URL: http://rom.jpg4.net/
Submission: On September 25 via manual from US

Summary

This website contacted 15 IPs in 6 countries across 15 domains to perform 28 HTTP transactions.
The main IP is 180.147.243.162, located in Japan and belongs to K-OPTICOM K-Opticom Corporation, JP. The main domain is rom.jpg4.net.
This is the first time this domain was scanned on urlscan.io!

Verdict: Unknown

Domain & IP information

IP Address AS Autonomous System
1 180.147.243.162 17511 (K-OPTICOM...)
2 2400:cb00:204... 13335 (CLOUDFLAR...)
2 4 23.250.117.219 36352 (AS-COLOCR...)
3 52.69.95.9 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 2400:cb00:204... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 7 2a02:6b8::1:119 13238 (YANDEX)
1 3 154.47.36.142 174 (COGENT-174)
1 111.90.147.52 45839 (SHINJIRU-...)
2 213.196.2.2 7979 (SERVERS)
2 5 2400:cb00:204... 13335 (CLOUDFLAR...)
1 2400:cb00:204... 13335 (CLOUDFLAR...)
1 150.95.129.59 7506 (INTERQ GM...)
1 140.227.28.204 2514 (INFOSPHER...)
28 15
Domain
Subdomains
Transfer
7 yandex.ru
4 KB
7 av4.xyz
33 KB
3 webvisor.org
2 KB
3 xrea.com
0 B
3 jpg4.club
28 KB
2 bcloudhost.com
0 B
2 jsdelivr.net
136 KB
1 nyuu.info
0 B
1 myfile-host.info
270 B
1 mytubes.xyz
0 B
1 fc2av.com
367 B
1 2chb.net
55 KB
1 googletagmanager.com
28 KB
1 ajax.googleapis.com
30 KB
1 jpg4.net
5 KB
28 15
Domain Requested by
7 mc.yandex.ru 2 redirects rom.jpg4.net
cdn.jsdelivr.net
5 tag.av4.xyz rom.jpg4.net
tag.av4.xyz
3 mc.webvisor.org 1 redirects rom.jpg4.net
3 j1.ax.xrea.com rom.jpg4.net
3 tag.jpg4.club 1 redirects rom.jpg4.net
2 av.av4.xyz 2 redirects
2 www.bcloudhost.com tag.av4.xyz
rom.jpg4.net
2 cdn.jsdelivr.net tag.av4.xyz
rom.jpg4.net
1 av.nyuu.info tag.av4.xyz
1 page.myfile-host.info rom.jpg4.net
1 av.mytubes.xyz rom.jpg4.net
1 av.fc2av.com 1 redirects
1 2chb.net rom.jpg4.net
1 www.googletagmanager.com tag.av4.xyz
1 ajax.googleapis.com tag.av4.xyz
1 rom.jpg4.net
28 16

This site contains links to these domains. Also see Links.

Domain
jpg4.us
av.av4.xyz
av.fc2av.com
Subject / Issuer Validity Valid
sni81784.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2018-09-03 -
2019-03-12
6 months
*.googleapis.com
Google Internet Authority G3
2018-08-28 -
2018-11-20
3 months
ssl363648.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2018-05-19 -
2018-11-25
6 months
*.google-analytics.com
Google Internet Authority G3
2018-08-28 -
2018-11-20
3 months
bs.yandex.ru
Yandex CA
2017-11-23 -
2019-11-23
2 years
mc.webvisor.org
Yandex CA
2017-05-17 -
2019-05-17
2 years

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • headers server /php\/?([\d.]+)?/i

Web
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Web
Overall confidence: 20%
Detected patterns
  • env /^Rx$/i

Web
Overall confidence: 100%
Detected patterns
  • env /^google_tag_manager$/i

Web
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js/i
  • env /^jQuery$/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

28 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
13 KB
5 KB
Document
General
Full URL
http://rom.jpg4.net/
Protocol
HTTP/1.1
Server
180.147.243.162 , Japan, ASN17511 (K-OPTICOM K-Opticom Corporation, JP),
Reverse DNS
h180-147-243-162.vps.ablenet.jp
Software
Apache/2.4.33 (codeit) PHP/7.0.22 / PHP/7.0.22
Resource Hash
63dcfdfdf44bfa33623e96417f47c745ecd82f9660527542ca0d235e238b473a

Request headers

Host
rom.jpg4.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 25 Sep 2018 01:26:21 GMT
Server
Apache/2.4.33 (codeit) PHP/7.0.22
X-Powered-By
PHP/7.0.22
62$hostgot
static.254.45.251.148.clients.your-server.de
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Cake
85proxuri
/
Cache-Control
max-age=0, public
94prxHost
180.147.243.162-hh-rom.jpg4.netmh--rm148.251.45.254rmhost-static.254.45.251.148.clients.your-server.de-acptlan
95phosttRef
231pxline
ip-180.147.243.162-http://jpg4img2.fc2av.com/
253prline
xxline
397-len=4654-180.147.243.162--rm148.251.45.254
imghost
2400:2651:281:e700:3697:f6ff:fe99:5e11jpg4img2.fc2av.commh-rom.jpg4.net--rm:2001:ce8:6b:e::a5ce:0/
P3P
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Length
4654
Connection
close
307pxxline
-len=4654-180.147.243.162-http://jpg4img2.fc2av.com/-hst-rom.jpg4.net
Content-Type
text/html; charset=UTF-8
index.php?js=jpg4&aaa1
tag.av4.xyz
108 KB
24 KB
Script
General
Full URL
https://tag.av4.xyz/index.php?js=jpg4&aaa1
Requested by
Host: rom.jpg4.net
URL: http://rom.jpg4.net/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::ac40:6403 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b3387c781fd43eb8d84721a42e560afb62ceb69d1975eeb20700f3c36e697b7

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 25 Sep 2018 01:26:30 GMT
content-encoding
gzip
imghost
2400:2651:281:e700:95f1:5b18:c8b0:9e0ctag.av4.xyzmh--RU-rm:2400:cb00:71:1024::a29e:5b43/index.php?js=jpg4&aaa1
cf-cache-status
HIT
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=14400
cf-ray
45f9b3f6fd6d6427-FRA
expires
Tue, 25 Sep 2018 05:26:30 GMT
Adblocked easyALBUM.css?
tag.jpg4.club
5 KB
5 KB
Stylesheet
General
Full URL
http://tag.jpg4.club/easyALBUM.css?
Requested by
Host: rom.jpg4.net
URL: http://rom.jpg4.net/
Protocol
HTTP/1.1
Server
23.250.117.219 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
mta1.crusadervans.co
Software
Apache/2.4.6 (CentOS) PHP/7.0.31 / PHP/7.0.31
Resource Hash
3ecccb1c4b632d63282fa723878501ca5f17e0724e953dbaaf6a6e482b736b33
Blocked
Source: easylist, Type: privacy (This would have been blocked)

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 25 Sep 2018 01:23:29 GMT
307pxxline
-len=4901-23.250.117.219-http://126.48.233.129/easyALBUM.css?-hst-tag.jpg4.club
X-Powered-By
PHP/7.0.31
xxline
397-len=4901-23.250.117.219--rm148.251.45.254
Connection
close
Content-Length
4901
253prline
231pxline
ip-23.250.117.219-http://126.48.233.129/easyALBUM.css?
Last-Modified
Tue, 16 Jan 2018 19:37:31 GMT
Server
Apache/2.4.6 (CentOS) PHP/7.0.31
ETag
"1325-562e9dca01074"
Vary
Host
Content-Type
text/css;charset=UTF-8
Access-Control-Allow-Origin
*
Accept-Ranges
bytes
Access-Control-Allow-Headers
Cake
Adblocked easyALBUM.jpg
tag.jpg4.club
21 KB
22 KB
Image
General
Full URL
http://tag.jpg4.club/easyALBUM.jpg
Requested by
Host: rom.jpg4.net
URL: http://rom.jpg4.net/
Protocol
HTTP/1.1
Server
23.250.117.219 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
mta1.crusadervans.co
Software
Apache/2.4.6 (CentOS) PHP/7.0.31 / PHP/7.0.31
Resource Hash
65a67f34b479ea4df373beba2ad5ca05c0da4c36acb43107fd0c02a0e30e04d6
Blocked
Source: easylist, Type: privacy (This would have been blocked)

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 25 Sep 2018 01:23:29 GMT
307pxxline
-len=21665-23.250.117.219-http://126.48.233.129/easyALBUM.jpg-hst-tag.jpg4.club
X-Powered-By
PHP/7.0.31
xxline
397-len=21665-23.250.117.219--rm148.251.45.254
Connection
close
Content-Length
21665
253prline
231pxline
ip-23.250.117.219-http://126.48.233.129/easyALBUM.jpg
Server
Apache/2.4.6 (CentOS) PHP/7.0.31
ETag
"54a1-562e9cb2a140c"
Vary
Host
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=360000, public
Accept-Ranges
bytes
Access-Control-Allow-Headers
Cake
l.j?id=100640546
j1.ax.xrea.com
0
0
Script
General
Full URL
http://j1.ax.xrea.com/l.j?id=100640546
Requested by
Host: rom.jpg4.net
URL: http://rom.jpg4.net/
Protocol
HTTP/1.1
Server
52.69.95.9 Tokyo, Japan, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-69-95-9.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type
text/html
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1
85 KB
30 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Requested by
Host: tag.av4.xyz
URL: https://tag.av4.xyz/index.php?js=jpg4&aaa1
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:821::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Fri, 21 Sep 2018 15:28:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
295071
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
30399
x-xss-protection
1; mode=block
last-modified
Thu, 25 Jan 2018 15:33:24 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 21 Sep 2019 15:28:39 GMT
Adblocked watch.js
cdn.jsdelivr.net/npm/yandex-metrica-watch
128 KB
44 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js
Requested by
Host: tag.av4.xyz
URL: https://tag.av4.xyz/index.php?js=jpg4&aaa1
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6810:5514 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9728ee8dea5d6b34ba2ba21e587688350a408b8274e85a77e3c334cfcb3a395
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 25 Sep 2018 01:26:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
x-cache
HIT, HIT
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
44290
x-served-by
cache-ams4120-AMS, cache-hhn1550-HHN
timing-allow-origin
*
server
cloudflare
etag
W/"20056-7CJHQtrh/3M8GJB5Uontmfdl6Hs"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
cf-ray
45f9b3f76fa364d5-FRA
Adblocked js?id=UA-620120-3
www.googletagmanager.com/gtag
77 KB
28 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-620120-3
Requested by
Host: tag.av4.xyz
URL: https://tag.av4.xyz/index.php?js=jpg4&aaa1
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:812::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
fdbb83c6138a823e6b3d6b1cf6642e1f56eb47384fb7b61ca2b04deeb3ad6e55
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 25 Sep 2018 01:26:30 GMT
content-encoding
gzip
server
Google Tag Manager (scaffolding)
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
28169
x-xss-protection
1; mode=block
expires
Tue, 25 Sep 2018 01:26:30 GMT
1?wmode=7&page-ref=http%3A%2F%2From.jpg4.net%2F&charset=utf-8&browser-info=ti%3A10%3Agdpr%3A14%3Av%3A1230%3Ast%3A1537838790%3Au%3A1537838790681256286%3Ahi%3A
mc.yandex.ru/watch/3
Redirect Chain
  • https://mc.yandex.ru/watch/3?wmode=7&page-ref=http%3A%2F%2From.jpg4.net%2F&charset=utf-8&browser-info=ti%3A10%3Agdpr%3A14%3Av%3A1230%3Ast%3A1537838790%3Au%3A1537838790681256286%3Ahi%3A
  • https://mc.yandex.ru/watch/3/1?wmode=7&page-ref=http%3A%2F%2From.jpg4.net%2F&charset=utf-8&browser-info=ti%3A10%3Agdpr%3A14%3Av%3A1230%3Ast%3A1537838790%3Au%3A1537838790681256286%3Ahi%3A
0
-1 B
XHR
General
Full URL
https://mc.yandex.ru/watch/3/1?wmode=7&page-ref=http%3A%2F%2From.jpg4.net%2F&charset=utf-8&browser-info=ti%3A10%3Agdpr%3A14%3Av%3A1230%3Ast%3A1537838790%3Au%3A1537838790681256286%3Ahi%3A
Requested by
Host: rom.jpg4.net
URL: http://rom.jpg4.net/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 25 Sep 2018 01:26:30 GMT
Last-Modified
Tue, 25 Sep 2018 01:26:30 GMT
Server
nginx/1.12.2
Location
https://mc.yandex.ru/watch/3/1?wmode=7&page-ref=http%3A%2F%2From.jpg4.net%2F&charset=utf-8&browser-info=ti%3A10%3Agdpr%3A14%3Av%3A1230%3Ast%3A1537838790%3Au%3A1537838790681256286%3Ahi%3A
Strict-Transport-Security
max-age=31536000
P3P
CP="NOI DEVa TAIa OUR BUS UNI STA"
Access-Control-Allow-Origin
http://rom.jpg4.net
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Tue, 25 Sep 2018 01:26:30 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 25 Sep 2018 01:26:30 GMT
Last-Modified
Tue, 25 Sep 2018 01:26:30 GMT
Server
nginx/1.12.2
Location
https://mc.yandex.ru/watch/3/1?wmode=7&page-ref=http%3A%2F%2From.jpg4.net%2F&charset=utf-8&browser-info=ti%3A10%3Agdpr%3A14%3Av%3A1230%3Ast%3A1537838790%3Au%3A1537838790681256286%3Ahi%3A
Strict-Transport-Security
max-age=31536000
P3P
CP="NOI DEVa TAIa OUR BUS UNI STA"
Access-Control-Allow-Origin
http://rom.jpg4.net
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Tue, 25 Sep 2018 01:26:30 GMT
Adblocked 1?wmode=7&page-ref=http%3A%2F%2From.jpg4.net%2F&charset=utf-8&browser-info=ti%3A10%3Agdpr%3A14%3Av%3A1230%3Ast%3A1537838790%3Au%3A1537838790681256286%3Ahi%3A
mc.yandex.ru/watch/3
35 B
581 B
XHR
General
Full URL
https://mc.yandex.ru/watch/3/1?wmode=7&page-ref=http%3A%2F%2From.jpg4.net%2F&charset=utf-8&browser-info=ti%3A10%3Agdpr%3A14%3Av%3A1230%3Ast%3A1537838790%3Au%3A1537838790681256286%3Ahi%3A
Requested by
Host: rom.jpg4.net
URL: http://rom.jpg4.net/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
efbdf9cab6b6cf2bf7207ae4e0456c9462b2c0d4c2de76d65442de2af7253f2b
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin
http://rom.jpg4.net
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Tue, 25 Sep 2018 01:26:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 25-Sep-2018 01:26:30 GMT
Server
nginx/1.12.2
Strict-Transport-Security
max-age=31536000
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
http://rom.jpg4.net
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
35
X-XSS-Protection
1; mode=block
Expires
Tue, 25-Sep-2018 01:26:30 GMT
Verified sync_cookie_image_decide?token=1920.07EUgQhO2f4KTL_-e6AHN_LfqxtShMZ48kFM9YVwIWzSDqKR4CJctXIPKWnAb-uXZjv57w1RaZH-tYqCsrJCCEC98-zybuDOEyDlgbHH6VA%2C.rQQshBwV8Amnkqd-oNng59EXafw%2C
mc.webvisor.org
Redirect Chain
  • https://mc.webvisor.org/sync_cookie_image_check
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=1920.Hx0Dt9kyt1LNdlkDCmRDFTya2rBUF8GvNFJ7Lk4Db-f6MzSjz-OdCVIJZ_VNkrDW.paXIo8MfnIXM4H9AqiEbtxORS3M%2C
  • https://mc.webvisor.org/sync_cookie_image_decide?token=1920.07EUgQhO2f4KTL_-e6AHN_LfqxtShMZ48kFM9YVwIWzSDqKR4CJctXIPKWnAb-uXZjv57w1RaZH-tYqCsrJCCEC98-zybuDOEyDlgbHH6VA%2C.rQQshBwV8Amnkqd-oNng59EXaf...
43 B
703 B
Image
General
Full URL
https://mc.webvisor.org/sync_cookie_image_decide?token=1920.07EUgQhO2f4KTL_-e6AHN_LfqxtShMZ48kFM9YVwIWzSDqKR4CJctXIPKWnAb-uXZjv57w1RaZH-tYqCsrJCCEC98-zybuDOEyDlgbHH6VA%2C.rQQshBwV8Amnkqd-oNng59EXafw%2C
Requested by
Host: rom.jpg4.net
URL: http://rom.jpg4.net/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
154.47.36.142 , United States, ASN174 (COGENT-174 - Cogent Communications, US),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Verified resource
ckeditor/4.2/plugins/fakeobjects/images/spacer.gif at cdnjs.com, project ckeditor
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 25 Sep 2018 01:26:30 GMT
Last-Modified
Tue, 25 Sep 2018 01:26:30 GMT
Server
nginx/1.12.2
Strict-Transport-Security
max-age=31536000
P3P
CP="NOI DEVa TAIa OUR BUS UNI STA"
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
1; mode=block
Expires
Tue, 25 Sep 2018 01:26:30 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 25 Sep 2018 01:26:30 GMT
Last-Modified
Tue, 25 Sep 2018 01:26:30 GMT
Server
nginx/1.12.2
Strict-Transport-Security
max-age=31536000
P3P
CP="NOI DEVa TAIa OUR BUS UNI STA"
Location
https://mc.webvisor.org/sync_cookie_image_decide?token=1920.07EUgQhO2f4KTL_-e6AHN_LfqxtShMZ48kFM9YVwIWzSDqKR4CJctXIPKWnAb-uXZjv57w1RaZH-tYqCsrJCCEC98-zybuDOEyDlgbHH6VA%2C.rQQshBwV8Amnkqd-oNng59EXafw%2C
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Tue, 25 Sep 2018 01:26:30 GMT
Adblocked 48140495?wmode=7&page-url=http%3A%2F%2From.jpg4.net%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1537838788304%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A201809...
mc.yandex.ru/watch
133 B
680 B
XHR
General
Full URL
https://mc.yandex.ru/watch/48140495?wmode=7&page-url=http%3A%2F%2From.jpg4.net%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1537838788304%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A20180925012630%3Aet%3A1537838791%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Awh%3A1%3Apv%3A1%3Arn%3A1062108419%3Ahid%3A319081699%3Ads%3A0%2C279%2C1608%2C0%2C0%2C0%2C0%2C%2C%2C%2C%2C%2C%3Awn%3A25590%3Ahl%3A2%3Agdpr%3A14%3Aeu%3A1%3Av%3A1230%3Ast%3A1537838791%3Au%3A1537838790681256286%3Ahi%3A
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
e06892ad11dd723d31387dffc8bf8be44e3a90a07b763794a1245130e3977a85
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin
http://rom.jpg4.net
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Tue, 25 Sep 2018 01:26:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 25-Sep-2018 01:26:30 GMT
Server
nginx/1.12.2
Strict-Transport-Security
max-age=31536000
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
http://rom.jpg4.net
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
133
X-XSS-Protection
1; mode=block
Expires
Tue, 25-Sep-2018 01:26:30 GMT
tagjpa.php?imob=tgp5jpg
tag.av4.xyz
32 KB
7 KB
Script
General
Full URL
https://tag.av4.xyz/tagjpa.php?imob=tgp5jpg
Requested by
Host: tag.av4.xyz
URL: https://tag.av4.xyz/index.php?js=jpg4&aaa1
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::ac40:6403 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd2693791db29d2b25ed272eadbd646e2a4ba7b8f1fc687ab361780727a7a5fe

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

cf-ray
45f9b3ff58106427-FRA
date
Tue, 25 Sep 2018 01:26:31 GMT
8tagproxuri
/tagjpa.php?imob=tgp5jpg
cf-cache-status
HIT
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=14400
content-encoding
gzip
expires
Tue, 25 Sep 2018 05:26:31 GMT
banner.jpg
2chb.net/web/20170502120521im_/http://pic.s367.xrea.com/img
Redirect Chain
  • http://tag.jpg4.club/web/20170502120521im_/http://pic.s367.xrea.com/img/banner.jpg
  • http://2chb.net/web/20170502120521im_/http://pic.s367.xrea.com/img/banner.jpg
55 KB
55 KB
Image
General
Full URL
http://2chb.net/web/20170502120521im_/http://pic.s367.xrea.com/img/banner.jpg
Requested by
Host: rom.jpg4.net
URL: http://rom.jpg4.net/
Protocol
HTTP/1.1
Server
111.90.147.52 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
server.trueteenbabes.com
Software
Apache/2.4.6 (CentOS) PHP/7.0.31 / PHP/7.0.31
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://tag.jpg4.club/easyALBUM.css?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

230pxline
ip-111.90.147.52-http://126.48.233.129/web/20170502120521im_/http://pic.s367.xrea.com/img/banner.jpg
Date
Tue, 25 Sep 2018 01:26:33 GMT
Content-Encoding
gzip
X-Powered-By
PHP/7.0.31
Transfer-Encoding
chunked
250prline
Connection
close
94phosttRef
http://tag.jpg4.club/easyALBUM.css?
93prxHost
111.90.147.52-hh-2chb.netmh--rm148.251.45.254rmhost-static.254.45.251.148.clients.your-server.de-acptlan
Server
Apache/2.4.6 (CentOS) PHP/7.0.31
304pxxline
-len=54284-111.90.147.52-http://126.48.233.129/web/20170502120521im_/http://pic.s367.xrea.com/img/banner.jpg-hst-2chb.net
xxline
394-len=54284-111.90.147.52--rm148.251.45.254
Vary
Accept-Encoding
84proxuri
/web/20170502120521im_/http://pic.s367.xrea.com/img/banner.jpg
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, public
61$hostgot
static.254.45.251.148.clients.your-server.de
2chproxuri
2chb.net/web/20170502120521im_/http://pic.s367.xrea.com/img/banner.jpg
Content-Type
text/html; charset=shift_jis
Access-Control-Allow-Headers
Cake

Redirect headers

Date
Tue, 25 Sep 2018 01:23:30 GMT
307pxxline
-len=0-23.250.117.219-http://126.48.233.129/web/20170502120521im_/http://pic.s367.xrea.com/img/banner.jpg-hst-tag.jpg4.club
Access-Control-Allow-Origin
*
X-Powered-By
PHP/7.0.31
xxline
397-len=0-23.250.117.219--rm148.251.45.254
Connection
close
2chproxuri
tag.jpg4.club/web/20170502120521im_/http://pic.s367.xrea.com/img/banner.jpg
253prline
231pxline
ip-23.250.117.219-http://126.48.233.129/web/20170502120521im_/http://pic.s367.xrea.com/img/banner.jpg
Server
Apache/2.4.6 (CentOS) PHP/7.0.31
Vary
Host
Content-Type
text/html; charset=UTF-8
Location
http://2chb.net/web/20170502120521im_/http://pic.s367.xrea.com/img/banner.jpg
Cache-Control
max-age=60, public
Content-Length
0
Access-Control-Allow-Headers
Cake
Adblocked invoke.js
www.bcloudhost.com/2b3591c24e57d4b5ca792bca3cd3e93f
0
0
Script
General
Full URL
http://www.bcloudhost.com/2b3591c24e57d4b5ca792bca3cd3e93f/invoke.js
Requested by
Host: tag.av4.xyz
URL: https://tag.av4.xyz/tagjpa.php?imob=tgp5jpg
Protocol
HTTP/1.1
Server
213.196.2.2 , Netherlands, ASN7979 (SERVERS - Servers.com, Inc., US),
Reverse DNS
Software
nginx/1.12.1 /
Resource Hash
Blocked
Source: easylist, Type: ads (This would have been blocked)

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 25 Sep 2018 01:26:31 GMT
Server
nginx/1.12.1
Connection
keep-alive
Content-Type
application/javascript
Content-Length
0
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Adblocked invoke.js
www.bcloudhost.com/2b3591c24e57d4b5ca792bca3cd3e93f
0
0
Script
General
Full URL
http://www.bcloudhost.com/2b3591c24e57d4b5ca792bca3cd3e93f/invoke.js
Requested by
Host: rom.jpg4.net
URL: http://rom.jpg4.net/
Protocol
HTTP/1.1
Server
213.196.2.2 , Netherlands, ASN7979 (SERVERS - Servers.com, Inc., US),
Reverse DNS
Software
nginx/1.12.1 /
Resource Hash
Blocked
Source: easylist, Type: ads (This would have been blocked)

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 25 Sep 2018 01:26:31 GMT
Server
nginx/1.12.1
Connection
keep-alive
Content-Type
application/javascript
Content-Length
0
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
l.j?id=100640546
j1.ax.xrea.com
0
0
Script
General
Full URL
http://j1.ax.xrea.com/l.j?id=100640546
Requested by
Host: rom.jpg4.net
URL: http://rom.jpg4.net/
Protocol
HTTP/1.1
Server
52.69.95.9 Tokyo, Japan, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-69-95-9.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type
text/html
Adblocked tag.js
cdn.jsdelivr.net/npm/yandex-metrica-watch
313 KB
93 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
Requested by
Host: rom.jpg4.net
URL: http://rom.jpg4.net/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6810:5514 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b7432f60acaa24e58eb565729f0ce3e6c3269aabf461d8f7d22e006d059b4bb
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 25 Sep 2018 01:26:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
x-cache
HIT, HIT
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
94725
x-served-by
cache-ams4123-AMS, cache-fra19145-FRA
timing-allow-origin
*
server
cloudflare
etag
W/"4e3a0-7EQgu0hT/191/1HLs5lbbjhUPq0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
cf-ray
45f9b40069fe64d5-FRA
tpics.html?24
tag.av4.xyz/tagjpa.php?url=img.jpg4.info/tpcache
0
0
Document
General
Full URL
http://tag.av4.xyz/tagjpa.php?url=img.jpg4.info/tpcache/tpics.html?24
Requested by
Host: rom.jpg4.net
URL: http://rom.jpg4.net/
Protocol
HTTP/1.1
Server
2400:cb00:2048:1::ac40:6503 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Host
tag.av4.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Cookie
__cfduid=d9e399c4de8c87704156192fec14ad3271537838790
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 25 Sep 2018 01:26:31 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
8tagproxuri
/tagjpa.php?url=img.jpg4.info/tpcache/tpics.html?24
Cache-Control
public, max-age=72000
590tagproxuri
/tagjpa.php?url=img.jpg4.info/tpcache/tpics.html?24
Access-Control-Allow-Origin
*
CF-Cache-Status
HIT
Expires
Tue, 25 Sep 2018 21:26:31 GMT
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
45f9b40083b063d3-FRA
Content-Encoding
gzip
Adblocked 50322544?wmode=7&page-url=http%3A%2F%2From.jpg4.net%2F&charset=utf-8&browser-info=ti%3A10%3Adp%3A1%3Ans%3A1537838788304%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A2%3Aw%3A1585x1200%3Ai...
mc.yandex.ru/watch
152 B
699 B
XHR
General
Full URL
https://mc.yandex.ru/watch/50322544?wmode=7&page-url=http%3A%2F%2From.jpg4.net%2F&charset=utf-8&browser-info=ti%3A10%3Adp%3A1%3Ans%3A1537838788304%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A2%3Aw%3A1585x1200%3Ai%3A20180925012631%3Aet%3A1537838792%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A249626267%3Ahid%3A319081699%3Ads%3A0%2C279%2C1608%2C0%2C0%2C0%2C0%2C%2C%2C%2C%2C%2C%3Afp%3A3415%3Agdpr%3A14%3Aeu%3A1%3Av%3A1231%3Awv%3A2%3Ast%3A1537838792%3Au%3A1537838790681256286%3Ahi%3A
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
4197cd9752cc766bc5106c5bc26b41c5a8b1d450c9b9e55f7b7a38ab285ba66c
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin
http://rom.jpg4.net
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Tue, 25 Sep 2018 01:26:31 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 25-Sep-2018 01:26:31 GMT
Server
nginx/1.12.2
Strict-Transport-Security
max-age=31536000
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
http://rom.jpg4.net
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
152
X-XSS-Protection
1; mode=block
Expires
Tue, 25-Sep-2018 01:26:31 GMT
Cookie set /
av.mytubes.xyz/kw
Redirect Chain
  • http://av.fc2av.com/kw/
  • http://av.av4.xyz/kw/
  • http://av.mytubes.xyz/kw/
0
0
Document
General
Full URL
http://av.mytubes.xyz/kw/
Requested by
Host: rom.jpg4.net
URL: http://rom.jpg4.net/
Protocol
HTTP/1.1
Server
2400:cb00:2048:1::681b:9cc3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / PHP/7.2.4
Resource Hash

Request headers

Host
av.mytubes.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 25 Sep 2018 01:26:33 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d2575d0b1e83a972f1af950b62d8b923f1537838793; expires=Wed, 25-Sep-19 01:26:33 GMT; path=/; domain=.mytubes.xyz; HttpOnly
X-Powered-By
PHP/7.2.4
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Cake
76proxuri
/kw/
Cache-Control
public, max-age=14400
85prxHost
10.22.0.20-hh-av.mytubes.xyzmh--DErm162.158.91.189rmhost--acptlanen-gb
86phosttRef
257pxline
ip-10.22.0.20-http://fix-ip6.fc2av.com/kw/
277prline
xxline
421-len=16988-10.22.0.20-
Vary
Host,Accept-Encoding
phost
2400:2651:281:e700:95f1:5b18:c8b0:9e0chh-fix-ip6.fc2av.commh-av.mytubes.xyz-rm2001:470:23:5d3::2fw188.193.125.59, 188.193.125.59cf
line923
notjp--myhost-av.mytubes.xyz-filteron-
line946
notjp--myhost-av.mytubes.xyz-filteron-
line1708
cnt--cf-DE-myhost-mytubes.xyz
1847topd
mytubes.xyz
331pxxline
-len=0-10.22.0.20-http://fix-ip6.fc2av.com/kw/
CF-Cache-Status
HIT
Expires
Tue, 25 Sep 2018 05:26:33 GMT
Server
cloudflare
CF-RAY
45f9b409e25c97b6-FRA
Content-Encoding
gzip

Redirect headers

Date
Tue, 25 Sep 2018 01:26:33 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.0.22
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Cake
85proxuri
/kw/
Cache-Control
public, max-age=14400
94prxHost
2001:ce8:6b:e::a5ce:0-hh-av.av4.xyzmh--DErm2400:cb00:71:1024::a29e:5da7rmhost--acptlan
95phosttRef
231pxline
ip-2001:ce8:6b:e::a5ce:0-http://fix-ip6.fc2av.com/kw/
253prline
xxline
397-len=20-2001:ce8:6b:e::a5ce:0--rm2400:cb00:71:1024::a29e:5da7
Vary
Host,Accept-Encoding
phost
2400:2651:281:e700:95f1:5b18:c8b0:9e0chh-fix-ip6.fc2av.commh-av.av4.xyz-rm2001:ce8:6b:e::a5ce:0fw2a01:4f8:202:a9:0:0:0:2, 2a01:4f8:202:a9:0:0:0:2cf
line923
notjp--myhost-av.av4.xyz-filteron-
line946
notjp--myhost-av.av4.xyz-filteron-
line1708
cnt--cf-DE-myhost-av4.xyz
cf
ori=DE---cf=
Location
http://av.mytubes.xyz/kw/
307pxxline
-len=20-2001:ce8:6b:e::a5ce:0-http://fix-ip6.fc2av.com/kw/-hst-av.av4.xyz
CF-Cache-Status
MISS
Expires
Tue, 25 Sep 2018 05:26:33 GMT
Server
cloudflare
CF-RAY
45f9b40631c79aca-FRA
tpics.html?6
tag.av4.xyz/tagjpa.php?url=img.jpg4.info/tpcache
0
0
Document
General
Full URL
http://tag.av4.xyz/tagjpa.php?url=img.jpg4.info/tpcache/tpics.html?6
Requested by
Host: tag.av4.xyz
URL: https://tag.av4.xyz/index.php?js=jpg4&aaa1
Protocol
HTTP/1.1
Server
2400:cb00:2048:1::ac40:6503 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Host
tag.av4.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Cookie
__cfduid=d9e399c4de8c87704156192fec14ad3271537838790
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 25 Sep 2018 01:26:31 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
8tagproxuri
/tagjpa.php?url=img.jpg4.info/tpcache/tpics.html?6
Cache-Control
public, max-age=72000
590tagproxuri
/tagjpa.php?url=img.jpg4.info/tpcache/tpics.html?6
Access-Control-Allow-Origin
*
CF-Cache-Status
HIT
Expires
Tue, 25 Sep 2018 21:26:31 GMT
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
45f9b40133c963d3-FRA
Content-Encoding
gzip
myda.php
page.myfile-host.info
0
270 B
Script
General
Full URL
http://page.myfile-host.info/myda.php
Requested by
Host: rom.jpg4.net
URL: http://rom.jpg4.net/
Protocol
HTTP/1.1
Server
150.95.129.59 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
v150-95-129-59.a07a.g.tyo1.static.cnode.io
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/7.0.15 / PHP/7.0.15
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 25 Sep 2018 01:26:32 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/7.0.15
Connection
close
X-Powered-By
PHP/7.0.15
Content-Length
0
Content-Type
text/html; charset=utf-8
l.j?id=100640546
j1.ax.xrea.com
0
0
Script
General
Full URL
http://j1.ax.xrea.com/l.j?id=100640546
Requested by
Host: rom.jpg4.net
URL: http://rom.jpg4.net/
Protocol
HTTP/1.1
Server
52.69.95.9 Tokyo, Japan, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-69-95-9.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type
text/html
Verified Adblocked advert.gif
mc.webvisor.org/metrika
43 B
445 B
Image
General
Full URL
https://mc.webvisor.org/metrika/advert.gif
Requested by
Host: rom.jpg4.net
URL: http://rom.jpg4.net/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
154.47.36.142 , United States, ASN174 (COGENT-174 - Cogent Communications, US),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Verified resource
ckeditor/4.2/plugins/fakeobjects/images/spacer.gif at cdnjs.com, project ckeditor
Blocked
Source: easylist, Type: ads (This would have been blocked)
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 25 Sep 2018 01:26:33 GMT
Content-Encoding
gzip
Last-Modified
Mon, 12 Oct 2015 13:09:09 GMT
Server
nginx/1.12.2
ETag
"561bb0f5-3d"
Strict-Transport-Security
max-age=31536000
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Connection
keep-alive
Content-Length
61
Expires
Tue, 25 Sep 2018 02:26:33 GMT
tagjpa.php?feed=tpic
tag.av4.xyz/tagjpa.php?url=img.jpg4.info
0
0
Document
General
Full URL
http://tag.av4.xyz/tagjpa.php?url=img.jpg4.info/tagjpa.php?feed=tpic
Requested by
Host: tag.av4.xyz
URL: https://tag.av4.xyz/index.php?js=jpg4&aaa1
Protocol
HTTP/1.1
Server
2400:cb00:2048:1::ac40:6503 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Host
tag.av4.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Cookie
__cfduid=d9e399c4de8c87704156192fec14ad3271537838790
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 25 Sep 2018 01:26:35 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
8tagproxuri
/tagjpa.php?url=img.jpg4.info/tagjpa.php?feed=tpic
Cache-Control
public, max-age=72000
590tagproxuri
/tagjpa.php?url=img.jpg4.info/tagjpa.php?feed=tpic
Access-Control-Allow-Origin
*
CF-Cache-Status
HIT
Expires
Tue, 25 Sep 2018 21:26:35 GMT
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
45f9b418674e63d3-FRA
Content-Encoding
gzip
/
av.nyuu.info/kw
Redirect Chain
  • http://av.av4.xyz/kw/
  • http://av.nyuu.info/kw/
0
0
Document
General
Full URL
http://av.nyuu.info/kw/
Requested by
Host: tag.av4.xyz
URL: https://tag.av4.xyz/index.php?js=jpg4&aaa1
Protocol
HTTP/1.1
Server
140.227.28.204 Tokyo, Japan, ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP),
Reverse DNS
140-227-28-204.vpscloud.static.arena.ne.jp
Software
Apache/2.4.6 (CentOS) PHP/7.0.31 / PHP/7.0.31
Resource Hash

Request headers

Host
av.nyuu.info
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 25 Sep 2018 01:26:36 GMT
Server
Apache/2.4.6 (CentOS) PHP/7.0.31
Vary
Host,Accept-Encoding
X-Powered-By
PHP/7.0.31
61$hostgot
static.254.45.251.148.clients.your-server.de
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Cake
84proxuri
/kw/
Cache-Control
max-age=180, public
93prxHost
140.227.28.204-hh-av.nyuu.infomh--rm148.251.45.254rmhost-static.254.45.251.148.clients.your-server.de-acptlan
94phosttRef
230pxline
ip-140.227.28.204-http://126.108.206.8/kw/
250prline
xxline
394-len=16267-140.227.28.204--rm148.251.45.254
phost
126.108.206.8hh-126.108.206.8mh-av.nyuu.info-rm140.227.28.204fw148.251.45.254cf
line923
notjp--myhost-av.nyuu.info-filteron-
line946
notjp--myhost-av.nyuu.info-filteron-
line1708
cnt--cf--myhost-nyuu.info
1847topd
nyuu.info
Content-Encoding
gzip
Connection
close
Transfer-Encoding
chunked
304pxxline
-len=16267-140.227.28.204-http://126.108.206.8/kw/-hst-av.nyuu.info
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Tue, 25 Sep 2018 01:26:35 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.0.22
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Cake
85proxuri
/kw/
Cache-Control
public, max-age=14400
94prxHost
2001:ce8:6b:e::a5ce:0-hh-av.av4.xyzmh--USrm2400:cb00:71:1024::a29e:5da7rmhost--acptlan
95phosttRef
231pxline
ip-2001:ce8:6b:e::a5ce:0-http://fix-ip6.fc2av.com/kw/
253prline
xxline
397-len=20-2001:ce8:6b:e::a5ce:0--rm2400:cb00:71:1024::a29e:5da7
Vary
Host,Accept-Encoding
phost
2400:2651:281:e700:95f1:5b18:c8b0:9e0chh-fix-ip6.fc2av.commh-av.av4.xyz-rm2001:ce8:6b:e::a5ce:0fw149.81.77.226, 149.81.77.226cf
line923
notjp--myhost-av.av4.xyz-filteron-
line946
notjp--myhost-av.av4.xyz-filteron-
line1708
cnt--cf-US-myhost-av4.xyz
Location
http://av.nyuu.info/kw/
307pxxline
-len=20-2001:ce8:6b:e::a5ce:0-http://fix-ip6.fc2av.com/kw/-hst-av.av4.xyz
CF-Cache-Status
HIT
Expires
Tue, 25 Sep 2018 05:26:35 GMT
Server
cloudflare
CF-RAY
45f9b41865019aca-FRA
Verified Adblocked 48140495?page-url=http%3A%2F%2From.jpg4.net%2F&charset=utf-8&force-urlencoded=1&browser-info=ti%3A1%3Adp%3A1%3Ans%3A1537838788304%3As%3A1600x1200x24%3Ask%3A1%3Aadb%3A2%3Afpr%3A216613626101%3Acn%3A1...
mc.yandex.ru/watch
43 B
534 B
Other
General
Full URL
https://mc.yandex.ru/watch/48140495?page-url=http%3A%2F%2From.jpg4.net%2F&charset=utf-8&force-urlencoded=1&browser-info=ti%3A1%3Adp%3A1%3Ans%3A1537838788304%3As%3A1600x1200x24%3Ask%3A1%3Aadb%3A2%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Ai%3A20180925012645%3Aet%3A1537838805%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Awh%3A1%3Aar%3A1%3Anb%3A1%3Acl%3A16%3Arn%3A786615151%3Ahid%3A319081699%3Ads%3A%2C%2C%2C%2C%2C%2C%2C2817%2C1%2C11931%2C11931%2C1%2C4707%3Afp%3A3415%3Agdpr%3A14%3Aeu%3A1%3Av%3A1230%3Ast%3A1537838805%3Au%3A1537838790681256286%3Ahi%3A
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Verified resource
ckeditor/4.2/plugins/fakeobjects/images/spacer.gif at cdnjs.com, project ckeditor
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin
http://rom.jpg4.net
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Tue, 25 Sep 2018 01:26:45 GMT
Last-Modified
Tue, 25-Sep-2018 01:26:45 GMT
Server
nginx/1.12.2
Strict-Transport-Security
max-age=31536000
Content-Type
image/gif
Access-Control-Allow-Origin
http://rom.jpg4.net
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Expires
Tue, 25-Sep-2018 01:26:45 GMT

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 8
  • https://mc.yandex.ru/watch/3?wmode=7&page-ref=http%3A%2F%2From.jpg4.net%2F&charset=utf-8&browser-info=ti%3A10%3Agdpr%3A14%3Av%3A1230%3Ast%3A1537838790%3Au%3A1537838790681256286%3Ahi%3A
  • https://mc.yandex.ru/watch/3/1?wmode=7&page-ref=http%3A%2F%2From.jpg4.net%2F&charset=utf-8&browser-info=ti%3A10%3Agdpr%3A14%3Av%3A1230%3Ast%3A1537838790%3Au%3A1537838790681256286%3Ahi%3A
Request 10
  • https://mc.webvisor.org/sync_cookie_image_check
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=1920.Hx0Dt9kyt1LNdlkDCmRDFTya2rBUF8GvNFJ7Lk4Db-f6MzSjz-OdCVIJZ_VNkrDW.paXIo8MfnIXM4H9AqiEbtxORS3M%2C
  • https://mc.webvisor.org/sync_cookie_image_decide?token=1920.07EUgQhO2f4KTL_-e6AHN_LfqxtShMZ48kFM9YVwIWzSDqKR4CJctXIPKWnAb-uXZjv57w1RaZH-tYqCsrJCCEC98-zybuDOEyDlgbHH6VA%2C.rQQshBwV8Amnkqd-oNng59EXaf...
Request 13
  • http://tag.jpg4.club/web/20170502120521im_/http://pic.s367.xrea.com/img/banner.jpg
  • http://2chb.net/web/20170502120521im_/http://pic.s367.xrea.com/img/banner.jpg
Request 20
  • http://av.fc2av.com/kw/
  • http://av.av4.xyz/kw/
  • http://av.mytubes.xyz/kw/
Request 26
  • http://av.av4.xyz/kw/
  • http://av.nyuu.info/kw/

89 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| imgdm string| ti function| bodyunld function| picad function| ppic function| mes function| jpg4oot function| getgetp number| cX number| cY number| rX number| rY undefined| vW function| UpdateCursorPosition function| UpdateCursorPositionDocAll function| AssignPosition function| HideContent function| ShowContent function| ReverseContentDisplay function| ViewportWidth object| zz function| loadXMLDoc function| underp function| zoom function| lsstrg function| underv function| vlsstrg function| dtippc function| setCookie function| getCookie function| mypaging function| expandthb string| bookmarkurl string| bookmarktitle function| relonmousemove function| fc2avmouse function| sekeydoga function| tf function| myshowad function| myshowad1 function| myshowad2 function| showdogaHis function| showdogaHis2 function| jpg4orm function| mydisq string| userLangcf string| phpuserlang string| userLang string| LL string| basedm string| jsbody string| toptext number| myi number| mysetinterv string| cmore string| toset string| oldfkw string| t1 string| inshowad string| inshowad2 object| dataLayer function| $ function| jQuery object| google_tag_manager object| Ya object| yaCounter48140495 string| formkw string| hint string| imgsdm string| avdm string| hdsdm string| vidsdm function| dispad object| re_advar object| y undefined| ad_idzone undefined| ad_frequency_period undefined| ad_frequency_count string| adcounter number| rat string| ID number| AD number| FRAME string| ONCE object| atOptions string| adre object| yaCounter50322544 string| avsdm string| subdm

9 Cookies

Domain/Path Name / Value
.jpg4.net/ Name: _ym_visorc_48140495
Value: w
.jpg4.net/ Name: _ym_d
Value: 1537838790
.mytubes.xyz/ Name: __cfduid
Value: d2575d0b1e83a972f1af950b62d8b923f1537838793
.jpg4.net/ Name: myda
Value: yes
.jpg4.net/ Name: _ym_wasSynced
Value: %7B%22time%22%3A1537838790404%2C%22params%22%3A%7B%22eu%22%3A1%7D%2C%22bkParams%22%3A%7B%7D%7D
.jpg4.net/ Name: _ym_isad
Value: 2
.jpg4.net/ Name: _ym_uid
Value: 1537838790681256286
.av4.xyz/ Name: __cfduid
Value: d9e399c4de8c87704156192fec14ad3271537838790
.jpg4.net/ Name: cnt
Value: 0

4 Console Messages

Source Level URL
Text
console-api log URL: https://tag.av4.xyz/index.php?js=jpg4&aaa1, Line 160, Column62
Message:
xUpdateCursorPositionDocAll
console-api log URL: https://tag.av4.xyz/index.php?js=jpg4&aaa1, Line 1210, Column11
Message:
rom.jpg4.netrom.jpg4.net
console-api log URL: https://tag.av4.xyz/index.php?js=jpg4&aaa1, Line 1210, Column11
Message:
rom.jpg4.netrom.jpg4.net
console-api log URL: https://tag.av4.xyz/index.php?js=jpg4&aaa1, Line 1086, Column21
Message:
userlang=en-US

Indicators of compromise (IoCs)

This is a term in the security industry to describe indicators around an attack. This includes IPs, hashes, domains, etc.

2chb.net
ajax.googleapis.com
av.av4.xyz
av.fc2av.com
av.mytubes.xyz
av.nyuu.info
cdn.jsdelivr.net
j1.ax.xrea.com
mc.webvisor.org
mc.yandex.ru
page.myfile-host.info
rom.jpg4.net
tag.av4.xyz
tag.jpg4.club
www.bcloudhost.com
www.googletagmanager.com


111.90.147.52
140.227.28.204
150.95.129.59
154.47.36.142
180.147.243.162
213.196.2.2
23.250.117.219
2400:cb00:2048:1::6810:5514
2400:cb00:2048:1::681b:9cc3
2400:cb00:2048:1::ac40:6403
2400:cb00:2048:1::ac40:6503
2a00:1450:4001:812::2008
2a00:1450:4001:821::200a
2a02:6b8::1:119
52.69.95.9

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1b7432f60acaa24e58eb565729f0ce3e6c3269aabf461d8f7d22e006d059b4bb
3ecccb1c4b632d63282fa723878501ca5f17e0724e953dbaaf6a6e482b736b33
4197cd9752cc766bc5106c5bc26b41c5a8b1d450c9b9e55f7b7a38ab285ba66c
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5b3387c781fd43eb8d84721a42e560afb62ceb69d1975eeb20700f3c36e697b7
63dcfdfdf44bfa33623e96417f47c745ecd82f9660527542ca0d235e238b473a
65a67f34b479ea4df373beba2ad5ca05c0da4c36acb43107fd0c02a0e30e04d6
b9728ee8dea5d6b34ba2ba21e587688350a408b8274e85a77e3c334cfcb3a395
e06892ad11dd723d31387dffc8bf8be44e3a90a07b763794a1245130e3977a85
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
efbdf9cab6b6cf2bf7207ae4e0456c9462b2c0d4c2de76d65442de2af7253f2b
fd2693791db29d2b25ed272eadbd646e2a4ba7b8f1fc687ab361780727a7a5fe
fdbb83c6138a823e6b3d6b1cf6642e1f56eb47384fb7b61ca2b04deeb3ad6e55