03-17 -
2022-06-09		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-03-17 -
2022-06-09		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-10-20 -
2022-10-19		 a year crt.sh
edgestatic.com
GTS CA 1C3		 2022-03-17 -
2022-06-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_CampaignID=__CAMPAIGN_ID__&utm_AdsetName=__AID_NAME__&utm_AdsetID=__AID__&utm_AdName=__CID_NAME__&utm_AdID=__CID__&utm_campaign=klopwags_KIVwebcelentano01_sub
Frame ID: 78CA9DBC5D64703BCEBC04669973005B
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

myWorld Benefits myWorld Benefits

Page URL History Show full URLs

  1. https://l.jusl.ru/A5u8rGY Page URL
  2. https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__C... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]+?href="[^"]+bulma(?:\.min)?\.css
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

24
Requests

100 %
HTTPS

89 %
IPv6

8
Domains

9
Subdomains

9
IPs

4
Countries

720 kB
Transfer

1109 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://l.jusl.ru/A5u8rGY Page URL
  2. https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_CampaignID=__CAMPAIGN_ID__&utm_AdsetName=__AID_NAME__&utm_AdsetID=__AID__&utm_AdName=__CID_NAME__&utm_AdID=__CID__&utm_campaign=klopwags_KIVwebcelentano01_sub Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
A5u8rGY
l.jusl.ru/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://l.jusl.ru/A5u8rGY
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.41.163.83 , Russian Federation, ASN44128 (INTERNET-PRO-AS, RU),
Reverse DNS
vm-372fc382.netangels.ru
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
1f875f74f5f383f169b5539b783a993764a50b9fabe96854d713d1d3ee579ca9

Request headers

Accept-Language
de-DE,de;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Cache-Control
public, max-age=0
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Fri, 01 Apr 2022 15:30:38 GMT
ETag
W/"1648823868.44-4508-1664356400"
Expires
0
Last-Modified
Fri, 01 Apr 2022 14:37:48 GMT
Pragma
no-cache
Server
nginx/1.14.0 (Ubuntu)
Transfer-Encoding
chunked
bootstrap.min.css
l.jusl.ru/static/vendor/bootstrap/css/ 		124 KB
125 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://l.jusl.ru/static/vendor/bootstrap/css/bootstrap.min.css
Requested by
Host: l.jusl.ru
URL: https://l.jusl.ru/A5u8rGY
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.41.163.83 , Russian Federation, ASN44128 (INTERNET-PRO-AS, RU),
Reverse DNS
vm-372fc382.netangels.ru
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
414caa66bb79bc88c1ba6a2a415d2333c0a01aab1c15f74684dfa7542a97d2f7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://l.jusl.ru/A5u8rGY
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Fri, 01 Apr 2022 15:30:38 GMT
Last-Modified
Tue, 17 Sep 2019 19:35:29 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d813581-1f16f"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
127343
css
fonts.googleapis.com/ 		2 KB
1009 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=cyrillic-ext
Requested by
Host: l.jusl.ru
URL: https://l.jusl.ru/A5u8rGY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4c8637d0e9be13cf21057f33cf485a942d0ab8283c5813fcdc5c57ccd403896b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://l.jusl.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 01 Apr 2022 15:30:38 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 01 Apr 2022 15:30:38 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 01 Apr 2022 15:30:38 GMT
style.css
l.jusl.ru/static/css/ 		8 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://l.jusl.ru/static/css/style.css?6
Requested by
Host: l.jusl.ru
URL: https://l.jusl.ru/A5u8rGY
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.41.163.83 , Russian Federation, ASN44128 (INTERNET-PRO-AS, RU),
Reverse DNS
vm-372fc382.netangels.ru
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
5cc5b4cbc0337faf8da81f81132c91e544e6ac2f14cbd9aceacb0c8c90236840

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://l.jusl.ru/A5u8rGY
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Fri, 01 Apr 2022 15:30:38 GMT
Last-Modified
Tue, 22 Mar 2022 13:12:14 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"6239cb2e-1f17"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7959
logo.svg
l.jusl.ru/static/img/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.jusl.ru/static/img/logo.svg
Requested by
Host: l.jusl.ru
URL: https://l.jusl.ru/A5u8rGY
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.41.163.83 , Russian Federation, ASN44128 (INTERNET-PRO-AS, RU),
Reverse DNS
vm-372fc382.netangels.ru
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
48e63a0018f3e704d1f893842126eb8b18c3535120f8e2c952ec2afc0b5fb3de

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://l.jusl.ru/A5u8rGY
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Fri, 01 Apr 2022 15:30:38 GMT
Last-Modified
Tue, 17 Sep 2019 19:35:29 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d813581-13fc"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5116
ic_site.svg
l.jusl.ru/static/img/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.jusl.ru/static/img/ic_site.svg
Requested by
Host: l.jusl.ru
URL: https://l.jusl.ru/A5u8rGY
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.41.163.83 , Russian Federation, ASN44128 (INTERNET-PRO-AS, RU),
Reverse DNS
vm-372fc382.netangels.ru
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
07be51eb33f37b32c413a3444504f27c3f435ffcd0cdfe5ba523130994633554

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://l.jusl.ru/A5u8rGY
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Fri, 01 Apr 2022 15:30:38 GMT
Last-Modified
Tue, 17 Sep 2019 19:35:29 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d813581-1981"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6529
powered.svg
l.jusl.ru/static/img/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.jusl.ru/static/img/powered.svg
Requested by
Host: l.jusl.ru
URL: https://l.jusl.ru/A5u8rGY
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.41.163.83 , Russian Federation, ASN44128 (INTERNET-PRO-AS, RU),
Reverse DNS
vm-372fc382.netangels.ru
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
c8a3a9743aa26c38c8b46a8d12bcd5df5e2c885109b5e2f65b855d95d12f209d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://l.jusl.ru/A5u8rGY
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Fri, 01 Apr 2022 15:30:38 GMT
Last-Modified
Tue, 17 Sep 2019 19:35:29 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d813581-337e"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13182
jquery-3.3.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.3.1.min.js
Requested by
Host: l.jusl.ru
URL: https://l.jusl.ru/A5u8rGY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://l.jusl.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 15:30:38 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-1538f"
vary
Accept-Encoding
x-hw
1648827038.dop238.am5.t,1648827038.cds316.am5.hn,1648827038.cds006.am5.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30288
bootstrap.bundle.min.js
l.jusl.ru/static/vendor/bootstrap/js/ 		68 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://l.jusl.ru/static/vendor/bootstrap/js/bootstrap.bundle.min.js
Requested by
Host: l.jusl.ru
URL: https://l.jusl.ru/A5u8rGY
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.41.163.83 , Russian Federation, ASN44128 (INTERNET-PRO-AS, RU),
Reverse DNS
vm-372fc382.netangels.ru
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
4490f15bcd903912985c78ba0b1d4abbc94f7eec240c8050685676d071b13d74

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://l.jusl.ru/A5u8rGY
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Fri, 01 Apr 2022 15:30:38 GMT
Last-Modified
Tue, 17 Sep 2019 19:35:29 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d813581-10f4d"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
69453
jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v16/ 		44 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ptsans/v16/jizaRExUiTo99u79D0KExQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=cyrillic-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://l.jusl.ru
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 30 Mar 2022 19:41:16 GMT
x-content-type-options
nosniff
age
157763
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
45300
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 18:57:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 30 Mar 2023 19:41:16 GMT
Primary Request /
darkleaf.xyz/ 		18 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_CampaignID=__CAMPAIGN_ID__&utm_AdsetName=__AID_NAME__&utm_AdsetID=__AID__&utm_AdName=__CID_NAME__&utm_AdID=__CID__&utm_campaign=klopwags_KIVwebcelentano01_sub
Requested by
Host: l.jusl.ru
URL: https://l.jusl.ru/A5u8rGY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99936ec205617a3d7180d78420c51237ecd1b7ece7d90c65c076cd2dc5671384

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://l.jusl.ru/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
6f525e04fccf8fc8-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Fri, 01 Apr 2022 15:30:39 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified
Fri, 30 Nov 1979 00:00:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7IcGiPB1iOzyGKZlwsv9FH%2B6Mcn4%2F89Tm2Cjc%2Bv8n8vS7ihKrgQ6XTYJmAEMrlxUsQLbb%2BO17bCNyEOIX4%2FMaCY9P%2FnRa3SWeE134dfS4PVRKl1qaNV46cgQCvh9CzqU9OAxlVWaPwr32T4%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/ 		28 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css
Requested by
Host: darkleaf.xyz
URL: https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_CampaignID=__CAMPAIGN_ID__&utm_AdsetName=__AID_NAME__&utm_AdsetID=__AID__&utm_AdName=__CID_NAME__&utm_AdID=__CID__&utm_campaign=klopwags_KIVwebcelentano01_sub
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://darkleaf.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 15:30:39 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
678227
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5324
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-7187"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qc6a8SE%2FPj8aYZ%2BIYeZFfetoEmdZuI6fnqqOGGiuq%2BJe1Au4FiQ5J8FvL%2BWRcy7X6EDsXYBPr4QKnk2LidA%2FmlrfSczkKCcCg7ZHhQrYf848TuaFI7n%2Fe9u06Nq0JKu8Sb4TyS1biMEaa2AsJHa%2FZQmL"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6f525e0679576907-FRA
expires
Wed, 22 Mar 2023 15:30:39 GMT
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 		118 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Requested by
Host: darkleaf.xyz
URL: https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_CampaignID=__CAMPAIGN_ID__&utm_AdsetName=__AID_NAME__&utm_AdsetID=__AID__&utm_AdName=__CID_NAME__&utm_AdID=__CID__&utm_campaign=klopwags_KIVwebcelentano01_sub
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://darkleaf.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 15:30:39 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
632, 617, 617, 617
age
3743075
cdn-cachedat
2021-06-08 21:21:23
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:03:59 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
f3a3007506374a305b1a96efe5ee1490
cf-ray
6f525e068b489b21-FRA
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
Footer-with-logo.css
darkleaf.xyz/assets/css/ 		2 KB
907 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://darkleaf.xyz/assets/css/Footer-with-logo.css
Requested by
Host: darkleaf.xyz
URL: https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_CampaignID=__CAMPAIGN_ID__&utm_AdsetName=__AID_NAME__&utm_AdsetID=__AID__&utm_AdName=__CID_NAME__&utm_AdID=__CID__&utm_campaign=klopwags_KIVwebcelentano01_sub
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea4dafad2b0ddc57030300bc071698b03679064c6db4e239935ff5b6080b7cb7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_CampaignID=__CAMPAIGN_ID__&utm_AdsetName=__AID_NAME__&utm_AdsetID=__AID__&utm_AdName=__CID_NAME__&utm_AdID=__CID__&utm_campaign=klopwags_KIVwebcelentano01_sub
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 15:30:39 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 30 Nov 1979 00:00:00 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BTcWiaWrLo%2B4Bgez9Ox1H4hSk41cOl8YFlmjGZa20u8Hg01pCu0N%2BaFyd%2FzBSsw3akxiPvDp9q8JXtZg3Soclbk6pyyermxoAxkggEMjQiNrizAoulk%2FbOrlljA1C9TJh3gJbnuAcNJGZS4%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6f525e064e208fc8-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
bulma.min.css
darkleaf.xyz/npm/bulma@0.9.2/css/ 		201 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://darkleaf.xyz/npm/bulma@0.9.2/css/bulma.min.css
Requested by
Host: darkleaf.xyz
URL: https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_CampaignID=__CAMPAIGN_ID__&utm_AdsetName=__AID_NAME__&utm_AdsetID=__AID__&utm_AdName=__CID_NAME__&utm_AdID=__CID__&utm_campaign=klopwags_KIVwebcelentano01_sub
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3bc4ac4300e0d51d745a728937262077d277ae5a26f984957066c41794667c59

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 15:30:39 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 30 Nov 1979 00:00:00 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=njrsKUzJb%2F4koF383JFZoeBhFNeewF8R%2BGpiTdmHdY1FTDDc%2FTk1vJm%2Bc97iG8tyYvvl2MrvTJniWYkuCf%2B4gkmEamRIZSd%2BZfjz8mRrffZOyzmLZB9t9zeud1KWfosmL4TLr7N1RH5q52c%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6f525e064e218fc8-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
NLdMt61OnmaDTvrjsoHPK1KpWY1EYKfXb5Ew0xKAOmslOT2QhQDKc2raWdH8hTWXBriv
play-lh.googleusercontent.com/ 		58 KB
59 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://play-lh.googleusercontent.com/NLdMt61OnmaDTvrjsoHPK1KpWY1EYKfXb5Ew0xKAOmslOT2QhQDKc2raWdH8hTWXBriv
Requested by
Host: darkleaf.xyz
URL: https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_CampaignID=__CAMPAIGN_ID__&utm_AdsetName=__AID_NAME__&utm_AdsetID=__AID__&utm_AdName=__CID_NAME__&utm_AdID=__CID__&utm_campaign=klopwags_KIVwebcelentano01_sub
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
1a17f98549c6d1856d1f47e31472a335ba5e73b2f350428f770f5d1bab006d2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 13:54:05 GMT
x-content-type-options
nosniff
age
5794
content-disposition
inline;filename="unnamed.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
59623
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sun, 13 Mar 2022 05:22:20 GMT
google.png
darkleaf.xyz/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://darkleaf.xyz/google.png
Requested by
Host: darkleaf.xyz
URL: https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_CampaignID=__CAMPAIGN_ID__&utm_AdsetName=__AID_NAME__&utm_AdsetID=__AID__&utm_AdName=__CID_NAME__&utm_AdID=__CID__&utm_campaign=klopwags_KIVwebcelentano01_sub
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
215e46442382af6784b854e56f70c527d0d205a367c58567c308d3c3fbe31cc2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 15:30:39 GMT
cf-cache-status
MISS
last-modified
Fri, 30 Nov 1979 00:00:00 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F3XTq6z5VyLOfmL%2BVokklmkNJK2wNDipzdj9sBg%2BkVXqzM9gi%2Fnyz1SZgBBzj33mk7lcWDvHtxzIPXfMyiHrejiC8W6plpq7445F69DQxr9biQOXjJtdTmjc9LltF74%2BXpfFQT2iy68jbGQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6f525e065e268fc8-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
13957
AOh14GjApRgENos3CRx8DKRzBLCH4gn553pJdEl1eycwlA
play-lh.googleusercontent.com/a-/ 		117 KB
118 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://play-lh.googleusercontent.com/a-/AOh14GjApRgENos3CRx8DKRzBLCH4gn553pJdEl1eycwlA
Requested by
Host: darkleaf.xyz
URL: https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_CampaignID=__CAMPAIGN_ID__&utm_AdsetName=__AID_NAME__&utm_AdsetID=__AID__&utm_AdName=__CID_NAME__&utm_AdID=__CID__&utm_campaign=klopwags_KIVwebcelentano01_sub
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
41d4f5a3c473de0469be4821b7337f2fdfe8765595958da0139dfe0441b86f1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 15:14:07 GMT
x-content-type-options
nosniff
age
992
content-disposition
inline;filename="unnamed.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
120240
x-xss-protection
0
server
fife
etag
"veb3"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 29 Mar 2022 10:35:53 GMT
GkdkkPu_OdfR_1J6hQ8IgKfpDDXRDtrN-SJaF2twt6RtDrhs29MSeXaVCXRSzXvZrQ=w1440-h620-rw
play-lh.googleusercontent.com/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://play-lh.googleusercontent.com/GkdkkPu_OdfR_1J6hQ8IgKfpDDXRDtrN-SJaF2twt6RtDrhs29MSeXaVCXRSzXvZrQ=w1440-h620-rw
Requested by
Host: darkleaf.xyz
URL: https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_CampaignID=__CAMPAIGN_ID__&utm_AdsetName=__AID_NAME__&utm_AdsetID=__AID__&utm_AdName=__CID_NAME__&utm_AdID=__CID__&utm_campaign=klopwags_KIVwebcelentano01_sub
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
26a9b2ce56f235f57d688f4688023aa8cdec9ca9635352890786d24f6d3ea3ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 15:30:39 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="unnamed.webp"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13246
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 29 Mar 2022 19:48:52 GMT
PXdhXtq0L-k1L9sp77svBwCn1WpD3aO1ii1-pwZ8141QHTW7tXdgqrt28hfXXd8ENFg=w1440-h620-rw
play-lh.googleusercontent.com/ 		22 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://play-lh.googleusercontent.com/PXdhXtq0L-k1L9sp77svBwCn1WpD3aO1ii1-pwZ8141QHTW7tXdgqrt28hfXXd8ENFg=w1440-h620-rw
Requested by
Host: darkleaf.xyz
URL: https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_CampaignID=__CAMPAIGN_ID__&utm_AdsetName=__AID_NAME__&utm_AdsetID=__AID__&utm_AdName=__CID_NAME__&utm_AdID=__CID__&utm_campaign=klopwags_KIVwebcelentano01_sub
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3cb52a2a57509eb7673054b40f1b4996e303384f05324c9b0542d956dfdb4af2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 15:30:39 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="unnamed.webp"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23026
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 31 Mar 2022 18:21:35 GMT
1DZQovSuSAAnrcvyuGkw_WBYXl5FOkOT4gnhS8TtRLFgy6e4Y8O0u3107vUsTY4FT-sP=w1440-h620-rw
play-lh.googleusercontent.com/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://play-lh.googleusercontent.com/1DZQovSuSAAnrcvyuGkw_WBYXl5FOkOT4gnhS8TtRLFgy6e4Y8O0u3107vUsTY4FT-sP=w1440-h620-rw
Requested by
Host: darkleaf.xyz
URL: https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_CampaignID=__CAMPAIGN_ID__&utm_AdsetName=__AID_NAME__&utm_AdsetID=__AID__&utm_AdName=__CID_NAME__&utm_AdID=__CID__&utm_campaign=klopwags_KIVwebcelentano01_sub
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
327e01dd3af279186d9fc930ffe0cae6d26d232dd9c2aa65609951ce0f666dde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 15:30:39 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="unnamed.webp"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25358
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 29 Mar 2022 19:48:52 GMT
email-decode.min.js
darkleaf.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://darkleaf.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: darkleaf.xyz
URL: https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_CampaignID=__CAMPAIGN_ID__&utm_AdsetName=__AID_NAME__&utm_AdsetID=__AID__&utm_AdName=__CID_NAME__&utm_AdID=__CID__&utm_campaign=klopwags_KIVwebcelentano01_sub
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 15:30:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 24 Mar 2022 11:29:35 GMT
server
cloudflare
etag
W/"623c561f-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jtaBeDnZsqHyMh%2BnohjsF%2Beu4JPQc9j%2FIgnv14yMmucMctQ72z%2FGeWEaB8Avtk%2F%2BcMVf27eoRn%2FzX9y6aa2fpiyK476ClrVrg1cZxBhyz5v89Pxvx%2FTOcdIS28aERxA%2FXx%2BSC3kSewfL5qw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6f525e065e248fc8-FRA
vary
Accept-Encoding
expires
Sun, 03 Apr 2022 15:30:39 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 		95 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Requested by
Host: darkleaf.xyz
URL: https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_CampaignID=__CAMPAIGN_ID__&utm_AdsetName=__AID_NAME__&utm_AdsetID=__AID__&utm_AdName=__CID_NAME__&utm_AdID=__CID__&utm_campaign=klopwags_KIVwebcelentano01_sub
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Tue, 29 Mar 2022 10:55:14 GMT
x-content-type-options
nosniff
age
275725
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
97163
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Mar 2023 10:55:14 GMT
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ 		36 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
Requested by
Host: darkleaf.xyz
URL: https://darkleaf.xyz/?utm_domain=darkleaf.xyz&tt=tt&utm_medium=__PLACEMENT__&utm_CampaignName=__CAMPAIGN_NAME__&utm_CampaignID=__CAMPAIGN_ID__&utm_AdsetName=__AID_NAME__&utm_AdsetID=__AID__&utm_AdName=__CID_NAME__&utm_AdID=__CID__&utm_campaign=klopwags_KIVwebcelentano01_sub
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 15:30:39 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
755
age
7304292
cdn-cachedat
12/13/2021 20:18:53
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn-proxyver
1.02
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:00 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
48135f30fbfcba704628453df5764d8f
cf-ray
6f525e068b519b21-FRA
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| $ function| jQuery object| jQuery112408265030888445841

1 Cookies

Domain/Path Name / Value
darkleaf.xyz/ Name: csnfteken
Value: bfe5f5e7eb0c99de8002a8bf36a650487212a316

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
code.jquery.com
darkleaf.xyz
fonts.googleapis.com
fonts.gstatic.com
l.jusl.ru
maxcdn.bootstrapcdn.com
play-lh.googleusercontent.com
185.41.163.83
2001:4de0:ac18::1:a:2b
2606:4700::6810:135e
2606:4700::6812:bcf
2a00:1450:4001:803::2003
2a00:1450:4001:803::200a
2a00:1450:4001:82f::2016
2a00:1450:4001:831::200a
2a06:98c1:3120::7
008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420
07be51eb33f37b32c413a3444504f27c3f435ffcd0cdfe5ba523130994633554
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1a17f98549c6d1856d1f47e31472a335ba5e73b2f350428f770f5d1bab006d2e
1f875f74f5f383f169b5539b783a993764a50b9fabe96854d713d1d3ee579ca9
215e46442382af6784b854e56f70c527d0d205a367c58567c308d3c3fbe31cc2
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
26a9b2ce56f235f57d688f4688023aa8cdec9ca9635352890786d24f6d3ea3ac
327e01dd3af279186d9fc930ffe0cae6d26d232dd9c2aa65609951ce0f666dde
3bc4ac4300e0d51d745a728937262077d277ae5a26f984957066c41794667c59
3cb52a2a57509eb7673054b40f1b4996e303384f05324c9b0542d956dfdb4af2
414caa66bb79bc88c1ba6a2a415d2333c0a01aab1c15f74684dfa7542a97d2f7
41d4f5a3c473de0469be4821b7337f2fdfe8765595958da0139dfe0441b86f1d
4490f15bcd903912985c78ba0b1d4abbc94f7eec240c8050685676d071b13d74
48e63a0018f3e704d1f893842126eb8b18c3535120f8e2c952ec2afc0b5fb3de
4c8637d0e9be13cf21057f33cf485a942d0ab8283c5813fcdc5c57ccd403896b
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5cc5b4cbc0337faf8da81f81132c91e544e6ac2f14cbd9aceacb0c8c90236840
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
99936ec205617a3d7180d78420c51237ecd1b7ece7d90c65c076cd2dc5671384
c8a3a9743aa26c38c8b46a8d12bcd5df5e2c885109b5e2f65b855d95d12f209d
e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d
ea4dafad2b0ddc57030300bc071698b03679064c6db4e239935ff5b6080b7cb7
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c