www.pageassume.lease Open in urlscan Pro
2606:4700:3036::ac43:95b7  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. http://www.pageassume.lease/wjajoutxqi/gsalcx834457xgml/xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Page URL
2. http://www.pageassume.lease/offer.php?id=226&sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Page URL
3. http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Show response www.pageassume.lease/wjajoutxqi/gsalcx834457xgml/xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/	1 KB 1 KB	131ms 113ms	Document text/html	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/wjajoutxqi/gsalcx834457xgml/xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.3.25 Resource Hash f102c0e6897e494fd4e883a58fff09b4581293716d046dd2bb1c9c5cf3544fb5 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Mon, 08 Nov 2021 04:50:21 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive x-powered-by PHP/7.3.25 CF-Cache-Status DYNAMIC Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZY67PN%2BIuWKd023OtuitcmXB%2B8aSyEIEmdd3IVXSxoIgvbYZCCU4Pk5Hk83bFLUuUBWs564t3P4q18WPRuXYrAc1uc6A2Ci%2Fl6KKo3q3yu4wZTYqGh4OqJXHDACLsHAyXHmwkG8VjWx5qGBc8%2FHA%2Fwm9yA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 6aac2e165b294abd-FRA Content-Encoding gzip alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H/1.1	200 OK	jquery-1.11.0.min.js Show response www.pageassume.lease/	94 KB 33 KB	21ms 21ms	Script application/javascript	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/jquery-1.11.0.min.js Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/wjajoutxqi/gsalcx834457xgml/xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/wjajoutxqi/gsalcx834457xgml/xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Mon, 08 Nov 2021 04:50:21 GMT Content-Encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 5400 Transfer-Encoding chunked Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Wed, 15 Jun 2016 01:14:34 GMT Server cloudflare etag W/"5760abfa-1787d" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T4192bDKm086hv2AWKAyKD2kXQ6TyAvpL%2BaWCP6waUI1v12r3wwoD2RFXHwLboiXmFIgRCnSejOFhTELOEY1jD3DL5MuCBAlWOeuMyCJhC9toGMTWrY5z17m1SJ2%2F3gYsQbv1NEuKLVwUTl9oLuAr1KSLg%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type application/javascript Cache-Control max-age=14400 CF-RAY 6aac2e172c034abd-FRA
GET		js www.googletagmanager.com/gtag/	0 0
GET H/1.1	200 OK	offer.php Show response www.pageassume.lease/	428 B 1 KB	108ms 107ms	Document text/html	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/offer.php?id=226&sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/wjajoutxqi/gsalcx834457xgml/xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.3.25 Resource Hash 9222ba270cc750432eaa55b09c29926c5420dd102380f355ab1fc34bb0e49f16 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/wjajoutxqi/gsalcx834457xgml/xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive x-powered-by PHP/7.3.25 CF-Cache-Status DYNAMIC Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FCgfkO4bhnDghR6yFMH3CtrGYn0HyQB56zSSSck31WYktK8OXfAW8I5r%2B8SMdfGZfO1LfShJg9NeY8cPjqveweAnudYUcwixXfiwXmrN2OuGkZnjXSBPzF3PHP%2Fy8l7m4HLXecgWkJXb4aIAy9l0QVMfGQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 6aac2e176c584abd-FRA Content-Encoding gzip alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H/1.1	200 OK	Primary Request ColdSleepbot.php Show response www.pageassume.lease/clicks/chapter3/	6 KB 2 KB	183ms 182ms	Document text/html	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.3.25 Resource Hash 3efa403c97883fb737c82d36f19156341b8b668cd8a5aaa94269a9afa5827ee7 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/offer.php?id=226&sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive x-powered-by PHP/7.3.25 CF-Cache-Status DYNAMIC Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lNfYDxya4RLrKotUncXicM%2Bafum1VdK7r5%2BMOjgjuhg3UJ2hzrFzKq%2FAQ0q2bsx9OkQIDRh3hIyAynQU0G8iGEx7zcqij2d4Fy2Xb3RRi827Gowaa4ZlPomLywnzcf%2FLoVTBjlMxgfFUnX24A%2Fd4QgPcyw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 6aac2e183d1e4abd-FRA Content-Encoding gzip alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H/1.1	200 OK	bootstrap.css www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/	118 KB 20 KB	17ms 17ms	Stylesheet text/css	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/bootstrap.css Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d3e8d733d0be3d1c499c02d5494b2cc2badb0b26fedab3e31906f0c2e981e3d6 Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 5375 Transfer-Encoding chunked Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Thu, 04 Nov 2021 20:42:08 GMT Server cloudflare etag W/"618445a0-1d97f" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Q1iM2E6NqBTYkL8dob1ngSUpETMzrZGvxvYROzyBTdUbfw7s3JOZvaba6LUeMo7118rjHOJ7vO%2FdY%2BfDL%2FUJFmzjeLxXBp6VSNRKcWNEzI4eOlMPuFCBwHJTEJnV6D4X3ziEvR6YKXlPE1zjGFqal09pA%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/css Cache-Control max-age=14400 CF-RAY 6aac2e196e494abd-FRA
GET H/1.1	200 OK	jquery.js Show response www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/	85 KB 30 KB	34ms 27ms	Script application/javascript	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/jquery.js Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 5398 Transfer-Encoding chunked Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Thu, 04 Nov 2021 20:42:08 GMT Server cloudflare etag W/"618445a0-1538f" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=75oactxTEuW%2BIashyBP7Ac2yYk1Zj3hpTgd8UhRHC6yTKD7wRjWt4SWsgiT6F5Z3E8s6fBodC9zAkyByjcfWbRxadQKfDvOnxQC9N%2FB1agGZuQowmp9tZ3fr8T8wqOFlvnGlCIXIMO1tPKFkCSiyVdjIuA%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type application/javascript Cache-Control max-age=14400 CF-RAY 6aac2e197c54c290-FRA
GET H/1.1	200 OK	bootstrap.js Show response www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/	36 KB 10 KB	28ms 21ms	Script application/javascript	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/bootstrap.js Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 5397 Transfer-Encoding chunked Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Thu, 04 Nov 2021 20:42:08 GMT Server cloudflare etag W/"618445a0-90b5" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2FOWdHBTMuhk1TlVR%2FXbUQNYnZkG3uHaO0WbbF%2BGBkz%2BtyITHRHTXbaqX3s33UdIr54XLR8Bx3c6sHxntZvcH844YuJqHGMH%2F%2FJYEuF05RwPJM%2FGt%2B%2FKGptS2Q8w2X6KibwDyUvU7MJyGbSuz6fNTtN%2B7Q%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type application/javascript Cache-Control max-age=14400 CF-RAY 6aac2e197c6f4a8c-FRA
GET H/1.1	200 OK	blank.html Show response www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/ Frame 233E	1 KB 1 KB	154ms 154ms	Document text/html	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank.html Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e275aaeeefc32c9aebbebc0a382c5b337fcd824c342c69e74a27ad08f7a98bc0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive last-modified Thu, 04 Nov 2021 20:42:08 GMT CF-Cache-Status DYNAMIC Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EiEQ%2FmVOqOpwQMwA4iMoYK%2BTesM4c20CoqZe41aoDdDKb1nyTV%2FTK9ivDfNmPfBTsrh9ORVm7cCax9cJP%2BeSmO8TZl%2F36l2CQ8bUIRYxkWxSX0vACipYN2jZ0mWQa9tZBWGSXf5tNFRg3gnHZTi%2FLMPRJQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 6aac2e19cc98c290-FRA Content-Encoding gzip alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H/1.1	200 OK	blank_002.html Show response www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/ Frame 3189	1 KB 1 KB	104ms 104ms	Document text/html	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_002.html Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f46f9d349d0ff48f0ccedad5ad17a90a16f37c5d598a860093c013605248f4dd Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive last-modified Thu, 04 Nov 2021 20:42:08 GMT CF-Cache-Status DYNAMIC Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=inj7yAMNWxmxhSH6i0uEhUQyZFruNyAmPhyPQ3WqBCdisn27LCmZPpYkCsJIuar%2FbOIJZ%2Fb5YCeOGE9EBnedzfTO%2BQiajXSO0LkTOPQxRL%2Ft4xrb3PwUAGWOEdg%2BYhgI7WFJYtbkVx1vABd2knoUz%2FWWuA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 6aac2e19cccf4a8c-FRA Content-Encoding gzip alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H/1.1	200 OK	blank_003.html Show response www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/ Frame CF34	1 KB 1 KB	97ms 97ms	Document text/html	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_003.html Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5ac2aee2d8bb558d7b534a2627dead6e4c158cc93e06660d82a39b56f7b07840 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive last-modified Thu, 04 Nov 2021 20:42:08 GMT CF-Cache-Status DYNAMIC Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=08xiMXS7rk8Jh41YAiQs5m6myPifb95kWCz7%2B%2BCGZ68fMnr2%2B6alFTf8aCcUDFXJbSXOTy5kKJ595fcpLDVF4b1OPgJ7YI34bBxgM%2Fw1gNYom9jZzVBAcjz4oCaIirhcn0X63fiA3VjuSPMY89duONag7g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 6aac2e19cea44abd-FRA Content-Encoding gzip alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H/1.1	200 OK	blank_004.html Show response www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/ Frame D105	1 KB 1 KB	191ms 183ms	Document text/html	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_004.html Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2f8fa2d544af55ba626466547386195d4e93203e501e7e67a0801aea9bf98f20 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive last-modified Thu, 04 Nov 2021 20:42:08 GMT CF-Cache-Status DYNAMIC Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VPVXW9bTfRTftxXfM%2Bihnfu9TmTNSpdC2LhWdbzI3LjBeHy%2BssAzhRYt5LIVKwv59kS2yKwO9xpdXt2CHdyYWxDSNiyNWsgNwVZ13TeoJdMgNsy3LCdZc9pkn0giUEQQSHER8wdotXhRGaXYZdVpU%2BaJjg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 6aac2e19dfa605fd-FRA Content-Encoding gzip alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H/1.1	200 OK	blank_005.html Show response www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/ Frame C1E7	1 KB 1 KB	123ms 116ms	Document text/html	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_005.html Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fc06d2dc98997192f2bee82e35a2aabdc01d953ab00be71290290025b6bc58f8 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive last-modified Thu, 04 Nov 2021 20:42:08 GMT CF-Cache-Status DYNAMIC Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nFLBgpnCmeBNrvI4kNvOrZTsYaurTyBW3UUDKBmo6UTMbq86vy1othzhrVNBC6RLAy9U%2BgeUY9GzP1pEDj3Co4tU8SGK9ISGhQWQXweA5wRD%2BBbgdWAL%2FrwsCz1xBaIVeMNZcf3vRgtITytypE%2B8j5SOdA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 6aac2e19dade3240-FRA Content-Encoding gzip alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H/1.1	200 OK	a.html Show response www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/ Frame 6167	108 B 863 B	134ms 128ms	Document text/html	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/a.html Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ad3cc24a66bae714bcb1536ba2be070d636f61bbdfedf1e66de4d2a610a4f9e1 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive last-modified Thu, 04 Nov 2021 20:42:08 GMT CF-Cache-Status DYNAMIC Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pxcPjrd%2BK92iStsaZqe7mP9fwcwqxM8t5rfjm%2FN%2FkR4mWv4aDaoRvl0d66MuTm3J%2BpZnVU%2FDRLfjag28tWpvxgq5mN8aOwe3NYMEPCbpBUEw0B7yhwqXaEHStK6Kcj6UqAPJdBD0XW7tslfHbkvXq5fmNQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 6aac2e19dedcc2a4-FRA Content-Encoding gzip alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H/1.1	200 OK	a_002.html Show response www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/ Frame D806	108 B 871 B	319ms 225ms	Document text/html	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/a_002.html Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ad3cc24a66bae714bcb1536ba2be070d636f61bbdfedf1e66de4d2a610a4f9e1 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive last-modified Thu, 04 Nov 2021 20:42:08 GMT CF-Cache-Status DYNAMIC Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OrpfbN%2B%2F4iCee9X%2FI3HxO2%2Fxg2tmq5PxBcSI1f%2BmVMJ2a3nYv5QYJH8URFiYOtPgiPCMKyoHFHw5wVym1E9V5yRaouzrOZ7mIiZ3LYkRqdBMUDa111VMW%2BNHPZrtQfND3IyZU%2Bes36d9CNFW%2F%2FheeIFDCg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 6aac2e1a6f324abd-FRA Content-Encoding gzip alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H/1.1	200 OK	a_003.html Show response www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/ Frame 6ACB	108 B 857 B	227ms 128ms	Document text/html	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/a_003.html Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ad3cc24a66bae714bcb1536ba2be070d636f61bbdfedf1e66de4d2a610a4f9e1 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive last-modified Thu, 04 Nov 2021 20:42:08 GMT CF-Cache-Status DYNAMIC Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4uV8X0KGhrChLMskfQ4dvwXyEeUL4GxDfSmkS1E2ixdoN4gCFTjGYDXGFz4sKcxc1FyJotYBrCNR6Vlodb%2FBx44Zk5kZg1%2FMcEEEmXX58st0pyO2GWawBxZJZAtDyaKUB8jaNK5Ca9sBEftXRXmbavsXwQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 6aac2e1a6d5a4a8c-FRA Content-Encoding gzip alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H/1.1	200 OK	a_004.html Show response www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/ Frame 9197	108 B 857 B	239ms 119ms	Document text/html	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/a_004.html Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ad3cc24a66bae714bcb1536ba2be070d636f61bbdfedf1e66de4d2a610a4f9e1 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive last-modified Thu, 04 Nov 2021 20:42:08 GMT CF-Cache-Status DYNAMIC Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7TrFeWlKTEWpNzoJZ2PyoPkgg3Fsf7PgAOQsWQKlZOi%2FzTO%2Bk0sPLczeDMUMdXN3KahtNg6hMuEeIpsguVUSFPV4XBGXxie8bJRnLTIwZfw99auvQcnkIXIV4YAcFW6YpeZPvejZp4z0tkLo6FKO10g31A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 6aac2e1a8b513240-FRA Content-Encoding gzip alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H/1.1	200 OK	ColdSleepbot_files.PNG www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/	425 KB 425 KB	190ms 19ms	Image image/png	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/ColdSleepbot_files.PNG Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8980c7a19b25435c3b11e20ee02c7f62671518fc75c83067c2dafff2230cc1ec Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot.php?sid=933617&h=xtipi1nJkvizGqI7rZjCPdD5G64NJnIPD1RgMlo8pzg/3Rw_S8ZTN8Dr4w6UxbhvNzktrL9hxcEew156EMGTr-213ThViecISkbostjYP5pHmNYr_p1snh6chHQNHMHkdclM_kJrhQenKOOHrfIlx9CTvbkX-lCKaUs_UQUK6Rqj User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Mon, 08 Nov 2021 04:50:22 GMT CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 5375 Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Content-Length 434895 last-modified Thu, 04 Nov 2021 20:42:08 GMT Server cloudflare etag "618445a0-6a2cf" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JjTZ9X3OFTCnZfHzoS7aON3%2Fwe5yXTQSxsmAUBIMtOfn9iHgb3aauVKi48n5JlIiLHx8oJKUG3qywO63eGIMFyYbWMvoKlB%2BlNKeTyEgBVVfd19pvOO%2FfHEHY%2F7FgVM4k1Ea1U1CZY6jYG68UF8N05ol4Q%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type image/png Cache-Control max-age=14400 Accept-Ranges bytes CF-RAY 6aac2e1aed90c290-FRA
GET H/1.1	200 OK	inject.css www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_003_data/ Frame CF34	4 KB 2 KB	37ms 12ms	Stylesheet text/css	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_003_data/inject.css Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_003.html Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0fcb9630248f525a2dc403f5d88ad721b941306c1540dbed57a9e046b7a6ea6b Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_003.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 5374 Transfer-Encoding chunked Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Thu, 04 Nov 2021 20:42:08 GMT Server cloudflare etag W/"618445a0-f28" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZAvoGh1g%2FmUZB2z9RjCGuU%2F4HdTgyzTKD24b2djIXhkGpiD2rkizkAPbSDGvRrRT5YUVdBvgo8pprFWq5E9bF8F8ciLRsFol2jlVKSuTfMd4xpKP%2B%2FVljAI5kmq%2FMpaYI1p6sO0zcLx%2B%2Baob73Axe4IdlQ%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/css Cache-Control max-age=14400 CF-RAY 6aac2e1aaf49c2a4-FRA
GET H/1.1	200 OK	inject.css www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_002_data/ Frame 3189	4 KB 2 KB	55ms 17ms	Stylesheet text/css	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_002_data/inject.css Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_002.html Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0fcb9630248f525a2dc403f5d88ad721b941306c1540dbed57a9e046b7a6ea6b Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_002.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 5374 Transfer-Encoding chunked Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Thu, 04 Nov 2021 20:42:08 GMT Server cloudflare etag W/"618445a0-f28" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l1VXV81xXqaogVlK77AdW8Mm4KSUW%2FApT7FYUZSISQs2Y9JVzyeLXyzPt%2BjmAfogkolmY15PmHMOsEjOcCDxVZ%2FVHLEnMCbpknrymCrdCBWseh9cmiU7wVxgg9480vq6pYVKOeGqQM%2BRyMRuI%2FEpjz0Bkw%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/css Cache-Control max-age=14400 CF-RAY 6aac2e1abf59c2a4-FRA
GET H/1.1	200 OK	inject.css www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_005_data/ Frame C1E7	4 KB 2 KB	39ms 20ms	Stylesheet text/css	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_005_data/inject.css Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_005.html Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0fcb9630248f525a2dc403f5d88ad721b941306c1540dbed57a9e046b7a6ea6b Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_005.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 5374 Transfer-Encoding chunked Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Thu, 04 Nov 2021 20:42:08 GMT Server cloudflare etag W/"618445a0-f28" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QJyofHHmWxLt8b%2Famup6u1JCYT68%2FU7fU8rgeZVOcIKE6TlENTjpBW85uQJQHqgVBJ%2BnMdxRIa1VtXvLqZqVxzH3rEZ5v75PH2rDwTBm6a6HaY%2Fs3lf%2Fe%2Ff4JroRLI4S4bcIecVfT0tsfoqEHH8qF2D%2BFQ%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/css Cache-Control max-age=14400 CF-RAY 6aac2e1abd6bc290-FRA
GET H/1.1	200 OK	inject.css www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_data/ Frame 233E	4 KB 2 KB	28ms 23ms	Stylesheet text/css	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_data/inject.css Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank.html Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0fcb9630248f525a2dc403f5d88ad721b941306c1540dbed57a9e046b7a6ea6b Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 5374 Transfer-Encoding chunked Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Thu, 04 Nov 2021 20:42:08 GMT Server cloudflare etag W/"618445a0-f28" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rfq%2FZM1VDeDLLr3RoH%2FDeF3guCJ77BMnixT%2B2UpuwdYeFJ%2B8Gpoal%2BRrxv3FXa4%2B5oTZUz%2BeTKdeoOX8TURJROlrEl9vohTRIMZ4pb5tbpzXxufBiQ6ynV9jNQTzedxcHv0YfFUBD2jKTYGWKLZEngVGfg%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/css Cache-Control max-age=14400 CF-RAY 6aac2e1adf69c2a4-FRA
GET H/1.1	200 OK	inject.css www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_004_data/ Frame D105	4 KB 2 KB	35ms 35ms	Stylesheet text/css	2606:4700:3036::ac43:95b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_004_data/inject.css Requested by Host: www.pageassume.lease URL: http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_004.html Protocol HTTP/1.1 Server 2606:4700:3036::ac43:95b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0fcb9630248f525a2dc403f5d88ad721b941306c1540dbed57a9e046b7a6ea6b Request headers Accept-Language de-DE,de;q=0.9 Referer http://www.pageassume.lease/clicks/chapter3/ColdSleepbot_files/blank_004.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Mon, 08 Nov 2021 04:50:22 GMT Content-Encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 5374 Transfer-Encoding chunked Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Thu, 04 Nov 2021 20:42:08 GMT Server cloudflare etag W/"618445a0-f28" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hvbQ1cNXMb7Tn6nys%2BZLL3bW%2Fo72JOeHpwhZkk4D1cXDJA8ffFFtttKH9fZynp%2F5NZS%2Fz82lkhkzoKOFR%2BErPNIQ9cni4HLS3ol49eLNN2Q8ppzuolpmWFbRy376%2B0hYoPPWGEkq%2B5VTOnuNtnRaogDe9A%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/css Cache-Control max-age=14400 CF-RAY 6aac2e1b08cf05fd-FRA

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

www.googletagmanager.com

URL

https://www.googletagmanager.com/gtag/js?id=UA-22484186-3

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.googletagmanager.com
www.pageassume.lease
www.googletagmanager.com
2606:4700:3036::ac43:95b7
0fcb9630248f525a2dc403f5d88ad721b941306c1540dbed57a9e046b7a6ea6b
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2f8fa2d544af55ba626466547386195d4e93203e501e7e67a0801aea9bf98f20
3efa403c97883fb737c82d36f19156341b8b668cd8a5aaa94269a9afa5827ee7
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5ac2aee2d8bb558d7b534a2627dead6e4c158cc93e06660d82a39b56f7b07840
8980c7a19b25435c3b11e20ee02c7f62671518fc75c83067c2dafff2230cc1ec
9222ba270cc750432eaa55b09c29926c5420dd102380f355ab1fc34bb0e49f16
ad3cc24a66bae714bcb1536ba2be070d636f61bbdfedf1e66de4d2a610a4f9e1
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
d3e8d733d0be3d1c499c02d5494b2cc2badb0b26fedab3e31906f0c2e981e3d6
e275aaeeefc32c9aebbebc0a382c5b337fcd824c342c69e74a27ad08f7a98bc0
f102c0e6897e494fd4e883a58fff09b4581293716d046dd2bb1c9c5cf3544fb5
f46f9d349d0ff48f0ccedad5ad17a90a16f37c5d598a860093c013605248f4dd
fc06d2dc98997192f2bee82e35a2aabdc01d953ab00be71290290025b6bc58f8